1z0-821 Oracle Solaris 11 System Administration - Practice Questions

Question 1

Select two correct statements about the authentication services available in Oracle Solaris 11.

Select all that apply, then click Submit answer.

○
Pluggable Authentication Modules (PAM) is used to control the operation of services such console logins and ftp.
○
The Secure Shell can be configured to allow logins across a network to remote servers without transmitting passwords across the network.
○
Secure Remote Procedure Calls (Secure RPC) provides a mechanism to encrypt data on any IP Socket connection.
○
Pluggable Authentication Modules (PAM) is used to implement the Secure Shell in Oracle Solaris 11.
○
Simple Authentication and Security Layer (SASL) provides a mechanism to authenticate and encrypt access to local file system data.

Reference / correct answer:

Pluggable Authentication Modules (PAM) is used to control the operation of services such console logins and ftp.

Simple Authentication and Security Layer (SASL) provides a mechanism to authenticate and encrypt access to local file system data.

A: Pluggable Authentication Modules (PAM) are an integral part of the authentication mechanism for the Solaris. PAM provides system administrators with the ability and flexibility to choose any authentication service available on a system to perform end-user authentication.

By using PAM, applications can perform authentication regardless of what authentication method is defined by the system administrator for the given client.

PAM enables system administrators to deploy the appropriate authentication mechanism for each service throughout the network. System administrators can also select one or multiple authentication technologies without modifying applications or utilities. PAM insulates application developers from evolutionary improvements to authentication technologies, while at the same time allowing deployed applications to use those improvements.

PAM employs run-time pluggable modules to provide authentication for system entry services.

E: The Simple Authentication and Security Layer (SASL) is a method for adding authentication support to connection-based protocols.

Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support proxy authorization, a facility allowing one user to assume the identity of another. They can also provide a data security layer offering data integrity and data confidentiality services. DIGEST-MD5 provides an example of mechanisms which can provide a data-security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL.

Question 2

United States of America export laws include restrictions on cryptography.

Identify the two methods with which these restrictions are accommodated in the Oracle Solaris 11 Cryptographic Framework.

Select all that apply, then click Submit answer.

○
Corporations must utilize signed X.509 v3 certificates.
○
A third-party provider object must be signed with a certificate issued by Oracle.
○
Loadable kernel software modules must register using the Cryptographic Framework SPI.
○
Third-party providers must utilize X.509 v3 certificates signed by trusted Root Certification Authorities.
○
Systems destined for embargoed countries utilize loadable kernel software modules that restrict encryption to 64 bit keys.

Question 3

Which two are true about accounts, groups, and roles in the Solaris user database?

Select all that apply, then click Submit answer.

○
All Solaris user accounts must have a unique UID number.
○
A Solaris account name may be any alphanumeric string, and can have a maximum length of 8 characters.
○
Account UID numbers 0-09 are system-reserved.
○
The GID for an account determines the default group ownership of new files created by that account.
○
The groups that an account is a member of are determined by the entries in the /etc/group file.

1z0-821 – Oracle Solaris 11 System Administration