View the Exhibit to inspect the boot environment Information displayed within a non global zone on
your system.
Which two options describe the solaris-1 boot environment?
A,E
Explanation:
A: The of the Active Column indicates that this boot environment is inactive, and hence not
bootable.
Note: The values for the Active column are as follows:
R Active on reboot.
N Active now.
NR Active now and active on reboot.
- Inactive.
! Unbootable boot environments in a non-global zone are represented by an exclamation point.
http://docs.oracle.com/cd/E23824_01/html/E21801/unbootable.html#scrolltoc
The COMSTAR framework provides support for the iSCSI protocol.
Select three options that correctly describe the COMSTAR framework.
B,D,E
Explanation:
B: By carrying SCSI commands over IP networks, the iSCSI protocol enables you to access block
devices from across the network as if they were connected to the local system. COMSTAR provides
an easier way to manage these iSCSI target devices.
D: Common Multiprotocol SCSI TARget, or COMSTAR, a software framework that enables you to
convert any Oracle Solaris 11 host into a SCSI target device that can be accessed over a storage
network by initiator hosts.
E: One IP port can handle multiple iSCSI target devices.
Your task is to convert a JumpStart sysidcfg file to an Automated Installer (AI) sc_profile.xml file,
using js2ai.
Select two unsupported items that will require changes.
A,D
Explanation:
A: terminal
The js2ai tool does not perform any translation. Make sure the terminal type speciied in the sysidcfg
ile is supported in Oracle Solaris 11.
D: system_locale
The js2ai tool does not perform any translation. Make sure the locale specified in the sysidcfg ile is
supported in Oracle Solaris 11.
A change in your companys security policy now requires an audit trial of all administrators assuming
the sysadm role, capturing:
There are two command necessary to accomplish this change. One is a rolemod command. What is
the other?
B
Explanation:
Audit Significant Events in Addition to Login/Logout (see step 2 below)
Use this procedure to audit administrative commands, attempts to invade the system, and other
significant events as specified by your site security policy.
For all users and roles, add the AUE_PFEXEC audit event to their preselection mask.
# usermod -K audit_flags=lo, ps:no username
# rolemod -K audit_flags=lo, ps:no rolename
# auditconfig -setpolicy +argv
3- Record the environment in which audited commands are executed.
# auditconfig -setpolicy +arge
Note: [-t] -setpolicy [+|-]policy_flag[, policy_flag ...]
Set the kernel audit policy. A policy policy_flag is literal strings that denotes an audit policy. A prefix
of + adds the policies specified to the current audit policies. A prefix of - removes the policies
specified from the current audit policies. No policies can be set from a local zone unless the perzone
policy is first set from the global zone.
You are creating a non-global zone on your system.
Which option assigns a zpool to a non-global zone, and gives the zone administrator permission to
create zfs file system in that zpool?
C
Explanation:
http://docs.oracle.com/cd/E19253-01/819-5461/gbbst/index.html
The current ZFS configuration on server is:
You need to backup the /data file system while the file system is active.
Select the option that creates a full backup of the /data file system and stores the backup on server in
the pool named backup.
C
Explanation:
http://docs.oracle.com/cd/E23823_01/html/819-5461/ghzvz.html
You created a new zpool. Now you need to migrate the existing ZFS file system from pool1/prod to
pool2/prod.
You have these requirements:
1. Users must have access to the data during the migration, so you cannot shutdown the file system
while the migration takes place.
2. Because you want to copy the data as quickly as possible, you need to increase the server
resources devoted to the ZFS migration.
Which method would you use to modify the ZFS shadow migration daemon defaults to increase the
concurrency and overall speed of migration?
A
Explanation:
shadowd is a daemon that provides background worker threads to migrate data for a shadow
migration. A shadow migration gradually moves data from a source file system into a new shadow
file system. Users can access and change their data within the shadow file system while migration is
occurring.
The shadowd service is managed by the service management facility, smf(5). Administrative actions
on this service, such as enabling, disabling, or requesting restart, can be performed using
svcadm(1M). The service's status can be queried using the svcs(1) command.
The svccfg(1M) command can be used to manage the following parameter related to shadowd:
config_params/shadow_threads
Note: Oracle Solaris 11: In this release, you can migrate data from an old file system to a new file
system while simultaneously allowing access and modification of the new file system during the
migration process.
Setting the shadow property on a new ZFS file system triggers the migration of the older data. The
shadow property can be set to migrate data from the local system or a remote system with either of
the following values:
file:///path
nfs://host:path
You are troubleshooting the Oracle Solaris11 Automated Installer (AI), which is not connecting with
the IPS software repository.
Which three steps will help determine the cause of DNS name resolution failure?
A,B,F
Explanation:
Check DNS
* (A) Check whether DNS is configured on your client by verifying that a non-empty /etc/resolv.conf
file exists.
* (F) If /etc/resolv.conf does not exist or is empty, check that your DHCP server is providing DNS
server information to the client:
# /sbin/dhcpinfo DNSserv
If this command returns nothing, the DHCP server is not set up to provide DNS server information to
the client. Contact your DHCP administrator to correct this problem.
* (B) If an /etc/resolv.conf file exists and is properly configured, check for the following possible
problems and contact your system administrator for resolution:
** The DNS server might not be resolving your IPS repository server name.
** No default route to reach the DNS server exists.
New features wore added to ZFS in Oracle Solaris11. Your justification to upgrade from Solaris10 to
oracle Solaris11 is that it will be possible to take advantage of the enhancements that were made to
ZFS.
Identify the three ZFS functions and features that are included in Oracle Solaris 11, but not in Solaris
10.
A,B,C
Explanation:
http://www.oracle.com/technetwork/server-storage/solaris11/overview/solaris-matrix-1549264.html
You are setting up a local IPS package repository on your Oracle Solaris11 server:
solaris.example.com.
You want to point the existing local IPS publisher to the new local IPS repository located in /repo.
These are the stops that you have followed:
1. Download and rsync the contents of the Oracle Solaris11 repository ISO image to the /repo
directory.
2. Configure the repository server service properties. The svcprop command display, the IPS related
properties:
pkg/inst_root astring/repo
pkg/readonly Boolean true
The 1s command displays the contents of the /repo directory:
#ls/repo
Pkg5.repository publisher
The svcs publisher command shows the svc: /application/pkg/server: default service is online.
The pkg publisher command shows the svc: /application/pkg/server: default service is online.
The pkg publisher command still displays:
PUBLISHERTYPESTATUSURI
solarisoriginonlinehttp://pkg.oracle.com/solaris/release/
Which steps needs to be performed to set the local IPS publisher to the local IPS repository/repo?
C
Explanation:
Set the Publisher Origin To the File Repository URI
To enable client systems to get packages from your local file repository, you need to reset the origin
for the solaris publisher. Execute the following command on each client:
Example:
# pkg set-publisher -G '*' -M '*' -g /net/host1/export/repoSolaris11/ solaris
United States of America export laws include restrictions on cryptography.
Identify the two methods with which these restrictions are accommodated in the Oracle Solaris 11
Cryptographic Framework.
B,C
Explanation:
B: Binary Signatures for Third-Party Software
The elfsign command provides a means to sign providers to be used with the Oracle Solaris
Cryptographic Framework. Typically, this command is run by the developer of a provider.
The elfsign command has subcommands to request a certificate from Sun and to sign binaries.
Another subcommand verifies the signature. Unsigned binaries cannot be used by the Oracle Solaris
Cryptographic Framework. To sign one or more providers requires the certificate from Sun and the
private key that was used to request the certificate.
C: Export law in the United States requires that the use of open cryptographic interfaces be
restricted. The Oracle Solaris Cryptographic Framework satisfies the current law by requiring that
kernel cryptographic providers and PKCS #11 cryptographic providers be signed.
View the Exhibit and review the zpool and ZFS configuration information from your system.
Identify the correct procedure for breaking the /prod_data mirror, removing c4t0d0 and c4t2d0, and
making the data on c4t0d0and c4t2d0 accessible under the dev_data mount point.
D
Explanation:
In this Solaris release, you can use thezpool splitcommand to split a mirrored storage pool, which
detaches a disk or disks in the original mirrored pool to create another identical pool.
After the split operation, import the new pool.
You need to set up a local package repository to serve 75 client systems. Multiple clients will being
the package repository concurrently and you need to ensure that the local repository performs very
well under this heavy load, especially during package intensive operations.
Which option would ensure the best performance of the repository during package-intensive rations
by multiple clients?
A
You run the command dlstat show-link -r.
Select the two correct statements regarding the information displayed in the INTRS column.
C,E
Explanation:
In this output, the statistics for interrupt (INTRS) are significant. Low interrupt numbers indicate
greater efficiency in performance. If the interrupt numbers are high, then you might need to add
more resources to the specific link.
Example:
# dlstat -r -i 1
LINK IPKTS RBYTES INTRS POLLS CH<10 CH10-50 CH>50
e1000g0 101.91K 32.86M 87.56K 14.35K 3.70K 205 5
nxge1 9.61M 14.47G 5.79M 3.82M 379.98K 85.66K 1.64K
vnic1 8 336 0 0 0 0 0
e1000g0 0 0 0 0 0 0 0
nxge1 82.13K 123.69M 50.00K 32.13K 3.17K 724 24
vnic1 0 0 0 0 0 0 0
Note: dlstat show-link [-r [-F] | -t] [-i interval] [-a] [-p] [ -o field[, ...]] [-u R|K|M|G|T|P] [link]
Display statistics for a link.
-r
Display receive-side statistics only. Includes bytes and packets received, hardware and software
drops, and so forth.
List of supported RX fields:
link
iusedby
ibytes
ipkts
intrs
polls
hdrops: hardware drops
sdrops: software drops (owing to bandwidth enforcement)
ch<10: number of packet chains of length < 10
ch10-50: number of packet chains of length between 10 and 50
ch>50: number of packet chains of length > 50
Identify three options that describe the new Oracle Solaris 11 zone features.
A,B,D
Explanation:
A: The beadm utility includes support for creating and administering non-global zone boot
environments.
Note: A boot environment is a bootable instance of the Oracle Solaris operating system image plus
any other application software packages installed into that image. System administrators can
maintain multiple boot environments on their systems, and each boot environment can have
different software versions installed.
B: Role-based access control (RBAC) is a security feature for controlling user access to tasks that
would normally be restricted to the root role. By applying security attributes to processes and to
users, RBAC can divide up superuser capabilities among several administrators.