[Free] 2019(Nov) EnsurePass Oracle 1z0-820 Dumps with VCE and PDF 11-20

Get Full Version of the Exam

Question No.11

View the Exhibit, and review the zpool and ZFS configuration information from your system. The application development team requested an up-to-date copy of the data from the /prod_data file system. You decide to give the team one of the disk drives containing the data by breaking the mirror, removing the disk c4t1d0 and mounting c4t1 dO under a new mount point named

/dev_data. Identify the correct procedure for breaking the mirror, removing c4t1d0. and making the data on that drive accessible under the /dev_data mount point.


  1. zfs destroy pooh /prod_data

    zfs create pool1/prod_data c4t1d0 zfs create pool1/dev_data c4t1d0

  2. zfssplitpool1/prod_data

    zfs mount -F zfs pool1/dev_data c4t1d0

  3. zpool split pooll pool2 zpool import pool2

    zfs set mountpoint=/dev_data pool2/prod_data

  4. zpool split pool1/prod_data -n pool2/dev_data

zpool import -o mountpoint=/dev_data pool2/dev_data 3 e zfs split pool1/prod_data -n pool2/dev_data

zfs set mountpoint=/dev_data pool2/dev_data

Correct Answer: C

Question No.12

United States of America export laws include restrictions on cryptography. Identify the two methods with which these restrictions are accommodated in the Oracle Solaris 11 Cryptographic Framework.

  1. Corporations must utilize signed X.509 v3 certificates.

  2. A third-party provider object must be signed with a certificate issued by Oracle.

  3. Loadable kernel software modules must register using the Cryptographic Framework SPI.

  4. Third-party providers must utilize X.509 v3 certificates signed by trusted Root Certification


  5. Systems destined for embargoed countries utilize loadable kernel software modules that restrict encryption to 64 bit keys.

Correct Answer: BC


B: Binary Signatures for Third-Party Software

The elfsign command provides a means to sign providers to be used with the Oracle Solaris Cryptographic Framework. Typically, this command is run by the developer of a provider.

The elfsign command has subcommands to request a certificate from Sun and to sign binaries. Another subcommand verifies the signature. Unsigned binaries cannot be used by the Oracle Solaris Cryptographic Framework. To sign one or more providers requires the certificate from Sun and the private key that was used to request the certificate.

C: Export law in the United States requires that the use of open cryptographic interfaces be restricted. The Oracle Solaris Cryptographic Framework satisfies the current law by requiring that kernel cryptographic providers and PKCS #11 cryptographic providers be signed.


System Administration Guide: Security Services, Oracle Solaris Cryptographic Framework

Question No.13

You display the IP Interface information with ipmpstat – i. Which two characteristics are indicated by characters that may be included in the FLAGS column?

  1. default route

  2. IP forwarding enabled

  3. allocated to global zone

  4. unusable due to being inactive

  5. nominated to send/receive IPv4 multicast for its IPMP group

Correct Answer: DE


The ipmpstat command concisely displays information about the IPMP subsystem. It supports five different output modes, each of which provides a different view of the IPMP subsystem (address, group, interface, probe, and target), described below. i

Display IP interface information (quot;interfacequot; output mode).

Interface Mode

Interface mode displays the state of all IP interfaces that are tracked by in.mpathd on the system. The following output field is one of the supported:


Assorted information about the IP interface: i

  1. Unusable due to being INACTIVE. s

    Marked STANDBY. m

  2. Nominated to send/receive IPv4 multicast for its IPMP group. b

Nominated to send/receive IPv4 broadcast for its IPMP group. M

Nominated to send/receive IPv6 multicast for its IPMP group. d

Unusable due to being down. h

Unusable due to being brought OFFLINE by in.mpathd because of a duplicate hardware address. Reference: man ipmpstat

Question No.14

When setting up Automated Installer (Al) clients, an interactive tool can be used to generate a custom system configuration profile. The profile will specify the time zone, date and time, user and root accounts, and name services used for an Al client installation. This interactive tool will prompt you to enter the client information and an SC profile (XML file) will be created. Which interactive tool can be used to generate this custom configuration?

  1. sys-unconfig

  2. installadm set-criteria

  3. sysconfig create-profile

  4. installadm create-profile

Correct Answer: C

Question No.15

A non-global zone named testzone is currently running. Which option would you choose to dynamically set the CPU shares for the zone to two shares?

  1. While logged in to the global zone, enter: prctl -n zone.cpu-shares -v 2 -r -i zone testzone

  2. While logged in to the global zone, enter: zonecfg -z testzone add rctl set name=zone cpu-shares setvalue=(priv=privilegedJimit=2,action=none)

  3. While logged in to the global zone, enter: prctl -n 2 zone cpu-shares -i zone testzone

  4. While logged in to the global zone, enter: zonecfg -z testzone add rctl set name-zone cpu-shares set value=2

  5. While logged in to testzone, enter: prctl -n zone.cpu-shares -v 2 -r -i zone testzone

Correct Answer: D

Question No.16

When you issue the gzip command, the quot;gzip: command not foundquot; message is displayed. You need to install the gzip utility on your system. Which command would you use to check if the gzip utility is available from the default publisher for installation?

  1. pkg info|grep gzip

  2. pkg list SUNWgzip

  3. pkg contents gzip

  4. pkg search gzip

Correct Answer: D

Question No.17

You execute the command:

usermod -K limitpnv=all,\!file_wnte guest What is the result of this command?

  1. The guest account cannot write any files.

  2. The guest account can assume any role except the file_write role.

  3. Starting at next login, the guest account will be unable to write any files.

  4. The guest account cannot assume a role that includes file_write privileges.

  5. Unless the guest account assumes the limitpriv role, it cannot write any files

  6. An error message is displayed, indicating that quot;file_wntequot; is not a valid execution attribute

Correct Answer: C

Question No.18

A change in your company#39;s security policy now requires an audit trial of all administrators assuming the sysadm role, capturing:



Executed commands, including options Logins and logouts

There are two command necessary to accomplish this change. One is a rolemod command. What is the other?

  1. auditconfig set policy=argv

  2. auditconfig -setpolicy argv

  3. auditconfig -setflags lo, ex sysadm

  4. auditconfig set flags=lo, ex sysadm

Correct Answer: B


Audit Significant Events in Addition to Login/Logout (see step 2 below) Use this procedure to audit administrative commands, attempts to invade the system, and other significant events as specified by your site security policy.

Audit all uses of privileged commands by users and roles. For all users and roles, add the AUE_PFEXEC audit event to their preselection mask.

# usermod -K audit_flags=lo,ps:no username

# rolemod -K audit_flags=lo,ps:no rolename Record the arguments to audited commands.

# auditconfig -setpolicy argv

3- Record the environment in which audited commands are executed.

# auditconfig -setpolicy arge


[-t] -setpolicy [ |-]policy_flag[,policy_flag …] Set the kernel audit policy. A policy policy_flag is literal strings that denotes an audit policy. A prefix of adds the policies specified to the current audit policies. A prefix of – removes the policies specified from the current audit policies. No policies can be set from a local zone unless the perzone policy is first set from the global zone.


Oracle Solaris 11 Security Guidelines, Audit Significant Events in Addition to Login/Logout

Question No.19

Which modification needs to be made to the Service Management Facility before you publish a new package to the IPS repository?

  1. The pkg.depotd must be disabled.

  2. The pkg/readonly property for the application/pkg/server service must be set to false

  3. The pkg/writable_root property for the application/pkg/server service must be set to true.

  4. The pkg/image_root property for the application/pkg/server service must be set to the location of the repository.

Correct Answer: D Explanation: pkg/image_root

(astring) The path to the image whose file information will be used as a cache for file data. Reference: man pkg.depotd

Question No.20

Select the five tasks that need to be performed on the Automated Installer (AI) install server before setting up the client.

  1. Create a local IPS repository on the AI Install server and start the repository server service, the publisher origin to the repository file.

  2. Set up a IP address on the AI install server.

  3. The DHCP server must be enabled on the install server and must provide the DHCP service for the clients.

  4. DHCP must be available on the network for the Install server and the clients, but the install server does not need to be the DHCP server.

  5. Download the AI boot image. The image must be the same version as the Oracle Solaris OS that you plan to install on the client.

  6. Download the text install image into the IPS repository.

  7. Install the AI installation tools.

  8. Create the AI install service. Specify the path to the AI network boot image ISO file and the path where the AI net image ISO file should be unpacked.

  9. Create the AI install service. Specify the path to the AI network boot image ISO file and the path to the IPS repository.

Correct Answer: BDFGI


B: Configure the AI install server to use a static IP address and default route.

D: The create-service command can set up DHCP on the AI install server. If you want to set up a separate DHCP server or configure an existing DHCP server for use with AI. The DHCP server must be able to provide DNS information to the systems to be installed.

E: An automated installation of a client over the network consists of the following high-level steps:

  1. The client system boots over the network and gets its network configuration and the location of the install server from the DHCP server.

  2. The install server provides a boot image to the client.

  3. Characteristics of the client determine which installation instructions and which system configuration instructions are used to install the client.

  4. The Oracle Solaris 11 OS is installed on the client, pulling packages from the package repository specified by the installation instructions in the AI install service.

G: Install the AI tool set.

Use the installadm create-service command to create an AI install service. Give the service a

meaningful name, and specify the path where you want the service created. Specify the source of the network boot image (net image) package or ISO file.

installadm create-service [-n svcname] [-s FMRI_or_ISO] [-d imagepath]

d imagepath

The imagepath is the location of the new install service. The install-image/solaris-auto- install package is installed to this location, or the specified ISO file is expanded at this location.


Installing Oracle Solaris 11 Systems, Create an AI Install Service

Get Full Version of the Exam
1z0-820 Dumps
1z0-820 VCE and PDF