Questions for the 1Z0-820 were updated on : Sep 08 ,2024
Identify the two security features incorporated in the Oracle Solaris 11 Cryptographic Framework.
D, E
Explanation:
The framework enables providers of cryptographic services to have their services used by many
consumers in the Oracle Solaris operating system. Another name for providers is plugins. The
framework allows three types of plugins:
* User-level plugins - Shared objects that provide services by using PKCS #11 libraries, such as
pkcs11_softtoken.so.1.
* Kernel-level plugins - Kernel modules that provide implementations of cryptographic algorithms in
software, such as AES.
Many of the algorithms in the framework are optimized for x86 with the SSE2 instruction set and for
SPARC hardware.
* Hardware plugins - Device drivers and their associated hardware accelerators. The Niagara chips,
the ncp and n2cp device drivers, are one example. A hardware accelerator offloads expensive
cryptographic functions from the operating system. The Sun Crypto Accelerator 6000 board is one
example.
Reference: Oracle Solaris Cryptographic Framework
http://docs.oracle.com/cd/E19963-01/html/821-1456/scf-10.html
Review the ZFS dataset output that is displayed on your system:
Which four correctly describe the output?
A, C, E, G
Explanation:
A: + Indicates the file/directory was added in the later dataset
C: R Indicates the file/directory was renamed in the later dataset
E: - Indicates the file/directory was removed in the later dataset
G: M Indicates the file/directory was modified in the later dataset
Note: Identifying ZFS Snapshot Differences (zfs diff)
You can determine ZFS snapshot differences by using the zfs diff command.
The following table summarizes the file or directory changes that are identified by the zfs diff
command.
File or Directory Change Identifier
* File or directory is modified or file or directory link changed
M
* File or directory is present in the older snapshot but not in the newer snapshot
* File or directory is present in the newer snapshot but not in the older snapshot
+
* File or directory is renamed
R
Which five statements describe options available for installing the Oracle Solaris 11operating system
using the installation media?
BCDEF
Explanation:
A: If the network is setup to perform automated installations, you can perform a text installation over
the network by setting up an install service on the network and selecting a text installation when the
client system boots.
B: After a fresh install of Solaris 11 express, only the console mode is activated.
To add Gnome, simply do :
$ sudo pkg install slim_install
This will install additional packages that are not installed by default.
D: The text installer advantages over the GUI installer include:
* In addition to modifying partitions, the text installer enables you to create and modify VTOC slices
within the Solaris partition.
F: How do I upgrade my Solaris 10 or lower systems to Solaris 11?
Unfortunately, you CAN'T. There is no direct upgrade installer or other tool that will allow you to
upgrade from earlier releases of Solaris to Solaris 11. This is primarily due to the vast changes in the
packaging mechanism in Solaris 10.
Incorrect answers:
E: Both installers can be used to install Oracle Solaris on the x86 platform. The text installer can also
be used to install Oracle Solaris on the SPARC platform.
G: Both installers enable you to select, create, or modify disk partitions during an installation.
H: Both installers can be used to install Oracle Solaris on the x86 platform. The text installer can also
be used to install Oracle Solaris on the SPARC platform.
Reference: Oracle Solaris 11 Information Library, Comparing Installation Options
When setting up Automated Installer (AI) clients, an interactive tool can be used to generate a
custom system configuration profile. The profile will specify the time zone, data and time, user and
root accounts, and name services used for an AI client installation. This interactive tool will prompt
you to enter the client information and an SC profile (XML) will be created.
Which interactive tool can be used to generate this question configuration?
B
Explanation:
Use the installadm set-criteria command to update the client criteria associated with an AI manifest
that you already added to a service using installadm add-manifest.
Use the installadm add-manifest command to add a custom AI manifest to an install service.
The value of manifest is a full path and file name with .xml extension. The manifest file contains an AI
manifest (installation instructions). The manifest file can also reference or embed an SC manifest
(system configuration instructions).
Incorrect answers:
A: The sys-unconfig command is used to restore a system's configuration to
an "as-manufactured" state, ready to be reconfigured again.
C: You can use the sysconfig create-profile command to create a new system configuration profile.
Thesysconfigcommand affects all functional groupings in the Solaris instance.
D: Use the installadm create-profile command to add a system configuration profile to an install
service. The create-profile subcommand validates profiles before adding them to the install service.
Specify criteria so that appropriate clients select that configuration profile. If no criteria are specified,
all clients use this profile.
Review the zonestat command:
zonestate - q physical - memory -R high -z -p -p zones 10 24h 60m
Select the option that correctly describes the information that is displayed by this command.
D
Explanation:
* (Not A, B, C): interval (here 10 seconds): Specifies the length in seconds to pause between each
interval report.
* duration (here 24 h)
* -R report[,report] (here high)
Print a summary report.
high Print a summary report detailing the highest usage of each resource and zone during any
interval of thezonestatutility invocation.
Note: The zonestat utility reports on the cpu, memory, and resource control utilization of the
currently running zones. Each zone's utilization is reported both as a percentage of system resources
and the zone's configured limits.
The zonestat utility prints a series of interval reports at the specified interval. It optionally also prints
one or more summary reports at a specified interval.
The default output is a summary of cpu, physical, and virtual memory utilization. The -r option can be
used to choose detailed output for specific resources.
You are configuring NFS on a server. Select the two statements that are true.
A, C
Explanation:
A: ZFS can automatically share file systems by setting the sharenfs property. Using this property, you
do not have to modify the /etc/dfs/dfstab file when a new file system is shared. The sharenfs
property is a comma-separated list of options to pass to the share command. The value on is an alias
for the default share options, which provides read/write permissions to anyone. The value off
indicates that the file system is not managed by ZFS and can be shared through traditional means,
such as the /etc/dfs/dfstab file. All file systems whose sharenfs property is not off are shared during
boot.
Incorrect answers:
D: A share can define options for both NFS and SMB sharing.
You have already generated a 256-bit AES raw key and named the keystore file /mykey. You need to
use the key to create an encrypted file system.
Which command should you use to create a ZFS encrypted file system named pool1/encrypt using
the /mykey keystore?
B
Explanation:
Example: Encrypting a ZFS File System by Using a Raw Key
In the following example, an aes-256-ccm encryption key is generated by using the pktool command
and is written to a file, /cindykey.file.
# pktool genkey keystore=file outkey=/cindykey.file keytype=aes keylen=256
Then, the /cindykey.file is specified when the tank/home/cindy file system is created.
# zfs create -o encryption=aes-256-ccm -o keysource=raw,file:///cindykey.file tank/home/cindys
Reference: Oracle Solaris ZFS Administration Guide, Examples of Encrypting ZFS File Systems
You need to set up an Oracle Solaris 11 host as an iSCSI target so that the host's disk can be accessed
over a storage network. The disk device is c3t4d0.
Which six options describe the steps that need to be taken on this host to enable an iSCSI target?
B, C, D, F, H, I
Explanation:
How to Create an iSCSI LUN
The following steps are completed on the system that is providing the storage device.
1.Create a ZFS storage pool.
Example: target# zpool create sanpool mirror c2t3d0 c2t4d0
(C)2. Create a ZFS volume to be used as a SCSI LUN.
(D)3. Create a LUN for the ZFS volume.
Example:
target# stmfadm create-lu /dev/zvol/rdsk/sanpool/vol1
Logical unit created: 600144F0B5418B0000004DDAC7C10001
4. Confirm that the LUN has been created.
Example
target# stmfadm list-lu
LU Name: 600144F0B5418B0000004DDAC7C10001
(F) 5. Add the LUN view.
This command makes the LUN accessible to all systems.
target# stmfadm add-view 600144F0B5418B0000004DDAC7C10001
How to Create the iSCSI Target
This procedure assumes that you are logged in to the local system will contains the iSCSI target.
Note: The stmfadm command manages SCSI LUNs. Rather than setting a special iSCSI property on the
ZFS volume, create the volume and use stmfadm to create the LUN.
(H) 1. Enable the iSCSI target service.
target# svcadm enable -r svc:/network/iscsi/target:default
(I) 2. Create the iSCSI target.
target# itadm create-target
Reference: Oracle Solaris Administration: Devices and File Systems, Configuring iSCSI Devices With
COMSTAR
Identify the Automated Installer’s (AI) equivalent to jumpStart’s finish scripts and sysidcfg files.
B
Explanation:
ComparingsysidcfgFile Keywords to System Configuration Profile Directives
The following table comparessysidcfgfile keywords with example AI system configuration profile
specifications.
sysidcfgFile Keyword
System Configuration Profile Directives
Etc.
Reference: http://docs.oracle.com/cd/E23824_01/html/E21799/config-1.html
You need to update an OS image on a client. The pkg publishers command displays the wrong
publisher with the wrong update:
PUBLISHER
TYPE
STATUS URI
Solaris
origin
online
http://pkg.oracle.com/solaris/release
The update is available on the updated publisher:
PUBLISHER
TYPE
STATUS URI
Solaris
origin
online
http://sysA.example.com
Select the option that describes the procedure used to update the OS image on the system from the
updated publisher.
C
Explanation:
You can use the pkg set-publisher command to change a publisher URI.
Changing a Publisher Origin URI
To change the origin URI for a publisher, add the new URI and remove the old URI. Use the -g option
to add a new origin URI. Use the -G option to remove the old origin URI.
# pkg set-publisher -g http://pkg.example.com/support \
-G <http://pkg.example.com/release example.com>
Note: You can use either the install or update subcommand to update a package.
The install subcommand installs the package if the package is not already installed in the image. If
you want to be sure to update only packages that are already installed, and not install any new
packages, then use the update subcommand.
Reference: Oracle Solaris 11 Express Image Packaging System Guide, Managing Package Publishers
alice is a user account used by Alice on a Solaris 11 system.
sadmin is a role account on the same system.
Your task is to add the command /usr/sbin/cryptoadm to the Network management profile, so that
Alice can execute it, while assuming the sadmin role.
Select the three activities necessary to accomplish this.
C, D, G
Explanation:
C: /etc/security/exec_attr is a local database that specifies
the execution attributes associated with profiles. The
exec_attr file can be used with other sources for execution
profiles, including the exec_attr NIS map and NIS+ table.
A profile is a logical grouping of authorizations and com-
mands that is interpreted by a profile shell to form a
secure execution environment.
Incorrect answers:
A: etc/security/prof_attr is a local source for execution profile names, descriptions, and other
attributes of execution profiles. The prof_attr file can be used with other profile sources, including
the prof_attr NIS map.
B: /etc/security/auth_attr is a local source for authorization names and descriptions. The auth_attr
file can be used with other authorization sources, including the auth_attr NIS map and NIS+ table.
An authorization is a right assigned to users that is checked by certain privileged programs to
determine whether users can execute restricted functionality.
Reference: man exec_attr
Select the two statements that correctly describe the operation of NWAM.
A, D
Explanation:
A: Conditional and system locations can be manually
activated, which means that the location remains active until explicitly disabled.
D: A location comprises certain elements of a network configuration, for example a name service
and firewall settings, that are applied together, when required. You can create multiple locations
for various uses. For example, one location can be used when you are connected at the office by
using the company intranet. Another location can be used at home when you are connected to
the public Internet by using a wireless access point. Locations can be activated manually or
automatically, according to environmental conditions, such as the IP address that is obtained
by a network connection.
Incorrect answers:
Note: The Network Auto-Magic (NWAM) feature simplifies basic network configuration by
automatically addressing basic Ethernet and WiFi configurations, such as connecting to your wired or
wireless network at startup and displaying notifications about the status of your currently active
network connection from the desktop. NWAM is also designed to simplify some of the more complex
networking tasks, such as the creation and management of system-wide network profiles, for
example, the configuration of name services, IP Filter and IP Security (IPsec).
Reference: Oracle Solaris Administration: Network Interfaces and NetworkVirtualization, Activating
and Deactivating Profiles
Reference: Oracle Solaris Administration: Network Interfaces and NetworkVirtualization,Creating and
Managing Locations
On server A, you enter the following command to add a static route to serverA
route -p add -host 192.168.1.101 192.168.1.101 -static
What is the purpose of this command?
B
Explanation:
Note: # route -p add -host destination-IP gateway-IP -static
wheredestination-IPandgateway-IPare IPv4 addresses of the host to be used as a target.
For example, you would type the following to specify the target system 192.168.10.137, which is on
the same subnet as the interfaces in IPMP group itops0:
$ route -p add -host 192.168.10.137 192.168.10.137 -static
This new route will be automatically configured every time the system is restarted. If you want to
define only a temporary route to a target system for probe-based failure detection, then do not use
the -p option.
Before booting test zone a non-global zone, you want to connect to the zones console so that you
can watch the boot process.
Choose the command used to connect to testzones console.
E
Explanation:
The following options are supported:
-C
Connects to the zone console. Connects to the zone console.
Note:
After you install a zone, you must log in to the zone to complete its application environment. You
might log in to the zone to perform administrative tasks as well. Unless the-Coption is used to
connect to the zone console, logging in to a zone usingzloginstarts a new task. A task cannot span
two zones
Incorrect answers:
B: No option -console.
C, D: No option -z.
Reference: man zlogin
Consider the following rule file for use with the Basic Audit Reporting Tool (BART).
CHECK all
IGNORE dirmtime
/etc/security
/etc/notices
IGNORE contents
/export/home
IGNORE mtime size contents
/var
CHECK
You are using BART to detect inappropriate changes to the file system.
Identify the two correct statements describing the attributes recorded.
D, F
Explanation:
D: According to line /etc/security
F: According to line /export/home
Not E: According to line IGNORE dirmtime
Note: In default mode, the bart compare command, as shown in the following example, checks all
the files installed on the system, with the exception of modified directory timestamps (dirmtime):
CHECK all
IGNORE dirmtime
Note 2: The Basic Audit Reporting Tool (BART) feature of Oracle Solaris enables you to
comprehensively validate systems by performing file-level checks of a system over time. By creating
BART manifests, you can easily and reliably gather information about the components of the
software stack that is installed on deployed systems.
BART is a useful tool for integrity management on one system or on a network of systems.
Reference: Oracle Solaris Administration: Security Services, BART Manifests, Rules Files, and Reports
(Reference)