Oracle Solaris 11 Advanced System Administration
Question No: 51
You are creating a native Oracle Solaris zone that will be called zd1. The zone must have a virtual network interface configured. You use the following command to create the zone configuration:
# zonecfg -z zd1 zonecfg:zd1gt; create
What is the minimum specification required to complete the configuration before the exit command is issued?
A zonepath must be set.
An anet resource must be added.
No other configuration parameters need to be set.
Both an anet configuration and a zonepath must be set.
Answer: A Explanation: * Example:
root@solaris:~# zonecfg -z zd1
Use #39;create#39; to begin configuring a new zone. zonecfg:zd1gt; create
create: Using system default template #39;SYSdefault#39; zonecfg:zd1gt; exit
zonepath cannot be empty.
Zone zd1 failed to verify
zd1: Required resource missing Configuration not saved; really quit (y/[n])? n zonecfg:zd1gt; verify
zonepath cannot be empty. zd1: Required resource missing
zonecfg:zd1gt; set zonepath=/zones/zd1 zonecfg:zd1gt; exit
Automatic network interface.
The anet resource represents the automatic creation of a network resource for an exclusive-IP zone.
Question No: 52
What are targets for IPMP probe-based failure detection configured by?
responses to SNMP requests
specifying host routes in the routing table
specifying hosts in /etc/default/mpathd
setting the property svc:/network/ipmp/config/transitive-probing
Explanation: How to Manually Specify Target Systems for Probe-Based Failure Detection
Add a route to a particular host to be used as a target in probe-based failure detection.
$ route -p add -host destination-IP gateway-IP -static
where destination-IP and gateway-IP are IPv4 addresses of the host to be used as a target. For example, you would type the following to specify the target system 192.168.10.137, which is on the same subnet as the interfaces in IPMP group itops0:
$ route -p add -host 192.168.10.137 192.168.10.137 -static
This new route will be automatically configured every time the system is restarted. If you want to define only a temporary route to a target system for probe-based failure detection, then do not use the -p option.
Add routes to additional hosts on the network to be used as target systems.
Question No: 53
What is the effect of configuring privileges via the zonecfg utility?
It forces every /one process to run with the same privileges.
It restricts zone processes to the inherited set of zsched#39;s privileges.
It restricts zone processes to the inherited set of zoneadmd#39;s privileges.
It removes some privileges that are normally available in the zone.
It can add some new privileges to or exclude some default privileges from the zone.
Answer: A,E Explanation:
Adding privileges must be performed the global zone administrator by using zonecfg(1M). While adding this functionality, we also added the ability to remove privileges from a zone#39;s limit set.
Question No: 54
Consider the following command and output:
user$ newtask -v -p canada 38
Identify the output.
the task ID for the project canada
the project ID for the project canada
the task ID for the shell
the task ID for all jobs already running in the shell
Explanation: Example 1: Creating a New Shell
The following example creates a new shell in the canada pro- ject, displaying the task id:
example$ id -p
uid=565(gh) gid=10(staff) projid=10(default) example$ newtask -v -p canada
Question No: 55
Which scheduling class cannot be assigned to a zone?
Explanation: Scheduling classes provide different CPU access characteristics to threads that are based on algorithmic logic. The scheduling classes include:
Realtime scheduling class (RT) (not a) Interactive scheduling class (IA)
Fixed priority scheduling class (FX) (not b) Timesharing scheduling class (TS) (not c) Fair share scheduling class (FSS) (not E)
Question No: 56
Consider the following command:
zonestat -q -r physical-memory -R high -z dbzone -p -P “zones” 10 24h 60m What data will this command report?
The dbzone’s physical memory usage every hour for a day, displaying the 10 higher
usage intervals for each hour.
All the dbzone’s resource usage, excluding physical memory, 10 times an hour for a day.
The dbzone’s CPU, virtual memory, and networking utilization every hour for a day, displaying top 10 usage intervals.
The dbzone’s memory and CPU utilization every 10 seconds for a day, displaying peak usage each hour.
The dbzone’s physical memory usage every 10 seconds for a day. displaying peak usage each hour.
Explanation: * Example 1:
man zonestat -q Quiet mode. Only print summary reports (requires the -R option). All interval reports are omitted. -r resource[,resource] Specify resource types on which to report. The available resources are: physical-memory, virtual- memory, locked- memory, processor-set, processes, lwps, shm-memory,
shm-ids, sem-ids, msg-ids, lofi, and network. summary A summary of cpu, physical-memory, vir- tual memory, and network usage.
Example 2 :
The following command monitors silently at a 10 second interval for 24 hours, producing a total and high report every 1 hour:
# zonestat -q -R total,high 10s 24h 1h
Question No: 57
Which two actions permit the system-log service to receive messages from a remote Solaris host?
setting the property config/log_from_remote to true and restarting the service
setting the property config/log_from_remote to *.noticoand restart the service
configuring a selector for remote messages in the /etc/syslog.conf file
ensuring that port 514 is open to remote traffic and doesn#39;t require a password
Explanation: A: To restart remote logging:
svccfg -s system-log setprop config/log_from_remote=true svcadm restart system-log
D: You can run #39;snoop#39; on the interface to see if you see syslog packets leaving the server snoop udp port 514
Question No: 58
Consider the following:
root@scolll-server:~# pkg publisher PUBLISHER TYPE STATUS URI
solaris origin online https://pkg.oracle.com/solaris/support/
What does quot;originquot; in the TYPE column say about the package repository?
It originates from oracle.com.
It contains all of the package metadata.
It supports packages for a single publisher.
It has been configured as the default publisher.
It contains only package content.
Question No: 59
The http://pkg.oracle.com/solaris/release publisher is available on this server. A new repository has been created in the /export/sllReaseRepo file system and you want to add the gzip package to this repository. Which is a valid method for adding the gzip package to
the /export/sllReleaseRepo repository?
pkgrecv -s http://pkg.oracle.com/solaris/release -d /export/sllReleaseRepo gzip
pkgrecv -s /export/sllReleaseRepo -d http://pkg.oracle.com/solaris/release gzip
pkgrecv -s pkgrecv -d /export/sllReleaseRepo gzip
rsync -aP http://pkg.oracle.com/solaris/release -d /export/sllReleaseRepo gzip
Answer: A Explanation: * pkgrecv
Image Packaging System content retrieval utility
pkgrecv allows the user to retrieve packages from a pkg repository or package archive. pkgrecv can also optionally republish the retrieved packages to a different package repository or archive them.
A URI representing the location of a pkg repository or package archive from which to receive package data.
The file system path or URI of the target to republish packages to. If -a is specified, the target is a new package archive that cannot already exist. Otherwise, the target must be a package repository that already exists. New repositories can be created using pkgrepo(1).
Question No: 60
Within the file /etc/security/exec_attr.d/core-os, the following line is found:
Network Management:solaris:cmd:RO::/usr/sbin/dladm:euid=dladm;egid=netadm;\privs=sys_dl_conf ig,net_rawaccess,proc_audit
To assume which of the following can a user using the su command execute dladm with full privileges?
the net_rawacess role
the sys_dl_config profile
the Network Management role
a role that includes the sys_dl_config profile
a role that includes the Network Management profile
Answer: C Explanation: Note:
(not A, not B, not D) The privs key contains a comma-separated list of privilege numbers that will be effective when the command or action is run.
euid and uid contain a single user name or a numeric user ID. Commands designated with euid run with the effective UID indicated, which is similar to setting the setuid bit on an executable file. Commands designated with uid run with both the real and effective UIDs. Setting uid may be more appropriate than setting the euid on privileged shell scripts.
egid and gid contain a single group name or a numeric group ID. Commands designated with egid run with the effective GID indicated, which is similar to setting the setgid bit on a file. Commands designated with gid run with both the real and effective GIDs. Setting gid may be more appropriate than setting guid on privileged shell scripts.
/etc/security/exec_attr is a local database that specifies the execution attributes associated with profiles.
Locally added entries. Make sure that the shipped header remains intact.
Entries added by package installation.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|