Oracle 1Z0-821 Online Practice Questions and Exam Preparation

Oracle 1Z0-821 Online Questions & Answers

• Question 1:

  Select two statements that correctly describe the capabilities of the Distribution Constructor.

  A. ISO images for use with the Automated Installer (AI) can be created.
  B. Bootable USB images can be created for SPARC and x86 architectures.
  C. A single installation server can be used to create ISO images for SPARC and x86 architectures.
  D. Checkpoints can be used to pause the build, allowing scripts to run that modify the resulting ISO Image.
  E. A single Installation server can be used to create ISO images for Solaris 10 and Solaris11 operating systems.
  A. ISO images for use with the Automated Installer (AI) can be created.
  D. Checkpoints can be used to pause the build, allowing scripts to run that modify the resulting ISO Image.

  ---

  explanation:

  A: You can use the distribution constructor to create the following types of Oracle Solaris images:

  *

  (A) x86 or SPARC ISO Image for Automated Installations

  *

  Oracle Solaris x86 live CD image

  *

  x86 or SPARC Oracle Solaris text installer image

  *

  x86 Oracle Solaris Virtual Machine

  Note: You can use the distribution constructor to build custom Oracle Solaris images. Then, you can use the images to install the Oracle Solaris software on individual systems or multiple systems. You can, also, use the distribution constructor to create Virtual Machine (VM) images that run the Oracle Solaris operating system.

  D: Checkpointing Options You can use the options provided in the distro_const command to stop and restart the build process at various stages in the image-generation process, in order to check and debug the image that is being built. This process of stopping and restarting during the build process is called checkpointing.

• Question 2:

  You have a user that needs to use the cron tool to schedule some repetitive tasks. When the user enters the crontab command in a terminal window, the following error appears: crontab: you are not authorized to use cron. Sorry In order to troubleshoot this issue, in what directory would you start your invest

  A. /etc/cron.d
  B. /var/spool/cron
  C. /var/spool/cron/crontable
  D. /var/spool/cron/atjobs
  A. /etc/cron.d

  ---

  explanation:

  crontab: you are not authorized to use cron. Sorry.

  This message means that either the user is not listed in the cron.allow file (if the file exists), or the user is listed in the cron.deny file.

  You can control access to the crontab command by using two files in the /etc/cron.d directory: cron.deny and cron.allow. These files permit only specified users to perform crontab command tasks such as creating, editing, displaying, or

  removing their own crontab files.

  The cron.deny and cron.allow files consist of a list of user names, one user name per line.

• Question 3:

  Which two options accurately describe the network characteristics of a zone?

  A. DHCP address assignment cannot be configured in a shared IP zone.
  B. Shared IP is the default type of network configuration.
  C. Exclusive IP is the default type of network configuration.
  D. By default, all IP addresses, netmasks, and routes are set by the global zone and cannot be altered in a non global zone.
  E. IPMP cannot be managed within the non-global zone.
  F. Commands such as snoop and dladm cannot be used on datalinks that are in use by a running zone.
  A. DHCP address assignment cannot be configured in a shared IP zone.
  B. Shared IP is the default type of network configuration.

  ---

  explanation:

  A: Non-global zones can not utilize DHCP (neither client nor server). B (not C): By default, non-global zones will be configured with a shared IP functionality. What this means is that IP layer configuration and state is shared between the zone

  you're creating and the global zone. This usually implies both zones being on the same IP subnet for each given NIC.

  Note: A zone is a virtual operating system abstraction that provides a protected environment in which applications run. The applications are protected from each other to provide software fault isolation. To ease the labor of managing multiple

  applications and their environments, they co-exist within one operating system instance, and are usually managed as one entity.

  The original operating environment, before any zones are created, is also called the "global zone" to distinguish it from non-global zones, The global zone is the operating system instance. Incorrect answer:

  E: Exclusive-IP zones can use IPMP. IPMP is configured the same way in an exclusive-IP zone as it is on a system not using zones.

  For shared-IP zones, IPMP can be configured in the global zone.

  F: Full IP-level functionality is available in an exclusive-IP zone.

  An exclusive-IP zone has its own IP-related state.

  An exclusive-IP zone is assigned its own set of data-links using the zonecfg command. The zone is given a data-link name such as xge0, e1000g1, or bge32001, using the physical property of the net resource. The address property of the net

  resource is not set.

  Note that the assigned data-link enables the snoop command to be used.

  The dladm command can be used with the show-linkprop subcommand to show the assignment of data-links to running exclusive-IP zones.

• Question 4:

  User1 is attempting to assist user2 with terminating user2's process 1234.

  User1 entered the following: kill -9 1234

  Why does the process continue to run?

  A. You can kill a process only if you are root.
  B. You can kill only a process that you own.
  C. You can kill the process only with the pkill command.
  D. You need to kill the process with a stronger kill signal.
  B. You can kill only a process that you own.

  ---

  explanation:

  Kill -9 Kill (terminates without cleanup) Only works if issued by process owner or super user (root) The program cannot respond to this signal; it must terminate

  Note: Unix provides security mechanisms to prevent unauthorized users from killing other processes. Essentially, for a process to send a signal to another, the owner of the signaling process must be the same as the owner of the receiving process or be the superuser.

• Question 5:

  You are setting up an automated installer (AI) install server and issue the following command:

  installadm create-service -n prod_ai -s /repo/prod_ai.iso \

  -i 192.168.1.100 -c 5 -d /export/repo

  Which four options describe the install server that you have configured?

  A. The service name is prod_ai.
  B. DHCP base IP address is 192.168.1.100
  C. The initial IP address for the install clients will be 192.168.1.100. This IP address is temporary. After the client is booted, it will use IP addresses in the following range: 192.168.1.101-105.
  D. Five IP addresses are allocated for DHCP clients, starting with 192.168.1.100.
  E. The Install server will support up to five clients.
  F. The AI net image ISO file is located in /repo/prod and the net image ISO will be unpacked in /export/repo.
  G. The AI net image ISO file is located in /repo/repo and is named /repo/prod/_ai.iso.
  A. The service name is prod_ai.
  B. DHCP base IP address is 192.168.1.100
  D. Five IP addresses are allocated for DHCP clients, starting with 192.168.1.100.
  F. The AI net image ISO file is located in /repo/prod and the net image ISO will be unpacked in /export/repo.

  ---

  explanation:

  A: -n

  Uses this install service name instead of default service name.

  B: -i

  Sets up a new DHCP server. The IP addresses, starting from dhcp_address_start, are set up.

  D: -c

  Sets up a total number of IP addresses in the DHCP table equal to the value of the count_of_ipaddr. The first IP address is the value of dhcp_ip_start that is provided by the -i option.

  F: -s

  Specifies location of AI ISO image to use for setting up the install service.

  Required: Specifies location to set up net image.

• Question 6:

  You upgraded your server to Oracle Solaris 11 and you imported zpool (pool1) that was created in Solaris 10. You need to create an encrypted ZFS file system in pool1, but first you need to make sure that your server supports ZFS encryption.

  Which four statements are true for support of ZFS encryption?

  A. The encrypted file system must have been created in Oracle Solaris11. To encrypt a ZFS file system from a previous version of Solaris, upgrade the zpool and create a new encrypted ZFS file system into the encrypted ZFS file system.
  B. If you plan to create an encrypted file system in an existing zpool, the zpool must be upgraded to ZFS version 30.
  C. ZFS encryption is integrated with the ZFS command set and no additional packages need to be installed.
  D. ZFS encryption requires that the ZFS Dataset Encryption package be installed.
  E. If you plan to create an encrypted file system in an existing zpool, the pool must be upgraded to ZFS version 21, minimum.
  F. Encryption is supported at the pool or dataset (file system) level.
  G. Encryption is supported at the pool level only for every file system in the pool will be encrypted.
  H. You cannot create an encrypted file system in a zpool that was created prior to oracle Solaris11. Create a new zpool in Solaris11, create an encrypted ZFS file system in the new zpool, and move or copy the data from the existing file system into the new encrypted file system.
  A. The encrypted file system must have been created in Oracle Solaris11. To encrypt a ZFS file system from a previous version of Solaris, upgrade the zpool and create a new encrypted ZFS file system into the encrypted ZFS file system.
  B. If you plan to create an encrypted file system in an existing zpool, the zpool must be upgraded to ZFS version 30.
  C. ZFS encryption is integrated with the ZFS command set and no additional packages need to be installed.
  F. Encryption is supported at the pool or dataset (file system) level.

  ---

  explanation:

  A (not H): You can use your existing storage pools as long as they are upgraded. You have the flexibility of encrypting specific file systems. B (not E): Can I enable encryption on an existing pool? Yes, the pool must be upgraded to pool

  version 30 to allow encrypted ZFS file systems and volumes.

  C (not D): ZFS encryption is integrated with the ZFS command set. Like other ZFS operations, encryption operations such as key changes and rekey are performed online. F (not G): Encryption is the process in which data is encoded for

  privacy and a key is needed by the data owner to access the encoded data. You can set an encryption policy when a ZFS dataset is created, but the policy cannot be changed.

• Question 7:

  Select two correct statements about the authentication services available in Oracle Solaris 11.

  A. Pluggable Authentication Modules (PAM) is used to control the operation of services such console logins and ftp.
  B. The Secure Shell can be configured to allow logins across a network to remote servers without transmitting passwords across the network.
  C. Secure Remote Procedure Calls (Secure RPC) provides a mechanism to encrypt data on any IP Socket connection.
  D. Pluggable Authentication Modules (PAM) is used to implement the Secure Shell in Oracle Solaris 11.
  E. Simple Authentication and Security Layer (SASL) provides a mechanism to authenticate and encrypt access to local file system data.
  A. Pluggable Authentication Modules (PAM) is used to control the operation of services such console logins and ftp.
  E. Simple Authentication and Security Layer (SASL) provides a mechanism to authenticate and encrypt access to local file system data.

  ---

  explanation:

  A: Pluggable Authentication Modules (PAM) are an integral part of the authentication mechanism for the Solaris. PAM provides system administrators with the ability and flexibility to choose any authentication service available on a system to perform end-user authentication.

  By using PAM, applications can perform authentication regardless of what authentication method is defined by the system administrator for the given client. PAM enables system administrators to deploy the appropriate authentication mechanism for each service throughout the network. System administrators can also select one or multiple authentication technologies without modifying applications or utilities. PAM insulates application developers from evolutionary improvements to authentication technologies, while at the same time allowing deployed applications to use those improvements.

  PAM employs run-time pluggable modules to provide authentication for system entry services.

  E: The Simple Authentication and Security Layer (SASL) is a method for adding authentication support to connection-based protocols. Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support proxy authorization, a facility allowing one user to assume the identity of another. They can also provide a data security layer offering data integrity and data confidentiality services. DIGEST-MD5 provides an example of mechanisms which can provide a data-security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL.

• Question 8:

  Review the storage pool information:

  

  Which statement describes the status of this storage pool?

  A. It is a RAIDZ storage pool and can withstand a single disk failure; data will be striped at: disk components.
  B. It is a double-parity RAIDZ storage pool and can withstand two disk failures; data will be striped across four disk components.
  C. It is an improperly configured RAIDZ storage pool; data will be striped across four disk components, but only three drives are protected with redundancy.
  D. It is an improperly configured RAIDZ storage pool; data will be striped across three disk components, but only three drives are protected with redundancy.
  D. It is an improperly configured RAIDZ storage pool; data will be striped across three disk components, but only three drives are protected with redundancy.

  ---

  explanation:

  Device c3t6d0 is not included in the RAIDZ storage pool. The other three devices are included in the raidz pool. The data on these devices are protected.

  Note: In addition to a mirrored storage pool configuration, ZFS provides a RAID-Z configuration with either single, double, or triple parity fault tolerance. Single-parity RAID-Z (raidz or raidz1) is similar to RAID-5. Double-parity RAID-Z (raidz2) is similar to RAID-6.

• Question 9:

  Before booting test zone a non-global zone, you want to connect to the zone's console so that you can watch the boot process.

  Choose the command used to connect to testzone's console.

  A. zoneadm -C testzone
  B. zoneadm -console testzone
  C. zlogin - z testzone console
  D. zlogin - z testzone - C
  E. zlogin -C testzone
  F. zoneadm - testzone - c
  E. zlogin -C testzone

  ---

  explanation:

  The following options are supported:

  C

  Connects to the zone console. Connects to the zone console.

  Note:

  After you install a zone, you must log in to the zone to complete its application environment. You might log in to the zone to perform administrative tasks as well. Unless the -C option is used to connect to the zone console, logging in to a zone

  using zlogin starts a new task. A task cannot span two zones

• Question 10:

  View the Exhibit to see the information taken from the installation log file.

  Based on the information presented in the Exhibit, which two options describe the state of the system when the server is booted for the first time after the installation is complete?

  

  A. NWAM will be used to configure the network interface.
  B. The network/physical service is offline.
  C. You cannot log in from the console as root. You must first log in as a user and then su to root account.
  D. The root user can log in from the console login.
  E. You will be prompted to configure the network interface after the initial login.
  B. The network/physical service is offline.
  D. The root user can log in from the console login.