Oracle Solaris 11 System Administration
Question No: 121 – (Topic 2)
alice is a user account used by Alice on a Solaris 11 system. sadmin is a role account on the same system.
Your task is to add the command /usr/sbin/cryptoadm to the Network management profile,so that Alice can execute it,while assuming the sadmin role.
Select the three activities necessary to accomplish this.
To the file /etc/security/prof_attr,add the line: Network Management: solaris:cmd:RO::/usr/sbin/cryptoadm:euid=0
To the file /etc/security/auth_attr,add the line:Network Management: solaris:cmd:RO::/usr/sbin/cryptoadm:euid=0
To the file /etc/security/exec_attr.d/local-entriies,add the line:Network Management: solaris:cmd:RO::/usr/sbin/cryptoadm:euid=0
Run the roles alice to ensure that alice may assume the role sadmin.
Run the command profiles sadmin to ensure that the role sadmin includes the network Management profile.
Run the command profiles alice to ensure that the Alice has permissions to access the Network management profile.
Run the command profiles “Network management” to ensure that the Network management profile includes the sadmin role.
Answer: C,D,G Explanation:
C: /etc/security/exec_attr is a local database that specifies the execution attributes associated with profiles. The exec_attr file can be used with other sources for execution profiles,including the exec_attr NIS map and NIS table.
A profile is a logical grouping of authorizations and com- mands that is interpreted by a profile shell to form a secure execution environment.
Question No: 122 – (Topic 2)
You want to deploy Oracle Solaris 11 with the Automated Installer (AI). You need to make sure that your server and network meet the requirements for using AI.
Choose the three options that describe the requirements for using AI.
You can create only one manifest per install service. If you need more than one manifest create multiple install services.
If two client machines have different architectures and need to be installed with the same version of the Oracle Solaris 11 OS,then create two AI manifests and a single install service.
You need a separate install service for each different client architecture that you plan to
install,and for each different version of the Oracle Solaris 11 OS that you plan to install on client systems.
If two client machines have different architectures and need to be installed with different versions of the Oracle Solaris 11 OS,then create two AI manifests and two install services.
The install server needs to be able to access an Oracle Solaris Image Packaging System (IPS) software package repository; the clients do not.
The install server can be either an x86 machine or a SPARC machine.
Answer: B,E,F Explanation:
B (not A,not D,Not C): If two client machines need to be installed with the same version of the Oracle Solaris 11 OS but
need to be installed differently in other ways,then create two AI manifests for the AI install service. The different AI manifests can specify different packages to install or a different slice as
the install target,for example.
Note: An AI manifest provides installation instructions.
The AI manifest specifies one or more IPS package repositories where the client retrieves the
packages needed to complete the installation. The AI manifest also includes the names of additional packages to install and information such as target installation device and partition
F: The install server can be either an x86 machine or a SPARC machine.
Question No: 123 – (Topic 2)
Which two are user definable OpenBoot parameters that can be set in the OpenBoot PROM?
IP address for the system console
System date and time
Default boot device
Verbose hardware diagnostics
Powering off the hardware
Answer: D,E Explanation:
The NVRAM chip stores user-definable system parameters,also referred to as NVRAM variables or EEPROM parameters. The parameters allow administrators to control variables such as the default boot device and boot command. The NVRAM also contains writeable areas for user-controlled diagnostics,macros,and device aliases. NVRAM is where the system identification information is stored,such as the host ID,Ethernet address,and time-of-day (TOD) clock.
Examples of NVRAM variables:
Variable Default Description boot-device disk or net The device from which to start up.
diag-device net The diagnostic startup source device.
diag-file Empty string Arguments passed to the startup program in diagnostic mode. diag-switch? false Whether to run in diagnostic mode
Question No: 124 – (Topic 2)
Review the non-global zone configuration displayed below:
The global zone has 1024 MB of physical memory. You need to limit the non-global zone so that it uses no more than 500 MB of the global zone#39;s physical memory. Which option would you choose?
Answer: C Explanation:
Add a memory cap.
zonecfg:my-zonegt; add capped-memory
Set the memory cap.
zonecfg:my-zone:capped-memorygt; set physical=50m
End the memory cap specification. zonecfg:my-zone:capped-memorygt; end
Question No: 125 – (Topic 2)
View the Exhibit and review the zpool and ZFS configuration information from your system.
Identify the correct procedure for breaking the /prod_data mirror,removing c4t0d0 and c4t2d0,and making the data on c4t0d0and c4t2d0 accessible under the dev_data mount point.
zpool split pool1 pool2 c4t0d0 c4t2d0zpool import pool2zfs set mountpoint = /dev_data pool2/prod_data
zpool detach pool1 pool2zpool attach pool2zfs set mountpoint=/dev_data pool2/prod_data
zpool split pool1/prod_data -n pool2/dev_datazfs set mountpoint = /dev_data pool2/prod_data
zpool split pool1 pool2 c4t0d0 c4t2d0zpool import pool2
Answer: D Explanation:
In this Solaris release,you can use the zpool split command to split a mirrored storage pool,which detaches a disk or disks in the original mirrored pool to create another identical pool.
After the split operation,import the new pool.
Question No: 126 – (Topic 2)
Your server has a ZFS storage pool that is configured as follows:
The server has two spate 140-GB disk drives: c3t5d0 c3t6d0 Which command would add redundancy to the pool1 storage pool?
zpool attach pool1 c3t5d0 c3t6d0
zpool attach pool1 c3t3d0 c3c5d0; zpoo1 attach pool1 c3t4d0 c3t6d0
zpool mirror pool1 c3t5d0 c3t6d0
zpool add pool1 mirror c3t5d0 c3t6d0
zpool add raidz pool1 c3t5d0 c3t6d0
Answer: A Explanation:
You can convert a non-redundant storage pool into a redundant storage pool by using the zpool attach command.
Note: zpool attach [-f] pool device new_device
Attaches new_device to an existing zpool device. The existing device cannot be part of a raidz configuration. If device is not currently part of a mirrored configuration,device automatically
transforms into a two-way mirror of device and new_device. If device is part of a two-way mirror,attaching new_device creates a three-way mirror,and so on. In either case,new_device begins to resilver immediately.
Question No: 127 – (Topic 2)
Review the boot environment information displayed on your system:
Which two options accurately describe the newBE boot environment?
It cannot be destroyed.
It cannot be activated.
It cannot be renamed.
You can create a snapshot of it.
It is activated but unbootable.
It has been deleted and will be removed at the next reboot.
Answer: B,C Explanation:
If the boot environment is unbootable,it is marked with an exclamation point (!) in the Active column in the beadm list output.
The beadm command restricts actions on unbootable boot environments as follows: You cannot activate an unbootable boot environment. (B)
You cannot destroy a boot environment that is both unbootable and marked as active on reboot.
You cannot create a snapshot of an unbootable boot environment.
You cannot use an unbootable boot environment or boot environment snapshot with the -e option of beadm create.
You cannot rename an unbootable boot environment. (C)
Question No: 128 – (Topic 2)
You want to configure an iSCSI target device on your system.
Select the group package required to install this functionality on your system.
Answer: A Explanation:
How to Create an iSCSI LUN
The disk volume provided by the server is referred to as the target. When the LUN is associated with an iSCSI target,it can be accessed by an iSCSI initiator.
The following tasks are completed on the system that is providing the storage device.
Install the COMSTAR storage server software. target# pkg install storage-server
Question No: 129 – (Topic 2)
A local repository is available on this system and you need to enable clients to access this repository via HTTP. The repository information is:
Identify two of the steps that are required to make the local repository on this server available to the client via HTTP.
On the server: set the pkg/inst_root and pkg/readonly properties for the svc:/application/pkg/server:default service and enabled the service
On the server: set the sharefs property on the ZFS file system containing the IPS repository.
On the client: reset the origin for the solaris publisher.
On the client: set the pkg/inst_root and pkg/readonly properties for the svc:/application/server:default service enable the service.
On the client: start the pkg.depotd process.
Answer: A,E Explanation:
A: Configure the Repository Server Service
To enable clients to access the local repository via HTTP,enable the application/pkg/server Service Management Facility (SMF) service.
# svccfg -s application/pkg/server setprop pkg/inst_root=/export/repoSolaris11
# svccfg -s application/pkg/server setprop pkg/readonly=true
E: Use pkg.depotd to serve the repository to clients. Start the Repository Service
Restart the pkg.depotd repository service.
# svcadm refresh application/pkg/server
# svcadm enable application/pkg/server
To check whether the repository server is working,open a browser window on the localhost location.
Question No: 130 – (Topic 2)
You have edited /etc/profile to include the lines: dennis_says=hello
You have also edited /etc/skel/local.profile to include the line: dennis_says=world
You now create a new user account brian,and specify use of the bash shell. When brian logs in and enters
What will he see,and why?
world,because the local.profile entry will be executed last
hello,because the global /etc/profile entry overrides the local.profile entry
hello,because the local.profile entry is not automatically sourced on login
hello,because the value specified in local.profile was not exported
nothing,because the variable was not exported in local.profile
Answer: A Explanation:
The $HOME/.profile file is an initialization file that is executed after the /etc/profile when logging in to the Bourne or Korn shell. The file contains user preferences for variable settings. If the ENV variable is set to .kshrc,the .kshrc file executes every time a new shell begins execution. The $HOME/.profile is copied from the /etc/skel/local.profile file by the Administration Tool when creating a new account.
Per-system configuration file for sh/ksh/ksh93/bash login sessions, installed for new users
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|