Oracle 1Z0-881 Online Practice Questions and Exam Preparation

Oracle 1Z0-881 Online Questions & Answers

• Question 111:

  To enforce security within your organization, access restrictions to systems must be applied. In particular, restrictions to the telnet protocol must be configured. Which action must be taken to enable TCP wrappers for the telnet protocol?

  A. svcadm tcp_wrappers start
  B. svcadm enable tcp_wrappers
  C. inetadm -m telnet=tcp_wrappers
  D. inetadm -m telnet tcp_wrappers=true
  D. inetadm -m telnet tcp_wrappers=true

• Question 112:

  An Internet service provider is offering shell accounts on their systems. As a special service, customers can also apply for a root account to get their own virtual machine. The provider has implemented this by using zones, and the customers get root access to the non-global zone. One of their customers is developing cryptographic software and is using the ISP machine for testing newly developed Solaris crypto providers. What kind of testing is available to this developer?

  A. The developer is able to test newly developed user-level providers.
  B. The developer is able to test newly developed kernel software providers.
  C. The developer can NOT test newly developed providers in a non-global zone.
  D. The developer is able to do the same tests as if developing as root in the global zone.
  A. The developer is able to test newly developed user-level providers.

• Question 113:

  The system administrator is required by the security policy to restrict the ability of users to view other processes on the system. This needs to be done for all users on the system. Which course of action should the administrator take?

  A. Edit the file /etc/security/exec_attr and add privs=basic,!proc_info to the "All" entry.
  B. Edit the file /etc/security/prof_attr and add privs=basic,!proc_info to the "Basic Solaris User" entry.
  C. Edit the file /etc/user_attr and add defaultpriv=basic,!proc_info for all users present in the file.
  D. Edit the file /etc/security/policy.conf and create the following setting: PRIV_DEFAULT=basic,!proc_info.
  D. Edit the file /etc/security/policy.conf and create the following setting: PRIV_DEFAULT=basic,!proc_info.

• Question 114:

  Which two statements are true when applying the Solaris Security Toolkit software to a system with non-global zones installed? (Choose two.)

  A. Some Solaris Security Toolkit scripts are NOT relevant to the non-global zone.
  B. The Solaris Security Toolkit undo option must be executed from the global zone.
  C. Applying Solaris Security Toolkit to a non-global zone has no affect on the global zone.
  D. Running processes in a non-global zone are included in a global zone Solaris Security Toolkit audit run.
  E. Solaris Security Toolkit will automatically configure services in the global zone when applied to the nonglobal zone.
  A. Some Solaris Security Toolkit scripts are NOT relevant to the non-global zone.
  C. Applying Solaris Security Toolkit to a non-global zone has no affect on the global zone.

• Question 115:

  To comply with new security guidelines, your company requires you to implement a new password policy that performs stricter checks on new passwords than those performed by Solaris. Which Solaris subsystem can you consider extending?

  A. Solaris PAM
  B. Solaris /usr/bin/passwd
  C. Solaris User Rights Management
  D. Solaris Cryptographic Framework
  A. Solaris PAM

• Question 116:

  By default, what are two benefits of enabling Solaris Auditing in the global zone on a system where non-global zones (NGZ) have been deployed? (Choose two.)

  A. Audit daemons are started within each of the running NGZ.
  B. No one within an NGZ can modify the audit logs for that NGZ.
  C. Individual NGZ audit logs are accessible from within the NGZ.
  D. Audit configuration settings cannot be changed inside of an NGZ.
  B. No one within an NGZ can modify the audit logs for that NGZ.
  D. Audit configuration settings cannot be changed inside of an NGZ.

• Question 117:

  A user needs to be able to mount the file system located on a USB memory stick on a workstation. How can you allow the user to mount and unmount this file system when required?

  A. Give the user write access to /etc/vfstab.
  B. Give the user write access to /etc/mnttab.
  C. Assign the user the sys_mount privilege for the file system.
  D. Enable and configure the automount daemon (automountd).
  E. Enable and configure the volume management daemon (vold).
  E. Enable and configure the volume management daemon (vold).

• Question 118:

  A security administrator needs to configure a Solaris system to act as a firewall between your company's corporate network and the Internet, using Solaris IP Filter software to control the traffic passing between these two networks. Which is an efficient way to limit the software that can be run on this system?

  A. Use IPsec to limit execution of non-system binaries.
  B. Use the Solaris Security Toolkit and allow it to automatically minimize the system.
  C. Install Solaris using the Entire Distribution Metacluster, and remove any unneeded packages.
  D. Install Solaris using the Reduced Networking Core System Metacluster and add any extra required packages.
  D. Install Solaris using the Reduced Networking Core System Metacluster and add any extra required packages.

• Question 119:

  Click the Task button.

  Place the RBAC database names on the correct descriptions.

  Drag and drop question. Drag the items to the proper locations.

  Select and Place:

  

  

• Question 120:

  The Key Distribution Center (KDC) is a central part of the Kerberos authentication system. How should the system running the KDC be configured?

  A. It should be a hardened, minimized system.
  B. It should be a hardened, non-networked system.
  C. The KDC implementation employs cryptography and can therefore run securely on an ordinary multi-user system.
  D. For improved security, users must log in to the KDC before authenticating themselves, so it must be a multiuser system.
  A. It should be a hardened, minimized system.