310-303 - Scseca - Solaris 10

8/16/2019 310-303 - Scseca - Solaris 10

1/63

Exam

: 310-303

Title :

Sun Certified Security Administrator for the Solaris 10

Ver : 09.05.07

8/16/2019 310-303 - Scseca - Solaris 10

2/63

310-303

Actualtests.com - The Power of Knowing

QUESTION 1After using the Solaris Security Toolkit on a system, some of your users have complainedthat they are no longer able to connect to the system through telnet. Which option willallow users to connect to the system without impacting security?

A. Re-enable the telnet service.B. Re-enable the telnet service, but force users to use Kerberos passwords.C. Re-enable the telnet service, but force users to use IP Filter.D. Leave telnet disabled and suggest that users use SSH instead.

Answer: D

QUESTION 2An application file system stores unchanging data only. How should this file system bemounted defensively in /etc/vfstab?

A. /dev/dsk/c0t3d0s6 /dev/rdsk/c0t3d0s6 /data ufs 2 yes nodevices,noexec,roB. /dev/dsk/c0t3d0s6 /dev/rdsk/c0t3d0s6 /data ufs 2 yes ro,nosuid,anon=0C. /dev/dsk/c0t3d0s6 /dev/rdsk/c0t3d0s6 /data ufs 2 yes noexec,nosuid,nodevicesD. /dev/dsk/c0t3d0s6 /dev/rdsk/c0t3d0s6 /data ufs 2 yes nosuid,noxattr,noexec

Answer: A

QUESTION 3To harden a newly installed Solaris OS, an administrator needs to disable the sendmailservice. Which command will disable the sendmail service, even if the system is

rebooted, patched, or upgraded, while still allowing email to be sent?

A. rm /etc/rc2.d/S88sendmailB. svcadm disable -t svc:/network/smtp:sendmailC. svcadm disable svc:/network/smtp:sendmailD. pkgrm SUNWsndmr SUNWsndmu

Answer: C

QUESTION 4The Solaris 10 cryptographic framework provides a set of end user commands. One ofthese new commands allows the encryption and decryption of a file.In encryption, a file named clear_file with this utility gives this error:# encrypt -a 3des -k 3_des.key -i clear_file -o encrypt_fileencrypt: failed to generate a key: CKR_ATTRIBUTE_VALUE_INVALIDWhat is the cause?

A. The 3des algorithm can NOT be used to encrypt a file.B. The file clear_file is too big to be encrypted.

8/16/2019 310-303 - Scseca - Solaris 10

3/63

310-303


C. The encryption key can NOT be stored in a file.D. The key length in 3_des.key is wrong.

Answer: D

QUESTION 5A small newspaper company has problems, because one of their servers was modified bysomeone. Before this incident, they didn't bother about security. After a new installation,they now want to restrict access to the system. Which two options will enhance theiraccess control? (Choose two.)

A. Enable auditing for login and logout activities.B. Use Role Based Access Control (RBAC) for administrative tasks.C. Create a wheel group and list the admin accounts in this group to limit the sucommand to only those people.D. Disable services without authentication.

Answer: B,D

QUESTION 6A Certkiller .com system administrator wants to remove most of the basic privileges forordinary users and adds the following line to the appropriate configuration file to achievethis:PRIV_DEFAULT=basic,!proc_info,!proc_session,!file_link_anyIt would be shorter to list the two remaining privileges specified in Solaris 10. Should theadministrator have written this instead?PRIV_DEFAULT=proc_exec,proc_fork

A. Yes, both forms will always be equivalent.B. No, the basic set might change in future releases.C. No, both forms are wrong. You cannot remove basic privileges.D. Yes, the shorter form is preferred.

Answer: B

QUESTION 7The digital signature of a patch provides an integrity check of the patch. Which is arequirement for signed patches?

A. The system administrator needs to sign the patch.B. All patches need to be signed by Sun Microsystems.C. Signed patches need to be downloaded through SSL.D. Vendors can sign patches only with approval from Sun Microsystems.E. The system administrator can specify which Certification Authorities are trusted forsigned patches.

8/16/2019 310-303 - Scseca - Solaris 10

4/63

310-303


Answer: E

QUESTION 8Which two steps have to be performed to configure systems so that they are more

resilient to attack? (Choose two.)

A. Perform system auditing.B. Perform system minimization.C. Perform a full system backup.D. Perform system replication.E. Perform system hardening.

Answer: B,E

QUESTION 9

Certkiller .com you work for is leasing zones to customers to run their applications in.You want each customer to be able to run the zoneadm command to start their zone incase of accidental shutdown, and also zlogin so they can access the console of their zone.Which are three reasons why you should NOT create accounts for them in the globalzone and grant them the Zone Management profile? (Choose three.)

A. They will be able to reboot the global zone.B. They will be able to see processes in other customers' zones.C. They will be able to reboot other customers' zones.D. They will be able to disable auditing in other customers' zones.E. They will be able to log in to other customers' zones.

Answer: B,C,E

QUESTION 10The Key Distribution Center (KDC) is a central part of the Kerberos authenticationsystem. How should the system running the KDC be configured?

A. The KDC implementation employs cryptography and can therefore run securely on anordinary multi-user system.B. For improved security, users must log in to the KDC before authenticating themselves,so it must be a multi-user system.C. It should be a hardened, non-networked system.D. It should be a hardened, minimized system.

Answer: D

QUESTION 11You maintain a minimized and hardened web server. The exhibit shows the currentcredentials that the web server runs with. You receive a complaint about the fact that a

8/16/2019 310-303 - Scseca - Solaris 10

5/63

310-303


newly installed web-based application does not function. This application is based on a/bin/ksh cgi-bin script.What setting prevents this cgi-bin program from working?

A. Some of the libraries needed by /bin/ksh are NOT present in the webserver's chrootenvironment.

B. The system might NOT have /bin/ksh installed.C. The server should run with uid=0 to run cgi-bin scripts.D. The server is NOT allowed to call the exec system call.

Answer: D

QUESTION 12Given:Certkiller :$md5,rounds=2006$2amXesSj5$$kCF48vfPsHDjlKNXeEw7V.:12210::::::What is the characteristic of this /etc/shadow entry?

A. User Certkiller uses the 2a hash, with 2006 iterations of the hash, with salt 2amXesSj5,and with the encrypted password kCF48vfPsHDjlKNXeEw7V.B. User Certkiller uses the md5 hash, with salt 2006$2amXesSj5$, and with the encrypted password $kCF48vfPsHDjlKNXeEw7V.C. User Certkiller uses the md5 hash, with 2006 iterations of the hash, with no salt, andwith the encrypted password $rQmXesSj5$$kCF48vfPsHDjlKNXeEw7V.D. User Certkiller uses the md5 hash, with 2006 iterations of the hash, with salt2amXesSj5, and with the encrypted password kCF48vfPsHDjlKNXeEw7V.

Answer: D

QUESTION 13DRAG DROPThe Solaris 10 OS supports a number of password-related security controls, includingminimum password length, password aging, password history, password complexityrules, and password dictionary lookup.As a Certkiller .com instructor you are required to move the password Control items to theappropriate locations.

8/16/2019 310-303 - Scseca - Solaris 10

6/63

310-303


Answer:

QUESTION 14During the installation of your database server db, you disabled telnet access to it byrunning inetadm -d telnet, because Certkiller .com security policy prohibits unencryptedaccess to the systems. You also added a default deny access policy:# cat /etc/hosts.denyALL: ALL Now a legacy application running on the legacy server needs access to the db server,using telnet, and you have been asked to implement the changes.Which three steps do you have to take to enable telnet on db and restrict access to it, sothat only traffic from legacy is allowed? (Choose three.)

A. svcadm enable telnetB. inetadm -m telnet tcp_wrapper=legacyC. inetadm -M tcp_wrapper=TRUED. inetadm -e telnetE. inetadm -m telnet tcp_wrapper=TRUEF. Add in.telnetd:legacy to /etc/hosts.deny.G. Add in.telnetd: legacy to /etc/hosts.allow.

8/16/2019 310-303 - Scseca - Solaris 10

7/63

310-303


H. svcprop -s telnet setprop inetd/tcp_wrappers=TRUE

Answer: D,E,G

QUESTION 15

Which of the descriptions is a high-level overview of how Kerberos works?

A. In a Kerberos environment, a user authenticates once to a central authority.B. In a Kerberos environment, a user needs to type a password for each service.C. In a Kerberos environment, a user authenticates once to any service of its choosingand is then pre-authenticated for all other services.D. In a Kerberos environment, a user authenticates once to each service.

Answer: A

QUESTION 16

For security reasons, one of the services your department provides has to be run in aseparate zone. Which three of the zone's properties can differ from the global zone?(Choose three.)

A. the zone's IP addressB. the zone's root passwordC. the zone's kernel patch levelD. the zone's domain nameE. the zone's system time

Answer: A,B,D

QUESTION 17One of the operators of the mainframe group was moved to the UNIX group and taskedto activate and configure password history. For every user, the last 10 passwords should be remembered in the history. In what file is the size of the password history configured?

A. /etc/security/policy.confB. /etc/shadowC. /etc/default/passwdD. /etc/pam.conf

Answer: C

QUESTION 18Certkiller .com has implemented a policy that states that accounts should becomeunavailable if they have not been used in 21 days. How is account inactivity calculated inSolaris if no naming service is used?

A. the number of days since the user's last password change

8/16/2019 310-303 - Scseca - Solaris 10

8/63

310-303


B. the last user entry in the /var/adm/wtmpx fileC. the password timestamp in the /etc/shadow fileD. an entry in the /var/adm/lastlog file

Answer: D

QUESTION 19You have been asked to implement defense in depth for network access to a system,where a web server will be running on an Internet-facing network interface. Which is NOT contributing to the defense in depth?

A. using IP Filter to limit which network ports can be accessed from the InternetB. using VLANs on a single network interface instead of using multiple networkinterfacesC. using TCP wrappers to limit from which system SSH be used to connect to the systemD. running the web server in a zone

E. using svcadm to disable unused services

Answer: B

QUESTION 20You suspect that the /usr/bin/ls binary on a system might have been replaced with a"Trojan horse." You have been able to determine that the correct MD5 checksum for thereal /usr/bin/ls binary is:md5 (/usr/bin/ls) = b526348afd2d57610dd3635e46602d2aWhich standard Solaris command can be used to calculate the MD5 checksum for the/usr/bin/ls file?

A. sum -r /usr/bin/lsB. digest -a md5 /usr/bin/lsC. md5 /usr/bin/lsD. sum -a md5 /usr/bin/lsE. crypt -a md5 /usr/bin/ls

Answer: B

QUESTION 21It is corporate practice to use the Solaris Security Toolkit on all Sun systems. This has been sucessfully done for years, and the administrators are experienced with the tool.Starting with Solaris 10, Certkiller .com now also uses Solaris zones. Which twostatements regarding Solaris Security Toolkit are correct? (Choose two.)

A. Configuration of the global zone does not impact hardening of the non-global zone.B. All minimization and hardening is done from the global zone.C. The Solaris Security Toolkit should be run in the non-global zone after installation.D. Hardening and auditing with the Solaris Security Toolkit can be done within each

8/16/2019 310-303 - Scseca - Solaris 10

9/63

310-303


individual zone.

Answer: C,D

QUESTION 22

What type of condition does Basic Audit and Report Tool (BART) allow you to detect?

A. when users have chosen passwords which do NOT comply with system password policyB. when a file has been modified, compared with a known baselineC. when a user attempts to assume a role which has NOT been assigned to that userD. unauthorized attempts to log in to a systemE. a dictionary password attack, executed by attempting to log in through SSH

Answer: B

QUESTION 23Certkiller .com is running a DNS test server on the internal network. Access to this servermust be blocked by using IP Filter. The administrator prefers that this access control isnot obvious to someone trying to contact the server from the outside. Which ruleimplements the access control but hides the use of IP Filter to the outside?

A. pass out quick on eri0 proto icmp from 192.168.1.2 to any keep stateB. block return-icmp(port-unr) in proto udp from any to 192.168.1.2 port = 53C. pass in quick on eri0 from 192.168.0.0/24 to anyD. block in quick proto udp from any to any port = 53

Answer: B

QUESTION 24A security administrator would like to restrict the number of simultaneous lightweight processes (LWPs) that the webadm role may have at any given time. The securityadministrator has created the following policy in /etc/projects:user.webadm:10000::::task.max-lwps=(privileged,5,deny)What will be the impact if the webadm role attempted to start a sixth LWP?

A. The LWP will be created and webadm's oldest LWP will be suspended until sufficientresources become available.B. The LWP will be created but it will immediately be suspended until sufficientresources become available for it to run.C. The LWP creation attempt will suspend until sufficient resources become availableallowing the LWP to be created.D. The LWP creation attempt will fail and an error code will be returned to the initiating process.E. The LWP creation attempt will fail but the system will automatically retry until theLWP has been successfully created.

8/16/2019 310-303 - Scseca - Solaris 10

10/63

310-303


Answer: D

QUESTION 25An NFSv4 client has a user Certkiller from domain example.com. The NFS server is in the

ficticious.com domain and knows the user as Certkiller as well. How would the server treatrequests made by the client?

A. The server rejects a subset of the requests made by the client.B. The server would map the user to nobody and accepts its requests.C. The server would reject all remote procedure call (RPC) requests.D. The server accepts the requests by the client as Certkiller .

Answer: B

QUESTION 26

A user started the ssh-agent followed by the ssh-add command. Afterwards the userconnects to a remote system by using the ssh command. What will this ssh command do?

A. It requires the user to enter their pass-phrase.B. It allows the user to authenticate through the GSS-API.C. It generates new keys from the user's pass-phrase.D. It authenticates without asking for the user's pass-phrase.

Answer: D

QUESTION 27

To comply with new security guidelines, Certkiller .com requires you to implement a new password policy that performs stricter checks on new passwords than those performed bySolaris. Which Solaris subsystem can you consider extending?

A. Solaris PAMB. Solaris Cryptographic FrameworkC. Solaris /usr/bin/passwdD. Solaris User Rights Management

Answer: A

QUESTION 28DRAG DROPYou work as a Certkiller .com security administrator.There are a number of security tasks that a typical security administrator performs whenconfiguring and deploying new servers.You are required to put the Security Tasks at the appropriate locations.

8/16/2019 310-303 - Scseca - Solaris 10

11/63

310-303


Answer:

QUESTION 29Which three are examples of network security mechanisms? (Choose three.)

A. Basic Security ModuleB. Network File SystemC. TCP Wrappers

D. Role Based Access Control (RBAC)E. KerberosF. IPsecG. syslog

Answer: C,E,F

QUESTION 30A security administator has a requirement to make an encrypted backup copy of anapplication and its data, using the AES algorithm, so that it can be safely transmitted to a partner. Which two command sequences can be used to generate an encrypted backup of

the files under /app1? (Choose two.)

A. encrypt -a aes -d /app1 -o app1.backup.aesB. ufsdump 0f - /app1 |\crypt -a aes > app1.backup.aesC. tar cf - /app1 |\openssl enc -out app1.backup.aes -aes-128-cbcD. crypt < /app1/* > app1.backup.aes

8/16/2019 310-303 - Scseca - Solaris 10

12/63

310-303


E. ufsdump 0f - /app1 |\encrypt -a aes -o app1.backup.aesF. tar cf - /app1 | gzip -d -e aes > app1.backup.aes

Answer: C,E

QUESTION 31During the configuration of a system to install signed patches, you discover that thesystem does not have the required Sun Microsystems Enterprise Service PatchManagement public key installed. Which is true?

A. The public key can be downloaded from Sun's web site.B. The public key is NOT required, as the Root CA will be used to verify the patch if it is NOT available.C. The public key must be requested from Sun, and transfered over a secure connectionso its authenticity can be confirmed.

D. The public key must be generated using the keytool command.

Answer: A

QUESTION 32While attempting to restart the cron service on a Solaris 10 system from the secadmaccount, a security administrator receives the following error message:secadm$ svcadm -v restart cronsvcadm: svc:/system/cron:default: Couldn't create "restarter_actions" property group(permission denied).Which two actions will permit the secadm account to restart the cron service? (Choose

two.)

A. Assign the solaris.smf.manage.cron authorization to secadm.B. Add the sys_suser_compat privilege to the secadm account.C. Assign the sys_admin privilege to the secadm account.D. Assign the Cron Management rights profile to secadm.E. Add the secadm account to the /etc/cron/cron.allow file.

Answer: A,D

QUESTION 33Given:$ ppriv -s I-proc_exec $$What is the result of this command?

A. There is no noticible effect because the Inheritable set is NOT used by a process.B. The shell process can no longer execute programsC. The command fails because an ordinary user cannot execute this command.D. New commands started by the shell can no longer execute programs.

8/16/2019 310-303 - Scseca - Solaris 10

13/63

310-303


Answer: D

QUESTION 34A security administrator is required to validate the integrity of a set of operating system

files on a number of Solaris systems. The administrator decides to use the SolarisFingerprint Database to validate configuration and data files as well as binaries andlibraries. What command, available by default in Solaris 10, will help the securityadministrator collect the necessary information that will be used with the SolarisFingerprint Database?

A. cryptoadmB. elfsignC. encryptD. md5sumE. digest

Answer: E

QUESTION 35A Certkiller .com system administrator wants to share NFS file systems to two differentsets of systems. Both sets of systems require integrity checks and Kerberosauthentication. The second set of systems also requires encryption. What option is opento the system administrator?

A. Logically divide the file system into two separate file systems, each shared withdifferent sec options.

B. Use an NFS server in two different zones, sharing the same data.C. Share the file system only with NFSv4, because older NFS versions do not supportthis.D. Share the same file system with different sec options for both sets of clients.

Answer: D

QUESTION 36When configuring the Internet Key Exchange (IKE) daemon, which two exchanges cansystem administrators choose to do? (Choose two.)

A. public keying materialB. shared secret keysC. public key certiticatesD. private key certificatesE. shared key certificates

Answer: B,C

8/16/2019 310-303 - Scseca - Solaris 10

14/63

310-303


QUESTION 37Which two tasks can you perform using the Audit facility? (Choose two.)

A. generate an overview of the network bandwith in use by a particular userB. generate an overview of all the applications executed by a particular user

C. generate an overview of CPU usage by usersD. generate an overview of which users recently changed their passwordE. generate an overview of disk space occupied by a particular user

Answer: B,D

QUESTION 38An administrator has been tasked with the installation of 20 systems. The systems will beidentical and are located both on the local network and on remote networks, although allof the hardware is network accessible. Which installation method is best suited for thistask?

A. a JumpStart interactive installationB. a DVD interactive installationC. cloning hard drives and shipping themD. a WAN Boot installation

Answer: D

QUESTION 39A cryptographically signed patch provides system administrators with assurance that the patch possesses certain qualities. Which two qualities are assured when a patch signature

is verified? (Choose two.)

A. The patch has a verified origin.B. The contents of the patch have NOT been revealed to anyone who does NOT have aSun service plan.C. The patch was created by a Sun Certified Systems Engineer.D. The patch has NOT been modified since it was signed.

Answer: A,D

QUESTION 40A Certkiller .com system administrator is new to the Solaris cryptographic framework.During minimization and hardening, the system administrator discovered a running/usr/lib/crypto/kcfd and disabled this daemon.To verify the integrity of a Solaris binary, the system administrator is comparing theMD5 checksum of a binary with the information from the Solaris Fingerprint Database atSunSolve. To get the local checksum, he is using the command digest.What will happen when executing this command?

8/16/2019 310-303 - Scseca - Solaris 10

15/63

310-303


A. The command will run as usual and provide the MD5 sum.B. The command will run but won't be able to use any installed crypto acceleratorhardware (if installed).C. The command will run slower because the kernel function can't be accessed, and theuserland implementation (libmd5.so.1) will be used.

D. The command will fail with an error.

Answer: D

QUESTION 41DRAG DROPAs an administrator at Certkiller .com you are required to put the Solaris features at theappropriate locations.

Answer:

QUESTION 42Which two commands are part of Sun Update Connection? (Choose two.)

A. /usr/bin/updatemanagerB. /usr/sbin/patchaddC. /usr/bin/keytool

8/16/2019 310-303 - Scseca - Solaris 10

16/63

310-303


D. /usr/sbin/smpatchE. /usr/bin/pkgadm

Answer: A,D

QUESTION 43User Certkiller runs a program that consumes all of the system's memory whilecontinuously spawning a new program. You decide to terminate all of Certkiller 's programs to put a stop to this. What command should you use?

A. kill `ps -U Certkiller -o pid`B. kill -u CertkillerC. pstop -U CertkillerD. pkill -U Certkiller

Answer: D

QUESTION 44DRAG DROPYou work as an administrator at Certkiller .com. When a user logs into a Solaris 10system, a default project for the user is located.You are required to put the Group Assignments at the appropriate locations in which theSolaris OS searches for the user's default project.

Answer:

8/16/2019 310-303 - Scseca - Solaris 10

17/63

310-303


QUESTION 45Can a global zone administrator prevent a non-global zone administrator from runningthe sendmail program?

A. Yes, using pkgrm SUNWsndmr SUNWsndmu.B. No, the non-global zone administrator can install and run any program.C. Yes, using zlogin -l root zonename svcadm disable sendmail.D. Yes, using svcadm -Z zonename disable sendmail.

Answer: B

QUESTION 46Packet filters and firewalls are an important component of any defense-in-depth securitystrategy. Which two types of threats can IP Filter be deployed as an effectivecountermeasure against? (Choose two.)

A. an attempt to exploit a buffer overflow vulnerability in rpcbind, originating from ahost on an authorized networkB. a Christmas Tree scanC. an attempt to exploit a buffer overflow vulnerability in rpcbind, originating from ahost on an unauthorized networkD. an attempt to log in to a system using SSH by an unauthorized userE. an attempt to exploit a SQL injection vulnerability in a web storefront application

Answer: B,C

QUESTION47Which two components are part of the Solaris Cryptographic Framework? (Choose two.)

A. single sign-on capabilitiesB. Kerberos principle generationC. random number generationD. encryption and decryption

Answer: C,D

QUESTION 48Within the context of file integrity, rules can be implemented to change the scope of theBasic Audit and Report Tool (BART) manifest.Given the rule file:/home/bert/docs *.og[dt]CHECK allIGNORE mtimeWhich two statements are valid? (Choose two.)

8/16/2019 310-303 - Scseca - Solaris 10

18/63

310-303


A. The last modification time of all checked files will not be checked.B. Only files with extension .ogt and .ogd in the directory /home/bert/docs will bechecked.C. All files on the system will be checked.D. Key words such as CHECK and IGNORE can NOT be used in a rule file.

E. All files on the system will be checked, except for files with extensions .ogt and .ogdin the directory /home/bert/docs.

Answer: A,B

QUESTION 49A security administrator has a requirement to enable password aging on a server. Afterconfiguring the maximum age for a user's password, the security administrator forces allof the users to change their passwords at next login. The administrator also configures password history to prevent users from simply reusing their last two passwords. What iswrong with this approach?

A. Users will now no longer be able to log in to the system.B. Users will be able to circumvent the password history policy.C. Users will be able to circumvent the password aging policy.D. Nothing. This approach will work as expected.E. Users will NOT be able to change their password at next login.

Answer: B

QUESTION 50The /etc/default/passwd file contains a number of configuration parameters that can be

used to constrain the character composition of user passwords. What is one of the dangersof having password composition too tightly constrained?

A. Password complexity rules apply only to the English alphabet.B. Duplication of encrypted user password strings is much more likely.C. Limited password value possibilities can simplify brute force attacks.D. Passwords are harder to compute when using many character classes.E. The entropy of the resulting password strings will be very high.

Answer: C

QUESTION 51Which are two advantages of the Service Management Facility compared to the init.dstartup scripts? (Choose two.)

A. It has methods to start and stop the service.B. It specifies what the system should do at each run level.C. It handles service dependencies.D. It restarts processes if they die.

8/16/2019 310-303 - Scseca - Solaris 10

19/63

310-303


Answer: C,D

QUESTION 52To implement dictionary checks at password-change time, Certkiller .com has acquired a

PAM module that performs these checks.Which two locations would put this module in the PAM stack when you install thismodule as an additional strength checking measure? (Choose two.)

A. before the line containing pam_authtok_check.so.1B. after the line containing pam_authtok_store.so.1C. replace the line containing pam_authtok_check.so.1D. after the line containing pam_authtok_check.so.1E. before the line containing pam_dhkeys.so.1

Answer: A,D

QUESTION 53Certkiller .com has acquired a small company and your task is to set up the first Solarisserver in their network. As there is no existing JumpStart environment, you will have to

start from scratch. Which metacluster is best suited for initial installation of a strictminimized system?

A. End User System Support (SUNWCuser)B. Reduced Networking Core System Support (SUNWCrnet)C. Entire Distribution (SUNWCall)D. Core Software Support (SUNWreq)

Answer: B

QUESTION 54

After a recent security breach, you have been asked to create a Security Policy forCertkiller .com. Which statement describes a Security Policy?

A. an audit report on how security is currently configured within Certkiller .comB. a security baseline for use when implementing systems and proceduresC. details of which tools should be used to maintain securityD. a report on how the security breach occurred, and how to avoid another occurrence inthe future

8/16/2019 310-303 - Scseca - Solaris 10

20/63

310-303


E. specific procedures to implement security in Certkiller .com

Answer: B

QUESTION 55

DRAG DROPSolaris contains a number of different tools for carrying out auditing, each focused onauditing a different type of activity.As an administrator at Certkiller .com you are required to put the Solaris Tools at theappropriate locations.

Answer:

QUESTION 56The security administrator is reviewing a Solaris Security Toolkit audit run against theglobal zone of a server. The administrator discovers that the Basic Audit and Report Tool(BART) reports failures related to file changes in non-global zones. How would theadministrator correct this problem?

A. In the global zone, create a BART rules file that excludes non-global zone file systemsfrom the manifest.B. In the non-global zone, edit the enable-bart.aud script and add options to the bartcreate command to exclude the non-global zone file systems.C. In the non-global zone, create a BART rules file that excludes non-global zone filesystems from the manifest.D. In the global zone, edit the enable-bart.fin script and add options to the bart compare

8/16/2019 310-303 - Scseca - Solaris 10

21/63

310-303


command to exclude the non-global zone file systems.E. In the global zone, edit the enable-bart.aud script and add options to the bart createcommand to exclude the non-global zone file systems.

Answer: A

QUESTION 57Which action can a system administrator with the solaris.smf.modify.sendmailauthorization execute?

A. svcadm refresh sendmailB. svcadm enable sendmailC. svccfg -s sendmail listpropD. svcadm disable sendmail

Answer: C

QUESTION 58An administrator is required to minimize an installed Solaris system. Which command isused to query which packages are installed?

A. pkginfoB. svcs -xvC. ps -efD. pkgadmE. pkgrm

Answer: A

QUESTION 59Solaris 10 includes the ability to lock a user's account after a fixed number of failed loginaccounts. What is the disadvantage of enabling this feature?

A. Entering a blank password will reset the failed login count.B. It requires passwords to be stored in clear-text on the system.C. Only login attempts using telnet are counted.D. It can be used to enable a Denial-of-Service attack.

Answer: D

QUESTION 60DRAG DROPAs an administrator at Certkiller .com you are required to put the Kerberos Concepts atthe appropriate locations.

8/16/2019 310-303 - Scseca - Solaris 10

22/63

310-303


Answer:

QUESTION 61You suspect that one of your systems has been compromised. You want to inspect thesystem's binaries and kernel modules by calculating hashes for them and comparing thehashes to the Solaris Fingerprint Database. What prerequisite step should you take beforegenerating the hashes?

A. Reboot the system into single user mode to make sure that any "Trojan horses" areterminated.B. Make sure that all users are logged out.C. Bring the system down to single user level.D. Shut down the system, and analyze the system's disk on a trusted system.

Answer: D

QUESTION 62The kernel calculates the effective set of privileges based on three other privilege sets.This calculation begins with the set of privileges inherited from the parent process. Theeffective set is then further constrained by two other sets of privileges. Which twodescribe the remaining privilege sets? (Choose two.)

A. Disallowed set - the set of privileges specifically witheld in the process owner's profile

B. Basic set - the privileges which define the system security policyC. Implicit set - the set of privileges required by a process to function correctlyD. Limit set - the ouside limit of privileges available to the processE. Permitted set - a subset of the inheritable set

Answer: D,E

8/16/2019 310-303 - Scseca - Solaris 10

23/63

310-303


QUESTION 63The security administrator has been tasked to design a minimally installed centralizedlogging server. The administrator needs to examine the packages included in the Solarisinstallation clusters to determine which metacluster will be the best starting installationfor the planned configuration. In which file on the installation DVD can the adminstratior

find the packages associated with each metacluster?

A. mountpoint /Solaris_10/Product/.packagetocB. mountpoint /.cdtocC. mountpoint /.install_configD. mountpoint /Solaris_10/Product/.clustertoc

Answer: D

QUESTION 64DRAG DROP

As an administrator at Certkiller .com you are required to put the RBAC database namesat the appropriate locations.

8/16/2019 310-303 - Scseca - Solaris 10

24/63

310-303


Answer:

QUESTION 65

A site security policy dictates that all failed logins to critical systems must be logged andmonitored. Which parameter must be changed in /etc/default/login to enable thisfunctionality?

A. SYSLOG_FAILED_LOGINSB. SYSLOGC. LOG_LOGIN_FAILURESD. SYSLOG_LOG_FAILURESE. LOG_SYSLOG_FAILURES

Answer: A

QUESTION 66You have been asked to grant the user ennovy, a member of the staff group, read andwrite access to the file /app/notes which has the following properties:ls -l /app/notes-rw-rw---- 1 root app 0 Jun 6 15:11 /app/notesWhich options will NOT grant the user the ability to read and write the file?

A. usermod -G app ennovyB. setfacl -m group:staff:rw- /app/notesC. setfacl -m user:ennovy:rw- /app/notes

D. usermod -K defaultpriv=basic,file_dac_read,file_dac_write ennovy

Answer: D

QUESTION 67To enforce security within Certkiller .com, access restrictions to systems must be applied.In particular, restrictions to the telnet protocol must be configured. Which action must betaken to enable TCP wrappers for the telnet protocol?

8/16/2019 310-303 - Scseca - Solaris 10

25/63

310-303


A. inetadm -m telnet=tcp_wrappersB. inetadm -m telnet tcp_wrappers=trueC. svcadm enable tcp_wrappersD. svcadm tcp_wrappers start

Answer: B

QUESTION 68Which three are useful tools to monitor the integrity of a system? (Choose three.)

A. elfsignB. logadmC. bartD. cryptoadmE. Solaris Fingerprint Database

Answer: A,C,E

QUESTION 69Which three Solaris services can be protected with Kerberos in Solaris 10? (Choosethree.)

A. fingerB. NFSC. TCP/IPD. rusers

E. rdistF. SSH

Answer: B,E,F

QUESTION 70Which two statements about the digest and mac commands are true? (Choose two.)

A. The mac command uses a distinct class of hash functions called messageauthentication codes (MACs). MAC functions combine the input file with a key supplied by the user, returning a fixed length digest.B. The mac command can use the Digital Encryption Standard (DES) in cipher-blockchained (CBC) mode. The digest command can NOT.C. The digest command requires that the user supply a key. The mac command does NOT. The digest command takes an input file, combines it with the key, and a variablelength digest is returned.D. The mac command uses a distinct class of hash functions called MACs. A MACfunction combines the input file with a randomly generated salt, and returns a digest.

8/16/2019 310-303 - Scseca - Solaris 10

26/63

310-303


Answer: A,B

QUESTION 71Before a security administrator modifies the default privilege list used for a SMF start or

stop method, it is important to first determine which privileges are actually needed bythat service. Which three utilities determine what privileges are used by a program orservice? (Choose three.)

A. trussB. svcadmC. pprivD. pfexecE. dtrace

Answer: A,C,E

QUESTION 72A security administrator has created these "Restricted Commands" rights profiles in the/etc/security/exec_attr file that will be assigned to a number of application developers:$ grep "^Restricted Commands" /etc/security/exec_attrRestricted Commands:solaris:cmd:::/my/bin/progA:uid=yadm;gid=yadmRestricted Commands:solaris:cmd:::/my/bin/progB:uid=vadm;gid=vadmRestricted Commands:solaris:cmd:::/my/bin/progC:uid=oamd;gid=aadmRestricted Commands:solaris:cmd:::/my/bin/progD:uid=nadm;gid=badmRestricted Commands:solaris:cmd:::/my/bin/progD:uid=nadm;gid=cadmRestricted Commands:solaris:cmd:::/my/bin/progD:uid=eadm;gid=eadm

Restricted Commands:solaris:cmd:::/my/bin/progD:As what UID and GID will the command /my/bin/progD run when the command isexecuted as followed by an application developer who has been assigned the "RestrictedCommands" rights profile?

A. UID nadm and GID cadmB. UID and GID of the application developerC. UID nadm and GID badmD. UID eadm and GID eadm

Answer: C

QUESTION 73A user tries to log in to a system using ssh and receives this message:The authenticity of host 'example-01 (1.2.3.4)' can't be established. RSA key fingerprintis 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff. Are you sure you want to continue(yes/no)?Why is this message being generated?

8/16/2019 310-303 - Scseca - Solaris 10

27/63

310-303


A. example-01 has changed its host key since the last time the user has logged into thesystem.B. The ssh-agent command is not running on the client machine.C. The user has entered an invalid password when trying to log into example-01.D. The user has never logged into example-01.

Answer: D

QUESTION 74On a system with these settings in audit_control:dir:/var/auditflags:lo,ex,ntnaflags:naminfree:20Which will NOT be a factor in the size of the audit trail generated by the system?

A. the settings in audit_eventB. the audit policy settingsC. the amount of memory in the systemD. the settings in audit_userE. the number of active users

Answer: C

QUESTION 75To harden a newly installed Solaris OS, an administrator is required to make sure thatsyslogd is configured to NOT accept messages from the network. Which supported

method can be used to configure syslogd like this?

A. Edit /etc/rc2.d/S74syslog to start syslogd with the -t option.B. Edit /lib/svc/method/system-log to set LOG_FROM_REMOTE=NO.C. Edit /etc/default/syslogd to set LOG_FROM_REMOTE=NO.D. Run svcadm disable -t svc:/network/system-log.

Answer: C

QUESTION 76Which two features are implemented by the Solaris Kerberos service? (Choose two.)

A. single sign-onB. public key cryptographic authenticationC. distributed authentication servicesD. password confidentiality on the networkE. Federated Identity Management

Answer: A,D

8/16/2019 310-303 - Scseca - Solaris 10

28/63

310-303


QUESTION 77In which Solaris OS subsystem is User Rights Management implemented?

A. Process Privileges

B. Role Based Access Control (RBAC)C. Mandatory Access ControlD. Service Management FacilityE. Discretionary Access Control

Answer: B

QUESTION 78Which is a basic privilege?

A. a privilege that applies to all processes in a basic zone

B. a privilege that cannot be taken awayC. a privilege that has traditionally been granted only to the super userD. a privilege that has traditionally been granted to unprivileged processesE. a privilege that is required to run the basic interpreter

Answer: D

QUESTION 79Which statement is true about applying Solaris patches to zones?

A. You have to install a patch in each zone using zlogin.

B. Patches are NOT applicable to sparse root zones.C. When you add a patch to the global zone, it is by default added to all non-globalzones.D. Non-global zone administrators can install patches themselves.E. The global zone administrator can only administer patches in the global zone.

Answer: C

QUESTION 80The system administrator is required by the security policy to restrict the ability of usersto view other processes on the system. This needs to be done for all users on the system.Which course of action should the administrator take?

A. Edit the file /etc/user_attr and add defaultpriv=basic,!proc_info for all users present inthe file.B. Edit the file /etc/security/exec_attr and add privs=basic,!proc_info to the "All" entry.C. Edit the file /etc/security/prof_attr and add privs=basic,!proc_info to the "Basic Solaris User" entry.

8/16/2019 310-303 - Scseca - Solaris 10

29/63

310-303


D. Edit the file /etc/security/policy.conf and create the following setting:PRIV_DEFAULT=basic,!proc_info.

Answer: D

QUESTION 81You are configuring a new system to be used as an intranet web server. After you haveinstalled the minimal amount of packages and patched the system, you added theappropriate web server packages (SUNWapch2r and SUNWapch2u). By default, the webserver daemon will be started using UID webservd and the basic privilege set. To complywith Certkiller .com's policy of least privilege, you need to minimize the privileges thatthe web server will have. What will you modify to specify the privileges that the webservice will run with?

A. the privileges property of the web service in the SMF repositoryB. the privs property of the web service in /etc/security/exec_attr

C. the defaultpriv setting of webserverd in /etc/user_attrD. the PRIV_DEFAULT setting in /etc/security/policy.conf

Answer: A

QUESTION 82You work as administrator at Certkiller .com. A single system must run a number ofdifferent network services. Among them is a web server, a mail server, a DNS server, anda MySQL database used by an e-commerce application. After several months ofsuccessful operation, a compromise is discovered: an attacker exploited a vulnerability inthe mail server and ultimately obtained a root shell. However, none of the highly

sensitive personal information in the e-commerce database was compromised, nor wasthe operation of the web server or DNS server affected.How can this be?

A. An administrator had deployed IP Filter with an aggressive policy, blocking allconnections to non-essential ports.B. A Certkiller .com system administrator deployed each service in its own non-globalzone.C. Remote access to the system was only available through SSH using RSA public keyauthentication, protecting users' credentials from eavesdroppers.D. The system was deployed in a DMZ, sensibly segmented from the corporate intranet by a packet filtering firewall.

Answer: B

QUESTION 83A Solaris 10 system has IP Filter enabled and configured. A section of the/etc/ipf/ipf.conf configuration file is reported below: block return-rst in quick proto tcp from any to any port = 23 flags S

8/16/2019 310-303 - Scseca - Solaris 10

30/63

310-303


block return-icmp (port-unr) in proto udp from any to any port > 3000Which two statements are true? (Choose two.)

A. The system does NOT return ICMP-type packets for UDP incoming connectionsreceived on ports greater than 3000.

B. The system will block and replay with an ICMP port unreachable packet to UDPconnections received for ports greater than 3000.C. The system will block incoming telnet connections and returns a TCP RST packet.D. The system will block all incoming echo requests and replies with an ICMP portunreachable packet.E. The system blocks TCP RST packets.

Answer: B,C

QUESTION 84A security administrator is required to periodically validate binaries against the Solaris

Fingerprint Database. While attempting to capture MD5 file signatures for key SolarisOS files, the security administrator encounters the following error:digest: no cryptographic provider was found for this algorithm -- md5What command should the administrator use to help determine the cause of the problem?

A. cryptoadmB. digestC. cryptD. opensslE. kcfadm

Answer: A

QUESTION 85Which are threats to electronic assets?

A. disclosure, software, loss, and trustB. loss, security policy, trust, and modificationC. disclosure, modification, loss, and interruptionD. modification, trust, repudiation, and availability

Answer: C

QUESTION 86You have a legacy non-privilege aware program which runs as root to be able to open a privileged port. Now that you have upgraded the system to Solaris 10 you want to takeadvantage of privileges. You can either run the program as root with fewer privileges, oryou can run the program as daemon with additional privileges. Why is it preferred to runthe program as daemon with added privileges?

8/16/2019 310-303 - Scseca - Solaris 10

31/63

310-303


A. root owns most of the system files.B. root is not able to drop privileges.C. daemon has preconfigured profiles for this kind of privileges.D. root is able to regain dropped privileges using the ppriv command.

Answer: A

QUESTION 87Click the Exhibit button.What is the significance of the output generated by the jass-check-sum command?

A. The two files were archived since the last Solaris Security Toolkit run.B. The two files were deleted since the last Solaris Security Toolkit run.C. The two files were modified since the last Solaris Security Toolkit run.D. The two files were created since the last Solaris Security Toolkit run.

Answer: C

QUESTION 88Which two tasks does the Key Distribution Center (KDC) perform? (Choose two.)

A. issues service ticketsB. provides private sessions to servicesC. issues ticket-granting-ticketsD. authenticates servicesE. validates passwords sent in clear text

Answer: A,C

QUESTION 89A Certkiller .com system administrator at home wants secure communication withCertkiller .com's network through a VPN. Which step would accomplish this?

A. Configure IP Filter on the client.

8/16/2019 310-303 - Scseca - Solaris 10

32/63

310-303


B. Use ssh with port forwarding.C. Configure IPsec in tunnel mode.D. Configure IPsec in transport mode.

Answer: C

QUESTION 90A security administrator is asked to create digests of some important files on a server.The digests must be stored locally on the same server. Which command will allow theadministrator to create digests and assure that the digests have NOT been tampered with?

A. digestB. cryptoadmC. macD. elfsign

Answer: C

QUESTION 91Traditionally, UNIX systems have allowed users to hard-link files of other users.Certkiller .com's current policy disallows this, and you need to implement this change. Inthe Solaris 10 OS, there is a special privilege that controls this particular capability: thefile_link_any privilege. Which statement is true?

A. You can NOT remove the privilege from the user's privilege sets because it is a basic privilege.B. You can remove the privilege from all users by editing /etc/security/policy.conf.

C. You can remove the privilege from all users by editing /etc/default/login.D. You can remove the privilege from all users by assigning them a profile shell.

Answer: B

QUESTION 92Which command is used to configure auditing to track all arguments to an executedcommand?

A. auditconfig -setpolicy +cntB. audit -setpolicy -c exC. audit -c ex +argvD. auditconfig -setpolicy +argv

Answer: D

QUESTION 93DRAG DROPYou work as a security administrator at Certkiller .com. The security policy of

8/16/2019 310-303 - Scseca - Solaris 10

33/63

310-303


Certkiller .com specifies that all user home directories have to be audited for file integrity.The security policy further specifies that user core files and user TEST directories do nothave to be checked.Complete the Basic Audit and Report Tool (BART) IGNORE rule file to achieve theabove task.

Answer:

QUESTION 94DRAG DROPYou work as a security administrator at Certkiller .com. You are required to put the Naming services at the appropriate locations. You can use each one more than once.

8/16/2019 310-303 - Scseca - Solaris 10

34/63

8/16/2019 310-303 - Scseca - Solaris 10

35/63

310-303


software used on them. Which would remove any software installed by the hacker?

A. Run Solaris Security Toolkit in audit mode, and remove anything it detects.B. Boot the system from CD-ROM and run Solaris Security Toolkit in standalone mode.C. Reinstall Solaris on the system, and run Solaris Security Toolkit after installation.

D. Run Solaris Security Toolkit with the undo option, and then re-run it in normal mode.

Answer: C

QUESTION 98The Internet Key Exchange (IKE) protocol is defined in RFC 2409. What describes whatthis protocol is responsible for implementing?

A. exchange of SSH public keys between hostsB. automating key exchange for all network servicesC. exchange of IPsec keys between hosts

D. exchange of SSH private keys between hostsE. used for Multi-Data Transmission (MDT)

Answer: C

QUESTION 99A Certkiller .com system administrator suspects that /etc/passwd or /etc/shadow has beenmodified without proper authorization. Which two methods or programs can be used tofind out whether that happened? (Choose two.)

A. pkgchk

B. bartC. the Solaris Fingerprint DatabaseD. pwdsignE. file system backups

Answer: B,E

QUESTION 100Which statement concerning the output of a Solaris Security Toolkit run is true?

A. Output can be sent to the terminal, sent as an email message, and sent to a log file.B. Output can be sent as an email message, sent to a log file, and sent to Solaris auditing.C. Output can be sent to the terminal, sent as an SNMP trap, and sent to the syslogfacility.D. Output can be sent to the terminal, sent to a log file, and sent as a system event.E. Output can be sent to the terminal, sent to the syslog facility, and sent to a log file.

Answer: A

8/16/2019 310-303 - Scseca - Solaris 10

36/63

8/16/2019 310-303 - Scseca - Solaris 10

37/63

310-303


QUESTION 103Which describes the capabilities of the crypt command?

A. It uses the 3DES encryption algorithm, which uses a 168-bit key.

B. It uses a weaker encryption algorithm than DES.C. It uses the DES encryption algorithm, which uses a 64-bit key.D. It uses the AES encryption algorithm, which uses a 128-bit key.

Answer: B

QUESTION 104The security administrator wants to log all changes that are made to the device policy.Which Solaris 10 subsystem will be used to log changes to the device policy?

A. Fault Manager

B. Solaris AuditingC. System Event facilityD. syslog facility

Answer: B

QUESTION 105Certkiller .com wants to deploy a third party network monitoring tool. A requirement fordeploying this tool is that it runs with as few privileges as possible. The tool needs accessto /dev/ip which is listed as:crw-rw-rw- 1 root sys 3, 0 Jun 5 09:11 /dev/ip

When the tool is run as the unprivileged user monitor, it fails to open /dev/ip. How doyou find out what privileges are needed?

A. Look at monitor's authorizations with auths monitor.B. Look at the device policy for /dev/ip.C. Run the tool as root.D. Look at /dev/loginperm.

Answer: B

QUESTION 106By default, what are two benefits of enabling Solaris Auditing in the global zone on asystem where non-global zones (NGZ) have been deployed? (Choose two.)

A. Individual NGZ audit logs are accessible from within the NGZ.B. Audit configuration settings cannot be changed inside of an NGZ.C. Audit daemons are started within each of the running NGZ.D. No one within an NGZ can modify the audit logs for that NGZ.

8/16/2019 310-303 - Scseca - Solaris 10

38/63

310-303


Answer: B,D

QUESTION 107To improve accountability on a Solaris system, the security administrator decides to

configure the root account to be a Solaris role. What are two considerations that thesecurity administrator should understand before making this change? (Choose two.)

A. Scheduled cron jobs for the root role will no longer run.B. Only authorized users will be able to access root.C. New privileges will need to be assigned to the root role.D. root will no longer be able to use the su command.E. root will no longer be able to log in at the system console.

Answer: B,E

QUESTION 108During a recent security audit, it was noted that a number of users within an organizationregularly share their password details with other users, even though this is specificallyforbidden in the Security Policy. Which step can be taken to reduce the incidence of password sharing?

A. migrate all authentication to an LDAP server with SASLB. educate users that sharing passwords is against policyC. enable strict password enforcement using KerberosD. enable Solaris auditing to audit the lo (login, logout) classE. configure PAM to disable sharing of accounts

Answer: B

QUESTION 109What is the purpose of the Solaris cryptographic framework metaslot?

A. It is an interface to connect to any available cryptographic service.B. It is a library to limit algorithms based on export control laws.C. It is a door-based interface to the kernel cryptographic services.D. It is a storage facility for all of the encryption algorithms.E. It is a pointer to the next available cryptographic token slot.

Answer: A

QUESTION 110A security administrator creates a directory called prevoy with the following accesscontrol policy:$ getfacl prevoy# file: prevoy

8/16/2019 310-303 - Scseca - Solaris 10

39/63

310-303


# owner: secadm# group: secadmuser::rwx group::r-x #effective:r-xmask:r-xother:r-x

default:user::r--default:user:sysadm:rwdefault:group::r--default:group:sysadm:rwdefault:mask:rwxdefault:other:---Into this directory, the security administrator creates a file called secrets. The lscommand reports the following for the prevoy directory and secrets file:$ ls -ld . secretsdrwxr-xr-x+ 2 secadm secadm 512 Jun 6 16:38 .-r--r-----+ 1 secadm secadm 0 Jun 6 16:38 secrets

Which two actions can be successfully taken by the sysadm role? (Choose two.)

A. The sysadm role can remove the secrets file.B. The sysadm role can read the secrets file.C. The sysadm role can write to the secrets file.D. The sysadm role can change the Access Control Lists of the prevoy directory.E. The sysadm role can create new files under the prevoy directory.

Answer: B,C

QUESTION 111

In which Solaris 10 subsystem is Process Rights Management implemented?

A. Process AccountingB. Mandatory Access ControlC. Process PrivilegesD. Discretionary Access ControlE. Process Access Control

Answer: C

QUESTION 112Click the Exhibit button.One step in the hardening process is to examine the user accounts and determine whatsteps need to be taken to tighten access to the system. As part of this process, anadministrator executes the command passwd -sa.Which three statements are true about the configured accounts? (Choose three.)

8/16/2019 310-303 - Scseca - Solaris 10

40/63

310-303


A. User uucp can NOT run cron jobs.B. User webservd can NOT run cronjobs.C. User charlie has no password set.D. User uucp can run cron jobs.E. User charlie is NOT in production.F. User webservd can run cron jobs.

Answer: B,C,D

QUESTION 113A user needs to be able to mount the file system located on a USB memory stick on aworkstation. How can you allow the user to mount and unmount this file system whenrequired?

A. Enable and configure the automount daemon (automountd).B. Enable and configure the volume management daemon (vold).C. Give the user write access to /etc/mnttab.D. Assign the user the sys_mount privilege for the file system.E. Give the user write access to /etc/vfstab.

Answer: B

QUESTION 114Which two sources of keying material are available for use with IPsec? (Choose two.)

A. /dev/memB. /dev/urandomC. /dev/kmemD. /dev/cryptoE. /dev/random

Answer: B,E

8/16/2019 310-303 - Scseca - Solaris 10

41/63

310-303


QUESTION 115An Internet service provider is offering shell accounts on their systems. As a specialservice, customers can also apply for a root account to get their own virtual machine. The provider has implemented this by using zones, and the customers get root access to thenon-global zone. One of their customers is developing cryptographic software and is

using the ISP machine for testing newly developed Solaris crypto providers. What kindof testing is available to this developer?

A. The developer is able to test newly developed user-level providers.B. The developer is able to do the same tests as if developing as root in the global zone.C. The developer is able to test newly developed kernel software providers.D. The developer can NOT test newly developed providers in a non-global zone.

Answer: A

QUESTION 116

Click the Exhibit button.Given a fresh new installation of a Solaris 10 system from a genuine DVD media kit, theoutput of the command shown in the Exhibit fails to verify the /bin/bart elf binary file.Assuming that the binary file is genuine, what is incorrect with the command?

A. The certificate is expired.B. None of the elf binary files in Solaris 10 are signed.C. The command given does NOT verify, but instead signs elf binary files.

D. The key word verify is in the wrong place.E. The path of the certificate is NOT correct.

Answer: E

QUESTION 117Given the command reported in /etc/dfs/dfstab from a system export:share -F nfs rw= Certkiller ,root= Certkiller ,ro /export

8/16/2019 310-303 - Scseca - Solaris 10

42/63

310-303


Who can write to this file system?

A. the root user on systems Certkiller and roB. all users on system CertkillerC. the root user on system Certkiller

D. all users on systems that have mounted this file system

Answer: B

QUESTION 118Which two message digest algorithms are shipped with Solaris 10, unmodified? (Choosetwo.)

A. sha1_hmacB. sha256_macC. md5_hmac

D. 3des_macE. aes_hmac

Answer: A,C

QUESTION 119To allow a legacy system to connect to one of your hosts, you are required to enableremote login (rlogin) connections. However, you wish to disable the ability for users touse .rhosts files to allow password-less logins.You have enabled rlogin connections by running the following command:# svcadm enable network/login:rlogin

Which file do you need to modify to disable the use of .rhosts files?

A. /etc/pam.confB. /etc/default/loginC. /etc/default/rloginD. /etc/inet/inetd.conf

Answer: A

QUESTION 120DRAG DROPYou work as a Certkiller .com security administrator.You are required to put the Cryptographic Providers at the appropriate locations.

8/16/2019 310-303 - Scseca - Solaris 10

43/63

310-303


Answer:

QUESTION 121After minimizing and hardening a system, application software was installed but couldnot run. The administrator already found that /usr/lib/libz.so.1 is missing on the system.The package containing this library needs to be installed, but the administrator does notknow the name of the corresponding package.The system is booted from the installed OSand the installation media is mounted. Which command can be used to find the name ofthe package which needs to be installed?

A. find Solaris_10 -name libz.so.1 -printB. grep libz.so.1 Solaris_10/Product/*/pkgmapC. grep libz.so.1 Solaris_10/Product/.clustertocD. grep libz.so.1 /var/sadm/install/contents

Answer: B

QUESTION 122During a recent Solaris security assessment, a security administrator found a directory on

a local UFS file system that contained the following files:$ ls -@total 7200-rwxr-----+ 1 webadm webadm 1048576 Jun 6 15:34 bar-rw---l--- 1 webadm webadm 512000 Jun 6 15:35 baz-rw-------@ 1 webadm webadm 2097152 Jun 6 15:34 CertkillerWhat is the meaning of the @ symbol associated with file Certkiller ?

8/16/2019 310-303 - Scseca - Solaris 10

44/63

310-303


A. The file has the sticky bit set.B. The file has at least one access control list defined.C. The file has permissions with an undefined bit state.D. The file is configured for mandatory locking.E. The file contains extended file attributes.

Answer: E

QUESTION 123The security group is testing software in a special lab which is configured in the samesecure way as the production servers. Some of the tested code might even be malicious.Due to budget restrictions, the available lab systems for these tests have been reduced toonly three remaining systems. The system administrator is responsible for quicklyreinstalling these systems over and over again. What way is most efficient to reliablyaccomplish this task?

A. Use compressed flash archives.B. Use a checklist for installation with local media.C. Use JumpStart with the Solaris Security Toolkit (SST).D. Use UFS snapshots and rollback as needed.

Answer: A

QUESTION 124Which naming service does NOT support password expiration?

A. files

B. NISC. LDAPD. NIS+

Answer: B

QUESTION 125Which two statements regarding patching are correct? (Choose two.)

A. A patching strategy should form part of your security policy.B. Minimizing a system can reduce the time required to apply patches.C. Only security patches should ever be installed on a secure system.D. Hardening a system can reduce the time required to apply patches.E. All patches should be installed as soon as possible after they are released.

Answer: A,B

QUESTION 126Which command lists the hash of the local system's public key?

8/16/2019 310-303 - Scseca - Solaris 10

45/63

8/16/2019 310-303 - Scseca - Solaris 10

46/63

310-303


Answer:

QUESTION 130

A security administrator has a requirement to deploy the Solaris Security Toolkit onto allSolaris servers in the department. In this environment, there are a variety of platformsand operating system versions deployed. Onto which two platforms and operating systemcombinations can the Solaris Security Toolkit be deployed in a supported configuration?(Choose two.)

A. x64, Solaris 9B. x86, Solaris 2.4C. SPARC, Solaris 8D. SPARC, Solaris 2.6E. x86, Solaris 10

Answer: C,E

QUESTION 131Which three items are the most relevant when trying to prevent resource exhaustionattacks? (Choose three.)

A. signals

8/16/2019 310-303 - Scseca - Solaris 10

47/63

310-303


B. zonesC. resource controlsD. poolsE. groupsF. projects

Answer: C,D,F

QUESTION 132A new security related patch has been released for the Solaris OS. This patch needs to beapplied to the system that functions as your web server. The web server is configured torun in a non-global zone. Can you just use patchadd to apply the patch to the global zoneto update the web server zone?

A. Yes, but you must make sure that the web server zone is booted first.B. Yes, patches will be automatically applied to all zones.

C. No, you need to shut down the web server zone first.D. No, you need to apply the patch to the web server zone separately.

Answer: B

QUESTION 133A system is configured to automatically lock accounts after a number of failed loginattempts. This was done by enabling the feature globally(LOCK_AFTER_RETRIES=YES) without any further changes. Is the root user alsoaffected by the account locking?

A. By default, root is excluded from automatic account locking.B. The /etc/shadow entry for the root user has the value -1 for failed login attempts,which causes this account to never be locked.C. root can always log in on the console, whether it is locked or not.D. The framework ensures that root can never be automatically locked.

Answer: A

QUESTION 134Certkiller .com security policy now requires very detailed auditing of all actions. Thisincludes capturing all executed commands together with their arguments and theenvironment variables.After activating auditing on all Solaris 10 systems, the security auditor complains abouthaving to check the audit trail on each individual host. He asks for a central place tocapture all audit trails.Using standard Solaris 10 security features, which is a solution to this problem?

A. Configure auditd to store the audit trail using LDAP in a central directory.B. Configure auditd to store the audit trail using NFS on a central server.

8/16/2019 310-303 - Scseca - Solaris 10

48/63

310-303


C. Configure auditd to send email with the events.D. Configure auditd to send the output using syslog to a central loghost.

Answer: B

QUESTION 135A Certkiller .com system administrator receives a critical security alert which includes areference to a fix implemented in an operating system patch. Which two statementsdescribe possible patching methods? (Choose two.)

A. Use patchadd to download, verify, and install the patch.B. Use smpatch to download the patch, download and install the Root CA certificate,analyze the patch for compatibility with the system, and verify and install the patch.C. Use smpatch to download, verify, and install the patch.D. Use svcadm to refresh the network/smpatch service. The patch will download andinstall in the background.

E. Use pkgadm to download the patch, download and install the Root CA certificate, andverify and install the patch.

Answer: A,C

QUESTION 136Due to a new application requirement, on a Solaris 10 system, the ordinary user adminhas to create directories on the root file system.The superuser has given a rights profile to the admin user as shown below:# grep admin /etc/user_attradmin::::type=normal;profiles=File System Management

Which command should the user admin execute to create the /log directory on the rootfile system?

A. sh mkdir /logB. pfexec mkdir /logC. pfsh mkdir /logD. exec mkdir /log

Answer: B

QUESTION 137An application that you are installing needs to be able to run the snoop command, whichnormally requires root access. Which two Solaris features could you use to allow thisapplication to run without giving it full root access to your system? (Choose two.)

A. Kerberos-enabled snoopB. Role Based Access Control (RBAC)C. Solaris ZonesD. Trusted Extensions snoop

8/16/2019 310-303 - Scseca - Solaris 10

49/63

310-303


E. Process Rights Management

Answer: B,E

QUESTION 138

Which two statements are true about roles in the Solaris 10 OS? (Choose two.)

A. rolemod can be used to allow roles to access other roles.B. su is the only way that a user can assume a role.C. Roles require the use of passwords for authentication.D. Roles can only be assumed by authorized users.E. Roles do NOT have their own UID, GID, or home directory.

Answer: B,D

QUESTION 139

The development group would like to secure their network with IPsec. The number ofhosts changes frequently, and they do not want to maintain preshared keys manually. Thesolution is to use IPsec with IKE and public keys. Which command is used to generatethe IKE public/private key pair?

A. cryptoadmB. ikecertC. ipseckeyD. ikeadmE. ipsecconf

Answer: B

QUESTION 140A startup company suspects that one of its sales people is accessing confidential researchand development files, which are kept on a Solaris 10 system, and leaking their contentsto the press. Which measure can the system administrator put in place to detect thisactivity?

A. Process AccountingB. Role Based Access Control (RBAC)C. Basic Audit and Report Tool (BART)D. Solaris AuditingE. File Access Control Lists

Answer: D

QUESTION 141Which option is used in /etc/vfstab to limit the size of a tmpfs file system to 512MB to prevent a memory denial of service (DoS)?

8/16/2019 310-303 - Scseca - Solaris 10

50/63

310-303


A. size=512mB. minsize=512C. swapfs=512mbD. maxsize=512

Answer: A

QUESTION 142Due to changes to the security policy of Certkiller .com, access restriction must be appliedto systems. The changes specify that access to systems through the ftp protocol is NOTallowed according to the Human Resources department, which has the 10.10.10.0/24address space assigned. TCP wrappers have been enabled for the ftp daemon, and thesefiles have been configured:# cat /etc/hosts.allowin.ftpd: ALL

# cat /etc/hosts.denyin.ftpd: 10.10.10.0/24Despite the implemented configuration, Human Resources is still able to access systemsthrough the ftp protocol. What action must be taken?

A. The ftp daemon must be restarted.B. The entry in the hosts.deny file is wrong and must be changed.C. The entry in the hosts.allow file is wrong and must be changed.D. The inetd daemon must be restarted.

Answer: C

QUESTION 143Company policy dictates that offsite backups need to be encrypted with 256-bit keys. Theinfrastructure is in place, so all the administrator must do is select which algorithm to usefor this operation. Which two algoritms can the administrator choose? (Choose two.)

A. DESB. MD5C. arcfourD. AESE. 3DESF. SHA1

Answer: C,D

QUESTION 144The Solaris 10 cryptographic framework provides user-level commands to encrypt files.A combination of commands is reported below:# tar cvf - /data | encrypt -a arcfour -k /tmp/key -o /tmp/backup

8/16/2019 310-303 - Scseca - Solaris 10

51/63

310-303


Which two statements are true? (Choose two.)

A. The key can NOT be a file.B. The /data directory is backed up and encrypted.C. arcfour is NOT a valid encryption algorithm.

D. The backup will be an encrypted file.E. The tar command invocation is NOT correct.

Answer: B,D

QUESTION 145Based on this output from verifying a signed patch, which statement is correct?

A. The patch is correctly signed.B. The patch signature is invalid, because NOT all files are signed.C. The patch signature manifest is invalid.D. The patch signature hash was NOT supplied.

Answer: A

QUESTION 146Which is a security concern when using IPsec encrypted tunnels?

A. attacker's actions may be concealedB. data may be encrypted twiceC. compatibility problems with client-side applicationsD. incompatible IPsec vendor applications

8/16/2019 310-303 - Scseca - Solaris 10

52/63

310-303


Answer: A

QUESTION 147Two administrators are trying to figure out how to implement encryption within a small

network consisting of five machines. The requirement is to keep all the traffic betweenthe nodes within that network private. They could not agree on a solution, because theyare not sure what options are available. Which technology will solve their problem?

A. KerberosB. SSHC. IP FilterD. IPsec

Answer: D

QUESTION 148Which action can a Certkiller .com system administrator with thesolaris.smf.modify.sendmail authorization execute?

A. svccfg -s sendmail listpropB. svcadm disable sendmailC. svcadm refresh sendmailD. svcadm enable sendmail

Answer: A

QUESTION149You decided it was worth maintaining an extremely paranoid policy when configuring

your firewall rules. Therefore, you had your management approve the implementation ofa security policy stance to deny all inbound connection requests to your corporatenetwork. How is it possible that you still suffer from remote exploits that youradversaries are using to obtain interactive sessions inside your firewall?

A. Internal software may be vulnerable.B. TCP splicing is easy to do.C. ICMP hijacking attacks can still succeed through any firewall.D. UDP vulnerabilities are well-known and exploited.

Answer: A

QUESTION 150An adminstrator has designed a system as an Internet proxy server. This system has beeninstalled with packages that support the proxy software and secure administration. Allother packages have been removed from the system. Which statement describes thesystem installation?

8/16/2019 310-303 - Scseca - Solaris 10

53/63

310-303


A. This system has been installed using strict minimization.B. This system has been installed using loose minimization.C. This system has been hardened.D. This system has a standard installation metacluster.

Answer: A

QUESTION 151The security administrator has created a Basic Audit and Report Tool (BART) controlmanifest for the /etc directory. A test manifest is created about one hour later, and the twomanifests are compared. The administrator checks all attributes for the files in /etc.Which event will NOT be reported by comparing the two manifests with BART?

A. A file was examined using vi, edited, restored to original, and saved.B. Permissions on a file were changed.

C. A file link was removed.D. Permissions on a file were changed and then restored.E. A file was added to the directory.

Answer: D

QUESTION 152Which two statements are true when applying the Solaris Security Toolkit software to asystem with non-global zones installed? (Choose two.)

A. Running processes in a non-global zone are included in a global zone Solaris Security

Toolkit audit run.B. Some Solaris Security Toolkit scripts are NOT relevant to the non-global zone.C. The Solaris Security Toolkit undo option must be executed from the global zone.D. Applying Solaris Security Toolkit to a non-global zone has no affect on the globalzone.E. Solaris Security Toolkit will automatically configure services in the global zone whenapplied to the non-global zone.

Answer: B,D

QUESTION 153The svcs output of a system lists this service:legacy_run Jan_30 lrc:/etc/rc3_d/S52imqIf the system administrator wants this service to be disabled permanently, which actionneeds to be taken?

A. The system administrator needs to inspect the start script and check for aservice-specific way to disable the service.B. The system administrator can NOT disable any services which are started through

8/16/2019 310-303 - Scseca - Solaris 10

54/63

310-303


legacy /etc/init.d scripts.C. svcadm disable lrc:/etc/rc3_d/S52imqD. /etc/init.d/imq stopE. /etc/init.d/imq disable

Answer: A

QUESTION 154You are administering a consolidated system with many zones, and have been asked toenable auditing. What must you do, after auditing has been enabled, to be able todistinguish between the audit events from different zones in the global zone's audit trail?

A. Use the +zonename audit policy in the global zone.B. Use the +perzone audit policy in the global zone.C. Start auditd in each local zone.D. Update audit_control in each local zone to include the zone name.

Answer: A

QUESTION 155A security administrator has a requirement to help configure and deploy a new server.What are two security tasks that the security administrator should perform? (Choosetwo.)

A. Configure network interfaces and routing information.B. Configure the server to use LDAP for authentication.C. Install a DTrace probe to capture the use of privileges.

D. Disable any network services that are NOT being used.E. Apply software patches to correct security vulnerabilities.

Answer: D,E

QUESTION 156A security administrator has a requirement to identify that changes have been made tofiles under a specific set of directories. This requirement indicates that the control shouldcheck for changes to file ownership, permissions, and content. What would best meet theneeds of the security administrator?

A. Basic Audit and Report Tool (BART)B. Solaris Security ToolkitC. File Alteration MonitorD. Process AccountingE. Solaris Auditing

Answer: A

8/16/2019 310-303 - Scseca - Solaris 10

55/63

310-303


QUESTION 157How would you configure auditing to identify when an attacker has removed auditrecords?

A. Execute the command bsmconv +cnt and reboot.

B. auditconfig -setpolicy +seq should be added to /etc/security/audit_startup.C. auditconfig -setpolicy +cnt should be added to /etc/security/audit_startup.D. Audit records already have sequence numbers by default.

Answer: B

QUESTION 158A web server administrator must configure an Apache 2 web server to start as the userwebservd. The web server administrator has been assigned the "Service Operator" rights profile. While attempting to set the SMF service property start/user, the web serveradministrator receives the following error message:

$ /usr/sbin/svccfg -s svc:/network/http:apache2svc:/network/http:apache2> setprop start/user = astring: webservdPermission Denied.Why does this error occur?

A. The start/user property does NOT exist for the Apache 2 service.B. The administrator needs the solaris.smf.manage authorization.C. The Apache 2 web server must be started only as root.D. Only the superuser is permitted to change SMF property values.

Answer: B

QUESTION 159You have been asked to let your manager's children run their homework assignments onone of the servers you administer.You have been promised that it will not impact the overall performance of the server, butyou aren't sure, so you want to track how many resources they use.After you have created a new user called kids and assigned a new project calledhomework to the user, what do you need to do to gather the resource usage information?

A. Use the poolcfg command to assign the homework project to a resource pool.B. Use the rctladm command to enable the syslog action for the homework project.C. Enable Solaris Auditing for the kids user.D. Use the acctadm command to enable extended accounting for tasks.

Answer: D

QUESTION 160Click the Exhibit button.The Exhibit shows the contents of a file named rule, and the output of a Basic Audit and

8/16/2019 310-303 - Scseca - Solaris 10

56/63

8/16/2019 310-303 - Scseca - Solaris 10

57/63

310-303


QUESTION 163What is the minimum requirement to be able to use Solaris zones?

A. Solaris zones require a network interface.B. Solaris zones require a SPARC system.

C. Solaris zones require the SUNWCuser metacluster.D. Solaris zones require the fair share sheduler (FSS).E. Solaris zones require at least two CPUs (or two cores).

Answer: C

QUESTION 164Which two are concerned with security threats? (Choose two.)

A. performanceB. confidentiality

C. integrityD. scalability

Answer: B,C

QUESTION 165A Certkiller .com system administrator needs to minimize a freshly installed Solarissystem. After verifying that the correct metacluster is installed, the administrator tries tofurther minimize the number of installed set-uid binaries. After inspection, theadministrator finds a number of printing related binaries, reviewing the relevant contentsof the /var/sadm/install/contents file.

What is the correct command to remove these set-uid binaries in a supported way?

A. chmod u-s /usr/bin/cancel /usr/bin/lp /usr/bin/lpset /usr/bin/lpstat /usr/bin/lpmove

B. chmod u-x /usr/bin/cancel /usr/bin/lp /usr/bin/lpset /usr/bin/lpstat /usr/bin/lpmoveC. pkgrm SUNWpcuD. rm /usr/bin/cancel /usr/bin/lp /usr/bin/lpset /usr/bin/lpstat /usr/bin/lpmove

Answer: C

QUESTION 166Certkiller .com has produced several inhouse applications that have to deal with

8/16/2019 310-303 - Scseca - Solaris 10

58/63

310-303


authentication using passwords. The Solaris systems have been reconfigured to use the password history checking option. What is the impact of this change for theirapplications?

A. Only privilege aware applications will benefit from the password history checking.

B. Applications which use the PAM framework will automatically use password historychecking.C. All applications automatically benefit from the new password history checking.D. Every application has to be changed to call the new functions for password historychecking.

Answer: B

QUESTION 167A security administrator needs to configure a Solaris system to act as a firewall betweenCertkiller .com's corporate network and the Internet, using Solaris IP Filter software to

control the traffic passing between these two networks. Which is an efficient way to limitthe software that can be run on this system?

A. Use the Solaris Security Toolkit and allow it to automatically minimize the system.B. Use IPsec to limit execution of non-system binaries.C. Install Solaris using the Reduced Networking Core System Metacluster and add anyextra required packages.D. Install Solaris using the Entire Distribution Metacluster, and remove any unneeded packages.

Answer: C

QUESTION 168After receiving the results from a recent security compliance evaluation, a securityadministrator was told to ensure that every user has to change their password regularly.After enabling password aging in the /etc/default/passwd file, the security administratorfinds that existing local users are still not being forced to change their password. What isthe reason for this?

A. The password aging capability does NOT apply to local users.B. Password aging is made active after a user's next password change.C. Users have disabled password aging for their own accounts.D. The /etc/default/passwd file is NOT consulted for password aging.E. The /etc/user_attr file has been configured to prevent password aging.

Answer: B

QUESTION 169An administrator has applied patch 120543-02 to a server. Unfortunately, this patch iscausing compatibility problems with one of the core applications running on that server.

8/16/2019 310-303 - Scseca - Solaris 10

59/63

8/16/2019 310-303 - Scseca - Solaris 10

60/63

310-303


QUESTION 173Solaris Auditing supports the selective logging of which two kinds of events? (Choosetwo.)

A. selected users making outbound network connections

B. access to selected files by all usersC. file access by selected usersD. password changes which do not meet the system password policy

Answer: A,C

QUESTION 174Which IPsec mechanism provides confidentiality for network traffic?

A. IKEB. SKIP

C. AHD. ESP

Answer: D

QUESTION 175Given:

booting kernel

Which feature of Solaris has generated the record?

A. Service Management FacilityB. Basic Audit and Report Tool (BART)C. Solaris Boot ManagerD. Solaris syslog daemonE. Solaris Auditing

Answer: E

QUESTION 176DRAG DROPYou work as a Certkiller .com security administrator.You are required to put the Security Toolkit parameters at the appropriate locations.

8/16/2019 310-303 - Scseca - Solaris 10

61/63

310-303


Answer:

QUESTION 177In which location is the signature for a signed binary found?

A. the ELF headerB. a trailer attached to the fileC. created and stored in memory at system bootD. stored in a system databaseE. added to the binary at compile time

Answer: A

QUESTION 178Certkiller .com has activated auditing on all of their systems. The default destinationdirectory for the audit trail is /var/audit on each system. In the past few weeks, they had

problems with one of the systems acting as a print server.A user sent a large print job, which caused /var on the print server to become full. As aresult, auditing was no longer working.They changed the /etc/security/audit_control file to include a second destination directory(using the dir: keyword).When will the audit subsystem switch from the first directory to the second configureddirectory?

8/16/2019 310-303 - Scseca - Solaris 10

62/63

310-303


A. when the first directory has less than minfree percent freeB. when the first directory is fullC. auditd will use both directories in round-robin and switch after writing a completeaudit event record.D. depends on the configuration of /etc/logadm.conf

E. after 24 hours

Answer: A

QUESTION 179You want to know when, by whom, and how privileges are used on one of your systems.How can you get that information?

A. by enabling Solaris AuditingB. by adding an audit.debug entry in /etc/syslog.confC. by using the ppriv command

D. by creating the file /etc/priv_debug

Answer: A

QUESTION 180As part of the normal deployment process, a security administrator is required to verifythe security configuration of a new Solaris 10 zone before it can be put into production.Using the Solaris Security Toolkit, the security administrator will verify the zone'sconfiguration against the corporate baseline, baseline.driver. Which command line willthe security administrator use to verify the zone named yennov?

A. jass-execute -z yennov -a baseline.driverB. chroot /export/yennov/root jass-execute -a baseline.driverC. jass-execute -R /export/yennov/roo

Documents

310-303 - Scseca - Solaris 10