Study Guides and Actual Real Exam Questions For Oracle OCP, MCSE, MCSA, CCNA, CompTIA


Submit Braindumps


Tell A Friend

    Contact Us



Latest Brain Dumps

 BrainDump List

 Certifications Dumps




  Certs Notes
  How-Tos & Practices 
  Free Online Demos
  Free Online Quizzes
  Free Study Guides
  Free Online Sims
  Material Submission
  Test Vouchers
  Users Submissions
  Site Links
  Submit Site

















Online Training Demos and Learning Tutorials for Windows XP, 2000, 2003.





Braindumps for "50-654" Exam

Novell Certified Linux Pro

 Find good resource of Practice questions for Novell Certified Linix Professional. 


Braindumps: Dumps for 310-303 Exam Brain Dump

Study Guides and Actual Real Exam Questions For Oracle OCP, MCSE, MCSA, CCNA, CompTIA


Submit Braindumps


Tell A Friend

    Contact Us

Braindumps for "310-303" Exam

Sun Certified Security Administrator for the Solaris 10

 Question 1.
After using the Solaris Security Toolkit on a system, some of your users have complained that they are no longer able to connect to the system through telnet. 

Which option will allow users to connect to the system without impacting security?

A. Re-enable the telnet service.
B. Re-enable the telnet service, but force users to use Kerberos passwords.
C. Re-enable the telnet service, but force users to use IP Filter.
D. Leave telnet disabled and suggest that users use SSH instead.

Answer: D

Question 2.
An application file system stores unchanging data only. 

How should this file system be mounted defensively in /etc/vfstab?

A. /dev/dsk/c0t3d0s6 /dev/rdsk/c0t3d0s6 /data ufs 2 yes nodevices,noexec,ro
B. /dev/dsk/c0t3d0s6 /dev/rdsk/c0t3d0s6 /data ufs 2 yes ro,nosuid,anon=0
C. /dev/dsk/c0t3d0s6 /dev/rdsk/c0t3d0s6 /data ufs 2 yes noexec,nosuid,nodevices
D. /dev/dsk/c0t3d0s6 /dev/rdsk/c0t3d0s6 /data ufs 2 yes nosuid,noxattr,noexec

Answer: A

Question 3.
To harden a newly installed Solaris OS, an administrator needs to disable the sendmail service. 

Which command will disable the sendmail service, even if the system is rebooted, patched, or upgraded, while still allowing email to be sent?

A. rm /etc/rc2.d/S88sendmail
B. svcadm disable -t svc:/network/smtp:sendmail
C. svcadm disable svc:/network/smtp:sendmail
D. pkgrm SUNWsndmr SUNWsndmu

Answer: C

Question 4.
The Solaris 10 cryptographic framework provides a set of end user commands. One of these new commands allows the encryption and decryption of a file. 
In encryption, a file named clear_file with this utility gives this error:
# encrypt -a 3des -k 3_des.key -i clear_file -o encrypt_file encrypt: failed to generate a key: CKR_ATTRIBUTE_VALUE_INVALID

What is the cause?

A. The 3des algorithm can NOT be used to encrypt a file.
B. The file clear_file is too big to be encrypted.
C. The encryption key can NOT be stored in a file.
D. The key length in 3_des.key is wrong.

Answer: D

Question 5.
A small newspaper company has problems, because one of their servers was modified by someone. Before this incident, they didn't bother about security. After a new installation, they now want to restrict access to the system. 

Which two options will enhance their access control? (Choose two.)

A. Enable auditing for login and logout activities.
B. Use Role Based Access Control (RBAC) for administrative tasks.
C. Create a wheel group and list the admin accounts in this group to limit the su command to only 
    those people.
D. Disable services without authentication.

Answer: B, D 

Question 6.
A system administrator wants to remove most of the basic privileges for ordinary users and adds the following line to the appropriate configuration file to achieve this:
It would be shorter to list the two remaining privileges specified in Solaris 10. 

Should the administrator have written this instead? PRIV_DEFAULT=proc_exec,proc_fork

A. Yes, both forms will always be equivalent.
B. No, the basic set might change in future releases.
C. No, both forms are wrong. You cannot remove basic privileges.
D. Yes, the shorter form is preferred.

Answer: B

Question 7.
The digital signature of a patch provides an integrity check of the patch. 

Which is a requirement for signed patches?

A. The system administrator needs to sign the patch.
B. All patches need to be signed by Sun Microsystems.
C. Signed patches need to be downloaded through SSL.
D. Vendors can sign patches only with approval from Sun Microsystems.
E. The system administrator can specify which Certification Authorities are trusted for signed 

Answer: E

Question 8.
Which two steps have to be performed to configure systems so that they are more resilient to attack? (Choose two.)

A. Perform system auditing.
B. Perform system minimization.
C. Perform a full system backup.
D. Perform system replication.
E. Perform system hardening.

Answer: B, E

Question 9. you work for is leasing zones to customers to run their applications in. You want each customer to be able to run the zoneadm command to start their zone in case of accidental shutdown, and also zlogin so they can access the console of their zone. 

Which are three reasons why you should NOT create accounts for them in the global zone and grant them the Zone Management profile? (Choose three.)

A. They will be able to reboot the global zone.
B. They will be able to see processes in other customers' zones.
C. They will be able to reboot other customers' zones.
D. They will be able to disable auditing in other customers' zones.
E. They will be able to log in to other customers' zones.

Answer: B, C, E

Question 10.
The Key Distribution Center (KDC) is a central part of the Kerberos authentication system. 

How should the system running the KDC be configured?

A. The KDC implementation employs cryptography and can therefore run securely on an ordinary 
    multi-user system.
B. For improved security, users must log in to the KDC before authenticating themselves, so it 
    must be a multi-user system.
C. It should be a hardened, non-networked system.
D. It should be a hardened, minimized system.

Answer: D

Question 11.
You maintain a minimized and hardened web server. The exhibit shows the current credentials that the web server runs with. You receive a complaint about the fact that a newly installed web-based application does not function. This application is based on a /bin/ksh cgi-bin script.

What setting prevents this cgi-bin program from working?

A. Some of the libraries needed by /bin/ksh are NOT present in the webserver's chroot 
B. The system might NOT have /bin/ksh installed.
C. The server should run with uid=0 to run cgi-bin scripts.
D. The server is NOT allowed to call the exec system call.

Answer: D


Study Guides and Real Exam Questions For Oracle OCP, MCSE, MCSA, CCNA, CompTIA

              Privacy Policy                   Disclaimer                    Feedback                    Term & Conditions

Copyright 2004 Inc. All rights reserved.