Oracle Oracle Certifications 1Z0-821 Questions & Answers

• Question 1:

  Which two options accurately describe the network characteristics of a zone?

  A. DHCP address assignment cannot be configured in a shared IP zone.

  B. Shared IP is the default type of network configuration.

  C. Exclusive IP is the default type of network configuration.

  D. By default, all IP addresses, netmasks, and routes are set by the global zone and cannot be altered in a non global zone.

  E. IPMP cannot be managed within the non-global zone.

  F. Commands such as snoop and dladm cannot be used on datalinks that are in use by a running zone.

  Correct Answer: AB

  A: Non-global zones can not utilize DHCP (neither client nor server). B (not C): By default, non-global zones will be configured with a shared IP functionality. What this means is that IP layer configuration and state is shared between the zone you're creating and the global zone. This usually implies both zones being on the same IP subnet for each given NIC.

  Note: A zone is a virtual operating system abstraction that provides a protected environment in which applications run. The applications are protected from each other to provide software fault isolation. To ease the labor of managing multiple applications and their environments, they co-exist within one operating system instance, and are usually managed as one entity.

  The original operating environment, before any zones are created, is also called the "global zone" to distinguish it from non-global zones, The global zone is the operating system instance.

  Incorrect answer:

  E: Exclusive-IP zones can use IPMP. IPMP is configured the same way in an exclusive-IP zone as it is on

  a system not using zones.

  For shared-IP zones, IPMP can be configured in the global zone.

  F: Full IP-level functionality is available in an exclusive-IP zone.

  An exclusive-IP zone has its own IP-related state.

  An exclusive-IP zone is assigned its own set of data-links using the zonecfg command. The zone is given a

  data-link name such as xge0, e1000g1, or bge32001, using the physical property of the net resource. The

  address property of the net resource is not set.

  Note that the assigned data-link enables the snoop command to be used.

  The dladm command can be used with the show-linkprop subcommand to show the assignment of data-links to running exclusive-IP zones.

• Question 2:

  You have a user that needs to use the cron tool to schedule some repetitive tasks. When the user enters the crontab 璭 command in a terminal window, the following error appears:

  crontab: you are not authorized to use cron. Sorry

  In order to troubleshoot this issue, in what directory would you start your invest

  A. /etc/cron.d

  B. /var/spool/cron

  C. /var/spool/cron/crontable

  D. /var/spool/cron/atjobs

  Correct Answer: A

  crontab: you are not authorized to use cron. Sorry.

  This message means that either the user is not listed in the cron.allow file (if the file exists), or the user is

  listed in the cron.deny file.

  You can control access to the crontab command by using two files in the /etc/cron.d directory: cron.deny and cron.allow. These files permit only specified users to perform crontab command tasks such as creating, editing, displaying, or removing their own crontab files.

  The cron.deny and cron.allow files consist of a list of user names, one user name per line.

• Question 3:

  Select two statements that correctly describe the capabilities of the Distribution Constructor.

  A. ISO images for use with the Automated Installer (AI) can be created.

  B. Bootable USB images can be created for SPARC and x86 architectures.

  C. A single installation server can be used to create ISO images for SPARC and x86 architectures.

  D. Checkpoints can be used to pause the build, allowing scripts to run that modify the resulting ISO Image.

  E. A single Installation server can be used to create ISO images for Solaris 10 and Solaris11 operating systems.

  Correct Answer: AD

  A: You can use the distribution constructor to create the following types of Oracle Solaris images:

  *

  (A) x86 or SPARC ISO Image for Automated Installations

  *

  Oracle Solaris x86 live CD image

  *

  x86 or SPARC Oracle Solaris text installer image

  *

  x86 Oracle Solaris Virtual Machine

  Note: You can use the distribution constructor to build custom Oracle Solaris images. Then, you can use the images to install the Oracle Solaris software on individual systems or multiple systems. You can, also, use the distribution constructor to create Virtual Machine (VM) images that run the Oracle Solaris operating system.

  D: Checkpointing Options

  You can use the options provided in the distro_const command to stop and restart the build process at

  various stages in the image-generation process, in order to check and debug the image that is being built.

  This process of stopping and restarting during the build process is called checkpointing.

• Question 4:

  You are setting up an automated installer (AI) install server and issue the following command:

  installadm create-service -n prod_ai -s /repo/prod_ai.iso \

  -i 192.168.1.100 -c 5 -d /export/repo Which four options describe the install server that you have configured?

  A. The service name is prod_ai.

  B. DHCP base IP address is 192.168.1.100

  C. The initial IP address for the install clients will be 192.168.1.100. This IP address is temporary. After the client is booted, it will use IP addresses in the following range: 192.168.1.101-105.

  D. Five IP addresses are allocated for DHCP clients, starting with 192.168.1.100.

  E. The Install server will support up to five clients.

  F. The AI net image ISO file is located in /repo/prod and the net image ISO will be unpacked in /export/ repo.

  G. The AI net image ISO file is located in /repo/repo and is named /repo/prod/_ai.iso.

  Correct Answer: ABDF

  A: -n

  Uses this install service name instead of default service name.

  B: -i

  Sets up a new DHCP server. The IP addresses, starting from dhcp_address_start, are set up.

  D: -c

  Sets up a total number of IP addresses in the DHCP table equal to the value of the count_of_ipaddr. The

  first IP address is the value of dhcp_ip_start that is provided by the -i option.

  F: -s

  Specifies location of AI ISO image to use for setting up the install service.

  Required: Specifies location to set up net image.

• Question 5:

  User1 is attempting to assist user2 with terminating user2's process 1234.

  User1 entered the following: kill -9 1234

  Why does the process continue to run?

  A. You can kill a process only if you are root.

  B. You can kill only a process that you own.

  C. You can kill the process only with the pkill command.

  D. You need to kill the process with a stronger kill signal.

  Correct Answer: B

  Kill -9 Kill (terminates without cleanup) Only works if issued by process owner or super user (root) The program cannot respond to this signal; it must terminate

  Note: Unix provides security mechanisms to prevent unauthorized users from killing other processes. Essentially, for a process to send a signal to another, the owner of the signaling process must be the same as the owner of the receiving process or be the superuser.

• Question 6:

  You upgraded your server to Oracle Solaris 11 and you imported zpool (pool1) that was created in Solaris

  10. You need to create an encrypted ZFS file system in pool1, but first you need to make sure that your server supports ZFS encryption.

  Which four statements are true for support of ZFS encryption?

  A. The encrypted file system must have been created in Oracle Solaris11. To encrypt a ZFS file system from a previous version of Solaris, upgrade the zpool and create a new encrypted ZFS file system into the encrypted ZFS file system.

  B. If you plan to create an encrypted file system in an existing zpool, the zpool must be upgraded to ZFS version 30.

  C. ZFS encryption is integrated with the ZFS command set and no additional packages need to be installed.

  D. ZFS encryption requires that the ZFS Dataset Encryption package be installed.

  E. If you plan to create an encrypted file system in an existing zpool, the pool must be upgraded to ZFS version 21, minimum.

  F. Encryption is supported at the pool or dataset (file system) level.

  G. Encryption is supported at the pool level only for every file system in the pool will be encrypted.

  H. You cannot create an encrypted file system in a zpool that was created prior to oracle Solaris11. Create a new zpool in Solaris11, create an encrypted ZFS file system in the new zpool, and move or copy the data from the existing file system into the new encrypted file system.

  Correct Answer: ABCF

  A (not H): You can use your existing storage pools as long as they are upgraded. You have the flexibility of encrypting specific file systems. B (not E): Can I enable encryption on an existing pool? Yes, the pool must be upgraded to pool version 30 to allow encrypted ZFS file systems and volumes. C (not D): ZFS encryption is integrated with the ZFS command set. Like other ZFS operations, encryption operations such as key changes and rekey are performed online. F (not G): Encryption is the process in which data is encoded for privacy and a key is needed by the data owner to access the encoded data. You can set an encryption policy when a ZFS dataset is created, but the policy cannot be changed.

• Question 7:

  Select two correct statements about the authentication services available in Oracle Solaris 11.

  A. Pluggable Authentication Modules (PAM) is used to control the operation of services such console logins and ftp.

  B. The Secure Shell can be configured to allow logins across a network to remote servers without transmitting passwords across the network.

  C. Secure Remote Procedure Calls (Secure RPC) provides a mechanism to encrypt data on any IP Socket connection.

  D. Pluggable Authentication Modules (PAM) is used to implement the Secure Shell in Oracle Solaris 11.

  E. Simple Authentication and Security Layer (SASL) provides a mechanism to authenticate and encrypt access to local file system data.

  Correct Answer: AE

  A: Pluggable Authentication Modules (PAM) are an integral part of the authentication mechanism for the Solaris. PAM provides system administrators with the ability and flexibility to choose any authentication service available on a system to perform end-user authentication.

  By using PAM, applications can perform authentication regardless of what authentication method is defined by the system administrator for the given client. PAM enables system administrators to deploy the appropriate authentication mechanism for each service throughout the network. System administrators can also select one or multiple authentication technologies without modifying applications or utilities. PAM insulates application developers from evolutionary improvements to authentication technologies, while at the same time allowing deployed applications to use those improvements.

  PAM employs run-time pluggable modules to provide authentication for system entry services.

  E: The Simple Authentication and Security Layer (SASL) is a method for adding authentication support to connection-based protocols. Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms from application protocols, in theory allowing any authentication mechanism supported by SASL to be used in any application protocol that uses SASL. Authentication mechanisms can also support proxy authorization, a facility allowing one user to assume the identity of another. They can also provide a data security layer offering data integrity and data confidentiality services. DIGEST-MD5 provides an example of mechanisms which can provide a data-security layer. Application protocols that support SASL typically also support Transport Layer Security (TLS) to complement the services offered by SASL.

• Question 8:

  zone1 is a non-global zone that has been configured and installed.

  zone1 was taken down for maintenance, and the following command was run:

  zoneadm -z zone1 mark incomplete

  The following information is displayed when listing the zones on your system: Which task needs to be performed before you can boot zone1?

  

  A. The zone needs to be installed.

  B. The zone needs to be brought to the ready state.

  C. The zone needs to be uninstalled and reinstalled.

  D. The zone needs to be brought to the complete state.

  Correct Answer: C

  If administrative changes on the system have rendered a zone unusable or inconsistent, it is possible to change the state of an installed zone to incomplete. Marking a zone incomplete is irreversible. The only action that can be taken on a zone marked incomplete is to uninstall the zone and return it to the configured state.

• Question 9:

  In an effort to reduce storage space on your server, you would like to eliminate duplicate copies of data in your server's ZFS file systems.

  How do you specify that pool1/data should not contain duplicate data blocks (redundant data) on write operations?

  A. zfs create - o compression=on pool1/data

  B. zpool create -o deduplication =on pool1; zfs create pool1/data

  C. zfs create - o deduplication=on pool1; zfs create pool1/data

  D. zfs create - o dedupratio=2 pool1/data

  E. zfs create - o dedup=on pool1/data

  Correct Answer: E

  ZFS Deduplication Property Solaris Express Community Edition, build 129: In this Solaris release, you can use the deduplication property to remove redundant data from your ZFS file systems. If a file system has the dedup property enabled, duplicate data blocks are removed synchronously. The result is that only unique data is stored and common components are shared between files.

  You can enable this property as follows: # zfs set dedup=on tank/home

• Question 10:

  You need to know the IP address configured on interface net3, and that the interface is up. Which command confirms these?

  A. ipadm show-if

  B. ipadm up-addr

  C. ipadm show-addr

  D. ipadm enable-if

  E. ipadm refresh-addr

  F. ipadm show-addrprop

  Correct Answer: C

  Show address information, either for the given addrobj or all the address objects configured on the specified interface, including the address objects that are only in the persistent configuration.

  State can be: disabled, down, duplicate, inaccessible, ok, tentative

  Example: # ipadm show-addr ADDROBJ TYPE STATE ADDR lo0/v4 static ok 127.0.0.1/8 lo0/v6 static ok ::1/128