solaris 11 advanced system administrator

8/18/2019 Solaris 11 Advanced System Administrator

1/106


2/106

www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn

Exam A

QUESTION 1Consider the following commands on a newly installed system:

zfs set compression=on rpoolzfs get H o source compression rpool

What is the output of the second command?

A. default

B.

C. local

D. on

Correct Answer: CSection: (none)Explanation

Explanation/Reference:Explanation:The zfs get command supports the -H and -o options, which are designed for scripting. You can use the -H option to omit header information and toreplace white space with the Tab character. Uniform white space allows for easily parseable data. You can use the -o option to customize the output inthe following ways:

* The literal name can be used with a comma-separated list of properties as defined in the Introducing ZFS Properties section.

* A comma-separated list of literal fields, name, value, property, and source, to be output followed by a space and an argument, which is a comma-separated list of properties.

The following example shows how to retrieve a single value by using the -H and -o options of zfs get:

# zfs get -H -o value compression tank/homeon

QUESTION 2You want to create a ZFS file system with the following specifications:

lzjb compression enabledCannot consume more than 2 GB from the storage poolRedundant data at the block level eliminatedMounted as /data


3/106


Which command creates the desired file system?

A. zfs create o mountpoint=/data,compression=on,algorithm=lzjb,deduplication=on,quota=2g /pool1/data

B. zfs create o mountpoint=/data compression=on algorithm=lzjb deduplication=on quota=2g /pool1/data

C. zfs create o mountpoint=/data o compression=on o dedup=on o quota=2g /pool1/data

D. zfs create o mountpoint=/data o compression=on o algorithm=lzjb o deduplication=on o quota=2g /pool1/data

E. zfs create pool/data zfs set mountpoint=/data,quota=2g, dedup=on,compression=on /pool1/data


Explanation/Reference:Explanation:Not on compression setting:compression=on | off | lzjb | gzip | gzip-N

Controls the compression algorithm used for this dataset. The "lzjb" compression algorithm is optimized for performance while providing decent datacompression. Setting compression to "on" uses the "lzjb" compression algorithm.Incorrect:Not A, Not E: Should not use commas like this.Not B, Not D: There is no property algorithm named to this command. To specify the use of the lzjb compression command we must usecompression=lzjb.

QUESTION 3Which two zpool subcommands will permanently remove a submirror from active storage pool?

A. remove

B. detach

C. destroy

D. offline

E. replace

F. split

G. zpool does not permit this operation on an active storage pool unless the submirror faults.

Correct Answer: ABSection: (none)Explanation

Explanation/Reference:


4/106


Explanation:

zpool detach pool device

Detaches device from a mirror. The operation is refused if there are no other valid replicas of the data.

QUESTION 4You have a ZFS pool that contains a hierarchy of data file systems. You create snapshots of the file systems and you created a clone (dpool/export/CID)of the dpool/export/home/CID file systems. The file systems are as follows:

Now you remove a file from the cloned file system:

root@sll-server1:~# rm /export/CID/core.bash.8070

How will space usage be changed for dpool/export/CID?

A. The USED value will increase and the REFER value will decrease; the AVAIL value will be unchanged.

B. The USED value will decrease and the REFER value will increase; the AVAIL value will increase.

C. The USED value will decrease, the REFER value will decrease; the AVAIL value will increase.

D. USED, REFER and the AVAIL value will be unchanged.

Correct Answer: ASection: (none)

Explanation


QUESTION 5To reduce the use at storage space on your server, you want to eliminate duplicate copies of data in your server’s ZFS file systems. How do you specifythat pool1/data should not contain duplicate data blocks on write operations?

A. zfs create o compression=on pool1/data

B. zpool create o deduplication=on pool1 ; zfs create pool1/data

C. zpool create o dedupratio=on pool1 ; zfs create pool1/data


5/106


D. zfs create o dedupratio=2 pool1/data

E. zfs create o dedup=on pool1/data

Correct Answer: ESection: (none)Explanation

Explanation/Reference:Explanation:To c reate a file system with deduplication:

root@solaris:~# zfs create -o dedup=on

Note: If you have a storage pool named ’tank’ and you want to use dedup, just type this:

zfs set dedup=on tank

QUESTION 6

Which option lists default checkpoints for building an image using the Distribution Constructor?

A. manifest-valid and ba-init

B. ba-arch and grub-setup

C. ransfer-ips-install and pre-pkg-img-mod

D. pkg-img mod and create-usb



Explanation:The following list provides a brief description of each default checkpoint in the order the checkpoints are executed in most manifests.

transfer-ips-install At this checkpoint, the distribution constructor contacts the IPS publishers and adds to the image the packages that are listed in thesoftware_data element of the manifest.

set-ips-attributes At this checkpoint, the constructor sets the publisher to be used by the installed system. The values set by this checkpoint are notrelevant if you are building an automated installation image.

pre-pkg-img-mod At this checkpoint, the constructor imports into the image the SMF service files that were specified in the configuration element of themanifest. Also, the constructor modifies some files to optimize the image.


6/106


QUESTION 7Which two statements describe the capabilities of the Distribution Constructor?

A. ISO images for use with the Automated Installer (AI) can be created.

B. Bootable USB images can be created for SPARC and x86 architectures.

C. A single installation server can be used to create ISO images, for SPARC and x86 architectures.

D. Checkpoints are used to pause the build, thereby allowing the running of a script to modify the resulting ISO image.

E. A single installation server can be used to create ISO images for Solaris 10 and Solaris 11.0 operating systems.

Correct Answer: ADSection: (none)Explanation

Explanation/Reference:Explanation:

A: Oracle Solaris Image Types include:x86 or SPARC ISO Image for Automated Installations The Oracle Solaris release includes the automated installer tool. The automated installer (AI) isused to automate the installation of the Oracle Solaris OS on one or more SPARC and x86 systems over a network.

D:* You can also create custom scripts to modify your installation image. Then, you can add checkpoints to the manifest file to run these custom scripts.* You can use the options provided in the distro_const command to stop and restart the build process at various stages in the image-generationprocess, in order to check and debug the image that is being built. This process of stopping and restarting during the build process is calledcheckpointing. Checkpointing is optional. Default checkpoints are specified in each manifest file.Incorrect:Not B: Only for x86, not for SPARC-Oracle Solaris x86 LiveCD You can create an x86 ISO image that is comparable to the LiveCD image that’s distributed as an Oracle Solaris release.You can also modify the content of this ISO image by adding or removing packages. You can revise the default settings for the resulting bootedenvironment to create a custom ISO image or USB image.

Note: The distribution constructor creates images based on settings specified in XML files, called manifest files. The manifest files contain specificationsfor the contents and parameters for the ISO images that you create using the distribution constructor. The distribution-constructor package providessample manifests that can be used to create a custom x86 Live Media ISO, an x86 or SPARC Automated Install ISO image, or an x86 or SPARC textinstallation ISO image.

The elements in each manifest file provide preset, default values that will create the type of ISO image you need. You can manually edit these presetelements in a manifest file to customize the resulting image. In addition, you can create custom scripts to further modify your image. Then, reference thenew scripts in the manifest file.

QUESTION 8Your colleague is administering the company’s Automated Install server and is using a custom manifest. You now plan to replace the default AI manifestwith the custom manifest. Which installadm subcommand must you use to replace the default AI manifest?


7/106


A. update-service

B. update-manifest

C. set-service

D. create-manifest

E. create-service

F. set-manifest

Correct Answer: BSection: (none)Explanation

Explanation/Reference:Explanation:Explain:If you want to change the content of a manifest or script that has already been added to an install service, use the installadm update-manifestcommand. Criteria, default status, and manifest_or_script_name are not changed as a result of the update.

# installadm update-manifest -n s11-x86-f ./newregion1.xml -m region1The create-manifest and update-manifest subcommands validate XML manifest files before adding them to the install service. AI syntactically validatesthe AI manifests at client installation time. Note - If an invalid manifest is provided to a client, the automated installation aborts. To investigate the causeof the validation failure, see the /system/volatile/install_log on the client.

QUESTION 9You are using AI to install a now operating system. You add the following information to the AI manifest:


8/106



QUESTION 10You are the administrator of on Oracle Solaris 11 AI server. You added a client. Then you created a custom manifest, custom criteria, and a customprofile for the client.You made an error in the package path within the custom manifest.When will the error appear?

A. when the manifest is checked during client preinstall

B. when the manifest is used during client install

C. when the manifest is updated on the AI server

D. when the manifest is added to the AI server

Correct Answer: DSection: (none)Explanation

Explanation/Reference:Note:* The default AI manifest must work for any client that does not match a custom manifest, for any service based on this image.

QUESTION 11You plan to use the Automated Installer (AI) to install a nonglobal zone named zone1. You created custom manifest for the nonglobal zone and named itzone1manifest. Which command must you use to add this custom manifest to the s11-sparc install service and associate this custom manifest with thenonglobal zone?

A. installadm create-profile n s11-sparc f /term/zone1manifest.xml c zonename="zone1"

B. installadm create-manifest n s11-sparc f /term/zone1manifest.xml m zone1manifest c zonename="zone1"

C. installadm create-client n s11-sparc f /term/zone1manifest.xml m zone1manifest c zonename="zone1"

D. installadm create-server n s11-sparc f /term/zone1manifest.xml m zone1manifest c zonename="zone1"


Explanation/Reference:Explanation:Install services are created with a default AI manifest, but customized manifests or derived manifests scripts (hereafter called "scripts") can be added toan install service by using the create-manifest subcommand.


9/106


* Example: Add the new AI manifest to the appropriate AI install service, specifying criteria that define which clients should use these installation instructions.

# installadm create-manifest -n s11-x86 -f ./mem1.xml -m mem1 \ -c mem="2048-unbounded"

* Syntaxinstalladm create-manifest -n|--service svcname

-f|--file manifest_or_script_filename[-m|--manifest manifest_name][-c|--criteria criteria=value|list|range... |-C|--criteria-file criteriafile][-d|--default]

QUESTION 12You are using the distribution constructor to build a custom text installer. You copied and modified the default test installer XML file and issued thefollowing command to build image:

# /usr/bin/distro_const build v /usr/share/distro_const/new-dc_ai_x86.xml

How will the checkpoints in the distribution constructor be used by this command?

A. The distribution constructor will create a snapshot of the data directory at a checkpoint and report errors the log file until completed.

B. The distribution constructor will stop at each checkpoint until you issue a distro_const restart command.

C. The distribution constructor will not use checkpoints without the correct CLI option added to the command.

D. The distribution constructor will stop at a checkpoint only if an error is encountered during the image build.


Explanation/Reference:Explanation:Only verbose mode is selected (-v) not checkpoints options.

* You can use the options provided in the distro_const command to stop and restart the build process at various stages in the image-generation processin order to check and debug the image that is being built. This process of stopping and restarting during the build process is called checkpointing.Checkpointing is optional.

Note:* You can use the options provided in the distro_const command to stop and restart the build process at various stages in the image-generationprocess, in order to check and debug your selection of files, packages, and scripts for the image that is being built. This process uses the checkpointingoptions that are available in the distro_const command.


10/106


* distro_const Command Options/ distro_const build manifestBuilds an image in one step using specified manifest file / distro_const build -vVerbose mode/ distro_const build -l manifestLists all valid checkpoints at which you can pause and resume building an image / distro_const build -p checkpoint_name manifestPauses building an image at a specified checkpoint

/ distro_const build -r checkpoint_name manifestResumes building an image from a specified checkpoint/ distro_const build -hDisplays help for the command

* After you have set up the manifest file that you plan to use and, if desired, customized the finalizer scripts, you are ready to build an image by runningthe distro_const command.

You can use the distro_const command to build an image in either of the following:

In one step

Pausing and restarting the build as needed to examine the content of the image and debug the scripts during the build process

QUESTION 13Your company’s security policy prohibits access to the Internet. You already installed an instance of Oracle Solaris 11 on an M-series server for basetesting. You used the text install media to install the system. You also installed a package repository on the same system. There are 10 M-seriesservers that have just been installed on the local network. Can you immediately install an AI server on your testing machine order to install OracleSolaris 11 on these 10 servers?

A. Yes, by using the existing Solaris 10 Jumpstart server.

B. Yes, by using the text install media for the AI software.

C. Yes, by using the Installed package repository.

D. No, you must download the AI .iso image from Oracle first.

E. No, the Solaris large-server group must be installed because it contains the AI setup tools.

F. No, the Solaris 11 full n repository must be installed on the AI server.

G. No, you must have a prebuilt image that was created by the distribution constructor.




11/106


QUESTION 14You have set resource controls on a project. Now you want to set up syslog to monitor a particular resource control and log a message whenever theresource control is exceeded. Which option would you choose to activate logging on the global resource control facility to establish a syslog action on aresource control?

A. Use the rctladm command to enable the global syslog attribute of a resource control.

B. Use the prctl command to enable the global syslog attribute of resource control.C. Use the ipcs command to enable the global syslog attribute of a resource control.

D. Use the setrctl command to enable the global syslog attribute of a resource control.

E. By default, global logging of resource control violations is already enabled. Make an entry in the syslog.conf file and refresh the system-log service.

Correct Answer: ASection: (none)Explanation

Explanation/Reference:Explanation:Global Monitoring of Resource Control EventsOften, the resource consumption of processes is unknown. To get more information, try using the global resource control actions that are available withthe rctladm command. Use rctladm to establish a syslog action on a resource control. Then, if any entity managed by that resource control encounters athreshold value, a system message is logged at the configured logging level.

QUESTION 15Consider the following command:

zonestat q r physical-memory R high z dbzone p P "zones" 10 24h 60m

What data will this command report?

A. The dbzone’s physical memory usage every hour for a day, displaying the 10 higher usage intervals for each hour.

B. All the dbzone’s resource usage, excluding physical memory, 10 times an hour for a day.C. The dbzone’s CPU, virtual memory, and networking utilization every hour for a day, displaying top 10 usage intervals.

D. The dbzone’s memory and CPU utilization every 10 seconds for a day, displaying peak usage each hour.

E. The dbzone’s physical memory usage every 10 seconds for a day. displaying peak usage each hour.




12/106


* Example 1:

* man zonestat -q Quiet mode. Only print summary reports (requires the -R option). All interval reports are omitted. -r resource[,resource] Specifyresource types on which to report. The available resources are: physical-memory, virtual-memory, locked- memory, processor- set, processes, lwps,shm-memory, shm-ids, sem-ids, msg-ids, lofi, and network. summary A summary of cpu, physical-memory, virtual memory, and network usage.* Example 2 :The following command monitors silently at a 10 second interval for 24 hours, producing a total and high report every 1 hour:

# zonestat -q -R total,high 10s 24h 1h

QUESTION 16Consider the following command and output:

user$ newtask v p canadaIdentify the output.

A. he task ID for the project canada

B. he project ID for the project canada

C. he task ID for the shell

D. he task ID for all jobs already running in the shell


Explanation/Reference:Explanation:Example 1: Creating a New Shell

The following example creates a new shell in the canada project, displaying the task id:


13/106


example$ id -puid=565(gh) gid=10(staff) projid=10(default)example$ newtask -v -p canada

QUESTION 17User Frank is a member of two projects. He currently has a process running. He needs to move the process from its current project to the other project.

Which command must Frank use to determine the process’ task ID?

A. projects

B. prtcl

C. id

D. ps


Explanation/Reference:Explanation:The ps command prints information about active processes. Without options, ps prints information about processes associated with the controllingterminal. The output contains only the process ID, terminal identifier, cumulative execution time, and the command name. Otherwise, the informationthat is displayed is controlled by the options.

QUESTION 18Which two statements describe projects and/or tasks?

A. A task is a resource container for one process.

B. Project resource controls are evaluated before task resource controls.

C. Every user belongs to one or more projects.

D. Every task associates a project with a process.

E. A project is optional and not every user must belong to a project.

Correct Answer: CDSection: (none)Explanation

Explanation/Reference:Explanation:C: a user must be assigned to a default project, the processes that the user launches can be associated with any of the projects of which that user is amember.


14/106


D: How to Create a New Task

1.Log in as a member of the destination project, booksite in this example. 2.Create a new task in the booksite project by using the newtask commandwith the -v (verbose) option to obtain the system task ID.machine% newtask -v -p booksiteThe execution of newtask creates a new task in the specified project, and places the user’s default shell in this task.

3.View the current project membership of the invoking process.machine% id -puid=100(mark) gid=1(other) projid=4113(booksite)

The process is now a member of the new project.

Note:* Projects are collections of tasks, which are collections of processes.* Projects and tasks are used to label workloads and separate them from one another.

Incorrect:Not A: The task collects a group of processes into a manageable entity that represents a workload component.

Not E: If no default project is found, the user’s login, or request to start a process, is denied.

QUESTION 19Resource constraints have been placed on a particular project. Which command would you use to view the constraints that have been placed on thatproject?

A. ipcs

B. prctl

C. projects

D. rctladm

E. prstat


Explanation/Reference:Explanation:prctl- get or set the resource controls of running processes, tasks, and projects.

The prctl utility allows the examination and modification of the resource controls associated with an active process, task, or project on the system. Itallows access to the basic and privileged limits and the current usage on the specified entity.


15/106


Incorrect:not A: ipcs provides information on the ipc facilities for which the calling process has read access.not D:rctladm- display or modify global state of system resource controls Not E: prstat - report active process statistics

Note:* In the Oracle Solaris operating system, the concept of a per-process resource limit has been extended to the task and project entities.

QUESTION 20Frank is a member of two projects on you system. He has a process running in a project called project- clock and needs to move it under the other project he belongs to.Which command must Frank use to move the process?

A. setproject

B. newtask

C. projmod

D. prtcl


Explanation/Reference:Explanation:How to Move a Running Process Into a New TaskThis example shows how to associate a running process with a different task and new project. To perform this action, you must either be superuser, or be the owner of the process and be a member of the new project.1. Become superuser or assume an equivalent role2. Obtain the process ID of thebook_catalogprocess.# pgrep book_catalog3. Associate process8100with a new task ID in thebooksiteproject.# newtask -v -p booksite -c 8100The -coption specifies that newtaskoperate on the existing named process.4. Confirm the task to process ID mapping.# pgrep -T 17Incorrect:Not C: projmod does not change the processes of a project.

The projmod utility modifies a project’s definition on the system. projmod changes the definition of the specified project and makes the appropriateproject-related system file and file system changes.


16/106


QUESTION 21You configured a limit of 100 LWPs project. You want to ensure that the LWP limit was not set too low, so you need to monitor the LWPs currently inuse by the project. Which two options could you use to monitor the current LWP resource control and the consumption of resources for this project?

A. prtcl $$

B. configuring syslogd to log messages received from the resource manager daemon

C. ps o taskid pD. prtcl n task.max-lwps $$

E. rctladm l task.max-lwps

F. rctladm e syslog task.max-lwps; when the threshold for the resource is exceeded, a log entry will be generated by syslogd

Correct Answer: DFSection: (none)Explanation

Explanation/Reference:Explanation:D: Example:# prctl -n task.max-lwps $$process: 111107: cshNAME PRIVILEGE VALUE FLAG ACTION RECIPIENTtask.max-lwpsusage 3privileged 3 - deny -system 2.15G max deny

F: The following command activates system logging of all violations of task.max-lwps.# rctladm -e syslog task.max-lwps#

Note: How to Set the Maximum Number of LWPs for Each Task in a Project

This procedure adds a project named x-files to the /etc/project file and sets a maximum number of LWPs for a task created in the project.

1.Become an administrator.2. Use the projadd command with the -K option to create a project called x-files. Set the maximum number of LWPs for each task created in the projectto 3. # projadd -K ’task.max-lwps=(privileged,3,deny)’ x-files

QUESTION 22The following information describes the current dump configuration of your server:


17/106


Assume that the following command lines have been run on a system:

(root) # coreadm g $HOME/var/core/%m.core.%f.%t(non-root) $ coreadm p core.%f.%p

Identify the result of a subsequent process crash.

A. A copy of a core file will appear in /var/core.

B. A copy of a core file will appear in the process’ current working directory.C. The root copy will include the taskid of the process.

D. The nonroot copy will include the day of the process crash.

E. The global format will override the per-process format.

F. The global core dump is disabled, so a core file will not be saved.



Explanation:* -p patternSet the per-process core file name pattern to pattern for each of the specified process-IDs. The pattern can contain any of the special % variables* Variables:%f, executable file name, up to a maximum of MAXCOMLEN characters %p, process-ID

* Example. The core file name pattern:

/var/core/core.%f.%pwould result, for command foo with process-ID 1234, in the core file name: /var/core/core.foo.1234

* Example. Setting the core file name pattern


18/106


When executed from a user’s $HOME/.profile or $HOME/.login, the following command sets the core file name pattern for all processes run during thelogin session:

example$ coreadm -p core.%f.%p $$$$ is the process-id of the currently running shell. The per-process core file name pattern is inherited by all child processes.

Note (see synopsis 2 below).* The coreadm command is used to specify the name and location of core files produced by abnormally-terminating processes.

SYNOPSIScoreadm [-g pattern] [-i pattern] [-d option...] [-e option...] coreadm [-p pattern] [pid...]coreadm u

The first form shown in the synopsis can be executed only by the super-user and is used to configure system-wide core file options, including a globalcore file name pattern and a per-process core file name pattern for the init(1M) process.The second form can be executed by non-privileged users and is used to specify the file name pattern to be used by the operating system whengenerating a per-process core file.

QUESTION 23You are asked to configure your system to save crash dump information. While choosing a directory to save the dump data, you consider protecting aminimum amount of free space. What is the default minimum free space in a crash dump directory?

A. By default, the minimum free space is 10% of the size of the dump volume.

B. By default, no minimum free space is set.

C. By default, the minimum free space is 1 MB.

D. By default, the space is determined by the amount of swap space.

E. By default, the space is determined by the amount of memory installed in the system.


Explanation/Reference:Explanation:Dump Parameter: minimum free spaceMinimum amount of free space required in the savecoredirectory after saving crash dump files. If no minimum free space has been configured, thedefault is one Mbyte.

QUESTION 24You are mentoring a colleague who recently added a local7.notice entry to the /etc/syslog.conf file. After restarting the logging service, your colleaguenotices that no new records are being logged and asks for your help. Included in the file are these entries:


19/106


...(19)*.alert root(20)*.emerg*(21)local7.notice /var/log/Appx.log...

While running the syslogd process in debug mode, you notice the following:

You examine the /var/adm/messages file:Jan 6 00:23:10 so111-server syslogd: line 21: unknown priority name "notice "

What do you identify as the cause of the problem?

A. There is a control or nonprintable character at the end of line 21 in the /etc/syslog.conf file.

B. The application that logs to /var/log/Appx.log does not support the notice priority.

C. There is an extra space in line 21 in the /etc/syslog.conf file.

D. The facility local7 does not support the notice priority.


Explanation/Reference:Explanation:Must only use Tabs, not spaces.It says unknown priority name "notice " (there is a space after the word notice).

QUESTION 25


20/106


Which four configuration elements are managed by the dumpadm utility?

A. he location of the dump device

B. he location of the savecore directory

C. he index number for the next core dump

D. he reserved file system space that a core dump may not use

E. he compression of the crash dump file

F. he size of the dump device

Correct Answer: ABDESection: (none)Explanation

Explanation/Reference:Explanation:dumpadm - configure operating system crash dumpSYNOPSIS/usr/sbin/dumpadm [-nuy] [-c content-type] [-d dump-device] [-m mink | minm | min%] [-s savecore-dir][-r root-dir] [-z on | off]

The options include:

A: -d dump-deviceModify the dump configuration to use the specified dump device.

B: -s savecore-dir

Modify the dump configuration to use the specified directory to save files written by savecore.

D: -m mink | minm | min%

Create a minfree file in the current savecore directory indicating that savecore should maintain at least the specified amount of free space in the filesystem where the savecore directory is located.

E: -z on | off Modify the dump configuration to control the operation of savecore on reboot. The options are on, to enable saving core files in a compressed format,and off, to automatically uncompress the crash dump file. The default is on, because crash dump files can be very large and require less file systemspace if saved in a compressed format.

QUESTION 26What is true about crash dump configuration?


21/106


A. The minfree value can be to protect a percentage of available disk space.

B. The default size of the dump device is configurable.

C. You can use one ZFS volume for both swap and dump.

D. You can set quota on a ZFS dump device.

E. hen set on the dump device, the minfree value sets the total size of the dump device to be a percentage of the total size of the root pool.


Explanation/Reference:Explanation:See % below.

coredump parameter: -m mink | minm | min%Create a minfree file in the current savecore directory indicating that savecore should maintain at least the specified amount of free space in the filesystem where the savecore directory is located. The min argument can be one of the following:

k A positive integer suffixed with the unit k specifying kilobytes.

m A positive integer suffixed with the unit m specifying megabytes.

% A % symbol, indicating that the minfree value should be computed as the specified percentage of the total current size of the file system containing thesavecore directory.

The savecore command will consult the minfree file, if present, prior to writing the dump files. If the size of these files would decrease the amount of freedisk space below the minfree threshold, no dump files are written and an error message is logged. The administrator should immediately clean up thesavecore directory to provide adequate free space, and re-execute the savecore command manually. The administrator can also specify an alternatedirectory on the savecore command-line.

Incorrect:Not C: Separate ZFS volumes must be used for the swap area and dump devices.

QUESTION 27Which two actions permit the system-log service to receive messages from a remote Solaris host?

A. setting the property config/log_from_remote to true and restarting the service

B. setting the property config/log_from_remote to *.noticoand restart the service

C. configuring a selector for remote messages in the /etc/syslog.conf file


22/106


D. ensuring that port 514 is open to remote traffic and doesn’t require a password


Explanation/Reference:Explanation: A: To restart remote logging:svccfg -s system-log setprop config/log_from_remote=true svcadm restart system-log

D: You can run ’snoop’ on the interface to see if you see syslog packets leaving the server snoop udp port 514

QUESTION 28There is a valid SMF manifest located underneath the /var/svc/manifest directory. Which four methods can be used to add it to the services repository?

A. Reboot the system.

B. Restart the early-manifest-import service.

C. Use the svccfg apply command.D. Restart the manifest-import service.

E. Use the svccfg import command.

Correct Answer: ACDESection: (none)Explanation


AD: Manifests from the standard directory trees /lib/svc/manifest and /var/svc/manifest are processed during system boot and anytime an administrator or program runs:

$ svcadm restart manifest-import

C: svccfgapply subcommandIf the argument is a service profile or manifest, apply the configuration to the admin layer of the SMF repository. Services, instances, property groups,and properties will be created as necessary.

E: import [-V] [file | directory]svccfg import on a file in a system-managed filesystem location (subdirectories of /lib/svc/manifest and /var/svc/manifest) invokes: svcadm restartmanifest-import.


23/106


24/106


25/106


dependency require_all/none svc:/milestone/multi-user-server (online) dependency optional_all/none svc:/system/pools:default (disabled) dependencyoptional_all/none svc:/system/pools/dynamic:default (disabled) dependency optional_all/none svc:/system/zones-monitoring (online)

QUESTION 31You are creating a new SMF service named newservice. You perform the following steps:

What is the next step that you must perform to install this service?

A. Enable the service

B. Export the service

C. Import the service.

D. Create a snapshot of the service to be stored in the repository.



Explanation:Refer to step 3 below.

After a typical software installation, there can be a half dozen or more processes that need to be started and stopped during system startup andshutdown. In addition, these processes may depend on each other and may need to be monitored and restarted if they fail. For each process, these arethe logical steps that need to be done to incorporate these as services in SMF:

1.Create a service manifest file.2.Create a methods script file to define the start, stop, and restart methods for the service. 3.Validate and import the service manifest using svccfg(1M).4.Enable or start the service using svcadm(1M).5.Verify the service is running using svcs(1).

QUESTION 32

Changes were made to the application/pkg/server:default service when an administrator made modifications to add a local package repository.Which command should be used to identify the changes that were made to the application/pkg/server:default service?

A. svcs l application/pkg/server:default

B. svcs vx application/pkg/server:default

C. svccfg s application/pkg/server listprop

D. svccfg s application/pkg/server:default listcust L

E. svccfg s application/pkg/server listpg

Correct Answer: D


26/106


Section: (none)Explanation

Explanation/Reference:Explanation:Example:List all configuration changes that have been made in the SMF configuration repository to the name- service/switch service:

# svccfg -s name-service/switch listcust L

QUESTION 33Your company wants to incorporate a legacy script that runs once during the boot cycle as an SMF service. What appropriate setting for the durationattribute in the startd property group for this service?

A. ransient

B. contract

C. wait

D. boot


Explanation/Reference:Explanation:Example:The default service model is contract, but may be modified. For this example, we are going to start the service with svc.startd. As a transient service, itwill be started once and not restarted by adding the following lines to the manifest:

Note:svc.startd provides three models of service, which are* Transient services--These are often configuration services, which require no long-running processes to provide service. Common transient servicestake care of boot-time cleanup or load configuration properties into the kernel. Transient services are also sometimes used to overcome difficulties inconforming to the method requirements for contract or wait services. This is not recommended and should be considered a stopgap measure.

* Contract services--These are the standard system daemons. They require processes which run forever once started to provide service. Death of allprocesses in a contract service is considered a service error, which will cause the service to restart.

* Wait services--These services run for the lifetime of the child process, and are restarted when that process exits.


27/106


QUESTION 34You discovered that the network/ipmp:default is not starting on boot. You listed the service and discovered the name of the log file. You now want toexamine the log file entry created at boot. In which two locations can you find the log file created at startup?

A. /lib/svc/volatile

B. /etc/svc/volatile

C. /var/svc/volatile

D. /var/run

E. /var/tmp

F. /var/svc/log

G. /lib/svc/log

Correct Answer: BFSection: (none)Explanation


QUESTION 35You administer an Oracle Solaris 11 server with multiple zones. You want to configure it so that all nonprivileged users in the global zone see only their own process.What must you do to make the change?

A. Modify the LIMITPRIV variable in the /etc/usr/user_attr file.

B. Modify the basic privilege ser in the /etc/security/policy.conf file.

C. Configure the priv= attribute in the /etc/security/prof_attr.d/core-os file.

D. Configure privileges for the ps command in the /etc/security/exec_attrd/core-os file.


Explanation/Reference:Explanation:* policy.conf policy.conf configuration file for security policy.The policy.conf file provides the security policy configuration for user-level attributes.


28/106


* Example: Modifying Every User’s Basic Privilege SetIn this example, the security administrator of a large Sun Ray installation does not want regular users to view the processes of other Sun Ray users.Therefore, on every system that is configured with Trusted Extensions, the root role removes proc_info from the basic set of privileges. ThePRIV_DEFAULT setting in the /etc/policy.conf file is uncommented and modified as follows:PRIV_DEFAULT=basic,!proc_info

QUESTION 36

Laura is a user and netadm is a role on a Solaris 11 system. You want to allow Laura to generate SSH keys. Which two steps should be taken?

A. Verify that netadm includes the Network Management profile.

B. Verify that laura has permission to access the Network Management profile.

C. Verify that the Network Management profile includes the netadm role.

D. Add a line for the ssh-keygen command to the file auth_attr.d/local-entries.

E. Add a line for the ssh-keygen command to the file exec_attr.d/local-entries.



D: /etc/security/auth_attr is a local source for authorization names and descriptions. An authorization is a right assigned to users that is checked bycertain privileged programs to determine whether users can execute restricted functionality.

QUESTION 37 Assume you are on a system that has a valid use account johnjay Consider the following command-line invocation:rolemod p "Network Administrator,All,Stop" johnjay

What is the result?

A. The user will not acquire profiles allowed in /etc/secutity/policy.conf

B. There is no effect. The user acquires all profiles before the Stop profile is read.

C. The system will return an error.

D. The user gets Network Administrator profile and all profiles listed in the All macro.




29/106


Explanation:

root@solaris:~# useradd johnjayroot@solaris:~# passwd johnjayNew Password:Re-enter new Password:passwd: password successfully changed for johnjayroot@solaris:~# rolemod -p "Network Administrator,All,Stop" johnjayUX: rolemod: ERROR: Users must be modified with’usermod’.root@solaris:~#

QUESTION 38

The output of the ppriv command lists four privilege sets. Which option best describes the Inherited privilege set?

A. It is the privilege set that nonroot users may inherit.

B. It is the privilege set an effective-user process may inherit.

C. It is the privilege set only privilege-aware child processes may inherit.

D. It is the privilege set the current process inherited.


Explanation/Reference:Note:* ppriv- inspect or modify process privilege sets and attributes

QUESTION 39You appended a site-specific Rights Profile to the /etc/security/prof_attr file. Which file will be updated as a result of this operation?

A. /etc/security/prof_attr.d/local-entries

B. /etc/security/prof_attr.d/prof_attr

C. /etc/security/prof_attr.d/core-os

D. /etc/user_attr


Explanation/Reference:Explanation:Example:In Solaris 11 the "grant" authorization is no longer used, rather a set of authentication have been defined for thatpurpose. The authentication strings can be found in /etc/security/prof_attr.d/core-os file. solaris.auth.:RO::Authorizations::help=AuthorizationHeader.htmlsolaris.auth.assign:RO::Assign any authorization::help=AuthAssign.html solaris.auth.delegate:RO::Assign owned


30/106


authorizations::help=AuthDelegate.html solaris.auth.manage:RO::Manage authorizations::help=AuthManage.html

Note: You no longer need to use the visual editor to add your own site specific entries to the Role Based Access Controls framework in Oracle Solaris11. The profile command has been modified to support creation, modification and removal of Rights Profiles

QUESTION 40You created a role. The role should be able to change the configuration of a zone. How will you assign that privilege to the role?

A. Modify the zone using the admin resource, set the user property to the role and the auths property to manage.

B. Assign to the role the zone Management Rights Profile.

C. Assign to the role the solaris.zones.* authorization.

D. Assign to the role the zone Security Rights Profile.



Explanation:The Zone Management profile grants the power to manage all of the non-global zones on the system to a user.

QUESTION 41Yon are using the svc:/network/http:apache22 service to manage your web server. You have noticed that this service starts as the root: user and later changes to a nonprivileged user called webservd. You do not want this service to operate as the root user and any time. Which option correctlydescribes how you could achieve this task?

A. Modify the privileges in the service configuration.

B. Add an authorization to the webservd users’ rights’ profile.

C. Create a webservd role with a modified exec_attr entry.

D. Modify the PHIV_AWARE state of the service configuration.



A service can be configured to run within a limited set of privileges, rather than as the all-powerful root user.

QUESTION 42You created a virtual network of three zones.


31/106


One network hosts a web server. Another hosts an application server used by the web server.The third zone host a video streaming application.

You already configured a flow to prioritize the video traffic over the web server traffic. You now need to continuously monitor the flow.

Which tool must you use to gather the flow data?

A. he system activity reporter (SAR)

B. extended accounting

C. he flowstat command

D. he kstat utility


Explanation/Reference:Explanation:Gathering Statistics About Network Traffic on Flows

Flow statistics help you evaluate packet traffic on any defined flows on the system. To obtain flow information, you use the flowstat command.* Display statistics about incoming and outgoing packets on all flows.

# flowstatThis command provides a static display of traffic information on all configured flows.

Incorrect:Not A: In computing, sar (System Activity Report) is a Solaris-derived system monitor command used to report on various system loads, including CPUactivity, memory/paging, device load, network.

QUESTION 43Your organization uses a fixed base configuration for all Oracle Solaris native brand zones that are created. You want to configure your server so that itwill use your company template when the create command is issued. Identify the preferred way to accomplish this.

A. Change the /etc/zones/SYSblank.xml link to link to your company template and use create b.

B. Set the default_template property in the system/zones service to your company template.

C. Change the /etc/zones/SYSsolaris.xml link to link to your company template.

D. Set the zone_default_template parameter in the /etc/default/zones file.


32/106



Explanation/Reference:Explanation:create uses a default template of SYSdefault. The default template can be changed on a system-wide basis using the default_template SMF property of

the svc:/system/zones:default service.

Note:create [-F] [ -a path |-b | -t template]Create an in-memory configuration for the specified zone. Use create to begin to configure a new zone

QUESTION 44You capped the physical memory for the testzone at 50M. Which option would temporary increase the cap to 100M?

A. rctladm z testzone zone.capped-memory=100M

B. rcapadm z testzone m 100M

C. rcapadm z testzone zone.capped-memory=100M

D. prctl testzone m 100M


Explanation/Reference:Explanation:How to Specify a Temporary Resource Cap for a ZoneThis procedure is use to allocate the maximum amount of memory that can be consumed by a specified zone. This value lasts only until the next reboot.To set a persistent cap, use the zonecfg command.

1. Become superuser, or assume a role that includes the Process Management profile. The System Administrator role includes the ProcessManagement profile.

2. Set a maximum memory value of 512 Mbytes for the zone my-zone.# rcapadm -z testzone -m 512M

QUESTION 45You are about to configure resource controls for a nonglobal zone. You want to first examine settings as well as the system limits for those controls.Which command fetches this information?

A. priocntl


33/106


34/106


Consider the following commands and output on the local server:


35/106


Also, consider the following route table entry on a remote system:192.168.2.0 192.168.1.200 UG 1 1

You must configure a virtual switch to connect over net0 to the remote system. Select two commands that complete the configuration.

A. ipadm set-ifprop p forwarding=on net0

B. ipadn set-prop p forwarding=on vnic2

C. ipacim set-prop p forwarding=on ipv4D. ipadm set-prop p routing=on net0

E. routeadm ue ipv4-forwarding

F. routeadm ue ipv4-routing

Correct Answer: AFSection: (none)Explanation

Explanation/Reference:URL: http://www.oracle.com/technetwork/articles/servers-storage-admin/o11-118-s11-script-zones- 524499.html

QUESTION 47You are tasked to reconfigure zone1 to use virtual interface vnic1 as its network interface. Which two steps must be included?

A. Disable IP Filter and IPsec.

B. Configure the NWAM NCP to Automatic.

C. Change the shared IP zone to an exclusive IP zone.

D. Reboot zone1 so that changes made with zonecfg take effect.

E. From the global zone, set the IP address of vnic1 and configure the default route.

Correct Answer: CD


36/106



Explanation/Reference:Explanation:* How to Reconfigure a Zone to Use a VNIC1. Become an administrator.

2. Create the VNIC.(C) 3. Change the zone’s IP type from shared to exclusive.4.Change the zone’s interface to use a VNIC.5. Verify and commit the changes you have implemented and then exit the zone.(D) 6. Reboot the zone.7. Log in to the zone.8. Configure the VNIC with a valid IP address.

* Example. Reconfiguring a Zone Configuration to Use a VNIC In this example, zone2 already exists as a shared zone. The zone also uses the primaryinterface of the system rather than a virtual link. You need to modify zone2 to use vnic2. To use vnic2, zone2’s IP type must first be changed toexclusive. Note that some of the output is truncated to focus on the relevant information that relates to virtual networks.

global# dladm create-vnic -l net0 vnic2

global# zonecfg -z zone2(C) zonecfg:zone1> set ip-type=exclusivezonecfg:zone1> remove net physical=net0zonecfg:zone1> add netzonecfg:zone1:net> set physical=vnic2zonecfg:zone1:net> endzonecfg:zone1> verifyzonecfg:zone1> commitzonecfg:zone1> exit(D) global# zoneadm -z zone2 reboot

global# zlogin zone2zone2# ipadm create-ip vnic2zone2# ipadm create-addr -a 192.168.3.85/24 vnic2ipadm: vnic2/v4

zone2# exit

global# vi /etc/hosts#1 localhost127.0.0.1 localhost192.168.3.70 loghost #For net0


37/106


192.168.3.80 zone1 #using vnic1192.168.3.85 zone2 #using vnic2

QUESTION 48You need to create a virtual network with two zones, one with a web server and the other with an application server that the web server calls. Youdecide to create a virtual switch and virtual network interface cards (VNICs) for the zones.Select the command that will create the virtual switch.

A. dladm create-etherswitch stub0

B. dladm create-vnic l net1 vnic1

C. dladm create-stub l vnic0 stub0

D. dladm create-vnic l stub0 vnic1

E. dladm create-etherstub vswitchweb1

Correct Answer: ESection: (none)Explanation

Explanation/Reference:Explanation:Create the etherstub.global# dladm create-etherstub etherstub

Create a VNIC over the etherstub.global# dladm create-vnic -l etherstub vnic

Note: Etherstubs / Virtual SwitchesThe Etherstub is craeated as a dummy device to connect the various virtual NICs. User can imagine etherstub as a Virtual Switch to help visualize thevirtual network as a replacement for a physical network where each physical switch is replaced by a virtual switch.

QUESTION 49

Which sequence of commands will create a virtual network interface?


38/106


A. Option AB. Option B

C. Option C

D. Option D



How to Create a Virtual Network InterfaceThis procedure shows how to create a virtual network interface card (VNIC).1. Create a VNIC over a datalink.# dladm create-vnic -l link vniclink is the name of the datalink over which the VNIC is configured.

vnic is the VNIC which you can label with a customized name as well.

2. Create a VNIC IP interface over the link.# ipadm create-ip vnic

3. Configure the VNIC with a valid IP address.


39/106


If you are assigning a static IP address, use the following syntax:

# ipadm create-addr -T static -a address addrobjwhere addrobj uses the naming format interface/user-defined-string, such as e1000g0/v4globalz.

QUESTION 50You are creating a native Oracle Solaris zone that will be called zd1. The zone must have a virtual network interface configured. You use the following

command to create the zone configuration:

# zonecfg z zd1zonecfg:zd1> create

What is the minimum specification required to complete the configuration before the exit command is issued?

A. A zonepath must be set.

B. An anet resource must be added.

C. No other configuration parameters need to be set.

D. Both an anet configuration and a zonepath must be set.


Explanation/Reference:Explanation:* Example:root@solaris:~# zonecfg -z zd1Use ’create’ to begin configuring a new zone.zonecfg:zd1> createcreate: Using system default template ’SYSdefault’zonecfg:zd1> exit

zonepath cannot be empty.Zone zd1 failed to verifyzd1: Required resource missingConfiguration not saved; really quit (y/[n])? nzonecfg:zd1> verifyzonepath cannot be empty.zd1: Required resource missingzonecfg:zd1> set zonepath=/zones/zd1zonecfg:zd1> exit

Note:* anet


40/106


Automatic network interface.The anet resource represents the automatic creation of a network resource for an exclusive-IP zone.

QUESTION 51Which two commands restart the pkg server daemon?

A. pkill -HUP pkg.depotd

B. svcadm restart svc:/application/pkg/server C. pkill -USR1 pkg.depot

D. svcadm refresh svc:/application/pkg/server

E. pkg f ix

Correct Answer: BCSection: (none)Explanation


Use one of the following methods to restart the depot server process:

B: Use svcadm(1M) to restart the application/pkg/server instance.

C: Send a SIGUSR1 signal to the depot server process using kill(1). This executes a "graceful restart" that leaves the process intact but reloads allconfiguration, package, and search data:

# kill -USR1 pid

Note:* The pkd.depotd service is managed by SMF under the service identifier svc:/application/pkg/server.

QUESTION 52

Which three statements describe Solaris 11 boot environments (BEs)?

A. A full backup of your OS image is provided.

B. Packages can be installed and uninstalled in an inactive BE.

C. The OS can be upgraded in an active BE while the system is live without impacting production.

D. A new BE can be created from the snapshot of an existing BE.

E. A BE can become active without rebooting the system.

F. An active BE can be unmounted and upgraded without impacting production.

Correct Answer: ACD


41/106




The beadm utility enables you to create a new boot environment based on an existing snapshot.

Note:* You can manage the boot environments on your system either by using the beadm command or by using the Package Manager.

* A boot environment is a bootable instance of the Oracle Solaris operating system image plus any other application software packages installed intothat image. System administrators can maintain multiple boot environments on their systems, and each boot environment can have different softwareversions installed.

QUESTION 53Consider the following:

root@scolll-server:~# pkg publisher PUBLISHER TYPE STATUS URIsolaris origin online https://pkg.oracle.com/solaris/support/

What does "origin" in the TYPE column say about the package repository?

A. It originates from oracle.com.

B. It contains all of the package metadata.

C. It supports packages for a single publisher.

D. It has been configured as the default publisher.

E. It contains only package content.

Correct Answer: BSection: (none)

Explanation


QUESTION 54Given the following commands and output:


42/106


Which statement summarizes this sequence of commands?

A. The BE solaris in the Global zone is the same BE that is listed in the third command.

B. The BE solaris-1 is activated to boot when the ozone zone is rebooted.

C. The BE solaris-1 was created when the BE solaris-2 was created.

D. The BE ozone2 is a BE of a zone with the zone name ozone2.



Incorrect:Not B: You cannot activate an unbootable BE in a nested BE.Not D: The zone is named ozone (not ozone2).

Note:* beadm supports the concept of a nested BE, specifically, as it pertains to BEs for non-global zones.

* beadm list [-a | -ds] [-H] [beName]Lists information about the existing boot environment named beName, or lists information for all boot environments if beName is not provided. The

Active field indicates whether the boot environment is active now, represented by N; active on reboot, represented by R; or both, represented by NR.Unbootable BEs inside of a nested BE are represented by an exclamation point (!)

QUESTION 55Which two statements are correct regarding IPS repositories?


43/106


A. Remote client access is governed by svc:/application/pkg/server.

B. Every new repository contains the solaris publisher by default.

C. One repository can replicate the contents of another.

D. The pkg.depotd process makes all local repositories remotely available.

E. A repository uses separate protocols for pkg and browser clients.



A: The pkd.depotd service is managed by SMF under the service identifier svc:/application/pkg/server.

D:* Example:Configure pkg.depotd to provide remote access. pkg.depotd provides an HTTP interface to a pkg repo. Here we are going to make the repo server

listen on port 10000, and use the repo dir we created as its default.# svcadm disable pkg/server # svccfg -s pkg/server setprop pkg/inst_root = /data/myrepo # svccfg -s pkg/server setprop pkg/port = 10000# svcadm refresh pkg/server # svcadm enable pkg/server

* pkg.depotd is the depot server for the image packaging system. It provides network access to the data contained within a package repository. Clientsthat do not support direct access to a repository through the file system, or for which network access is the only available or preferred method of transport, typically use the package depot.

QUESTION 56 A server has a nonglobal zone named zoneA. The following boot environments are listed in the global zone.


44/106


Which three statements describe the current state of the system?

A. The BE1 boot environment cannot be activated from the nonglobal zone.

B. The nonglobal zone cannot be booted to solaris-1 BE at this time.

C. The solaris-1 BE cannot be activated from the nonglobal zone.

D. To boot the nonglobal zone to the solaris-1 BE, the global zone must first be booted to the solaris-1 BE.E. The solaris-1 BE has been activated in the nonglobal zone.

F. The nonglobal zone solaris-1 BE is not bootable and must be repaired.

Correct Answer: BCFSection: (none)Explanation

Explanation/Reference:Explanation:C: You cannot activate an unbootable BE in a nested BE.BE solaris-1 is marked with !R.

Unbootable BEs inside of a nested BE are represented by an exclamation point (!)

BF: BE solaris-1 is marked with !R.Unbootable BEs inside of a nested BE are represented by an exclamation point (!)

Incorrect:Not A: BE1 can be activated. It is bootable (not marked with a !) Not D: Different BEs can be used in the two zones.Not E: BE solaris-1 is not marked with an N. The Active field indicates whether the boot environment is active now, represented by N

QUESTION 57Choose two true statements regarding signed IPS packages.

A. A signature takes the form of an action statement in a manifest.B. A package can be signed before adding it to a repository.

C. A package manifest may contain more than one signature.

D. Only one organization can apply signatures to a given package.

Correct Answer: ACSection: (none)Explanation



45/106


A: IPS package manifests can be signed, with the signatures becoming part of the manifest. Signatures are represented as actions just as all other manifest content is represented as actions.

C: A manifest can have multiple independent signatures.

QUESTION 58What does the following command change?

pkg set-publisher G ‘ *’ g http://server1.domain.com solaris

A. It updates all Solaris publishers and deletes the server1.domain.com origin.

B. It deletes all Solaris publishers and adds the server1.domain.com origin.

C. It adds server1.domain.com to the Solaris publisher list.

D. It sets the origin for the Solaris publisher to server1.domain.com.

E. It adds the server1.domain.com repository as an origin for the solaris publisher.

Correct Answer: BSection: (none)

Explanation


QUESTION 59The http://pkg.oracle.com/solaris/release publisher is available on this server. A new repository has been created in the /export/sllReaseRepo filesystem and you want to add the gzip package to this repository. Which is a valid method for adding the gzip package to the /export/sllReleaseReporepository?

A. pkgrecv s http://pkg.oracle.com/solaris/release d /export/sllReleaseRepo gzip

B. pkgrecv s /export/sllReleaseRepo d http://pkg.oracle.com/solaris/release gzip

C. pkgrecv s pkgrecv d /export/sllReleaseRepo gzipD. rsync aP http://pkg.oracle.com/solaris/release d /export/sllReleaseRepo gzip


Explanation/Reference:Explanation:* pkgrecv- Image Packaging System content retrieval utility


46/106


pkgrecv allows the user to retrieve packages from a pkg repository or package archive. pkgrecv can also optionally republish the retrieved packages toa different package repository or archive them.

-s src_repo_uri A URI representing the location of a pkg repository or package archive from which to receive package data.

-d path_or_uri

The file system path or URI of the target to republish packages to. If -a is specified, the target is a new package archive that cannot already exist.Otherwise, the target must be a package repository that already exists. New repositories can be created using pkgrepo(1).

QUESTION 60Consider the following:

What is true concerning this publisher’s Signature Policy?

A. Only packages from this publisher must have at least one valid signature.

B. All manifests from this publisher must have a cryptographic signature.

C. All newly installed packages must have at least one valid signature.D. Signed and unsigned packages from this publisher can be installed.


Explanation/Reference:Explanation:Signature Policy: verifyVerify that all manifests with signatures are validly signed, but do not require all installed packages to be signed.


47/106


48/106


C. Require

D. require-names


Explanation/Reference:Explanation:Signature Policy: verifyVerify that all manifests with signatures are validly signed, but do not require all installed packages to be signed.This is the default value.

QUESTION 63The following command is issued:pkg set-publisher P publisher2

What is the impact on your system?

A. makes the specified publisher stickyB. makes the specified publisher the highest-ranked publisher

C. displays information about the specified publisher

D. moves the specified publisher one step higher in the search order



Set-Publisher

With -P or --search-first, set the specified publisher first in the search order. When installing new packages, this publisher is searched first. Updates toalready installed packages come from the same publisher that originally provided the package as long as that publisher remains sticky. When -P or --search-first is used with -p, only added publishers are placed first in search order.

QUESTION 64You added an update to the system using a support repository updates (SRU) image:

# mkdir /SRU# mount F hsfs /var/tem/sru-name.iso /SRU# pkgrecv s /SRU/repo d /export/IPS/repo ‘*’


49/106


You now want to clear all catalog, search and other cached information from this package repository.Select the command that clears cached data.

A. pkg refresh

B. pkgrepo rebuild

C. pkgrepo refresh

D. pkg.depotd restart


Explanation/Reference:Explanation:pkgrepo rebuild [-p publisher ...] -s repo_uri_or_path [--no-catalog] [--no-index] Discards all catalog, search, and other cached information found in therepository, and then recreates it based on the current contents of the repository.

Incorrect:Not A: pkg refresh [--full] [publisher ...]Updates the client’s list of available packages and publisher metadata for each publisher specified. If no publishers are specified, the operation isperformed for all publishers.

QUESTION 65Your company decides to store its software packages in one repository. The new repository will include five publishers. How can you configure your pkgclients such that each package is updated from the publisher originally used to install it?

A. Configure it such that the preferred publisher has the highest rank.

B. Configure it such that each publisher is added with the --search-first option.

C. Configure it such that the top tanked publisher is sticky.

D. Configure it such that all publishers are sticky.E. Configure it such that the bottom-ranked publisher is sticky.


Explanation/Reference:Explanation:set-publisher --stickyWith --sticky, specify that updates to packages that were installed from this publisher must also come from this publisher. This is the default behavior.


50/106


QUESTION 66Yon are testing the connectivity between an Oracle Solaris 11 system and a local IPS server that has the host name of mercury within the domainpurple.com.The command ping mercury indicates the sever is alive.

The URI http://mercury.purple.com produces the error:

Firefox can’t find the server at mercury.purple.com

Yon enter the command svcprop p config network/dns/client Which two can be verified?

A. he domain name of the local system

B. he name service switch configuration

C. he IP address of the IPS server

D. he IP address of the DNS server

E. he IP address of the local system

F. he host name of the local system


Explanation/Reference:Explanation:Example. Displaying Administratively Customized Properties (here only admin layer is displayed with l)

The following command uses SMF layers to display administratively customized properties.

example% svcprop -p config -l admin svc:/network/dns/client (A) config/domain astring admin my.domain.com(D) config/nameserver net_address admin 10.22.33.44 10.44.33.11

Note:* config/nameserver refers to the Solaris DNS server./ The nameserver keyword specifies DNS servers to query using IP address.Example:The /etc/resolv.conf file contains configuration directives for the DNS resolver. The following resolv.conf example shows two name servers and threesearch suffixes:

domain nj.bigcorporation.comnameserver 192.168.10.11nameserver 192.168.20.88


51/106


* The svcprop utility prints values of properties in the service configuration repository. Properties are selected by -p options and the operands

QUESTION 67You administer an Oracle Solaris 11 server. You created an IPS repository and set the pkg publisher origin. You did not configure the pkg/serviceservice. What type of access have you provided for your now repository?

A. a file interface repository

B. a local host-only repositoryC. a testing-interface repository

D. a pkg.depotd configured interface


Explanation/Reference:Note:You might want a local IPS repository for the following reasons:

Performance and security. You do not want your client systems to go to the Internet to retrieve new software packages or update existing packages.

Replication. You want to ensure that you can perform the same installation next year that you perform today.

Custom packages. You want to include your own IPS package in the same repository with Oracle Solaris OS packages.

QUESTION 68While examining an Oracle Solaris 11 system, you discover an unfamiliar ELF binary in the /usr/bin directory. You want to know which package installedthe binary. Which pkg subcommand should you use to identify the package, based on the absolute path to the binary?

A. pkg info

B. pkg list

C. pkg search

D. pkg contents




52/106


53/106


added, removed, or updated. The current boot environment must not be modified. The backup boot environment must represent the system imagebefore the procedure and the new boot environment must represent the image before the procedure. The image properties on your system are asfollows:

You are instructed to install the top utility.Which two will allow the top package to be installed on the system while adhering to the company policy?

A. pkg property pkg-install=backup-bepkg install top

B. pkg set-property be-policy create-backuppkg install top

C. pkg install --be-name BE2 top

D. pkg set-property be-policy always-newpkg install top

E. pkg set-property create-backup truepkg install top

Correct Answer: CDSection: (none)Explanation


Explanation:By default, a new BE is automatically created when you perform one of the following operations:

* (D) Set the be-policy image policy to always-new. Under this policy, all package operations are performed in a new BE set as active on the next boot.

* Update particular key system packages such as some drivers and other kernel components. This can happen when you install, uninstall, update,change variant, or change facet.* Often a new BE is created when you execute the pkg update command to update all packages that have updates available.

* Specify any of the following options: --be-name, --require-new-be, --backup-be-name, --require- backup-be.


54/106


QUESTION 71You detected a failure of net0 in the IPMP group named ips1. The server hosting the failed NIC supports dynamic reconfiguration. Which statement istrue regarding the replacement of the hardware interface?

A. The NIC must be replaced with an identical physical interface card type.

B. The NIC will be configured after replacement with the dladm command.

C. The devfsadm command will be used to discover the replacement NIC.

D. The replacement NIC must occupy the same bus slot as the original NIC .


Explanation/Reference:Explanation:When an underlying interface of an IPMP group fails, a typical solution would be to replace the failed interface by attaching a new NIC. RCM records theconfiguration information associated with any NIC that is detached from a running system. If you replace a failed NIC with an identical NIC, then RCMautomatically configures the interface according to the persistent configurations that had been previously defined by using the ipadm command.

Incorrect:Not A, not D: You can replace a failed NIC with a different NIC, provided that both are the same type, such as Ethernet. In this case, RCM plumbs thenew interface after it is attached. If you did not use customized link names when you first configured your interfaces, then you will have to configure thenew NIC before you can add the interface to the IPMP group. Not C: devfsadm, devfsadmd- administration command for /dev and /devices

Note:* 1. On the system with the IPMP group configuration, assume the Primary Administrator role or become superuser.2. Display the test address configuration3. Remove the physical interface.4. Replace the physical interface.

QUESTION 72

You want to configure your IPS repository server for high network bandwidth and network availability. Which two technologies are best suited for achieving these goals?

A. naxbw resource control

B. zpool disk aggregation

C. link load balance

D. link aggregation

E. IP multipathing

Correct Answer: DE


55/106



Explanation/Reference:Explanation:DE: Link aggregations provide high availability and higher throughput by aggregating multiple interfaces at the MAC layer. IP Multipathing (IPMP)provides features such as higher availability at the IP layer. Both IPMP and Link Aggregation are based on the grouping of network interfaces, and some

of their features overlap, such as higher availability. These technologies are however implemented at different layers of the stack, and have differentstrengths and weaknesses.

E: The IP network multipathing or IPMP is a facility provided by Solaris to provide fault-tolerance and load spreading for network interface cards (NICs).With IPMP, two or more NICs are dedicated for each network to which the host connects.The IPMP load spreading feature increases the machine’s bandwidth by spreading the outbound load between all the cards in the same IPMP group.

QUESTION 73You administer an Oracle Solaris 11 system that uses a user-defined Network Configuration Profile (NCP). You now need to modify the DNS nameservers. Select the profile type that you will need to modify.

A. Automatic-NCP

B. Location profileC. Network Configuration Unit

D. External Network Modifiers


Explanation/Reference:Explanation:Once basic networking has been achieved, there is something called the Location Profile that loads system-wide network configuration information. Thisincludes:

- Condition under which it is activated- Naming service to use- Domain name- IP Filter rules- IPsec policy

Incorrect:Not A: The Automatic NCP is a system-defined profile and cannot be modified by a user. It contains one Link NCU and one Interface NCU for eachphysical link on the system. For this particular profile, Physical links take precedence over Wireless links when it is time to activate an NCU. This profilechanges dynamically when new links are inserted or removed from the system.


56/106


QUESTION 74What is true regarding an IPMP group?

A. All underlying interfaces are physical Ethernet links.

B. All interfaces connect to the same switch.

C. It does not persist across reboots.

D. Testing for failover can be done using the ipadm delete-ipmp command.


Explanation/Reference:Explanation:To make IPMP groups persists across reboots you would have to do some work:To configure an IPMP group that persists across system reboots, you would edit the hostname configuration file of the IPMP interface to add dataaddresses.

Note: The same (non-null) character string IPMP group name identifies all interfaces in the group. You can place interfaces from NICs of differentspeeds within the same IPMP group, as long as the NICs are of the same type. For example, you can configure the interfaces of 100-megabit EthernetNICs and the interfaces of one gigabit Ethernet NICs in the same group. As another example, suppose you have two 100-megabit Ethernet NICs. Youcan configure one of the interfaces down to 10 megabits and still place the two interfaces into the same IPMP group.

Incorrect:Not A: You cannot place two interfaces of different media types into an IPMP group. For example, you cannot place an ATM interface in the same groupas an Ethernet interface. Not B: An IP multipathing group, or IPMP group, consists of one or more physical interfaces on the same system that areconfigured with the same IPMP group name. All interfaces in the IPMP group must be connected to the same IP link.

QUESTION 75Which statement is true regarding an aggregation?

A. Its member links must all have the same range of operating speeds.

B. It can be called out by its link name or by its integer key.

C. Its LACP mode sets the behavior to active or passive.

D. Its default L2 policy is round-robin.



57/106


58/106


59/106




How to Manually Specify Target Systems for Probe-Based Failure Detection1. Add a route to a particular host to be used as a target in probe-based failure detection. $ route -p add -host destination-IP gateway-IP -static wheredestination-IP and gateway-IP are IPv4 addresses of the host to be used as a target. For example, you would type the following to specify the targetsystem 192.168.10.137, which is on the same subnet as the interfaces in IPMP group itops0:

$ route -p add -host 192.168.10.137 192.168.10.137 -static This new route will be automatically configured every time the system is restarted. If youwant to define only a temporary route to a target system for probe-based failure detection, then do not use the -p option.

2.Add routes to additional hosts on the network to be used as target systems.

QUES

solaris 11 advanced system administrator

Documents