Guide de formation plus récente de Oracle 1Z0-881 1Z0-880 1Z0-879 1Z0-878 1Z0-877 1Z0-876

Pass4Test est un site particulier à offrir les guides de formation à propos de test certificat IT. La version plus nouvelle de Q&A Oracle 1Z0-881 1Z0-880 1Z0-879 1Z0-878 1Z0-877 1Z0-876 peut répondre sûrement une grande demande des candidats. Comme tout le monde le connait, le certificat Oracle 1Z0-881 1Z0-880 1Z0-879 1Z0-878 1Z0-877 1Z0-876 est un point important pendant l'interview dans les grandes entreprises IT. Ça peut expliquer un pourquoi ce test est si populaire. En même temps, Pass4Test est connu par tout le monde. Choisir le Pass4Test, choisir le succès. Votre argent sera tout rendu si malheureusement vous ne passe pas le test Oracle 1Z0-881 1Z0-880 1Z0-879 1Z0-878 1Z0-877 1Z0-876.

Pass4Test vous permet à réussir le test Certification sans beaucoup d'argents et de temps dépensés. La Q&A Oracle 1Z0-881 1Z0-880 1Z0-879 1Z0-878 1Z0-877 1Z0-876 est recherchée par Pass4Test selon les résumés de test réel auparavant, laquelle est bien liée avec le test réel.

Code d'Examen: 1Z0-881
Nom d'Examen: Oracle (Oracle Solaris 10 Security Administrator Certified Expert Exam)
Questions et réponses: 293 Q&As

Code d'Examen: 1Z0-880
Nom d'Examen: Oracle (Oracle Solaris 10 Network Administrator Certified Expert Exam)
Questions et réponses: 317 Q&As

Code d'Examen: 1Z0-879
Nom d'Examen: Oracle (Oracle Solaris 10 System Administrator Certified Professional Upgrade Exam)
Questions et réponses: 612 Q&As

Code d'Examen: 1Z0-878
Nom d'Examen: Oracle (Oracle Solaris 10 System Administrator Certified Professional Exam, Part II)
Questions et réponses: 356 Q&As

Code d'Examen: 1Z0-877
Nom d'Examen: Oracle (Oracle Solaris 10 System Administrator Certified Professional Exam, Part I)
Questions et réponses: 302 Q&As

Code d'Examen: 1Z0-876
Nom d'Examen: Oracle (Oracle Solaris Certified Associate Exam)
Questions et réponses: 157 Q&As

Ajoutez le produit de Pass4Test au panier, vous pouvez participer le test avec une 100% confiance. Bénéficiez du succès de test Oracle 1Z0-881 1Z0-880 1Z0-879 1Z0-878 1Z0-877 1Z0-876 par une seule fois, vous n'aurez pas aucune raison à refuser.

Pass4Test est un fournisseur de formation pour une courte terme, et Pass4Test peut vous assurer le succès de test Oracle 1Z0-881 1Z0-880 1Z0-879 1Z0-878 1Z0-877 1Z0-876. Si malheureusement, vous échouez le test, votre argent sera tout rendu. Vous pouvez télécharger le démo gratuit avant de choisir Pass4Test. Au moment là, vous serez confiant sur Pass4Test.

Pass4Test vous promet de vous aider à passer le test Oracle 1Z0-881 1Z0-880 1Z0-879 1Z0-878 1Z0-877 1Z0-876, vous pouvez télécharger maintenant les Q&As partielles de test Oracle 1Z0-881 1Z0-880 1Z0-879 1Z0-878 1Z0-877 1Z0-876 en ligne. Il y a encore la mise à jour gratuite pendant un an pour vous. Si vous malheureusement rater le test, votre argent sera 100% rendu.

1Z0-877 Démo gratuit à télécharger: http://www.pass4test.fr/1Z0-877.html

NO.1 Which three FORTH Monitor commands allow you to boot a SPARC-based system? (Choose
three.)
A. ok boot net
B. ok reboot
C. ok boot net:rarp
D. ok boot -as cdrom
E. ok boot ip=192.168.1.1
Answer: A,C,D

Oracle examen   certification 1Z0-877   1Z0-877

NO.2 There is a problem on a SPARC-based system that has several permanent, customized device
aliases. The system's use of these aliases needs to be temporarily disabled, so that when the
problem is cleared, they can be enabled without having to redefine them. Which sequence of OBP
commands will temporarily disable the customized device aliases defined on the system?
A. use-nvramrc=falsereset
B. use-nvramrc?=falsereset
C. setenv use-nvramrc? Falsereset
D. setenv use-nvramrc?=falsereset
Answer: C

Oracle   1Z0-877   certification 1Z0-877

NO.3 In which two conditions is it NOT possible to perform a snapshot of a file system? (Choose
two.)
A. The file system is in use by system accounting.
B. The file system is a multi-terabyte file system.
C. The file system is used as backing store by real-time applications.
D. The backing store file is located on a different file system from the source file system.
Answer: A,C

Oracle examen   1Z0-877 examen   1Z0-877   1Z0-877

NO.4 The boot disk on your x86-based server has been corrupted and you just finished restoring the
root (/) file system to c1d0. Which describes the command(s) that you will use to install the GRUB
programs from the Solaris OS DVD?
A. /usr/sbin/installboot /usr/platform/`uname \ -i`/lib/fs/ufs/bootblk /dev/rdsk/c1d0s0
B. /usr/sbin/installboot /dev/dsk/c1d0s0 /a /sbin/installgrub /a/boot/grub/stage1
/a/boot/grub/stage2 \ /dev/rdsk/c1d0s0
C. /sbin/installgrub /boot/grub/stage1 /boot/grub/stage2 /dev/rdsk/c1d0s0
D. /usr/sbin/installboot /boot/grub/stage1 /boot/grub/stage2 \ /dev/rdsk/c1d0s0
E. /usr/sbin/mount /dev/dsk/c1d0s0 /a; /sbin/installgrub \ /a/boot/grub/stage1
/a/boot/grub/stage2 /dev/rdsk/c1d0s0
Answer: C

Oracle examen   certification 1Z0-877   1Z0-877

NO.5 Given:
# metadb -s clones -i flags first blk block count a m luo 16 8192 /dev/dsk/c4t1d0s7 r - replica does
not have device relocation information o - replica active prior to last mddb configuration change u -
replica is up to date l - locator for this replica was read successfully c - replica's location was in
/etc/lvm/mddb.cf p - replica's location was patched in kernel m - replica is master, this is replica
selected as input W - replica has device write errors a - replica is active, commits are occurring to
this replica M - replica had problem with master blocks D - replica had problem with data blocks F -
replica had format problems S - replica is too small to hold current data base R - replica had device
read errors
# metastat -ac
clones/d30 p 5.0GB c4t1d0s0 clones/d20 p 5.0GB c4t1d0s0 clones/d10 p 5.0GB c4t1d0s0
Which two represent the features of Solaris Volume Manager software configured on this system?
(Choose two.)
A. mirrored volumes
B. striped volumes
C. soft partitions
D. logical volumes
Answer: C,D

Oracle examen   1Z0-877   certification 1Z0-877   1Z0-877

NO.6 There is a requirement to create a script that backs up the /export/project file system to the
default tape drive for five consecutive nights. The file system is 2 gigabytes, and all five night's
backups fit on the tape. What command in the script achieves this?
A. ufsdump 0u export/home
B. ufsdump 0uf /dev/rmt/ 0 /export/project
C. ufsdump 0uf /export/project /dev/rmt/ 0
D. ufsdump 0uf /dev/rmt/ 0n /export/project
Answer: D

Oracle examen   1Z0-877   1Z0-877

NO.7 A full backup of the file system mounted on /export/home has been created. As root, an
interactive restore of the /export/home/usercb/.profile file with the /var/tmp directory as the
current working directory is being performed. The end of the restore asks "set owner/mode for '.'?
[yn]", and answer y is selected to set the modes accordingly. Which statement describes the effect?
A. The owner and mode of /var/tmp are set equal to the owner and mode of /export/home before
the backup (as stored on tape).
B. The owner and mode of /export/home stored on the backup tape are updated with the current
owner and mode values of /export/home.
C. The owner and mode of /export/home are set equal to the owner and mode of /export/home
before the backup (as stored on tape).
D. The owner and mode of /var/tmp/usercb are set equal to the current owner and mode of
/export/home/usercb.
Answer: A

Oracle   1Z0-877   1Z0-877   1Z0-877   1Z0-877

NO.8 You have a SPARC server with two SCSI drives. Each drive has an installation of Solaris 10 and
both drives are identical. The system currently boots from the first SCSI disk drive, but the first SCSI
drive has failed. You try to boot the system from the second SCSI disk drive, but it wonboots from
the first SCSI disk drive, but the first SCSI drive has failed. You try to boot the system from the
second SCSI disk drive, but it won? boot. What do you need to do to boot to the second SCSI drive?
A. Select the second SCSI drive during bootup; once booted to the second drive, mount and copy
the /etc/vfstab file to the boot disk.
B. Select the second SCSI drive during bootup; once booted to the second drive, mount and fix the
/etc/vfstab file on the boot disk.
C. Install a bootblock onto the second SCSI drive; select the second SCSI drive during bootup; once
booted to the second drive, mount and fix the /etc/vfstab file on the boot disk.
D. Boot from DVD to get into a single user shell; mount and fix the /etc/vfstab file on the boot drive.
Answer: D

Oracle   1Z0-877 examen   certification 1Z0-877   certification 1Z0-877

NO.9 You have been directed to install a server in a secure environment where all unnecessary
network services must be disabled, except for sshd. During the installation of the Solaris OS, you
setup the system to be Secure by Default. Which three describe how network services will be
configured on the newly installed server? (Choose three.)
A. SNMP - enabled for remote clients
B. syslogd - limit to local connections
C. rpcbind - limit to local connections
D. sendmail - limit to local connections
E. syslogd - enabled for remote clients
F. rpcbind - enabled for remote clients
Answer: B,C,D

certification Oracle   1Z0-877   1Z0-877 examen   1Z0-877   1Z0-877

NO.10 A server has not had any changes made to the configuration of the standard system login
accounts. It has a number of tape devices attached to it. The server is the only system on the local
network that has tape devices. A file must be configured to allow backups. Which file must be
correctly configured on the system with the tape devices attached to enable the other system to
successfully perform its backup?
A. /.rhosts
B. /etc/hosts.equiv
C. /etc/rmt/tape.conf
D. /etc/hostname.rmt0
Answer: A

Oracle examen   1Z0-877   1Z0-877   certification 1Z0-877   certification 1Z0-877   1Z0-877

NO.11 You need to set up a cron job that will run the /usr/bin/banner command to display the
message System Backups tonight in a console window at 5:00 P .M. each Thursday. Which is the
correct cron table entry?
A. 0 5 * * 5 /usr/bin/banner "System Backups tonight" > /dev/console
B. 0 5 * * 4 /usr/bin/banner "System Backups tonight" > /dev/console
C. 0 17 * * 5 /usr/bin/banner "System Backups tonight" > /dev/console
D. 0 17 * * 4 /usr/bin/banner "System Backups tonight" > /dev/console
Answer: D

certification Oracle   1Z0-877   1Z0-877   1Z0-877

NO.12 A new service named banner needs to be incorporated into SMF. The appropriate entries are
placed in the milestones where this service is stopped and started and the service scripts are in the
correct locations.
Which command incorporates the banner service into SMF?
A. svccfg import /var/svc/manifest/site/banner-smf.xml
B. svccfg add /var/svc/manifest/site/banner-smf.xml
C. svcadm import /var/svc/manifest/site/banner-smf.xml
D. svcadm add /var/svc/manifest/site/banner-smf-xml
Answer: A

Oracle   1Z0-877   1Z0-877   1Z0-877

NO.13 You are going to install a remote system using a WAN boot installation. Which two items are
true of a WAN boot and must be part of your pre-installation checklist? (Choose two.)
A. WAN boot is supported on machines with SPARC and x86 CPUs.
B. You cannot use WAN boot on machines running the Solaris OS for x86 platforms.
C. A CDROM is required to access the wanboot program and WAN boot miniroot.
D. The system must have WAN boot support in the OBP or PXE support in the BIOS.
E. An HTTP server must be available on the network.
Answer: B,E

Oracle   1Z0-877   1Z0-877 examen   1Z0-877 examen

NO.14 You are setting up a Sun server with two internal SATA disk drives. You have also installed two
PCI SCSI controllers, and have installed four SCSI disk drives on each controller. Now you want to
check that all of the hardware is configured properly and that all of the hard drives are visible by the
system. Which Open Boot command(s) are used to verify that all of the drives are accessible and
that the server is able to identify all of the disk drives?
A. probe-all
B. sifting probe
C. probe-scsi followed by probe-ide
D. probe-scsi-all followed by probe-ide-all
Answer: D

certification Oracle   certification 1Z0-877   1Z0-877 examen   1Z0-877

NO.15 You have installed a package called SUNWvts onto your system. Where is the information
about every file and directory contained in this package stored?
A. /var/sadm/messages
B. In your home directory.
C. /var/spool/SUNWvts
D. /var/sadm/install/contents
E. /var/adm/installed/contents
F. /etc/default/installed/packages/information
Answer: D

Oracle   1Z0-877   certification 1Z0-877   certification 1Z0-877   1Z0-877   1Z0-877

Oracle 1Z0-881, de formation et d'essai

Pass4Test a de formations plus nouvelles pour le test Oracle 1Z0-881. Les experts dans l'industrie IT de Pass4Test profitant leurs expériences et connaissances professionnelles à lancer les Q&As plus chaudes pour faciliter la préparation du test Oracle 1Z0-881 à tous les candidats qui nous choisissent. L'importance de Certification Oracle 1Z0-881 est de plus en plus claire, c'est aussi pourquoi il y a de plus en plus de gens qui ont envie de participer ce test. Parmi tous ces candidats, pas mal de gens ont réussi grâce à Pass4Test. Ces feedbacks peuvent bien prouver nos produits essentiels pour votre réussite de test Certification.

Les produits de Pass4Test sont recherchés par les experts de Pass4Test qui se profitent de leurs connaissances et leurs expériences dans l'Idustrie IT. Si vous allez participer le test Oracle 1Z0-881, vous devez choisir Pass4Test. La Q&A de Pass4Test peut vous aider à préparer mieux le test Oracle 1Z0-881 avec sa grande couiverture des questions. En face d'un test très difficile, vous pouvez obtenir le Certificat Oracle 1Z0-881 sans aucune doute.

Pass4Test vous permet à réussir le test Certification sans beaucoup d'argents et de temps dépensés. La Q&A Oracle 1Z0-881 est recherchée par Pass4Test selon les résumés de test réel auparavant, laquelle est bien liée avec le test réel.

Pour réussir le test Oracle 1Z0-881 demande beaucoup de connaissances professionnelles IT. Il n'y a que les gens qui possèdent bien les connaissances complètes à participer le test Oracle 1Z0-881. Maintenant, on a les autres façons pour se former. Bien que vous n'ayez pas une connaissance complète maintenant, vous pouvez quand même réussir le test Oracle 1Z0-881 avec l'aide de Pass4Test. En comparaison des autres façons, cette là dépense moins de temps et de l'effort. Tous les chemins mènent à Rome.

Le Certificat de Oracle 1Z0-881 signifie aussi un nouveau jalon de la carrière, le travail aura une space plus grande à augmenter, et tout le monde dans l'industrie IT sont désireux de l'obtenir. En face d'une grande passion pour le test Certification Oracle 1Z0-881, le contrariété est le taux très faible à réussir. Bien sûr que l'on ne passe pas le test 1Z0-881 sans aucun éffort, en même temps, le test de Oracle 1Z0-881 demande les connaissances bien professionnelles. Le guide d'étude dans le site Pass4Test peut vous fournir un raccourci à réussir le test Oracle 1Z0-881 et à obtenir le Certificat de ce test. Choisissez le guide d'étude de Pass4Test, vous verrez moins de temps dépensés, moins d'efforts contribués, mais plus de chances à réussir le test. Ça c'est une solution bien rentable pour vous.

Code d'Examen: 1Z0-881
Nom d'Examen: Oracle (Oracle Solaris 10 Security Administrator Certified Expert Exam)
Questions et réponses: 293 Q&As

Choisir le Pass4Test peut vous aider à réussir 100% le test Oracle 1Z0-881 qui change tout le temps. Pass4Test peut vous offrir les infos plus nouvelles. Dans le site de Pass4Test le servie en ligne est disponible toute la journée. Si vous ne passerez pas le test, votre argent sera tout rendu.

Si vous vous inscriez le test Oracle 1Z0-881, vous devez choisir une bonne Q&A. Le test Oracle 1Z0-881 est un test Certification très important dans l'Industrie IT. C'est essentielle d'une bonne préparation avant le test.

1Z0-881 Démo gratuit à télécharger: http://www.pass4test.fr/1Z0-881.html

NO.1 The Key Distribution Center (KDC) is a central part of the Kerberos authentication system. How should
the system running the KDC be configured?
A. It should be a hardened, minimized system.
B. It should be a hardened, non-networked system.
C. The KDC implementation employs cryptography and can therefore run securely on an ordinary
multi-user system.
D. For improved security, users must log in to the KDC before authenticating themselves, so it must be a
multiuser system.
Answer: A

certification Oracle   1Z0-881   1Z0-881 examen   certification 1Z0-881

NO.2 You decided it was worth maintaining an extremely paranoid policy when configuring your firewall
rules. Therefore, you had your management approve the implementation of a security policy
stance to deny all inbound connection requests to your corporate network. How is it possible that
you still suffer from remote exploits that your adversaries are using to obtain interactive sessions
inside your firewall?
A. TCP splicing is easy to do.
B. Internal software may be vulnerable.
C. UDP vulnerabilities are well-known and exploited.
D. ICMP hijacking attacks can still succeed through any firewall.
Answer: B

Oracle   certification 1Z0-881   1Z0-881

NO.3 Within the context of file integrity, rules can be implemented to change the scope of the Basic Audit
and Report Tool (BART) manifest. Given the rule file: /home/bert/docs *.og[dt] CHECK all IGNORE mtime
Which two statements are valid? (Choose two.)
A. All files on the system will be checked.
B. The last modification time of all checked files will not be checked.
C. Key words such as CHECK and IGNORE can NOT be used in a rule file.
D. Only files with extension .ogt and .ogd in the directory /home/bert/docs will be checked.
E. All files on the system will be checked, except for files with extensions .ogt and .ogd in the directory
/home/bert/docs.
Answer: B,D

Oracle examen   certification 1Z0-881   certification 1Z0-881

NO.4 Due to changes to the security policy of your organization, access restriction must be applied to
systems. The changes specify that access to systems through the ftp protocol is NOT allowed according
to the Human Resources department, which has the 10.10.10.0/24 address space assigned. TCP
wrappers have been enabled for the ftp daemon, and these files have been configured: # cat
/etc/hosts.allow in.ftpd: ALL # cat /etc/hosts.deny in.ftpd: 10.10.10.0/24 Despite the implemented
configuration, Human Resources is still able to access systems through the ftp protocol. What action must
be taken?
A. The ftp daemon must be restarted.
B. The inetd daemon must be restarted.
C. The entry in the hosts.deny file is wrong and must be changed.
D. The entry in the hosts.allow file is wrong and must be changed.
Answer: D

Oracle   1Z0-881   1Z0-881

NO.5 To harden a newly installed Solaris OS, an administrator is required to make sure that syslogd is
configured to NOT accept messages from the network. Which supported method can be used to
configure syslogd like this?
A. Run svcadm disable -t svc:/network/system-log.
B. Edit /etc/default/syslogd to set LOG_FROM_REMOTE=NO.
C. Edit /etc/rc2.d/S74syslog to start syslogd with the -t option.
D. Edit /lib/svc/method/system-log to set LOG_FROM_REMOTE=NO.
Answer: B

Oracle   certification 1Z0-881   certification 1Z0-881   certification 1Z0-881

NO.6 Given:
jupiter:$md5,rounds=2006$2amXesSj5$$kCF48vfPsHDjlKNXeEw7V.:12210:::::: What is the
characteristic of this /etc/shadow entry?
A. User jupiter uses the md5 hash, with salt 2006$2amXesSj5$, and with the encrypted password
$kCF48vfPsHDjlKNXeEw7V.
B. User jupiter uses the 2a hash, with 2006 iterations of the hash, with salt 2amXesSj5, and with the
encrypted password kCF48vfPsHDjlKNXeEw7V.
C. User jupiter uses the md5 hash, with 2006 iterations of the hash, with salt 2amXesSj5, and with the
encrypted password kCF48vfPsHDjlKNXeEw7V.
D. User jupiter uses the md5 hash, with 2006 iterations of the hash, with no salt, and with the encrypted
password $rQmXesSj5$$kCF48vfPsHDjlKNXeEw7V.
Answer: C

Oracle   1Z0-881   1Z0-881 examen   1Z0-881

NO.7 You are configuring a new system to be used as an intranet web server. After you have installed the
minimal amount of packages and patched the system, you added the appropriate web server packages
(SUNWapch2r and SUNWapch2u). By default, the web server daemon will be started using UID
webservd and the basic privilege set. To comply with the company's policy of least privilege, you need to
minimize the privileges that the web server will have. What will you modify to specify the privileges that
the web service will run with?
A. the PRIV_DEFAULT setting in /etc/security/policy.conf
B. the defaultpriv setting of webserverd in /etc/user_attr
C. the privileges property of the web service in the SMF repository
D. the privs property of the web service in /etc/security/exec_attr
Answer: C

Oracle examen   1Z0-881 examen   certification 1Z0-881   certification 1Z0-881   1Z0-881

NO.8 Which two tasks does the Key Distribution Center (KDC) perform? (Choose two.)
A. issues service tickets
B. authenticates services
C. issues ticket-granting-tickets
D. validates passwords sent in clear text
E. provides private sessions to services
Answer: A,C

Oracle examen   1Z0-881   1Z0-881   1Z0-881 examen

NO.9 Packet filters and firewalls are an important component of any defense-in-depth security strategy.
Which two types of threats can IP Filter be deployed as an effective countermeasure against? (Choose
two.)
A. a Christmas Tree scan
B. an attempt to log in to a system using SSH by an unauthorized user
C. an attempt to exploit a SQL injection vulnerability in a web storefront application
D. an attempt to exploit a buffer overflow vulnerability in rpcbind, originating from a host on an authorized
network
E. an attempt to exploit a buffer overflow vulnerability in rpcbind, originating from a host on an
unauthorized network
Answer: A,E

Oracle   1Z0-881 examen   1Z0-881 examen

NO.10 You have been asked to grant the user ennovy, a member of the staff group, read and write access to
the file /app/notes which has the following properties: ls -l /app/notes -rw-rw---- 1 root app 0 Jun 6 15:11
/app/notes Which options will NOT grant the user the ability to read and write the file?
A. usermod -G app ennovy
B. setfacl -m user:ennovy:rw- /app/notes
C. setfacl -m group:staff:rw- /app/notes
D. usermod -K defaultpriv=basic,file_dac_read,file_dac_write ennovy
Answer: D

Oracle examen   1Z0-881   1Z0-881   1Z0-881

NO.11 A cryptographically signed patch provides system administrators with assurance that the patch
possesses certain qualities. Which two qualities are assured when a patch signature is verified? (Choose
two.)
A. The patch has a verified origin.
B. The patch has NOT been modified since it was signed.
C. The patch was created by a Sun Certified Systems Engineer.
D. The contents of the patch have NOT been revealed to anyone who does NOT have a Sun service plan.
Answer: A,B

certification Oracle   1Z0-881   1Z0-881 examen   1Z0-881 examen

NO.12 Which two commands are part of Sun Update Connection? (Choose two.)
A. /usr/bin/pkgadm
B. /usr/bin/keytool
C. /usr/sbin/smpatch
D. /usr/sbin/patchadd
E. /usr/bin/updatemanager
Answer: C,E

Oracle   1Z0-881   1Z0-881   1Z0-881   1Z0-881

NO.13 A security administrator is required to periodically validate binaries against the Solaris Fingerprint
Database. While attempting to capture MD5 file signatures for key Solaris OS files, the security
administrator encounters the following error: digest: no cryptographic provider was found for this
algorithm -- md5 What command should the administrator use to help determine the cause of the
problem?
A. crypt
B. digest
C. kcfadm
D. openssl
E. cryptoadm
Answer: E

Oracle examen   certification 1Z0-881   1Z0-881   certification 1Z0-881   1Z0-881   1Z0-881 examen

NO.14 A new security related patch has been released for the Solaris OS. This patch needs to be applied
to the system that functions as your web server. The web server is configured to run in a non-
global zone. Can you just use patch add to apply the patch to the global zone to update the web
server zone?
A. No, you need to shut down the web server zone first.
B. Yes, patches will be automatically applied to all zones.
C. No, you need to apply the patch to the web server zone separately.
D. Yes, but you must make sure that the web server zone is booted first.
Answer: B

certification Oracle   certification 1Z0-881   1Z0-881   certification 1Z0-881

NO.15 You have been asked to implement defense in depth for network access to a system, where a web
server will be running on an Internet-facing network interface. Which is NOT contributing to the defense in
depth?
A. running the web server in a zone
B. using svcadm to disable unused services
C. using IP Filter to limit which network ports can be accessed from the Internet
D. using VLANs on a single network interface instead of using multiple network interfaces
E. using TCP wrappers to limit from which system SSH be used to connect to the system
Answer: D

certification Oracle   1Z0-881   1Z0-881 examen   certification 1Z0-881

NO.16 The /etc/default/passwd file contains a number of configuration parameters that can be used to
constrain the character composition of user passwords. What is one of the dangers of having password
composition too tightly constrained?
A. Password complexity rules apply only to the English alphabet.
B. The entropy of the resulting password strings will be very high.
C. Duplication of encrypted user password strings is much more likely.
D. Limited password value possibilities can simplify brute force attacks.
E. Passwords are harder to compute when using many character classes.
Answer: D

Oracle   certification 1Z0-881   1Z0-881   1Z0-881

NO.17 Which are two advantages of the Service Management Facility compared to the init.d startup scripts?
(Choose two.)
A. It restarts processes if they die.
B. It handles service dependencies.
C. It has methods to start and stop the service.
D. It specifies what the system should do at each run level.
Answer: A,B

certification Oracle   1Z0-881   1Z0-881   1Z0-881

NO.18 An Internet service provider is offering shell accounts on their systems. As a special service,
customers can also apply for a root account to get their own virtual machine. The provider has
implemented this by using zones, and the customers get root access to the non-global zone. One of their
customers is developing cryptographic software and is using the ISP machine for testing newly developed
Solaris crypto providers. What kind of testing is available to this developer?
A. The developer is able to test newly developed user-level providers.
B. The developer is able to test newly developed kernel software providers.
C. The developer can NOT test newly developed providers in a non-global zone.
D. The developer is able to do the same tests as if developing as root in the global zone.
Answer: A

certification Oracle   certification 1Z0-881   1Z0-881   1Z0-881 examen

NO.19 A security administrator has a requirement to help configure and deploy a new server. What are two
security tasks that the security administrator should perform? (Choose two.)
A. Configure the server to use LDAP for authentication.
B. Configure network interfaces and routing information.
C. Install a DTrace probe to capture the use of privileges.
D. Disable any network services that are NOT being used.
E. Apply software patches to correct security vulnerabilities.
Answer: D,E

certification Oracle   certification 1Z0-881   1Z0-881   1Z0-881   1Z0-881

NO.20 Solaris Auditing supports the selective logging of which two kinds of events? (Choose two.)
A. file access by selected users
B. access to selected files by all users
C. selected users making outbound network connections
D. password changes which do not meet the system password policy
Answer: A,C

Oracle examen   1Z0-881   1Z0-881   certification 1Z0-881

NO.21 After a recent audit, you have been requested to minimize an existing Solaris system which runs a third
party database application. Which two should you do before starting to minimize the system? (Choose
two.)
A. Back up the system.
B. Remove any unneeded patches.
C. Install the SUNWrnet metacluster.
D. Remove any unneeded packages.
E. Confirm with the vendor of the database software that they support minimization.
Answer: A,E

certification Oracle   1Z0-881   1Z0-881   1Z0-881   1Z0-881

NO.22 One of the operators of the mainframe group was moved to the UNIX group and tasked to activate and
configure password history. For every user, the last 10 passwords should be remembered in the history. In
what file is the size of the password history configured?
A. /etc/shadow
B. /etc/pam.conf
C. /etc/default/passwd
D. /etc/security/policy.conf
Answer: C

Oracle   certification 1Z0-881   1Z0-881   1Z0-881

NO.23 Click the Exhibit button.
You maintain a minimized and hardened web server. The exhibit shows the current credentials that the
web server runs with. You receive a complaint about the fact that a newly installed webbased application
does not function. This application is based on a /bin/ksh cgi-bin script.
What setting prevents this cgi-bin program from working?
A. The system might NOT have /bin/ksh installed.
B. The server is NOT allowed to call the exec system call.
C. The server should run with uid=0 to run cgi-bin scripts.
D. Some of the libraries needed by /bin/ksh are NOT present in the webserver's chroot
environment.
Answer: B

certification Oracle   certification 1Z0-881   certification 1Z0-881   1Z0-881

NO.24 The company security policy now requires very detailed auditing of all actions. This includes capturing
all executed commands together with their arguments and the environment variables.
After activating auditing on all Solaris 10 systems, the security auditor complains about having to check
the audit trail on each individual host. He asks for a central place to capture all audit trails.
Using standard Solaris 10 security features, which is a solution to this problem.?
A. Configure auditd to send email with the events.
B. Configure auditd to send the output using syslog to a central loghost.
C. Configure auditd to store the audit trail using NFS on a central server.
D. Configure auditd to store the audit trail using LDAP in a central directory.
Answer: C

Oracle   certification 1Z0-881   1Z0-881

NO.25 Your company is running a DNS test server on the internal network. Access to this server must be
blocked by using IP Filter. The administrator prefers that this access control is not obvious to someone
trying to contact the server from the outside. Which rule implements the access control but hides the use
of IP Filter to the outside?
A. pass in quick on eri0 from 192.168.0.0/24 to any
B. block in quick proto udp from any to any port = 53
C. pass out quick on eri0 proto icmp from 192.168.1.2 to any keep state
D. block return-icmp(port-unr) in proto udp from any to 192.168.1.2 port = 53
Answer: D

Oracle   certification 1Z0-881   1Z0-881

NO.26 A security administator has a requirement to make an encrypted backup copy of an application and its
data, using the AES algorithm, so that it can be safely transmitted to a partner. Which two command
sequences can be used to generate an encrypted backup of the files under /app1? (Choose two.)
A. crypt < /app1/* > app1.backup.aes
B. encrypt -a aes -d /app1 -o app1.backup.aes
C. tar cf - /app1 | gzip -d -e aes > app1.backup.aes
D. ufsdump 0f - /app1 |\ crypt -a aes > app1.backup.aes
E. ufsdump 0f - /app1 |\ encrypt -a aes -o app1.backup.aes
F. tar cf - /app1 |\ openssl enc -out app1.backup.aes -aes-128-cbc
Answer: E,F

Oracle   1Z0-881   1Z0-881   certification 1Z0-881   1Z0-881

NO.27 A security administrator has a requirement to deploy the Solaris Security Toolkit onto all Solaris servers
in the department. In this environment, there are a variety of platforms and operating system versions
deployed. Onto which two platforms and operating system combinations can the Solaris Security Toolkit
be deployed in a supported configuration? (Choose two.)
A. x86, Solaris 2.4
B. x64, Solaris 9
C. x86, Solaris 10
D. SPARC, Solaris 2.6
E. SPARC, Solaris 8
Answer: C,E

Oracle examen   1Z0-881   1Z0-881   1Z0-881   1Z0-881   certification 1Z0-881

NO.28 A security administrator is required to validate the integrity of a set of operating system files on a
number of Solaris systems. The administrator decides to use the Solaris Fingerprint Database to validate
configuration and data files as well as binaries and libraries. What command, available by default in
Solaris 10, will help the security administrator collect the necessary information that will be used with the
Solaris Fingerprint Database?
A. md5sum
B. digest
C. encrypt
D. elfsign
E. cryptoadm
Answer: B

Oracle   1Z0-881   certification 1Z0-881   1Z0-881 examen   1Z0-881

NO.29 A security administrator creates a directory called prevoy with the following access control policy:
$ getfacl prevoy # file: prevoy # owner:
secadm # group: secadm user::rwx group::r-x #effective:r-x mask:r-x other:r-x default:user::r-default:
user:
sysadm:rw- default:group::r-- default:group:sysadm:rw- default:mask:rwx default:other:--- Into this
directory, the security administrator creates a file called secrets. The ls command reports the following for
the prevoy directory and secrets file: $ ls -ld . secrets drwxr-xr-x+ 2 secadm secadm 512 Jun 6 16:38 .
-r--r-----+ 1 secadm secadm
0 Jun 6 16:38 secrets Which two actions can be successfully taken by the sysadm role? (Choose two.)
A. The sysadm role can read the secrets file.
B. The sysadm role can write to the secrets file.
C. The sysadm role can remove the secrets file.
D. The sysadm role can create new files under the prevoy directory.
E. The sysadm role can change the Access Control Lists of the prevoy directory.
Answer: A,B

Oracle   1Z0-881   1Z0-881

NO.30 Which option is used in /etc/vfstab to limit the size of a tmpfs file system to 512MB to prevent a
memory denial of service (DoS)?
A. size=512m
B. maxsize=512
C. minsize=512
D. swapfs=512mb
Answer: A

certification Oracle   certification 1Z0-881   certification 1Z0-881   1Z0-881

Le test Oracle 1Z0-881 est bien populaire dans l'Industrie IT. Donc il y a de plus en plus de gens à participer le test Oracle 1Z0-881. En fait, c'est pas facile à passer le test si on n'a pas une formation particulière. Pass4Test peut vous aider à économiser le temps et les efforts à réussir le test Certification.

Meilleur Oracle 1Z0-881 test formation guide

Quand vous hésitez même à choisir Pass4Test, le démo gratuit dans le site Pass4Test est disponible pour vous à essayer avant d'acheter. Nos démos vous feront confiant à choisir Pass4Test. Pass4Test est votre meilleur choix à passer l'examen de Certification Oracle 1Z0-881, et aussi une meilleure assurance du succès du test 1Z0-881. Vous choisissez Pass4Test, vous choisissez le succès.

Maintenant, beaucoup de professionnels IT prennent un même point de vue que le test Oracle 1Z0-881 est le tremplin à surmonter la pointe de l'Industrie IT. Beaucoup de professionnels IT mettent les yeux au test Certification Oracle 1Z0-881.

Pass4Test a capacité d'économiser vos temps et de vous faire plus confiant à réussir le test. Vous pouvez télécharger le démo Oracle 1Z0-881 gratuit à connaître mieux la bonne fiabilité de Pass4Test. Nous nous font toujours confiant sur nos produits, et vous aussi dans un temps proche. La réussite de test Oracle 1Z0-881 n'est pas loin de vous une fois que vous choisissez le produit de Pass4Test. C'est un choix élégant pour vous faciliter à réussir le test Oracle 1Z0-881.

Selon les feedbacks offerts par les candidats, c'est facile à réussir le test Oracle 1Z0-881 avec l'aide de la Q&A de Pass4Test qui est recherché particulièrement pour le test Certification Oracle 1Z0-881. C'est une bonne preuve que notre produit est bien effective. Le produit de Pass4Test peut vous aider à renforcer les connaissances demandées par le test Oracle 1Z0-881, vous aurez une meilleure préparation avec l'aide de Pass4Test.

Pass4Test est un site web de vous offrir particulièrement les infos plus chaudes à propos de test Certification Oracle 1Z0-881. Pour vous assurer à nous choisir, vous pouvez télécharger les Q&As partielles gratuites. Pass4Test vous promet un succès 100% du test Oracle 1Z0-881.

Est-que vous s'inquiétez encore à passer le test Certification 1Z0-881 qui demande beaucoup d'efforts? Est-que vous travaillez nuit et jour juste pour préparer le test de Oracle 1Z0-881? Si vous voulez réussir le test Oracle 1Z0-881 plus facilement? N'hésitez plus à nous choisir. Pass4Test vous aidera à réaliser votre rêve.

Beaucoup de travailleurs dans l'Industrie IT peut obenir un meilleur travail et améliorer son niveau de vie à travers le Certificat Oracle 1Z0-881. Mais la majorité des candidats dépensent beaucoup de temps et d'argent pour préparer le test, ça ne coûte pas dans cette société que le temps est tellement précieux. Pass4Test peut vous aider à économiser le temps et l'effort pendant le cours de la préparation du test Oracle 1Z0-881. Choisir le produit de Pass4Test particulier pour le test Certification Oracle 1Z0-881 vous permet à réussir 100% le test. Votre argent sera tout rendu si malheureusement vous ne passez pas le test.

Code d'Examen: 1Z0-881
Nom d'Examen: Oracle (Oracle Solaris 10 Security Administrator Certified Expert Exam)
Questions et réponses: 293 Q&As

1Z0-881 Démo gratuit à télécharger: http://www.pass4test.fr/1Z0-881.html

NO.1 Due to changes to the security policy of your organization, access restriction must be applied to
systems. The changes specify that access to systems through the ftp protocol is NOT allowed according
to the Human Resources department, which has the 10.10.10.0/24 address space assigned. TCP
wrappers have been enabled for the ftp daemon, and these files have been configured: # cat
/etc/hosts.allow in.ftpd: ALL # cat /etc/hosts.deny in.ftpd: 10.10.10.0/24 Despite the implemented
configuration, Human Resources is still able to access systems through the ftp protocol. What action must
be taken?
A. The ftp daemon must be restarted.
B. The inetd daemon must be restarted.
C. The entry in the hosts.deny file is wrong and must be changed.
D. The entry in the hosts.allow file is wrong and must be changed.
Answer: D

Oracle   1Z0-881 examen   1Z0-881 examen

NO.2 Within the context of file integrity, rules can be implemented to change the scope of the Basic Audit
and Report Tool (BART) manifest. Given the rule file: /home/bert/docs *.og[dt] CHECK all IGNORE mtime
Which two statements are valid? (Choose two.)
A. All files on the system will be checked.
B. The last modification time of all checked files will not be checked.
C. Key words such as CHECK and IGNORE can NOT be used in a rule file.
D. Only files with extension .ogt and .ogd in the directory /home/bert/docs will be checked.
E. All files on the system will be checked, except for files with extensions .ogt and .ogd in the directory
/home/bert/docs.
Answer: B,D

Oracle   1Z0-881   1Z0-881 examen

NO.3 A security administrator is required to periodically validate binaries against the Solaris Fingerprint
Database. While attempting to capture MD5 file signatures for key Solaris OS files, the security
administrator encounters the following error: digest: no cryptographic provider was found for this
algorithm -- md5 What command should the administrator use to help determine the cause of the
problem?
A. crypt
B. digest
C. kcfadm
D. openssl
E. cryptoadm
Answer: E

Oracle   1Z0-881   certification 1Z0-881   1Z0-881   1Z0-881   1Z0-881

NO.4 You have been asked to grant the user ennovy, a member of the staff group, read and write access to
the file /app/notes which has the following properties: ls -l /app/notes -rw-rw---- 1 root app 0 Jun 6 15:11
/app/notes Which options will NOT grant the user the ability to read and write the file?
A. usermod -G app ennovy
B. setfacl -m user:ennovy:rw- /app/notes
C. setfacl -m group:staff:rw- /app/notes
D. usermod -K defaultpriv=basic,file_dac_read,file_dac_write ennovy
Answer: D

Oracle   1Z0-881 examen   1Z0-881

NO.5 Which option is used in /etc/vfstab to limit the size of a tmpfs file system to 512MB to prevent a
memory denial of service (DoS)?
A. size=512m
B. maxsize=512
C. minsize=512
D. swapfs=512mb
Answer: A

certification Oracle   certification 1Z0-881   1Z0-881

NO.6 A cryptographically signed patch provides system administrators with assurance that the patch
possesses certain qualities. Which two qualities are assured when a patch signature is verified? (Choose
two.)
A. The patch has a verified origin.
B. The patch has NOT been modified since it was signed.
C. The patch was created by a Sun Certified Systems Engineer.
D. The contents of the patch have NOT been revealed to anyone who does NOT have a Sun service plan.
Answer: A,B

Oracle   1Z0-881 examen   1Z0-881   1Z0-881 examen   certification 1Z0-881   certification 1Z0-881

NO.7 Your company is running a DNS test server on the internal network. Access to this server must be
blocked by using IP Filter. The administrator prefers that this access control is not obvious to someone
trying to contact the server from the outside. Which rule implements the access control but hides the use
of IP Filter to the outside?
A. pass in quick on eri0 from 192.168.0.0/24 to any
B. block in quick proto udp from any to any port = 53
C. pass out quick on eri0 proto icmp from 192.168.1.2 to any keep state
D. block return-icmp(port-unr) in proto udp from any to 192.168.1.2 port = 53
Answer: D

Oracle   certification 1Z0-881   1Z0-881 examen   1Z0-881   1Z0-881 examen

NO.8 Solaris Auditing supports the selective logging of which two kinds of events? (Choose two.)
A. file access by selected users
B. access to selected files by all users
C. selected users making outbound network connections
D. password changes which do not meet the system password policy
Answer: A,C

certification Oracle   1Z0-881   1Z0-881

NO.9 The /etc/default/passwd file contains a number of configuration parameters that can be used to
constrain the character composition of user passwords. What is one of the dangers of having password
composition too tightly constrained?
A. Password complexity rules apply only to the English alphabet.
B. The entropy of the resulting password strings will be very high.
C. Duplication of encrypted user password strings is much more likely.
D. Limited password value possibilities can simplify brute force attacks.
E. Passwords are harder to compute when using many character classes.
Answer: D

certification Oracle   1Z0-881   certification 1Z0-881

NO.10 One of the operators of the mainframe group was moved to the UNIX group and tasked to activate and
configure password history. For every user, the last 10 passwords should be remembered in the history. In
what file is the size of the password history configured?
A. /etc/shadow
B. /etc/pam.conf
C. /etc/default/passwd
D. /etc/security/policy.conf
Answer: C

Oracle   1Z0-881   certification 1Z0-881   1Z0-881   1Z0-881 examen

NO.11 A new security related patch has been released for the Solaris OS. This patch needs to be applied
to the system that functions as your web server. The web server is configured to run in a non-
global zone. Can you just use patch add to apply the patch to the global zone to update the web
server zone?
A. No, you need to shut down the web server zone first.
B. Yes, patches will be automatically applied to all zones.
C. No, you need to apply the patch to the web server zone separately.
D. Yes, but you must make sure that the web server zone is booted first.
Answer: B

Oracle   1Z0-881 examen   certification 1Z0-881   1Z0-881 examen

NO.12 Which two commands are part of Sun Update Connection? (Choose two.)
A. /usr/bin/pkgadm
B. /usr/bin/keytool
C. /usr/sbin/smpatch
D. /usr/sbin/patchadd
E. /usr/bin/updatemanager
Answer: C,E

Oracle   certification 1Z0-881   1Z0-881 examen   1Z0-881 examen   1Z0-881   1Z0-881 examen

NO.13 A security administator has a requirement to make an encrypted backup copy of an application and its
data, using the AES algorithm, so that it can be safely transmitted to a partner. Which two command
sequences can be used to generate an encrypted backup of the files under /app1? (Choose two.)
A. crypt < /app1/* > app1.backup.aes
B. encrypt -a aes -d /app1 -o app1.backup.aes
C. tar cf - /app1 | gzip -d -e aes > app1.backup.aes
D. ufsdump 0f - /app1 |\ crypt -a aes > app1.backup.aes
E. ufsdump 0f - /app1 |\ encrypt -a aes -o app1.backup.aes
F. tar cf - /app1 |\ openssl enc -out app1.backup.aes -aes-128-cbc
Answer: E,F

Oracle   1Z0-881 examen   1Z0-881   1Z0-881   1Z0-881

NO.14 A security administrator has a requirement to deploy the Solaris Security Toolkit onto all Solaris servers
in the department. In this environment, there are a variety of platforms and operating system versions
deployed. Onto which two platforms and operating system combinations can the Solaris Security Toolkit
be deployed in a supported configuration? (Choose two.)
A. x86, Solaris 2.4
B. x64, Solaris 9
C. x86, Solaris 10
D. SPARC, Solaris 2.6
E. SPARC, Solaris 8
Answer: C,E

certification Oracle   1Z0-881   certification 1Z0-881   certification 1Z0-881

NO.15 You have been asked to implement defense in depth for network access to a system, where a web
server will be running on an Internet-facing network interface. Which is NOT contributing to the defense in
depth?
A. running the web server in a zone
B. using svcadm to disable unused services
C. using IP Filter to limit which network ports can be accessed from the Internet
D. using VLANs on a single network interface instead of using multiple network interfaces
E. using TCP wrappers to limit from which system SSH be used to connect to the system
Answer: D

Oracle   certification 1Z0-881   1Z0-881 examen   1Z0-881   1Z0-881 examen

NO.16 Which are two advantages of the Service Management Facility compared to the init.d startup scripts?
(Choose two.)
A. It restarts processes if they die.
B. It handles service dependencies.
C. It has methods to start and stop the service.
D. It specifies what the system should do at each run level.
Answer: A,B

Oracle   1Z0-881 examen   1Z0-881   1Z0-881 examen   1Z0-881

NO.17 A security administrator has a requirement to help configure and deploy a new server. What are two
security tasks that the security administrator should perform? (Choose two.)
A. Configure the server to use LDAP for authentication.
B. Configure network interfaces and routing information.
C. Install a DTrace probe to capture the use of privileges.
D. Disable any network services that are NOT being used.
E. Apply software patches to correct security vulnerabilities.
Answer: D,E

Oracle examen   certification 1Z0-881   certification 1Z0-881   1Z0-881

NO.18 You are configuring a new system to be used as an intranet web server. After you have installed the
minimal amount of packages and patched the system, you added the appropriate web server packages
(SUNWapch2r and SUNWapch2u). By default, the web server daemon will be started using UID
webservd and the basic privilege set. To comply with the company's policy of least privilege, you need to
minimize the privileges that the web server will have. What will you modify to specify the privileges that
the web service will run with?
A. the PRIV_DEFAULT setting in /etc/security/policy.conf
B. the defaultpriv setting of webserverd in /etc/user_attr
C. the privileges property of the web service in the SMF repository
D. the privs property of the web service in /etc/security/exec_attr
Answer: C

Oracle   certification 1Z0-881   certification 1Z0-881   1Z0-881   1Z0-881 examen

NO.19 An Internet service provider is offering shell accounts on their systems. As a special service,
customers can also apply for a root account to get their own virtual machine. The provider has
implemented this by using zones, and the customers get root access to the non-global zone. One of their
customers is developing cryptographic software and is using the ISP machine for testing newly developed
Solaris crypto providers. What kind of testing is available to this developer?
A. The developer is able to test newly developed user-level providers.
B. The developer is able to test newly developed kernel software providers.
C. The developer can NOT test newly developed providers in a non-global zone.
D. The developer is able to do the same tests as if developing as root in the global zone.
Answer: A

Oracle examen   certification 1Z0-881   1Z0-881 examen

NO.20 Packet filters and firewalls are an important component of any defense-in-depth security strategy.
Which two types of threats can IP Filter be deployed as an effective countermeasure against? (Choose
two.)
A. a Christmas Tree scan
B. an attempt to log in to a system using SSH by an unauthorized user
C. an attempt to exploit a SQL injection vulnerability in a web storefront application
D. an attempt to exploit a buffer overflow vulnerability in rpcbind, originating from a host on an authorized
network
E. an attempt to exploit a buffer overflow vulnerability in rpcbind, originating from a host on an
unauthorized network
Answer: A,E

Oracle   1Z0-881   1Z0-881   1Z0-881 examen

NO.21 To harden a newly installed Solaris OS, an administrator is required to make sure that syslogd is
configured to NOT accept messages from the network. Which supported method can be used to
configure syslogd like this?
A. Run svcadm disable -t svc:/network/system-log.
B. Edit /etc/default/syslogd to set LOG_FROM_REMOTE=NO.
C. Edit /etc/rc2.d/S74syslog to start syslogd with the -t option.
D. Edit /lib/svc/method/system-log to set LOG_FROM_REMOTE=NO.
Answer: B

Oracle examen   certification 1Z0-881   1Z0-881 examen   1Z0-881   certification 1Z0-881   1Z0-881

NO.22 Which two tasks does the Key Distribution Center (KDC) perform? (Choose two.)
A. issues service tickets
B. authenticates services
C. issues ticket-granting-tickets
D. validates passwords sent in clear text
E. provides private sessions to services
Answer: A,C

Oracle examen   1Z0-881   1Z0-881

NO.23 A security administrator creates a directory called prevoy with the following access control policy:
$ getfacl prevoy # file: prevoy # owner:
secadm # group: secadm user::rwx group::r-x #effective:r-x mask:r-x other:r-x default:user::r-default:
user:
sysadm:rw- default:group::r-- default:group:sysadm:rw- default:mask:rwx default:other:--- Into this
directory, the security administrator creates a file called secrets. The ls command reports the following for
the prevoy directory and secrets file: $ ls -ld . secrets drwxr-xr-x+ 2 secadm secadm 512 Jun 6 16:38 .
-r--r-----+ 1 secadm secadm
0 Jun 6 16:38 secrets Which two actions can be successfully taken by the sysadm role? (Choose two.)
A. The sysadm role can read the secrets file.
B. The sysadm role can write to the secrets file.
C. The sysadm role can remove the secrets file.
D. The sysadm role can create new files under the prevoy directory.
E. The sysadm role can change the Access Control Lists of the prevoy directory.
Answer: A,B

Oracle examen   1Z0-881 examen   1Z0-881

NO.24 The company security policy now requires very detailed auditing of all actions. This includes capturing
all executed commands together with their arguments and the environment variables.
After activating auditing on all Solaris 10 systems, the security auditor complains about having to check
the audit trail on each individual host. He asks for a central place to capture all audit trails.
Using standard Solaris 10 security features, which is a solution to this problem.?
A. Configure auditd to send email with the events.
B. Configure auditd to send the output using syslog to a central loghost.
C. Configure auditd to store the audit trail using NFS on a central server.
D. Configure auditd to store the audit trail using LDAP in a central directory.
Answer: C

Oracle   1Z0-881   1Z0-881   1Z0-881   1Z0-881   1Z0-881 examen

NO.25 After a recent audit, you have been requested to minimize an existing Solaris system which runs a third
party database application. Which two should you do before starting to minimize the system? (Choose
two.)
A. Back up the system.
B. Remove any unneeded patches.
C. Install the SUNWrnet metacluster.
D. Remove any unneeded packages.
E. Confirm with the vendor of the database software that they support minimization.
Answer: A,E

Oracle   1Z0-881   1Z0-881   1Z0-881

NO.26 You decided it was worth maintaining an extremely paranoid policy when configuring your firewall
rules. Therefore, you had your management approve the implementation of a security policy
stance to deny all inbound connection requests to your corporate network. How is it possible that
you still suffer from remote exploits that your adversaries are using to obtain interactive sessions
inside your firewall?
A. TCP splicing is easy to do.
B. Internal software may be vulnerable.
C. UDP vulnerabilities are well-known and exploited.
D. ICMP hijacking attacks can still succeed through any firewall.
Answer: B

Oracle examen   1Z0-881   1Z0-881

NO.27 Given:
jupiter:$md5,rounds=2006$2amXesSj5$$kCF48vfPsHDjlKNXeEw7V.:12210:::::: What is the
characteristic of this /etc/shadow entry?
A. User jupiter uses the md5 hash, with salt 2006$2amXesSj5$, and with the encrypted password
$kCF48vfPsHDjlKNXeEw7V.
B. User jupiter uses the 2a hash, with 2006 iterations of the hash, with salt 2amXesSj5, and with the
encrypted password kCF48vfPsHDjlKNXeEw7V.
C. User jupiter uses the md5 hash, with 2006 iterations of the hash, with salt 2amXesSj5, and with the
encrypted password kCF48vfPsHDjlKNXeEw7V.
D. User jupiter uses the md5 hash, with 2006 iterations of the hash, with no salt, and with the encrypted
password $rQmXesSj5$$kCF48vfPsHDjlKNXeEw7V.
Answer: C

Oracle examen   1Z0-881   1Z0-881   1Z0-881

NO.28 Click the Exhibit button.
You maintain a minimized and hardened web server. The exhibit shows the current credentials that the
web server runs with. You receive a complaint about the fact that a newly installed webbased application
does not function. This application is based on a /bin/ksh cgi-bin script.
What setting prevents this cgi-bin program from working?
A. The system might NOT have /bin/ksh installed.
B. The server is NOT allowed to call the exec system call.
C. The server should run with uid=0 to run cgi-bin scripts.
D. Some of the libraries needed by /bin/ksh are NOT present in the webserver's chroot
environment.
Answer: B

Oracle examen   1Z0-881 examen   1Z0-881

NO.29 A security administrator is required to validate the integrity of a set of operating system files on a
number of Solaris systems. The administrator decides to use the Solaris Fingerprint Database to validate
configuration and data files as well as binaries and libraries. What command, available by default in
Solaris 10, will help the security administrator collect the necessary information that will be used with the
Solaris Fingerprint Database?
A. md5sum
B. digest
C. encrypt
D. elfsign
E. cryptoadm
Answer: B

Oracle   1Z0-881   1Z0-881   1Z0-881

NO.30 The Key Distribution Center (KDC) is a central part of the Kerberos authentication system. How should
the system running the KDC be configured?
A. It should be a hardened, minimized system.
B. It should be a hardened, non-networked system.
C. The KDC implementation employs cryptography and can therefore run securely on an ordinary
multi-user system.
D. For improved security, users must log in to the KDC before authenticating themselves, so it must be a
multiuser system.
Answer: A

certification Oracle   1Z0-881   1Z0-881 examen   1Z0-881 examen

Vous Oracle 1Z0-881 pouvez télécharger le démo Oracle 1Z0-881 gratuit dans le site Pass4Test pour essayer notre qualité. Une fois vous achetez le produit de Pass4Test, nous allons faire tous effort à vous aider à réussir le test à la première fois et vous laisser savoir qu'il ne faut pas beaucoup de travaux pour réussir ce que vous voulez.

Pass4Test offre une formation sur Oracle 1Z0-881 matériaux examen

Pass4Test est un site qui peut réalise le rêve de beaucoup de professionnels. Pass4Test peut vous donner un coup de main pour réussir le test Certification Oracle 1Z0-881 via son guide d'étude. Est-ce que vous vous souciez de test Certification Oracle 1Z0-881? Est-ce que vous êtes en cours de penser à chercher quelques Q&As à vous aider? Pass4Test peut résoudre ces problèmes. Les documentations offertes par Pass4Test peuvent vous provider une préparation avant le test plus efficace. Le test de simulation de Pass4Test est presque le même que le test réel. Étudier avec le guide d'étude de Pass4Test, vous pouvez passer le test avec une haute note.

Pass4Test a de formations plus nouvelles pour le test Oracle 1Z0-881. Les experts dans l'industrie IT de Pass4Test profitant leurs expériences et connaissances professionnelles à lancer les Q&As plus chaudes pour faciliter la préparation du test Oracle 1Z0-881 à tous les candidats qui nous choisissent. L'importance de Certification Oracle 1Z0-881 est de plus en plus claire, c'est aussi pourquoi il y a de plus en plus de gens qui ont envie de participer ce test. Parmi tous ces candidats, pas mal de gens ont réussi grâce à Pass4Test. Ces feedbacks peuvent bien prouver nos produits essentiels pour votre réussite de test Certification.

Dans cette société, il y a plein de gens talentueux, surtout les professionnels de l'informatique. Beaucoup de gens IT se battent dans ce domaine pour améliorer l'état de la carrière. Le test 1Z0-881 est lequel très important dans les tests de Certification Oracle. Pour être qualifié de Oracle, on doit obtenir le passport de test Oracle 1Z0-881.

Code d'Examen: 1Z0-881

Nom d'Examen: Oracle (Oracle Solaris 10 Security Administrator Certified Expert Exam)

Questions et réponses: 293 Q&As

Bien qu'il ne soit pas facile à réussir le test Oracle 1Z0-881, c'est très improtant à choisir un bon outil de se former. Pass4Test a bien préparé les documentatinos et les exercices pour vous aider à réussir 100% le test. Pass4Test peut non seulement d'être une assurance du succès de votre test Oracle 1Z0-881, mais encore à vous aider d'économiser votre temps.

C'est un bon choix si vous prendre l'outil de formation de Pass4Test. Vous pouvez télécharger tout d'abord le démo gratuit pour prendre un essai. Vous aurez plus confiances sur Pass4Test après l'essai de notre démo. Si malheureusement, vous ne passe pas le test, votre argent sera tout rendu.

1Z0-881 Démo gratuit à télécharger: http://www.pass4test.fr/1Z0-881.html

NO.1 Given:
jupiter:$md5,rounds=2006$2amXesSj5$$kCF48vfPsHDjlKNXeEw7V.:12210:::::: What is the
characteristic of this /etc/shadow entry?
A. User jupiter uses the md5 hash, with salt 2006$2amXesSj5$, and with the encrypted password
$kCF48vfPsHDjlKNXeEw7V.
B. User jupiter uses the 2a hash, with 2006 iterations of the hash, with salt 2amXesSj5, and with the
encrypted password kCF48vfPsHDjlKNXeEw7V.
C. User jupiter uses the md5 hash, with 2006 iterations of the hash, with salt 2amXesSj5, and with the
encrypted password kCF48vfPsHDjlKNXeEw7V.
D. User jupiter uses the md5 hash, with 2006 iterations of the hash, with no salt, and with the encrypted
password $rQmXesSj5$$kCF48vfPsHDjlKNXeEw7V.
Answer: C

Oracle examen   1Z0-881   certification 1Z0-881   1Z0-881 examen

NO.2 A cryptographically signed patch provides system administrators with assurance that the patch
possesses certain qualities. Which two qualities are assured when a patch signature is verified? (Choose
two.)
A. The patch has a verified origin.
B. The patch has NOT been modified since it was signed.
C. The patch was created by a Sun Certified Systems Engineer.
D. The contents of the patch have NOT been revealed to anyone who does NOT have a Sun service plan.
Answer: A,B

certification Oracle   1Z0-881   certification 1Z0-881   1Z0-881   certification 1Z0-881   1Z0-881

NO.3 Which are two advantages of the Service Management Facility compared to the init.d startup scripts?
(Choose two.)
A. It restarts processes if they die.
B. It handles service dependencies.
C. It has methods to start and stop the service.
D. It specifies what the system should do at each run level.
Answer: A,B

Oracle   1Z0-881 examen   certification 1Z0-881   1Z0-881

NO.4 Packet filters and firewalls are an important component of any defense-in-depth security strategy.
Which two types of threats can IP Filter be deployed as an effective countermeasure against? (Choose
two.)
A. a Christmas Tree scan
B. an attempt to log in to a system using SSH by an unauthorized user
C. an attempt to exploit a SQL injection vulnerability in a web storefront application
D. an attempt to exploit a buffer overflow vulnerability in rpcbind, originating from a host on an authorized
network
E. an attempt to exploit a buffer overflow vulnerability in rpcbind, originating from a host on an
unauthorized network
Answer: A,E

Oracle   certification 1Z0-881   certification 1Z0-881   1Z0-881

NO.5 You have been asked to implement defense in depth for network access to a system, where a web
server will be running on an Internet-facing network interface. Which is NOT contributing to the defense in
depth?
A. running the web server in a zone
B. using svcadm to disable unused services
C. using IP Filter to limit which network ports can be accessed from the Internet
D. using VLANs on a single network interface instead of using multiple network interfaces
E. using TCP wrappers to limit from which system SSH be used to connect to the system
Answer: D

Oracle examen   1Z0-881   1Z0-881

NO.6 Click the Exhibit button.
You maintain a minimized and hardened web server. The exhibit shows the current credentials that the
web server runs with. You receive a complaint about the fact that a newly installed webbased application
does not function. This application is based on a /bin/ksh cgi-bin script.
What setting prevents this cgi-bin program from working?
A. The system might NOT have /bin/ksh installed.
B. The server is NOT allowed to call the exec system call.
C. The server should run with uid=0 to run cgi-bin scripts.
D. Some of the libraries needed by /bin/ksh are NOT present in the webserver's chroot
environment.
Answer: B

certification Oracle   1Z0-881   1Z0-881

NO.7 A security administrator creates a directory called prevoy with the following access control policy:
$ getfacl prevoy # file: prevoy # owner:
secadm # group: secadm user::rwx group::r-x #effective:r-x mask:r-x other:r-x default:user::r-default:
user:
sysadm:rw- default:group::r-- default:group:sysadm:rw- default:mask:rwx default:other:--- Into this
directory, the security administrator creates a file called secrets. The ls command reports the following for
the prevoy directory and secrets file: $ ls -ld . secrets drwxr-xr-x+ 2 secadm secadm 512 Jun 6 16:38 .
-r--r-----+ 1 secadm secadm
0 Jun 6 16:38 secrets Which two actions can be successfully taken by the sysadm role? (Choose two.)
A. The sysadm role can read the secrets file.
B. The sysadm role can write to the secrets file.
C. The sysadm role can remove the secrets file.
D. The sysadm role can create new files under the prevoy directory.
E. The sysadm role can change the Access Control Lists of the prevoy directory.
Answer: A,B

certification Oracle   1Z0-881   1Z0-881   1Z0-881

NO.8 Within the context of file integrity, rules can be implemented to change the scope of the Basic Audit
and Report Tool (BART) manifest. Given the rule file: /home/bert/docs *.og[dt] CHECK all IGNORE mtime
Which two statements are valid? (Choose two.)
A. All files on the system will be checked.
B. The last modification time of all checked files will not be checked.
C. Key words such as CHECK and IGNORE can NOT be used in a rule file.
D. Only files with extension .ogt and .ogd in the directory /home/bert/docs will be checked.
E. All files on the system will be checked, except for files with extensions .ogt and .ogd in the directory
/home/bert/docs.
Answer: B,D

Oracle   certification 1Z0-881   1Z0-881 examen   1Z0-881   certification 1Z0-881

NO.9 One of the operators of the mainframe group was moved to the UNIX group and tasked to activate and
configure password history. For every user, the last 10 passwords should be remembered in the history. In
what file is the size of the password history configured?
A. /etc/shadow
B. /etc/pam.conf
C. /etc/default/passwd
D. /etc/security/policy.conf
Answer: C

Oracle examen   1Z0-881 examen   certification 1Z0-881   1Z0-881 examen   1Z0-881

NO.10 After a recent audit, you have been requested to minimize an existing Solaris system which runs a third
party database application. Which two should you do before starting to minimize the system? (Choose
two.)
A. Back up the system.
B. Remove any unneeded patches.
C. Install the SUNWrnet metacluster.
D. Remove any unneeded packages.
E. Confirm with the vendor of the database software that they support minimization.
Answer: A,E

certification Oracle   1Z0-881   1Z0-881   certification 1Z0-881

NO.11 To harden a newly installed Solaris OS, an administrator is required to make sure that syslogd is
configured to NOT accept messages from the network. Which supported method can be used to
configure syslogd like this?
A. Run svcadm disable -t svc:/network/system-log.
B. Edit /etc/default/syslogd to set LOG_FROM_REMOTE=NO.
C. Edit /etc/rc2.d/S74syslog to start syslogd with the -t option.
D. Edit /lib/svc/method/system-log to set LOG_FROM_REMOTE=NO.
Answer: B

certification Oracle   certification 1Z0-881   1Z0-881   certification 1Z0-881

NO.12 A new security related patch has been released for the Solaris OS. This patch needs to be applied
to the system that functions as your web server. The web server is configured to run in a non-
global zone. Can you just use patch add to apply the patch to the global zone to update the web
server zone?
A. No, you need to shut down the web server zone first.
B. Yes, patches will be automatically applied to all zones.
C. No, you need to apply the patch to the web server zone separately.
D. Yes, but you must make sure that the web server zone is booted first.
Answer: B

Oracle   1Z0-881   1Z0-881   1Z0-881

NO.13 A security administrator has a requirement to deploy the Solaris Security Toolkit onto all Solaris servers
in the department. In this environment, there are a variety of platforms and operating system versions
deployed. Onto which two platforms and operating system combinations can the Solaris Security Toolkit
be deployed in a supported configuration? (Choose two.)
A. x86, Solaris 2.4
B. x64, Solaris 9
C. x86, Solaris 10
D. SPARC, Solaris 2.6
E. SPARC, Solaris 8
Answer: C,E

certification Oracle   certification 1Z0-881   1Z0-881   certification 1Z0-881   certification 1Z0-881   1Z0-881

NO.14 The company security policy now requires very detailed auditing of all actions. This includes capturing
all executed commands together with their arguments and the environment variables.
After activating auditing on all Solaris 10 systems, the security auditor complains about having to check
the audit trail on each individual host. He asks for a central place to capture all audit trails.
Using standard Solaris 10 security features, which is a solution to this problem.?
A. Configure auditd to send email with the events.
B. Configure auditd to send the output using syslog to a central loghost.
C. Configure auditd to store the audit trail using NFS on a central server.
D. Configure auditd to store the audit trail using LDAP in a central directory.
Answer: C

Oracle   1Z0-881 examen   1Z0-881   1Z0-881 examen   1Z0-881 examen

NO.15 Which option is used in /etc/vfstab to limit the size of a tmpfs file system to 512MB to prevent a
memory denial of service (DoS)?
A. size=512m
B. maxsize=512
C. minsize=512
D. swapfs=512mb
Answer: A

Oracle examen   1Z0-881   1Z0-881 examen   1Z0-881   certification 1Z0-881

NO.16 The /etc/default/passwd file contains a number of configuration parameters that can be used to
constrain the character composition of user passwords. What is one of the dangers of having password
composition too tightly constrained?
A. Password complexity rules apply only to the English alphabet.
B. The entropy of the resulting password strings will be very high.
C. Duplication of encrypted user password strings is much more likely.
D. Limited password value possibilities can simplify brute force attacks.
E. Passwords are harder to compute when using many character classes.
Answer: D

Oracle   1Z0-881   1Z0-881   1Z0-881 examen

NO.17 An Internet service provider is offering shell accounts on their systems. As a special service,
customers can also apply for a root account to get their own virtual machine. The provider has
implemented this by using zones, and the customers get root access to the non-global zone. One of their
customers is developing cryptographic software and is using the ISP machine for testing newly developed
Solaris crypto providers. What kind of testing is available to this developer?
A. The developer is able to test newly developed user-level providers.
B. The developer is able to test newly developed kernel software providers.
C. The developer can NOT test newly developed providers in a non-global zone.
D. The developer is able to do the same tests as if developing as root in the global zone.
Answer: A

Oracle examen   certification 1Z0-881   1Z0-881

NO.18 You are configuring a new system to be used as an intranet web server. After you have installed the
minimal amount of packages and patched the system, you added the appropriate web server packages
(SUNWapch2r and SUNWapch2u). By default, the web server daemon will be started using UID
webservd and the basic privilege set. To comply with the company's policy of least privilege, you need to
minimize the privileges that the web server will have. What will you modify to specify the privileges that
the web service will run with?
A. the PRIV_DEFAULT setting in /etc/security/policy.conf
B. the defaultpriv setting of webserverd in /etc/user_attr
C. the privileges property of the web service in the SMF repository
D. the privs property of the web service in /etc/security/exec_attr
Answer: C

certification Oracle   1Z0-881 examen   1Z0-881 examen   certification 1Z0-881   1Z0-881   certification 1Z0-881

NO.19 A security administator has a requirement to make an encrypted backup copy of an application and its
data, using the AES algorithm, so that it can be safely transmitted to a partner. Which two command
sequences can be used to generate an encrypted backup of the files under /app1? (Choose two.)
A. crypt < /app1/* > app1.backup.aes
B. encrypt -a aes -d /app1 -o app1.backup.aes
C. tar cf - /app1 | gzip -d -e aes > app1.backup.aes
D. ufsdump 0f - /app1 |\ crypt -a aes > app1.backup.aes
E. ufsdump 0f - /app1 |\ encrypt -a aes -o app1.backup.aes
F. tar cf - /app1 |\ openssl enc -out app1.backup.aes -aes-128-cbc
Answer: E,F

Oracle   1Z0-881 examen   1Z0-881   certification 1Z0-881   1Z0-881

NO.20 The Key Distribution Center (KDC) is a central part of the Kerberos authentication system. How should
the system running the KDC be configured?
A. It should be a hardened, minimized system.
B. It should be a hardened, non-networked system.
C. The KDC implementation employs cryptography and can therefore run securely on an ordinary
multi-user system.
D. For improved security, users must log in to the KDC before authenticating themselves, so it must be a
multiuser system.
Answer: A

Oracle   1Z0-881   1Z0-881   certification 1Z0-881

NO.21 A security administrator has a requirement to help configure and deploy a new server. What are two
security tasks that the security administrator should perform? (Choose two.)
A. Configure the server to use LDAP for authentication.
B. Configure network interfaces and routing information.
C. Install a DTrace probe to capture the use of privileges.
D. Disable any network services that are NOT being used.
E. Apply software patches to correct security vulnerabilities.
Answer: D,E

Oracle examen   1Z0-881 examen   certification 1Z0-881   1Z0-881   1Z0-881 examen

NO.22 Your company is running a DNS test server on the internal network. Access to this server must be
blocked by using IP Filter. The administrator prefers that this access control is not obvious to someone
trying to contact the server from the outside. Which rule implements the access control but hides the use
of IP Filter to the outside?
A. pass in quick on eri0 from 192.168.0.0/24 to any
B. block in quick proto udp from any to any port = 53
C. pass out quick on eri0 proto icmp from 192.168.1.2 to any keep state
D. block return-icmp(port-unr) in proto udp from any to 192.168.1.2 port = 53
Answer: D

certification Oracle   1Z0-881 examen   1Z0-881 examen   certification 1Z0-881

NO.23 A security administrator is required to validate the integrity of a set of operating system files on a
number of Solaris systems. The administrator decides to use the Solaris Fingerprint Database to validate
configuration and data files as well as binaries and libraries. What command, available by default in
Solaris 10, will help the security administrator collect the necessary information that will be used with the
Solaris Fingerprint Database?
A. md5sum
B. digest
C. encrypt
D. elfsign
E. cryptoadm
Answer: B

certification Oracle   1Z0-881   1Z0-881 examen

NO.24 Which two commands are part of Sun Update Connection? (Choose two.)
A. /usr/bin/pkgadm
B. /usr/bin/keytool
C. /usr/sbin/smpatch
D. /usr/sbin/patchadd
E. /usr/bin/updatemanager
Answer: C,E

certification Oracle   1Z0-881   1Z0-881 examen   1Z0-881   certification 1Z0-881   1Z0-881 examen

NO.25 You decided it was worth maintaining an extremely paranoid policy when configuring your firewall
rules. Therefore, you had your management approve the implementation of a security policy
stance to deny all inbound connection requests to your corporate network. How is it possible that
you still suffer from remote exploits that your adversaries are using to obtain interactive sessions
inside your firewall?
A. TCP splicing is easy to do.
B. Internal software may be vulnerable.
C. UDP vulnerabilities are well-known and exploited.
D. ICMP hijacking attacks can still succeed through any firewall.
Answer: B

Oracle   certification 1Z0-881   certification 1Z0-881

NO.26 A security administrator is required to periodically validate binaries against the Solaris Fingerprint
Database. While attempting to capture MD5 file signatures for key Solaris OS files, the security
administrator encounters the following error: digest: no cryptographic provider was found for this
algorithm -- md5 What command should the administrator use to help determine the cause of the
problem?
A. crypt
B. digest
C. kcfadm
D. openssl
E. cryptoadm
Answer: E

Oracle   certification 1Z0-881   certification 1Z0-881   1Z0-881   1Z0-881

NO.27 Due to changes to the security policy of your organization, access restriction must be applied to
systems. The changes specify that access to systems through the ftp protocol is NOT allowed according
to the Human Resources department, which has the 10.10.10.0/24 address space assigned. TCP
wrappers have been enabled for the ftp daemon, and these files have been configured: # cat
/etc/hosts.allow in.ftpd: ALL # cat /etc/hosts.deny in.ftpd: 10.10.10.0/24 Despite the implemented
configuration, Human Resources is still able to access systems through the ftp protocol. What action must
be taken?
A. The ftp daemon must be restarted.
B. The inetd daemon must be restarted.
C. The entry in the hosts.deny file is wrong and must be changed.
D. The entry in the hosts.allow file is wrong and must be changed.
Answer: D

Oracle   1Z0-881 examen   1Z0-881

NO.28 Which two tasks does the Key Distribution Center (KDC) perform? (Choose two.)
A. issues service tickets
B. authenticates services
C. issues ticket-granting-tickets
D. validates passwords sent in clear text
E. provides private sessions to services
Answer: A,C

Oracle   1Z0-881 examen   1Z0-881   1Z0-881 examen

NO.29 You have been asked to grant the user ennovy, a member of the staff group, read and write access to
the file /app/notes which has the following properties: ls -l /app/notes -rw-rw---- 1 root app 0 Jun 6 15:11
/app/notes Which options will NOT grant the user the ability to read and write the file?
A. usermod -G app ennovy
B. setfacl -m user:ennovy:rw- /app/notes
C. setfacl -m group:staff:rw- /app/notes
D. usermod -K defaultpriv=basic,file_dac_read,file_dac_write ennovy
Answer: D

Oracle   1Z0-881   1Z0-881   certification 1Z0-881

NO.30 Solaris Auditing supports the selective logging of which two kinds of events? (Choose two.)
A. file access by selected users
B. access to selected files by all users
C. selected users making outbound network connections
D. password changes which do not meet the system password policy
Answer: A,C

Oracle examen   certification 1Z0-881   certification 1Z0-881   1Z0-881   certification 1Z0-881

Pass4Test provide non seulement le produit de qualité, mais aussi le bon service. Si malheureusement vous ne pouvez pas réussir le test, votre argent sera tout rendu. Le service de la mise à jour gratuite est aussi pour vous bien que vous passiez le test Certification.