IT Certification Guaranteed, The Easy Way! Exam : 1z0-821 Title : Oracle Solaris 11 System Administrator Vendor : Oracle Version : V14.35 1 IT Certification Guaranteed, The Easy Way! NO.1 You need to make sure that all of the software packages on your server are up to date. Without installing any updates, which two commands would display .my software updates that are available in the default Oracle repository? A. pkg list -u B. pkg verify -u '*' C. pkg search -u D. pkg info -r '*' E. pkg install -nv F. pkg update -nv '*' Answer: A,D Explanation: A: the pgk list command display a list of packages in the current image, including state and other information. By default, package variants for a different architecture or zone type are excluded. D: pkginfo displays information about software packages that are installed on the system (with the first synopsis, with -l) or that reside on a particular device or directory (with the second synopsis, with -r). Without options, pkginfo lists the primary category, package instance, and the names of all completely installed and partially installed packages. It displays one line for each package selected. With -r, retrieve the data from the repositories of the image's configured publishers. Note that you must specify one or more package patterns in this case. NO.2 You are troubleshooting the failure of a computer to mount an NFS file system hosted by a server (hostname mars) in the local area network. Select the three commands that will enable you to identify the problem. A. ping - s mars B. cat /etc/vfstab C. cat /etc/dfs/dfstab D. sharemgr show -v E. showmount -e mars F. rpcinfo -s mars | egrep 'nfs|mountd' Answer: B,E,F Explanation: B: The mount point Error. The following message appears during the boot process or in response toan explicit mount request and indicates a non-existent mount point. Mount: mount-point /DS9 does not exist. To solve the mount point error condition, check that the mount point exists on the client. Check the spelling of the mount point on the command line or in the /etc/vfstab file (B) on the client, or comment outthe entry and reboot the system. Note: The /etc/vfstab file lists all the file systems to be automatically mounted at system boot time, with the exception of the /etc/mnttab and /var/run file systems. E: showmount This command displays all clients that have remotely mounted file systems that are shared from an NFS server, or only the file systems that are mounted by clients, or the shared file systems with the client access information. The command syntax is: 2 IT Certification Guaranteed, The Easy Way! showmount [ -ade ] [ hostname ] where -a prints a list of all the remote mounts (each entry includes the client name and the directory), -d prints a list of the directories that are remotely mounted by clients, -e prints a list of the files shared (or exported), and hostname selects the NFS server to gather the information from. If hostname is not specified the local host is queried. F: * mountd Daemon This daemon handles file-system mount requests from remote systems and provides access control. The mountd daemon checks /etc/dfs/sharetab to determine which file systems are available for remote mounting and which systems are allowed to do the remote mounting. * Commands for Troubleshooting NFS Problems These commands can be useful when troubleshooting NFS problems. rpcinfo Command This command generates information about the RPC service that is running on a system. NO.3 Review the storage pool information: Choose the correct procedure to repair this storage pool. A. Shut the system down, replace disk c3t3d0, and boot the system. When the system is booted, execute the zpool clear pool1 command. B. Shut the system down, replace disk c3t3d0, and boot the system. When the system is booted execute the zpool online pool1 command. C. Shut the system down, replace disk c3t3d0, and boot the system. When the system is booted, execute the zpool replace pool1 c3t3d0 command. D. Shut the system down, replace disk c3t3d0, and boot the system. When the system is booted, execute the zpool replace pool1 c3t3d0 c3t3d0 command. Answer: C Explanation: You might need to replace a disk in the root pool for the following reasons: The root pool is too small and you want to replace it with a larger disk The root pool disk is failing. In a non-redundant pool, if the disk is failing so that the system won't boot, you'll need to boot from an alternate media, such as a CD or the network, before you replace the root pool disk. In a mirrored root pool configuration, you might be able to attempt a disk replacement without having to boot from alternate media. You can replace a failed disk by using the zpool replace command. Some hardware requires that you offline and unconfigure a disk before attempting the zpool replace operation to replace a failed disk. For example: 3 IT Certification Guaranteed, The Easy Way! # zpool offline rpool c1t0d0s0 # cfgadm -c unconfigure c1::dsk/c1t0d0 < Physically remove failed disk c1t0d0> < Physically insert replacement disk c1t0d0> # cfgadm -c configure c1::dsk/c1t0d0 # zpool replace rpool c1t0d0s0 # zpool online rpool c1t0d0s0 # zpool status rpool < Let disk resilver before installing the boot blocks> SPARC# installboot -F zfs /usr/platform/`uname -i`/lib/fs/zfs/bootblk /dev/rdsk/c1t0d0s0 x86# installgrub /boot/grub/stage1 /boot/grub/stage2 /dev/rdsk/c1t9d0s0 NO.4 View the exhibit. The configuration information in the exhibit is displayed on your system immediately after installing the OS. Choose the option that describes the selection made during the Installation of the OS to obtain this configuration. A. The automatic network configuration option was chosen during the installation of the OS. B. The manual network configuration option was chosen during the installation of the OS. C. The network was not configured during the installation of the OS. D. The DHCP network configuration option was chosen during the Installation of the OS. Answer: A Explanation: There are two ways to configure the network configuration: automatic or manual. In the exhibit we see that DHCP has been used used. This indicates an automatic network configuration. NO.5 You are installing the Solaris 11 Operation System by using the Text Installer. A panel prompts you to create a root password and a user account. Which four describe your options for completing this panel of the Installation? A. Creating a user account is optional. B. The root password must be set and cannot be blank. C. The root password can be left blank. D. If you provide a username, that user is assigned the root role. E. If you provide a username, that user is given root privileges. F. If you provide a username, root is an account rather than a role and is set to expire immediately. G. If you do not provide a username, root is an account rather than a role and is set to expire immediately. 4 IT Certification Guaranteed, The Easy Way! Answer: A,B,D,G Explanation: A: You are not required to create a user account. B: You must create a root password. D: If you create a user account in this panel, you need to provide both the user's password and a root password. In this case, root will be a role assigned to the user. G: If you do not create a user account, you still need to provide a root password. In this case, root will be a regular user. NO.6 Which two options accurately describe the network characteristics of a zone? A. DHCP address assignment cannot be configured in a shared IP zone. B. Shared IP is the default type of network configuration. C. Exclusive IP is the default type of network configuration. D. By default, all IP addresses, netmasks, and routes are set by the global zone and cannot be altered in a non global zone. E. IPMP cannot be managed within the non-global zone. F. Commands such as snoop and dladm cannot be used on datalinks that are in use by a running zone. Answer: A,B Explanation: A: Non-global zones can not utilize DHCP (neither client nor server). B (not C): By default, non-global zones will be configured with a shared IP functionality. What this means is that IP layer configuration and state is shared between the zone you're creating and the global zone. This usually implies both zones being on the same IP subnet for each given NIC. Note: A zone is a virtual operating system abstraction that provides a protected environment in which applications run. The applications are protected from each other to provide software fault isolation. To ease the labor of managing multiple applications and their environments, they co-exist within one operating system instance, and are usually managed as one entity. The original operating environment, before any zones are created, is also called the "global zone" to distinguish it from non-global zones, The global zone is the operating system instance. Incorrect answer: E: Exclusive-IP zones can use IPMP. IPMP is configured the same way in an exclusive-IP zone as it is on a system not using zones. For shared-IP zones, IPMP can be configured in the global zone. F: Full IP-level functionality is available in an exclusive-IP zone. An exclusive-IP zone has its own IP-related state. An exclusive-IP zone is assigned its own set of data-links using the zonecfg command. The zone is given a data-link name such as xge0, e1000g1, or bge32001, using the physical property of the net resource. The address property of the net resource is not set. Note that the assigned data-link enables the snoop command to be used. The dladm command can be used with the show-linkprop subcommand to show the assignment of data-links to running exclusive-IP zones. NO.7 A datalink can best be described as______. 5 IT Certification Guaranteed, The Easy Way! A. a driver for a Network Interface Card B. the software connecting the Internet Layer and the Physical Layer C. a device that provides Classless Inter-Domain Routing D. a logical object used for IP Multipathing Answer: D Explanation: The command dladm is used to configure data-link interfaces in Sun Solaris. A configured data-link is represented in the system as interface that can be used for TCP/IP. Each data- link relies on either a single network device or an link aggregation device to send & recieve packets. Network interfaces provide the connection between the system and the network. These interfaces are configured over data links, which in turn correspond to instances of hardware devices in the system. In the current model of the network stack, interfaces and links on the software layer build on the devices in the hardware layer. More specifically, a hardware device instance in the hardware layer has a corresponding link on the data-link layer and a configured interface on the interface layer. This one-to-one relationship among the network device, its data link, and the IP interface is illustrated in the figure that follows. Network Stack Showing Network Devices, Links, and Interfaces: NO.8 Review the non-global zone configuration displayed below: 6 IT Certification Guaranteed, The Easy Way! The global zone has 1024 MB of physical memory. You need to limit the non-global zone so that it uses no more than 500 MB of the global zone's physical memory. Which option would you choose? 7 IT Certification Guaranteed, The Easy Way! A. Option A B. Option B C. Option C D. Option D E. Option E Answer: C Explanation: Add a memory cap. zonecfg:my-zone> add capped-memory Set the memory cap. zonecfg:my-zone:capped-memory> set physical=50m End the memory cap specification. zonecfg:my-zone:capped-memory> end NO.9 You are asked to determine user jack's default login directory. Which command would provide you with useful information? A. cat /etc/passwd | grep jack B. cat /etc/group | grep jack C. cat /etc/shadow | grep jack D. cat /etc/default/passwd | grep jack Answer: A Explanation: 8 IT Certification Guaranteed, The Easy Way! The /etc/passwd contains one entry per line for each user (or user account) of the system. All fields are separated by a colon (:) symbol. Total seven fields as follows. 1 . Username: It is used when user logs in. It should be between 1 and 32 characters in length. 2 . Password: An x character indicates that encrypted password is stored in /etc/shadow file. 3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups. 4. Group ID (GID): The primary group ID (stored in /etc/group file) 5. User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command. 6 . Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes / 7 . Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell. NO.10 You are having an issue with the shutdown command. You wish to determine if the file is a script or an executable program. Which command would you use to determine this? A. od shutdown B. file shutdown C. test shutdown D. cksum shutdown E. attrib shutdown Answer: B Explanation: The file command determines the file type file tests each argument in an attempt to classify it. There are three sets of tests, performed in this order: filesystem tests, magic tests, and language tests. The first test that succeeds causes the file type to be printed. NO.11 You are installing the Oracle Solaris 11 Operating System by using the Text Installer. Which two options describe the features associated with the Text Installer? A. It can be used to install only SPARC systems. B. It installs gnome as the default user environment on a system capable of displaying a graphical environment. C. You can choose whether root is a role or user account. D. You can do both automatic and manual configuration of the network. E. You can select how to configure the remaining network interfaces. Answer: C,D NO.12 To inspect network interface net3, you enter the following commands: What problem do you suspect? Assume the user is authorized and provided the correct password. A. The net3 interface hasn't been enabled yet. 9 IT Certification Guaranteed, The Easy Way! B. The net3 vnic hasn't been created. C. The net3/v4 ip object hasn't been configured. D. The net3 interface is not attached to a NIC or etherstub. Answer: C Explanation: The following command marks the address object net1/v4a up that was previously marked down. # ipadm up-addr net1/v4a NO.13 You need to set up an Oracle Solaris 11 host as an iSCSI target so that the host's disk can be accessed over a storage network. The disk device is c3t4d0. Which six options describe the steps that need to be taken on this host to enable an iSCSI target? A. Create a ZFS file system named iscsi/target. B. Create a zpool named iscsi with disk device c3t4d0 C. Create zfs volume named iscsi/target. D. Use the stmfadm command to create a LUN using /dev/zvol/rdsk/iscsi/target. E. Use the stmfadm command to create a LUN using iscsi/target. F. Use the stmfadm command to make the LUN viewable. G. Use the stmfadm command to make the volume viewable. H. Enable the svc:/network/iscsi/target:default Service. I. Use the itadm command to create the iSCSI target. Answer: B,C,D,F,H,I Explanation: How to Create an iSCSI LUN The following steps are completed on the system that is providing the storage device. Example: target# zpool create sanpool mirror c2t3d0 c2t4d0 (C)2. Create a ZFS volume to be used as a SCSI LUN. (D)3. Create a LUN for the ZFS volume. Example: target# stmfadm create-lu /dev/zvol/rdsk/sanpool/vol1 Logical unit created: 600144F0B5418B0000004DDAC7C10001 4. Confirm that the LUN has been created. Example target# stmfadm list-lu LU Name: 600144F0B5418B0000004DDAC7C10001 (F) 5. Add the LUN view. This command makes the LUN accessible to all systems. target# stmfadm add-view 600144F0B5418B0000004DDAC7C10001 How to Create the iSCSI Target This procedure assumes that you are logged in to the local system will contains the iSCSI target. Note: The stmfadm command manages SCSI LUNs. Rather than setting a special iSCSI property on the ZFS volume, create the volume and use stmfadm to create the LUN. (H) 1. Enable the iSCSI target service. target# svcadm enable -r svc:/network/iscsi/target:default (I) 2. Create the iSCSI target. target# itadm create-target 10 IT Certification Guaranteed, The Easy Way! NO.14 You are setting up a local IPS package repository on your Oracle Solaris11 server: solaris.example.com. You want to point the existing local IPS publisher to the new local IPS repository located in /repo. These are the stops that you have followed: 1. Download and rsync the contents of the Oracle Solaris11 repository ISO image to the /repo directory. 2. Configure the repository server service properties. The svcprop command display, the IPS related properties: pkg/inst_root astring/repo pkg/readonly Boolean true The 1s command displays the contents of the /repo directory: #ls/repo Pkg5.repository publisher The svcs publisher command shows the svc: /application/pkg/server: default service is online. The pkg publisher command shows the svc: /application/pkg/server: default service is online. The pkg publisher command still displays: PUBLISHERTYPESTATUSURI solarisoriginonlinehttp://pkg.oracle.com/solaris/release/ Which steps needs to be performed to set the local IPS publisher to the local IPS repository/repo? A. Issue the pkgrepo refresh -s command to refresh the repository. B. Restart the svc:/application/pkg/server:default service. C. pkg set-publisher command to set the new repository location. D. Issue the pkgrepo rebuild command to rebuild the repository. E. Issue the pkgrepo set command to set the new repository location. Answer: C Explanation: Set the Publisher Origin To the File Repository URI To enable client systems to get packages from your local file repository, you need to reset the origin for the solaris publisher. Execute the following command on each client: Example: # pkg set-publisher -G '*' -M '*' -g /net/host1/export/repoSolaris11/ solaris NO.15 View the Exhibit. 11 IT Certification Guaranteed, The Easy Way! The file came from your Automated Installer (AI) install server. The file is ____________. A. An AI SC profile for non-global zones B. The default AI conf ig file for non-global zones C. The default AI manifest for non-global zones 12 IT Certification Guaranteed, The Easy Way! D. A custom AI manifest Answer: D Explanation: ai_manifest - Automated installation manifest file format Synopsis /usr/share/install/ai.dtd.1 Some customizations have been made, such as the selection of specific locales. NO.16 Your server has a ZFS storage pool that is configured as follows: The server has two spare 146-GB disk drives: c3t5d0 c3t6d0 You need to add more space to the pool1 storage pool. Which command would add more mirrored storage to the pool1 storage pool? A. zpool add pool1 mirror c3t5d0 c3t6d0 B. zpool attach pool1 mirror c3t5d0 c3t6d0 C. zpool attach pool1 c3r3d0 c3r5d0; zpool attach pool1 c3r4d0 c3r6d0 D. zpool add pool1 c3r3d0 c3r5d0; zpool add pool1 c3r4d0 c3r6d0 Answer: A NO.17 You want to display network interface information. Which command should you use? A. ipadm show-if B. ipadm show-addr C. ipadm show-prop D. ipadm show-addrprop Answer: A NO.18 You are logged in to a Solaris 11 system as user jack. You issue the following sequence of commands: Identify two correct statements. A. You have the effective privilege of the account root. B. Your GID is 10. C. Your home directory is /root. D. You are running the shell specified for the account root. 13 IT Certification Guaranteed, The Easy Way! E. Your UID is 1. Answer: A,B Explanation: Oracle Solaris provides predefined rights profiles. These profiles, listed in the /etc/security/prof_attr, can be assigned by the root role to any account. The root role is assigned all privileges and all authorizations, so can perform all tasks, just as root can when root is a user. To perform administrative functions, you open a terminal and switch the user to root. In that terminal, you can then perform all administrative functions. $ su - root Password: Type root password # When you exit the shell, root capabilities are no longer in effect. NO.19 Which three Installation option allow for a "hands free" and "unattended'" Installation of the Solaris 11 environment? A. Jumpstart B. LiveCD C. A text Installation over the network D. An Automated Installation performed on an x86 client E. An Automated Installation using media from a local DVD or USB drive F. An Automated Installation using a networked repository Answer: D,E,F Explanation: Oracle Solaris 11 uses Automated Installer (AI) for unattended installations. Unattended installations are possible by placing the contents of the AI Image media (or ISO image contents from a download) on an AI server. NO.20 Which three statements accurately describe the Automated Installation (AI) client? A. If the AI client does not match any criteria to use a custom manifest or script, the default manifest is used. B. If the AI client does not match any criteria to use a custom manifest or script, the automated installation aborts. C. Any manifest or script in a service can be designated to be the default for that service. D. Only the default.xml file is used as the default AT client manifest. E. If a client system does not use any SC profile, then an interactive tool opens on that client at first boot after that client installation to complete the configuration of that client. F. If a client system does not use any SC profile, then the install server will use the default SC profile. Answer: A,C,E Explanation: Each client uses one and only one AI manifest to complete its installation. The AI manifest is selected for a client according to the following algorithm: * If no custom AI manifests are defined for this install service, the default AI manifest is used. The default AI manifest is not associated with any client criteria etc. Each client can use any number of system configuration profiles. If a client system does not use any 14 IT Certification Guaranteed, The Easy Way! configuration profile, then an interactive tool opens on that client at first boot after that client installation to complete the configuration of that client. NO.21 You want to display the IP address assignments of the network interfaces. Which command should you use? A. ipadm show-if B. ipadm show-addr C. ipadm show-prop D. ipadm show-addrprop Answer: B Explanation: 'ipadm show-addr' displays all the configured addresses on the system. Example: # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 lo0/v6 static ok ::1/128 NO.22 When speaking to an Oracle Support Engineer, you are asked to verify the version of the Solaris 11 build currently running on your system. Which command would display the Solaris 11 build version currently running on your system? A. pkg info all B. cat /etc/release C. cat /etc/update D. prtconf | grep -i update E. pkg info entire Answer: B Explanation: Which Solaris release you are running on your system can be determined using the following command: cat /etc/release This will tell you which release you are running and when it was released. The more recent your system, the more info is contained in this file. Example: # cat /etc/release Oracle Solaris 10 8/11 s10s_u10wos_17b SPARC Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights reserved. Assembled 23 August 2011 NO.23 You need to update an OS image on a client. The pkg publishers command displays the wrong publisher with the wrong update: PUBLISHERTYPESTATUSURI Solaris origin onlinehttp://pkg.oracle.com/solaris/release The update is available on the updated publisher: PUBLISHERTYPESTATUSURI 15 IT Certification Guaranteed, The Easy Way! Solaris originonlinehttp://sysA.example.com Select the option that describes the procedure used to update the OS image on the system from the updated publisher. A. Copy the repository from the ISO image onto the local client. Configure the repository on the client by using the svccfg - s command so that the Solaris publisher is connected to the new repository. Refresh the application/pkg/server service. Issue the pkgrepo refresh command to refresh the repository catalog B. Configure the publisher on the client using the svcfg - s command so that the Solaris publisher is connected to the repository at http://sysA.example.comRefresh the application/pkg/server service. Issue the pkgrepo refresh command to repository catalog C. Use the pkg set-publisher command to change the URL of the publisher Solaris to http://sysA.example.com. Issue the pkg update command to update the OS image. D. Add the new publisher http://sysA.example.com SolarisUse the pkg set-publisher command to set the publisher search order and place http://sysA.example.com of http://pkg.oracle.com/solaris/releaseIssue the pkg publisher command to view the publishers. Set the new publisher to sticky. Issue the pkg update command to update the OS image. Answer: C Explanation: You can use the pkg set-publisher command to change a publisher URI. Changing a Publisher Origin URI To change the origin URI for a publisher, add the new URI and remove the old URI. Use the -g option to add a new origin URI. Use the -G option to remove the old origin URI. # pkg set-publisher -g http://pkg.example.com/support \ -G http://pkg.example.com/release example.com Note: You can use either the install or update subcommand to update a package. The install subcommand installs the package if the package is not already installed in the image. If you want to be sure to update only packages that are already installed, and not install any new packages, then use the update subcommand. NO.24 Which statement is correct about shudown and init commands? A. shutdown broadcasts one or more periodic shutdown warning messages to all logged-in users whereas init issues none. B. The shutdown command performs a clean shutdown of all services whereas init does not. C. The shutdown command brings the system to the single-user milestone by default. The init command must be used to shut the system down to run level 0. D. The shutdown command accepts SMF milestones, init stages, or run levels as arguments whereas init accepts only init stages or run levels as arguments. Answer: A NO.25 View the Exhibit to see the information taken from the installation log file. Based on the information presented in the Exhibit, which two options describe the state of the system when the server is booted for the first time after the installation is complete? 16 IT Certification Guaranteed, The Easy Way! A. NWAM will be used to configure the network interface. B. The network/physical service is offline. C. You cannot log in from the console as root. You must first log in as a user and then su to root account. D. The root user can log in from the console login. E. You will be prompted to configure the network interface after the initial login. Answer: B,D NO.26 Solaris 11 includes a redesigned software packaging model: the Image Packaging system. Which three describe advantages of the Image Packaging System over the previous Solaris 10 SVR4 packaging model? A. Eliminates patching of the software package B. Makes the patching process more efficient with less downtime C. Eliminates OS version upgrade D. Allows for the installation of the OS without a local DVD or installation server E. Allows the use of a repository mirror to speed up package operation F. Allows users to publish their own software package in a software repository Answer: A,E,F NO.27 You are installing the Solaris 11 OE by using the Interactive Text Installer. You have selected the option to automatically configure the primary network controller. Which three items will automatically be configured as a result of this selection? A. The IP address. B. The name service. C. The time zone. D. A default user account. E. The terminal type. F. The root password. G. The host name. 17 IT Certification Guaranteed, The Easy Way! Answer: A,B,C Explanation: IP address and name service (such as a DNS server) are provided by the DHCP server. NO.28 The default publisher on your system is: You want to update the Oracle Solaris 11 environment on your system, but you are not able to connect this system to the Internet to access the default Oracle repository. A repository has been created on your local network and is named http://server1.example.com. Which command would you choose to connect your system to the local repository? A. pkg publisher to specify the new publisher B. pkg set-publisher to set the stickiness on the http://server1.example.com publisher and unset stickiness for http://pkg.oracle.com/solaris/release C. pkg add-publisher to add the new publisher D. pkg set-publisher to set the origin for the publisher Answer: D Explanation: Solaris 11 Express makes it pretty easy to set up a local copy of the repository. A common reason folks need access to a local repository is because their system is not connected to the Internet. Tthe pkg set-publisher command can be used to for example add a publisher or to enable or disable a publisher. Note: Example Adding a Publisher Use the -g option to specify the publisher origin URI. # pkg set-publisher -g http://pkg.example.com/release example.com Example Specifying the Preferred Publisher Use the -P option to specify a publisher as the preferred publisher. The specified publisher moves to the top of the search order. You can specify the -P option when you add a publisher or you can modify an existing publisher. # pkg set-publisher -P example.com Example Enabling or Disabling a Publisher Use the -d option to disable a publisher. The preferred publisher cannot be disabled. A disabled publisher is not used in package operations such as list and install. You can modify the properties of a disabled publishers. Use the -e option to enable a publisher. # pkg set-publisher -d example2.com NO.29 User jack logs in to host solar in and issues the following command: jack@solaris:-$ ls .ssh id_dsa id_dsa.pub id_rsa id_rsa.pub known_hosts authorized_keys Which two are true? A. The id_rsa file contains the private key for rhosts-based host authentication. B. The id_dsa.pub file contains the Digital Signature Algorithm public key for the user jack. C. The id_rsa.pub file contains the Rivest Shamir Adelman public key for the host solaris. 18 IT Certification Guaranteed, The Easy Way! D. The authorized_keys file contains the private keys of remote users authorized to access jack's account on solaris. E. The known_hosts file contains the verified public keys of remote hosts known to be trusted. Answer: A,E Explanation: A: You will see two files starting with id_rsa. id_rsa is the private key and id_rsa.pub is public key. E: The .ssh/known_hosts file In order to use public-key secure connection with other hosts (ssh, scp, sftp) there is a special directory, ~/.ssh/, where passphrases and public keys are stored. Normally you wouldn't need to know the gory details, but from time to time a host will change its public key and then you have difficulty using ssh or scp with that host, and have to edit a file named known_hosts. If you try to ssh to another computer, but get an error message that warns about a changed or incorrect public key, then it is probably just a case of that host changing its public key. (It is possible, though usually not the case, that malicious hacking is involved.) Unless you actually suspect hacker involvement, you can edit the file ~/.ssh/known_hosts using your usual text editor (vi, emacs, nedit, or pico) and delete any line with the name of that host. Then when you try to ssh that host again, it will be like the first time ever; ssh will ask you if you want to accept a new public key, you type the whole word yes, and everything will proceed normally from there. Here is what a typical ~/.ssh/known_hosts file might contain. Note that newton is represented on two different lines: newton 1024 35 153438062610297067329638677441205712613292203533062535600064224677647442 245028855505387934431717435134842994423656065076260604296084868001730665 553662299156116414854701274715680961503198280525759778667306417179500370 189017139564144825610347509023078143132936185076849630461827976942220442 313116255293297021841 ucsub 1024 37 132170811640421742212085598383135714069016332111955003414250071326834884 018721183646445780180633494496866895830879394309011412231102757022090299 732775466435482517698989962531081214859205054227533597152962802400251809 883548442498002326460312850336779152617243800769119880843882425555806081 435017335194477605333 simpson 1024 41 840896920592494584403453622735282634536002054701576247765078766974814128 393752943151071629834843909016027026612791643752972116459602750267266908 365259665072736159491719667576217171370458928680504368847255632477925660 234893185547218857655484574619075125368470792976275806263534208879722192 77539015703446529603 newton, 128.138.249.8 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA0d7Aoure0toNJ+YMYi61QP2ka8m5x5ZQlT7obP8C K3eropfqsMPPY6uiyIh9vpiFX2r1LHcbx139+vG6HOtVvuS8+IfMDtawm3WQvRuOopz3vVy 5GtMwtaOgehsXoT930Ryev1bH5myPtWKlipITsOd2sX9k3tvjrmme4KCGGss= NO.30 You are planning group names for a new system. You decide to use a numbering convention that includes the year and month the project began, to form the group number and name for work 19 IT Certification Guaranteed, The Easy Way! associated with that project. So, for example, a project targeted to begin in January, 2013 would have the number (name): 201301(Pr20l301) What are the two problems with your plan? A. Group names may not contain a numeric character B. Group names may be no longer than 7 characters. C. Group numbers should not be larger than 60000. D. Group names should be all lowercase. Answer: C,D Explanation: C: The Group ID (GID) field contains the group's numerical ID. GIDs can be assigned whole numbers between 100 and 60000. D: Group names contain only lowercase characters and numbers. NO.31 You have edited /etc/profile to include the lines: dennis_says=hello export dennie_says You have also edited /etc/skel/local.profile to include the line: dennis_says=world You now create a new user account brian, and specify use of the bash shell. When brian logs in and enters Echo $dennis_says What will he see, and why? A. world, because the local.profile entry will be executed last B. hello, because the global /etc/profile entry overrides the local.profile entry C. hello, because the local.profile entry is not automatically sourced on login D. hello, because the value specified in local.profile was not exported E. nothing, because the variable was not exported in local.profile Answer: A Explanation: The $HOME/.profile file is an initialization file that is executed after the /etc/profile when logging in to the Bourne or Korn shell. The file contains user preferences for variable settings. If the ENV variable is set to .kshrc, the .kshrc file executes every time a new shell begins execution. The $HOME/.profile is copied from the /etc/skel/local.profile file by the Administration Tool when creating a new account. Note: /etc/skel/local.profile Per-system configuration file for sh/ksh/ksh93/bash login sessions, installed for new users NO.32 You have installed the SMF notification framework to monitor services. Which command is used to set up the notifications for a particular service? A. svccfg B. svcadm C. setnotify D. smtp-notify 20 IT Certification Guaranteed, The Easy Way! Answer: A Explanation: How to Set Up Email Notification of SMF Transition Events This procedure causes the system to generate an email notification each time one of the services or a selected service has a change in state. You can choose to use either SMTP or SNMP. Normally, you would only select SNMP if you already have SNMP configured for some other reason. By default, SNMP traps are sent on maintenance transitions. If you use SNMP for monitoring, you can configure additional traps for other state transitions. 1 . Become an administrator or assume a role that includes the Service Management rights profile.' 2 . Set notification parameters. Example 1: The following command creates a notification that sends email when transactions go into the maintenance state. # /usr/sbin/svccfg setnotify -g maintenance mailto:sysadmins@example.com Example 2: The following command creates a notification that sends email when the switch service goes into the online state. # /usr/sbin/svccfg -s svc:/system/name-service/switch:default setnotify to-online \ mailto:sysadmins@example.com Note: The svccfg command manipulates data in the service configuration repository. svccfg can be invoked interactively, with an individual subcommand, or by specifying a command file that contains a series of subcommands. Changes made to an existing service in the repository typically do not take effect for that service until the next time the service instance is refreshed. NO.33 Review the ZFS dataset output that is displayed on your system: Which four correctly describe the output? A. /data/file4 has been added. B. The link /data/file3 has been added. C. /data/file3 has been renamed to /data/file13. D. /data/file4 has been modified and is now larger. E. /data/file1 has been deleted. F. /data/file1 has been modified and is now smaller. G. /data/file5 has been modified. H. /data/file3 (a link) has been removed. Answer: A,C,E,G Explanation: A: + Indicates the file/directory was added in the later dataset C: R Indicates the file/directory was renamed in the later dataset E: - Indicates the file/directory was removed in the later dataset G: M Indicates the file/directory was modified in the later dataset Note: Identifying ZFS Snapshot Differences (zfs diff) You can determine ZFS snapshot differences by using the zfs diff command. The following table summarizes the file or directory changes that are identified by the zfs diff 21 IT Certification Guaranteed, The Easy Way! command. File or Directory Change Identifier * File or directory is modified or file or directory link changed M * File or directory is present in the older snapshot but not in the newer snapshot * File or directory is present in the newer snapshot but not in the older snapshot + * File or directory is renamed R NO.34 You are attempting to troubleshoot an event that should have made an entry into the messages log. This event happened about two weeks ago. Which file should you look at first? A. /var/adm/messages B. /var/adm/messages.0 C. /var /adm/messagas.1 D. /var/adm/messages.2 E. /var/adm/messages.3 Answer: A Explanation: The /var/adm/messages is the file to which all the messages printed on the console are logged to by the Operating System. This helps to track back check the console messages to troubleshoot any issues on the system. Syslog daemon also writes to this /var/adm/messages file. The /var/adm/messages file monitored and managed by newsyslog and its configuration file is /usr/lib/newsyslog. This script runs as the roots cron job everyday, checks the /var/adm/messages file and copies/moves it to /var/adm/messages.0, 1, 2, 3, 4, 5, 6, 7. In other words, it does the Log Rotation for the /var/adm/messages. In an event the /var file system is running out of space, these files needs to checked and can be removed (not the actual /var/adm/messages itself) to free up space on the file system. However, care has to be taken, if you decide to empty the /var/adm/messages itself for any reason. This process is called Truncation. SOLARIS SYSTEM ADMIN TIPS, /var/adm/messages NO.35 You need to migrate a UFS file system named /production_ufs to a ZFS file system named /production_ufs. The /production_ufs file system cannot be taken down or be out of production during the migration, and the current /production_ufs file system must remain active until the /ptoduction_zfs file system is copied and ready. Which method allows you to meet both requirements? 1 . Copy live data from /production_ufs to /production_zfs while /production_ufs is in use. 2 . When the copy is complete, /production_zfs will contain an up-to date copy of /production_ufs A. Create a snapshot of the UFS file system. Create the new ZFS file system. Use cpio to copy data from the snapshot to the new ZFS file system. 22 IT Certification Guaranteed, The Easy Way! B. Create a new Boot Environment. Create the ZFS file system. Use lucreate -m to copy data from the Current UFS file system to the new ZFS file system. C. Mirror the existing UFS file system by using SVM.After both submissions are in sync, migrate one of the submissions to a ZFS file System by using Live Upgrade. D. Create the new ZFS file system by using zfs create import to import data from the existing UFS file system into the new ZFS file system E. Create the new zfs file system by using the zfs create -o shadow. Answer: E Explanation: Migrating Data With ZFS Shadow Migration ZFS shadow migration is a tool you can use to migrate data from an existing file system to a new file system. A shadow file system is created that pulls data from the original source as necessary. You can use the shadow migration feature to migrate file systems as follows: * A local or remote ZFS file system to a target ZFS file system * A local or remote UFS file system to a target ZFS file system Shadow migration is a process that pulls the data to be migrated: * Create an empty ZFS file system. * Set the shadow property on an empty ZFS file system, which is the target (or shadow) file system, to point to the file system to be migrated. For example: # zfs create -o shadow=nfs://system/export/home/ufsdata users/home/shadow2 * Data from file system to be migrated is copied over to the shadow file system. NO.36 Before booting testzone, a non-global zone, you want to connect to the zone's console so that you can watch the boot process. Choose the command used xo connect to testzone's console. A. zoneadm - C testzone B. zoneadm - console testzone C. zlogin - z testzone console D. zlogin - z testzone - C E. zlogin - C testzone F. zoneadm - z testzone - C Answer: E NO.37 Review the boot environment information displayed on your system: Which two options accurately describe the newBE boot environment? A. It cannot be destroyed. B. It cannot be activated. C. It cannot be renamed. D. You can create a snapshot of it. E. It is activated but unbootable. 23 IT Certification Guaranteed, The Easy Way! F. It has been deleted and will be removed at the next reboot. Answer: B,C Explanation: If the boot environment is unbootable, it is marked with an exclamation point (!) in the Active column in the beadm list output. The beadm command restricts actions on unbootable boot environments as follows: You cannot activate an unbootable boot environment. (B) You cannot destroy a boot environment that is both unbootable and marked as active on reboot. You cannot create a snapshot of an unbootable boot environment. You cannot use an unbootable boot environment or boot environment snapshot with the -e option of beadm create. You cannot rename an unbootable boot environment. (C) NO.38 Which two capabilities are provided by the OpenBoot PROM? A. a command to safely shut down the system B. hardware testing and initialization C. booting from a disk or network D. starting the GRUB loader Answer: B,C Explanation: OpenBoot firmware is executed immediately after you turn on your system. The primary tasks of OpenBoot firmware are to: * Test and initialize the system hardware (B) * Determine the hardware configuration *Boot the operating system from either a mass storage device or from a network (C) *Provide interactive debugging facilities for testing hardware and software NO.39 You are asked to troubleshoot networking issues on an unfamiliar system. Select the correct command to display what network devices are installed. A. ifconfig -a B. dladm show-dev C. dladm show-phys D. dladm show-ether E. netadm show-dev F. netadm show-ether Answer: C NO.40 Which two options describe how to override the default boot behavior of an Oracle Solaris 11 SPARC system to boot the system to the single-user milestone? A. from the ok prompt, issue this command: boot -m milestone=single-user B. From the ok prompt, issue this command: boot -m milestone/single-user C. From the ok prompt, issue this command: boot -milestone=single-user D. From the ok prompt. issue this command:boot -s E. From from the ok prompt, issue this command:boot -m milestone=s 24 IT Certification Guaranteed, The Easy Way! Answer: A,D Explanation: By default, Solaris will boot to the pseudo milestone "all" and start all services. This behaviour can be changed at boot time using either "-s" to reach single-user, or the new SMF option "-m milestone=XXX" (see kernel(1M) for a list of the bootable milestones) to select an explicit milestone. Note: boot -s is the same as: boot -m milestone=single-user with the difference being that the former is a lot less to type and is what most SysAdmins will be familiar with. NO.41 The su command by default makes an entry into the log file for every su command attempt. The following is a single line from the file: SU 12/18 23:20 + pts/1 user1-root What does the + sign represent? A. unsuccessful attempt B. successful attempt C. The attempt was from a pseudo terminal, and not the console. D. The attempt was from a user that is in the adm group, same as root. E. Time zone is not set. Answer: B Explanation: The sulog file, /var/adm/sulog, is a log containing all attempts (whether successful or not) of the su command. An entry is added to the sulog file every time the su command is executed. The fields in sulog are: date, time, successful (+) or unsuccessful (-), port, user executing the su command, and user being switched to. In the preceding example, all su attempts were successful, except for the attempt on 2/23 at 20:51, when user pete unsuccessfully attempted to su to user root. Look for entries where an unauthorized user has used the command inappropriately. The following entry shows a successful (indicated by +) su from user userid to root. SU 03/31 12:52 + pts/0 <userid>-root NO.42 You have been tasked with creating a dedicated virtual network between two local zones within a single system, in order to isolate the network traffic from other zones on that system. To accomplish this, you will create_____. A. an ether stub B. virtual router C. a virtual bridge D. a virtual network interface E. nothing, because a virtual switch is automatically created when the virtual network interfaces are created Answer: D Explanation: First create a virtual switch, then create a virtual network interface. NO.43 A change in your company's security policy now requires an audit trial of all administrators assuming the sysadm role, capturing: There are two command necessary to accomplish this change. One is a rolemod command. What is 25 IT Certification Guaranteed, The Easy Way! the other? A. auditconfig set policy=argv B. auditconfig -setpolicy +argv C. auditconfig -setflags lo, ex sysadm D. auditconfig set flags=lo, ex sysadm Answer: B Explanation: Audit Significant Events in Addition to Login/Logout (see step 2 below) Use this procedure to audit administrative commands, attempts to invade the system, and other significant events as specified by your site security policy. For all users and roles, add the AUE_PFEXEC audit event to their preselection mask. # usermod -K audit_flags=lo, ps:no username # rolemod -K audit_flags=lo, ps:no rolename # auditconfig -setpolicy +argv 3 - Record the environment in which audited commands are executed. # auditconfig -setpolicy +arge Note: [-t] -setpolicy [+|-]policy_flag[, policy_flag ...] Set the kernel audit policy. A policy policy_flag is literal strings that denotes an audit policy. A prefix of + adds the policies specified to the current audit policies. A prefix of - removes the policies specified from the current audit policies. No policies can be set from a local zone unless the perzone policy is first set from the global zone. NO.44 You have installed an update to the gzip package and need to "undo" .ho update and return the package to its "as-delivered" condition. Which command would you use? A. pkg undo B. pkg revert C. pkg fix D. pkg uninstall Answer: B Explanation: Use the pkg revert command to restore files to their as-delivered condition. NO.45 Which two options are characteristics of a fast reboot? A. A fast reboot bypasses grub. B. A fast reboot cannot be used after a system panic on the x86 platform. C. A fast reboot can only be executed on the SPARC platform when the config/fastreboot_default property for the svc:/system/boot-config:default service is set to true. D. A fast reboot uses an in-kernel boot loader to load the kernel into memory. E. A fast reboot is the default on all platforms. Answer: C,D Explanation: C: To change the default behavior of the Fast Reboot feature on the SPARC platform, so that a fast reboot is automatically performed when the system reboots, see below. The following example shows how to set the property's value to true on the SPARC platform, so that 26 IT Certification Guaranteed, The Easy Way! a fast reboot is initiated by default: # svccfg -s "system/boot-config:default" setprop config/fastreboot_default=true # svcadm refresh svc:/system/boot-config:default D: Fast Reboot implements an in-kernel boot loader that loads the kernel into memory and then switches to that kernel. The firmware and boot loader processes are bypassed, which enables the system to reboot within seconds. The Fast Reboot feature is managed by SMF and implemented through a boot configuration service, svc:/system/boot-config. The boot-config service provides a means for setting or changing the default boot configuration parameters. When the config/fastreboot_default property is set to true, the system performs a fast reboot automatically, without the need to use the reboot -f command. This property's value is set to true on the x86 platform. For task-related information, including how to change the default behavior of Fast Reboot on the SPARC platform, see Accelerating the Reboot Process on an x86 Based System. Note: One new feature, called Fast Reboot, will allow the system to boot up without doing the routine set of hardware checks, a move that can make system boot times up to two- and-a-half times faster, Oracle claimed. This feature can be handy in that an administrator applying a patch or software update across thousands of Solaris deployments can reboot them all the more quickly. NO.46 Which two SMF milestones can be specified at boot time? A. none B. network C. all D. config E. unconfig F. devices Answer: A,C Explanation: The milestones that can be specified at boot time are none single-user multi-user multi-user-server all NO.47 To confirm the IP address and netmask have been correctly configured on the network interfaces which command should you use? A. ipdilm show-if B. ipadm show-nic C. ipadm show-addr D. ipadm show-ifconfig E. ipadm show-addripadm show-mask Answer: C Explanation: Show address information, either for the given addrobj or all the address objects configured on the 27 IT Certification Guaranteed, The Easy Way! specified interface, including the address objects that are only in the persistent configuration. State can be: disabled, down, duplicate, inaccessible, ok, tentative Example: # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 lo0/v6 static ok ::1/128 NO.48 You are going to use the- Automated installer (AI) to install a non global zone named zone1. You have created a custom manifest for the non-global zone and named it zone1manifest Which command will you use to add this custom manifest to the s11-sparc install service and associate this custom manifest with the non-global zone? A. installadm create-profile -n s11-sparc -f /tmp/zone1manifest.xml - c B. installadm create-manifest -n s11-sparc -f /tmp/zone1manifest.xml -m C. installadm create-client -n s11-sparc -f /tmp/zone1manifest.xml -m zone1manifest -c zonename= "zone1" D. installadm create-service - n s11-sparc -f /tmp/zone1manifest.xml -m zone1manifest c zonename="zone1" Answer: B Explanation: installadm add-manifest Associates manifests with a specific install service, thus making the manifests available on the network, independently from creating a service. When publishing a non-default manifest, it is required to associate criteria either via criteria entered on the command line (-c) or via a criteria XML file (-C). NO.49 Which command would you use to determine which package group is installed on your system? A. pkg list group/system/\* B. pkg info C. uname -a D. cat /var/sadm/system/admin/CLUSTEP Answer: B Explanation: The pkg info command provides detailed information about a particular IPS package. Note: The pkginfo command does the same for any SVR4 packages you may have installed on the same system. pkg info example: $ pkg info p7zip Name: compress/p7zip Summary: The p7zip compression and archiving utility Description: P7zip is a unix port of the 7-Zip utility. It has support for numerous compression algorithms, including LZMA and LZMA2, as well as for various archive and compression file formats, including 7z, xz, bzip2, gzip, tar, zip (read-write) and cab, cpio, deb, lzh, rar, and rpm (read-only). Category: System/Core 28 IT Certification Guaranteed, The Easy Way! State: Installed Publisher: solaris Version: 9.20.1 Build Release: 5.11 Branch: 0.175.0.0.0.2.537 Packaging Date: Wed Oct 19 09:13:22 2011 Size: 6.73 MB FMRI: pkg://solaris/compress/p7zip@9.20.1, 5.11-0.175.0.0.0.2.537:20111019T091322Z NO.50 Which two are implemented using the Internet Control Message Protocol (ICMP)? A. ping B. DHCP C. HTTP D. telnet E. syslog F. traceroute Answer: A,F Explanation: The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications (with the exception of some diagnostic tools like ping and traceroute). NO.51 Select the five tasks that need to be performed on the Automated Installer (AI) install server before setting up the client. A. Create a local IPS repository on the AI Install server and start the repository server service, the publisher origin to the repository file. B. Set up a IP address on the AI install server. C. The DHCP server must be enabled on the install server and must provide the DHCP service for the clients. D. DHCP must be available on the network for the Install server and the clients, but the install server does not need to be the DHCP server. E. Download the AI boot image. The image must be the same version as the Oracle Solaris OS that you plan to install on the client. F. Download the text install image into the IPS repository. G. Install the AI installation tools. H. Create the AI install service. Specify the path to the AI network boot image ISO file and the path where the AI net image ISO file should be unpacked. I. Create the AI install service. Specify the path to the AI network boot image ISO file and the path to the IPS repository. Answer: B,D,F,G,I Explanation: B: Configure the AI install server to use a static IP address and default route. 29 IT Certification Guaranteed, The Easy Way! D: The create-service command can set up DHCP on the AI install server. If you want to set up a separate DHCP server or configure an existing DHCP server for use with AI. The DHCP server must be able to provide DNS information to the systems to be installed. E: An automated installation of a client over the network consists of the following high-level steps: 1. The client system boots over the network and gets its network configuration and the location of the install server from the DHCP server. 2. The install server provides a boot image to the client. 3. Characteristics of the client determine which installation instructions and which system configuration instructions are used to install the client. 4. The Oracle Solaris 11 OS is installed on the client, pulling packages from the package repository specified by the installation instructions in the AI install service. G: Install the AI tool set. Use the installadm create-service command to create an AI install service. Give the service a meaningful name, and specify the path where you want the service created. Specify the source of the network boot image (net image) package or ISO file. installadm create-service [-n svcname] [-s FMRI_or_ISO] [-d imagepath] -d imagepath The imagepath is the location of the new install service. The install-image/solaris-auto- install package is installed to this location, or the specified ISO file is expanded at this location. NO.52 Which best describes the svc:/system/boot-config service? A. It is used to change the milestone on a system. B. It is used to set the default run level of the system. C. It provides the parameters used to set the system to automatically perform a fast or slow reboot. D. When the service is enabled, the system performs a fast reboot by default; when it is disable the system performs a slow reboot by default. Answer: C Explanation: Starting with the Oracle Solaris 11 Express release, Fast Reboot is supported on the SPARC platform, as well as the x86 platform. On both platforms, this feature is controlled by the SMF and implemented through a boot configuration service, svc:/system/boot- config. The boot-config service provides a means for setting or changing the default boot configuration parameters. The fastreboot_default property of the boot-config service enables an automatic fast reboot of the system when either the reboot or the init 6 command is used. When the config/fastreboot_default property is set to true the system automatically performs a fast reboot, without the need to use the reboot -f command. By default, this property's value is set to false on the SPARC platform and to true on the x86 platform. NO.53 Subnets are created by using________. A. subnet B. netmask C. unicast D. broadcast Answer: B 30 IT Certification Guaranteed, The Easy Way! Explanation: The process of subnetting involves the separation of the network and subnet portion of an address from the host identifier. This is performed by a bitwise AND operation between the IP address and the (sub)network prefix. The result yields the network address or prefix, and the remainder is the host identifier. The routing prefix of an address is written in a form identical to that of the address itself. This is called the network mask, or netmask, of the address. For example, a specification of the mostsignificant 18 bits of an IPv4 address, 11111111.11111111.11000000.00000000, is written as 255.255.192.0. NO.54 The advantage of core tiles is that they allow you an opportunity to examine the cause of problems, so that they can be resolved. However, core files must be managed because they_____. A. take up large amounts of disk space B. make numerous entries into the /var/adm/wtmpx file C. steal resources from the processor, slowing down system performance D. fill up swap space; this will begin to slow the system due to swaps E. fill up swap space; this will begin to slow the system due to paging Answer: A Explanation: Part of the job of cleaning up heavily loaded file systems involves locating and removing files that have not been used recently. You can locate unused files by using the ls or find commands. Other ways to conserve disk space include emptying temporary directories such as the directories located in /var/tmp or /var/spool, and deleting core and crash dump files. Note: Core files are generated when a process or application terminates abnormally. Core files are managed with the coreadm command. For example, you can use the coreadm command to configure a system so that all process core files are placed in a single system directory. This means it is easier to track problems by examining the core files in a specific directory whenever a process or daemon terminates abnormally. NO.55 Your are troubleshooting network throughput on your server. To confirm that the load balancing among aggregated links is functioning properly, you want to examine the traffic statistics on the links comprising the aggregation. The correct command is ___________. A. dlstat - aggr B. dlstat show-aggr C. dlstat show-link -r D. dlstat show-link -aggr E. dlstat show-phys -aggr Answer: B Explanation: dlstat show-aggr [-r | -t] [-i interval] [-p] [ -o field[, ...]] [-u R|K|M|G|T|P] [link] Display per-port statistics for an aggregation. NO.56 When issuing the zonestat 2 1h is command, the following information is displayed: 31 IT Certification Guaranteed, The Easy Way! Which two options accurately describe the statistics contained in the output? A. dbzone is using 0.21% of the total CPU resource available in the zone's processor set. B. dbzone is using 0.21% of the global zone's total CPU. C. dbzone is using 5.48% of the total physical memory that has been allocated to the zone. D. dbzone is using 2.37% of the global zone's total virtual memory. E. The network is being utilized 100% with no physical bandwidth remaining. Answer: A,C Explanation: A: %PART The amount of cpu used as a percentage of the total cpu in a processor-set to which the zone is bound. A zone can only have processes bound to multiple processor sets if it is the global zone, or if psrset(1m) psets are used. If multiple binding are found for a zone, it's %PART is the fraction used of all bound psets. For [total] and [system], %PART is the percent used of all cpus on the system. Note: The zonestat utility reports on the cpu, memory, and resource control utilization of the currently running zones. Each zone's utilization is reported both as a percentage of system resources and the zone's configured limits. The zonestat utility prints a series of interval reports at the specified interval. It optionally also prints one or more summary reports at a specified interval. NO.57 View the Exhibit and review the file system information displayed from a remote server. 32 IT Certification Guaranteed, The Easy Way! You are configuring a new server. This new server has the following storage pool configured: This new server also has the following file systems configured: When you are finished building this new server, the pool1/data dataset must be an exact duplicate of note server. What is the correct procedure to create the pool1/data dataset on this new server? A. zfs create -o mountpoint=/data -o refquota=1g pool1/data B. zfs set mountpoint=none pool1zfs create pool1/data C. zfs set mountpoint=none pool1zfs create -o mountpoint=/data -o quota=1g pool1/data D. zfs create quota=1g pool1/data E. zfs create mountpoint=/data pool1/data F. zfs set quota=1g pool1/data Answer: A NO.58 Which two are user definable OpenBoot parameters that can be set in the OpenBoot PROM? A. IP address for the system console B. Host ID C. System date and time D. Default boot device E. Verbose hardware diagnostics F. Powering off the hardware Answer: D,E Explanation: The NVRAM chip stores user-definable system parameters, also referred to as NVRAM variables or EEPROM parameters. The parameters allow administrators to control variables such as the default boot device and boot command. The NVRAM also contains writeable areas for user-controlled diagnostics, macros, and device aliases. NVRAM is where the system identification information is stored, such as the host ID, Ethernet address, and time-of-day (TOD) clock. Examples of NVRAM variables: Variable Default Description boot-device disk or net The device from which to start up. diag-device net The diagnostic startup source device. diag-file Empty string Arguments passed to the startup program in diagnostic mode. diag-switch? false Whether to run in diagnostic mode NO.59 User1 is attempting to run the following command: 33 IT Certification Guaranteed, The Easy Way! cp bigfile verybig The system displays the following errer: cp: cannot create verybig: Disc quota exceeded Your initial troubleshooting shows that the df -h command indicates the account is at 100% capacity. What command would you use to determine how much disk space the user has available? A. zfs get quota rpool/export/home/user1 B. zfs userused@user1 C. zfs quota=1M /rpool/export/home/user1 D. df -h | grep user1 Answer: A Explanation: ZFS quotas can be set and displayed by using the zfs set and zfs get commands. In the following example, a quota of 10 Gbytes is set on tank/home/bonwick. # zfs set quota=10G tank/home/bonwick # zfs get quota tank/home/bonwick NAME PROPERTY VALUE SOURCE tank/home/bonwick quota 10.0G local NO.60 Oracle Solaris 11 kernel encounters a fatal error, and it results in a system panic. What type of file does this generate? A. a.out B. objdump C. core dump D. tape dump E. crash dump Answer: C Explanation: A kernel panic is a type of error that occurs when the core (kernel) of an operating system receives an instruction in an unexpected format or when it fails to handle properly. A kernel panic can also follow when the operating system can't recover from a different type of error. A kernel panic can be caused by damaged or incompatible software or, more rarely, damaged or incompatible hardware. When a server kernel panics it abruptly halts all normal system operations. Usually, a kernel process named panic() outputs an error message to the console and stores debugging information in nonvolitile memory to be written to a crash log file upon restarting the computer. Saving the memory contents of the core and associated debugging information is called a "core dump." NO.61 When upgrading an existing system from Solaris 11 Express to Oracle Solaris 11, what happens to the datalink names? A. They follow the default naming convention for the newly installed version. B. They maintain their names. C. They are called eth#. D. They are called el00g#. E. They are left unnamed, to avoid conflicts, and need to be renamed after the installation process is 34 IT Certification Guaranteed, The Easy Way! complete. Answer: A Explanation: Network configuration in Oracle Solaris 11 includes * Generic datalink name assignment - Generic names are automatically assigned to datalinks using the net0, net1, netN naming convention, depending on the total number of network devices that are on the system Note: There is no upgrade path from Oracle Solaris 10 to Oracle Solaris 11. You must perform a fresh installation. NO.62 You have a process called bigscript, and you need to know the PID number for this process. Which command will provide that information? A. pkill bigscript B. ps bigscript C. pgrep bigscript D. prstat bigscript Answer: C Explanation: Pgrep takes a process name and return a PID. Note: pgrep looks through the currently running processes and lists the process IDs which matches the selection criteria to stdout. All the criteria have to match. For example, pgrep - u root sshd will only list the processes called sshd AND owned by root. Incorrec answers: ps bigscript: You can't pass a name to ps, it interprets it as arguments. NO.63 You are going to create live zones on you server. Disk space is critical on this server so you need to reduce the amount of disk space required for these zones. Much of the data required for each of these zones is identical, so you want to eliminate the duplicate copies of data and store only data that is unique to each zone. Which two options provide a solution for eliminating the duplicate copies of data that is common between all of these zones? A. Create the zones by using sparse root zones. B. Set the dedup property to on and the dedupratio to at least 1.5 for the zpool.Create a separate ZFS file system for each zone in the zpool. C. Put all of the zones in the same ZFS file system and set the dedupratio property for the ZFS file system to at least 1.5. D. Put all of the zones in the same ZFS file system and set the dedup property for the file system to on. E. Put each zone in a separate ZFS file system within the same zpool. Set the dedup property to on for each ZFS file system. Answer: D,E Explanation: n Oracle Solaris 11, you can use the deduplication (dedup) property to remove redundant data from your ZFS file systems. If a file system has the dedup property enabled, duplicate data blocks are removed synchronously. The result is that only unique data is stored, and common components are shared between files. 35 IT Certification Guaranteed, The Easy Way! NO.64 Which command would you use from the bash shell to determine the total amount of physical memory installed in your Solaris system (x86 and SPARC)? A. uname -a B. prtconf | grep -i memory C. sysdef | grep -i memory D. vmstat E. prtdiag | grep -i memory Answer: B Explanation: The prtconf command prints the system configuration information. The output includes the total amount of memory, and the configuration of system peripherals formatted as a device tree. If a device path is specified on the command line for those command options that can take a device path, prtconf will only display information for that device node. NO.65 You need to set up a local package repository to serve 75 client systems. Multiple clients will being the package repository concurrently and you need to ensure that the local repository performs very well under this heavy load, especially during package intensive operations. Which option would ensure the best performance of the repository during package- intensive rations by multiple clients? A. Set up multipathing on the package repository server to distribute the network load multiple network interfaces. B. Deploy a second instance of the package repository server to run as a read writable mirror. C. Deploy a second instance of the package repository server to run as a read-only mirror. D. Deploy a second instance of the package repository server to run as a clone of the primary repository server. E. Deploy a package repository locally on each client. Answer: A NO.66 On server A, you enter the following command to add a static route to serverA route -p add -host 192.168.1.101 192.168.1.101 -static What is the purpose of this command? A. to temporarily bypass IP Filter rules B. to specify an IPMP target IP address to in.mpathd C. to specify routing to an adjacent network when in.rdisc is not used D. to specify routing to an adjacent network when in.routed is not used E. to ensure the IP address for serverB is not flushed from the ARP cache F. to optimize link aggregation using a direct connection between two systems Answer: B Explanation: Note: # route -p add -host destination-IP gateway-IP -static where destination-IP and gateway-IP are IPv4 addresses of the host to be used as a target. For example, you would type the following to specify the target system 192.168.10.137, which is on the same subnet as the interfaces in IPMP group itops0: 36 IT Certification Guaranteed, The Easy Way! $ route -p add -host 192.168.10.137 192.168.10.137 -static This new route will be automatically configured every time the system is restarted. If you want to define only a temporary route to a target system for probe-based failure detection, then do not use the -p option. NO.67 Which three files must be edited in order to set up logging of all failed login attempts? A. /var/adm/authlog B. /etc/syslog.conf C. /etc/default/login D. /var/adm/loginlog Answer: A,B,C Explanation: How to Monitor All Failed Login Attempts This procedure captures in a syslog file all failed login attempts. Assume the Primary Administrator role, or become superuser. 1 . Assume the Primary Administrator role, or become superuser. 2 . (C) Set up the /etc/default/login file with the desired values for SYSLOG and SYSLOG_FAILED_LOGINS 3 . (A) Create a file with the correct permissions to hold the logging information. Create the authlog file in the /var/adm directory. 4 . (B) Edit the syslog.conf file to log failed password attempts. NO.68 The current ZFS configuration on server is: You need to backup the /data file system while the file system is active. Select the option that creates a full backup of the /data file system and stores the backup on server in the pool named backup. A. Mount -F nfs system: /backup / mntzfs snapshot pool/data@monday>/mnt/Monday B. Mount -F nfs systemB: /backup/mntzfs snapshot pool1/data@Mondayzfs clone pool1/data@monday/mnt/Monday C. Zfs send pool1/data@Monday | ssh system zfs recv backup/monday D. Zfs snapshot pool1/data@Monday | ssh system zfs recv backup/monday Answer: C Explanation: http://docs.oracle.com/cd/E23823_01/html/819-5461/ghzvz.html 37 IT Certification Guaranteed, The Easy Way! NO.69 In a fresh installation of Oracle Solaris 11, default datalinks are named with a genetic naming convention, and they increment as you add interfaces. What is the default name? A. eth# B. net# C. el000g# D. lo# E. nic# Answer: B Explanation: When you install this Oracle Solaris release on a system for the first time, Oracle Solaris automatically provides generic link names for all the system's physical network devices. This name assignment uses the net# naming convention, where the # is the instance number. This instance number increments for each device, for example, net0, net1, net2, and so on. Note: Network configuration in Oracle Solaris 11 includes * Generic datalink name assignment - Generic names are automatically assigned to datalinks using the net0, net1, netN naming convention, depending on the total number of network devices that are on the system NO.70 To confirm the IP addresses and netmasks have been correctly configured on the network interfaces, which command(s) should you use? A. ipadm show-if B. ipadm show-nic C. ipadm show-addr D. ipadm show-addripadm show-mask E. ipadm show-ipipadm show-mask F. ipadm show-config Answer: C Explanation: Show address information, either for the given addrobj or all the address objects configured on the specified interface, including the address objects that are only in the persistent configuration. Example: # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 lo0/v6 static ok ::1/128 NO.71 What is the output of the following command, if executed using the default shell for the root role account of a standard Live CD Install of Oracle Solaris 11? echo '$SHELL' A. /usr/bin/bash B. /usr/bin/ksh C. $SHELL D. the PID for the current shell Answer: C 38 IT Certification Guaranteed, The Easy Way! Explanation: Single quotes are most strict. They prevent even variable expansion. Double quotes prevent wildcard expansion but allow variable expansion. For example: #!/bin/sh echo $SHELL echo "$SHELL" echo '$SHELL' This will print: /usr/bin/bash /usr/bin/bash $SHELL NO.72 Select the two statements that correctly describe the operation of NWAM. A. If a location is explicitly enabled, it remains active until explicitly changed. B. Wireless security keys can be configured by using the nwammgr command. C. NWAM stores profile information in /etc/ipadm/ipadm.conf and /etc/dladm/datalink.conf. D. Multiple locations may be automatically activated in systems with multiple network interface cards. E. Interface NCU Properties "float" and are automatically attached to the highest priority Link NCU Property. F. If the DefaultFixed NCP is enabled, persistent configuration, stored in /etc/ipadm.conf and /etc/dladm/datalink.conf is used. Answer: A,D Explanation: A: Conditional and system locations can be manually activated, which means that the location remains active until explicitly disabled. D: A location comprises certain elements of a network configuration, for example a name service and firewall settings, that are applied together, when required. You can create multiple locations for various uses. For example, one location can be used when you are connected at the office by using the company intranet. Another location can be used at home when you are connected to the public Internet by using a wireless access point. Locations can be activated manually or automatically, according to environmental conditions, such as the IP address that is obtained by a network connection. 39 IT Certification Guaranteed, The Easy Way! NO.73 You start to execute a program by using the following command: ~ /bigscript & You then determine that the process is not behaving as expected, and decide that you need to terminate the process. Based on the information shown below, what is the process number you should terminate? A. 15163 B. 15156 C. 15166 D. 15165 Answer: A Explanation: From the output exhibit we can deduce that the shell has id 15156. It has spawned three subprocesses: grep: id 15166 ps -aef 15165 The remaining 15163 must be the subshell (see note below). This is the id of the process which should be terminated. NO.74 When setting up Automated Installer (AI) clients, an interactive tool can be used to generate a custom system configuration profile. The profile will specify the time zone, data and time, user and root accounts, and name services used for an AI client installation. This interactive tool will prompt you to enter the client information and an SC profile (XML) will be created. Which interactive tool can be used to generate this question configuration? A. sys-unconfig B. installadm set-criteria C. sysconfig create-profile D. installadm create-profile Answer: B Explanation: Use the installadm set-criteria command to update the client criteria associated with an AI manifest that you already added to a service using installadm add-manifest. Use the installadm add-manifest command to add a custom AI manifest to an install service. The value of manifest is a full path and file name with .xml extension. The manifest file contains an AI manifest (installation instructions). The manifest file can also reference or embed an SC manifest (system configuration instructions). NO.75 View the Exhibit and review the disk configuration. 40 IT Certification Guaranteed, The Easy Way! The following command is executed on the disk: zpool create pool1 c3t3d0s0 What is the result of executing this command? A. A zpool create error is generated. B. A 1-GB ZFS file system named /pool1 is created. C. A 15.97-GB storage pool named pool1 is created. D. The disk will contain an EFI disk label. Answer: B NO.76 In Oracle Solaris 11, where is the Oracle default repository located? A. /var/spool/pkg B. http://localhost/solaris C. http://pkg.oracle.com/solaris/release D. http://www.oracle.com/Solaris/download E. /cdrom/cdrom0 Answer: C Explanation: REPOSITORY DESCRIPTION * http://pkg.oracle.com/solaris/release The default repository for new Oracle Solaris 11 users. This repository receives updates for each new release of Oracle Solaris. Significant bug fixes, security updates, and new software may be provided at any time for users to install at Oracle's discretion. *https://pkg.oracle.com/solaris/support Provides bug fixes and updates. Accessible with a current support contract from Oracle. * https://pkg.oracle.com/solaris/dev Provides the latest development updates. Accessible to users enrolled in the Oracle Solaris 11 Platinum Customer Program and approved Oracle Partners. 41 IT Certification Guaranteed, The Easy Way! NO.77 You have a ZFS file system named /dbase/oral and you want to guarantee that 10 GB of storage space is available to that dataset for all data, snapshots, and clones. Which option would you choose? A. zfs set refreservation=10g dbase/oral B. zfs set quota=10g dbase/oral C. zfs set refquota=10g dbase/oral D. zfs set reservation=10g dbase/oral Answer: D Explanation: A ZFS reservation is an allocation of disk space from the pool that is guaranteed to be available to a dataset. As such, you cannot reserve disk space for a dataset if that space is not currently available in the pool. The total amount of all outstanding, unconsumed reservations cannot exceed the amount of unused disk space in the pool. ZFS reservations can be set and displayed by using the zfs set and zfs get commands. For example: # zfs set reservation=5G tank/home/bill # zfs get reservation tank/home/bill NAME PROPERTY VALUE SOURCE tank/home/bill reservation 5G local NO.78 user1, while in his home directory, is attempting to run the following command in his home directory: cp bigfile verybig The system displays the following error: cp: cannot create verybig: Disc quota exceeded Your initial troubleshooting shows that the df -h command indicates he is at 100% capacity. What command would you use to increase the disk space available to the user? A. zfs get quota rpool/export/home/user1 B. zfs userused@user1 C. zfs quota=none /rpool/export/home/user1 D. df -h | grep user1 E. zfs set quota=none /rpool/export/home/user1 Answer: E Explanation: ZFS quotas can be set and displayed by using the zfs set and zfs get commands. We can remove the quota restriction by setting to quota to none. NO.79 Your mentor suggests using the dladm rename-link command to rename the network datalinks. What are the two advantages of following this advice? A. It can clarify which network interface has what purpose. B. It can simplify specifying the network interface with the dladm modify-aggr command. C. It can simplify specifying the network interface with the dladm modify-bridge command. D. It can simplify IP filter rule changes if the network interface is replaced with a different type. E. It can prevent accidental deletion of the network interface with the dladm delete-phys command. F. It can prevent accidental deletion of the network interface configuration with the ipadm deleteaddr command. 42 IT Certification Guaranteed, The Easy Way! Answer: A,D Explanation: Note: dladm rename-link [-R root-dir] link new-link Rename link to new-link. This is used to give a link a meaningful name, or to associate existing link configuration such as link properties of a removed device with a new device. NO.80 A user on the system has started a process, but it needs to be terminated. The process ID was determined as follows: pgrep userprogram l5317 The user attempted to terminate the program as follows: pkill 15317 This command runs without an error message, and the process continues to run. What is the issue? A. You need to run the pkill command with the process name. B. You need to switch to super user to kill the process. C. You need to run the ps command to get more information. D. You need to run the prstat command to get more information. Answer: B Explanation: You can use the pgrep and pkill commands to identify and stop command processes that you no longer want to run. These commands are useful when you mistakenly start a process that takes a long time to run. To terminate a process: Type pgrep to find out the PID(s) for the process(es). Type pkill followed by the PID(s). You can kill any process that you own. Superuser can kill any process in the system except for those processes with process IDs of 0, 1, 2, 3, and 4. Killing these processes most likely will crash the system. NO.81 Examine this command and its output: $ zfs list -r -t all tank Name USED AVAIL REFER MOUNTPOINT tank 2.41G 2.43G 32K /tank tank/database 2.41G 2.43G 2.41G /tank/database tank/[email protected] 20K - 2.00G Next you execute: # zfs destroy tank/database Which statement is true about the result of executing this command? A. It destroys the tank/database dataset. B. It destroys tank/database and all descendant datasets. C. It fails because the tank/[email protected] snapshot depends on the tank/database dataset. D. It fails because the tank/[email protected] clone depends on the tank/database dataset. E. It fails because the tank/database data set is not empty. Answer: C 43 IT Certification Guaranteed, The Easy Way! NO.82 Which network protocol provides connectionless, packet-oriented communication between applications? A. TCP B. UDP C. IP D. ICMP E. NFS F. IPSec Answer: B Explanation: The User Datagram Protocol (UDP) is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol (IP) network without requiring prior communications to set up special transmission channels or data paths. Compared to TCP, UDP is a simpler message-based connectionless protocol. NO.83 The OpenBoot firmware controls the operation of the system before the operating system is loaded. Which four tasks are directly controlled by the OpenBoot firmware? A. Provides a list of boot entries from which to choose B. Allows hardware to identify itself and load its own plug-in device driver C. Loads the boot loader from the configured boot device D. Performs basic hardware testing E. Installs the console F. Reads and executes the boot archive G. Extract and executes the kernel image Answer: A,B,C,D Explanation: OpenBoot firmware is executed immediately after you turn on your system. The primary tasks of OpenBoot firmware are to: * Test and initialize the system hardware (D) * Determine the hardware configuration (D) *Boot the operating system from either a mass storage device or from a network *Provide interactive debugging facilities for testing hardware and software Some notable features of OpenBoot firmware. * Plug-in Device Drivers (B) Most common tasks that you perform using OpenBoot * Booting Your System The most important function of OpenBoot firmware is to boot the system. Note: If auto-boot? is true, the system will boot from either the default boot device or from the diagnostic boot device depending on whether OpenBoot is in diagnostic mode. (C) NO.84 How should you permanently restrict the non-global zone testzone so that it does not use more than 20 CPU shares while it is running? 44 IT Certification Guaranteed, The Easy Way! A. While configuring the zone, add this entry:add rct1set name = capped.cpu-sharesadd value (priv = privileged, limit = 20, action = none)endexit B. While configuring the zone, add this entry: add rct1set name= zone.cpu-sharesadd value (priv=privileged, limit=20, action=none)endexitfrom command line, enter: # dispadmin - d FSS C. From the command line enter: #prct1 -n zone.cpu-shares - r - v 20 - i zone testzone D. From the command line, enter:#prct1 - n zone.cpu-shares - v 80 - r - i zone global Answer: C Explanation: The prctl utility allows the examination and modification of the resource controls associated with an active process, task, or project on the system. It allows access to the basic and privileged limits and the current usage on the specified entity. How to Change the zone.cpu-shares Value in a Zone Dynamically This procedure can be used in the global zone or in a non-global zone. For more information about roles, see Configuring and Using RBAC (Task Map) in System Administration Guide: Security Services. # prctl -n zone.cpu-shares -r -v value -i zone zonename idtype is either the zonename or the zoneid. value is the new value. Note: project.cpu-shares Number of CPU shares granted to a project for use with the fair share scheduler NO.85 zone1 is a non-global zone that has been configured and installed. zone1 was taken down for maintenance, and the following command was run: zoneadm -z zone1 mark incomplete The following information is displayed when listing the zones on your system: Which task needs to be performed before you can boot zone1? A. The zone needs to be installed. B. The zone needs to be brought to the ready state. C. The zone needs to be uninstalled and reinstalled. D. The zone needs to be brought to the complete state. Answer: C Explanation: If administrative changes on the system have rendered a zone unusable or inconsistent, it is possible to change the state of an installed zone to incomplete. Marking a zone incomplete is irreversible. The only action that can be taken on a zone marked incomplete is to uninstall the zone and return it to the configured state. NO.86 You are attempting to edit your crontab file in the bash shell. Instead of getting your usual vi interface, you are presented with an unfamiliar interface. In order to have your editor of choice-viwhat command must you type after exiting the unfamiliar editor? 45 IT Certification Guaranteed, The Easy Way! A. EDITOR=vi B. crontab=vi C. crontab - e vi D. env Answer: A Explanation: Set the EDITOR variable to vi. Commands like `crontab -e` will use ed per default. If you'd like to use some better editor (like vi) you can use the environment variable EDITOR: # EDITOR=vi; crontab -e will open the users crontab in vi. Of course you can set this variable permanently. Incorrect answers C: -e Edits a copy of the current user's crontab file, or creates an empty file to edit if crontab does not exist. When editing is complete, the file is installed as the user's crontab file. If a username is given, the specified user's crontab file is edited, rather than the current user's crontab file; this can only be done by a user with the solaris.jobs.admin authorization. The environment variable EDITOR determines which editor is invoked with the -e option. The default editor is ed(1). All crontab jobs should be submitted using crontab. Do not add jobs by just editing the crontab file, because cron is not aware of changes made this way. NO.87 Before booting test zone a non-global zone, you want to connect to the zone's console so that you can watch the boot process. Choose the command used to connect to testzone's console. A. zoneadm -C testzone B. zoneadm -console testzone C. zlogin - z testzone console D. zlogin - z testzone - C E. zlogin -C testzone F. zoneadm - testzone - c Answer: E Explanation: The following options are supported: C Connects to the zone console. Connects to the zone console. Note: After you install a zone, you must log in to the zone to complete its application environment. You might log in to the zone to perform administrative tasks as well. Unless the -C option is used to connect to the zone console, logging in to a zone using zlogin starts a new task. A task cannot span two zones NO.88 In order to display the IP addresses of network interfaces, what command would you use? A. dladm B. ipconfig C. sves 46 IT Certification Guaranteed, The Easy Way! D. ipadm E. ipaddr Answer: D Explanation: 'ipadm show-addr' displays all the configured addresses on the system. Example: # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 lo0/v6 static ok ::1/128 NO.89 On localSYS, your SPARC based server, you back up the root file system with recursive snapshots of the root pool. The snapshots are stored on a remote NTS file system. This information describes the remote system where the snapshots are stored: Remote system name: backupSYS File system whore the snapshots are stored: /backups/localSYS Mounted file system on localSYS: /rpool/snaps Most recent backup name: rpool-1202 Disk c0t0d0 has failed in your root pool and has been replaced. The disk has already been part< and labeled and now you need to restore the root file system. Which procedure would you follow to restore the ZFS root file system on localSYS? A. boot cdrom -smount -f nfs backup_server:/rpool/snaps /rmtzpool create rpool c0t0d0s0cat /mnt/rpool.1202 | zfs receive -Fdu rpoolzpool set bootfs=rpool/ROOT/solaris rpoolRecreate swap and dump devices.Reinstall the bootblock on c0t0d0. B. boot cdrom -smount -f nfs backup_server:/rpool/snaps /mntzpool create rpool c0t0d0s0zfs create -o mountpoint=/ rpool/ROOTcat /mnt/rpool.1011 | zfs receive -Fdu rpoolzpool set bootfs=rpool/ROOT/solaris rpoolRecreate swap and dump devices.Reinstall the bootblock on c0t0d0. C. boot cdrom -smount -F nfs backup_server:/rpool/snaps /mntcat /mnt/rpool.1011 | zfs receive Fdu rpoolzpool set bootfs=rpool/ROOT/solaris rpool c0t0d0s0Reinstall the bootblock on c0t0d0s0 D. boot cdrom -smount -f nfs backup_server:/rpool/snaps /rmtzpool create rpool c0t0d0s0zfs receive -Fdu /mnt/rpool.1011zpool set bootfs=rpool/ROOT/solaris rpoolReinstall the bootblock on c0t0d0. Answer: A Explanation: How to Recreate a ZFS Root Pool and Restore Root Pool Snapshots In this scenario, assume the following conditions: * ZFS root pool cannot be recovered * ZFS root pool snapshots are stored on a remote system and are shared over NFS * The system is booted from an equivalent Solaris release to the root pool version so that the Solaris release and the pool version match. Otherwise, you will need to add the -o version=version-number property option and value when you recreate the root pool in step 4 below. All steps below are performed on the local system. 1. Boot from CD/DVD or the network. On a SPARC based system, select one of the following boot methods: 47 IT Certification Guaranteed, The Easy Way! ok boot net -s ok boot cdrom -s If you don't use -s option, you'll need to exit the installation program. 2. Mount the remote snapshot dataset. For example: # mount -F nfs remote-system:/rpool/snaps /mnt 3. Recreate the root pool. For example: # zpool create -f -o failmode=continue -R /a -m legacy -o cachefile=/etc/zfs/zpool.cache rpool c1t0d0s0 4. Restore the root pool snapshots. This step might take some time. For example: # cat /mnt/rpool.0311 | zfs receive -Fdu rpool Using the -u option means that the restored archive is not mounted when the zfs receive operation completes. 5. Set the bootfs property on the root pool BE. For example: # zpool set bootfs=rpool/ROOT/osolBE rpool 6. Install the boot blocks on the new disk. On a SPARC based system: # installboot -F zfs /usr/platform/`uname -i`/lib/fs/zfs/bootblk /dev/rdsk/c1t0d0s0 NO.90 View the exhibit to inspect the file system configuration on your server. View the Exhibit to inspect the file system configuration on your server. Your department's backup policy is to perform a full backup to a remote system disk on Saturday. On Sunday through Friday, you are to perform a differential backup to the same remote system disk: Following your company policy, which option describes a valid procedure for backing up the /data file system to a remote disk named /remote/backup? 48 IT Certification Guaranteed, The Easy Way! A. Option A B. Option B C. Option C D. Option D Answer: C NO.91 The global zone has 8 CPUS. YOU suspect that one of your non global /ones, dbzone, is consuming all of the CPU resources. Which command would you use to view the CPU utilization for all of the zones to confirm this? A. Run from the global zone:prstat -Z B. Run from each zonezlogin <zonename> mpstat C. Run from the global zone:zonestar -r summary D. Run from the global zone:rctladm -1 E. Run from the global zone:prctl -i Answer: A Explanation: If you're logged on to the system, you can run prstat -Z to generate a summary of cpu/memory utilization by zone. NO.92 Identify the correct description of an IPS image. A. An ISO image of the Solaris media DVD 49 IT Certification Guaranteed, The Easy Way! B. An IPS repository C. A depot location or source where Solaris packages can be installed from D. A location where packages can be installed, for example, your Solaris instance Answer: D Explanation: An image is a location where packages can be installed. An image can be one of three types: * Full images are capable of providing a complete system. * Partial images are linked to a full image (the parent image), but do not provide a complete system on their own. * User images contain only relocatable packages. NO.93 You need to connect two nonglobal zones using a private virtual network. Identify the network resources required in the global zone to accomplish this. A. an etherstub and two virtual network interfaces B. a virtual bridge C. two virtual network interfaces. D. two etherstubs Answer: A NO.94 Identify three options that describe the new Oracle Solaris 11 zone features. A. There are boot environments for zones. B. Administrators can delegate common administration tasks by using RBAC. C. Oracle Solaris 11 supports Solaris 8, 9, and 10 branded zones. D. You can migrate a physical Solaris 10 system and its non-global zones to a solaris10 branded zone running on an Oracle Solaris 11 system. E. It is possible to change the host ID of a zone. Answer: A,B,D Explanation: A: The beadm utility includes support for creating and administering non-global zone boot environments. Note: A boot environment is a bootable instance of the Oracle Solaris operating system image plus any other application software packages installed into that image. System administrators can maintain multiple boot environments on their systems, and each boot environment can have different software versions installed. B: Role-based access control (RBAC) is a security feature for controlling user access to tasks that would normally be restricted to the root role. By applying security attributes to processes and to users, RBAC can divide up superuser capabilities among several administrators. NO.95 You want to deploy Oracle Solaris 11 with the Automated Installer (AI). You need to make sure that your server and network meet the requirements for using AI. Choose the three options that describe the requirements for using AI. A. You can create only one manifest per install service. If you need more than one manifest create multiple install services. 50 IT Certification Guaranteed, The Easy Way! B. If two client machines have different architectures and need to be installed with the same version of the Oracle Solaris 11 OS, then create two AI manifests and a single install service. C. You need a separate install service for each different client architecture that you plan to install, and for each different version of the Oracle Solaris 11 OS that you plan to install on client systems. D. If two client machines have different architectures and need to be installed with different versions of the Oracle Solaris 11 OS, then create two AI manifests and two install services. E. The install server needs to be able to access an Oracle Solaris Image Packaging System (IPS) software package repository; the clients do not. F. The install server can be either an x86 machine or a SPARC machine. Answer: B,E,F Explanation: B (not A, not D, Not C): If two client machines need to be installed with the same version of the Oracle Solaris 11 OS but need to be installed differently in other ways, then create two AI manifests for the AI install service. The different AI manifests can specify different packages to install or a different slice as the install target, for example. Note: An AI manifest provides installation instructions. The AI manifest specifies one or more IPS package repositories where the client retrieves the packages needed to complete the installation. The AI manifest also includes the names of additional packages to install and information such as target installation device and partition information. F: The install server can be either an x86 machine or a SPARC machine. NO.96 Which four can the SMF notification framework be configured to monitor and report? A. all service transition states B. service dependencies that have stopped or faulted C. service configuration modifications D. legacy services that have not started E. services that have been disabled F. service fault management events G. processes that have been killed Answer: A,E,F,G Explanation: Note 1: State Transition Sets are defined as: to<state> Set of all transitions that have <state> as the final state of the transition. form-<state> Set of all transitions that have <state> as the initial state of the transition. < state> Set of all transitions that have <state> as the initial state of the transitional. Set of all transitions. (A) Valid values of state are maintenance, offline (G), disabled (E), online and degraded. An example of a transitions set definition: maintenance, from-online, to-degraded. F: In this context, events is a comma separated list of SMF state transition sets or a comma separated list of FMA (Fault Management Architecture) event classes. events cannot have a mix of SMF state transition sets and FMA event classes. For convenience, the tags problem- {diagnosed, updated, 51 IT Certification Guaranteed, The Easy Way! repaired, resolved} describe the lifecycle of a problem diagnosed by the FMA subsystem - from initial diagnosis to interim updates and finally problem closure. Note 2: SMF allows notification by using SNMP or SMTP of state transitions. It publishes Information Events for state transitions which are consumed by notification daemons like snmp-notify(1M) and smtpnotify(1M). SMF state transitions of disabled services do not generate notifications unless the final state for the transition is disabled and there exist notification parameters for that transition. Notification is not be generated for transitions that have the same initial and final state. NO.97 Which five statements describe options available for installing the Oracle Solaris 11operating system using the installation media? A. You can perform a text or LiveCD installation locally or over the network. B. The text Installer does not install the GNOME desktop. The GNOME desktop package must he added after you have installed the operating system. C. The LiveCD Installation cannot be used to install multiple instances of Oracle Solaris. D. The LiveCD installer cannot be used if you need to preserve a specific Solaris Volume Table of Contents (VTOC) slice in your current operating system. E. The LiveCD Installer is for x86 platforms only. F. The GUI installer cannot be used to upgrade your operating system from Solaris 10. G. If you are installing Oracle Solaris 11 on an x86-based system that will have more than one operating system installed in it, you cannot partition your disk during the installation process. H. The LiveCD installer can be used for SPARC or x86 platforms. Answer: A,B,D,F,H Explanation: A: If the network is setup to perform automated installations, you can perform a text installation over the network by setting up an install service on the network and selecting a text installation when the client system boots. B: After a fresh install of Solaris 11 express, only the console mode is activated. To add Gnome, simply do : $ sudo pkg install slim_install This will install additional packages that are not installed by default. D: The text installer advantages over the GUI installer include: * In addition to modifying partitions, the text installer enables you to create and modify VTOC slices within the Solaris partition. F: How do I upgrade my Solaris 10 or lower systems to Solaris 11? Unfortunately, you CAN'T. There is no direct upgrade installer or other tool that will allow you to upgrade from earlier releases of Solaris to Solaris 11. This is primarily due to the vast changes in the packaging mechanism in Solaris 10. NO.98 User jack logs in to host Solaris and executes the following command sequence: 52 IT Certification Guaranteed, The Easy Way! Which three statements are correct? A. User jack can edit testfile because he has read and write permissions at the group level. B. User jack can use cat to output the contents of testfile because he has read permission as the file owner. C. User jill can change the permissions of testfile because she has write permission for the file at the group level. D. User jill can edit testfile because she has read and write permission at the group level. E. User jack can change permissions for testfile because he is the owner of the file. F. User jack can change permissions for testfile because he has execute permission for the file. Answer: D,E,F NO.99 You are currently working in both your home directory and the system directory /tmp. You are switch back and forth with full path names. Which pair of cd commands will provide you with a shortcut to switch between these two locations? A. cd ~ and cd B. cd and cd. C. cd ~ and cd D. cd * and cd . . Answer: A Explanation: In the Bourne Again, C, Korn, TC, and Z shells, the tilde (~) is used as a shortcut for specifying your home directory. cd It's the command-line equivalent of the back button (takes you to the previous directory you were in). Note: To make certain that you are in your home directory, type the cd (change directory) command. This command moves you to your home (default) directory. NO.100 The following image properties are displayed on your system: Which two options describe the boot environment policy property that is currently set for this image? 53 IT Certification Guaranteed, The Easy Way! A. All package operations are performed in a new BE set as active on the next boot. B. Do not create a new BE. The install, update, uninstall, or revert operation is not performed if a new BE is required. C. If a BE is created, do not set it as the active BE on the next boot D. A reboot is required for all package operations E. A reboot is not required after a package operation. F. For package operations that require a reboot, this policy creates a new BE set as active on the next boot. Answer: D,F Explanation: Image properties described below. * be-policy Specifies when a boot environment is created during packaging operations. The following values are allowed: / default Apply the default BE creation policy: create-backup. / always-new (D, F) Require a reboot for all package operations (D) by performing them in a new BE set as active on the next boot (F). A backup BE is not created unless explicitly requested. This policy is the safest, but is more strict than most sites need since no packages can be added without a reboot. NO.101 You create a flash archive of the Solaris 10 global zone on the serves named sysA. The archive name is s10-system.flar, and it is stored on a remote server named backup_server. On sysA, you create a Solaris 10 branded zone named s10-zone. You want to use the flash archive, located On" /net/bactup_servers/10-system.flar, to install the Operating system in the s10-zone zone. Which command do you choose to install the s10-system.flar archive in the Solaris 10 branded zone (s10-zone)? A. zoneadm -z s10 -zone install - a /net/backup_server/s10-system.flar -u B. zonecfg -z s10 -zone install - a /net/backup_server/s10-system.flar -u C. zoneadm - z s10 -zone clone - s /net/backup_server/s10-system.flar D. zone cfg - a s10-zone create - t SUNWsolaris10\</net/backup_server/s10-system.flar E. zonecfg -z s10-zone install -f /net/backup/backup_server/s10-system.flar Answer: A Explanation: The zoneadm command is the primary tool used to install and administer non-global zones. Operations using the zoneadm command must be run from the global zone on the target system. How to Install the solaris10 Branded Zone A configured solaris10 branded zone is installed by using the zoneadm command with the install subcommand. Example: global# zoneadm -z s10-zone install -a /net/machine_name/s10-system.flar -u NO.102 You have Solaris 11 system with a host name of sysA and it uses LDAP as a naming service. You have created a flash archive of sysA and you want to migrate this system to an Oracle Solaris11 54 IT Certification Guaranteed, The Easy Way! server, Solaris10 branded zone. The zone Status on the Oracle Solaris 11 server is: - zone10 incomplete/zone/zone1solaris10exc1 Select the option that will force the non-global zone to prompt you for a host name and name service the first time it is booted. A. Use zonecfg to change the zonename before booting the system for the first time B. Use the - u option with the zoneadm - z zone10 attach command. C. Use the -u option with the zoneadn -z zone10 install command. D. Remove the sysidcfg file from the <zonepath>/root directory before booting the non- global zone. Answer: C Explanation: Oracle Solaris 10 branded zones - Oracle Solaris 10 Zones provide an Oracle Solaris 10 environment on Oracle Solaris 11. You can migrate an Oracle Solaris 10 system or zone to a solaris10 zone on an Oracle Solaris 11 system in the following ways: * Create a zone archive and use the archive to create an s10zone on the Oracle Solaris 11 system. This option applies in the current scenario. Example of command to Install the Oracle Solaris 10 non-global zone. s11sysB# zoneadm -z s10zone install -u -a /pond/s10archive/s10.flar * Detach the zone from the Oracle Solaris 10 system and attach the zone on the Oracle Solaris 11 zone. The zone is halted and detached from its current host. The zonepath is moved to the target host, where it is attached. Note: install [-x nodataset] [brand-specific options] A subcommand of the zoneadm. Install the specified zone on the system. This subcommand automatically attempts to verify first. It refuses to install if the verify step fails. -u uuid-match Unique identifier for a zone, as assigned by libuuid(3LIB). If this option is present and the argument is a non-empty string, then the zone matching the UUID is selected instead of the one named by the -z option, if such a zone is present. NO.103 In an effort to reduce storage space on your server, you would like to eliminate duplicate copies of data in your server's ZFS file systems. How do you specify that pool1/data should not contain duplicate data blocks (redundant data) on write operations? A. zfs create - o compression=on pool1/data B. zpool create -o deduplication =on pool1; zfs create pool1/data C. zfs create - o deduplication=on pool1; zfs create pool1/data D. zfs create - o dedupratio=2 pool1/data E. zfs create - o dedup=on pool1/data Answer: E Explanation: ZFS Deduplication Property Solaris Express Community Edition, build 129: In this Solaris release, you can use the deduplication property to remove redundant data from your ZFS file systems. If a file system has the dedup 55 IT Certification Guaranteed, The Easy Way! property enabled, duplicate data blocks are removed synchronously. The result is that only unique data is stored and common components are shared between files. You can enable this property as follows: # zfs set dedup=on tank/home NO.104 Which two statements describe the COMSTAR framework available in Oracle Solaris 11? A. It converts an Oracle Solaris 11 host into a SCSI target device that can be accessed over a storage network by Linux, Mac OS, or Windows client systems. B. iSCSI targets cannot be configured as dump devices. C. It provides support for iSCSI devices that use SLP. D. It is used to connect to Fibre Channel or iSCSI Storage Area Network (SAN) environments. E. It provides an upgrade and update path to convert your iSCSI LUNs from Solaris 10 systems. Answer: A,B Explanation: A: You can configure Common Multiprotocol SCSI TARget, or COMSTAR, a software framework that enables you to convert any Oracle Solaris 11 host into a SCSI target device that can be accessed over a storage network by initiator hosts. This means you can make storage devices on a system available to Linux, Mac OS, or Windows client systems as if they were local storage devices. Supported storage protocols are iSCSI, FC, iSER, and SRP. B: iSCSI targets cannot be configured as dump devices. NO.105 You are troubleshooting the Oracle Solaris11 Automated Installer (AI), which is not connecting with the IPS software repository. Which three steps will help determine the cause of DNS name resolution failure? A. Verify the contents of /etc/resolve.conf. B. Run netstat -nr to verify the routing to the DNS server. C. Ping the IP address of the IPS server to verify connectivity. D. On the installation server, verify that the menu.1st file for the client points to a valid boot arc hive. E. Run df -k to verify that the boot directory containing the boot archive is loopback mounted under /etc/netboot. F. Run the command /sbin/dhcpinfo DNSserv to ensure that the DHCP server providing the DNS server information. Answer: A,B,F Explanation: Check DNS * (A) Check whether DNS is configured on your client by verifying that a non-empty /etc/resolv.conf file exists. * (F) If /etc/resolv.conf does not exist or is empty, check that your DHCP server is providing DNS server information to the client: # /sbin/dhcpinfo DNSserv If this command returns nothing, the DHCP server is not set up to provide DNS server information to the client. Contact your DHCP administrator to correct this problem. * (B) If an /etc/resolv.conf file exists and is properly configured, check for the following possible problems and contact your system administrator for resolution: 56 IT Certification Guaranteed, The Easy Way! ** The DNS server might not be resolving your IPS repository server name. ** No default route to reach the DNS server exists. NO.106 On which is the open boot prom available? A. x86 only B. x86 64-Bit only C. SPARC only D. both x86 and x86 64-Bit E. x86, x86 64-Bit and SPARC Answer: C Explanation: No OpenBoot Environment on the Intel Platform. The Intel environment has no OpenBoot PROM or NVRAM. On Intel systems, before the kernel is started, the system is controlled by the basic input/output system (BIOS), the firmware interface on a PC. Therefore, many features provided by OpenBoot are not available on Intel systems. Note: The Open Boot PROM (OBP) bootloader only exists within SPARC. Before Solaris 10 01/06, the bootloader for Solaris x86 was a Sun customized bootstrap software. After Solaris 10 01/06, it uses GRUB, a well known bootloader that's commonly used in the Linux world. With GRUB, it's much easier to make the system dual-boot Linux and Solaris. GRUB extends the capabilities of the bootloader that was not available previously such as the ability to boot from a USB DVD drive. Those who have used Linux will be quite familiar with GRUB and its options. NO.107 User jack, whose account is configured to use the korn shell, logs in and examines the value of his PATH environment variable: What will happen, and why? A. He will get a "file not found" error, because the current directory is not in his seaech path. B. He will get a "file not found" error, because his home directory is not in his search path. C. The useradd script will execute, because jack is in the same directory that the script is located in. D. The command /user/sbin/useradd will execute, because it is the last match in the search path. E. The command /user/sbin/useradd will execute, because it is the first match in the search path. Answer: D NO.108 You log in to the system as user1, then switch user to root by using the su - command. After entering the correct password, yon enter the following commands: whoami;who am i;id Which option correctly represents the output? 57 IT Certification Guaranteed, The Easy Way! A. Option A B. Option B C. Option C D. Option D Answer: B Explanation: * The whoami utility displays your effective user ID as a name. Here this would be root. * who am i The command who shows who is logged on. Here this would be: user1 console Dec 30 20:20 * The id utility displays the user and group names and numeric IDs, of the calling process, to the standard output. If the real and effective IDs are different, both are displayed, otherwise only the real ID is displayed. Here this would be: uid=0(root) gid=0(root) Note: Each UNIX proces has 3 UIDs associated to it. Superuser privilege is UID=0. Real UID -------This is the UID of the user/process that created THIS process. It can be changed only if the running process has EUID=0. Effective UID ------------This UID is used to evaluate privileges of the process to perform a particular action. EUID can be change either to RUID, or SUID if EUID!=0. If EUID=0, it can be changed to anything. Saved UID --------If the binary image file, that was launched has a Set-UID bit on, SUID will be the UID of the owner of the file. Otherwise, SUID will be the RUID. NO.109 The storage pool configuration on your server is: 58 IT Certification Guaranteed, The Easy Way! You back up the /pool1/data file system, creating a snapshot and copying that snapshot to tape (/dev/rmt/0). You perform a full backup on Sunday night and Incremental backups on Monday through Saturday night at 11:00 pm. Each incremental backup will copy only the data that has been modified since the Sunday backup was started. On Thursday, at 10:00 am, you had a disk failure. You replaced the disk drive (c4t0d0). You created pool (pool1) on that disk. Which option would you select to restore the data in the /pool1/data file system? A. zfs create pool1/dataLoad the Monday tape and enter:zfs recv pool1/data < /dev/rmt/0Load the Wednesday tape and enter:zfs recv -F pool1/data < /dev/rmt/0 B. Load the Sunday tape and restore the Sunday snapshot:zfs recv pooll/data < /dev/rmt/0zfs rollback pool1/data@monLoad the Wednesday tape and restore the Wednesday snapshot:zfs recv -i pooll/data < /dev/rmt/0zfs rollback pool1/data@wed C. zfs create pooll/dataLoad the Wednesday tape and enter:zfs recv -F pool1/data < /dev/rmt/0 D. Load the Sunday tape and enter:zfs recv pool1/data < /dev/rmt/0Load the Wednesday tape and enter:* commands missing* Answer: D Explanation: First the full backup must be restored. This would be the Sunday backup. Then the last incremental backup must be restored. This would be the Wednesday backup. Before restoring the Wednesday incremental file system snapshot, the most recent snapshot must first be rolled back. By exclusion D) would be best answer even though it is incomplete. NO.110 Consider the following commands: What is displayed when this sequence of commands is executed using the bash shell? A. Hello, world B. cat: cannot open file1: No such file or directory Hello, world C. cat: cannot open file1: No such file or directory D. bash: syntax error near unexpected token '| |' E. bash: syntax error broker pipe Answer: B NO.111 United States of America export laws include restrictions on cryptography. Identify the two methods with which these restrictions are accommodated in the Oracle Solaris 11 Cryptographic Framework. A. Corporations must utilize signed X.509 v3 certificates. 59 IT Certification Guaranteed, The Easy Way! B. A third-party provider object must be signed with a certificate issued by Oracle. C. Loadable kernel software modules must register using the Cryptographic Framework SPI. D. Third-party providers must utilize X.509 v3 certificates signed by trusted Root Certification Authorities. E. Systems destined for embargoed countries utilize loadable kernel software modules that restrict encryption to 64 bit keys. Answer: B,C Explanation: B: Binary Signatures for Third-Party Software The elfsign command provides a means to sign providers to be used with the Oracle Solaris Cryptographic Framework. Typically, this command is run by the developer of a provider. The elfsign command has subcommands to request a certificate from Sun and to sign binaries. Another subcommand verifies the signature. Unsigned binaries cannot be used by the Oracle Solaris Cryptographic Framework. To sign one or more providers requires the certificate from Sun and the private key that was used to request the certificate. C: Export law in the United States requires that the use of open cryptographic interfaces be restricted. The Oracle Solaris Cryptographic Framework satisfies the current law by requiring that kernel cryptographic providers and PKCS #11 cryptographic providers be signed. NO.112 You need to install the solaris-desktop group package. Which command would you use to list the set of packages included in that software group? A. pkg search B. pkg info C. pkginfo D. pkg contents Answer: A Explanation: Use the pkg search command to search for packages whose data matches the specified pattern. Like the pkg contents command, the pkg search command examines the contents of packages. While the pkg contents command returns the contents, the pkg search command returns the names of packages that match the query. NO.113 Select two correct statements about the authentication services available in Oracle Solaris 11. A. Pluggable Authentication Modules (PAM) is used to control the operation of services such console logins and ftp. B. The Secure Shell can be configured to allow logins across a network to remote servers without transmitting passwords across the network. C. Secure Remote Procedure Calls (Secure RPC) provides a mechanism to encrypt data on any IP Socket connection. D. Pluggable Authentication Modules (PAM) is used to implement the Secure Shell in Oracle Solaris 11. E. Simple Authentication and Security Layer (SASL) provides a mechanism to authenticate and encrypt access to local file system data. 60 IT Certification Guaranteed, The Easy Way! Answer: A,E Explanation: A: Pluggable Authentication Modules (PAM) are an integral part of the authentication mechanism for the Solaris. PAM provides system administrators with the ability and flexibility to choose any authentication service available on a system to perform end-user authentication. By using PAM, applications can perform authentication regardless of what authentication method is defined by the system administrator for the given client. PAM enables system administrators to deploy the appropriate authentication mechanism for each service throughout the network. System administrators can also select one or multiple authentication technologies without modifying applications or utilities. PAM insulates application developers from evolutionary improvements to authentication technologies, while at the same time allowing deployed applications to use those improvements. PAM employs run-time pluggable modules to provide authentication for system entry services. E: The Simple Authentication and Security Layer (SASL) is a method for adding authentication support to connection-based protocols. Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support proxy authorization, a facility allowing one user to assume the identity of another. They can also provide a data security layer offering data integrity and data confidentiality services. DIGEST-MD5 provides an example of mechanisms which can provide a data-security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL. NO.114 Review the information taken from your server: Which option describes the command used to create these snapshots of the root file system? A. Option A B. Option B C. Option C D. Option D Answer: A 61 IT Certification Guaranteed, The Easy Way! Explanation: zfs snapshot [-r] [-o property=value] ... filesystem@snapname|volume@snapname Creates a snapshot with the given name. All previous modifications by successful system calls to the file system are part of the snapshot. See the "Snapshots" section for details. -r Recursively create snapshots of all descendent datasets. Snapshots are taken atomically, so that all recursive snapshots correspond to the same moment in time. NO.115 What is the result of executing the following command? svcs -d svc:/network/ssh:default A. disables the svc:/network/ssh:default service B. displays the services that svc: /network/ssh:default is dependent on C. displays the services that are dependent on the svc: /network/ssh:default service D. deletes the svc: /network/ssh:default service Answer: B Explanation: The svcs command displays information about service instances as recorded in the service configuration repository. -d Lists the services or service instances upon which the given service instances depend. NO.116 dbzone is currently running on your server. Which two methods would you use to safely and cleanly shut down dbzone and all of its applications ? A. zlogin -z dbzone halt B. zoneadm -z dbzone shutdown -i0 C. zoneadm -z dbzone shutdown D. zoneadm -z dbzone halt E. zlogin dbzone shutdown -i0 Answer: D,E Explanation: D: zoneadm halt command halts the specified zones. halt bypasses running the shutdown scripts inside the zone. It also removes run time resources of the zone. E: Use: zlogin zone shutdown to cleanly shutdown the zone by running the shutdown scripts. Use this procedure to cleanly shut down a zone. 1. Become superuser, or assume the Primary Administrator role. 2. Log in to the zone to be shut down, for example, my-zone, and specify shutdown as the name of the utility and init 0 as the state global# zlogin my-zone shutdown -y -g0 -i 0 NO.117 Given: file1 and file2 are text files. dir1 and dir2 are directories. Which two commands will be successful? A. cp dir1 dir1 B. cp dir1 file1 62 IT Certification Guaranteed, The Easy Way! C. cp file? dir1 D. cp file. dir1 E. cp file% dir2 F. cp file1 file2 dir1 Answer: C,F Explanation: C: Here the wildcard character ? is used (Matches any single character). file1 and file2 will be copied into dir1 F: the two files file1 and file2 are copied into directoy dir1. Note: cp - copy files and directories Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY. Cp has three principal modes of operation. These modes are inferred from the type and count of arguments presented to the program upon invocation. * When the program has two arguments of path names to files, the program copies the contents of the first file to the second file, creating the second file if necessary. * When the program has one or more arguments of path names of files and following those an argument of a path to a directory, then the program copies each source file to the destination directory, creating any files not already existing. * When the program's arguments are the path names to two directories, cp copies all files in the source directory to the destination directory, creating any files or directories needed. This mode of operation requires an additional option flag, typically r, to indicate the recursive copying of directories. If the destination directory already exists, the source is copied into the destination, while a new directory is created if the destination does not exist. NO.118 Which two options are accurate regarding the non-global zone console? A. Access the non-global zone console by using the zlogin -c command. B. Access the non-global zone console by using the zlogin -1 command. C. Disconnect from the non-global zone console by using the ~. keys. D. Disconnect from the non-global zone console by using the #. keys. Answer: A,C Explanation: A: How to Log In to the Zone Console Use the zlogin command with the -C option and the name of the zone, for example, my-zone. global# zlogin -C my-zone C: To disconnect from a non-global zone, use one of the following methods. * To exit the zone non-virtual console: zonename# exit * To disconnect from a zone virtual console, use the tilde (~) character and a period: zonename# ~. NO.119 The /etc/hosts file can be best described as______. A. a local database of host names for rlogin, rsh, and rep B. the configuration file for the host name of the system C. a local database of information for the uname command D. the configuration file for the Domain Name Service (DNS) 63 IT Certification Guaranteed, The Easy Way! E. a local database of host names and their associated IP addresses Answer: E Explanation: As your machine gets started, it will need to know the mapping of some hostnames to IP addresses before DNS can be referenced. This mapping is kept in the /etc/hosts file. In the absence of a name server, any network program on your system consults this file to determine the IP address that corresponds to a host name. NO.120 Which command should you choose to display the current parameters for the FSS scheduler? A. dispadmin - c FSS B. prionctl -c FSS C. dispadmin -c FSS -g D. priocntl -c FSS -g Answer: C Explanation: The dispadmin command displays or changes process scheduler parameters while the system is running. -c class Specifies the class whose parameters are to be displayed or changed. Valid class values are: RT for the real-time class, TS for the time-sharing class, IA for the inter-active class, FSS for the fair-share class, and FX for the fixed-priority class. The time-sharing and inter- active classes share the same scheduler, so changes to the scheduling parameters of one will change those of the other. -g Gets the parameters for the specified class and writes them to the standard output. NO.121 You created an IP address for interface not.3 with the following command, which executed successfully: ipadm create-addr -T static -a 192.168.0.100/24 net3/v4 You then ran: ipadm show-if The result indicated that the interface was down. You then ran: ipadm delete-addr net3/v4 ipadm create-addr -T static -a 192.168.0.101/24 net3/v4 ipadm show-if The last command indicated that the interface was up. Why did it work with the second address specified, but not the first? A. The 192.168.0.100 address is reserved for broadcast messages. B. Another device exists on the network, using the 192.168.0.100 address. C. The network interface card does not support the address 192.168.0.100. D. The address 192.168.0.100 is at a boundary and may not be configured in Oracle Solaris 11. E. 192.168.0.100 is a DHCP address and may not be statically configured in Oracle Solaris 11. Answer: B 64 IT Certification Guaranteed, The Easy Way! Explanation: The first IP address is already in use. NO.122 You run the command dlstat show-link -r. Select the two correct statements regarding the information displayed in the INTRS column. A. No value is listed for virtual network interfaces. B. A value of 0 is listed for virtual interfaces and ether stubs. C. The number of Interrupts is listed, which indicates network efficiency. D. A number equal to the number of transmitted Ethernet frames is listed for physical links. E. The number of packets that were interrupted by a collision is listed, which may indicate hardware problems. Answer: C,E Explanation: In this output, the statistics for interrupt (INTRS) are significant. Low interrupt numbers indicate greater efficiency in performance. If the interrupt numbers are high, then you might need to add more resources to the specific link. Example: # dlstat -r -i 1 LINK IPKTS RBYTES INTRS POLLS CH<10 CH10-50 CH>50 e1000g0 101.91K 32.86M 87.56K 14.35K 3.70K 205 5 nxge1 9.61M 14.47G 5.79M 3.82M 379.98K 85.66K 1.64K vnic1 8 336 0 0 0 0 0 e1000g0 0 0 0 0 0 0 0 nxge1 82.13K 123.69M 50.00K 32.13K 3.17K 724 24 vnic1 0 0 0 0 0 0 0 Note: dlstat show-link [-r [-F] | -t] [-i interval] [-a] [-p] [ -o field[, ...]] [-u R|K|M|G|T|P] [link] Display statistics for a link. -r Display receive-side statistics only. Includes bytes and packets received, hardware and software drops, and so forth. List of supported RX fields: link iusedby ibytes ipkts intrs polls hdrops: hardware drops sdrops: software drops (owing to bandwidth enforcement) ch<10: number of packet chains of length < 10 ch10-50: number of packet chains of length between 10 and 50 ch>50: number of packet chains of length > 50 NO.123 View the Exhibit. 65 IT Certification Guaranteed, The Easy Way! Which is true regarding the disk drive? A. This disk configuration could be used as a ZFS root disk. B. This disk contains an SMI disk label. C. Slice 7 represents the entire disk and cannot be used as a slice for a file system D. The disk contains an EFI disk label. Answer: A Explanation: Installing a ZFS Root Pool The installer searches for a disk based on a recommended size of approximately 13 GB. NO.124 View the Exhibit to inspect the boot environment Information displayed within a non global zone on your system. Which two options describe the solaris-1 boot environment? A. The solaris-1 boot environment is not bootable. B. The solaris-1 boot environment is incomplete. C. The solaris-1 boot environment was created automatically when the non global zone was created. D. The solaris-1 boot environment was created in the non-global zone using the beadm create command. E. The solaris-1 boot environment is associated with a non active global zone boot environment. Answer: A,E Explanation: A: The - of the Active Column indicates that this boot environment is inactive, and hence not bootable. Note: The values for the Active column are as follows: R - Active on reboot. N - Active now. 66 IT Certification Guaranteed, The Easy Way! NR - Active now and active on reboot. "-" - Inactive. "!" - Unbootable boot environments in a non-global zone are represented by an exclamation point. http://docs.oracle.com/cd/E23824_01/html/E21801/unbootable.html#scrolltoc NO.125 You have completed configuring a zone named dbzone on your Solaris 11 server. The configuration is as following: The global zone displays the following network information: The zone has never been booted. Which three options correctly describe this zone? A. It is a sparse root zone. B. It is a whole root zone. C. It is an immutable zone. D. It is a native zone. E. The zone shares the network interface with the host. F. The zone uses a virtual network interface. G. The hostid is the same as the global zone. 67 IT Certification Guaranteed, The Easy Way! H. The IP address of the zone is 10.0.2.18. Answer: C,E,G Explanation: C: Immutable Zones provide read-only file system profiles for solaris non-global zones. Note that ip-type: exclusive: Starting with OpenSolaris build 37 and Oracle Solaris 10 8/07, a default zone can be configured as an "exclusive-IP zone" which gives it exclusive access to the NIC(s) that the zone has been assigned. Applications in such a zone can communicate directly with the NIC(s) available to the zone. Note on zones: After installing Oracle Solaris on a system, but before creating any zones, all processes run in the global zone. After you create a zone, it has processes that are associated with that zone and no other zone. Any process created by a process in a non-global zone is also associated with that non-global zone. Any zone which is not the global zone is called a non-global zone. Most people call non- global zones simply "zones." Some people call them "local zones" but this is discouraged. The default native zone file system model on Oracle Solaris 10 is called "sparse-root." This model emphasizes efficiency and security at the cost of some configuration flexibility. Sparse-root zones optimize physical memory and disk space usage by sharing some directories, like /usr and /lib. Sparse-root zones have their own private file areas for directories like /etc and /var. Whole-root zones increase configuration flexibility but increase resource usage. They do not use shared file systems for /usr, /lib, and a few others. There is no supported way to convert an existing sparse-root zone to a whole-root zone. Creating a new zone is required. NO.126 A user brian is configured to use the bash shell. His home directory is /export/home/brian, and contains a .profile and a .bashrc file. In the -profile, there are these lines: genius =ritchie export genius In the .bashrc us this line: genius=kernighan In /etc/profile are these lines: genius=thompson export genius When brian logs in and asks for the value of genius, what will he find, and why? A. genius will be ritchie, because that was the value exported in .profile. B. genius will be kernighan, because .bashrc executes after .profile. C. genius will be ritchie because variable settings in .profile take precedence over variable settings in .bashrc. D. genius will be ritchie because .profile executes after .bashrc. E. genius will be thompson because /etc/profile system settings always override local settings. Answer: C NO.127 You enter dladm show-phys, which provides the following output: 68 IT Certification Guaranteed, The Easy Way! You then enter: ipadm create-ip net3 What is the output? A. ipadm: cannot; create interface net3: Operation failed. B. ipadm: cannot create interface net3: Interface already exists. C. ipadm: cannot create interface net3: IP address object not specified. D. No_response, The command was successful. Answer: B Explanation: According to the exhibit the interface already exists. The command ipadm create-ip net3 is supposed to create a new interface net3. NO.128 The following line is from /etc/shadow in a default Solaris 11 Installation: jack: $5$9JFrt54$7JdwmO.F11Zt/ jFeeOhDmnw93LG7Gwd3Nd/cwCcNWFFg:0:15:30:3::: Which two are true? A. Passwords for account jack must be a minimum of 15 characters long. B. The password for account jack has expired. C. The password for account jack has 5 characters. D. A history of 3 prior passwords for the account jack is kept to inhibit password reuse. E. The minimum lifetime for a password for account jack is 15 days. Answer: B,E Explanation: From the content of the /etc/shadow file we get: * username: jack * encrypted password: $5$9JFrt54$7JdwmO.F11Zt/ jFeeOhDmnw93LG7Gwd3Nd/cwCcNWFFg * Last password change (lastchanged): Days since Jan 1, 1970 that password was last changed: 0 * Minimum: The minimum number of days required between password changes i.e. the number of days left before the user is allowed to change his/her password: 15 Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password): 30 Warn : The number of days before password is to expire that user is warned that his/her password must be changed: 3 * Inactive : The number of days after password expires that account is disabled * Expire : days since Jan 1, 1970 that account is disabled i.e. an absolute date specifying when the login may no longer be used NO.129 View the Exhibit. 69 IT Certification Guaranteed, The Easy Way! After Installing the OS, you need to verify the network interface information. Which command was used to display the network interface information in the exhibit? A. ifconfiq -a B. ipadm show-addr C. svcs -1 network/physical D. netstat -a Answer: B Explanation: 'ipadm show-addr' displays all the configured addresses on the system. Example: # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 lo0/v6 static ok ::1/128 NO.130 user1 has a disk quota of 0.5 MB. The user attempts to run the following command on a file called .bigfile that is 495 KB in size: cp bigfile /tmp Will the command execute successfully? A. Yes. Quotas do not include any of the system files such as /tmp /swap. B. Yes. The quota is set at the directory level, not the user level. C. No. The command will fail because it will cause him to exceed his user quota. D. No. A user cannot place files into the /tmp directory. Answer: A Explanation: UFS quotas enable system administrators to control the size of file systems. Quotas limit the amount of disk space and the number of inodes, which roughly corresponds to the number of files, that individual users can acquire. For this reason, quotas are especially useful on the file systems where user home directories reside. As a rule, the public and /tmp file systems usually do not benefit significantly by establishing quotas. Note: The cp command copies files and directories. NO.131 Consider the following commands: What is displayed when this sequence of commands is executed using the bash shell? A. Hello, world 70 IT Certification Guaranteed, The Easy Way! B. cat: cannot open file1 C. cat: cannot open file1Hello, world D. cat: cannot open file1 Hello, World E. bash: syntax error near unexpected token '&&' Answer: B Explanation: First line (rm file1) deletes/removes file1. Second line captures the text into file2. The first part of line 3 (cat file1) fails as the file1 does not exist. The && (AND) operator will ensure that the third line fails. The result of line 3 will be the result of first part of line 3 (cat file1). Note: cat - concatenate files and print on the standard output Note #1: A list is a sequence of one or more pipelines separated by one of the operators ';', '&', '&&', or '||', and optionally terminated by one of ';', '&', or a newline. Of these list operators, '&&' and '||' have equal precedence, followed by ';' and '&', which have equal precedence. AND and OR lists are sequences of one or more pipelines separated by the control operators '&&' and '||', respectively. AND and OR lists are executed with left associativity. An AND list has the form command1 && command2 command2 is executed if, and only if, command1 returns an exit status of zero. An OR list has the form command1 || command2 command2 is executed if, and only if, command1 returns a non-zero exit status. The return status of AND and OR lists is the exit status of the last command executed in the list. Note #2 (on exit status): Zero means command executed successfully, if exit status returns non-zero value then your command failed to execute. NO.132 You are troubleshooting a newly installed desktop Oracle Solaris 11 system with a single network interface. From this system, you can connect to other systems within the company intranet, but cannot access any external services (such as websites and email), even when using IP addresses. Examining the routing table confirms that the default route to 192.168.1.1 is missing. DHCP is not used at this site. Which two commands will temporarily mid permanently configure the default route? A. ipadm set-gateway 192.168.1.1 B. route add default 192.168.1.1 C. ipadm set-default 192.168.1.1 D. dladm route-add -d 192.168.1.1 E. echo 192.168.1.1 >/etc/gateway F. echo 192.168.1.1 >/etc/defaultrouter Answer: B,F Explanation: B: Setting the default route on Solaris is easy. If you are trying to just set the route temporarily you can use the route command: Route add default <ipaddress> 71 IT Certification Guaranteed, The Easy Way! Example: Route add default 192.168.1.1 Note: Route command manipulates the kernel routing tables. Routing is the process of forwarding a packet from one computer to another. It is based on the IP address in the IP packet header and netmask. F: If you want the route to be persisted when you reboot the system, you will need to set the route in the /etc/defaultrouter file. /etc/defaultrouter Example: Echo 192.168.1.1 > /etc/defaultrouter NO.133 You have been asked to terminate a process that appears to be hung and will not terminate. The process table is shown below: root 15163 15156 0 12:51:15 pts/3 0:00 hungscript What command will terminate the process? A. kill -9 15163 B. kill -1 15163 C. kill -15 15163 D. kill -2 15163 Answer: A Explanation: Here we should use SIGTERM to terminate the process. Note: When no signal is included in the kill command-line syntax, the default signal that is used is -15 (SIGKILL). Using the -9 signal (SIGTERM) with the kill command ensures that the process terminates promptly. However, the -9 signal should not be used to kill certain processes, such as a database process, or an LDAP server process. The result is that data might be lost. Tip - When using the kill command to stop a process, first try using the command by itself, without including a signal option. Wait a few minutes to see if the process terminates before using the kill command with the -9 signal. NO.134 alice is a user account used by Alice on a Solaris 11 system. sadmin is a role account on the same system. Your task is to add the command /usr/sbin/cryptoadm to the Network management profile, so that Alice can execute it, while assuming the sadmin role. Select the three activities necessary to accomplish this. A. To the file /etc/security/prof_attr, add the line: Network Management: solaris:cmd:RO::/usr/sbin/cryptoadm:euid=0 B. To the file /etc/security/auth_attr, add the line:Network Management: solaris:cmd:RO::/usr/sbin/cryptoadm:euid=0 C. To the file /etc/security/exec_attr.d/local-entriies, add the line:Network Management: solaris:cmd:RO::/usr/sbin/cryptoadm:euid=0 D. Run the roles alice to ensure that alice may assume the role sadmin. E. Run the command profiles sadmin to ensure that the role sadmin includes the network Management profile. 72 IT Certification Guaranteed, The Easy Way! F. Run the command profiles alice to ensure that the Alice has permissions to access the Network management profile. G. Run the command profiles "Network management" to ensure that the Network management profile includes the sadmin role. Answer: C,D,G Explanation: C: /etc/security/exec_attr is a local database that specifies the execution attributes associated with profiles. The exec_attr file can be used with other sources for execution profiles, including the exec_attr NIS map and NIS+ table. A profile is a logical grouping of authorizations and commands that is interpreted by a profile shell to form a secure execution environment. NO.135 User jack logs in to host solaris and then attempts to log in to host oracle using ssh. He receives the following error message: The authenticity of host oracle (192.168.1.22) can't be established. RSA key fingerprint is 3B:23:a5:6d:ad:a5:76:83:9c:c3:c4:55:a5:18:98:a6 Are you sure you want to continue connecting (yes/no)? Which two are true? A. The public host key supplied by solaria is not known to the host oracle. B. The error would not occur if the RSA key fingerprint shown in the error message was added to the /etc/ssh/known_hosts file on solaris. C. The private host key supplied by oracle is not known to solaris. D. If jack answers yes, the RSA public key for the host oracle will be added to the known_hosts file for the user jack. E. The public host key supplied by oracle is not known to the host solaris. Answer: B,D Explanation: The fingerprints are used to guard against man in the middle attacks. Since ssh logins usually work over the internet (an insecure connection), someone could hijack your connection. When you try to log into yourmachine.com, he could get "in the middle" and return your challenge as if he was yourmachine.com. That way, he could get hold of your login password. To make this attack harder, ssh stores the fingerprint of the server's public key on the first connection attempt. You will see a prompt like: The authenticity of host 'eisen (137.43.366.64)' can't be established. RSA key fingerprint is cf:55:30:31:7f:f0:c4:a0:9a:02:1d:1c:41:cf:63:cf. Are you sure you want to continue connecting (yes/no) When you enter yes, ssh will add the fingerprint to your known_hosts file. you will see Code: Warning: Permanently added 'eisen, 137.43.366.64' (RSA) to the list of known hosts. The next time you login, ssh will check whether the host key has changed. A changing host key usually indicates a man in the middle attack, and ssh refuses to connect. NO.136 Which two are true about accounts, groups, and roles in the Solaris user database? A. All Solaris user accounts must have a unique UID number. B. A Solaris account name may be any alphanumeric string, and can have a maximum length of 8 characters. 73 IT Certification Guaranteed, The Easy Way! C. Account UID numbers 0-09 are system-reserved. D. The GID for an account determines the default group ownership of new files created by that account. E. The groups that an account is a member of are determined by the entries in the /etc/group file. Answer: A,B Explanation: A: Solaris uses a UID (User ID) to identify each user account. The UID is a unique number assigned to each user. It is usually assigned by the operating system when the account is created. B: In Solaris the account name can include any alphanumeric string (and . _ -). The maximum length is 8 characters. NO.137 The core dump configuration in your non global zone is A user is running a process in a non-global zone (testzone) and the process crashes. The process information is: user126632618017:46:42pts/20:00/usr/bin/bash When the user's process crashes in testzone, a non-global zone, where will the core dump be saved? A. The file will be stored in the non-global zone's directory: /var/core/pprocess/core.hash.2663. B. The file will be saved in the global zone's directory: /var/core/core.bash.2663. C. A core file cannot be generated in a non-global zone because it shares the kernel with the global zone. D. The file will be stored in the global zone's directory: /var/core/pprocess/core.bash.2663. E. The file will be saved in non-global zone's directory: /var/core/core.bash.2663 Answer: E Explanation: The line init core file pattern: /var/core/core.%f.%p will be used for the non-global process to determine the destination of the dump file. Note: When a process is dumping core, up to three core files can be produced: one in the per-process location, one in the system-wide global location, and, if the process was running in a local (nonglobal) zone, one in the global location for the zone in which that process was running. NO.138 You upgraded your server to Oracle Solaris 11 and you imported zpool (pool1) that was created in Solaris 10. You need to create an encrypted ZFS file system in pool1, but first you need to make sure that your server supports ZFS encryption. Which four statements are true for support of ZFS encryption? 74 IT Certification Guaranteed, The Easy Way! A. The encrypted file system must have been created in Oracle Solaris11. To encrypt a ZFS file system from a previous version of Solaris, upgrade the zpool and create a new encrypted ZFS file system into the encrypted ZFS file system. B. If you plan to create an encrypted file system in an existing zpool, the zpool must be upgraded to ZFS version 30. C. ZFS encryption is integrated with the ZFS command set and no additional packages need to be installed. D. ZFS encryption requires that the ZFS Dataset Encryption package be installed. E. If you plan to create an encrypted file system in an existing zpool, the pool must be upgraded to ZFS version 21, minimum. F. Encryption is supported at the pool or dataset (file system) level. G. Encryption is supported at the pool level only for every file system in the pool will be encrypted. H. You cannot create an encrypted file system in a zpool that was created prior to oracle Solaris11. Create a new zpool in Solaris11, create an encrypted ZFS file system in the new zpool, and move or copy the data from the existing file system into the new encrypted file system. Answer: A,B,C,F Explanation: A (not H): You can use your existing storage pools as long as they are upgraded. You have the flexibility of encrypting specific file systems. B (not E): Can I enable encryption on an existing pool? Yes, the pool must be upgraded to pool version 30 to allow encrypted ZFS file systems and volumes. C (not D): ZFS encryption is integrated with the ZFS command set. Like other ZFS operations, encryption operations such as key changes and rekey are performed online. F (not G): Encryption is the process in which data is encoded for privacy and a key is needed by the data owner to access the encoded data. You can set an encryption policy when a ZFS dataset is created, but the policy cannot be changed. NO.139 Your users are experiencing delay issues while using their main application that requires connections to remote hosts. You run the command uptime and get the flowing output: 1:07am up 346 day(s), 12:03, 4 users, load average: 0.02, 0.02, 0.01 Which command will be useful in your next step of troubleshooting? A. ipadm B. traceroute C. dladm D. snoop E. arp Answer: B Explanation: Test the remote connection with traceroute. The Internet is a large and complex aggregation of network hardware, connected together by gateways. Tracking the route one's packets follow (or finding the miscreant gateway that's discarding your packets) can be difficult. traceroute utilizes the IP protocol `time to live' field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to some host. This program attempts to trace the route an IP packet would follow to some internet host by 75 IT Certification Guaranteed, The Easy Way! launching UDP probe packets with a small ttl (time to live) then listening for an ICMP "time exceeded" reply from a gateway. NO.140 You have been asked to do an orderly shutdown on a process with a PID of 1234, with the kill command. Which command is best? A. kill -2 1234 B. kill -15 1234 C. kill -9 1234 D. kill -1 1234 Answer: B Explanation: On POSIX-compliant platforms, SIGTERM is the signal sent to a process to request its termination. The symbolic constant for SIGTERM is defined in the header file signal.h. Symbolic signal names are used because signal numbers can vary across platforms, however on the vast majority of systems, SIGTERM is signal #15. SIGTERM is the default signal sent to a process by the kill or killall commands. It causes the termination of a process, but unlike the SIGKILL signal, it can be caught and interpreted (or ignored) by the process. Therefore, SIGTERM is akin to asking a process to terminate nicely, allowing cleanup and closure of files. For this reason, on many Unix systems during shutdown, init issues SIGTERM to all processes that are not essential to powering off, waits a few seconds, and then issues SIGKILL to forcibly terminate any such processes that remain. NO.141 Which two accurately describe the Solaris IPS repository? A. It contains a collection of operating system patches. B. It contains a collection of software packages. C. All packages within an IPS package repository reside in a catalog. D. It is an ISO image of the Solaris installation media. E. The packages in a catalog are associated with a specific publisher. Answer: B,E Explanation: Image Packaging System (IPS) is a new network based package management system included in Oracle Solaris 11. It provides a framework for complete software lifecycle management such as installation, upgrade and removal of software packages. IPS also enables you to create your own software packages, create and manage package repositories, and mirror existing package repositories. Oracle Solaris software is distributed in IPS packages. IPS packages are stored in IPS package repositories, which are populated by IPS publishers. E: The following command displays property information about the local repository. $ pkgrepo get -s /export/repoSolaris11 SECTION PROPERTY VALUE publisher prefix solaris repository description This\ repository\ serves\ a\ copy\ of\ the\ Oracle\ Solaris\ 11\ Build\ 175b\ Package\ Repository. repository name Oracle\ Solaris\ 11\ Build\ 175b\ Package\ Repository repository version 4 The value of the publisher prefix specifies that solaris is to be used in the following cases: 76 IT Certification Guaranteed, The Easy Way! When more than one publisher's packages are present and no publisher is specified in the package name in the pkg command When packages are published to the repository and no publisher is specified. NO.142 A user jack, using a bash shell, requests a directory listing as follows: Which three statements are correct? A. The pattern dir? will expand to dira dirb dirc. B. The pattern dir*a will expand to diraa. C. The pattern dir*a will expand to dira diraa. D. The pattern dir*b? will expand to dirabc. E. The pattern dir*b? will expand to dirb dirabc. Answer: A,C,D Explanation: A: dir followed by a single letter. C: dir followed by any characters ending with a. D: dir followed by any characters, then character b, then one single character. only dirabc matches NO.143 You created a new zpool. Now you need to migrate the existing ZFS file system from pool1/prod to pool2/prod. You have these requirements: 1. Users must have access to the data during the migration, so you cannot shutdown the file system while the migration takes place. 2. Because you want to copy the data as quickly as possible, you need to increase the server resources devoted to the ZFS migration. Which method would you use to modify the ZFS shadow migration daemon defaults to increase the concurrency and overall speed of migration? A. Svccfg - s filesystem/shadowd:defaultsetprop config_params/shadow_threads=integer: 1 6endsvcadm refresh filesystem/shadowd: default B. Specify the -b <blocksize> option with the zfs create command and increase the value of < blocksize> C. Use the -o -volblocksize=<blocksize>option with the zfs create command and increase the value of the default <blocksize>. D. Svccfg -s filesystem/zfs: defaultsetprop config_params/shadow_threads = integer: 16endsvcadm refresh filesystem/zfs:default Answer: A Explanation: shadowd is a daemon that provides background worker threads to migrate data for a shadow migration. A shadow migration gradually moves data from a source file system into a new "shadow" file system. Users can access and change their data within the shadow file system while migration is occurring. The shadowd service is managed by the service management facility, smf(5). Administrative actions on this service, such as enabling, disabling, or requesting restart, can be 77 IT Certification Guaranteed, The Easy Way! performed using svcadm(1M). The service's status can be queried using the svcs(1) command. The svccfg(1M) command can be used to manage the following parameter related to shadowd: config_params/shadow_threads Note: Oracle Solaris 11: In this release, you can migrate data from an old file system to a new file system while simultaneously allowing access and modification of the new file system during the migration process. Setting the shadow property on a new ZFS file system triggers the migration of the older data. The shadow property can be set to migrate data from the local system or a remote system with either of the following values: file:///path nfs://host:path NO.144 Identify the two security features incorporated in the Oracle Solaris 11 Cryptographic Framework. A. Layer 5 IP address encryptions B. Internet protocol security C. Diffie-Kerberos coaxial key encryption D. Signed cryptographic plugins (providers) E. Kernel support for signed antivirus plugins Answer: D,E Explanation: The framework enables providers of cryptographic services to have their services used by many consumers in the Oracle Solaris operating system. Another name for providers is plugins. The framework allows three types of plugins: * User-level plugins - Shared objects that provide services by using PKCS #11 libraries, such as pkcs11_softtoken.so.1. * Kernel-level plugins - Kernel modules that provide implementations of cryptographic algorithms in software, such as AES. Many of the algorithms in the framework are optimized for x86 with the SSE2 instruction set and for SPARC hardware. * Hardware plugins - Device drivers and their associated hardware accelerators. The Niagara chips, the ncp and n2cp device drivers, are one example. A hardware accelerator offloads expensive cryptographic functions from the operating system. The Sun Crypto Accelerator 6000 board is one example. NO.145 Which option would you choose to display the kernel revision level for your operating system? A. cat. /etc/release B. uname -a C. pkg info kernel D. banner (issued from the OpenBoot Prom) E. cat /etc/motd Answer: B NO.146 Your server has a ZFS storage pool that is configured as follows: 78 IT Certification Guaranteed, The Easy Way! The server has two spate 140-GB disk drives: c3t5d0 c3t6d0 Which command would add redundancy to the pool1 storage pool? A. zpool attach pool1 c3t5d0 c3t6d0 B. zpool attach pool1 c3t3d0 c3c5d0; zpoo1 attach pool1 c3t4d0 c3t6d0 C. zpool mirror pool1 c3t5d0 c3t6d0 D. zpool add pool1 mirror c3t5d0 c3t6d0 E. zpool add raidz pool1 c3t5d0 c3t6d0 Answer: A Explanation: You can convert a non-redundant storage pool into a redundant storage pool by using the zpool attach command. Note: zpool attach [-f] pool device new_device Attaches new_device to an existing zpool device. The existing device cannot be part of a raidz configuration. If device is not currently part of a mirrored configuration, device automatically transforms into a two-way mirror of device and new_device. If device is part of a two-way mirror, attaching new_device creates a three-way mirror, and so on. In either case, new_device begins to resilver immediately. NO.147 Select the packet type that identifies members of the group and sends information to all the network interfaces in that group. A. Unicast B. Multicast C. Broadcast D. Bayesian E. Quality of Service Priority Answer: B Explanation: IPv6 defines three address types: unicast Identifies an interface of an individual node. multicast Identifies a group of interfaces, usually on different nodes. Packets that are sent to the multicast address go to all members of the multicast group. anycast Identifies a group of interfaces, usually on different nodes. Packets that are sent to the anycast address go to the anycast group member node that is physically closest to the sender. NO.148 You have a ticket from a new user on the system, indicating that he cannot log in to his 79 IT Certification Guaranteed, The Easy Way! account. The information in the ticket gives you both the username and password. The ticket also shows that the account was set up three days ago. As root, you switch users to this account with the following command: su - newuser You do not get an error message. You then run 1s -1a and see the following files: local1.cshrc local1.login local1.profile .bash_history .bashrc .profile As root, you grep the /etc/passwd file and the /etc/shadow file for this username, with these results: /etc/passwd contains newuser:x:60012:10:/home/newuser:/usr/bin/bash /etc/shadow contains newuser:UP: : : : :10: : As root, what is your next logical step? A. Usermod -f 0 B. passwd newuser C. mkdir /home/newuser D. useradd -D Answer: B Explanation: The content of the /etc/shadow document indicates that the newuser account has no password. We need to add a password. The passwd utility is used to update user's authentication token(s). D: Here the user account already exist. There is no need to create it. When invoked without the -D option, the useradd command creates a new user account using the values specified on the command line plus the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new user's home directory and copy initial files. NO.149 You are creating a non-global zone on your system. Which option assigns a zpool to a non-global zone, and gives the zone administrator permission to create zfs file system in that zpool? A. While creating the non-global zone, make the following entry: add deviceset match=/dev/rdsk/c4t0d0endBoot the zone and log in the zone as root. Create the zpool: zpool create pool2 c4t0d0In the non-global zone, root can now create ZFS file system in the pool2 zpool B. In the global zone, create the zpool: global# zpool create pool2 c4t1d0While creating the no-global zone, make the following entry: add datasetset name=pool2endadd fsset dir=pool1set special=pool1set type=zfspool1endBoot the zone, log in the zone as root, and create the zfs file system in the pool2 zpool. C. In the global zone, create the zpool:global#zpool create pool2 c4t1d0While creating the global zone, make the following entry: add datasetset name=pool2endBoot the zone, log in to the zone as root and create the zfs file systems in the pool2 zpool. D. In the global zone, create the zpool and the ZFS file systems that you want to use in the non-global zone: global#zpool create pool2 c4t1d0global#zfs create pool2/dataWhile creating the non-global zone, make the following entry for each ZFS file system that you want to make available in the zone: add fsset dir=/dataset special=pool2/dataset type=zfsend E. Create the zpool in the global zone: global#zpool create pool2 c4t1d0Boot the non- global zone, log 80 IT Certification Guaranteed, The Easy Way! in to the zone as root, and issue this command to delegate ZFS permissions to root: non-global zone# zfs allow root create , destroy, mount pool2Log in to the non-global zone create ZFS file systems in the pool2 zpool. Answer: C Explanation: http://docs.oracle.com/cd/E19253-01/819-5461/gbbst/index.html NO.150 Which option displays the result of running the zfs list command? A. Option A B. Option B C. Option C D. Option D Answer: B Explanation: The zfs list command provides an extensible mechanism for viewing and querying dataset information. You can list basic dataset information by using the zfs list command with no options. This command displays the names of all datasets on the system and the values of their used, available, referenced, and mountpoint properties. For more information about these properties, see Introducing ZFS Properties. For example: # zfs list NAME USED AVAIL REFER MOUNTPOINT pool 476K 16.5G 21K /pool pool/clone 18K 16.5G 18K /pool/clone pool/home 296K 16.5G 19K /pool/home pool/home/marks 277K 16.5G 277K /pool/home/marks pool/home/marks@snap 0 - 277K pool/test 18K 16.5G 18K /test 81 IT Certification Guaranteed, The Easy Way! NO.151 Which two options are valid methods of installing a solaris10 branded zone on a system running Oracle Solaris 11? A. Use the V2V process to migrate an existing Solaris 8 or 9 non-global zone from a Solaris 10 system to a solaris10 branded zone. B. Use the V2V process to migrate an existing Solaris 10 non-global whole root zone from a Solaris 10 system to a solaris10 branded whole root zone. C. Install a solaris10 branded zone directly from the Oracle Solaris 10 media. D. Migrate an existing 64-bit Solaris 10 system to a solaris10 branded non-global zone using the P2V process. E. Use the V2V process to migrate an existing Solaris 10 non-global sparse root zone from a Solaris 10 system to a solaris10 branded sparse root zone. Answer: B,C Explanation: B: How to Migrate an Existing native Non-Global Zone Use the V2V process to migrate an existing zone on your Solaris 10 system to a solaris10 brand zone on a system running the Oracle Solaris 11 release. C: How to Install the solaris10 Branded Zone A configured solaris10 branded zone is installed by using the zoneadm command with the install subcommand. NO.152 You are troubleshooting interface net3 and you enter the following sequence of commands: Your next command should be: A. ipadm up-addr net3/v4 B. ipadm enable-if -T net3 C. <ipadm create-vnic -a 192.168.1.25/24 net3/v4 D. ipadm create-ip -T static -a 192.168.1.25/24 -n net3 E. ipadm create-addr -T static -a 192.168.1.25/24 net3 Answer: E Explanation: If you are assigning a static IP address, use the following syntax: # ipadm create-addr -T static -a address addrobj where addrobj uses the naming format interface/user-defined-string, such as e1000g0/v4globalz. Note: 82 IT Certification Guaranteed, The Easy Way! create-addr [-t] -T static [-d] -a {local | remote}=addr[/prefixlen], ... addrobj Creates a static IPv4 or IPv6 address on the interface specified in addrobj. If the interface on which the address is created is not plumbed, this subcommand will implicitly plumb the interface. The created static address will be identified by addrobj. By default, a configured address will be marked up, so that it can be used as a source or destination of or for outbound and inbound packets. NO.153 You are using AI to install a new system. You have added to following information to the AI manifest: < configuration type= "zone" name= "dbzone" source = "http://sysA.example.com/zone_cfg/zone.cfg"/> Which statement is true with regard to the zone.cfg? A. The zone.cfg file is text file in a zonecfg export format. B. The zone.cfg file is an AI manifest that specifies how the zone is to be installed. C. The zone.cfg file is an xml file in a form suitable for use as a command file for the zonecfg command. D. The zone.cfg file is an SC profile with keywords that are specific for configuring a as part of the installation process. E. It is am xml configuration file from the /etc/zone directory. It will be used as a profile for the zone. It specifies the zonename, zonepath, and other zonecfg parameters. Answer: A Explanation: https://docs.oracle.com/cd/E23824_01/html/E21798/glitd.html#scrolltoc http://docs.oracle.com/cd/E23824_01/html/E21798/glitd.html#aizoneconf NO.154 _________ serves as the interface between the SMF repository and the user to ensure that a consistent, picture of the repository is presented to the user. A. repository.db B. service manifest C. svc.startd D. svc.configd Answer: D Explanation: SVC.CONFIGD is the repository daemon responsible for maintaining /etc/svc/repository.db. The repository.db must come clean during this integrity check otherwise it is a "no go" for usual boot sequence to run level 3. The repository may get corrupted due to various hardware issues, software bugs, disk write failures, etc. Note: When svc.configd(1M), the Solaris Repository Daemon, is started, it does an integrity check of the smf(5) repository, stored in /etc/svc/repository.db. This integrity check can fail due to a disk failure, the database file being corrupted either due to a hardware bug, a software bug, or an accidental overwrite. If the integrity check fails, svc.configd will write a message to the console. NO.155 Which three options describe the purpose of the zonep2vchk command? A. Used on a Solaris 10 global zone to access the system for problems before migrating that system to a Solaris 10 branded zone. 83 IT Certification Guaranteed, The Easy Way! B. Used to access a Solaris 10 global zone for problems before migrating that zone to a Solaris 11 global zone C. Used to create zonecfg template for a Solaris 10 global zone that that will be migrated to a solaris10 branded zone. D. Used to migrate an Oracle Solaris 11 global zone to a non-global zone. E. Used to migrate a Solaris 10 global zone to a non-global zone on the same server; the non-global zone can then be migrated to a Solaris 11 server as a Solaris10 branded zone. Answer: C,D,E Explanation: zonep2vchk - check a global zone's configuration for physical to virtual migration into non-global zone The zonep2vchk utility is used to evaluate a global zone's configuration before the process of physical-tovirtual (p2v) migration into a non-global zone. The p2v process involves archiving a global zone (source), and then installing a non-global zone (target) using that archive Zonep2vchk serves two functions. First, it can be used to report issues on the source which might prevent a successful p2v migration. Second, it can output a template zonecfg, which can be used to assist in configuring the non-global zone target. Zonep2vchk can be executed on a Solaris 10 or later global zone. To execute on Solaris 10, copy the zonep2vchkutility to the Solaris 10 source global zone. When run on Solaris 10, a target release of S11 can be specified, which will check for p2v into a Solaris 10 Branded zone. NO.156 Which two statements are true concerning the network stack on Oracle Solaris 11? A. Hardware network interfaces and datalinks have a one-to-one relationship. B. IP addresses are assigned to datalinks. C. A single IP interface can have either an IPv4 address or an IPv6 address but not both. D. A single IP interface can have both an IPv4 address and an IPv6 address. E. A single datalink can have only one IP interface. Answer: A,D NO.157 You have been asked to troubleshoot the initial configuration of a virtual network connecting two local zones with the outside world. View the exhibit. 84 IT Certification Guaranteed, The Easy Way! The command dladm create-vnic -1 vswitch192.168.1 vnic1 fails with the error dladm: invalid link name 'vswitch192.168.1' What is the reason for this error? A. The name vswitch192.168.1 is not legal. B. The zone must be specified withdladm create-vnic -z zone3 vnic1. C. The virtual interface must be specified withdladm create-vnic -z zone3 vnic1. D. The virtual interface must be created withipadm create-vnic -1 switch192.168.1. E. The virtual switch must be created first withdladm create -etherstub vswitch192.168.1. Answer: E Explanation: There is no data-link named vswitch192.168. We need to create an etherstub first. See Note and example below for details. Note: Create a VNIC in the system's global zone. # dladm create-vnic -l data-link vnic-name data-link is the name of the interface where the VNIC is to be configured. -l link, --link=link link can be a physical link or an etherstub. vnic-name is the name that you want to give the VNIC. For example, to create a VNIC named vnic0 on interface e1000g0, you would type the following: # dladm create-vnic -l e1000g0 vnic0 Example: Creating a Virtual Network Without a Physical NIC First, create an etherstub with name stub1: # dladm create-etherstub stub1 Create two VNICs with names hello0 and test1 on the etherstub. This operation implicitly creates a virtual switch connecting hello0 and test1. 85 IT Certification Guaranteed, The Easy Way! # dladm create-vnic -l stub1 hello0 # dladm create-vnic -l stub1 test1 NO.158 What determines which bits in an IP address represent the subnet, and which represent the host? A. Subnet B. unicast C. netmask D. multicast E. broadcast Answer: C Explanation: A subnetwork, or subnet, is a logically visible subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting. The routing prefix of an address is written in a form identical to that of the address itself. This is called the network mask, or netmask, of the address. For example, a specification of the mostsignificant 18 bits of an IPv4 address, 11111111.11111111.11000000.00000000, is written as 255.255.192.0. NO.159 Examine this command and its output: $ zfs list -r -t all tank Name USED AVAIL REFER MOUNTPOINT tank 3.00G 1.84G 32K /tank tank/database 3.00G 1.84G 2.00G /tank/database tank/[email protected] 1.00G - 2.00G Which two conclusions can be drawn based on this output? A. The tank dataset consumes 3 GB of storage. B. The tank/[email protected] dataset consumes 1 GB of storage that is shared with its parent. C. The tank/[email protected] dataset consumes 1 GB of storage that is not shared with its parent. D. The tank/[email protected] dataset consumes 2 GB of storage that is shared with its child. E. The tank/[email protected] dataset consumes 2 GB of storage that is not shared with its child. Answer: A,B NO.160 The core dump configuration for your system is: A user is running a process in the global zone and the process crashes. The process information is: User1 2663 2618 0 17:46:42 pts/2 0:00 /usr/bin/bash 86 IT Certification Guaranteed, The Easy Way! The server host name is: zeus What will the per-process core file be named? A. core.bash.2663.global B. core.bash.2663.zeus C. /var/core/core.bash.2663 D. /var/core/core.bash.2663.global Answer: C Explanation: Note the first line: global core file pattern: /globalcore/core.%f.%p The program name is bash The runtime process ID is 2663 Note: By default, the global core dump is disabled. You need to use the coreadm command with the e global option to enable it. The -g option causes the command to append the program name(%f) and the runtime process ID (%p) to the core file name. NO.161 The line set noexec_user_stack= l should be added to the /etc/system file to prevent an executable stack while executing user programs. What is the purpose of this? A. help prevent core dumps on program errors B. help programs to execute more quickly by keeping to their own memory space C. log any messages into the stack log D. help make buffer-overflow attacks more difficult Answer: D Explanation: How to Disable Programs From Using Executable Stacks Purpose: Prevent executable stack from overflowing. You must be in the root role. Edit the /etc/system file, and add the following line: set noexec_user_stack=1 Reboot the system. # reboot NO.162 User jack on host solaris attempts to use ssh to log in to host oracle and receives this message: jack@solaris:~$ ssh oracle ssh: connect to host oracle port 22: connection refused What is the problem? A. Host oracle does not have a valid host public key. B. Host oracle does not have a valid host private key. C. Host solaris does not have a valid host public key. D. Host does not have a valid host private key. E. Host solaris is not configured for host-based authentication. 87 IT Certification Guaranteed, The Easy Way! F. Host oracle is not configured for host-based authentication. G. Host oracle is not running the ssh service. H. Host solaris is not running the ssh service. Answer: G Explanation: The host he is trying to connect to (oracle) is not running the required service (ssh). NO.163 The crash dump notification on your server is: Documentation states that there should be two core files for each crash dump in the /var/crash directory named vmdump.0 Which command should you choose to display theses two files? A. savecore -f vmdump.0 B. dumpadm uncompressed C. gunzip vmdump.0 D. dumpadm -z off Answer: A Explanation: Decompress using savecore -f vmdump.0 savecore - save a crash dump of the operating system -f dumpfile Attempt to save a crash dump from the specified file instead of from the system's current dump device. This option may be useful if the information stored on the dump device has been copied to an on-disk file by means of the dd(1M) command. NO.164 Which operation will fail if the DNS configuration is incorrect? A. domainname B. ping localhost. C. ping 192.168.1.1 D. ping 23.45.82.174 E. ping www.oracle.com. F. cat /etc/resolv.conf Answer: E Explanation: www.oracle.com would have to be resolved to an IP name by the domain name service. NO.165 User1 is attempting to assist user2 with terminating user2's process 1234. User1 entered the following: kill -9 1234 88 IT Certification Guaranteed, The Easy Way! Why does the process continue to run? A. You can kill a process only if you are root. B. You can kill only a process that you own. C. You can kill the process only with the pkill command. D. You need to kill the process with a stronger kill signal. Answer: B Explanation: Kill -9 Kill (terminates without cleanup) Only works if issued by process owner or super user (root) The program cannot respond to this signal; it must terminate Note: Unix provides security mechanisms to prevent unauthorized users from killing other processes. Essentially, for a process to send a signal to another, the owner of the signaling process must be the same as the owner of the receiving process or be the superuser. NO.166 A local repository is available on this system and you need to enable clients to access this repository via HTTP. The repository information is: PUBLISHERTYPESTATUSURI solarisoriginonlinehttp://sysA.example.com Identify two of the steps that are required to make the local repository on this server available to the client via HTTP. A. On the server: set the pkg/inst_root and pkg/readonly properties for the svc:/application/pkg/server:default service and enabled the service B. On the server: set the sharefs property on the ZFS file system containing the IPS repository. C. On the client: reset the origin for the solaris publisher. D. On the client: set the pkg/inst_root and pkg/readonly properties for the svc:/application/server:default service enable the service. E. On the client: start the pkg.depotd process. Answer: A,E Explanation: A: Configure the Repository Server Service To enable clients to access the local repository via HTTP, enable the application/pkg/server Service Management Facility (SMF) service. # svccfg -s application/pkg/server setprop pkg/inst_root=/export/repoSolaris11 # svccfg -s application/pkg/server setprop pkg/readonly=true E: Use pkg.depotd to serve the repository to clients. Start the Repository Service Restart the pkg.depotd repository service. # svcadm refresh application/pkg/server # svcadm enable application/pkg/server To check whether the repository server is working, open a browser window on the localhost location. NO.167 After installing the OS, the following network configuration information is displayed from the system: 89 IT Certification Guaranteed, The Easy Way! Which option describes the state of this server? A. The automatic network configuration option was chosen during the installation of the OS. B. The manual network configuration option was chosen during the installation of the OS. C. The network was not configured during the installation of the OS. D. The network interface is configured with a static IP address. Answer: C Explanation: Only the loopback addresses are configured. No IP address is configured. NO.168 You have set up the task.max-lwps resource control on your Solaris 11 system. Which option describes how to configure the system so that syslogd notifies you when the resources control threshold value for the task.max-lwps resource has been exceeded? A. Use the rctladm command to enable the global action on the task.max-lwpa resource control. B. Modify the /etc/syslog.conf file to activate system logging of all violations of task.max- lwps and then refresh then svc: /system/system-log:default service. C. Activate system logging of all violations of task.max-lwpp in the /etc/rctldm.conf file and then execute the rctladm-u command. D. Use the prct1 command to set the logging of all resource control violations at the time the task.max-lwps resource control is being setup. E. Use the setrct1 command to set the logging of all resource control violations for the task.max-lwps resource control. Answer: A Explanation: rctladm - display and/or modify global state of system resource controls The following command activates system logging of all violations of task.max-lwps. # rctladm -e syslog task.max-lwps # NO.169 To help with your troubleshooting, you need to determine the version of the OBP. Which two commands will provide you with this information? A. printenv B. banner C. .version D. set-env E. show-devs F. value version Answer: B,C Explanation: B: banner Displays power-on banner. The PROM displays the system banner. The following example shows a SPARCstation 2 banner. The 90 IT Certification Guaranteed, The Easy Way! banner for your SPARC system may be different. SPARCstation 2, Type 4 Keyboard ROM Rev. 2.0, 16MB memory installed, Serial # 289 Ethernet address 8:0:20:d:e2:7b, Host ID: 55000121 C: .version Displays version and date of the boot PROM. Note: OBP-OpenBootProm is a firmware which is placed on the sun machine's prom chip. It is a os independent user interface to deal with the sun machine's hardware components. The user interface provides one or more commands to display system information. NO.170 New features wore added to ZFS in Oracle Solaris11. Your justification to upgrade from Solaris10 to oracle Solaris11 is that it will be possible to take advantage of the enhancements that were made to ZFS. Identify the three ZFS functions and features that are included in Oracle Solaris 11, but not in Solaris 10. A. Encrypted ZFS datasets B. Ability for ZFS to detect and remove redundant data from the tile system C. Shadow Data Migration D. Ability to split a mirrored ZFS storage pool E. Ability to use ZFS on the boot drive and boot to a ZFS root file system. F. elimination of the swap file system when using ZFS on the root disk Answer: A,B,C Explanation: http://www.oracle.com/technetwork/server-storage/solaris11/overview/solaris-matrix1549264.html NO.171 You suspect a problem with the oponldap package and want to make sure that the files have not be modified or otherwise tampered with. Which command would validate all of the files contained in the openldap package and report any problems? A. pkgchk openldap B. pkginfo openldap C. pkg contents openldap D. pkg verify openldap E. pkg set-property signature-policy verify Answer: A Explanation: pkgchk checks the accuracy of installed files or, by using the -l option, displays information about package files. pkgchk checks the integrity of directory structures and files. Discrepancies are written to standard error along with a detailed explanation of the problem. NO.172 View the following information for a software package: 91 IT Certification Guaranteed, The Easy Way! Which command would you use to display this information for a software package that is not currently installed on your system? A. pkg list gzip B. pkg info -r gzip C. pkg search -1 gzip D. pkg verify -v gzip E. pkg contents gzip Answer: B Explanation: By default, the pkg info command only lists information about installed packages on the system; however, we can use a similar command to look up information about uninstalled packages, as shown in here: Example: Listing Information About an Uninstalled Package # pkg info -r php-52 Name: web/php-52 Summary: PHP Server 5.2 Description: PHP Server 5.2 Category: Development/PHP State: Not Installed Publisher: solaris Version: 5.2.17 Build Release: 5.11 Branch: 0.175.0.0.0.1.530 Packaging Date: Wed Oct 12 14:01:41 2011 Size: 44.47 MB FMRI: pkg://solaris/web/php-52@5.2.17, 5.11-0.175.0.0.0.1.530:20111012T140141Z Note: pkg info command displays information about packages in a human-readable form. Multiple FMRI patterns may be specified; with no patterns, display information on all installed packages in the image. With -l, use the data available from locally installed packages. This is the default. With -r, retrieve the data from the repositories of the image's configured publishers. Note that you must specify one or more package patterns in this case. NO.173 User jack makes use of the bash shell; his home directory is/export/home/jack. 92 IT Certification Guaranteed, The Easy Way! What is the correct setting of umask, and where should it be set, to allow jack to create a shell script using the vi editor, that is executable by default? A. It is not possible to make a script executable without using the chmod command. B. umask value of 0002 set in /etc/profile C. umask value of 0002 set in /export/home/jack/.bashrc D. umask value of 0722 set in /etc/profile E. umask value of 0722 set In /export/home/jack/.bashrc Answer: B Explanation: The user file-creation mode mask (umask) is use to determine the file permission for newly created files. It can be used to control the default file permission for new files. It is a four- digit octal number. You can setup umask in /etc/bashrc or /etc/profile file for all users. By default most Unix distro set it to 0022 (022) or 0002 (002). 1. The default umask 002 used for normal user. With this mask default directory permissions are 775 and default file permissions are 664. 2 . The default umask for the root user is 022 result into default directory permissions are 7 55 and default file permissions are 644. 3 . For directories, the base permissions are (rwxrwxrwx) 0777 and for files they are 0666 (rw-rw-rw). In short, 1. A umask of 022 allows only you to write data, but anyone can read data. 2. A umask of 077 is good for a completely private system. No other user can read or write your data if umask is set to 077. 3 . A umask of 002 is good when you share data with other users in the same group. Members of your group can create and modify data files; those outside your group can read data file, but cannot modify it. Set your umask to 007 to completely exclude users who are not group members. NO.174 When you issue the "gzip: zommand not found" message is displayed. You need to install the gzip utility on your system. Which command would you use to check if the gzip utility is available from the default publisher for installation? A. pkg info|grep gzip B. pkg list SUNWgzip C. pkg contents gzip D. pkg search gzip Answer: D Explanation: Searching for Packages Use the pkg search command to search for packages whose data matches the specified pattern. Like the pkg contents command, the pkg search command examines the contents of packages. While the pkg contents command returns the contents, the pkg search command returns the names of packages that match the query. pkg search search [-HIaflpr] [-o attribute ...] [-s repo_uri] query Search for matches to the query, and display the results. 93 IT Certification Guaranteed, The Easy Way! Which tokens are indexed are action-dependent, but may include content hashes and pathnames. Note: pkg is the retrieval client for the image packaging system. With a valid configuration, pkg can be invoked to create locations for packages to be installed, called 'images', and install packages into those images. Packages are published by publishers, who may make their packages available at one or more repositories. pkg, then, retrieves packages from a publisher's repository and installs them into an image. NO.175 View the Exhibit and review the zpool and ZFS configuration information from your system. Identify the correct procedure for breaking the /prod_data mirror, removing c4t0d0 and c4t2d0, and making the data on c4t0d0and c4t2d0 accessible under the dev_data mount point. A. zpool split pool1 pool2 c4t0d0 c4t2d0zpool import pool2zfs set mountpoint = /dev_data pool2/prod_data B. zpool detach pool1 pool2zpool attach pool2zfs set mountpoint=/dev_data pool2/prod_data C. zpool split pool1/prod_data -n pool2/dev_datazfs set mountpoint = /dev_data pool2/prod_data D. zpool split pool1 pool2 c4t0d0 c4t2d0zpool import pool2 Answer: D Explanation: In this Solaris release, you can use the zpool split command to split a mirrored storage pool, which detaches a disk or disks in the original mirrored pool to create another identical pool. 94 IT Certification Guaranteed, The Easy Way! After the split operation, import the new pool. NO.176 You have been tasked with creating a dedicated virtual network between two local zones within a single system. In order to isolate the network traffic from other zones on that system. To accomplish this, you will create__________. A. An ether stub B. A virtual router C. A virtual switch D. A virtual bridge. E. A virtual network interface F. Nothing because a virtual switch is automatically created then the virtual network interfaces are created. Answer: A Explanation: Etherstubs are pseudo ethernet NICs which are managed by the system administrator. You can create VNICs over etherstubs instead of over physical links. VNICs over an etherstub become independent of the physical NICs in the system. With etherstubs, you can construct a private virtual network that is isolated both from the other virtual networks in the system and from the external network. For example, you want to create a network environment whose access is limited only to your company developers than to the network at large. Etherstubs can be used to create such an environment. Note: Oracle Solaris 11 introduces a new and powerful network stack architecture which includes: * Networking virtualization with virtual network interface cards (VNICs) and virtual switching (etherstubs) * Tight integration with zones * Network resource management - efficient and easy to manage integrated quality of service (QoS) to enforce bandwidth limit on VNICs and traffic flows NO.177 You need to configure an ISCSI target device on your x86 based Oracle Solaris II system. While configuring the iSCSI device, the following error is displayed: bash: stmfadm: command not found Which option describes the solution to the problem? A. The COMSTAR feature is not supported on the x86 platform. The feature is supported only on the SPARC platform. B. Use the iscsitadm command on the x86 platform when configuring an iSCSI target. C. Install the storage-server group package on this system. D. Start the iSCSI target daemon on this system. Answer: C Explanation: STMF - Manages transactions, such as context and resources for Small Computer System Interface (SCSI) command execution, and tracking logical unit and port providers. STMF also handles logical unit mappings, allocating memory, recovering failed operations, enumeration, and other necessary functions of an I/O stack. STMF is controlled by stmfadm, and stmfadm is the majority of the commands you will be using to administer COMSTAR (COmmon Multiprotocl Scsi TARget). Install the packages you need for COMSTAR with iSCSI and reboot: 95 IT Certification Guaranteed, The Easy Way! # pfexec pkg install storage-server # pfexec pkg install SUNWiscsit # shutdown -y -i6 -g0 Note: You can set up and configure a COMSTAR Internet SCSI (iSCSI) target and make it available over the network. The iSCSI features can work over a normal Internet connection (such as Ethernet) using the standard iSCSI protocol. The iSCSI protocol also provides naming and discovery services, authentication services using CHAP and RADIUS, and centralized management through iSNS. The COMSTAR target mode framework runs as the stmf service. By default, the service is disabled. You must enable the service to use COMSTAR functionality. You can identify the service with the svcs command. If you have not rebooted the server since installing the group/feature/storage-server package, the service might not be enabled correctly. NO.178 You want the system to generate an email notification each time one of the services has changed its state. Which option would send an email message to the system administrator whenever a service changes to the maintenance state? A. Use the setsc command in ALOM to enable the mail alerts to be sent to a specified email address whenever the fault management facility detects a service change to the maintenance state. B. Make an entry in the /etc/syslog.conf file to instruct syslogd to send an email alert when it receives a message from the SMF facility that a service has changed to the maintenance state. C. Use the svccfg setnotify command to create a notification and send an email when a service enters the maintenance state. D. Use the scvadm command to enable the notification service. Set the -g maintenance option on the netnotify service to send an email when a service enters the maintenance state. Answer: C Explanation: This procedure causes the system to generate an email notification each time one of the services or a selected service has a change in state. You can choose to use either SMTP or SNMP. Normally, you would only select SNMP if you already have SNMP configured for some other reason. By default, SNMP traps are sent on maintenance transitions. If you use SNMP for monitoring, you can configure additional traps for other state transitions. 1. Become an administrator or assume a role that includes the Service Management rights profile. 2. Set notification parameters. Example: The following command creates a notification that sends email when transactions go into the maintenance state # /usr/sbin/svccfg setnotify -g maintenance mailto:sysadmins@example.com NO.179 You wish to troubleshoot some issues that you are having on the system. You want to monitor the /var/adm/messages file in real time. Which command would you use to do this? A. head B. tail C. cat D. file E. test Answer: B 96 IT Certification Guaranteed, The Easy Way! Explanation: tail is a program on Unix and Unix-like systems used to display the last few lines of a text file or piped data. By default, tail will print the last 10 lines of its input to the standard output. With command line options the number of lines printed and the printing units (lines, blocks or bytes) may be changed. The following example shows the last 20 lines of filename: tail -n 20 filename NO.180 You are logged in as root to a newly installed Solaris 11 system. You issue the command useradd -d, and then examine the /usr/sadm/defadduser file. This file includes the entry defshell=/bin/sh. Which shell will now be the default for the next account created? A. bash shell B. C shell C. korn shod D. bourne shell Answer: A Explanation: Oracle Solaris 11 introduces user environment and command-line argument changes that include the following: * Shell changes - The default shell, /bin/sh, is now linked to ksh93. The default user shell is the Bourne-again (bash) shell. * The legacy Bourne shell is available as /usr/sunos/bin/sh. * The legacy ksh88 is available as /usr/sunos/bin/ksh from the shell/ksh88 package. * Korn shell compatibility information is available in /usr/share/doc/ksh/COMPATIBILITY. NO.181 The /usr/bin/p7zip file that is part of the p7zip package has been overwritten. This server is critical to production and cannot be rebooted. Identify the command that would restore the file without requiring a reboot. A. pkg verify p7zip B. pkg fix p7sip C. pkg rebuild-index p7zip D. pkg revert p7zip E. pkg uninstsll p7zip F. pkg install p7zip G. pkg install --no-backup-be p7sip H. pkg refresh p7zip Answer: D Explanation: Use the pkg revert command to restore files to their as-delivered condition. NO.182 You need to install the gzip software package on your system. Which command would you use to find the software package in the configured repository? A. pkg search gzip B. pkg info gzip 97 IT Certification Guaranteed, The Easy Way! C. pkg contents gzip D. pkginfo gzip E. yum list gzip Answer: A Explanation: Use the pkg search command to search for packages whose data matches the specified pattern. Like the pkg contents command, the pkg search command examines the contents of packages. While the pkg contents command returns the contents, the pkg search command returns the names of packages that match the query. NO.183 Your SPARC server will not boot into multi user-server milestones and you need to troubleshoot to out why. You need to start the server with minimal services running so that you can go through each milestone manually to troubleshoot the issue. Select the option that boots the server with the fewest services running. A. boot -s B. boot milestone none C. boot -m milestone=single-user D. boot -m milestone=none E. boot -m none Answer: D Explanation: The command boot -m milestone=none is useful in repairing a system that have problems booting early. Boot Troubleshooting: To step through the SMF portion of the boot process, start with: boot -m milestone=none Then step through the milestones for the different boot levels: svcadm milestone svc:/milestone/single-user:default svcadm milestone svc:/milestone/multi-user:default svcadm milestone svc:/milestone/multi-user-server:default NO.184 You are setting up an automated installer (AI) install server and issue the following command: installadm create-service -n prod_ai -s /repo/prod_ai.iso \ -i 192.168.1.100 -c 5 -d /export/repo Which four options describe the install server that you have configured? A. The service name is prod_ai. B. DHCP base IP address is 192.168.1.100 C. The initial IP address for the install clients will be 192.168.1.100. This IP address is temporary. After the client is booted, it will use IP addresses in the following range: 192.168.1.101-105. D. Five IP addresses are allocated for DHCP clients, starting with 192.168.1.100. E. The Install server will support up to five clients. F. The AI net image ISO file is located in /repo/prod and the net image ISO will be unpacked in 98 IT Certification Guaranteed, The Easy Way! /export/repo. G. The AI net image ISO file is located in /repo/repo and is named /repo/prod/_ai.iso. Answer: A,B,D,F Explanation: A: -n <svcname> Uses this install service name instead of default service name. B: -i <dhcp_ip_start> Sets up a new DHCP server. The IP addresses, starting from dhcp_address_start, are set up. D: -c <count_of_ipaddr> Sets up a total number of IP addresses in the DHCP table equal to the value of the count_of_ipaddr. The first IP address is the value of dhcp_ip_start that is provided by the -i option. F: -s <srcimage> Specifies location of AI ISO image to use for setting up the install service. < targetdir> Required: Specifies location to set up net image. NO.185 Identify the Automated Installer's (AI) equivalent to jumpStart's finish scripts and sysidcfg files. A. Manifest files B. SMF system configuration profile files C. Installadm create - client D. IPS software package repository E. installadm create-service F. svccfg - s application/pkg/server setprop sysidcfg Answer: B Explanation: Comparing sysidcfg File Keywords to System Configuration Profile Directives The following table compares sysidcfg file keywords with example AI system configuration profile specifications. sysidcfg File Keyword System Configuration Profile Directives Etc. NO.186 Examine this command and its output: # zoneadm list Global zone2 Which two outcomes can be deduced from this output? A. There is exactly one nonglobal zone installed. B. There is one nonglobal zone running. C. There is at least one oneglobal zone configured. D. There is one nonglobal zone that is not configured. E. There is one nonglobal zone that is not running. F. The is one nonglobal zone that is not installed. G. There is exactly one nonglobal zone configured. 99 IT Certification Guaranteed, The Easy Way! Answer: B,C NO.187 Your server has a ZFS storage pool that is configured as follows: The following partition scheme is used for every disk drive in pool1: Which two are true regarding the ZFS storage pool? A. The data on c3t3d0 is duplicated on c3t4do. B. The data is striped across disks c3t3d0 and c3t4do and mirrored across vdevs mirror-0 and mirror1. C. The storage pool is 146 GB total size (rounded to the nearest GB). D. The storage pool is 584 G8 total size (rounded to the nearest GB). E. The storage pool is 292 GB total size (rounded to the nearest GB). Answer: A,E NO.188 The following information is displayed for the svc:/network/ssh service: 100 IT Certification Guaranteed, The Easy Way! Which describes the minimum set of commands to be executed to bring the svc: /network/ssh: default service back online? A. Option A B. Option B C. Option C D. Option D E. Option E F. Option F G. Option G Answer: C 101 IT Certification Guaranteed, The Easy Way! NO.189 Review the zonestat command: zonestate - q physical - memory -R high -z -p -p "zones" 10 24h 60m Select the option that correctly describes the information that is displayed by this command. A. It is a sample of dbzone's physical memory usage taken every hour over a 24-hour period.Only the top 10 samplings of peak memory usage are displayed. All other utilization data is eliminated. B. It is a sample of dbzone's CPU, virtual memory, and networking utilization.Physical memory is executed from the report.The sampling is taken every 10 minutes over a 24- hour period and peak utilization id displayed each hour. C. It is a sample of dbzone's CPU, virtual memory, and networking utilization.Physical memory is executed from the report.The sampling is taken every 10 minutes over a 24- hour period and displayed each hour. D. It is a sample of dbzone's physical memory usage taken every 10 seconds and 24-hour period.Only peak virtual memory usage and CPU utilization are displayed each hour.All other Utilization data is eliminated. E. It is a sample of dbzone's physical memory usage taken every 10 seconds and 24-hour period.Only peak memory usage is displayed each hour.All other utilization data is eliminated. Answer: D Explanation: * (Not A, B, C): interval (here 10 seconds): Specifies the length in seconds to pause between each interval report. * duration (here 24 h) * -R report[, report] (here high) Print a summary report. High Print a summary report detailing the highest usage of each resource and zone during any interval of the zonestat utility invocation. Note: The zonestat utility reports on the cpu, memory, and resource control utilization of the currently running zones. Each zone's utilization is reported both as a percentage of system resources and the zone's configured limits. The zonestat utility prints a series of interval reports at the specified interval. It optionally also prints one or more summary reports at a specified interval. The default output is a summary of cpu, physical, and virtual memory utilization. The -r option can be used to choose detailed output for specific resources. NO.190 You are the administrator for a group of shell script developers. They use vi, and have asked you to make their scripts automatically executable when they save their files. How can this be accomplished? A. Enter set -o vi on the command line, or include it in each user's startup script. B. Enter umask -s on the command line, or include it in each user's startup script. C. Enter umask 000 on the command line, or include it in each user's startup script. D. Enter umask 777 on the command line, or include it in each user's startup script. E. It is not possible to automatically set the execute bit on with the umask setting, or vi option. F. Enter umask 766 the command line, or include it in the global startup script for the default shell. Answer: E Explanation: 102 IT Certification Guaranteed, The Easy Way! Unlike DOS, which uses the file extension to determine if a file is executable or not, UNIX relies on file permissions. The value assigned by umask is subtracted from the default. User's file creation mask. umask sets an environment variable which automatically sets file permissions on newly created files. i.e. it will set the shell process's file creation mask to mode. umask 000 would grant full permissions. Note: 777 full permissions NO.191 Which files must be edited in order to set up logging of all failed login attempts? A. /etc/default/login, /var/adm/loginlog, /etc/syslog.conf B. /etc/default/login, /var/adm/authlog, /etc/syslog.conf C. /var/adm/loginlog, /var/adm/authlog, /etc/syslog.conf D. /etc/default/login, /var/adm/authlog, /var/adm/loginlog Answer: B Explanation: This procedure captures in a syslog file all failed login attempts. 1. Set up the /etc/default/login file with the desired values for SYSLOG and SYSLOG_FAILED_LOGINS Edit the /etc/default/login file to change the entry. Make sure that SYSLOG=YES is uncommented. 2. Create a file with the correct permissions to hold the logging information. Create the authlog file in the /var/adm directory. 3. Edit the syslog.conf file to log failed password attempts. Send the failures to the authlog file. NO.192 You display the IP interface information with ipmpstat -i. Which two characteristics are indicated by characters that may be included in the FLAGS column? A. default route B. IP forwarding enabled IS C. allocated to global zone D. unusable due to being inactive E. nominated to send/receive IPv4 multicast for its IPMP group Answer: D,E Explanation: FLAGS Indicates the status of each underlying interface, which can be one or any combination of the following: (D) d indicates that the interface is down and therefore unusable. (E) M indicates that the interface is designated by the system to send and receive IPv6 multicast traffic for the IPMP group. Note: i indicates that the INACTIVE flag is set for the interface. Therefore, the interface is not used to send or receive data traffic. s indicates that the interface is configured to be a standby interface. m indicates that the interface is designated by the system to send and receive IPv4 multicast traffic for the IPMP group. b indicates that the interface is designated by the system to receive broadcast traffic for the IPMP 103 IT Certification Guaranteed, The Easy Way! group. h indicates that the interface shares a duplicate physical hardware address with another interface and has been taken offline. The h flag indicates that the interface is unusable. NO.193 Identify three differences between the shutdown and init commands. A. Only shutdown broadcasts a final shutdown warning to all logged-in users. B. init does not terminate all services normally. The shutdown command performs a cleaner shutdown of all services. C. The shutdown command can only bring the system to the single-user milestone. The init command must be used to shut the system down to run level 0. D. Only shutdown sends a shutdown message to any systems that are mounting resources from the system that is being shut down. E. The shutdown command will shut the system down and turn off power; init will only shut the system down. Answer: A,B,E NO.194 You have connected a new printer at a fixed IP address. It appears to work correctly most of the time, but at other times does not respond. You suspect that the assigned address may not be unique within the network. What command will be useful to confirm this? A. arp B. netstat C. ipadm show-if D. dladm show-addr E. ipadm show-addr Answer: E Explanation: 'ipadm show-addr' displays all the configured addresses on the system. Example: # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 lo0/v6 static ok ::1/128 NO.195 Which three options accurately describe Oracle Solaris 11 zones? A. can be NFS servers B. are whole root type only C. cannot have their own time zone setting D. can execute zfs and zpool commands (from a non-global zone) E. are virtualized operating system environments, each with its own dedicated OS and kernel F. are virtualized operating system environments, created with a single instance of the OS shared kernel Answer: A,D,F Explanation: 104 IT Certification Guaranteed, The Easy Way! A: Zones can use Oracle Solaris 11 products and features such as the following: Oracle Solaris ZFS encryption Network virtualization and QoS CIFS and NFS C: Non-global zones cannot modify the system clock by default, but each zone can have a separate time zone setting. F (not E): The Oracle Solaris Zones partitioning technology is used to virtualize operating system services and provide an isolated and secure environment for running applications. A zone is a virtualized operating system environment created within a single instance of the Oracle Solaris operating system. NO.196 Oracle Solaris 11 limits access to the system with usernames and passwords. The usernames are held in ___________, and the passwords are held in ___________. Select the correct pair. A. /etc/security/policy.conf /etc/passwd B. /etc/passwd /etc/shadow C. /etc/security /etc/passwd D. /etc/shadow /etc/passwd Answer: B Explanation: The /etc/passwd file contains basic user attributes. This is an ASCII file that contains an entry for each user. Each entry defines the basic attributes applied to a user. /etc/shadow file stores actual password in encrypted format for user's account with additional properties related to user password i.e. it stores secure user account information. All fields are separated by a colon (:) symbol. It contains one entry per line for each user listed in /etc/passwd file. NO.197 Choose three options that describe the features associated with a Live Media installation. A. does not allow the root user to log in to the system directly from the console (or any terminal) B. provides a "hands free" installation C. installs the desktop based packages D. can be used to install only x86 platforms E. installs the server-based set of packages only F. allows both automatic and manual configuration of the network G. installs both the server-based and desktop-based package Answer: B,C,D Explanation: The graphical installer is officially known as the "Live Media." This means that Oracle Solaris can be booted into RAM, causing zero impact on your existing operating system. After it is loaded, you are free to experiment with Oracle Solaris to determine whether it is something you would like to install to your system. You can download Oracle Solaris 11 Live Media for x86, which is an approximately 800 MB image file, and use a DVD burner to create the disk, or you can use the ISO image directly in a virtual machine or through the Oracle Integrated Lights Out Manager (ILOM) Remote Console. The Live Media is not intended for long-term use. For example, any changes that you make to the 105 IT Certification Guaranteed, The Easy Way! system are lost when the system is shut down. Therefore, the next logical step is to install Oracle Solaris on the system, which the Live Media makes easy by placing an Install Oracle Solaris icon right on the desktop. But before we head down that road, let's step back a bit and consider the installation options. Note: The Live Media provides administrators with an opportunity to explore the Oracle Solaris 11 environment without installing it on a system. The system boots off the media directly allowing administrators to start the installer should they choose to install it to a system. NO.198 This iron is displayed on the desktop of a laptop computer, which is running Oracle Solaris 11. Which two statements describe the Information conveyed by this Icon? A. NWAM is disabled. B. NWAM is automatically configuring the network. C. The wireless network card is manually configured and operational. D. The wireless network card is manually configured but not operational. E. The wireless network card is automatically configured and operational. F. The wireless network card is automatically configured but not operational. Answer: B,C Explanation: B: The Network Status notification icon is only displayed on the desktop if you are using NWAM to automatically configure your network. C: All online (Wireless) Indicates all manually enabled connections in the enabled network profile are online and that the required number of connections in the enabled profile group (if such a group exists) are online. The required number is the same as those described for the All online (Wired) status. Note that at least one online connection is wireless. NO.199 You have a user that needs to use the cron tool to schedule some repetitive tasks. When the user enters the crontab -e command in a terminal window, the following error appears: crontab: you are not authorized to use cron. Sorry In order to troubleshoot this issue, in what directory would you start your invest A. /etc/cron.d B. /var/spool/cron C. /var/spool/cron/crontable D. /var/spool/cron/atjobs 106 IT Certification Guaranteed, The Easy Way! Answer: A Explanation: crontab: you are not authorized to use cron. Sorry. This message means that either the user is not listed in the cron.allow file (if the file exists), or the user is listed in the cron.deny file. You can control access to the crontab command by using two files in the /etc/cron.d directory: cron.deny and cron.allow. These files permit only specified users to perform crontab command tasks such as creating, editing, displaying, or removing their own crontab files. The cron.deny and cron.allow files consist of a list of user names, one user name per line. NO.200 You have already generated a 256-bit AES raw key and named the keystore file /mykey. You need to use the key to create an encrypted file system. Which command should you use to create a ZFS encrypted file system named pool1/encrypt using the /mykey keystore? A. zfs create - o encryption = /mykey pool1/encrypt B. zfs create - o encryption = 256-ccm - o keysource = raw, file : ///my key pool1/encrypt C. zfs create - o encryption = AES keysource = /mykey pool1/encrypt D. zfs create - o encryption = on keystore = /mykey pool1/encrypt Answer: B Explanation: Example: Encrypting a ZFS File System by Using a Raw Key In the following example, an aes-256-ccm encryption key is generated by using the pktool command and is written to a file, /cindykey.file. # pktool genkey keystore=file outkey=/cindykey.file keytype=aes keylen=256 Then, the /cindykey.file is specified when the tank/home/cindy file system is created. # zfs create -o encryption=aes-256-ccm -o keysource=raw, file:///cindykey.file tank/home/cindys NO.201 The interface net3 should be operating, but is not. Command: Which command should you enter next? A. ipadm create-ip B. ipadm enable-if C. ipadm show-if D. ipadm up-addr Answer: B Explanation: Enable-if -t interface Enables the given interface by reading the configuration from the persistent store. All the persistent interface properties, if any, are applied and all the persistent addresses, if any, on the given interface will be enabled. -t, --temporary Specifies that the enable is temporary and changes apply only to the active configuration. 107 IT Certification Guaranteed, The Easy Way! NO.202 You are installing Oracle Solaris 11 on a SPARC-based system by using the Test Installer. Which three statements are true? A. The ROOT user will always be configured as a role. B. The root filesystem will always be deployed on ZFS. C. The root filesystem will always be located on a local disk. D. The network can be configured using DHCP. E. The set of packages that will be installed are server based. F. You must always create one regular user when installing the system. Answer: B,D,E NO.203 You want to configure an iSCSI target device on your system. Select the group package required to install this functionality on your system. A. storage-server B. solaris-small-server C. storage-avs D. storage-nas Answer: A Explanation: How to Create an iSCSI LUN The disk volume provided by the server is referred to as the target. When the LUN is associated with an iSCSI target, it can be accessed by an iSCSI initiator. The following tasks are completed on the system that is providing the storage device. 1. Install the COMSTAR storage server software. target# pkg install storage-server Etc. NO.204 After installing the OS, you boot the system and notice that the syslogd daemon is not accepting messages from remote systems. Which two options should you select to modify the syslogd daemon configuration so that it accepts messages from remote systems? A. svccfg -s svc:/system/system -log setprop start/exec= "syslogd -t"Restart the syslogd daemon. B. Set the following parameter in the /etc/syslogd.conf file: LOG_FROM_REMOTE= YESRestart the syslogd daemon. C. svcadm enable svc:/system/system -log/config/log_from_remoteRestart the syslogd daemon. D. svccfg -s svc:/system/system-log setprop config/log_from_remote=trueRestart the syslogd daemon. E. Set the following parameter in the /etc/default/syslogd file: LOG_FROM_REMOTE=YESRestart the syslogd daemon. Answer: B,D Explanation: B: The /etc/default/syslogd file contains the following default parameter settings. See FILES. LOG_FROM_REMOTE Specifies whether remote messages are logged. LOG_FROM_REMOTE=NO is equivalent to the -t command-line option. The default value for LOG_FROM_REMOTE is YES. 108 IT Certification Guaranteed, The Easy Way! NO.205 ServerA contains two ISO images of a package repository named so1.repo.iso-a and so1.repo.iso-b respectively. You need to create a single local package repository on server that clients can connect to. The package repository will be stored on the /export/IPS file system and named repo. The preferred publisher will be named solaris and the publisher URL will be http://serverA.example.com. Which is the correct procedure to perform on ServerA to create the local Package repository? A. cat so1.repo.iso-a sol.repo.iso-b > so1.full.isoMount the ISO image and use the rsync command to extract the contents of the ISO file to the /export/IPS file system.Set the pkg/inst_root property to /export/IPS/repo and the pkg/readonly property to true.Set the preferred publisher by using pkg setpublisher -Ghttp://pkg.oracle.com/solaris/release/ \-g http"//serverA.example.com/ solaris B. cat so1.repo.iso-a so1.repo.iso-b > /export/IPS/repoSet the pkg/inst_root property to true and the pkg/readonly property to /export/IPSSet the preferred publisher by using pkg set-publisher -G http://serverA.example.com/ \-g http://pkg/oracle.com/solaris/rekease/solaris C. cat so1.repo.iso-a so1.repo.iso-b > so1.full.isoMount the ISO image and use the rsync command to extract the contents of the ISO file to /export/IPS/repoSet the pkg/inst_root property to /export/IPS/repo and the pkg/readonly property to trueSet the preferred publisher by using pkg setpublisher solaris \-g http://pkg.oracle.com/ D. cat so1.repo, iso-a so1.repo.iso-b > /export/IPS/repo.isoMount the ISO image and copy the repo directory from the ISO image to /export/IPS/reposet the pkg/inst_root property and the pkg/readonly property to /export/IPS/reposet the preferred pkg/inst_root property by using pkg setpublisher - G http://serverA.example.com/ \- g http://pkg.oracle.com/solaris.com/release/- p solaris Answer: A NO.206 A user jack, using a korn shell, requests a directory listing as follows: jack@solaris:/export/home/jack $ 1s File filea Filea fileb Fileb filec Filec Which two statements are correct? A. The pattern [?i]*a will expand to filea Filea. B. The pattern [fF]*a? will expand to [fF] *a?. C. The pattern [gfe] * will expand to file filea fileb filec. D. The pattern [g-e] * will expand to file filea fileb filec. E. The pattern [fF] [a-zA-z] i*e will expand to file. Answer: A,C Explanation: A: starting with one single character, second character must be letter i, any characters, ending with letter a. C: starting with letter e, f, or g, followed by anything. NO.207 Server A, Server B, and Server C are connected to the same network switch and are on the sari Each server has a single network interface, net0. You received a tech support call that Server B has lost network connectivity. Your troubleshooting has 109 IT Certification Guaranteed, The Easy Way! discovered: Server A can ping Server C, but not Server B. Server B can ping localhost, but not Server A or C. Server C can ping Server A, but not Server B. On Server F3, you enter the following command: dladm show-phys | grep net0 Response: net0/v4 Ethernet down 0 unknown el00gl What is the next logical troubleshooting action? A. Run arp -a on all servers. B. Confirm that the router is working. C. Confirm that the power light of the network switch is on. D. Confirm that the physical network connections are intact. E. On Server A and C, run tranceroute -n server. F. On Server B, run tranceroute -n servera and tranceroute -n serverc. Answer: D Explanation: Check the physical connection. NO.208 You have installed software updates to a new boot environment (BE) and have activated that the booting to the new BE, you notice system errors. You want to boot to the last known good configuration. Which option would you use on a SPARC system to boot to the currentBE boot environment? A. boot -L currentBE B. boot -Z rpool/ROOT/currentBE C. boot -a Enter the currentBE dataset name when prompted. D. boot rpool/ROOT/currentBE E. boot -m currentBE F. beadm activate currentBE Answer: F Explanation: You can change an inactive boot environment into an active boot environment. Only one boot environment can be active at a time. The newly activated boot environment becomes the default environment upon reboot. How to Activate an Existing Boot Environment 1. Use the following command to activate an existing, inactive boot environment: beadm activate beName beName is a variable for the name of the boot environment to be activated. Note the following specifications. beadm activate beName activates a boot environment by setting the bootable pool property, bootfs, to the value of the ROOT dataset of the boot environment that is being activated. beadm activate sets the newly activated boot environment as the default in the menu.lst file. 2. Reboot. The newly activated boot environment is now the default on the x86 GRUB menu or SPARC boot menu. 110 IT Certification Guaranteed, The Easy Way! NO.209 In a default standalone installation of Oracle Solaris 11, what is the default minimum length in characters of a user password, and where is the minimum password length defined? A. Default minimum length is 8, and is defined in /etc/default/password. B. Default minimum length is 6, and is defined in /etc/default/password. C. Default minimum length is 8, and is defined in /etc/shadow. D. Default minimum length is 6, and is defined in /etc/shadow. E. Default minimum length is 8, and is defined in /usr/sadm/defadduser. F. Default minimum length is 6, and is defined in /usr/sadm/defadduser. Answer: B Explanation: By default, the passwd command assumes a minimum length of six characters. You can use the PASSLENGTH default in the /etc/defaults/passwd files to change that by setting the minimum number of characters that a user's password must contain to some other number. NO.210 Which modification needs to be made to the Service Management Facility before you publish a new package to the IPS repository? A. The pkg.depotd must be disabled. B. The pkg/readonly property for the application/pkg/server service must be set to false. C. The Pkg/writabie_root property for the application/Pkg/server service must be set to true. D. The pkg/image.root property for the application/pkg/server service must be set to the location of the repository. Answer: D Explanation: pkg/image_root (astring) The path to the image whose file information will be used as a cache for file data. NO.211 You want to install the openldap software package to a now boot environment for testing before introducing the now software package to the production environment. What option describes the correct procedure to: 1) create a new BE named nowBE 2) install the software to that new BE only A. pkg install --newBE openldap B. pkg install --be-nama newBE openldap C. beadm create newBEbeadm mount newBE /mntpkg -R /mnt update openldap D. beadm create newBEbeadm activate newBEpkg install openldap Answer: D Explanation: If you want to create a backup of an existing boot environment, for example, prior to modifying the original boot environment, you can use the beadm command to create and mount a new boot environment that is a clone of your active boot environment. This clone is listed as an alternate boot environment in the GRUB menu for x86 systems or in the boot menu for SPARC systems. When you clone a boot environment by using the beadm create command, all supported zones in that boot environment are copied into the new boot environment. 111 IT Certification Guaranteed, The Easy Way! How to Create a Boot Environment 1 . Become the root role. 2 . Create the boot environment. # beadm create BeName BeName is a variable for the name of the new boot environment. This new boot environment is inactive. 3 . (Optional) Use the beadm mount command to mount the new boot environment. # beadm mount BeName mount-point Note: If the directory for the mount point does not exist, the beadm utility creates the directory, then mounts the boot environment on that directory. If the boot environment is already mounted, the beadm mount command fails and does not remount the boot environment at the newly specified location. 4 . (Optional) Activate the boot environment. # beadm activate BeName BeName is a variable for the name of the boot environment to be activated. On reboot, the newly active boot environment is displayed as the default selection in the x86 GRUB menu or the SPARC boot menu. NO.212 Review the storage pool information: Which statement describes the status of this storage pool? A. It is a RAIDZ storage pool and can withstand a single disk failure; data will be striped at: disk components. B. It is a double-parity RAIDZ storage pool and can withstand two disk failures; data will be striped across four disk components. C. It is an improperly configured RAIDZ storage pool; data will be striped across four disk components, but only three drives are protected with redundancy. D. It is an improperly configured RAIDZ storage pool; data will be striped across three disk components, but only three drives are protected with redundancy. Answer: D Explanation: Device c3t6d0 is not included in the RAIDZ storage pool. The other three devices are included in the raidz pool. The data on these devices are protected. Note: In addition to a mirrored storage pool configuration, ZFS provides a RAID-Z configuration with either single, double, or triple parity fault tolerance. Single-parity RAID-Z (raidz or raidz1) is similar to RAID-5. Double-parity RAID-Z (raidz2) is similar to RAID-6. 112 IT Certification Guaranteed, The Easy Way! NO.213 Your system is assigned an IP address object 192.168.0.222/24. However, the net mask expressed as four octets - is required. Which is the correct netmask? A. 255.0.0.0 B. 255.255.0.0 C. 255.255.255.0 D. 255.255.255.24 E. 255.255.255.255 Answer: C Explanation: A 24-bit network mask is expressed as 255.255.255.0. NO.214 The following information is displayed about the compress/zjp software package, which Is currently installed on this system: NAME (PUBLISHER)VERSIONIFO Compress/zip3.1.2-0.175.0.0.0.0.537ifNAMEVERSIONDATECOMMENT Compress/zip3.109 Dec 2011 04:50:38 ESTNone Which statement describes the information that is displayed tor the compress/zip software package? A. This package cannot be removed. B. This package can be updated to a new version when the new version of the package becomes available. C. This package cannot be updated. D. This package can be updated to version 3.1.3 but not 3.2. E. This package cannot be downgraded to version 3.1.1. Answer: B Explanation: An "f" in the F column indicates the package is frozen. If a package is frozen, you can only install or update to packages that match the frozen version. Note: The "i" in the I column indicates that these packages are installed in this image. Adding and Updating Oracle Solaris 11 Software Packages, Showing Package Install State Information NO.215 Which two statements are true concerning the creation of user accounts by using the useradd command? A. By default, it will create the user's home directory. B. New user accounts are unlocked but must change their password at their first login. C. New user accounts are in a pending activation state until a password is assigned to them. D. By default, a new group will be added for each new user account. E. By default, the UID of a new user account will be the next available number above the highest number currently assigned. F. By default, the UID of a new user account with be the lowest available unused number for nonsystem accounts. Answer: C,E NO.216 Which three statements are true concerning Image Packaging System (IPS) incorporation 113 IT Certification Guaranteed, The Easy Way! package? A. Installing an incorporation package does not install any other packages. B. Every feature or tool has a separate IPS incorporation. C. They constrain the versions of packages they incorporate. D. They are a content management tool and not a version management tool. E. Their dependencies are always of TYPE-REQUIRE. F. They are defined by their manifest Answer: A,C,E NO.217 Which two statements are true when updating Solaris 11 from one Support Respository Update (SRU) to another SRU by using the pkg update command? A. By default, the pkg update command automatically creates a backup Boot Environment whenever the kernel is affected by the update. B. By default, the pkg update command automatically creates a new Boot Environment whenever the kernel is affected by the update. C. The pkg update command can only be used to update to a newer SRU. D. The pkg update command can be used to update to a newer or older SRU. E. By default, the pkg update command always updates Solaris 11 to the first SRU that was released after the Current SRU. F. The pkg update command can only be performed while running in the single-user milestone. Answer: B,C NO.218 The COMSTAR framework provides support for the iSCSI protocol. Select three options that correctly describe the COMSTAR framework. A. iSCSI devices can be used as dump devices. B. SCSI commands are carried over IP networks and enable you to mount disk devices from across the network onto your local system. C. Large amounts of data can be transferred over an IP network with very little network degradation. D. COMSTAR allows you to convert any Solaris11 host into a SCSI target device that can be accessed over a storage network. E. One IP port can handle multiple ISCSI target devices. Answer: B,D,E Explanation: B: By carrying SCSI commands over IP networks, the iSCSI protocol enables you to access block devices from across the network as if they were connected to the local system. COMSTAR provides an easier way to manage these iSCSI target devices. D: Common Multiprotocol SCSI TARget, or COMSTAR, a software framework that enables you to convert any Oracle Solaris 11 host into a SCSI target device that can be accessed over a storage network by initiator hosts. E: One IP port can handle multiple iSCSI target devices. NO.219 Given the following output of the zpool status command: 114 IT Certification Guaranteed, The Easy Way! Identify the correct statement regarding pool1's configuration. A. Data written to pool1 will be stripped across four disk components. B. The rsdz1-0 and c3t640 components are submirrors of pool1. C. Data will only be stripped across the three disks in rsidz configuration. D. The configuration is a bug in Solaris 11; it cannot be created by an administrator. Answer: B NO.220 To assist in examining and debugging running processes, Solaris 11 has a utility that returns pro arguments and the names and values of environment variables. What is the name of this utility? A. ppgsz B. pargs C. pmap D. pgrep Answer: B Explanation: The pargs utility examines a target process or process core file and prints arguments, environment variables and values, or the process auxiliary vector. NO.221 Identify the correctly matching pair of equivalent functionality of JumpStart and Automated installer (AI). A. JumpStart: begin script AI: package repository B. JumpStart: setup_serverAI: installadm create-service C. JumpStart: add_Install_clientAI: SMF system configuration profile files D. JumpStart: finish scripts and sysidsfg filesAI: manifest files Answer: B Explanation: JumpStart: Use the setup_install_server(1M) command. AI: Use the installadm create-service command. NO.222 Your task is to convert a JumpStart sysidcfg file to an Automated Installer (AI) sc_profile.xml file, using js2ai. Select two unsupported items that will require changes. A. terminal = zterms B. name_service-NTS+ C. timezone=US/pacific 115 IT Certification Guaranteed, The Easy Way! D. system_locale=en_US E. network_interface=PRIMARY F. root_password=rJmvLUXM10cU Answer: A,D Explanation: A: terminal The js2ai tool does not perform any translation. Make sure the terminal type speciied in the sysidcfg ile is supported in Oracle Solaris 11. D: system_locale The js2ai tool does not perform any translation. Make sure the locale specified in the sysidcfg ile is supported in Oracle Solaris 11. NO.223 You want to delete the IPv4 address on the interface net3. Which command should you use? A. ipadm delete-ip net3/v4 B. ipadm down-addr net3/v4 C. ipadm disable-if net3/v4 D. ipadm delete-vni net3/v4 E. ipadm delete-addr net3/v4 F. ipadm deiete-ipv4 ner3/v4 Answer: E Explanation: The ipadm delete-addr subcommand removes addresses from interfaces. To remove an address from the IPMP group, type the following command: # ipadm delete-addr addrobj The addrobj uses the naming convention inder-interface/user-string. NO.224 User brian changes the permissions for db_data this command: chmod 4755 db_data What is true? A. db_data now has permissions rwsr-xr-x and can be deleted only by user brian. B. db_data now has permissions rwsr-xr-x and, if executed, will inn with the permissions of user brian. C. db_data now has permissions rwxr-sr-x and can be deleted only by members of the group owning it. D. The permissions for db_data cannot be determined, because the permissions prior to the change have not been specified. E. db_data must be an ordinary file, because special permissions cannot be set on a directory. Answer: C Explanation: Use the chmod command to change permissions for a file or directory. You must be the owner of a file or directory, or have root access, to change its permissions. Here we do not know if brian owns db_data. Note: 116 IT Certification Guaranteed, The Easy Way! Permission 7 full 6 read and write 5 read and execute 4 read only 3 write and execute 2 write only 1 execute only 0 none 0 --- no permission 1 --x execute 2 -w- write 3 -wx write and execute 4 r-- read 5 r-x read and execute 6 rw- read and write 7 rwx read, write and execut Solaris: Solaris Advanced User's Guide NO.225 The ZFS configuration on your server is: Pool1 6.67G31K/pool Pool1/data31K31K/data Select the three commands that you would use to 1. Create, 2. List, and 3. Delete a snapshot of the /data file system. A. zfs snapshot pool1/data@now B. zfs create snapshot pool1/data@now C. zfs list -t snapshot D. zfs list -t snapshot pool1/data E. zfs destroy pool1/data@now F. zfs destroy snapshot pool1/data@now Answer: A,D,E Explanation: A: Snapshots are created by using the zfs snapshot command, which takes as its only argument the name of the snapshot to create. D: You can list snapshots as follows: # zfs list -t snapshot E: Snapshots are destroyed by using the zfs destroy command. For example: # zfs destroy tank/home/ahrens@now NO.226 Select two statements that correctly describe the capabilities of the Distribution Constructor. A. ISO images for use with the Automated Installer (AI) can be created. B. Bootable USB images can be created for SPARC and x86 architectures. C. A single installation server can be used to create ISO images for SPARC and x86 architectures. D. Checkpoints can be used to pause the build, allowing scripts to run that modify the resulting ISO 117 IT Certification Guaranteed, The Easy Way! Image. E. A single Installation server can be used to create ISO images for Solaris 10 and Solaris11 operating systems. Answer: A,D Explanation: A: You can use the distribution constructor to create the following types of Oracle Solaris images: * (A) x86 or SPARC ISO Image for Automated Installations * Oracle Solaris x86 live CD image * x86 or SPARC Oracle Solaris text installer image * x86 Oracle Solaris Virtual Machine Note: You can use the distribution constructor to build custom Oracle Solaris images. Then, you can use the images to install the Oracle Solaris software on individual systems or multiple systems. You can, also, use the distribution constructor to create Virtual Machine (VM) images that run the Oracle Solaris operating system. D: Checkpointing Options You can use the options provided in the distro_const command to stop and restart the build process at various stages in the image-generation process, in order to check and debug the image that is being built. This process of stopping and restarting during the build process is called checkpointing. NO.227 You want to deploy Oracle Solaris 11 with the Automated Installer (AI). You need to make sure that your server and network meet the requirements for using AI. Identify two requirements for using AI. A. You should set up DHCP. The DHCP server and AI install server can be the same machine or two different machines. B. You can create only one manifest per install service. If you need more than one manifest, you should create multiple install services. C. The minimum requirement to operate as an AI install server is 1 GB of memory. D. If two client machines have different architectures and need to be installed with the same version of the Oracle Solaris 11 OS, then you should create two AI manifests and a single install service. Answer: A,D Explanation: A: An automated installation of a client over the network consists of the following high-level steps: Step 1. The client system boots over the network and gets its network configuration and the location of the install server from the DHCP server. Step 2: The install server provides a boot image to the client. Etc. D: If two client machines need to be installed with the same version of the Oracle Solaris 11 OS but need to be installed differently in other ways, then create two AI manifests for the AI install service. The different AI manifests can specify different packages to install or a different slice as the install target, for example. NO.228 You are the administrator of a system that a large number of developers work on. These developers crash the system, and their applications, on a regular basis. What command would you use to configure where the core files are saved? A. savecore 118 IT Certification Guaranteed, The Easy Way! B. dumpadm C. svcadm D. proc E. coreadm Answer: E Explanation: The coreadm command is used to specify the name and location of core files produced by abnormally-terminating processes. NO.229 You are configuring NFS on a server. Select the two statements that are true. A. Resources listed in /etc/dfs/dfstab are automatically shared on boot up. B. A directory cannot be shared if a subdirectory below it is already shared. C. Renaming a share created with the zfs set share command is not supported. D. NFS and SMB protocols cannot be used simultaneously to share the same directory. Answer: A,C Explanation: A: ZFS can automatically share file systems by setting the sharenfs property. Using this property, you do not have to modify the /etc/dfs/dfstab file when a new file system is shared. The sharenfs property is a comma-separated list of options to pass to the share command. The value on is an alias for the default share options, which provides read/write permissions to anyone. The value off indicates that the file system is not managed by ZFS and can be shared through traditional means, such as the /etc/dfs/dfstab file. All file systems whose sharenfs property is not off are shared during boot. NO.230 How are operating system updates distributed in the Oracle Solaris 11 environment? A. Updates are only available to customers with an active support contract. The updates are distributed through the My Oracle Support web portal and installed in a central location. All software packages are then updated manually from the command line using the smpatch command. B. Patches are download from http: //support.oracle.com either automatically or manually. All software packages are then updated manually from the command line using the smpatch or patchadd commands. C. Software updates are published as packages to a repository. All software packages are then updated manually from the command line using the pkg command. D. Software updates, published as packages to an OS image. All software packages are then updated manually from the command line using the pkg command. Answer: C Explanation: * Updating all of the packages on your installed system - To update all of the packages on your system that have available updates, use the pkg update command, as follows: # pkg update Running this command updates packages that you might not otherwise consider updating, for example, kernel components and other low-level system packages. * Adding or updating individual packages - To add individual software packages, use the pkg install 119 IT Certification Guaranteed, The Easy Way! command. Any dependent packages are also updated at the same time. * install package updates that deliver fixes- A pkg update operation might include bug fixes, so the operation is similar to applying a specific patch or patches in previous Oracle Solaris releases. Note: The IPS interfaces first check for updates for currently installed packages before retrieving them via the network. By default, interfaces check repository catalogs in the following locations: * The default installation repository at pkg.oracle.com/solaris/release. * The support repository in My Oracle Support. This repository is restricted to users with Oracle Solaris 11 Express support contracts, and it contains packages with the latest bug fixes. For this reason, a support contract must be purchased for production deployments. NO.231 Which three of the components could be used in a ZFS storage pool, but are not recommended configurations? A. A file on a UFS file system B. A Veritas Volume Manager (VxVM) volume C. A LUN In a hardware RAID array D. A disk slice from an SMI labeled disk E. A Solaris Volume Manager (SVM) volume F. An EFI labeled disk Answer: A,B,E Explanation: A: ZFS also allows you to use UFS files as virtual devices in your storage pool. This feature is aimed primarily at testing and enabling simple experimentation, not for production use. The reason is that any use of files relies on the underlying file system for consistency. If you create a ZFS pool backed by files on a UFS file system, then you are implicitly relying on UFS to guarantee correctness and synchronous semantics. However, files can be quite useful when you are first trying out ZFS or experimenting with more complicated layouts when not enough physical devices are present. All files must be specified as complete paths and must be at least 64 Mbytes in size. B, E: You can construct logical devices for ZFS using volumes presented by software- based volume managers, such as Solaris Volume Manager (SVM) or Veritas Volume Manager (VxVM). However, these configurations are not recommended. While ZFS functions properly on such devices, less-thanoptimal performance might be the result. NO.232 You need to know the IP address configured on interface net3, and that the interface is up. Which command confirms these? A. ipadm show-if B. ipadm up-addr C. ipadm show-addr D. ipadm enable-if E. ipadm refresh-addr F. ipadm show-addrprop Answer: C Explanation: Show address information, either for the given addrobj or all the address objects configured on the specified interface, including the address objects that are only in the persistent configuration. 120 IT Certification Guaranteed, The Easy Way! State can be: disabled, down, duplicate, inaccessible, ok, tentative Example: # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 lo0/v6 static ok ::1/128 NO.233 A user account must be a member of a primary group, and may also be a member of one or more secondary groups. What is the maximum total number of groups that one user can concurrently belong to? A. 15 B. 16 C. 17 D. 63 E. 64 F. 65 G. The number of groups one user can concurrently belong to is unlimited in Solaris 11. Answer: B Explanation: Each user belongs to a group that is referred to as the user's primary group. The GID number, located in the user's account entry within the /etc/passwd file, specifies the user's primary group. Each user can also belong to up to 15 additional groups, known as secondary groups. In the /etc/group file, you can add users to group entries, thus establishing the user's secondary group affiliations. Note (4 PSARC/2009/542): his project proposes changing the maximum value for NGROUPS_MAX from 32 to 1024 by changing the definition of NGROUPS_UMAX from 32 to 1024. The use for a larger number of groups is described in CR 4088757, particular in the case of Samba servers and ADS clients; the Samba servers map every SID to a Unix group. Users with more than 32 groups SIDs are common. We've seen reports varying from "64 is enough", "128 is absolutely enough" and "we've users with more 190 group SIDS). NGROUPS_MAX as defined by different Unix versions are as follows (http://www.j3e.de/ngroups.html): Linux Kernel >= 2.6.3 65536 Linux Kernel < 2.6.3 32 Tru64 / OSF/1 32 IBM AIX 5.2 64 IBM AIX 5.3 ... 6.1 128 OpenBSD, NetBSD, FreeBSD, Darwin (Mac OS X) 16 Sun Solaris 7, 8, 9, 10 16 (can vary from 0-32) HP-UX 20 IRIX 16 (can vary from 0-32) Plan 9 from Bell Labs 32 Minix 3 0 (Minix-vmd: 16) QNX 6.4 8 121 IT Certification Guaranteed, The Easy Way! NO.234 Consider the following rule file for use with the Basic Audit Reporting Tool (BART). CHECK all IGNORE dirmtime /etc/security /etc/notices IGNORE contents /export/home IGNORE mtime size contents /var CHECK You are using BART to detect inappropriate changes to the file system. Identify the two correct statements describing the attributes recorded. A. /var/dhcp Attribute: size uid gid mode acl B. /etc/hosts Attributes: size uid gid mode acl intime dest C. /var/spool/mqueue Attribute: size uid gid mode acl dirmtime D. /etc/security/exec_attr Attribute: size uid mode acl mtime devnode E. /export/home/kate/.profile Attributes: uid gid mode acl dirmtime F. /export/home/rick/.profile Attributes: size uid gid mode acl mtime contents Answer: D,F Explanation: D: According to line /etc/security F: According to line /export/home Not E: According to line IGNORE dirmtime Note: In default mode, the bart compare command, as shown in the following example, checks all the files installed on the system, with the exception of modified directory timestamps (dirmtime): CHECK all IGNORE dirmtime Note 2: The Basic Audit Reporting Tool (BART) feature of Oracle Solaris enables you to comprehensively validate systems by performing file-level checks of a system over time. By creating BART manifests, you can easily and reliably gather information about the components of the software stack that is installed on deployed systems. BART is a useful tool for integrity management on one system or on a network of systems. NO.235 You are executing this command in the default shell: sleep 5000 & The system displays a number. This value is______. A. the priority of the /usr/bin/sleep process B. the process ID of the /usr/bin/sleep process C. the process ID of the shell spawned to execute /usr/bin/sleep D. the process group ID that includes the /usr/bin/sleep process E. the amount of memory allocated to the /usr/bin/sleep process F. the current number of instances of the /usr/bin/sleep process Answer: C Explanation: 122 IT Certification Guaranteed, The Easy Way! If a command is terminated by the control operator '&', the shell executes the command asynchronously in a subshell. This is known as executing the command in the background. The shell does not wait for the command to finish, and the return status is 0 (true). NO.236 You wish to edit your crontab file that is located in /var/spool/cron/crontab. What command must you enter to edit this file? A. crontab -e B. crontab -e /var/spool/cron/crontab C. crontab -r D. crontab -e /etc/default/cron Answer: A Explanation: The main tool for setting up cron jobs is the crontab command, though this is not available on every Unix variant. Typically under Solaris or Linux one would create a new crontab or edit an existing one, using the command; crontab -e Use the ls -l command to verify the contents of the/var/spool/cron/crontabs file. NO.237 You notice that the /var/.dm/messages file has become very large. Typically, this is managed by a crontab entry. Which entry should be in the root's crontab file? A. 10 3 * * * /usr/adm/messages B. 10 3 * * * /usr/sbin/logadm C. 10 3 * * * /usr/sbin/syslogrotate D. 10 3 * * * /usi/sbin/logrotate E. 10 3 * * * /usr/sbin/messages Answer: B Explanation: This example shows how to display the default root crontab file. $ suPassword: # crontab -l # ident "@(#)root 1.19 98/07/06 SMI" /* SVr4.0 1.1.3.1 */ # # The root crontab should be used to perform accounting data collection. # # 1 0 3 * * * /usr/sbin/logadm 1 5 3 * * 0 /usr/lib/fs/nfs/nfsfind 3 0 3 * * * [ -x /usr/lib/gss/gsscred_clean ] && /usr/lib/gss/gsscred_clean # 10 3 * * * /usr/lib/krb5/kprop_script ___slave_kdcs___ NO.238 Review the boot environments displayed on your system: 123 IT Certification Guaranteed, The Easy Way! Which option describes the solaris-1 BE? A. It is active on the next reboot. B. It is active now. C. It is inactive. D. It is unbootable. E. It is active now and on reboot. F. It has been removed and will no longer be available after the next reboot. Answer: E Explanation: In the below output, NR (now running) means the BE is active now and will be the active BE on reboot. Example: Display your existing BE information. # beadm list BE Active Mountpoint Space Policy Created -- ------ ---------- ----- ------ ------solaris NR / 12.24G static 2011-10-04 09:42 NO.239 The current ZFS configuration on your server is: pool1 124K 3.91G 32K /pool1 pool1/data 31K 3.91G 31K /data You need to create a new file system named /data2. /data2 will be a copy of the /data file system. You need to conserve disk space on this server whenever possible. Which option should you choose to create /data2, which will be a read writeable copy of the /data file system, while minimizing the amount of total disk space used in pool1? A. zfs set mountpoint=/data2 compression=on pool1/data2 B. zfs snapshot pool1/data@nowzfs set mountpoint=/data2, comptession=on pool1/data@now C. zfs create snapshot pool1/data@nowzfs send pool1/data@now | zfs recv pool1/data2 D. zfs create snapshot pool1/data@nowzfs clone -o mountpoint=/data2 pool1/data@now pool1/data2 E. zfs snapshot pool1/data@nowzfs clone -o mountpoint=/data2 -ocompression=on pool1/data@now pool1/data2 F. zfs snapshot pool1/data@nowzfs clone -o mountpoint=/data2 pool1/data@now pool1/data2 Answer: E Explanation: zfs snapshot [-r] [-o property=value] ... filesystem@snapname|volume@snapname Creates a snapshot with the given name. All previous modifications by successful system calls to the file system are part of the snapshot zfs clone [-p] [-o property=value] ... snapshot filesystem|volume Creates a clone of the given snapshot. Note: Because snapshots are fast and low overhead, they can be used extensively without great concern for system performance or disk use . With ZFS you can not only create snapshot but create a clone of a snapshot. A clone is a writable volume or file system whose initial contents are the same as the dataset from which it was created. As with snapshots, creating a clone is nearly instantaneous, and initially 124 IT Certification Guaranteed, The Easy Way! consumes no additional disk space. In addition, you can snapshot a clone. A clone is a writable volume or file system whose initial contents are the same as the original dataset. As with snapshots, creating a clone is nearly instantaneous, and initially consumes no additional space. Clones can only be created from a snapshot. When a snapshot is cloned, it creates an implicit dependency between the parent and child. NO.240 Which network protocol is responsible for routing packets from one network to another? A. TCP B. UDP C. IP D. ICMP E. Ethernet Answer: C Explanation: The Internet Protocol (IP) is the principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. NO.241 You attempted to reboot a system via the init command, however the system did not perform boot sequence into the Oracle Solaris Operating Environment. You are presented with a prompt from the OpenBoot PROM. Which command would you enter, to boot the system from the default device? A. boot -net install B. boot C. boot -default D. boot -s0 Answer: B Explanation: Boot With this form, boot loads and executes the program specified by the default boot arguments from the default boot device Note: boot has the following general format: boot [device-specifier] [arguments] where device-specifier and arguments are optional. NO.242 Your server has one zone named dbzone (hat has been configured, but not yet installed). Which command would you use to view all the options that were used to configure this zone? A. zoneadm list -icv dbzone B. zones tat -c summary dbzone C. zonecfg -z dbzone info D. zonecfg -icv dbzone info Answer: C Explanation: zonecfg info 125 IT Certification Guaranteed, The Easy Way! Display information about the current configuration. If resource-type is specified, displays only information about resources of the relevant type. If any property-name value pairs are specified, displays only information about resources meeting the given criteria. In the resource scope, any arguments are ignored, and info displays information about the resource which is currently being added or modified. Note: zonecfg -z zonename. Specify the name of a zone. Zone names are case sensitive. Zone names must begin with an alphanumeric character and can contain alphanumeric characters, the underscore (_) the hyphen (-), and the dot (.). The name global and all names beginning with SUNW are reserved and cannot be used. Incorrect answer: A: The zoneadm utility is used to administer system zones. A zone is an application container that is maintained by the operating system runtime. list option: Display the name of the current zones, or the specified zone if indicated. B: No such command. D: no such options zonecfg -icv NO.243 Which two accurately identify features of a Solaris 10 branded zone? A. executes in a Solaris 10 global zone B. is created by importing a Solaris 10 flash archive C. enables Linux binary applications to run unmodified D. provides a complete runtime environment for Solaris 9 applications E. allows a Solaris 10 global zone to be migrated into a Solaris 10 non-global zone on a Solaris 11 system Answer: B,E Explanation: B: It can be created by importing a Solaris 10 flash archive. You can use the Oracle Solaris Flash archiving tools to create an image of an installed system that can be migrated into a zone. The system can be fully configured with all of the software that will be run in the zone before the image is created. This image is then used by the installer when the zone is installed. Note: You can use alternate methods for creating the archive. The installer can accept the following archive formats: * cpio archives * gzip compressed cpio archives * bzip2 compressed cpio archives * pax archives created with the -x xustar (XUSTAR) format A ufsdump level zero (full) backups Note: Branded zones that run an environment different that the OS release on the system * The lx branded zone introduced in the Solaris 10 8/07 release provides a Linux environment for your applications and runs on x86 and x64 machines on the Oracle Solaris 10 OS. * The solaris8 and solaris9 branded zones enable you to migrate an Oracle Solaris 8 or Oracle Solaris 126 IT Certification Guaranteed, The Easy Way! 9 system to an Oracle Solaris 8 or Oracle Solaris 9 Container on a host running the Oracle Solaris 10 8/07 Operating System or later Oracle Solaris 10 release. * The Oracle Solaris 10 Container brand is available in OpenSolaris build 127. These branded zones host Oracle Solaris 10 user environments. Note: One of the powerful features of Solaris 11 is the ability to run a Solaris 10 environment in a zone. Solaris 10 allows you to run Solaris 8 and 9 environments in zones, but only on SPARC. NO.244 A change in your company's security policy now requires an audit trial of all administrators assuming the sysadm role, capturing: There are two command necessary to accomplish this change. One is a rolemod command. What is the other? A. auditconfig -setpolicy +argv B. auditconfig -setflags lo, ex sysadm C. auditconfig set policy=argv D. auditconfig set flags=lo, ex sysadm Answer: A NO.245 Which statement is correct about shudown and init commands? A. The shutdown command brings the system to the single-user milestone by default. The init command must be used to shut the system down to run level 0. B. The shutdown command performs a clean shutdown of all services whereas init does not. C. The shutdown command accepts SMF milestones, init stages, or run levels as arguments whereas init accepts only init stages or run levels as arguments. D. shutdown broadcasts one or more periodic shutdown warning messages to all logged-in users whereas init issues none. Answer: D 127