Identify the two security features incorporated in the Oracle Solaris 11 Cryptographic Framework.
Correct Answer:DE
The framework enables providers of cryptographic services to have their services used by many consumers in the Oracle Solaris operating system. Another name for providers is plugins. The framework allows three types of plugins:
* User-level plugins - Shared objects that provide services by using PKCS #11 libraries, such as pkcs11_softtoken.so.1.
* Kernel-level plugins - Kernel modules that provide implementations of cryptographic algorithms in software, such as AES.
Many of the algorithms in the framework are optimized for x86 with the SSE2 instruction set and for SPARC hardware.
* Hardware plugins - Device drivers and their associated hardware accelerators. The Niagara chips, the ncp and n2cp device drivers, are one example. A hardware accelerator offloads expensive cryptographic functions from the operating system. The Sun Crypto Accelerator 6000 board is one example.
zone1 is a non-global zone that has been configured and installed.
zone1 was taken down for maintenance, and the following command was run: zoneadm -z zone1 mark incomplete
The following information is displayed when listing the zones on your system:
Which task needs to be performed before you can boot zone1?
Correct Answer:C
If administrative changes on the system have rendered a zone unusable or inconsistent, it is possible to change the state of an installed zone to incomplete.
Marking a zone incomplete is irreversible. The only action that can be taken on a zone marked incomplete is to uninstall the zone and return it to the configured state.
When upgrading an existing system from Solaris 11 Express to Oracle Solaris 11, what happens to the datalink names?
Correct Answer:A
Network configuration in Oracle Solaris 11 includes
* Generic datalink name assignment – Generic names are automatically assigned to datalinks using the net0, net1, netN naming convention, depending on the total number of network devices that are on the system
Note: There is no upgrade path from Oracle Solaris 10 to Oracle Solaris 11. You must perform a fresh installation.
A change in your company’s security policy now requires an audit trial of all administrators assuming the sysadm role, capturing:
There are two command necessary to accomplish this change. One is a rolemod command. What is the other?
Correct Answer:B
Audit Significant Events in Addition to Login/Logout (see step 2 below)
Use this procedure to audit administrative commands, attempts to invade the system, and other significant events as specified by your site security policy.
For all users and roles, add the AUE_PFEXEC audit event to their preselection mask.
# usermod -K audit_flags=lo, ps:no username
# rolemod -K audit_flags=lo, ps:no rolename
# auditconfig -setpolicy +argv
3- Record the environment in which audited commands are executed.
# auditconfig -setpolicy +arge
Note: [-t] -setpolicy [+|-]policy_flag[, policy_flag ...]
Set the kernel audit policy. A policy policy_flag is literal strings that denotes an audit policy. A prefix of + adds the policies specified to the current audit policies. A prefix of - removes the policies specified from the current audit policies. No policies can be set from a local zone unless the perzone policy is first set from the global zone.