[Free] 2018(Jan) EnsurePass Testking Oracle 1z0-881 Dumps with VCE and PDF 21-30

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Oracle Official New Released 1z0-881
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/1z0-881.html

Oracle Solaris 10 Security Administrator Certified Expert Exam

Question No: 21 – (Topic 1)

A security administator has a requirement to make an encrypted backup copy of an application and its data, using the AES algorithm, so that it can be safely transmitted to a partner. Which two command sequences can be used to generate an encrypted backup of the files under /app1? (Choose two.)

  1. crypt lt; /app1/* gt; app1.backup.aes

  2. encrypt -a aes -d /app1 -o app1.backup.aes

  3. tar cf – /app1 | gzip -d -e aes gt; app1.backup.aes

  4. ufsdump 0f – /app1 |\ crypt -a aes gt; app1.backup.aes

  5. ufsdump 0f – /app1 |\ encrypt -a aes -o app1.backup.aes

  6. tar cf – /app1 |\ openssl enc -out app1.backup.aes -aes-128-cbc

Answer: E,F

Question No: 22 – (Topic 1)

A cryptographically signed patch provides system administrators with assurance that the patch possesses certain qualities. Which two qualities are assured when a patch signature

is verified? (Choose two.)

  1. The patch has a verified origin.

  2. The patch has NOT been modified since it was signed.

  3. The patch was created by a Sun Certified Systems Engineer.

  4. The contents of the patch have NOT been revealed to anyone who does NOT have a Sun service plan.

Answer: A,B

Question No: 23 – (Topic 1)

A security administrator has a requirement to help configure and deploy a new server. What are two security tasks that the security administrator should perform? (Choose two.)

  1. Configure the server to use LDAP for authentication.

  2. Configure network interfaces and routing information.

  3. Install a DTrace probe to capture the use of privileges.

  4. Disable any network services that are NOT being used.

  5. Apply software patches to correct security vulnerabilities.

Answer: D,E

Question No: 24 – (Topic 1)

Due to changes to the security policy of your organization, access restriction must be applied to systems. The changes specify that access to systems through the ftp protocol is NOT allowed according to the Human Resources department, which has the 10.10.10.0/24 address space assigned. TCP wrappers have been enabled for the ftp daemon, and these files have been configured: # cat /etc/hosts.allow in.ftpd: ALL # cat /etc/hosts.deny in.ftpd: 10.10.10.0/24 Despite the implemented configuration, Human Resources is still able to access systems through the ftp protocol. What action must be taken?

  1. The ftp daemon must be restarted.

  2. The inetd daemon must be restarted.

  3. The entry in the hosts.deny file is wrong and must be changed.

  4. The entry in the hosts.allow file is wrong and must be changed.

Answer: D

Question No: 25 – (Topic 1)

Packet filters and firewalls are an important component of any defense-in-depth security strategy. Which two types of threats can IP Filter be deployed as an effective countermeasure against? (Choose two.)

  1. a Christmas Tree scan

  2. an attempt to log in to a system using SSH by an unauthorized user

  3. an attempt to exploit a SQL injection vulnerability in a web storefront application

  4. an attempt to exploit a buffer overflow vulnerability in rpcbind, originating from a host on an authorized network

  5. an attempt to exploit a buffer overflow vulnerability in rpcbind, originating from a host on an unauthorized network

Answer: A,E

Question No: 26 – (Topic 1)

An Internet service provider is offering shell accounts on their systems. As a special service, customers can also apply for a root account to get their own virtual machine. The provider has implemented this by using zones, and the customers get root access to the non-global zone. One of their customers is developing cryptographic software and is using the ISP machine for testing newly developed Solaris crypto providers. What kind of testing is available to this developer?

  1. The developer is able to test newly developed user-level providers.

  2. The developer is able to test newly developed kernel software providers.

  3. The developer can NOT test newly developed providers in a non-global zone.

  4. The developer is able to do the same tests as if developing as root in the global zone.

Answer: A

Question No: 27 – (Topic 1)

A security administrator is required to periodically validate binaries against the Solaris Fingerprint Database. While attempting to capture MD5 file signatures for key Solaris OS files, the security administrator encounters the following error: digest: no cryptographic provider was found for this algorithm – md5 What command should the administrator use to help determine the cause of the problem?

  1. crypt

  2. digest

  3. kcfadm

  4. openssl

  5. cryptoadm

Answer: E

Question No: 28 – (Topic 1)

Your company is running a DNS test server on the internal network. Access to this server must be blocked by using IP Filter. The administrator prefers that this access control is not obvious to someone trying to contact the server from the outside. Which rule implements the access control but hides the use of IP Filter to the outside?

  1. pass in quick on eri0 from 192.168.0.0/24 to any

  2. block in quick proto udp from any to any port = 53

  3. pass out quick on eri0 proto icmp from 192.168.1.2 to any keep state

  4. block return-icmp(port-unr) in proto udp from any to 192.168.1.2 port = 53

Answer: D

Question No: 29 – (Topic 1)

Which option is used in /etc/vfstab to limit the size of a tmpfs file system to 512MB to prevent a memory denial of service (DoS)?

  1. size=512m

  2. maxsize=512

  3. minsize=512

  4. swapfs=512mb

Answer: A

Question No: 30 – (Topic 1)

The Key Distribution Center (KDC) is a central part of the Kerberos authentication system. How should the system running the KDC be configured?

  1. It should be a hardened, minimized system.

  2. It should be a hardened, non-networked system.

  3. The KDC implementation employs cryptography and can therefore run securely on an ordinary multi-user system.

  4. For improved security, users must log in to the KDC before authenticating themselves, so it must be a multiuser system.

Answer: A

100% Ensurepass Free Download!
Download Free Demo:1z0-881 Demo PDF
100% Ensurepass Free Guaranteed!
1z0-881 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.