Sei sulla pagina 1di 106

Number: 1z0-822 Passing Score: 800 Time Limit: 120 min File Version: 6.6

Passing Score: 800 Time Limit: 120 min File Version: 6.6 Certkiller.1z0-822.140.QA Very concise guide that gives

Certkiller.1z0-822.140.QA

Limit: 120 min File Version: 6.6 Certkiller.1z0-822.140.QA Very concise guide that gives you just what you
Limit: 120 min File Version: 6.6 Certkiller.1z0-822.140.QA Very concise guide that gives you just what you
Limit: 120 min File Version: 6.6 Certkiller.1z0-822.140.QA Very concise guide that gives you just what you
Limit: 120 min File Version: 6.6 Certkiller.1z0-822.140.QA Very concise guide that gives you just what you

Very concise guide that gives you just what you need to know to pass the exam. I found these practice dumps very complete including everything I needed to pass on my first try. I appeared in Certification exam and passed it easily using your latest study dump. Thanks for providing such quality certification material. It is the lone platform that is imminent. I am so proud of you for being so reputable! Much Appreciated! Get this Certification dump now.

Much Appreciated! Get this Certification dump now. www.vceplus.com - Website designed to help IT pros advance
Much Appreciated! Get this Certification dump now. www.vceplus.com - Website designed to help IT pros advance
Much Appreciated! Get this Certification dump now. www.vceplus.com - Website designed to help IT pros advance
Much Appreciated! Get this Certification dump now. www.vceplus.com - Website designed to help IT pros advance

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Exam A

QUESTION 1 Consider the following commands on a newly installed system:

zfs set compression=on rpool zfs get H o source compression rpool

What is the output of the second command?

A. default

B. –

C. local

D. on

Correct Answer: C Section: (none) Explanation

local D. on Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: The zfs get command

Explanation/Reference:

Explanation:

The zfs get command supports the -H and -o options, which are designed for scripting. You can use the -H option to omit header information and to replace white space with the Tab character. Uniform white space allows for easily parseable data. You can use the -o option to customize the output in the following ways:

* The literal name can be used with a comma-separated list of properties as defined in the Introducing ZFS Properties section.

* A comma-separated list of literal fields, name, value, property, and source, to be output followed by a space and an argument, which is a comma- separated list of properties.

The following example shows how to retrieve a single value by using the -H and -o options of zfs get:

# zfs get -H -o value compression tank/home on

QUESTION 2 You want to create a ZFS file system with the following specifications:

lzjb compression enabled Cannot consume more than 2 GB from the storage pool Redundant data at the block level eliminated Mounted as /data

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Which command creates the desired file system?

Which command creates the desired file system? A. zfs create o

A. zfs create o mountpoint=/data,compression=on,algorithm=lzjb,deduplication=on,quota=2g /pool1/data

B. zfs create o mountpoint=/data compression=on algorithm=lzjb deduplication=on quota=2g /pool1/data

C. zfs create o mountpoint=/data o compression=on o dedup=on o quota=2g /pool1/data

D. zfs create o mountpoint=/data o compression=on o algorithm=lzjb o deduplication=on o quota=2g /pool1/data

E. zfs create pool/data zfs set mountpoint=/data,quota=2g, dedup=on,compression=on /pool1/data

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Not on compression setting:

compression=on | off | lzjb | gzip | gzip-N

Controls the compression algorithm used for this dataset. The "lzjb" compression algorithm is optimized for performance while providing decent data compression. Setting compression to "on" uses the "lzjb" compression algorithm. Incorrect:

Not A, Not E: Should not use commas like this. Not B, Not D: There is no property algorithm named to this command. To specify the use of the lzjb compression command we must use

compression=lzjb.

QUESTION 3 Which two zpool subcommands will permanently remove a submirror from active storage pool?

A. remove

B. detach

C. destroy

D. offline

E. replace

F. split

G. zpool does not permit this operation on an active storage pool unless the submirror faults.

Correct Answer: AB Section: (none) Explanation

Explanation/Reference:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Explanation:

zpool detach pool device

Explanation: zpool detach pool device Detaches device from a mirror. The operation is refused if there

Detaches device from a mirror. The operation is refused if there are no other valid replicas of the data.

QUESTION 4 You have a ZFS pool that contains a hierarchy of data file systems. You create snapshots of the file systems and you created a clone (dpool/export/CID) of the dpool/export/home/CID file systems. The file systems are as follows:

file systems. The file systems are as follows: Now you remove a file from the cloned

Now you remove a file from the cloned file system:

root@sll-server1:~# rm /export/CID/core.bash.8070

How will space usage be changed for dpool/export/CID?

A. The USED value will increase and the REFER value will decrease; the AVAIL value will be unchanged.

B. The USED value will decrease and the REFER value will increase; the AVAIL value will increase.

C. The USED value will decrease, the REFER value will decrease; the AVAIL value will increase.

D. USED, REFER and the AVAIL value will be unchanged.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

QUESTION 5 To reduce the use at storage space on your server, you want to eliminate duplicate copies of data in your server's ZFS file systems. How do you specify that pool1/data should not contain duplicate data blocks on write operations?

A. zfs create o compression=on pool1/data

B. zpool create o deduplication=on pool1 ; zfs create pool1/data

C. zpool create o dedupratio=on pool1 ; zfs create pool1/data

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

D.

zfs create o dedupratio=2 pool1/data

E. zfs create o dedup=on pool1/data

Correct Answer: E Section: (none) Explanation

Explanation/Reference:

Explanation:

To c reate a file system with deduplication:

root@solaris:~# zfs create -o dedup=on

Note: If you have a storage pool named 'tank' and you want to use dedup, just type this:

zfs set dedup=on tank

you want to use dedup, just type this: zfs set dedup=on tank QUESTION 6 Which option

QUESTION 6 Which option lists default checkpoints for building an image using the Distribution Constructor?

A. manifest-valid and ba-init

B. ba-arch and grub-setup

C. transfer-ips-install and pre-pkg-img-mod

D. pkg-img mod and create-usb

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

The following list provides a brief description of each default checkpoint in the order the checkpoints are executed in most manifests.

transfer-ips-install At this checkpoint, the distribution constructor contacts the IPS publishers and adds to the image the packages that are listed in the software_data element of the manifest.

set-ips-attributes At this checkpoint, the constructor sets the publisher to be used by the installed system. The values set by this checkpoint are not relevant if you are building an automated installation image.

pre-pkg-img-mod At this checkpoint, the constructor imports into the image the SMF service files that were specified in the configuration element of the manifest. Also, the constructor modifies some files to optimize the image.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

QUESTION 7 Which two statements describe the capabilities of the Distribution Constructor?

describe the capabilities of the Distribution Constructor? A. ISO images for use with the Automated Installer

A. ISO images for use with the Automated Installer (AI) can be created.

B. Bootable USB images can be created for SPARC and x86 architectures.

C. A single installation server can be used to create ISO images, for SPARC and x86 architectures.

D. Checkpoints are used to pause the build, thereby allowing the running of a script to modify the resulting ISO image.

E. A single installation server can be used to create ISO images for Solaris 10 and Solaris 11.0 operating systems.

Correct Answer: AD Section: (none) Explanation

Explanation/Reference:

Explanation:

A: Oracle Solaris Image Types include:

x86 or SPARC ISO Image for Automated Installations The Oracle Solaris release includes the automated installer tool. The automated installer (AI) is used to automate the installation of the Oracle Solaris OS on one or more SPARC and x86 systems over a network.

D:

* You can also create custom scripts to modify your installation image. Then, you can add checkpoints to the manifest file to run these custom scripts.

* You can use the options provided in the distro_const command to stop and restart the build process at various stages in the image-generation process, in order to check and debug the image that is being built. This process of stopping and restarting during the build process is called checkpointing. Checkpointing is optional. Default checkpoints are specified in each manifest file. Incorrect:

Not B: Only for x86, not for SPARC- Oracle Solaris x86 LiveCD You can create an x86 ISO image that is comparable to the LiveCD image that's distributed as an Oracle Solaris release. You can also modify the content of this ISO image by adding or removing packages. You can revise the default settings for the resulting booted environment to create a custom ISO image or USB image.

Note: The distribution constructor creates images based on settings specified in XML files, called manifest files. The manifest files contain specifications for the contents and parameters for the ISO images that you create using the distribution constructor. The distribution-constructor package provides sample manifests that can be used to create a custom x86 Live Media ISO, an x86 or SPARC Automated Install ISO image, or an x86 or SPARC text installation ISO image.

The elements in each manifest file provide preset, default values that will create the type of ISO image you need. You can manually edit these preset elements in a manifest file to customize the resulting image. In addition, you can create custom scripts to further modify your image. Then, reference the new scripts in the manifest file.

QUESTION 8 Your colleague is administering the company's Automated Install server and is using a custom manifest. You now plan to replace the default AI manifest with the custom manifest. Which installadm subcommand must you use to replace the default AI manifest?

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

A. update-service

B. update-manifest

C. set-service

D. create-manifest

E. create-service

F. set-manifest

Correct Answer: B Section: (none) Explanation

set-manifest Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: Explain: If you want to

Explanation/Reference:

Explanation:

Explain:

If you want to change the content of a manifest or script that has already been added to an install service, use the installadm update-manifest command. Criteria, default status, and manifest_or_script_name are not changed as a result of the update. # installadm update-manifest -n s11-x86 -f ./newregion1.xml -m region1 The create-manifest and update-manifest subcommands validate XML manifest files before adding them to the install service. AI syntactically validates the AI manifests at client installation time. Note - If an invalid manifest is provided to a client, the automated installation aborts. To investigate the cause of the validation failure, see the /system/volatile/install_log on the client.

QUESTION 9 You are using AI to install a now operating system. You add the following information to the AI manifest:

<configuration type="zone" name="dbzone source="http://sysA.example.com/zone_cfg/zone.cfg"/>

Which statement is true regarding the zone.cfg file?

A. It is a text file in a zonecfg configuration format.

B. It is an AI manifest that specifies how the zone is to be installed.

C. It is an XML file in a form suitable for use as a command script file for the zonecfg command.

D. It is an profile with keywords that are specific for configuring a zone as part of the installation

E. It is an XML file that specifies the zonename, zonepath, and other zonecfg parameters.

Correct Answer: A Section: (none) Explanation

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Explanation/Reference:

Explanation/Reference: QUESTION 10 You are the administrator of on Oracle Solaris 11 AI server. You added

QUESTION 10 You are the administrator of on Oracle Solaris 11 AI server. You added a client. Then you created a custom manifest, custom criteria, and a custom profile for the client. You made an error in the package path within the custom manifest. When will the error appear?

A. when the manifest is checked during client preinstall

B. when the manifest is used during client install

C. when the manifest is updated on the AI server

D. when the manifest is added to the AI server

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Note:

* The default AI manifest must work for any client that does not match a custom manifest, for any service based on this image.

QUESTION 11 You plan to use the Automated Installer (AI) to install a nonglobal zone named zone1. You created custom manifest for the nonglobal zone and named it zone1manifest. Which command must you use to add this custom manifest to the s11-sparc install service and associate this custom manifest with the nonglobal zone?

A. installadm create-profile n s11-sparc f /term/zone1manifest.xml c zonename="zone1"

B. installadm create-manifest n s11-sparc f /term/zone1manifest.xml m zone1manifest c zonename="zone1"

C. installadm create-client n s11-sparc f /term/zone1manifest.xml m zone1manifest c zonename="zone1"

D. installadm create-server n s11-sparc f /term/zone1manifest.xml m zone1manifest c zonename="zone1"

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

Install services are created with a default AI manifest, but customized manifests or derived manifests scripts (hereafter called "scripts") can be added to an install service by using the create-manifest subcommand.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

* Example: Add the new AI manifest to the appropriate AI install service, specifying criteria

* Example:

Add the new AI manifest to the appropriate AI install service, specifying criteria that define which clients should use these installation instructions.

# installadm create-manifest -n s11-x86 -f ./mem1.xml -m mem1 \ -c mem="2048-unbounded"

* Syntax

installadm create-manifest -n|--service svcname -f|--file manifest_or_script_filename [-m|--manifest manifest_name] [-c|--criteria criteria=value|list|range -C|--criteria-file criteriafile] [-d|--default]

|

QUESTION 12 You are using the distribution constructor to build a custom text installer. You copied and modified the default test installer XML file and issued the following command to build image:

# /usr/bin/distro_const build v /usr/share/distro_const/new-dc_ai_x86.xml

How will the checkpoints in the distribution constructor be used by this command?

A. The distribution constructor will create a snapshot of the data directory at a checkpoint and report errors the log file until completed.

B. The distribution constructor will stop at each checkpoint until you issue a distro_const restart command.

C. The distribution constructor will not use checkpoints without the correct CLI option added to the command.

D. The distribution constructor will stop at a checkpoint only if an error is encountered during the image build.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Only verbose mode is selected (-v) not checkpoints options.

* You can use the options provided in the distro_const command to stop and restart the build process at various stages in the image-generation process in order to check and debug the image that is being built. This process of stopping and restarting during the build process is called checkpointing. Checkpointing is optional.

Note:

* You can use the options provided in the distro_const command to stop and restart the build process at various stages in the image-generation

process, in order to check and debug your selection of files, packages, and scripts for the image that is being built. This process uses the checkpointing options that are available in the distro_const command.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

* distro_const Command Options / distro_const build manifest Builds an image in one step using

* distro_const Command Options

/ distro_const build manifest

Builds an image in one step using specified manifest file / distro_const build -v

Verbose mode

/ distro_const build -l manifest

Lists all valid checkpoints at which you can pause and resume building an image / distro_const build -p checkpoint_name manifest Pauses building an image at a specified checkpoint

/ distro_const build -r checkpoint_name manifest

Resumes building an image from a specified checkpoint

/ distro_const build -h

Displays help for the command

* After you have set up the manifest file that you plan to use and, if desired, customized the finalizer scripts, you are ready to build an image by running the distro_const command.

You can use the distro_const command to build an image in either of the following:

In one step

Pausing and restarting the build as needed to examine the content of the image and debug the scripts during the build process

QUESTION 13 Your company's security policy prohibits access to the Internet. You already installed an instance of Oracle Solaris 11 on an M-series server for base testing. You used the text install media to install the system. You also installed a package repository on the same system. There are 10 M-series servers that have just been installed on the local network. Can you immediately install an AI server on your testing machine order to install Oracle Solaris 11 on these 10 servers?

A. Yes, by using the existing Solaris 10 Jumpstart server.

B. Yes, by using the text install media for the AI software.

C. Yes, by using the Installed package repository.

D. No, you must download the AI .iso image from Oracle first.

E. No, the Solaris large-server group must be installed because it contains the AI setup tools.

F. No, the Solaris 11 full n repository must be installed on the AI server.

G. No, you must have a prebuilt image that was created by the distribution constructor.

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

QUESTION 14 You have set resource controls on a project. Now you want to set

QUESTION 14 You have set resource controls on a project. Now you want to set up syslog to monitor a particular resource control and log a message whenever the resource control is exceeded. Which option would you choose to activate logging on the global resource control facility to establish a syslog action on a resource control?

A. Use the rctladm command to enable the global syslog attribute of a resource control.

B. Use the prctl command to enable the global syslog attribute of resource control.

C. Use the ipcs command to enable the global syslog attribute of a resource control.

D. Use the setrctl command to enable the global syslog attribute of a resource control.

E. By default, global logging of resource control violations is already enabled. Make an entry in the syslog.conf file and refresh the system-log service.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

Global Monitoring of Resource Control Events Often, the resource consumption of processes is unknown. To get more information, try using the global resource control actions that are available with the rctladm command. Use rctladm to establish a syslog action on a resource control. Then, if any entity managed by that resource control encounters a threshold value, a system message is logged at the configured logging level.

QUESTION 15 Consider the following command:

zonestat q r physical-memory R high z dbzone p P "zones" 10 24h 60m

What data will this command report?

A. The dbzone's physical memory usage every hour for a day, displaying the 10 higher usage intervals for each hour.

B. All the dbzone's resource usage, excluding physical memory, 10 times an hour for a day.

C. The dbzone's CPU, virtual memory, and networking utilization every hour for a day, displaying top 10 usage intervals.

D. The dbzone's memory and CPU utilization every 10 seconds for a day, displaying peak usage each hour.

E. The dbzone's physical memory usage every 10 seconds for a day. displaying peak usage each hour.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

*

Example 1:

* Example 1: * man zonestat -q Quiet mode. Only print summary reports (requires the -R
* Example 1: * man zonestat -q Quiet mode. Only print summary reports (requires the -R

* man zonestat -q Quiet mode. Only print summary reports (requires the -R option). All interval reports are omitted. -r resource[,resource] Specify resource types on which to report. The available resources are: physical-memory, virtual-memory, locked- memory, processor- set, processes, lwps, shm-memory, shm-ids, sem-ids, msg-ids, lofi, and network. summary A summary of cpu, physical-memory, vir- tual memory, and network usage.

* Example 2 :

The following command monitors silently at a 10 second interval for 24 hours, producing a total and high report every 1 hour:

# zonestat -q -R total,high 10s 24h 1h

QUESTION 16 Consider the following command and output:

user$ newtask v p canada Identify the output.

A. the task ID for the project canada

B. the project ID for the project canada

C. the task ID for the shell

D. the task ID for all jobs already running in the shell

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Example 1: Creating a New Shell

The following example creates a new shell in the canada pro- ject, displaying the task id:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

example$ id -p uid=565(gh) gid=10(staff) projid=10(default) example$ newtask -v -p canada

projid=10(default) example$ newtask -v -p canada QUESTION 17 User Frank is a member of two projects.

QUESTION 17 User Frank is a member of two projects. He currently has a process running. He needs to move the process from its current project to the other project. Which command must Frank use to determine the process' task ID?

A. projects

B. prtcl

C. id

D. ps

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

The ps command prints information about active processes. Without options, ps prints information about processes asso- ciated with the controlling terminal. The output contains only the process ID, terminal identifier, cumulative execu- tion time, and the command name. Otherwise, the information that is displayed is controlled by the options.

QUESTION 18 Which two statements describe projects and/or tasks?

A. A task is a resource container for one process.

B. Project resource controls are evaluated before task resource controls.

C. Every user belongs to one or more projects.

D. Every task associates a project with a process.

E. A project is optional and not every user must belong to a project.

Correct Answer: CD Section: (none) Explanation

Explanation/Reference:

Explanation:

C: a user must be assigned to a default project, the processes that the user launches can be associated with any of the projects of which that user is a

member.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

D: How to Create a New Task

D: How to Create a New Task 1.Log in as a member of the destination project,

1.Log in as a member of the destination project, booksite in this example. 2.Create a new task in the booksite project by using the newtask command with the -v (verbose) option to obtain the system task ID. machine% newtask -v -p booksite The execution of newtask creates a new task in the specified project, and places the user's default shell in this task.

3.View the current project membership of the invoking process. machine% id -p uid=100(mark) gid=1(other) projid=4113(booksite)

The process is now a member of the new project.

Note:

* Projects are collections of tasks, which are collections of processes.

* Projects and tasks are used to label workloads and separate them from one another.

Incorrect:

Not A: The task collects a group of processes into a manageable entity that represents a workload component. Not E: If no default project is found, the user's login, or request to start a process, is denied.

QUESTION 19 Resource constraints have been placed on a particular project. Which command would you use to view the constraints that have been placed on that project?

A. ipcs

B. prctl

C. projects

D. rctladm

E. prstat

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

prctl - get or set the resource controls of running processes, tasks, and projects.

The prctl utility allows the examination and modification of the resource controls associated with an active process, task, or project on the system. It allows access to the basic and privileged limits and the current usage on the specified entity.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Incorrect: not A: ipcs provides information on the ipc facilities for which the calling process

Incorrect:

not A: ipcs provides information on the ipc facilities for which the calling process has read access. not D:

rctladm - display or modify global state of system resource controls Not E: prstat - report active process statistics

Note:

* In the Oracle Solaris operating system, the concept of a per-process resource limit has been extended to the task and project entities.

QUESTION 20 Frank is a member of two projects on you system. He has a process running in a project called project- clock and needs to move it under the other project he belongs to. Which command must Frank use to move the process?

A. setproject

B. newtask

C. projmod

D. prtcl

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

How to Move a Running Process Into a New Task This example shows how to associate a running process with a different task and new project. To perform this action, you must either be superuser, or be the owner of the process and be a member of the new project.

1.

Become superuser or assume an equivalent role

2.

Obtain the process ID of thebook_catalogprocess.

#

pgrep book_catalog

3.

Associate process8100with a new task ID in thebooksiteproject.

#

newtask -v -p booksite -c 8100

The -coption specifies that newtaskoperate on the existing named process.

4. Confirm the task to process ID mapping.

# pgrep -T 17

Incorrect:

Not C: projmod does not change the processes of a project.

The projmod utility modifies a project's definition on the system. projmod changes the definition of the specified project and makes the appropriate project-related system file and file system changes.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

QUESTION 21 You configured a limit of 100 LWPs project. You want to ensure that

QUESTION 21 You configured a limit of 100 LWPs project. You want to ensure that the LWP limit was not set too low, so you need to monitor the LWPs currently in use by the project. Which two options could you use to monitor the current LWP resource control and the consumption of resources for this project?

A. prtcl $$

B. configuring syslogd to log messages received from the resource manager daemon

C. ps o taskid p

D. prtcl n task.max-lwps $$

E. rctladm l task.max-lwps

F. rctladm e syslog task.max-lwps; when the threshold for the resource is exceeded, a log entry will be generated by syslogd

Correct Answer: DF Section: (none) Explanation

Explanation/Reference:

Explanation:

D: Example:

# prctl -n task.max-lwps $$ process: 111107: csh

NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT

task.max-lwps

usage 3 privileged 3 - deny - system 2.15G max deny

F: The following command activates system logging of all violations of task.max-lwps.

#

rctladm -e syslog task.max-lwps

#

Note: How to Set the Maximum Number of LWPs for Each Task in a Project

This procedure adds a project named x-files to the /etc/project file and sets a maximum number of LWPs for a task created in the project.

1.Become an administrator. 2. Use the projadd command with the -K option to create a project called x-files. Set the maximum number of LWPs for each task created in the project to 3. # projadd -K 'task.max-lwps=(privileged,3,deny)' x-files

QUESTION 22 The following information describes the current dump configuration of your server:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Assume that the following command lines have been run on a system: (root) # coreadm

Assume that the following command lines have been run on a system:

(root) # coreadm g $HOME/var/core/%m.core.%f.%t (non-root) $ coreadm p core.%f.%p

Identify the result of a subsequent process crash.

A. A copy of a core file will appear in /var/core.

B. A copy of a core file will appear in the process' current working directory.

C. The root copy will include the taskid of the process.

D. The nonroot copy will include the day of the process crash.

E. The global format will override the per-process format.

F. The global core dump is disabled, so a core file will not be saved.

Correct Answer: B Section: (none) Explanation

be saved. Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: * -p pattern Set the

Explanation/Reference:

Explanation:

* -p pattern

Set the per-process core file name pattern to pattern for each of the specified process-IDs. The pattern can contain any of the special % variables

* Variables:

%f, executable file name, up to a maximum of MAXCOMLEN characters %p, process-ID

* Example. The core file name pattern:

/var/core/core.%f.%p would result, for command foo with process-ID 1234, in the core file name: /var/core/core.foo.1234

* Example. Setting the core file name pattern

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

When executed from a user's $HOME/.profile or $HOME/.login, the following command sets the core file

When executed from a user's $HOME/.profile or $HOME/.login, the following command sets the core file name pattern for all processes run during the login session:

example$ coreadm -p core.%f.%p $$ $$ is the process-id of the currently running shell. The per-process core file name pattern is inherited by all child processes.

Note (see synopsis 2 below). * The coreadm command is used to specify the name and location of core files produced by abnormally-terminating processes.

SYNOPSIS coreadm [-g pattern] [-i pattern] [-d option coreadm u

]

[-e option

]

coreadm [-p pattern] [pid

]

The first form shown in the synopsis can be executed only by the super-user and is used to configure system-wide core file options, including a global core file name pattern and a per-process core file name pattern for the init(1M) process. The second form can be executed by non-privileged users and is used to specify the file name pattern to be used by the operating system when generating a per-process core file.

QUESTION 23 You are asked to configure your system to save crash dump information. While choosing a directory to save the dump data, you consider protecting a minimum amount of free space. What is the default minimum free space in a crash dump directory?

A. By default, the minimum free space is 10% of the size of the dump volume.

B. By default, no minimum free space is set.

C. By default, the minimum free space is 1 MB.

D. By default, the space is determined by the amount of swap space.

E. By default, the space is determined by the amount of memory installed in the system.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Dump Parameter: minimum free space Minimum amount of free space required in the savecoredirectory after saving crash dump files. If no minimum free space has been configured, the default is one Mbyte.

QUESTION 24 You are mentoring a colleague who recently added a local7.notice entry to the /etc/syslog.conf file. After restarting the logging service, your colleague notices that no new records are being logged and asks for your help. Included in the file are these entries:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

(19)*.alert root

(20)*.emerg*

(21)local7.notice /var/log/Appx.log

While running the syslogd process in debug mode, you notice the following:

the syslogd process in debug mode, you notice the following: You examine the /var/adm/messages file: Jan
the syslogd process in debug mode, you notice the following: You examine the /var/adm/messages file: Jan

You examine the /var/adm/messages file:

Jan 6 00:23:10 so111-server syslogd: line 21: unknown priority name "notice "

What do you identify as the cause of the problem?

A. There is a control or nonprintable character at the end of line 21 in the /etc/syslog.conf file.

B. The application that logs to /var/log/Appx.log does not support the notice priority.

C. There is an extra space in line 21 in the /etc/syslog.conf file.

D. The facility local7 does not support the notice priority.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Must only use Tabs, not spaces. It says unknown priority name "notice " (there is a space after the word notice).

QUESTION 25

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Which four configuration elements are managed by the dumpadm utility?

A. the location of the dump device

B. the location of the savecore directory

C. the index number for the next core dump

D. the reserved file system space that a core dump may not use

E. the compression of the crash dump file

F. the size of the dump device

Correct Answer: ABDE Section: (none) Explanation

device Correct Answer: ABDE Section: (none) Explanation Explanation/Reference: Explanation: dumpadm - configure

Explanation/Reference:

Explanation:

dumpadm - configure operating system crash dump SYNOPSIS /usr/sbin/dumpadm [-nuy] [-c content-type] [-d dump-device] [-m mink | minm | min%] [-s savecore-dir] [-r root-dir] [-z on | off]

The options include:

A: -d dump-device Modify the dump configuration to use the specified dump device.

B: -s savecore-dir

Modify the dump configuration to use the specified directory to save files written by savecore.

D: -m mink | minm | min%

Create a minfree file in the current savecore directory indicating that savecore should maintain at least the specified amount of free space in the file system where the savecore directory is located.

E: -z on | off Modify the dump configuration to control the operation of savecore on reboot. The options are on, to enable saving core files in a compressed format, and off, to automatically uncompress the crash dump file. The default is on, because crash dump files can be very large and require less file system space if saved in a compressed format.

QUESTION 26 What is true about crash dump configuration?

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

A. The minfree value can be to protect a percentage of available disk space. B.

A. The minfree value can be to protect a percentage of available disk space.

B. The default size of the dump device is configurable.

C. You can use one ZFS volume for both swap and dump.

D. You can set quota on a ZFS dump device.

E. When set on the dump device, the minfree value sets the total size of the dump device to be a percentage of the total size of the root pool.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

See % below.

coredump parameter: -m mink | minm | min% Create a minfree file in the current savecore directory indicating that savecore should maintain at least the specified amount of free space in the file system where the savecore directory is located. The min argument can be one of the following:

k

A

positive integer suffixed with the unit k specifying kilobytes.

m

A

positive integer suffixed with the unit m specifying megabytes.

%

A

% symbol, indicating that the minfree value should be computed as the specified percentage of the total current size of the file system containing the

savecore directory.

The savecore command will consult the minfree file, if present, prior to writing the dump files. If the size of these files would decrease the amount of free disk space below the minfree threshold, no dump files are written and an error message is logged. The administrator should immediately clean up the savecore directory to provide adequate free space, and re-execute the savecore command manually. The administrator can also specify an alternate directory on the savecore command-line.

Incorrect:

Not C: Separate ZFS volumes must be used for the swap area and dump devices.

QUESTION 27 Which two actions permit the system-log service to receive messages from a remote Solaris host?

A. setting the property config/log_from_remote to true and restarting the service

B. setting the property config/log_from_remote to *.noticoand restart the service

C. configuring a selector for remote messages in the /etc/syslog.conf file

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

D.

ensuring that port 514 is open to remote traffic and doesn't require a password

Correct Answer: AD Section: (none) Explanation

Explanation/Reference:

Explanation:

A: To restart remote logging:

svccfg -s system-log setprop config/log_from_remote=true svcadm restart system-log

config/log_from_remote=true svcadm restart system-log D: You can run 'snoop' on the interface to see if

D: You can run 'snoop' on the interface to see if you see syslog packets leaving the server snoop udp port 514

QUESTION 28 There is a valid SMF manifest located underneath the /var/svc/manifest directory. Which four methods can be used to add it to the services repository?

A. Reboot the system.

B. Restart the early-manifest-import service.

C. Use the svccfg apply command.

D. Restart the manifest-import service.

E. Use the svccfg import command.

Correct Answer: ACDE Section: (none) Explanation

Explanation/Reference:

Explanation:

AD: Manifests from the standard directory trees /lib/svc/manifest and /var/svc/manifest are processed during system boot and anytime an administrator or program runs:

$ svcadm restart manifest-import

C: svccfg apply subcommand If the argument is a service profile or manifest, apply the configuration to the admin layer of the SMF repository. Services, instances, property groups, and properties will be created as necessary.

E: import [-V] [file | directory]

svccfg import on a file in a system-managed filesystem location (subdirectories of /lib/svc/manifest and /var/svc/manifest) invokes: svcadm restart

manifest-import.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Placing your manifests in a system-managed location and invoking svcadm restart manifest-import to import them

Placing your manifests in a system-managed location and invoking svcadm restart manifest-import to import them is the recommended practice.

svccfg import on files in other locations imports their properties as administrative customization into the admin layer. It is equivalent to:

svccfg apply [file | directory]

Incorrect:

not B: Manifests are processed in two different phases during boot.

The service svc:/system/early-manifest-import:default, a pseudo service, is responsible for the first manifest processing. This service processes only manifests from the /lib/svc/manifest directory tree before svc.startd(1M) initializes any services thus enabling services delivered in /lib/svc/manifest to always start with their most updated definition. Since this is a pseudo service, svcadm(1M) commands are ignored though svcs(1) can be used to observe status and get log file information.

The svc:/system/manifest-import:default service handles the second manifest processing and imports manifest files from both /lib/svc/manifest and /var/ svc/manifest directory trees, in that respective order.

QUESTION 29 What is the purpose of the Service Management Facility (SMF) profiles?

A. an XML file that describes current services and the instances

B. allows the customization of services and instances

C. stores configuration information about each service instance

D. used to start and stop processes or services

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

Profiles are, in many ways, similar to manifests in that they use the same XML DTD. However, instead of providing information about a service, its dependencies, and methods, a profile is used to provide customization of a service or an instance of a service. Customizations include whether an instance of a service should be enabled or disabled and any modifications to service configuration properties.

Incorrect:

Not A: Manifests (not profiles) are used to describe services and instances of a service, including any property groups and properties they might have.

QUESTION 30 Identify two acceptable values for a <dependent> element in a service manifest.

A. require_all

B. optional_all

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

C.

optional_any

D. restart_on

E. none

Correct Answer: AB Section: (none) Explanation

E. none Correct Answer: AB Section: (none) Explanation Explanation/Reference: Explanation: Service Dependency. This

Explanation/Reference:

Explanation:

Service Dependency. This element identifies a group of FMRIs upon which the service is in some sense dependent.

ATTRIBUTE: Grouping:

Possible values:

'require_all',

'require_any',

'exclude_all',

`optional_all'

Note:

* Example 1:

<dependency name='network' grouping='require_all' restart_on='none' type='service'> <service_fmri value='svc:/milestone/network:default' /> </dependency>

* In this example, let's choose the svc:/system/zones:default service instance. We can use the -l option and the service name to get more information, as shown in Listing 3.

# svcs -l svc:/system/zones:default fmri svc:/system/zones:default name Zones autoboot and graceful shutdown enabled true state online next_state none state_time June 14, 2012 08:30:31 PM NZST logfile /var/svc/log/system-zones:default.log restarter svc:/system/svc/restarter:default manifest /etc/svc/profile/generic.xml manifest /lib/svc/manifest/system/zones.xml manifest /lib/svc/manifest/system/zonestat.xml

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

dependency require_all/none svc:/milestone/multi-user-server (online) dependency optional_all/none

dependency require_all/none svc:/milestone/multi-user-server (online) dependency optional_all/none svc:/system/pools:default (disabled) dependency optional_all/none svc:/system/pools/dynamic:default (disabled) dependency optional_all/none svc:/system/zones-monitoring (online)

QUESTION 31 You are creating a new SMF service named newservice. You perform the following steps:

What is the next step that you must perform to install this service?

A. Enable the service

B. Export the service

C. Import the service.

D. Create a snapshot of the service to be stored in the repository.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Refer to step 3 below.

After a typical software installation, there can be a half dozen or more processes that need to be started and stopped during system startup and shutdown. In addition, these processes may depend on each other and may need to be monitored and restarted if they fail. For each process, these are the logical steps that need to be done to incorporate these as services in SMF:

1.Create a service manifest file. 2.Create a methods script file to define the start, stop, and restart methods for the service. 3.Validate and import the service manifest using svccfg(1M). 4.Enable or start the service using svcadm(1M). 5.Verify the service is running using svcs(1).

QUESTION 32 Changes were made to the application/pkg/server:default service when an administrator made modifications to add a local package repository. Which command should be used to identify the changes that were made to the application/pkg/server:default service?

A. svcs l application/pkg/server:default

B. svcs vx application/pkg/server:default

C. svccfg s application/pkg/server listprop

D. svccfg s application/pkg/server:default listcust L

E. svccfg s application/pkg/server listpg

Correct Answer: D

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Section: (none)

Explanation

Section: (none) Explanation Explanation/Reference: Explanation: Example: List all configuration changes that have been

Explanation/Reference:

Explanation:

Example:

List all configuration changes that have been made in the SMF configuration repository to the name- service/switch service:

# svccfg -s name-service/switch listcust L

QUESTION 33 Your company wants to incorporate a legacy script that runs once during the boot cycle as an SMF service. What appropriate setting for the duration attribute in the startd property group for this service?

A. transient

B. contract

C. wait

D. boot

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

Example:

The default service model is contract, but may be modified. For this example, we are going to start the service with svc.startd. As a transient service, it will be started once and not restarted by adding the following lines to the manifest:

<property_group name='startd' type='framework'> <propval name='duration' type='astring' value='transient' /> </property_group>

Note:

svc.startd provides three models of service, which are

* Transient services--These are often configuration services, which require no long-running processes to provide service. Common transient services

take care of boot-time cleanup or load configuration properties into the kernel. Transient services are also sometimes used to overcome difficulties in conforming to the method requirements for contract or wait services. This is not recommended and should be considered a stopgap measure.

* Contract services--These are the standard system daemons. They require processes which run forever once started to provide service. Death of all processes in a contract service is considered a service error, which will cause the service to restart.

* Wait services--These services run for the lifetime of the child process, and are restarted when that process exits.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

QUESTION 34 You discovered that the network/ipmp:default is not starting on boot. You listed the

QUESTION 34 You discovered that the network/ipmp:default is not starting on boot. You listed the service and discovered the name of the log file. You now want to examine the log file entry created at boot. In which two locations can you find the log file created at startup?

A. /lib/svc/volatile

B. /etc/svc/volatile

C. /var/svc/volatile

D. /var/run

E. /var/tmp

F. /var/svc/log

G. /lib/svc/log

Correct Answer: BF Section: (none) Explanation

Explanation/Reference:

QUESTION 35 You administer an Oracle Solaris 11 server with multiple zones. You want to configure it so that all nonprivileged users in the global zone see only their own process. What must you do to make the change?

A. Modify the LIMITPRIV variable in the /etc/usr/user_attr file.

B. Modify the basic privilege ser in the /etc/security/policy.conf file.

C. Configure the priv= attribute in the /etc/security/prof_attr.d/core-os file.

D. Configure privileges for the ps command in the /etc/security/exec_attrd/core-os file.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

* policy.conf policy.conf configuration file for security policy. The policy.conf file provides the security policy configuration for user-level attributes.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

* Example: Modifying Every User's Basic Privilege Set In this example, the security administrator of

* Example: Modifying Every User's Basic Privilege Set In this example, the security administrator of a large Sun Ray installation does not want regular users to view the processes of other Sun Ray users. Therefore, on every system that is configured with Trusted Extensions, the root role removes proc_info from the basic set of privileges. The PRIV_DEFAULT setting in the /etc/policy.conf file is uncommented and modified as follows:

PRIV_DEFAULT=basic,!proc_info

QUESTION 36 Laura is a user and netadm is a role on a Solaris 11 system. You want to allow Laura to generate SSH keys. Which two steps should be taken?

A. Verify that netadm includes the Network Management profile.

B. Verify that laura has permission to access the Network Management profile.

C. Verify that the Network Management profile includes the netadm role.

D. Add a line for the ssh-keygen command to the file auth_attr.d/local-entries.

E. Add a line for the ssh-keygen command to the file exec_attr.d/local-entries.

Correct Answer: AD Section: (none) Explanation

Explanation/Reference:

Explanation:

D: /etc/security/auth_attr is a local source for authorization names and descriptions. An authorization is a right assigned to users that is checked by certain privileged programs to determine whether users can execute restricted functionality.

QUESTION 37 Assume you are on a system that has a valid use account johnjay Consider the following command-line invocation:

rolemod p "Network Administrator,All,Stop" johnjay

What is the result?

A. The user will not acquire profiles allowed in /etc/secutity/policy.conf

B. There is no effect. The user acquires all profiles before the Stop profile is read.

C. The system will return an error.

D. The user gets Network Administrator profile and all profiles listed in the All macro.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Explanation:

Explanation: root@solaris:~# useradd johnjayroot@solaris:~# passwd johnjayNew Password:Re-enter new Password:passwd:

root@solaris:~# useradd johnjayroot@solaris:~# passwd johnjayNew Password:Re-enter new Password:passwd: password successfully changed for johnjayroot@solaris:~# rolemod -p "Network Administrator,All,Stop" johnjayUX: rolemod: ERROR: Users must be modified with

'usermod'.root@solaris:~#

QUESTION 38 The output of the ppriv command lists four privilege sets. Which option best describes the Inherited privilege set?

A. It is the privilege set that nonroot users may inherit.

B. It is the privilege set an effective-user process may inherit.

C. It is the privilege set only privilege-aware child processes may inherit.

D. It is the privilege set the current process inherited.

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Note:

* ppriv - inspect or modify process privilege sets and attributes

QUESTION 39 You appended a site-specific Rights Profile to the /etc/security/prof_attr file. Which file will be updated as a result of this operation?

A. /etc/security/prof_attr.d/local-entries

B. /etc/security/prof_attr.d/prof_attr

C. /etc/security/prof_attr.d/core-os

D. /etc/user_attr

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Example:

In Solaris 11 the "grant" authorization is no longer used, rather a set of authentication have been defined for that purpose. The authentication strings can be found in /etc/security/prof_attr.d/core-os file. solaris.auth.:RO::Authorizations::help=AuthorizationHeader.html solaris.auth.assign:RO::Assign any authorization::help=AuthAssign.html solaris.auth.delegate:RO::Assign owned

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

authorizations::help=AuthDelegate.html solaris.auth.manage:RO::Manage authorizations::help=AuthManage.html Note: You no

authorizations::help=AuthDelegate.html solaris.auth.manage:RO::Manage authorizations::help=AuthManage.html

Note: You no longer need to use the visual editor to add your own site specific entries to the Role Based Access Controls framework in Oracle Solaris 11. The profile command has been modified to support creation, modification and removal of Rights Profiles

QUESTION 40 You created a role. The role should be able to change the configuration of a zone. How will you assign that privilege to the role?

A. Modify the zone using the admin resource, set the user property to the role and the auths property to manage.

B. Assign to the role the zone Management Rights Profile.

C. Assign to the role the solaris.zones.* authorization.

D. Assign to the role the zone Security Rights Profile.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

The Zone Management profile grants the power to manage all of the non-global zones on the system to a user.

QUESTION 41 Yon are using the svc:/network/http:apache22 service to manage your web server. You have noticed that this service starts as the root: user and later changes to a nonprivileged user called webservd. You do not want this service to operate as the root user and any time. Which option correctly describes how you could achieve this task?

A. Modify the privileges in the service configuration.

B. Add an authorization to the webservd users' rights' profile.

C. Create a webservd role with a modified exec_attr entry.

D. Modify the PHIV_AWARE state of the service configuration.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

A service can be configured to run within a limited set of privileges, rather than as the all-powerful root user.

QUESTION 42 You created a virtual network of three zones.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

One network hosts a web server. Another hosts an application server used by the web server. The third zone host a video streaming application.

server. The third zone host a video streaming application. You already configured a flow to prioritize

You already configured a flow to prioritize the video traffic over the web server traffic. You now need to continuously monitor the flow.

Which tool must you use to gather the flow data?

A. the system activity reporter (SAR)

B. extended accounting

C. the flowstat command

D. the kstat utility

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Gathering Statistics About Network Traffic on Flows

Flow statistics help you evaluate packet traffic on any defined flows on the system. To obtain flow information, you use the flowstat command. * Display statistics about incoming and outgoing packets on all flows.

# flowstat This command provides a static display of traffic information on all configured flows.

Incorrect:

Not A: In computing, sar (System Activity Report) is a Solaris-derived system monitor command used to report on various system loads, including CPU activity, memory/paging, device load, network.

QUESTION 43 Your organization uses a fixed base configuration for all Oracle Solaris native brand zones that are created. You want to configure your server so that it will use your company template when the create command is issued. Identify the preferred way to accomplish this.

A. Change the /etc/zones/SYSblank.xml link to link to your company template and use create b.

B. Set the default_template property in the system/zones service to your company template.

C. Change the /etc/zones/SYSsolaris.xml link to link to your company template.

D. Set the zone_default_template parameter in the /etc/default/zones file.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Correct Answer: B Section: (none) Explanation

Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: create uses a default template of

Explanation/Reference:

Explanation:

create uses a default template of SYSdefault. The default template can be changed on a system-wide basis using the default_template SMF property of the svc:/system/zones:default service.

Note:

create [-F] [ -a path |-b | -t template] Create an in-memory configuration for the specified zone. Use create to begin to configure a new zone

QUESTION 44 You capped the physical memory for the testzone at 50M. Which option would temporary increase the cap to 100M?

A. rctladm z testzone zone.capped-memory=100M

B. rcapadm z testzone m 100M

C. rcapadm z testzone zone.capped-memory=100M

D. prctl testzone m 100M

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

How to Specify a Temporary Resource Cap for a Zone This procedure is use to allocate the maximum amount of memory that can be consumed by a specified zone. This value lasts only until the next reboot. To set a persistent cap, use the zonecfg command.

1. Become superuser, or assume a role that includes the Process Management profile. The System Administrator role includes the Process

Management profile.

2. Set a maximum memory value of 512 Mbytes for the zone my-zone.

# rcapadm -z testzone -m 512M

QUESTION 45 You are about to configure resource controls for a nonglobal zone. You want to first examine settings as well as the system limits for those controls. Which command fetches this information?

A. priocntl

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

B. zonecfg

C. rctladm

D. prctl

Correct Answer: B Section: (none) Explanation

D. prctl Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: zonecfg subcommand info:

Explanation/Reference:

Explanation:

zonecfg subcommand info:

info zonename | zonepath | autoboot | brand | pool | limitpriv info [resource-type [property-name=property-value]*] Display information about the current configuration. If resource-type is specified, displays only information about resources of the relevant type. If any property-name value pairs are specified, displays only information about resources meeting the given criteria. In the resource scope, any arguments are ignored, and info displays information about the resource which is currently being added or modified.

Incorrect:

Not A: priocntl- process scheduler control The priocntl() function provides for control over the scheduling of an active light weight process (LWP).

Not C: rctladm- display and/or modify global state of system resource controls. The rctladm command allows the examination and modification of active resource controls on the running system. Not D: prctl - get or set the resource controls of running processes, tasks, and projects The prctl utility allows the examination and modification of the resource controls associated with an active process, task, or project on the system. It allows access to the basic and privileged limits on the specified entity.

QUESTION 46

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Consider the following commands and output on the local server: www.vceplus.com - Website designed to

Consider the following commands and output on the local server:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

and output on the local server: www.vceplus.com - Website designed to help IT pros advance their
Also, consider the following route table entry on a remote system: 192.168.2.0 192.168.1.200 UG 1
Also, consider the following route table entry on a remote system: 192.168.2.0 192.168.1.200 UG 1

Also, consider the following route table entry on a remote system:

192.168.2.0 192.168.1.200 UG 1 1

You must configure a virtual switch to connect over net0 to the remote system. Select two commands that complete the configuration.

A. ipadm set-ifprop p forwarding=on net0

B. ipadn set-prop p forwarding=on vnic2

C. ipacim set-prop p forwarding=on ipv4

D. ipadm set-prop p routing=on net0

E. routeadm ue ipv4-forwarding

F. routeadm ue ipv4-routing

Correct Answer: AF Section: (none) Explanation

Explanation/Reference:

URL: http://www.oracle.com/technetwork/articles/servers-storage-admin/o11-118-s11-script-zones- 524499.html

QUESTION 47 You are tasked to reconfigure zone1 to use virtual interface vnic1 as its network interface. Which two steps must be included?

A. Disable IP Filter and IPsec.

B. Configure the NWAM NCP to Automatic.

C. Change the shared IP zone to an exclusive IP zone.

D. Reboot zone1 so that changes made with zonecfg take effect.

E. From the global zone, set the IP address of vnic1 and configure the default route.

Correct Answer: CD

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Section: (none)

Explanation

Explanation/Reference:

Explanation:

* How to Reconfigure a Zone to Use a VNIC

1. Become an administrator.

2. Create the VNIC.

(C) 3. Change the zone's IP type from shared to exclusive.

4.Change the zone's interface to use a VNIC.

5. Verify and commit the changes you have implemented and then exit the zone.

(D) 6. Reboot the zone.

7. Log in to the zone.

8. Configure the VNIC with a valid IP address.

to the zone. 8. Configure the VNIC with a valid IP address. * Example. Reconfiguring a

* Example. Reconfiguring a Zone Configuration to Use a VNIC In this example, zone2 already exists as a shared zone. The zone also uses the primary

interface of the system rather than a virtual link. You need to modify zone2 to use vnic2. To use vnic2, zone2's IP type must first be changed to exclusive. Note that some of the output is truncated to focus on the relevant information that relates to virtual networks.

global# dladm create-vnic -l net0 vnic2

global# zonecfg -z zone2

(C) zonecfg:zone1> set ip-type=exclusive

zonecfg:zone1> remove net physical=net0 zonecfg:zone1> add net zonecfg:zone1:net> set physical=vnic2 zonecfg:zone1:net> end zonecfg:zone1> verify zonecfg:zone1> commit zonecfg:zone1> exit

(D) global# zoneadm -z zone2 reboot

global# zlogin zone2 zone2# ipadm create-ip vnic2 zone2# ipadm create-addr -a 192.168.3.85/24 vnic2 ipadm: vnic2/v4

zone2# exit

global# vi /etc/hosts

#

1 localhost 127.0.0.1 localhost 192.168.3.70 loghost #For net0

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

192.168.3.80

zone1 #using vnic1

192.168.3.85

zone2 #using vnic2

zone1 #using vnic1 192.168.3.85 zone2 #using vnic2 QUESTION 48 You need to create a virtual network

QUESTION 48 You need to create a virtual network with two zones, one with a web server and the other with an application server that the web server calls. You decide to create a virtual switch and virtual network interface cards (VNICs) for the zones. Select the command that will create the virtual switch.

A. dladm create-etherswitch stub0

B. dladm create-vnic l net1 vnic1

C. dladm create-stub l vnic0 stub0

D. dladm create-vnic l stub0 vnic1

E. dladm create-etherstub vswitchweb1

Correct Answer: E Section: (none) Explanation

Explanation/Reference:

Explanation:

Create the etherstub. global# dladm create-etherstub etherstub

Create a VNIC over the etherstub. global# dladm create-vnic -l etherstub vnic

Note: Etherstubs / Virtual Switches The Etherstub is craeated as a dummy device to connect the various virtual NICs. User can imagine etherstub as a Virtual Switch to help visualize the virtual network as a replacement for a physical network where each physical switch is replaced by a virtual switch.

QUESTION 49 Which sequence of commands will create a virtual network interface?

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

A. Option A B. Option B C. Option C D. Option D Correct Answer: A
A. Option A B. Option B C. Option C D. Option D Correct Answer: A

A. Option A

B. Option B

C. Option C

D. Option D

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

How to Create a Virtual Network Interface This procedure shows how to create a virtual network interface card (VNIC).

1. Create a VNIC over a datalink.

# dladm create-vnic -l link vnic

link is the name of the datalink over which the VNIC is configured.

vnic is the VNIC which you can label with a customized name as well.

2.

Create a VNIC IP interface over the link.

#

ipadm create-ip vnic

3.

Configure the VNIC with a valid IP address.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

If you are assigning a static IP address, use the following syntax:

are assigning a static IP address, use the following syntax: # ipadm create-addr -T static -a

# ipadm create-addr -T static -a address addrobj

where addrobj uses the naming format interface/user-defined-string, such as e1000g0/v4globalz.

QUESTION 50 You are creating a native Oracle Solaris zone that will be called zd1. The zone must have a virtual network interface configured. You use the following command to create the zone configuration:

# zonecfg z zd1

zonecfg:zd1> create

What is the minimum specification required to complete the configuration before the exit command is issued?

A. A zonepath must be set.

B. An anet resource must be added.

C. No other configuration parameters need to be set.

D. Both an anet configuration and a zonepath must be set.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

* Example:

root@solaris:~# zonecfg -z zd1 Use 'create' to begin configuring a new zone. zonecfg:zd1> create create: Using system default template 'SYSdefault' zonecfg:zd1> exit zonepath cannot be empty. Zone zd1 failed to verify zd1: Required resource missing Configuration not saved; really quit (y/[n])? n zonecfg:zd1> verify zonepath cannot be empty. zd1: Required resource missing zonecfg:zd1> set zonepath=/zones/zd1 zonecfg:zd1> exit

Note:

* anet

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Automatic network interface. The anet resource represents the automatic creation of a network resource for

Automatic network interface. The anet resource represents the automatic creation of a network resource for an exclusive-IP zone.

QUESTION 51 Which two commands restart the pkg server daemon?

A. pkill -HUP pkg.depotd

B. svcadm restart svc:/application/pkg/server

C. pkill -USR1 pkg.depot

D. svcadm refresh svc:/application/pkg/server

E. pkg fix

Correct Answer: BC Section: (none) Explanation

Explanation/Reference:

Explanation:

Use one of the following methods to restart the depot server process:

B: Use svcadm(1M) to restart the application/pkg/server instance.

C: Send a SIGUSR1 signal to the depot server process using kill(1). This executes a "graceful restart" that leaves the process intact but reloads all configuration, package, and search data:

# kill -USR1 pid

Note:

* The pkd.depotd service is managed by SMF under the service identifier svc:/application/pkg/server.

QUESTION 52 Which three statements describe Solaris 11 boot environments (BEs)?

A. A full backup of your OS image is provided.

B. Packages can be installed and uninstalled in an inactive BE.

C. The OS can be upgraded in an active BE while the system is live without impacting production.

D. A new BE can be created from the snapshot of an existing BE.

E. A BE can become active without rebooting the system.

F. An active BE can be unmounted and upgraded without impacting production.

Correct Answer: ACD

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Section: (none)

Explanation

Explanation/Reference:

Explanation:

(none) Explanation Explanation/Reference: Explanation: The beadm utility enables you to create a new boot

The beadm utility enables you to create a new boot environment based on an existing snapshot. Note:

* You can manage the boot environments on your system either by using the beadm command or by using the Package Manager.

* A boot environment is a bootable instance of the Oracle Solaris operating system image plus any other application software packages installed into that image. System administrators can maintain multiple boot environments on their systems, and each boot environment can have different software versions installed.

QUESTION 53 Consider the following:

root@scolll-server:~# pkg publisher PUBLISHER TYPE STATUS URI solaris origin online https://pkg.oracle.com/solaris/support/

What does "origin" in the TYPE column say about the package repository?

A. It originates from oracle.com.

B. It contains all of the package metadata.

C. It supports packages for a single publisher.

D. It has been configured as the default publisher.

E. It contains only package content.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

QUESTION 54 Given the following commands and output:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Which statement summarizes this sequence of commands? A. The BE solaris in the Global zone
Which statement summarizes this sequence of commands? A. The BE solaris in the Global zone

Which statement summarizes this sequence of commands?

A. The BE solaris in the Global zone is the same BE that is listed in the third command.

B. The BE solaris-1 is activated to boot when the ozone zone is rebooted.

C. The BE solaris-1 was created when the BE solaris-2 was created.

D. The BE ozone2 is a BE of a zone with the zone name ozone2.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

Incorrect:

Not B: You cannot activate an unbootable BE in a nested BE. Not D: The zone is named ozone (not ozone2).

Note:

* beadm supports the concept of a nested BE, specifically, as it pertains to BEs for non-global zones.

* beadm list [-a | -ds] [-H] [beName]

Lists information about the existing boot environment named beName, or lists information for all boot environments if beName is not provided. The Active field indicates whether the boot environment is active now, represented by N; active on reboot, represented by R; or both, represented by NR. Unbootable BEs inside of a nested BE are represented by an exclamation point (!)

QUESTION 55 Which two statements are correct regarding IPS repositories?

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

A. Remote client access is governed by svc:/application/pkg/server.

B. Every new repository contains the solaris publisher by default.

C. One repository can replicate the contents of another.

D. The pkg.depotd process makes all local repositories remotely available.

E. A repository uses separate protocols for pkg and browser clients.

Correct Answer: AD Section: (none) Explanation

clients. Correct Answer: AD Section: (none) Explanation Explanation/Reference: Explanation: A: The pkd.depotd

Explanation/Reference:

Explanation:

A: The pkd.depotd service is managed by SMF under the service identifier svc:/application/pkg/server.

D:

* Example:

Configure pkg.depotd to provide remote access. pkg.depotd provides an HTTP interface to a pkg repo. Here we are going to make the repo server listen on port 10000, and use the repo dir we created as its default.

# svcadm disable pkg/server

# svccfg -s pkg/server setprop pkg/inst_root = /data/myrepo # svccfg -s pkg/server setprop pkg/port = 10000

# svcadm refresh pkg/server

# svcadm enable pkg/server

* pkg.depotd is the depot server for the image packaging system. It provides network access to the data contained within a package repository. Clients that do not support direct access to a repository through the file system, or for which network access is the only available or preferred method of transport, typically use the package depot.

QUESTION 56 A server has a nonglobal zone named zoneA. The following boot environments are listed in the global zone.

following boot environments are listed in the global zone. www.vceplus.com - Website designed to help IT

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Which three statements describe the current state of the system?

three statements describe the current state of the system? A. The BE1 boot environment cannot be

A. The BE1 boot environment cannot be activated from the nonglobal zone.

B. The nonglobal zone cannot be booted to solaris-1 BE at this time.

C. The solaris-1 BE cannot be activated from the nonglobal zone.

D. To boot the nonglobal zone to the solaris-1 BE, the global zone must first be booted to the solaris-1 BE.

E. The solaris-1 BE has been activated in the nonglobal zone.

F. The nonglobal zone solaris-1 BE is not bootable and must be repaired.

Correct Answer: BCF Section: (none) Explanation

Explanation/Reference:

Explanation:

C: You cannot activate an unbootable BE in a nested BE. BE solaris-1 is marked with !R. Unbootable BEs inside of a nested BE are represented by an exclamation point (!)

BF: BE solaris-1 is marked with !R. Unbootable BEs inside of a nested BE are represented by an exclamation point (!)

Incorrect:

Not A: BE1 can be activated. It is bootable (not marked with a !) Not D: Different BEs can be used in the two zones. Not E: BE solaris-1 is not marked with an N. The Active field indicates whether the boot environment is active now, represented by N

QUESTION 57 Choose two true statements regarding signed IPS packages.

A. A signature takes the form of an action statement in a manifest.

B. A package can be signed before adding it to a repository.

C. A package manifest may contain more than one signature.

D. Only one organization can apply signatures to a given package.

Correct Answer: AC Section: (none) Explanation

Explanation/Reference:

Explanation:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

A: IPS package manifests can be signed, with the signatures becoming part of the manifest.

A: IPS package manifests can be signed, with the signatures becoming part of the manifest. Signatures are represented as actions just as all other manifest content is represented as actions.

C: A manifest can have multiple independent signatures.

QUESTION 58 What does the following command change?

pkg set-publisher G `*' g http://server1.domain.com solaris

A. It updates all Solaris publishers and deletes the server1.domain.com origin.

B. It deletes all Solaris publishers and adds the server1.domain.com origin.

C. It adds server1.domain.com to the Solaris publisher list.

D. It sets the origin for the Solaris publisher to server1.domain.com.

E. It adds the server1.domain.com repository as an origin for the solaris publisher.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

QUESTION 59 The http://pkg.oracle.com/solaris/release publisher is available on this server. A new repository has been created in the /export/sllReaseRepo file system and you want to add the gzip package to this repository. Which is a valid method for adding the gzip package to the /export/sllReleaseRepo repository?

A. pkgrecv s http://pkg.oracle.com/solaris/release d /export/sllReleaseRepo gzip

B. pkgrecv s /export/sllReleaseRepo d http://pkg.oracle.com/solaris/release gzip

C. pkgrecv s pkgrecv d /export/sllReleaseRepo gzip

D. rsync aP http://pkg.oracle.com/solaris/release d /export/sllReleaseRepo gzip

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

* pkgrecv - Image Packaging System content retrieval utility

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

pkgrecv allows the user to retrieve packages from a pkg repository or package archive. pkgrecv

pkgrecv allows the user to retrieve packages from a pkg repository or package archive. pkgrecv can also optionally republish the retrieved packages to

a different package repository or archive them.

-s src_repo_uri

A URI representing the location of a pkg repository or package archive from which to receive package data.

-d path_or_uri The file system path or URI of the target to republish packages to. If -a is specified, the target is a new package archive that cannot already exist. Otherwise, the target must be a package repository that already exists. New repositories can be created using pkgrepo(1).

QUESTION 60 Consider the following:

using pkgrepo(1). QUESTION 60 Consider the following: What is true concerning this publisher's Signature

What is true concerning this publisher's Signature Policy?

A. Only packages from this publisher must have at least one valid signature.

B. All manifests from this publisher must have a cryptographic signature.

C. All newly installed packages must have at least one valid signature.

D. Signed and unsigned packages from this publisher can be installed.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

Signature Policy: verify Verify that all manifests with signatures are validly signed, but do not require all installed packages to be signed.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

This is the default value.

QUESTION 61 Which two statements regarding the pkg command are correct?

A. It requires HTTP to connect to a remote repository.

B. It uses the set-publisher subcommand to remove an origin.

C. It cannot point to both sticky and nonsticky publishers in the same repository.

D. It uses the unset-publisher subcommand to remove publishers.

E. It uses the set-publisher subcommand to remove publishers.

Correct Answer: AB Section: (none) Explanation

publishers. Correct Answer: AB Section: (none) Explanation Explanation/Reference: Explanation: A: Configure pkg.depotd

Explanation/Reference:

Explanation:

A: Configure pkg.depotd to provide remote access. pkg.depotd provides an HTTP interface to a pkg repo. Here we are going to make the repo server listen on port 10000, and use the repo dir we created as its default.

# svcadm disable pkg/server

# svccfg -s pkg/server setprop pkg/inst_root = /data/myrepo # svccfg -s pkg/server setprop pkg/port = 10000

# svcadm refresh pkg/server

# svcadm enable pkg/server

B: Set-Publisher With -G (--remove-origin), remove the URI or path from the list of origins for the given publisher. The special value * can be used to remove all origins.

Incorrect:

Not D: unset-publisher publisher Remove the configuration associated with the given publisher or publisher

Not E: set-publisher Update an existing publisher or add a package publisher. If no options affecting search order are specified, new publishers are appended to the search order and are thus searched last.

QUESTION 62 What is the signature-policy attribute's default value for the pkg client?

A. None

B. Verify

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

C.

Require

D. require-names

Correct Answer: B Section: (none) Explanation

Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: Signature Policy: verify

Explanation/Reference:

Explanation:

Signature Policy: verify Verify that all manifests with signatures are validly signed, but do not require all installed packages to be signed. This is the default value.

QUESTION 63 The following command is issued:

pkg set-publisher P publisher2

What is the impact on your system?

A. makes the specified publisher sticky

B. makes the specified publisher the highest-ranked publisher

C. displays information about the specified publisher

D. moves the specified publisher one step higher in the search order

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

Set-Publisher

With -P or --search-first, set the specified publisher first in the search order. When installing new packages, this publisher is searched first. Updates to already installed packages come from the same publisher that originally provided the package as long as that publisher remains sticky. When -P or -- search-first is used with -p, only added publishers are placed first in search order.

QUESTION 64 You added an update to the system using a support repository updates (SRU) image:

# mkdir /SRU

# mount F hsfs /var/tem/sru-name.iso /SRU

# pkgrecv s /SRU/repo d /export/IPS/repo `*'

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

You now want to clear all catalog, search and other cached information from this package

You now want to clear all catalog, search and other cached information from this package repository. Select the command that clears cached data.

A. pkg refresh

B. pkgrepo rebuild

C. pkgrepo refresh

D. pkg.depotd restart

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

pkgrepo rebuild [-p publisher

repository, and then recreates it based on the current contents of the repository.

] -s repo_uri_or_path [--no-catalog] [--no-index] Discards all catalog, search, and other cached information found in the

Incorrect:

Not A: pkg refresh [--full] [publisher

Updates the client's list of available packages and publisher metadata for each publisher specified. If no publishers are specified, the operation is

performed for all publishers.

]

QUESTION 65 Your company decides to store its software packages in one repository. The new repository will include five publishers. How can you configure your pkg clients such that each package is updated from the publisher originally used to install it?

A. Configure it such that the preferred publisher has the highest rank.

B. Configure it such that each publisher is added with the --search-first option.

C. Configure it such that the top tanked publisher is sticky.

D. Configure it such that all publishers are sticky.

E. Configure it such that the bottom-ranked publisher is sticky.

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

set-publisher --sticky With --sticky, specify that updates to packages that were installed from this publisher must also come from this publisher. This is the default behavior.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

QUESTION 66 Yon are testing the connectivity between an Oracle Solaris 11 system and a

QUESTION 66 Yon are testing the connectivity between an Oracle Solaris 11 system and a local IPS server that has the host name of mercury within the domain purple.com. The command ping mercury indicates the sever is alive.

The URI http://mercury.purple.com produces the error:

Firefox can't find the server at mercury.purple.com

Yon enter the command svcprop p config network/dns/client Which two can be verified?

A. the domain name of the local system

B. the name service switch configuration

C. the IP address of the IPS server

D. the IP address of the DNS server

E. the IP address of the local system

F. the host name of the local system

Correct Answer: AD Section: (none) Explanation

Explanation/Reference:

Explanation:

Example. Displaying Administratively Customized Properties (here only admin layer is displayed with l)

The following command uses SMF layers to display administratively customized properties.

example% svcprop -p config -l admin svc:/network/dns/client (A) config/domain astring admin my.domain.com (D) config/nameserver net_address admin 10.22.33.44 10.44.33.11

Note:

* config/nameserver refers to the Solaris DNS server. / The nameserver keyword specifies DNS servers to query using IP address. Example:

The /etc/resolv.conf file contains configuration directives for the DNS resolver. The following resolv.conf example shows two name servers and three search suffixes:

domain nj.bigcorporation.com nameserver 192.168.10.11 nameserver 192.168.20.88

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

* The svcprop utility prints values of properties in the service configuration repository. Properties are

* The svcprop utility prints values of properties in the service configuration repository. Properties are selected by -p options and the operands

QUESTION 67 You administer an Oracle Solaris 11 server. You created an IPS repository and set the pkg publisher origin. You did not configure the pkg/service service. What type of access have you provided for your now repository?

A. a file interface repository

B. a local host-only repository

C. a testing-interface repository

D. a pkg.depotd configured interface

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Note:

You might want a local IPS repository for the following reasons:

Performance and security. You do not want your client systems to go to the Internet to retrieve new software packages or update existing packages.

Replication. You want to ensure that you can perform the same installation next year that you perform today.

Custom packages. You want to include your own IPS package in the same repository with Oracle Solaris OS packages.

QUESTION 68 While examining an Oracle Solaris 11 system, you discover an unfamiliar ELF binary in the /usr/bin directory. You want to know which package installed the binary. Which pkg subcommand should you use to identify the package, based on the absolute path to the binary?

A. pkg info

B. pkg list

C. pkg search

D. pkg contents

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

QUESTION 69 Oracle has released a new version of the Solaris operating system and it

QUESTION 69 Oracle has released a new version of the Solaris operating system and it is located in a repository on SRVA and is stored in the rpool/export/sllRepo file system. The repository is accessible to SRVB through the /remoteRepo NFS mount point.

You need to add a local repository on SRVB in the /export/sllReleaseRepo file system. The repository will be an exact copy of the repository that is stored on SRVA. Currently, the only publisher on SVRB is:

is stored on SRVA. Currently, the only publisher on SVRB is: Which command must you use

Which command must you use to copy the contents of the repository from SRVA to the local file system on SRVB?

A. pkgrepo create /export/sllReleaseRepopkgrecv s /remoteRepo d /export/sllReleaseRepo

B. pkgrecv s file:///remoteRepo d file:///export/sllReleaseRepo `*'

C. pkgrecv s /remoteRepo d /export/sllReleaseRepo `*'

D. pkgrecv s /remoteRepo d file:///export/sllReleaseRepo `*'

E. rsync aP /remoteRepo /export/sllReleaseRepo

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

* pkgrepo provides the ability to create and manage pkg package repositories. Package repositories are a predefined set of directories and files that permit the storage and retrieval of package data by pkg and publication clients such as pkgsend or pkgrecv.

* Use the pkgrecv command to copy the repository.

Example:

# pkgrecv -s http://pkg.oracle.com/solaris/release/ -d /export/repoSolaris11 '*' Processing packages for publisher solaris Creating Plan Retrieving and evaluating 4288 package(s) PROCESS ITEMS GET (MB) SEND (MB) developer/build/cmake 446/4288 332.1/4589.7 1000.2/14511.8

Completed 4288/4288 4589.7/4589.7 14511.8/14511.8

QUESTION 70 Your company has set a policy that all Oracle Solaris 11 instances must have a backup boot environment created whenever software packages are

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

added, removed, or updated. The current boot environment must not be modified. The backup boot

added, removed, or updated. The current boot environment must not be modified. The backup boot environment must represent the system image before the procedure and the new boot environment must represent the image before the procedure. The image properties on your system are as follows:

The image properties on your system are as follows: You are instructed to install the top

You are instructed to install the top utility. Which two will allow the top package to be installed on the system while adhering to the company policy?

A. pkg property pkg-install=backup-bepkg install top

B. pkg set-property be-policy create-backuppkg install top

C. pkg install --be-name BE2 top

D. pkg set-property be-policy always-newpkg install top

E. pkg set-property create-backup truepkg install top

Correct Answer: CD Section: (none) Explanation

Explanation/Reference:

Explanation:

By default, a new BE is automatically created when you perform one of the following operations:

* (D) Set the be-policy image policy to always-new. Under this policy, all package operations are performed in a new BE set as active on the next boot.

* Update particular key system packages such as some drivers and other kernel components. This can happen when you install, uninstall, update, change variant, or change facet.

* Often a new BE is created when you execute the pkg update command to update all packages that have updates available.

* Specify any of the following options: --be-name, --require-new-be, --backup-be-name, --require- backup-be.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

QUESTION 71 You detected a failure of net0 in the IPMP group named ips1. The

QUESTION 71 You detected a failure of net0 in the IPMP group named ips1. The server hosting the failed NIC supports dynamic reconfiguration. Which statement is true regarding the replacement of the hardware interface?

A. The NIC must be replaced with an identical physical interface card type.

B. The NIC will be configured after replacement with the dladm command.

C. The devfsadm command will be used to discover the replacement NIC.

D. The replacement NIC must occupy the same bus slot as the original NIC .

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

When an underlying interface of an IPMP group fails, a typical solution would be to replace the failed interface by attaching a new NIC. RCM records the configuration information associated with any NIC that is detached from a running system. If you replace a failed NIC with an identical NIC, then RCM automatically configures the interface according to the persistent configurations that had been previously defined by using the ipadm command.

Incorrect:

Not A, not D: You can replace a failed NIC with a different NIC, provided that both are the same type, such as Ethernet. In this case, RCM plumbs the new interface after it is attached. If you did not use customized link names when you first configured your interfaces, then you will have to configure the new NIC before you can add the interface to the IPMP group. Not C: devfsadm, devfsadmd- administration command for /dev and /devices

Note:

* 1. On the system with the IPMP group configuration, assume the Primary Administrator role or become superuser.

2. Display the test address configuration

3. Remove the physical interface.

4. Replace the physical interface.

QUESTION 72 You want to configure your IPS repository server for high network bandwidth and network availability. Which two technologies are best suited for achieving these goals?

A. naxbw resource control

B. zpool disk aggregation

C. link load balance

D. link aggregation

E. IP multipathing

Correct Answer: DE

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Section: (none)

Explanation

Section: (none) Explanation Explanation/Reference: Explanation: DE: Link aggregations provide high availability and higher

Explanation/Reference:

Explanation:

DE: Link aggregations provide high availability and higher throughput by aggregating multiple interfaces at the MAC layer. IP Multipathing (IPMP) provides features such as higher availability at the IP layer. Both IPMP and Link Aggregation are based on the grouping of network interfaces, and some of their features overlap, such as higher availability. These technologies are however implemented at different layers of the stack, and have different strengths and weaknesses.

E: The IP network multipathing or IPMP is a facility provided by Solaris to provide fault-tolerance and load spreading for network interface cards (NICs). With IPMP, two or more NICs are dedicated for each network to which the host connects. The IPMP load spreading feature increases the machine's bandwidth by spreading the outbound load between all the cards in the same IPMP group.

QUESTION 73 You administer an Oracle Solaris 11 system that uses a user-defined Network Configuration Profile (NCP). You now need to modify the DNS name servers. Select the profile type that you will need to modify.

A. Automatic-NCP

B. Location profile

C. Network Configuration Unit

D. External Network Modifiers

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

Once basic networking has been achieved, there is something called the Location Profile that loads system-wide network configuration information. This includes:

- Condition under which it is activated

- Naming service to use

- Domain name

- IP Filter rules

- IPsec policy

Incorrect:

Not A: The Automatic NCP is a system-defined profile and cannot be modified by a user. It contains one Link NCU and one Interface NCU for each physical link on the system. For this particular profile, Physical links take precedence over Wireless links when it is time to activate an NCU. This profile changes dynamically when new links are inserted or removed from the system.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

QUESTION 74 What is true regarding an IPMP group?

A. All underlying interfaces are physical Ethernet links.

B. All interfaces connect to the same switch.

C. It does not persist across reboots.

D. Testing for failover can be done using the ipadm delete-ipmp command.

Correct Answer: C Section: (none) Explanation

command. Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: To make IPMP groups

Explanation/Reference:

Explanation:

To make IPMP groups persists across reboots you would have to do some work:

To configure an IPMP group that persists across system reboots, you would edit the hostname configuration file of the IPMP interface to add data

addresses.

Note: The same (non-null) character string IPMP group name identifies all interfaces in the group. You can place interfaces from NICs of different speeds within the same IPMP group, as long as the NICs are of the same type. For example, you can configure the interfaces of 100-megabit Ethernet NICs and the interfaces of one gigabit Ethernet NICs in the same group. As another example, suppose you have two 100-megabit Ethernet NICs. You can configure one of the interfaces down to 10 megabits and still place the two interfaces into the same IPMP group.

Incorrect:

Not A: You cannot place two interfaces of different media types into an IPMP group. For example, you cannot place an ATM interface in the same group as an Ethernet interface. Not B: An IP multipathing group, or IPMP group, consists of one or more physical interfaces on the same system that are configured with the same IPMP group name. All interfaces in the IPMP group must be connected to the same IP link.

QUESTION 75 Which statement is true regarding an aggregation?

A. Its member links must all have the same range of operating speeds.

B. It can be called out by its link name or by its integer key.

C. Its LACP mode sets the behavior to active or passive.

D. Its default L2 policy is round-robin.

Correct Answer: A Section: (none) Explanation

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Explanation/Reference:

QUESTION 76 You configured IPMP on the system:

QUESTION 76 You configured IPMP on the system: Based on this information, select the correct conclusion.
QUESTION 76 You configured IPMP on the system: Based on this information, select the correct conclusion.

Based on this information, select the correct conclusion.

A. No default route is configured.

B. in.mpathd cannot identify failed interfaces.

C. There are no active interfaces in the group.

D. There are three standby interfaces in the group.

E. The property transitive-probing is false.

Correct Answer: E Section: (none) Explanation

Explanation/Reference:

Explanation:

Disabled in the MODE column means that all probe-based failure detection is disabled.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

You must enable transitive probing to use this failure detection method that does not require

You must enable transitive probing to use this failure detection method that does not require test addresses.

Note:

* ipmpstat

- display IPMP subsystem status The ipmpstat command concisely displays information about the IPMP subsystem. The -t option identifies the probe targets that are associated with each IP interface in an IPMP group.

* Target mode displays IPMP probe target information. The following output fields are supported:

/ INTERFACE The IP interface name associated with the information.

/ MODE

The probe target discovery mode:

routes Probe targets found by means of the routing table.

multicast Probe targets found by means of multicast ICMP probes.

disabled All probe-based failure detection is disabled.

transitive Failure detection is by means of transitive probing, where the health of the IP interface is determined by probing other active interfaces in the group.

/ TESTADDR

The source address used in outgoing probes. Active interfaces that are being used for data traffic, as well as interfaces that have been explicitly configured with NOFAILOVER test addresses, will have the hostname (or IP address) that is used for sending and receiving the ICMP probes. All other interfaces in the group will display the name of the interface from which the probes are sent. Note that if an active IP interface is configured with both IPv4 and IPv6 test addresses, probe target information will be displayed separately for each test address.

/ TARGETS

A space-separated list of probe target hostnames (or IP addresses) for ICMP probes, or target interfaces for transitive probes. The IP targets will be listed in firing order, and, if no probe targets could be found, this field will be empty.

QUESTION 77 Which network component is the default target for IPMP probe-based Failure detection?

A. the default router

B. any nongateway system on the same subnet

C. any group interface with a test address

D. the first responder to the in.mpathd broadcast request

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Correct Answer: A Section: (none) Explanation

Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: How to Manually Specify Target Systems

Explanation/Reference:

Explanation:

How to Manually Specify Target Systems for Probe-Based Failure Detection 1. Add a route to a particular host to be used as a target in probe-based failure detection. $ route -p add -host destination-IP gateway-IP -static where destination-IP and gateway-IP are IPv4 addresses of the host to be used as a target. For example, you would type the following to specify the target system 192.168.10.137, which is on the same subnet as the interfaces in IPMP group itops0:

$ route -p add -host 192.168.10.137 192.168.10.137 -static This new route will be automatically configured every time the system is restarted. If you want to define only a temporary route to a target system for probe-based failure detection, then do not use the -p option.

2.Add routes to additional hosts on the network to be used as target systems.

QUESTION 78 You administer a server running a global zone with no virtual networking. Consider the following configuration:

no virtual networking. Consider the following configuration: Which is a valid IPMP configuration for this server?

Which is a valid IPMP configuration for this server?

A. net0 and net1 must be configured into an IPMP group, net2 can be configured into its own IPMP group, and net0 or net1 can be configured as a standby interface.

B. net0 and net1 must be configured into one IPMP group, net2 and net3 must be configured into a second IPMP group, and all interfaces can be configured for link detection.

C. net1 and net2 must be configured into an IPMP group, net0 can be configured into its own IPMP group, and net3 can be configured as a standby interface.

D. net0 and net2 must be configured into an IPMP group, net0 can be configured into its own IPMP group, and net3 can be configured as a standby interface.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Must be in the same network range (see * below). Different speeds are fine (see ** below).

(see * below). Different speeds are fine (see ** below). * An IP multipathing group, or

* An IP multipathing group, or IPMP group, consists of one or more physical interfaces on the same system that are configured with the same IPMP group name. All interfaces in the IPMP group must be connected to the same IP link (A, not B, not C, Not D).

** The same (non-null) character string IPMP group name identifies all interfaces in the group. You can place interfaces from NICs of different speeds within the same IPMP group, as long as the NICs are of the same type. For example, you can configure the interfaces of 100-megabit Ethernet NICs and the interfaces of one gigabit Ethernet NICs in the same group. As another example, suppose you have two 100-megabit Ethernet NICs. You can configure one of the interfaces down to 10 megabits and still place the two interfaces into the same IPMP group.

QUESTION 79 You added three interfaces to an IPMP group. You now want to review the failure detection modes. Which command most you use to determine if all interfaces in the group support link-based detection?

A. ipadm show-ifprop

B. dlstat show-link

C. dladm show-link

D. ipmpstat i

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

Link-Based Failure Detection Link-based failure detection is always enabled, provided that the interface supports this type of failure detection.

To determine whether a third-party interface supports link-based failure detection, use the ipmpstat -i command. If the output for a given interface includes an unknown status for its LINK column, then that interface does not support link-based failure detection. Refer to the manufacturer's documentation for more specific information about the device.

QUESTION 80 Your organization uses NFS to share data from Oracle Solaris servers to Oracle Solaris clients. The server currently has an NFS share configured for the rpool/export/data file system. A client is currently mounting this file system. As administrator, you add a new file system rpool/export/data/ yesterdays_data, and copy data into the new file system.

Which action is required for the client currently mounting the rpool/expor/data file system to access the new data?

A. The rpool/export/data/yesterdays_data file system must be mounted.

B. No action is required because the data is automatically made available.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

C.

The rpool/export/data file system must be remounted.

D. The nfs/client server must be restarted.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

https://docs.oracle.com/cd/E23824_01/html/821-1454/rfsadmin-56.html

QUESTION 81 What are targets for IPMP probe-based failure detection configured by?

A. responses to SNMP requests

B. specifying host routes in the routing table

C. specifying hosts in /etc/default/mpathd

D. setting the property svc:/network/ipmp/config/transitive-probing

Correct Answer: B Section: (none) Explanation

Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: How to Manually Specify

Explanation/Reference:

Explanation:

How to Manually Specify Target Systems for Probe-Based Failure Detection 1. Add a route to a particular host to be used as a target in probe-based failure detection. $ route -p add -host destination-IP gateway-IP -static where destination-IP and gateway-IP are IPv4 addresses of the host to be used as a target. For example, you would type the following to specify the target system 192.168.10.137, which is on the same subnet as the interfaces in IPMP group itops0:

$ route -p add -host 192.168.10.137 192.168.10.137 -static This new route will be automatically configured every time the system is restarted. If you want to define only a temporary route to a target system for probe-based failure detection, then do not use the -p option.

2.Add routes to additional hosts on the network to be used as target systems.

QUESTION 82 The default route for the NCP static is changed with the following command sequence:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

When does the entered route take effect? A. after the set command B. after the
When does the entered route take effect? A. after the set command B. after the

When does the entered route take effect?

A. after the set command

B. after the verify command

C. after the commit command

D. after the exit command

E. after enabling the location user (command not shown)

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

* The netcfg command manipulates system network configuration profiles. The netcfg command can be invoked interactively, with an individual subcommand, or by specifying a command file that contains a series of subcommands.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

* subcommand: netcfg commit Commits the current profile specification to persistent storage. A configuration must

* subcommand: netcfg commit

Commits the current profile specification to persistent storage. A configuration must be correct to be committed. Therefore, this operation automatically performs a verify operation on the profile or object as well. The commit operation is attempted automatically upon exiting the current scope by using either the end or exit subcommand.

Note:

* from the netadm list output we see the line ncp Automatic disabled

* Oracle Solaris 11 uses profile-based network configuration, which is comprised of two network configuration modes: manual (fixed) and automatic

(reactive). Depending on which network configuration mode you choose during an installation, either the DefaultFixed network configuration profile (NCP) or the Automatic NCP is activated on the system. If the DefaultFixed NCP is active, the network is manually configured by using the dladm and ipadm commands . If the Automatic NCP or a user-defined NCP that you previously created is active, the netcfg and netadm commands (formerly nwamcfg and nwamadm) are used to create and manage network configuration.

QUESTION 83 How do you add a test address to an IPMP group?

A. Use ipadm create-addr to add the address to a member interface.

B. Use ipadm create-addr to add the address to the IPMP interface.

C. Use ipadm create-ip to add an address to a member interface.

D. Use ipadm create-ip to add an address to the IPMP interface.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

QUESTION 84 Which two statements correct regarding Link Aggregations?

A. The MAC address of the first configured link is used for all links.

B. A link with an existing IP interface cannot be added to an aggregation.

C. The switch must support the Link Aggregation Control Protocol (LACP).

D. Links of differing bit rates can be aggregated, but performance gains may not be realized.

E. The f option of dladm allows aggregating devices that do not support link state notification.

Correct Answer: BC

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Section: (none)

Explanation

Explanation/Reference:

An interface that has been created cannot become a member of an aggregation.

QUESTION 85 Which ipmpstat mode reports each link's status in an IPMP group?

A. address

B. group

C. interface

D. probe

E. target

Correct Answer: C Section: (none) Explanation

E. target Correct Answer: C Section: (none) Explanation Explanation/Reference: Explanation: Interface mode displays

Explanation/Reference:

Explanation:

Interface mode displays the state of all IP interfaces (IP links) that are tracked by in.mpathd on the system.

Incorrect:

Not A: Address mode displays the state of all IPMP data addresses on the system. Not B: Group mode displays the state of all IPMP groups on the system. Not D: Probe mode displays information about the probes being sent by in.mpathd. Not E: Target mode displays IPMP probe target information.

QUESTION 86 You are about to configure an AI server and you need to determine if NWAM is configured, if the system has a manually configured IP interface. Which command gives you this information?

A. nscfg list

B. netadm list

C. netcfg list

D. svcs network/physical

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

QUESTION 87 You must configure a ZFS file system on an Oracle Solaris 11 server

QUESTION 87 You must configure a ZFS file system on an Oracle Solaris 11 server to share it over NFS. (rpool/export/share/data mounted on /export/share/data)

The file system must be configured for read-only access and must assign anonymous users a UID of 0. The file system must allow read and write access for local users.

Assuming all ZFS properties except mountpoint are at their default settings, which option supports these requirements?

default settings, which option supports these requirements? A. Option A B. Option B C. Option C

A. Option A

B. Option B

C. Option C

D. Option D

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

Create the NFS share.

# zfs set share=name=fs1,path=/fs1, prot=nfs tank/fs1 Set the sharenfs property to on.

# zfs set sharenfs=on tank/fs1

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Incorrect: Not A, Not C: The share is not published until the sharenfs or sharesmb

Incorrect:

Not A, Not C: The share is not published until the sharenfs or sharesmb property is set to on. For example:

# zfs set sharenfs=on rpool/fs1

# cat /etc/dfs/sharetab

/rpool/fs1 fs1 nfs sec=sys,rw

Not B: First create the share, then set the sharenfs to on.

Note:

When you create a NFS share of a ZFS file system, you must provide the following share components:

share=name Identify a name for your share. Maximum share name is 80 characters.

path=pathname Identify a path for your NFS share that must exist within the file system or directory to be shared.

prot=nfs or smb Identify the protocol as NFS or SMB.

pool/filesystem Identifies the ZFS file system to be shared.

Additional share options include:

rw= or ro= Identifies whether the share is available as read/write or read-only to all clients. You can also specify a colon-separated list that includes hostnames, IP addresses, or a netgroup.

QUESTION 88 You want to configure an anonymous IPMP group. Which method lets you enable this behavior?

A. Set the config/transitive-probing property to true in the svc:/network/imp:default service.

B. Use the ipadm set-ifprop command to set the anonymous property to true for the IPMP interface.

C. Edit the /etc/default./mpathd file and set TRACK_INTERFACES_ONLY_WITH GROUPS=no.

D. Set the config/anonymous property to true in the svc:/network/ipmp:default service.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Explanation:

* /etc/default/mpathd

Contains default values used by the in.mpathd daemon.

Contains default values used by the in.mpathd daemon. * By default, in.mpathd limits failure and repair

* By default, in.mpathd limits failure and repair detection to IP interfaces that are configured as part of a named IPMP group. Setting

TRACK_INTERFACES_ONLY_WITH_GROUPS to no enables failure and repair detection on all IP interfaces, even if they are not part of a named IPMP group. IP interfaces that are tracked but not part of a named IPMP group are considered to be part of the "anonymous" IPMP group. In addition to having no name, this IPMP group is special in that its IP interfaces are not equivalent and thus cannot take over for one another in the event of an IP interface failure. That is, the anonymous IPMP group can only be used for failure and repair detection, and provides no high-availability or load- spreading

QUESTION 89 Which two conditions must exist in order to add a new link to an aggregation?

A. The new link appears in the output of dladm show-phys.

B. The new link may already support an active interface.

C. The LACP policy must be set to L4.

D. The link may currently be in any state.

E. The new link has the same MAC address as the existing links.

Correct Answer: AD Section: (none) Explanation

Explanation/Reference:

Explanation:

A:

Note:

Use dladm show-phys to obtain information about the system's datalinks in relation to the physical NICs with which they are associated. Used without any options, the command displays information similar to the following:

# dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE net0 Ethernet up 100Mb full e1000g0 net1 Ethernet down 0Mb -- nge0 net2 Ethernet up 100Mb full bge0 net3 Infiniband -- 0Mb -- ibd0

* Your link aggregation configuration is bound by the following requirements:

/You must use the dladm command to configure aggregations. / (not B) An interface that has been created cannot become a member of an aggregation. /All interfaces in the aggregation must run at the same speed and in full-duplex mode. / (not E) You must set the value for MAC addresses

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

to "true" in the EEPROM parameter local-mac- address? For instructions, refer to How to Ensure

to "true" in the EEPROM parameter local-mac- address? For instructions, refer to How to Ensure That the MAC Address of an Interface Is Unique.

QUESTION 90 Examine the following command:

ipadm create-addr -T static -a 192.168.1.112/26 net0/v6

Which two statements are true?

A. The interface is plumbed.

B. The interface is marked down.

C. The netmask value is ffffffc0.

D. The link local IPv6 address fe80::112 is created.

E. Multicast datagrams are not enabled on this interface.

Correct Answer: AC Section: (none) Explanation

Explanation/Reference:

QUESTION 91 You added an interface to the IPMP group ipmp0 with the following commands:

# ipadm create-ip net4

# ipadm add-ipmp i net4 ipmp0

Which statement regarding the newly added interface is correct?

A. Link state failure detection will not occur.

B. Probe-based failure detection will not occur.

C. Without a data IP address, it cannot become active.

D. These changes will be lost when the system is booted.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

QUESTION 92 Examine the following information:

QUESTION 92 Examine the following information: Which statement describes the user auuser audit mask? A. All
QUESTION 92 Examine the following information: Which statement describes the user auuser audit mask? A. All

Which statement describes the user auuser audit mask?

A. All failed and successful lo events, all failed and successful am events will be logged, no ss events will be logged.

B. All failed and successful lo events, all failed and successful am events and successful ss events will be logged.

C. All failed and successful lo events, all failed and successful am events and failed ss events will be logged.

D. All failed and successful lo events and all failed and successful ss events will be logged.

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Note:

* The Trusted Solaris environment provides audit classes including:

ss - Change system state no - Invalid class lo - Login or logout

* always-audit

Lists the audit classes that are audited for this user. Modifications to the system-wide classes are prefixed by a caret (^). Classes that are added to the

system-wide classes are not prefixed by a caret.

never-audit Lists the audit classes that are never audited for the user, even if these audit events are audited system- wide. Modifications to the system-wide classes are prefixed by a caret (^).

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

* Process preselection mask A combination of the system-wide audit mask and the user-specific audit

* Process preselection mask A combination of the system-wide audit mask and the user-specific audit mask, if a user audit mask has been specified. When a user logs in, the login process combines the preselected classes to establish the process preselection mask for the user's processes. The process preselection mask specifies whether events in each audit class are to generate audit records.

The following algorithm describes how the system obtains the user's process preselection mask:

(system-wide default flags + always-audit-classes) - never-audit-classes

* getent user_attr

getent

- get entries from administrative database

getent gets a list of entries from the administrative database specified by database. The information generally comes from one or more of the sources that are specified for the database in /etc/nsswitch.conf.

QUESTION 93 You are the primary administrator for a set of Oracle Solaris 11 servers. You noticed some changes to configuration files. You are concerned that someone may have unauthorized access or that an authorized user may be abusing the access privilege. You decide to track a set of security events across multiple servers. How will you configure the systems for this?

A. Configure a centralized system-logging server and direct all servers to use it.

B. Use audit-config to add the servers' host names to the audit_remote plug in.

C. Add centralized NFS file systems to the /etc/security/audit_control file on each server.

D. Modify the /etc/security/audit_startup file and add audit_remote logging on each server.

Correct Answer: B Section: (none) Explanation

Explanation/Reference:

Explanation:

audit_remote

- send Solaris audit logs to a remote server

The audit_remote plugin module for Solaris audit, /usr/lib/security/audit_remote.so, sends binary audit records (audit.log) to audit servers as they are configured with auditconfig.

The audit_remote plugin is loaded by auditd if the plugin is configured as an active via auditconfig. Use the auditconfig -setplugin option to change all the plugin related configuration parameters.

Incorrect:

not D: Audit policy determines the characteristics of the audit records for the local host. When auditing is enabled, the contents of the /etc/security/ audit_startup file determine the audit policy.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

QUESTION 94 By default, which directory does the audit_binfile plug-in write log files in, and

QUESTION 94 By default, which directory does the audit_binfile plug-in write log files in, and what is the maximum size of each log file?

A. /var/adm/audit, 100 MB

B. /var/audit, 100 MB

C. /var/adm, no limit

D. /var/audit, no limit

E. /var/adm/audit, 16 EB

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

* The following directives cause audit_binfile.so to be loaded, specify the directories for writing audit logs, and specify the percentage of required free space per directory.

auditconfig -setplugin audit_binfile active \ "p_dir=/var/audit/jedgar/eggplant,/var/audit/jedgar.aux/eggplant, /var/audit/global/eggplant;p_minfree=20;p_fsize=4.5GB"

* The attributes specifying the configuration of audit_binfile plugin include:

p_dir

dir1[,dir2],

[,dirn]

A list of directories, where the audit files will be created. Any valid writable directory can be specified.

p_fsize The p_fsize attribute defines the maximum size that an audit file can become before it is automatically closed and a new audit file is opened. This is equivalent to an administrator issuing an audit -ncommand when the audit file size equals the value specified by the administrator. The default size is zero (0), which allows the file to grow without bound.

QUESTION 95 You are the primary administrator for a set of Oracle Solaris 11 servers. You noticed some changes to configuration files. Yon are concerned that someone may have unauthorized access and that an authorized user may be abusing the access privilege. You want to track users of these systems to determine what tasks each user performs. Select the best way to gather this information.

A. Solaris auditing

B. the system/event service

C. the system-logging service

D. Basic Audit Reporting Tool

E. System Extended Accounting

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Correct Answer: A Section: (none) Explanation

Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: Solaris auditing keeps a record of how

Explanation/Reference:

Explanation:

Solaris auditing keeps a record of how the system is being used. The audit service includes tools to assist with the analysis of the auditing data.

Incorrect:

not C: Basic Audit Reporting Tool BART is a file tracking tool that operates entirely at the file system level. Using BART gives you the ability to quickly, easily, and reliably gather information about the components of the software stack that is installed on deployed systems. Using BART can greatly reduce the costs of administering a network of systems by simplifying time-consuming administrative tasks.

Note:

* The audit service makes the following possible:

Monitoring security-relevant events that take place on the host Recording the events in a network-wide audit trail Detecting misuse or unauthorized activity Reviewing patterns of access and the access histories of individuals and objects Discovering attempts to bypass the protection mechanisms Discovering extended use of privilege that occurs when a user changes identity

* Auditing is the collecting of data about the use of system resources. The audit data provides a record of security-related system events. This data can then be used to assign responsibility for actions that take place on a host. Successful auditing starts with two security features: identification and authentication. At each login, after a user supplies a user name and password, a unique audit session ID is generated and associated with the user's process. The audit session ID is inherited by every process that is started during the login session. Even if a user changes identity within a single session, all user actions are tracked with the same audit session ID.

QUESTION 96 A contractor has been hired by you company to do some application-specific tuning. You are the administrator of the server that the contractor will be working on. You decide to enable Oracle Solaris Auditing. How will auditing help prevent misuse of the server?

A. prevents attempts to bypass the protection mechanisms

B. stops unauthorized activity

C. acts as a deterrent

D. prevents misuse

Correct Answer: C Section: (none) Explanation

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Explanation/Reference:

Explanation:

The audit service makes the following possible:

Explanation: The audit service makes the following possible: Monitoring security-relevant events that take place on the

Monitoring security-relevant events that take place on the host Recording the events in a network-wide audit trail Detecting misuse or unauthorized activity Reviewing patterns of access and the access histories of individuals and objects Discovering attempts to bypass the protection mechanisms Discovering extended use of privilege that occurs when a user changes identity

Incorrect:

Not A: auditing does not prevent attempts to bypass the protection mechanisms, it just discovers them.

QUESTION 97 Which two statements are true regarding the audit_remote plugin and the audit service?

A. audit_remote is not loaded by default.

B. The standard service port defined by IANA is 16162.

C. Audit records are sent to all configured remote hosts.

D. The required GSS_API mechanism is kerberos_v5.

E. The maximum number of audit records queued before sending is 100.

Correct Answer: AB Section: (none) Explanation

Explanation/Reference:

Explanation:

A: The audit_remote plugin is loaded by auditd if the plugin is configured as an active via auditconfig. Use the auditconfig -setplugin option to change all the plugin related configuration parameters

B: The solaris-audit service port assigned by IANA is 16162.

Incorrect:

Not D: audit_remote authenticates itself to the remote audit service by way of GSS-API (libgss(3LIB)). Default gss credentials are used as provided by the gss implementation mechanism, such as Kerberos.

Note: audit_remote - send Solaris audit logs to a remote server

QUESTION 98 Which three options will take precedence over one-another in a local zone that uses the Fair Share Scheduler?

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

A. the global resource control zone.cpu-shares

B. the global default scheduling class

C. the local zone attribute scheduling-class

D. the local zone attribute cpu-shares

E. the scheduling class of the pool assigned to a zone

Correct Answer: CDE Section: (none) Explanation

to a zone Correct Answer: CDE Section: (none) Explanation Explanation/Reference: Explanation: C: You can use the

Explanation/Reference:

Explanation:

C: You can use the scheduling-class property in zonecfg to set the scheduling class for the zone. D: When you explicitly set the cpu-shares property, the fair share scheduler (FSS) will be used as the scheduling class for that zone. However, the preferred way to use FSS in this case is to set FSS to be the system default scheduling class with the dispadmin command. That way, all zones will benefit from getting a fair share of the system CPU resources. If cpu-shares is not set for a zone, the zone will use the system default scheduling class. E: You can set the scheduling class for a zone through the resource pools facility. If the zone is associated with a pool that has its pool.scheduler property set to a valid scheduling class, then processes running in the zone run in that scheduling class by default.

QUESTION 99 Which scheduling class cannot be assigned to a zone?

A. RT

B. FX

C. TS

D. SYS

E. FSS

Correct Answer: D Section: (none) Explanation

Explanation/Reference:

Explanation:

Scheduling classes provide different CPU access characteristics to threads that are based on algorithmic logic. The scheduling classes include:

Realtime scheduling class (RT) (not a) Interactive scheduling class (IA) Fixed priority scheduling class (FX) (not b) Timesharing scheduling class (TS) (not c) Fair share scheduling class (FSS) (not E)

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

QUESTION 100 Can you change the scheduling class of a zone's processes to FSS without rebooting?

A. No. Set the zone's scheduling-class attribute to FSS and reboot.

B. No. Run dispadmin d FSS inside the zone, then reboot.

C. No. Run dispadmin d FSS in the global zone, then reboot the nonglobal zone.

D. Yes. Run dispadmin d FSS inside the zone.

E. Yes. Run priocntl s c FSS i all inside the zone.

Correct Answer: E Section: (none) Explanation

Explanation/Reference:

Explanation:

* Syntax:

priocntl -s [-c class] [class-specific options]

[-i idtype] [idlist]

-s [-c class] [class-specific options] [-i idtype] [idlist] * The priocntl command displays or sets scheduling

* The priocntl command displays or sets scheduling parameters of the specified process(es). It can also be used to display the current configuration information for the system's process scheduler or execute a command with specified scheduling parameters.

Processes fall into distinct classes with a separate scheduling policy applied to each class. The process classes currently supported are the real-time class, time-sharing class, interactive class, fair-share class, and the fixed priority class.

* priocntl options include:

-c class Specifies the class to be set. (The valid class arguments are RT for real-time, TS for time-sharing, IA for inter-active, FSS for fair-share, or FX for fixed- priority.) If the specified class is not already configured, it is automatically configured.

-s Sets the scheduling parameters associated with a set of processes.

QUESTION 101 Which command reports the scheduling class a process falls under?

A. ps

B. priocnt1

C. dispadmin

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

D.

rctladm

E. prstat

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

A Section: (none) Explanation Explanation/Reference: QUESTION 102 You have a server that has two zones

QUESTION 102 You have a server that has two zones configured. These zones use the pool named pool_zones. Examine the following configuration information:

pool_zones. Examine the following configuration information: The system has four CPUs. Assume that both zones are

The system has four CPUs. Assume that both zones are under heavy load. Examine the following partial output:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Which option describes the values you would expect to see for the CPU field for

Which option describes the values you would expect to see for the CPU field for the zones?

A. approximately 40% for z1 and approximately 60% for z2

B. approximately 60% for z1 and approximately 40% for z2

C. approximately 20% for z1 and approximately 30% for z2

D. approximately 30% for z1 and approximately 20% for z2

E. approximately 25% for z1 and approximately 25% for z2

Correct Answer: A Section: (none) Explanation

25% for z2 Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: From the poolcfg c info

Explanation/Reference:

Explanation:

From the poolcfg c info command output we see that FSS (Fair Share Scheduler) is used. From the prctl command output we see that zone z1 has been configured with a zone.cpu-shares value of 40.

* The pool_default has a value of 100 CPU shares.

* prstat

- report active process statistics

Option Z -Z Report information about processes and zones. In this mode, prstat displays separate reports about processes and zones at the same time.

QUESTION 103 Consider the following command:

dispadmin -c IA -g -r 1000000

Which statement correctly describes the result?

A. The quantum will be reported in milliseconds.

B. The quantum will be output every 1000000 milliseconds.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

C.

The quantum will be reported in microseconds.

D. The quantum will be output every 1000000 microseconds.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

QUESTION 104 Identify three ways in which the Fair Share Scheduler can be assigned.

A. poolcfg

B. dispadmin

C. zonecfg set pool=<value>

D. zonecfg set cpu-shares=<value>

E. by creating a project and attaching a process to that project

Correct Answer: ABD Section: (none) Explanation

project Correct Answer: ABD Section: (none) Explanation Explanation/Reference: Explanation: A: Resource Allocation:

Explanation/Reference:

Explanation:

A: Resource Allocation: Zones, Pools and FSS Example:

Then create a pool for your zone (in this example, we'll use the zones named 'habitue,' 'creator,' 'netid,' and 'linguo'): pooladm -x pooladm -s poolcfg -c 'create pool habitue-pool ( string pool.scheduler = "FSS" )' poolcfg -c 'create pool creator-pool ( string pool.scheduler = "FSS" )' poolcfg -c 'create pool linguo-pool ( string pool.scheduler = "FSS" )' poolcfg -c 'create pool netid-pool ( string pool.scheduler = "FSS" )' pooladm -c

B: Set the default scheduler for the system to be the FSS. # dispadmin -d FSS

D: Example:

global# zonecfg -z global zonecfg:myzone> set cpu-shares=100 zonecfg:myzone> set scheduling-class=FSS zonecfg:myzone> exit

QUESTION 105

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Which scheduling class distributes CPU resources among its processes based on assigned importance? A. Fair

Which scheduling class distributes CPU resources among its processes based on assigned importance?

A. Fair Share Scheduler (FSS)

B. Real-Time (RT)

C. Fixed-priority (FX)

D. Timesharing (TS)

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

The FX scheduler provides a scheduling policy for processes that require user or application control of scheduling priorities. The priorities of processes that run under FX are fixed.

The FX class provides a fixed-priority preemptive scheduling policy. This policy is used by processes that require user or application control of scheduling priorities but are not dynamically adjusted by the system. By default, the FX class has the same priority range as the TS, IA, and FSS classes. The FX class allows user or application control of scheduling priorities through user priority values assigned to processes within the class. These user priority values determine the scheduling priority of a fixed- priority process relative to other processes within its class.

Incorrect:

Not A: The fair share scheduling class enables you to allocate CPU time based on shares instead of the priority scheme of the timesharing (TS) scheduling class. Not D: The goal of the time-sharing policy is to provide good response time to interactive processes and good throughput to CPU- bound processes. The scheduler switches CPU allocation often enough to provide good response time, but not so often that the system spends too much time on switching. Time slices are typically a few hundred milliseconds.

The time-sharing policy changes priorities dynamically and assigns time slices of different lengths.

QUESTION 106 You configured the Fail Share Scheduler on a server, and you defined CPU shares for two nonglobal zones. You now need to apply shares to the global zone. The configuration needs to be persistent across a reboot operation. Which utility will you use?

A. prctl

B. priocntl

C. zonecfg

D. dispadmin

Correct Answer: D Section: (none) Explanation

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Explanation/Reference:

Explanation:

* Set the default scheduler for the system to be the FSS.

# dispadmin -d FSS

scheduler for the system to be the FSS. # dispadmin -d FSS * Scheduling Class on

* Scheduling Class on a System with Zones Installed

Non-global zones use the default scheduling class for the system. If the system is updated with a new default scheduling class setting, non-global zones obtain the new setting when booted or rebooted. The preferred way to use FSS in this case is to set FSS to be the system default scheduling class with the dispadmin command.

QUESTION 107 Which utility/service must you use to set processes with FSS by default?

A. priocntl

B. svc:/system/scheduler:default

C. dispadmin

D. projmod

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Set the default scheduler for the system to be the FSS.

# dispadmin -d FSS

QUESTION 108 You administer a system with three nonglobal zones. All three-zones (z1, z2, and z3) use a common resource pool. The pool is a fixed, two-CPU configuration. The default scheduler is FSS.

Zones z1 and z2 run applications that, over time, consume all available CPU resources. You have allotted 20 shares each to these zones. Zone z3 runs a mission-critical application, so you allotted it 60 shares.

Because of application maintenance, zone z3 is currently using about 10% of the CPU resources in the shared pool. Which option describes the demand when available CPU resources are consumed by zones z1 and z2?

A. Zones z1 and z2 will consume CPU resources until each zone consumes approximately 20% of the CPU resources, and only then they will be constrained.

B. Zones z1 and z2 will consume CPU resources until each zone consumes approximately 60% of the CPU resources, and only then they will be constrained.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

C.

Zones z1 and z2 will consume CPU resources until each zone consumes approximately 90% of the CPU resources, and only then they will be constrained.

the CPU resources, and only then they will be constrained. D. Zones z1 and z2 will

D. Zones z1 and z2 will consume CPU resources until each zone consumes all the resources that they require, up to 100%.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

QUESTION 109 A recursive snapshot was taken of the root pool and the snapshot streams are stored on a remote system. The boot disk has failed, has been replaced, and the root pool snapshots have been restored. Which two steps are still required to make the system bootable?

A. Re-create the swap and dump devices.

B. Install the boot blocks on the new disk.

C. Restore the snapshot stream.

D. Set the bootfs property on the root pool.

E. Perform a ZFS rollback to restore the file systems in the root pool.

Correct Answer: BD Section: (none) Explanation

Explanation/Reference:

Explanation:

See steps 7 and 8 below.

How to Re-create a ZFS Root Pool and Restore Root Pool Snapshots

1. Boot from an installation DVD or the network.

2. Mount the remote snapshot file system if you have sent the root pool snapshots as a file to the remote system.

3. If the root pool disk is replaced and does not contain a disk label that is usable by ZFS, you must relabel the disk.

4. Re-create the root pool.

5. Restore the root pool snapshots.

6. Verify that the root pool datasets are restored.

7. Set the bootfs property on the root pool BE.

8. Install the boot blocks on the new disk.

9. Reboot the system.

QUESTION 110 Review the following output from the zpool status command:

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Which three are true for pool1? A. It this mirror is split, the new pool
Which three are true for pool1? A. It this mirror is split, the new pool

Which three are true for pool1?

A. It this mirror is split, the new pool will contain disks c3t5d0 and c3t6d0.

B. If this mirror is split, by default the new pool will contain disks c3t3d0 and c3t5d0.

C. Data is striped across mirror-0 and mirror-1.

D. mirror-1 is a mirrored copy of data that is stored on mirror-0.

E. Disk c3t3d0 is a mirrored copy of disk c3t4d0.

F. If this mirror is split, pool1 will no longer be mirrored.

Correct Answer: BCE Section: (none) Explanation

Explanation/Reference:

Explanation:

* Simulation:

* Creating a New Pool By Splitting a Mirrored ZFS Storage Pool A mirrored ZFS storage pool can be quickly cloned as a backup pool by using the zpool

split command. Currently, this feature cannot be used to split a mirrored root pool. You can use the zpool split command to detach disks from a mirrored ZFS storage pool to create a new pool with one of the detached disks. The new pool will have identical contents to the original mirrored ZFS storage pool. By default, a zpool split operation on a mirrored pool detaches the last disk for the newly created pool. After the split operation, import the new pool. For example::

# zpool status tank pool: tank state: ONLINE

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

scrub: none requested config:

NAME STATE READ WRITE CKSUM tank ONLINE 0 0 0 mirror-0 ONLINE 0 0 0 c1t0d0 ONLINE 0 0 0 c1t2d0 ONLINE 0 0 0

errors: No known data errors

# zpool split tank tank2

# zpool import tank2

# zpool status tank tank2 pool: tank state: ONLINE scrub: none requested config:

NAME STATE READ WRITE CKSUM tank ONLINE 0 0 0 c1t0d0 ONLINE 0 0 0

errors: No known data errors

pool: tank2 state: ONLINE scrub: none requested config:

NAME STATE READ WRITE CKSUM tank2 ONLINE 0 0 0 c1t2d0 ONLINE 0 0 0 errors: No known data errors

QUESTION 111 The zfs holds command displays the following information:

The zfs holds command displays the following information: Which two statements are true? www.vceplus.com - Website

Which two statements are true?

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Which two statements are true? www.vceplus.com - Website designed to help IT pros advance their careers
A. Use zfs destroy d pool12/data@nov to destroy the snapshot immediately. B. Attempts to destroy

A. Use zfs destroy d pool12/data@nov to destroy the snapshot immediately.

B. Attempts to destroy the snapshot using zfs destroy pool12/data@nov will fail.

C. Attempts to destroy the pool12/data@nov snapshot will not destroy the snapshot immediately.

D. The zfs directory R pool12/data command will destroy the file system immediately.

E. The defer_destroy property is set to on for the pool12/data@nov data set.

F. The userrefs property is set to 1 (or higher) for the pool12/data@nov data set.

Correct Answer: BE Section: (none) Explanation

Explanation/Reference:

Explanation:

* Use the zfs holds command to display a list of held snapshots.

* Holding a snapshot prevents it from being destroyed (B). In addition, this feature allows a snapshot with clones to be deleted pending the removal of the last clone by using the zfs destroy -d command. Each snapshot has an associated user-reference count, which is initialized to zero. This count increases by one whenever a hold is put on a snapshot and decreases by one whenever a hold is released.

Note:

* Example:

# zfs holds tank/home@now NAME TAG TIMESTAMP tank/home@now keep Thu Jul 15 11:25:39 2010

* You can use the zfs release command to release a hold on a snapshot or set of snapshots. If the snapshot is released, the snapshot can be destroyed by using the zfs destroy command.

* Two new properties identify snapshot hold information:

The defer_destroy property is on if the snapshot has been marked for deferred destruction by using the zfs destroy -d command. Otherwise, the

property is off.

The userrefs property is set to the number of holds on this snapshot, also referred to as the user- reference count.

QUESTION 112 Consider the following ZFS configuration:

QUESTION 112 Consider the following ZFS configuration: www.vceplus.com - Website designed to help IT pros advance

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

You have created snapshots of the home directories which are as follows:

snapshots of the home directories which are as follows: You have another storage pool named bpool
snapshots of the home directories which are as follows: You have another storage pool named bpool

You have another storage pool named bpool on the same system. You use the following command to store the snapshots in this pool:

# zfs send rpool/export/home@11.28.12 | zfs recv -F bpool@11.28.12

What will be created in the pool bpool as a result of this operation?

bpool@12.25.11

A. bpool/export/home/ bpool/export/home/curly

B. bpool/export/home/ bpool/export/home/curly bpool/export/home@12.25.11

C. bpool/export/home/ bpool/export/home/curly bpool@12.25.11

D. bpool/curly bpool/curly@12.25.11

E. bpool/curly

F. bpool/curly

Correct Answer: E Section: (none) Explanation

Explanation/Reference:

QUESTION 113 What is the effect of configuring privileges via the zonecfg utility?

A. It forces every /one process to run with the same privileges.

B. It restricts zone processes to the inherited set of zsched's privileges.

C. It restricts zone processes to the inherited set of zoneadmd's privileges.

D. It removes some privileges that are normally available in the zone.

E. It can add some new privileges to or exclude some default privileges from the zone.

Correct Answer: AE Section: (none)

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Explanation

Explanation/Reference:

Explanation:

Explanation Explanation/Reference: Explanation: Adding privileges must be performed the global zone administrator by using

Adding privileges must be performed the global zone administrator by using zonecfg(1M). While adding this functionality, we also added the ability to remove privileges from a zone's limit set.

QUESTION 114 You decide to create a new rights profile to include a selection of Solaris authorizations and commands. The commands in your selection will require extra privileges. Which two files will you modify to add these privileges and authorizations?

A. /etc/user_attr

B. /etc/security/auth_attr

C. /etc/security/prof_attr

D. /etc/security/exec_attr

E. /etc/security/prof_attr.d/core-os

F. /etc/security/auth_attr.d/core-os

Correct Answer: AC Section: (none) Explanation

Explanation/Reference:

Explanation:

Rights profiles The user_attr, prof_attr, and exec_attr databases are now read-only. These local files databases are assembled from fragments that are located in /etc/user_attr.d, /etc/security/prof_attr.d, and /etc/security/exec_attr.d. The fragment files are not merged into a single version of the file, but left as fragments. This change enables packages to deliver complete or partial RBAC profiles. Entries that are added to the local files repository with the useradd and profiles commands are added to the local-entries file in the fragment directory.

QUESTION 115 You have assigned rights profiles directly to the uses frank and now you want to add another profile. Which command enables you to list profiles directly assigned to frank?

A. userattr profiles frank

B. profiles p frank

C. useratter p frank

D. profiles frank

Correct Answer: B

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Section: (none)

Explanation

Explanation/Reference:

Explanation:

Example: Displaying Information About the System Administrator Rights Profile

Information About the System Administrator Rights Profile Use the profiles command to display information about a

Use the profiles command to display information about a specific rights profile. In the following example, information about the System Administrator rights profile is displayed:

$ profiles -p "System Administrator" info name=System Administrator desc=Can perform most non-security administrative tasks profiles=Install Service Management,Audit Review,Extended Accounting Flow Etc.

QUESTION 116 Within the file /etc/security/exec_attr.d/core-os, the following line is found:

Network Management:solaris:cmd:RO::/usr/sbin/dladm:euid=dladm;egid=netadm;\privs=sys_dl_config,net_raw access,proc_audit

To assume which of the following can a user using the su command execute dladm with full privileges?

A. the net_rawacess role

B. the sys_dl_config profile

C. the Network Management role

D. a role that includes the sys_dl_config profile

E. a role that includes the Network Management profile

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Note:

* (not A, not B, not D) The privs key contains a comma-separated list of privilege numbers that will be effective when the command or action is run.

* euid and uid contain a single user name or a numeric user ID. Commands designated with euid run with the effective UID indicated, which is similar to setting the setuid bit on an executable file. Commands designated with uid run with both the real and effective UIDs. Setting uid may be more appropriate than setting the euid on privileged shell scripts.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

* egid and gid contain a single group name or a numeric group ID. Commands

* egid and gid contain a single group name or a numeric group ID. Commands designated with egid run with the effective GID indicated, which is similar

to setting the setgid bit on a file. Commands designated with gid run with both the real and effective GIDs. Setting gid may be more appropriate than setting guid on privileged shell scripts.

* /etc/security/exec_attr is a local database that specifies the execution attributes associated with profiles.

/etc/security/exec_attr Locally added entries. Make sure that the shipped header remains intact.

/etc/security/exec_attr.d/*

Entries added by package installation.

QUESTION 117 You must configure your server to use IPMP with probe based failure detection enabled. Which statement is a valid constraint or feature that applies to this requirement?

A. Link-based detection is supported only on Generic Lan Driver version 2 (GLDv2)-complaint NICs.

B. GLDv2 NICs are not supported in Oracle Solaris 11.

C. GLDv3 NICs configured for link based detection by default.

D. You must first disable link based detection before configuring probe-based failure detection.

Correct Answer: C Section: (none) Explanation

Explanation/Reference:

Explanation:

Network drivers that support link-based failure detection monitor the interface's link state and notify the networking subsystem when that link state

changes.

Incorrect:

Not B: GLDv2 is a multi-threaded, clonable, loadable kernel module that provides support to device drivers for local area networks. Local area network (LAN) device drivers in the Solaris OS are STREAMS-based drivers that use the Data Link Provider Interface (DLPI) to communicate with network protocol stacks. Not D: Link-based failure detection is always enabled, provided that the interface supports this type of failure detection.

You cannot disable link-based failure detection if this method is supported by the NIC driver.

Note:

* To write a network driver for the Oracle Solaris OS, use the Solaris Generic LAN Driver (GLD) framework.

/ For new Ethernet drivers, use the GLDv3 framework.

/ To maintain older Ethernet, Token Ring, or FDDI drivers, use the GLDv2 framework.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

* To ensure continuous availability of the network to send or receive traffic, IPMP performs

* To ensure continuous availability of the network to send or receive traffic, IPMP performs failure detection on the IPMP group's underlying IP interfaces. Failed interfaces remain unusable until they are repaired. Remaining active interfaces continue to function while any existing standby interfaces are deployed as needed.

The in.mpathd daemon handles the following types of failure detection:

/ Probe-based failure detection, of two types:

No test addresses are configured (transitive probing). Test addresses are configured.

/ Link-based failure detection, if supported by the NIC driver

QUESTION 118 Your organization uses NFS to share data from Oracle Solaris servers to Oracle Solaris clients. For the nfsmapid daemon to work properly the client and server must be on the same domain. Select the location that has the highest precedence when the nfsmapid daemon searches for a domain name.

A. the nfsmapid_domain parameter in the mapid SMF service.

B. the nfsmapid_domain parameter in the /etc/default/nfs file

C. the domain name in the /etc/default/domainname file, if it exists.

D. a_nfsv4idmapdomain TXT record found by the configured domain name servers

Correct Answer: A Section: (none) Explanation

Explanation/Reference:

Explanation:

See 1 below. Precedence Rules For nfsmapid to work properly, NFS version 4 clients and servers must have the same domain. To ensure matching NFS version 4 domains, nfsmapid follows these strict precedence rules:

1. The daemon first checks the SMF repository for a value that has been assigned to the nfsmapid_domain parameter. If a value is found, the assigned

value takes precedence over any other settings. The assigned value is appended to the outbound attribute strings and is compared against inbound attribute strings.

2. If no value has been assigned to nfsmapid_domain, then the daemon checks for a domain name from a DNS TXT RR. nfsmapid relies on directives

in the /etc/resolv.conf file that are used by the set of routines in the resolver. The resolver searches through the configured DNS servers for the

_nfsv4idmapdomain TXT RR.

3. If no DNS TXT record is configured to provide a domain name, then the nfsmapid daemon uses the value specified by the domain or search directive

in the /etc/resolv.conf file, with the directive specified last taking precedence.

4. If the /etc/resolv.conf file does not exist, nfsmapid obtains the NFS version 4 domain name by following the behavior of the domainname command.

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Specifically, if the /etc/defaultdomain file exists, nfsmapid uses the contents of that file for the

Specifically, if the /etc/defaultdomain file exists, nfsmapid uses the contents of that file for the NFS version 4 domain. If the /etc/defaultdomain file does not exist, nfsmapid uses the domain name that is provided by the network's configured naming service.

QUESTION 119 Link aggregation and IP multipathing both offer some benefits for network performance and reliability. Identify two correct statements.

A. IPMP requires full duplex, point-to-point links.

B. A router is a single point of failure for link aggregation.

C. Link aggregation allows a standby interface to be automatically enabled if another interface fails.

D. Depending on load balancing algorithms, packets may not be balanced among all IPMP active interfaces.

E. Link aggregation uses additional interfaces to improve performance, without requiring additional IP address.

Correct Answer: CE Section: (none) Explanation

Explanation/Reference:

Explanation:

C: If LACP (Link Aggregation Control Protocol) cannot aggregate all the ports that are compatible (for example, the remote system might have more restrictive hardware limitations), then all the ports that cannot be actively included in the channel are put in hot standby state and are used only if one of the channeled ports fails.

E: Link aggregations provide high availability and higher throughput by aggregating multiple interfaces at the MAC layer. IP Multipathing (IPMP) provides features such as higher availability at the IP layer. Both IPMP and Link Aggregation are based on the grouping of network interfaces, and some of their features overlap, such as higher availability. These technologies are however implemented at different layers of the stack, and have different strengths and weaknesses. Incorrect:

Not A: MP is built into Oracle Solaris and does not require any special hardware. Any interface that is supported by Oracle Solaris can be used with IPMP. However, IPMP does impose the following requirements on your network configuration and topology:

/All interfaces in an IPMP group must have unique MAC addresses. / All interfaces in an IPMP group must be of the same media type. / All interfaces in an IPMP group must be on the same IP link

Not B: A switch, not a router, would be a single point of failure of link aggregation (as it works on the Mac layer and not on the IP layer.

not D: Internet Protocol Network Multipathing (IPMP) provides fault-tolerance and load balancing across multiple network interface cards. By using IPMP, you can configure one or more interfaces into an IP multipathing group. After configuring IPMP, the system automatically monitors the interfaces in the IPMP group for failure. If an interface in the group fails or is removed for maintenance, IPMP automatically migrates, or fails over, the failed interface's IP addresses

QUESTION 120

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

You are considering using IPMP and Link Aggregation. Which two statements are true about these

You are considering using IPMP and Link Aggregation. Which two statements are true about these technologies?

A. IPMP requires all interfaces to support the same bit rate.

B. Both technologies can increase outbound bandwidth.

C. Link Aggregation does not offer link failure protection.

D. Link Aggregation requires all interfaces to support the same bit rate.

E. IPMP supports load spreading across all interfaces for inbound traffic

Correct Answer: BE Section: (none) Explanation

Explanation/Reference:

Explanation:

B: Link aggregations provide high availability and higher throughput by aggregating multiple interfaces at the MAC layer. IP Multipathing (IPMP) provides features such as higher availability at the IP layer. Both IPMP and Link Aggregation are based on the grouping of network interfaces, and some of their features overlap, such as higher availability. These technologies are however implemented at different layers of the stack, and have different strengths and weaknesses.