Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Oracle Official New Released 1z0-881
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/1z0-881.html
Oracle Solaris 10 Security Administrator Certified Expert Exam
Question No: 11 – (Topic 1)
Solaris Auditing supports the selective logging of which two kinds of events? (Choose two.)
-
file access by selected users
-
access to selected files by all users
-
selected users making outbound network connections
-
password changes which do not meet the system password policy
Answer: A,C
Question No: 12 – (Topic 1)
A security administrator creates a directory called prevoy with the following access control policy: $ getfacl prevoy # file: prevoy # owner:
secadm # group: secadm user::rwx group::r-x #effective:r-x mask:r-x other:r-x
default:user::r- default:user:
sysadm:rw- default:group::r- default:group:sysadm:rw- default:mask:rwx default:other:– Into this directory, the security administrator creates a file called secrets. The ls command reports the following for the prevoy directory and secrets file: $ ls -ld . secrets drwxr-xr-x 2 secadm secadm 512 Jun 6 16:38 . -r-r— 1 secadm secadm
0 Jun 6 16:38 secrets Which two actions can be successfully taken by the sysadm role? (Choose two.)
-
The sysadm role can read the secrets file.
-
The sysadm role can write to the secrets file.
-
The sysadm role can remove the secrets file.
-
The sysadm role can create new files under the prevoy directory.
-
The sysadm role can change the Access Control Lists of the prevoy directory.
Answer: A,B
Question No: 13 – (Topic 1)
The /etc/default/passwd file contains a number of configuration parameters that can be used to constrain the character composition of user passwords. What is one of the dangers of having password composition too tightly constrained?
-
Password complexity rules apply only to the English alphabet.
-
The entropy of the resulting password strings will be very high.
-
Duplication of encrypted user password strings is much more likely.
-
Limited password value possibilities can simplify brute force attacks.
-
Passwords are harder to compute when using many character classes.
Answer: D
Question No: 14 – (Topic 1)
Which two commands are part of Sun Update Connection? (Choose two.)
-
/usr/bin/pkgadm
-
/usr/bin/keytool
-
/usr/sbin/smpatch
-
/usr/sbin/patchadd
-
/usr/bin/updatemanager
Answer: C,E
Question No: 15 – (Topic 1)
To harden a newly installed Solaris OS, an administrator is required to make sure that syslogd is configured to NOT accept messages from the network. Which supported method can be used to configure syslogd like this?
-
Run svcadm disable -t svc:/network/system-log.
-
Edit /etc/default/syslogd to set LOG_FROM_REMOTE=NO.
-
Edit /etc/rc2.d/S74syslog to start syslogd with the -t option.
-
Edit /lib/svc/method/system-log to set LOG_FROM_REMOTE=NO.
Answer: B
Question No: 16 – (Topic 1)
Which are two advantages of the Service Management Facility compared to the init.d startup scripts? (Choose two.)
-
It restarts processes if they die.
-
It handles service dependencies.
-
It has methods to start and stop the service.
-
It specifies what the system should do at each run level.
Answer: A,B
Question No: 17 – (Topic 1)
You have been asked to implement defense in depth for network access to a system, where a web server will be running on an Internet-facing network interface. Which is NOT
contributing to the defense in depth?
-
running the web server in a zone
-
using svcadm to disable unused services
-
using IP Filter to limit which network ports can be accessed from the Internet
-
using VLANs on a single network interface instead of using multiple network interfaces
-
using TCP wrappers to limit from which system SSH be used to connect to the system
Answer: D
Question No: 18 – (Topic 1)
A new security related patch has been released for the Solaris OS. This patch needs to be applied to the system that functions as your web server. The web server is configured to run in a non-global zone. Can you just use patch add to apply the patch to the global zone to update the web server zone?
-
No, you need to shut down the web server zone first.
-
Yes, patches will be automatically applied to all zones.
-
No, you need to apply the patch to the web server zone separately.
-
Yes, but you must make sure that the web server zone is booted first.
Answer: B
Question No: 19 – (Topic 1)
You decided it was worth maintaining an extremely paranoid policy when configuring your firewall rules. Therefore, you had your management approve the implementation of a security policy stance to deny all inbound connection requests to your corporate network. How is it possible that you still suffer from remote exploits that your adversaries are using to obtain interactive sessions inside your firewall?
-
TCP splicing is easy to do.
-
Internal software may be vulnerable.
-
UDP vulnerabilities are well-known and exploited.
-
ICMP hijacking attacks can still succeed through any firewall.
Answer: B
Question No: 20 – (Topic 1)
You have been asked to grant the user ennovy, a member of the staff group, read and write access to the file /app/notes which has the following properties: ls -l /app/notes -rw- rw– 1 root app 0 Jun 6 15:11 /app/notes Which options will NOT grant the user the ability to read and write the file?
-
usermod -G app ennovy
-
setfacl -m user:ennovy:rw- /app/notes
-
setfacl -m group:staff:rw- /app/notes
-
usermod -K defaultpriv=basic,file_dac_read,file_dac_write ennovy
Answer: D
100% Ensurepass Free Download!
–Download Free Demo:1z0-881 Demo PDF
100% Ensurepass Free Guaranteed!
–1z0-881 Dumps
EnsurePass | ExamCollection | Testking | |
---|---|---|---|
Lowest Price Guarantee | Yes | No | No |
Up-to-Dated | Yes | No | No |
Real Questions | Yes | No | No |
Explanation | Yes | No | No |
PDF VCE | Yes | No | No |
Free VCE Simulator | Yes | No | No |
Instant Download | Yes | No | No |
100-105 Dumps VCE PDF
200-105 Dumps VCE PDF
300-101 Dumps VCE PDF
300-115 Dumps VCE PDF
300-135 Dumps VCE PDF
300-320 Dumps VCE PDF
400-101 Dumps VCE PDF
640-911 Dumps VCE PDF
640-916 Dumps VCE PDF
70-410 Dumps VCE PDF
70-411 Dumps VCE PDF
70-412 Dumps VCE PDF
70-413 Dumps VCE PDF
70-414 Dumps VCE PDF
70-417 Dumps VCE PDF
70-461 Dumps VCE PDF
70-462 Dumps VCE PDF
70-463 Dumps VCE PDF
70-464 Dumps VCE PDF
70-465 Dumps VCE PDF
70-480 Dumps VCE PDF
70-483 Dumps VCE PDF
70-486 Dumps VCE PDF
70-487 Dumps VCE PDF
220-901 Dumps VCE PDF
220-902 Dumps VCE PDF
N10-006 Dumps VCE PDF
SY0-401 Dumps VCE PDF