Oracle 1Z0-881 Online Practice Questions and Exam Preparation

Oracle 1Z0-881 Online Questions & Answers

• Question 201:

  The Solaris 10 cryptographic framework provides a set of end user commands. One of these new commands allows the encryption and decryption of a file. In encryption, a file named clear_file with this utility gives this error: # encrypt -a 3des -k 3_des.key -i clear_file -o encrypt_file encrypt: failed to generate a key:

  CKR_ATTRIBUTE_VALUE_INVALID

  What is the cause?

  A. The key length in 3_des.key is wrong.
  B. The file clear_file is too big to be encrypted.
  C. The encryption key can NOT be stored in a file.
  D. The 3des algorithm can NOT be used to encrypt a file.
  A. The key length in 3_des.key is wrong.

• Question 202:

  In which two ways can a service administrator specify the privilege set of a particular service in the Service Management Facility? (Choose two.)

  A. Set this using the svcs command.
  B. Import an updated service manifest.
  C. Modify the privilege set using svccfg.
  D. Change the privilege set by using svcprop.
  B. Import an updated service manifest.
  C. Modify the privilege set using svccfg.

• Question 203:

  You suspect that one of your systems has been compromised. You want to inspect the system's binaries and kernel modules by calculating hashes for them and comparing the hashes to the Solaris Fingerprint Database. What prerequisite step should you take before generating the hashes?

  A. Make sure that all users are logged out.
  B. Bring the system down to single user level.
  C. Shut down the system, and analyze the system's disk on a trusted system.
  D. Reboot the system into single user mode to make sure that any "Trojan horses" are terminated.
  C. Shut down the system, and analyze the system's disk on a trusted system.

• Question 204:

  In which Solaris 10 subsystem is Process Rights Management implemented?

  A. Process Privileges
  B. Process Accounting
  C. Process Access Control
  D. Mandatory Access Control
  E. Discretionary Access Control
  A. Process Privileges

• Question 205:

  Click the Exhibit button.

  

  You maintain a minimized and hardened web server. The exhibit shows the current credentials that the web server runs with. You receive a complaint about the fact that a newly installed webbased application does not function. This application is based on a /bin/ksh cgi-bin script. What setting prevents this cgi-bin program from working?

  A. The system might NOT have /bin/ksh installed.
  B. The server is NOT allowed to call the exec system call.
  C. The server should run with uid=0 to run cgi-bin scripts.
  D. Some of the libraries needed by /bin/ksh are NOT present in the webserver's chroot environment.
  B. The server is NOT allowed to call the exec system call.

• Question 206:

  The svcs output of a system lists this service: legacy_run Jan_30 lrc:/etc/rc3_d/S52imq If the system administrator wants this service to be disabled permanently, which action needs to be taken?

  A. /etc/init.d/imq stop
  B. /etc/init.d/imq disable
  C. svcadm disable lrc:/etc/rc3_d/S52imq
  D. The system administrator can NOT disable any services which are started through legacy /etc/init.d scripts.
  E. The system administrator needs to inspect the start script and check for a service-specific way to disable the service.
  E. The system administrator needs to inspect the start script and check for a service-specific way to disable the service.

• Question 207:

  Which statement is true about applying Solaris patches to zones?

  A. Patches are NOT applicable to sparse root zones.
  B. You have to install a patch in each zone using zlogin.
  C. Non-global zone administrators can install patches themselves.
  D. The global zone administrator can only administer patches in the global zone.
  E. When you add a patch to the global zone, it is by default added to all non-global zones.
  E. When you add a patch to the global zone, it is by default added to all non-global zones.

• Question 208:

  The development group would like to secure their network with IPsec. The number of hosts changes frequently, and they do not want to maintain preshared keys manually. The solution is to use IPsec with IKE and public keys. Which command is used to generate the IKE public/private key pair?

  A. ikeadm
  B. ikecert
  C. ipseckey
  D. cryptoadm
  E. ipsecconf
  B. ikecert

• Question 209:

  One of the operators of the mainframe group was moved to the UNIX group and tasked to activate and configure password history. For every user, the last 10 passwords should be remembered in the history. In what file is the size of the password history configured?

  A. /etc/shadow
  B. /etc/pam.conf
  C. /etc/default/passwd
  D. /etc/security/policy.conf
  C. /etc/default/passwd

• Question 210:

  Click the Exhibit button.

  

  To implement dictionary checks at password-change time, your company has acquired a PAM module that performs these checks. Which two locations would put this module in the PAM stack when you install this module as an additional strength checking measure? (Choose two.)

  A. before the line containing pam_dhkeys.so.1
  B. after the line containing pam_authtok_check.so.1
  C. after the line containing pam_authtok_store.so.1
  D. before the line containing pam_authtok_check.so.1
  E. replace the line containing pam_authtok_check.so.1
  B. after the line containing pam_authtok_check.so.1
  D. before the line containing pam_authtok_check.so.1