Solaris 11 Advanced System Administrator

Certkiller.1z0-822.140.
QA
Number: 1z0-822
Passing Score: 800
Time Limit: 120 min
File Version: 6.6
Very concise guide that gives you just what you need to know to pass the exam.
I found these practice dumps very complete including everything I needed to pass on my first try.
I appeared in Certification exam and passed it easily using your latest study dump.
Thanks for providing such quality certification material.
It is the lone platform that is imminent. I am so proud of you for being so reputable!
Much Appreciated! Get this Certification dump now.
www.vceplus.com - Website designed to help IT pros advance their careers - Born to learn
Exam A
QUESTION 1
Consider the following commands on a newly installed system:
zfs set compression=on rpool
zfs get H o source compression rpool
What is the output of the second command?
A.
B.
C.
D.
default
local
on
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Explanation:
The zfs get command supports the -H and -o options, which are designed for scripting. You can use the -H option to omit header information and to
replace white space with the Tab character. Uniform white space allows for easily parseable data. You can use the -o option to customize the output in
the following ways:
* The literal name can be used with a comma-separated list of properties as defined in the Introducing ZFS Properties section.
* A comma-separated list of literal fields, name, value, property, and source, to be output followed by a space and an argument, which is a commaseparated list of properties.
The following example shows how to retrieve a single value by using the -H and -o options of zfs get:
# zfs get -H -o value compression tank/home
on
QUESTION 2
You want to create a ZFS file system with the following specifications:
lzjb compression enabled
Cannot consume more than 2 GB from the storage pool
Redundant data at the block level eliminated
Mounted as /data
Which command creates the desired file system?

A.
B.
C.
D.
E.
zfs create o mountpoint=/data,compression=on,algorithm=lzjb,deduplication=on,quota=2g /pool1/data

zfs create o mountpoint=/data compression=on algorithm=lzjb deduplication=on quota=2g /pool1/data
zfs create o mountpoint=/data o compression=on o dedup=on o quota=2g /pool1/data
zfs create o mountpoint=/data o compression=on o algorithm=lzjb o deduplication=on o quota=2g /pool1/data
zfs create pool/data zfs set mountpoint=/data,quota=2g, dedup=on,compression=on /pool1/data
Correct Answer: C
Section: (none)
Explanation
Explanation:
Not on compression setting:
compression=on | off | lzjb | gzip | gzip-N
Controls the compression algorithm used for this dataset. The "lzjb" compression algorithm is optimized for performance while providing decent data
compression. Setting compression to "on" uses the "lzjb" compression algorithm.
Incorrect:
Not A, Not E: Should not use commas like this.
Not B, Not D: There is no property algorithm named to this command. To specify the use of the lzjb compression command we must use
compression=lzjb.
QUESTION 3
Which two zpool subcommands will permanently remove a submirror from active storage pool?
A.
B.
C.
D.
E.
F.
G.
remove
detach
destroy
offline
replace
split
zpool does not permit this operation on an active storage pool unless the submirror faults.
Correct Answer: AB
Section: (none)
Explanation
Explanation:
zpool detach pool device
Detaches device from a mirror. The operation is refused if there are no other valid replicas of the data.
QUESTION 4
You have a ZFS pool that contains a hierarchy of data file systems. You create snapshots of the file systems and you created a clone (dpool/export/CID)
of the dpool/export/home/CID file systems. The file systems are as follows:
Now you remove a file from the cloned file system:

root@sll-server1:~# rm /export/CID/core.bash.8070
How will space usage be changed for dpool/export/CID?
A.
B.
C.
D.
The USED value will increase and the REFER value will decrease; the AVAIL value will be unchanged.
The USED value will decrease and the REFER value will increase; the AVAIL value will increase.
The USED value will decrease, the REFER value will decrease; the AVAIL value will increase.
USED, REFER and the AVAIL value will be unchanged.
Correct Answer: A
Section: (none)
Explanation
QUESTION 5
To reduce the use at storage space on your server, you want to eliminate duplicate copies of data in your server's ZFS file systems. How do you specify
that pool1/data should not contain duplicate data blocks on write operations?
A. zfs create o compression=on pool1/data
B. zpool create o deduplication=on pool1 ; zfs create pool1/data
C. zpool create o dedupratio=on pool1 ; zfs create pool1/data
D. zfs create o dedupratio=2 pool1/data

E. zfs create o dedup=on pool1/data
Correct Answer: E
Section: (none)
Explanation
Explanation:
To c reate a file system with deduplication:
root@solaris:~# zfs create -o dedup=on
Note: If you have a storage pool named 'tank' and you want to use dedup, just type this:
zfs set dedup=on tank
QUESTION 6
Which option lists default checkpoints for building an image using the Distribution Constructor?
A.
B.
C.
D.
manifest-valid and ba-init

ba-arch and grub-setup
transfer-ips-install and pre-pkg-img-mod
pkg-img mod and create-usb
Correct Answer: C
Section: (none)
Explanation
Explanation:
The following list provides a brief description of each default checkpoint in the order the checkpoints are executed in most manifests.
transfer-ips-install At this checkpoint, the distribution constructor contacts the IPS publishers and adds to the image the packages that are listed in the
software_data element of the manifest.
set-ips-attributes At this checkpoint, the constructor sets the publisher to be used by the installed system. The values set by this checkpoint are not
relevant if you are building an automated installation image.
pre-pkg-img-mod At this checkpoint, the constructor imports into the image the SMF service files that were specified in the configuration element of the
manifest. Also, the constructor modifies some files to optimize the image.
QUESTION 7
Which two statements describe the capabilities of the Distribution Constructor?
A.
B.
C.
D.
E.
ISO images for use with the Automated Installer (AI) can be created.
Bootable USB images can be created for SPARC and x86 architectures.
A single installation server can be used to create ISO images, for SPARC and x86 architectures.
Checkpoints are used to pause the build, thereby allowing the running of a script to modify the resulting ISO image.
A single installation server can be used to create ISO images for Solaris 10 and Solaris 11.0 operating systems.
Correct Answer: AD
Section: (none)
Explanation
Explanation:
A: Oracle Solaris Image Types include:
x86 or SPARC ISO Image for Automated Installations The Oracle Solaris release includes the automated installer tool. The automated installer (AI) is
used to automate the installation of the Oracle Solaris OS on one or more SPARC and x86 systems over a network.
D:
* You can also create custom scripts to modify your installation image. Then, you can add checkpoints to the manifest file to run these custom scripts.
* You can use the options provided in the distro_const command to stop and restart the build process at various stages in the image-generation
process, in order to check and debug the image that is being built. This process of stopping and restarting during the build process is called
checkpointing. Checkpointing is optional. Default checkpoints are specified in each manifest file.
Incorrect:
Not B: Only for x86, not for SPARCOracle Solaris x86 LiveCD You can create an x86 ISO image that is comparable to the LiveCD image that's distributed as an Oracle Solaris release.
You can also modify the content of this ISO image by adding or removing packages. You can revise the default settings for the resulting booted
environment to create a custom ISO image or USB image.
Note: The distribution constructor creates images based on settings specified in XML files, called manifest files. The manifest files contain specifications
for the contents and parameters for the ISO images that you create using the distribution constructor. The distribution-constructor package provides
sample manifests that can be used to create a custom x86 Live Media ISO, an x86 or SPARC Automated Install ISO image, or an x86 or SPARC text
installation ISO image.
The elements in each manifest file provide preset, default values that will create the type of ISO image you need. You can manually edit these preset
elements in a manifest file to customize the resulting image. In addition, you can create custom scripts to further modify your image. Then, reference the
new scripts in the manifest file.
QUESTION 8
Your colleague is administering the company's Automated Install server and is using a custom manifest. You now plan to replace the default AI manifest
with the custom manifest. Which installadm subcommand must you use to replace the default AI manifest?
A.
B.
C.
D.
E.
F.
update-service
update-manifest
set-service
create-manifest
create-service
set-manifest
Correct Answer: B
Section: (none)
Explanation
Explanation:
Explain:
If you want to change the content of a manifest or script that has already been added to an install service, use the installadm update-manifest
command. Criteria, default status, and manifest_or_script_name are not changed as a result of the update.
# installadm update-manifest -n s11-x86
-f ./newregion1.xml -m region1
The create-manifest and update-manifest subcommands validate XML manifest files before adding them to the install service. AI syntactically validates
the AI manifests at client installation time. Note - If an invalid manifest is provided to a client, the automated installation aborts. To investigate the cause
of the validation failure, see the /system/volatile/install_log on the client.
QUESTION 9
You are using AI to install a now operating system. You add the following information to the AI manifest:
<configuration type="zone" name="dbzone source="http://sysA.example.com/zone_cfg/zone.cfg"/>
Which statement is true regarding the zone.cfg file?
A.
B.
C.
D.
E.
It is a text file in a zonecfg configuration format.

It is an AI manifest that specifies how the zone is to be installed.
It is an XML file in a form suitable for use as a command script file for the zonecfg command.
It is an profile with keywords that are specific for configuring a zone as part of the installation
It is an XML file that specifies the zonename, zonepath, and other zonecfg parameters.
Correct Answer: A
Section: (none)
Explanation
QUESTION 10
You are the administrator of on Oracle Solaris 11 AI server. You added a client. Then you created a custom manifest, custom criteria, and a custom
profile for the client.
You made an error in the package path within the custom manifest.
When will the error appear?
A.
B.
C.
D.
when the manifest is checked during client preinstall

when the manifest is used during client install
when the manifest is updated on the AI server
when the manifest is added to the AI server
Correct Answer: D
Section: (none)
Explanation
Note:
* The default AI manifest must work for any client that does not match a custom manifest, for any service based on this image.
QUESTION 11
You plan to use the Automated Installer (AI) to install a nonglobal zone named zone1. You created custom manifest for the nonglobal zone and named it
zone1manifest. Which command must you use to add this custom manifest to the s11-sparc install service and associate this custom manifest with the
nonglobal zone?
A.
B.
C.
D.
installadm create-profile n s11-sparc f /term/zone1manifest.xml c zonename="zone1"

installadm create-manifest n s11-sparc f /term/zone1manifest.xml m zone1manifest c zonename="zone1"
installadm create-client n s11-sparc f /term/zone1manifest.xml m zone1manifest c zonename="zone1"
installadm create-server n s11-sparc f /term/zone1manifest.xml m zone1manifest c zonename="zone1"
Correct Answer: B
Section: (none)
Explanation
Explanation:
Install services are created with a default AI manifest, but customized manifests or derived manifests scripts (hereafter called "scripts") can be added to
an install service by using the create-manifest subcommand.
* Example:
Add the new AI manifest to the appropriate AI install service, specifying criteria that define which clients should use these installation instructions.
# installadm create-manifest -n s11-x86 -f ./mem1.xml -m mem1 \ -c mem="2048-unbounded"
* Syntax
installadm create-manifest -n|--service svcname
-f|--file manifest_or_script_filename
[-m|--manifest manifest_name]
[-c|--criteria criteria=value|list|range... |
-C|--criteria-file criteriafile]
[-d|--default]
QUESTION 12
You are using the distribution constructor to build a custom text installer. You copied and modified the default test installer XML file and issued the
following command to build image:
# /usr/bin/distro_const build v /usr/share/distro_const/new-dc_ai_x86.xml
How will the checkpoints in the distribution constructor be used by this command?
A.
B.
C.
D.
The distribution constructor will create a snapshot of the data directory at a checkpoint and report errors the log file until completed.
The distribution constructor will stop at each checkpoint until you issue a distro_const restart command.
The distribution constructor will not use checkpoints without the correct CLI option added to the command.
The distribution constructor will stop at a checkpoint only if an error is encountered during the image build.
Correct Answer: C
Section: (none)
Explanation
Explanation:
Only verbose mode is selected (-v) not checkpoints options.
* You can use the options provided in the distro_const command to stop and restart the build process at various stages in the image-generation process
in order to check and debug the image that is being built. This process of stopping and restarting during the build process is called checkpointing.
Checkpointing is optional.
Note:
* You can use the options provided in the distro_const command to stop and restart the build process at various stages in the image-generation
process, in order to check and debug your selection of files, packages, and scripts for the image that is being built. This process uses the checkpointing
options that are available in the distro_const command.
* distro_const Command Options

/ distro_const build manifest
Builds an image in one step using specified manifest file / distro_const build -v
Verbose mode
/ distro_const build -l manifest
Lists all valid checkpoints at which you can pause and resume building an image / distro_const build -p checkpoint_name manifest
Pauses building an image at a specified checkpoint
/ distro_const build -r checkpoint_name manifest
Resumes building an image from a specified checkpoint
/ distro_const build -h
Displays help for the command
* After you have set up the manifest file that you plan to use and, if desired, customized the finalizer scripts, you are ready to build an image by running
the distro_const command.
You can use the distro_const command to build an image in either of the following:
In one step
Pausing and restarting the build as needed to examine the content of the image and debug the scripts during the build process
QUESTION 13
Your company's security policy prohibits access to the Internet. You already installed an instance of Oracle Solaris 11 on an M-series server for base
testing. You used the text install media to install the system. You also installed a package repository on the same system. There are 10 M-series
servers that have just been installed on the local network. Can you immediately install an AI server on your testing machine order to install Oracle
Solaris 11 on these 10 servers?
A.
B.
C.
D.
E.
F.
G.
Yes, by using the existing Solaris 10 Jumpstart server.

Yes, by using the text install media for the AI software.
Yes, by using the Installed package repository.
No, you must download the AI .iso image from Oracle first.
No, the Solaris large-server group must be installed because it contains the AI setup tools.
No, the Solaris 11 full n repository must be installed on the AI server.
No, you must have a prebuilt image that was created by the distribution constructor.
Correct Answer: D
Section: (none)
Explanation
QUESTION 14
You have set resource controls on a project. Now you want to set up syslog to monitor a particular resource control and log a message whenever the
resource control is exceeded. Which option would you choose to activate logging on the global resource control facility to establish a syslog action on a
resource control?
A.
B.
C.
D.
E.
Use the rctladm command to enable the global syslog attribute of a resource control.
Use the prctl command to enable the global syslog attribute of resource control.
Use the ipcs command to enable the global syslog attribute of a resource control.
Use the setrctl command to enable the global syslog attribute of a resource control.
By default, global logging of resource control violations is already enabled. Make an entry in the syslog.conf file and refresh the system-log service.
Correct Answer: A
Section: (none)
Explanation
Explanation:
Global Monitoring of Resource Control Events
Often, the resource consumption of processes is unknown. To get more information, try using the global resource control actions that are available with
the rctladm command. Use rctladm to establish a syslog action on a resource control. Then, if any entity managed by that resource control encounters a
threshold value, a system message is logged at the configured logging level.
QUESTION 15
Consider the following command:
zonestat q r physical-memory R high z dbzone p P "zones" 10 24h 60m
What data will this command report?
A.
B.
C.
D.
E.
The dbzone's physical memory usage every hour for a day, displaying the 10 higher usage intervals for each hour.
All the dbzone's resource usage, excluding physical memory, 10 times an hour for a day.
The dbzone's CPU, virtual memory, and networking utilization every hour for a day, displaying top 10 usage intervals.
The dbzone's memory and CPU utilization every 10 seconds for a day, displaying peak usage each hour.
The dbzone's physical memory usage every 10 seconds for a day. displaying peak usage each hour.
Correct Answer: A
Section: (none)
Explanation
Explanation:
* Example 1:
* man zonestat -q Quiet mode. Only print summary reports (requires the -R option). All interval reports are omitted. -r resource[,resource] Specify
resource types on which to report. The available resources are: physical-memory, virtual-memory, locked- memory, processor- set, processes, lwps,
shm-memory, shm-ids, sem-ids, msg-ids, lofi, and network. summary A summary of cpu, physical-memory, virtual memory, and network usage.
* Example 2 :
The following command monitors silently at a 10 second interval for 24 hours, producing a total and high report every 1 hour:
# zonestat -q -R total,high 10s 24h 1h
QUESTION 16
Consider the following command and output:
user$ newtask v p canada
Identify the output.
A.
B.
C.
D.
the task ID for the project canada

the project ID for the project canada
the task ID for the shell
the task ID for all jobs already running in the shell
Correct Answer: C
Section: (none)
Explanation
Explanation:
Example 1: Creating a New Shell
The following example creates a new shell in the canada project, displaying the task id:
example$ id -p
uid=565(gh) gid=10(staff) projid=10(default)
example$ newtask -v -p canada
QUESTION 17
User Frank is a member of two projects. He currently has a process running. He needs to move the process from its current project to the other project.
Which command must Frank use to determine the process' task ID?
A.
B.
C.
D.
projects
prtcl
id
ps
Correct Answer: D
Section: (none)
Explanation
Explanation:
The ps command prints information about active processes. Without options, ps prints information about processes associated with the controlling
terminal. The output contains only the process ID, terminal identifier, cumulative execution time, and the command name. Otherwise, the information
that is displayed is controlled by the options.
QUESTION 18
Which two statements describe projects and/or tasks?
A.
B.
C.
D.
E.
A task is a resource container for one process.

Project resource controls are evaluated before task resource controls.
Every user belongs to one or more projects.
Every task associates a project with a process.
A project is optional and not every user must belong to a project.
Correct Answer: CD
Section: (none)
Explanation
Explanation:
C: a user must be assigned to a default project, the processes that the user launches can be associated with any of the projects of which that user is a
member.
D: How to Create a New Task

1.Log in as a member of the destination project, booksite in this example. 2.Create a new task in the booksite project by using the newtask command
with the -v (verbose) option to obtain the system task ID.
machine% newtask -v -p booksite
The execution of newtask creates a new task in the specified project, and places the user's default shell in this task.
3.View the current project membership of the invoking process.
machine% id -p
uid=100(mark) gid=1(other) projid=4113(booksite)
The process is now a member of the new project.
Note:
* Projects are collections of tasks, which are collections of processes.
* Projects and tasks are used to label workloads and separate them from one another.
Incorrect:
Not A: The task collects a group of processes into a manageable entity that represents a workload component.
Not E: If no default project is found, the user's login, or request to start a process, is denied.
QUESTION 19
Resource constraints have been placed on a particular project. Which command would you use to view the constraints that have been placed on that
project?
A.
B.
C.
D.
E.
ipcs
prctl
projects
rctladm
prstat
Correct Answer: B
Section: (none)
Explanation
Explanation:
prctl
- get or set the resource controls of running processes, tasks, and projects.
The prctl utility allows the examination and modification of the resource controls associated with an active process, task, or project on the system. It
allows access to the basic and privileged limits and the current usage on the specified entity.
Incorrect:
not A: ipcs provides information on the ipc facilities for which the calling process has read access.
not D:
rctladm
- display or modify global state of system resource controls Not E: prstat - report active process statistics
Note:
* In the Oracle Solaris operating system, the concept of a per-process resource limit has been extended to the task and project entities.
QUESTION 20
Frank is a member of two projects on you system. He has a process running in a project called project- clock and needs to move it under the other
project he belongs to.
Which command must Frank use to move the process?
A.
B.
C.
D.
setproject
newtask
projmod
prtcl
Correct Answer: B
Section: (none)
Explanation
Explanation:
How to Move a Running Process Into a New Task
This example shows how to associate a running process with a different task and new project. To perform this action, you must either be superuser, or
be the owner of the process and be a member of the new project.
1. Become superuser or assume an equivalent role
2. Obtain the process ID of thebook_catalogprocess.
# pgrep book_catalog
3. Associate process8100with a new task ID in thebooksiteproject.
# newtask -v -p booksite -c 8100
The -coption specifies that newtaskoperate on the existing named process.
4. Confirm the task to process ID mapping.
# pgrep -T 17
Incorrect:
Not C: projmod does not change the processes of a project.
The projmod utility modifies a project's definition on the system. projmod changes the definition of the specified project and makes the appropriate
project-related system file and file system changes.
QUESTION 21
You configured a limit of 100 LWPs project. You want to ensure that the LWP limit was not set too low, so you need to monitor the LWPs currently in
use by the project. Which two options could you use to monitor the current LWP resource control and the consumption of resources for this project?
A.
B.
C.
D.
E.
F.
prtcl $$
configuring syslogd to log messages received from the resource manager daemon
ps o taskid p
prtcl n task.max-lwps $$
rctladm l task.max-lwps
rctladm e syslog task.max-lwps; when the threshold for the resource is exceeded, a log entry will be generated by syslogd
Correct Answer: DF
Section: (none)
Explanation
Explanation:
D: Example:
# prctl -n task.max-lwps $$
process: 111107: csh
NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT
task.max-lwps
usage 3
privileged 3 - deny system 2.15G max deny
F: The following command activates system logging of all violations of task.max-lwps.
# rctladm -e syslog task.max-lwps
#
Note: How to Set the Maximum Number of LWPs for Each Task in a Project
This procedure adds a project named x-files to the /etc/project file and sets a maximum number of LWPs for a task created in the project.
1.Become an administrator.
2. Use the projadd command with the -K option to create a project called x-files. Set the maximum number of LWPs for each task created in the project
to 3. # projadd -K 'task.max-lwps=(privileged,3,deny)' x-files
QUESTION 22
The following information describes the current dump configuration of your server:
Assume that the following command lines have been run on a system:
(root) # coreadm g $HOME/var/core/%m.core.%f.%t
(non-root) $ coreadm p core.%f.%p
Identify the result of a subsequent process crash.
A.
B.
C.
D.
E.
F.
A copy of a core file will appear in /var/core.

A copy of a core file will appear in the process' current working directory.
The root copy will include the taskid of the process.
The nonroot copy will include the day of the process crash.
The global format will override the per-process format.
The global core dump is disabled, so a core file will not be saved.
Correct Answer: B
Section: (none)
Explanation
Explanation:
* -p pattern
Set the per-process core file name pattern to pattern for each of the specified process-IDs. The pattern can contain any of the special % variables
* Variables:
%f, executable file name, up to a maximum of MAXCOMLEN characters %p, process-ID
* Example. The core file name pattern:
/var/core/core.%f.%p
would result, for command foo with process-ID 1234, in the core file name: /var/core/core.foo.1234
* Example. Setting the core file name pattern
When executed from a user's $HOME/.profile or $HOME/.login, the following command sets the core file name pattern for all processes run during the
login session:
example$ coreadm -p core.%f.%p $$
$$ is the process-id of the currently running shell. The per-process core file name pattern is inherited by all child processes.
Note (see synopsis 2 below).
* The coreadm command is used to specify the name and location of core files produced by abnormally-terminating processes.
SYNOPSIS
coreadm [-g pattern] [-i pattern] [-d option...] [-e option...] coreadm [-p pattern] [pid...]
coreadm u
The first form shown in the synopsis can be executed only by the super-user and is used to configure system-wide core file options, including a global
core file name pattern and a per-process core file name pattern for the init(1M) process.
The second form can be executed by non-privileged users and is used to specify the file name pattern to be used by the operating system when
generating a per-process core file.
QUESTION 23
You are asked to configure your system to save crash dump information. While choosing a directory to save the dump data, you consider protecting a
minimum amount of free space. What is the default minimum free space in a crash dump directory?
A.
B.
C.
D.
E.
By default, the minimum free space is 10% of the size of the dump volume.
By default, no minimum free space is set.
By default, the minimum free space is 1 MB.
By default, the space is determined by the amount of swap space.
By default, the space is determined by the amount of memory installed in the system.
Correct Answer: C
Section: (none)
Explanation
Explanation:
Dump Parameter: minimum free space
Minimum amount of free space required in the savecoredirectory after saving crash dump files. If no minimum free space has been configured, the
default is one Mbyte.
QUESTION 24
You are mentoring a colleague who recently added a local7.notice entry to the /etc/syslog.conf file. After restarting the logging service, your colleague
notices that no new records are being logged and asks for your help. Included in the file are these entries:
...
(19)*.alert root
(20)*.emerg*
(21)local7.notice /var/log/Appx.log
...
While running the syslogd process in debug mode, you notice the following:
You examine the /var/adm/messages file:

Jan 6 00:23:10 so111-server syslogd: line 21: unknown priority name "notice "
What do you identify as the cause of the problem?
A.
B.
C.
D.
There is a control or nonprintable character at the end of line 21 in the /etc/syslog.conf file.
The application that logs to /var/log/Appx.log does not support the notice priority.
There is an extra space in line 21 in the /etc/syslog.conf file.
The facility local7 does not support the notice priority.
Correct Answer: C
Section: (none)
Explanation
Explanation:
Must only use Tabs, not spaces.
It says unknown priority name "notice " (there is a space after the word notice).
QUESTION 25
Which four configuration elements are managed by the dumpadm utility?

A.
B.
C.
D.
E.
F.
the location of the dump device

the location of the savecore directory
the index number for the next core dump
the reserved file system space that a core dump may not use
the compression of the crash dump file
the size of the dump device
Correct Answer: ABDE

Section: (none)
Explanation
Explanation:
dumpadm - configure operating system crash dump
SYNOPSIS
/usr/sbin/dumpadm [-nuy] [-c content-type] [-d dump-device] [-m mink | minm | min%] [-s savecore-dir]
[-r root-dir] [-z on | off]
The options include:
A: -d dump-device
Modify the dump configuration to use the specified dump device.
B: -s savecore-dir
Modify the dump configuration to use the specified directory to save files written by savecore.
D: -m mink | minm | min%
Create a minfree file in the current savecore directory indicating that savecore should maintain at least the specified amount of free space in the file
system where the savecore directory is located.
E: -z on | off
Modify the dump configuration to control the operation of savecore on reboot. The options are on, to enable saving core files in a compressed format,
and off, to automatically uncompress the crash dump file. The default is on, because crash dump files can be very large and require less file system
space if saved in a compressed format.
QUESTION 26
What is true about crash dump configuration?
A.
B.
C.
D.
E.
The minfree value can be to protect a percentage of available disk space.

The default size of the dump device is configurable.
You can use one ZFS volume for both swap and dump.
You can set quota on a ZFS dump device.
When set on the dump device, the minfree value sets the total size of the dump device to be a percentage of the total size of the root pool.
Correct Answer: A
Section: (none)
Explanation
Explanation:
See % below.
coredump parameter: -m mink | minm | min%
Create a minfree file in the current savecore directory indicating that savecore should maintain at least the specified amount of free space in the file
system where the savecore directory is located. The min argument can be one of the following:
k
A positive integer suffixed with the unit k specifying kilobytes.
m
A positive integer suffixed with the unit m specifying megabytes.
%
A % symbol, indicating that the minfree value should be computed as the specified percentage of the total current size of the file system containing the
savecore directory.
The savecore command will consult the minfree file, if present, prior to writing the dump files. If the size of these files would decrease the amount of free
disk space below the minfree threshold, no dump files are written and an error message is logged. The administrator should immediately clean up the
savecore directory to provide adequate free space, and re-execute the savecore command manually. The administrator can also specify an alternate
directory on the savecore command-line.
Incorrect:
Not C: Separate ZFS volumes must be used for the swap area and dump devices.
QUESTION 27
Which two actions permit the system-log service to receive messages from a remote Solaris host?
A. setting the property config/log_from_remote to true and restarting the service
B. setting the property config/log_from_remote to *.noticoand restart the service
C. configuring a selector for remote messages in the /etc/syslog.conf file
D. ensuring that port 514 is open to remote traffic and doesn't require a password
Correct Answer: AD
Section: (none)
Explanation
Explanation:
A: To restart remote logging:
svccfg -s system-log setprop config/log_from_remote=true svcadm restart system-log
D: You can run 'snoop' on the interface to see if you see syslog packets leaving the server snoop udp port 514
QUESTION 28
There is a valid SMF manifest located underneath the /var/svc/manifest directory. Which four methods can be used to add it to the services repository?
A.
B.
C.
D.
E.
Reboot the system.

Restart the early-manifest-import service.
Use the svccfg apply command.
Restart the manifest-import service.
Use the svccfg import command.
Correct Answer: ACDE

Section: (none)
Explanation
Explanation:
AD: Manifests from the standard directory trees /lib/svc/manifest and /var/svc/manifest are processed during system boot and anytime an administrator
or program runs:
$ svcadm restart manifest-import
C: svccfg
apply subcommand
If the argument is a service profile or manifest, apply the configuration to the admin layer of the SMF repository. Services, instances, property groups,
and properties will be created as necessary.
E: import [-V] [file | directory]
svccfg import on a file in a system-managed filesystem location (subdirectories of /lib/svc/manifest and /var/svc/manifest) invokes: svcadm restart
manifest-import.
Placing your manifests in a system-managed location and invoking svcadm restart manifest-import to import them is the recommended practice.
svccfg import on files in other locations imports their properties as administrative customization into the admin layer. It is equivalent to:
svccfg apply [file | directory]
Incorrect:
not B: Manifests are processed in two different phases during boot.
The service svc:/system/early-manifest-import:default, a pseudo service, is responsible for the first manifest processing. This service processes only
manifests from the /lib/svc/manifest directory tree before svc.startd(1M) initializes any services thus enabling services delivered in /lib/svc/manifest to
always start with their most updated definition. Since this is a pseudo service, svcadm(1M) commands are ignored though svcs(1) can be used to
observe status and get log file information.
The svc:/system/manifest-import:default service handles the second manifest processing and imports manifest files from both /lib/svc/manifest and /var/
svc/manifest directory trees, in that respective order.
QUESTION 29
What is the purpose of the Service Management Facility (SMF) profiles?
A.
B.
C.
D.
an XML file that describes current services and the instances

allows the customization of services and instances
stores configuration information about each service instance
used to start and stop processes or services
Correct Answer: B
Section: (none)
Explanation
Explanation:
Profiles are, in many ways, similar to manifests in that they use the same XML DTD. However, instead of providing information about a service, its
dependencies, and methods, a profile is used to provide customization of a service or an instance of a service. Customizations include whether an
instance of a service should be enabled or disabled and any modifications to service configuration properties.
Incorrect:
Not A: Manifests (not profiles) are used to describe services and instances of a service, including any property groups and properties they might have.
QUESTION 30
Identify two acceptable values for a <dependent> element in a service manifest.
A. require_all
B. optional_all
C. optional_any
D. restart_on
E. none
Correct Answer: AB
Section: (none)
Explanation
Explanation:
Service Dependency. This element identifies a group of FMRIs upon which the service is in some sense dependent.
ATTRIBUTE: Grouping:
Possible values:
'require_all',
'require_any',
'exclude_all',
`optional_all'
Note:
* Example 1:
<dependency
name='network'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/milestone/network:default' /> </dependency>
* In this example, let's choose the svc:/system/zones:default service instance. We can use the -l option and the service name to get more information,
as shown in Listing 3.
# svcs -l svc:/system/zones:default
fmri svc:/system/zones:default
name Zones autoboot and graceful shutdown
enabled true
state online
next_state none
state_time June 14, 2012 08:30:31 PM NZST
logfile /var/svc/log/system-zones:default.log
restarter svc:/system/svc/restarter:default
manifest /etc/svc/profile/generic.xml
manifest /lib/svc/manifest/system/zones.xml
manifest /lib/svc/manifest/system/zonestat.xml
dependency require_all/none svc:/milestone/multi-user-server (online) dependency optional_all/none svc:/system/pools:default (disabled) dependency

optional_all/none svc:/system/pools/dynamic:default (disabled) dependency optional_all/none svc:/system/zones-monitoring (online)
QUESTION 31
You are creating a new SMF service named newservice. You perform the following steps:
What is the next step that you must perform to install this service?
A.
B.
C.
D.
Enable the service

Export the service
Import the service.
Create a snapshot of the service to be stored in the repository.
Correct Answer: C
Section: (none)
Explanation
Explanation:
Refer to step 3 below.
After a typical software installation, there can be a half dozen or more processes that need to be started and stopped during system startup and
shutdown. In addition, these processes may depend on each other and may need to be monitored and restarted if they fail. For each process, these are
the logical steps that need to be done to incorporate these as services in SMF:
1.Create a service manifest file.
2.Create a methods script file to define the start, stop, and restart methods for the service. 3.Validate and import the service manifest using svccfg(1M).
4.Enable or start the service using svcadm(1M).
5.Verify the service is running using svcs(1).
QUESTION 32
Changes were made to the application/pkg/server:default service when an administrator made modifications to add a local package repository.
Which command should be used to identify the changes that were made to the application/pkg/server:default service?
A.
B.
C.
D.
E.
svcs l application/pkg/server:default
svcs vx application/pkg/server:default
svccfg s application/pkg/server listprop
svccfg s application/pkg/server:default listcust L
svccfg s application/pkg/server listpg
Correct Answer: D
Section: (none)
Explanation
Explanation:
Example:
List all configuration changes that have been made in the SMF configuration repository to the name- service/switch service:
# svccfg -s name-service/switch listcust L
QUESTION 33
Your company wants to incorporate a legacy script that runs once during the boot cycle as an SMF service. What appropriate setting for the duration
attribute in the startd property group for this service?
A.
B.
C.
D.
transient
contract
wait
boot
Correct Answer: A
Section: (none)
Explanation
Explanation:
Example:
The default service model is contract, but may be modified. For this example, we are going to start the service with svc.startd. As a transient service, it
will be started once and not restarted by adding the following lines to the manifest:
<property_group name='startd' type='framework'>
<propval name='duration' type='astring' value='transient' />
</property_group>
Note:
svc.startd provides three models of service, which are
* Transient services--These are often configuration services, which require no long-running processes to provide service. Common transient services
take care of boot-time cleanup or load configuration properties into the kernel. Transient services are also sometimes used to overcome difficulties in
conforming to the method requirements for contract or wait services. This is not recommended and should be considered a stopgap measure.
* Contract services--These are the standard system daemons. They require processes which run forever once started to provide service. Death of all
processes in a contract service is considered a service error, which will cause the service to restart.
* Wait services--These services run for the lifetime of the child process, and are restarted when that process exits.
QUESTION 34
You discovered that the network/ipmp:default is not starting on boot. You listed the service and discovered the name of the log file. You now want to
examine the log file entry created at boot. In which two locations can you find the log file created at startup?
A.
B.
C.
D.
E.
F.
G.
/lib/svc/volatile
/etc/svc/volatile
/var/svc/volatile
/var/run
/var/tmp
/var/svc/log
/lib/svc/log
Correct Answer: BF
Section: (none)
Explanation
QUESTION 35
You administer an Oracle Solaris 11 server with multiple zones. You want to configure it so that all nonprivileged users in the global zone see only their
own process.
What must you do to make the change?
A.
B.
C.
D.
Modify the LIMITPRIV variable in the /etc/usr/user_attr file.

Modify the basic privilege ser in the /etc/security/policy.conf file.
Configure the priv= attribute in the /etc/security/prof_attr.d/core-os file.
Configure privileges for the ps command in the /etc/security/exec_attrd/core-os file.
Correct Answer: B
Section: (none)
Explanation
Explanation:
* policy.conf
policy.conf configuration file for security policy.
The policy.conf file provides the security policy configuration for user-level attributes.
* Example: Modifying Every User's Basic Privilege Set

In this example, the security administrator of a large Sun Ray installation does not want regular users to view the processes of other Sun Ray users.
Therefore, on every system that is configured with Trusted Extensions, the root role removes proc_info from the basic set of privileges. The
PRIV_DEFAULT setting in the /etc/policy.conf file is uncommented and modified as follows:
PRIV_DEFAULT=basic,!proc_info
QUESTION 36
Laura is a user and netadm is a role on a Solaris 11 system. You want to allow Laura to generate SSH keys. Which two steps should be taken?
A.
B.
C.
D.
E.
Verify that netadm includes the Network Management profile.

Verify that laura has permission to access the Network Management profile.
Verify that the Network Management profile includes the netadm role.
Add a line for the ssh-keygen command to the file auth_attr.d/local-entries.
Add a line for the ssh-keygen command to the file exec_attr.d/local-entries.
Correct Answer: AD
Section: (none)
Explanation
Explanation:
D: /etc/security/auth_attr is a local source for authorization names and descriptions. An authorization is a right assigned to users that is checked by
certain privileged programs to determine whether users can execute restricted functionality.
QUESTION 37
Assume you are on a system that has a valid use account johnjay Consider the following command-line invocation:
rolemod p "Network Administrator,All,Stop" johnjay
What is the result?
A.
B.
C.
D.
The user will not acquire profiles allowed in /etc/secutity/policy.conf

There is no effect. The user acquires all profiles before the Stop profile is read.
The system will return an error.
The user gets Network Administrator profile and all profiles listed in the All macro.
Correct Answer: C
Section: (none)
Explanation
Explanation:
root@solaris:~# useradd johnjayroot@solaris:~# passwd johnjayNew Password:Re-enter new Password:passwd: password successfully changed for
johnjayroot@solaris:~# rolemod -p "Network Administrator,All,Stop" johnjayUX: rolemod: ERROR: Users must be modified with
'usermod'.root@solaris:~#
QUESTION 38
The output of the ppriv command lists four privilege sets. Which option best describes the Inherited privilege set?
A.
B.
C.
D.
It is the privilege set that nonroot users may inherit.

It is the privilege set an effective-user process may inherit.
It is the privilege set only privilege-aware child processes may inherit.
It is the privilege set the current process inherited.
Correct Answer: D
Section: (none)
Explanation
Note:
* ppriv
- inspect or modify process privilege sets and attributes
QUESTION 39
You appended a site-specific Rights Profile to the /etc/security/prof_attr file. Which file will be updated as a result of this operation?
A.
B.
C.
D.
/etc/security/prof_attr.d/local-entries
/etc/security/prof_attr.d/prof_attr
/etc/security/prof_attr.d/core-os
/etc/user_attr
Correct Answer: C
Section: (none)
Explanation
Explanation:
Example:
In Solaris 11 the "grant" authorization is no longer used, rather a set of authentication have been defined for that
purpose. The authentication strings can be found in /etc/security/prof_attr.d/core-os file. solaris.auth.:RO::Authorizations::help=AuthorizationHeader.html
solaris.auth.assign:RO::Assign any authorization::help=AuthAssign.html solaris.auth.delegate:RO::Assign owned
authorizations::help=AuthDelegate.html solaris.auth.manage:RO::Manage authorizations::help=AuthManage.html

Note: You no longer need to use the visual editor to add your own site specific entries to the Role Based Access Controls framework in Oracle Solaris
11. The profile command has been modified to support creation, modification and removal of Rights Profiles
QUESTION 40
You created a role. The role should be able to change the configuration of a zone. How will you assign that privilege to the role?
A.
B.
C.
D.
Modify the zone using the admin resource, set the user property to the role and the auths property to manage.
Assign to the role the zone Management Rights Profile.
Assign to the role the solaris.zones.* authorization.
Assign to the role the zone Security Rights Profile.
Correct Answer: B
Section: (none)
Explanation
Explanation:
The Zone Management profile grants the power to manage all of the non-global zones on the system to a user.
QUESTION 41
Yon are using the svc:/network/http:apache22 service to manage your web server. You have noticed that this service starts as the root: user and later
changes to a nonprivileged user called webservd. You do not want this service to operate as the root user and any time. Which option correctly
describes how you could achieve this task?
A.
B.
C.
D.
Modify the privileges in the service configuration.

Add an authorization to the webservd users' rights' profile.
Create a webservd role with a modified exec_attr entry.
Modify the PHIV_AWARE state of the service configuration.
Correct Answer: A
Section: (none)
Explanation
Explanation:
A service can be configured to run within a limited set of privileges, rather than as the all-powerful root user.
QUESTION 42
You created a virtual network of three zones.
One network hosts a web server.

Another hosts an application server used by the web server.
The third zone host a video streaming application.
You already configured a flow to prioritize the video traffic over the web server traffic. You now need to continuously monitor the flow.
Which tool must you use to gather the flow data?
A.
B.
C.
D.
the system activity reporter (SAR)

extended accounting
the flowstat command
the kstat utility
Correct Answer: C
Section: (none)
Explanation
Explanation:
Gathering Statistics About Network Traffic on Flows
Flow statistics help you evaluate packet traffic on any defined flows on the system. To obtain flow information, you use the flowstat command.
* Display statistics about incoming and outgoing packets on all flows.
# flowstat
This command provides a static display of traffic information on all configured flows.
Incorrect:
Not A: In computing, sar (System Activity Report) is a Solaris-derived system monitor command used to report on various system loads, including CPU
activity, memory/paging, device load, network.
QUESTION 43
Your organization uses a fixed base configuration for all Oracle Solaris native brand zones that are created. You want to configure your server so that it
will use your company template when the create command is issued. Identify the preferred way to accomplish this.
A.
B.
C.
D.
Change the /etc/zones/SYSblank.xml link to link to your company template and use create b.
Set the default_template property in the system/zones service to your company template.
Change the /etc/zones/SYSsolaris.xml link to link to your company template.
Set the zone_default_template parameter in the /etc/default/zones file.
Correct Answer: B
Section: (none)
Explanation
Explanation:
create uses a default template of SYSdefault. The default template can be changed on a system-wide basis using the default_template SMF property of
the svc:/system/zones:default service.
Note:
create [-F] [ -a path |-b | -t template]
Create an in-memory configuration for the specified zone. Use create to begin to configure a new zone
QUESTION 44
You capped the physical memory for the testzone at 50M. Which option would temporary increase the cap to 100M?
A.
B.
C.
D.
rctladm z testzone zone.capped-memory=100M

rcapadm z testzone m 100M
rcapadm z testzone zone.capped-memory=100M
prctl testzone m 100M
Correct Answer: B
Section: (none)
Explanation
Explanation:
How to Specify a Temporary Resource Cap for a Zone
This procedure is use to allocate the maximum amount of memory that can be consumed by a specified zone. This value lasts only until the next reboot.
To set a persistent cap, use the zonecfg command.
1. Become superuser, or assume a role that includes the Process Management profile. The System Administrator role includes the Process
Management profile.
2. Set a maximum memory value of 512 Mbytes for the zone my-zone.
# rcapadm -z testzone -m 512M
QUESTION 45
You are about to configure resource controls for a nonglobal zone. You want to first examine settings as well as the system limits for those controls.
Which command fetches this information?
A. priocntl
B. zonecfg
C. rctladm
D. prctl
Correct Answer: B
Section: (none)
Explanation
Explanation:
zonecfg subcommand info:
info zonename | zonepath | autoboot | brand | pool | limitpriv info [resource-type [property-name=property-value]*]
Display information about the current configuration. If resource-type is specified, displays only information about resources of the relevant type. If any
property-name value pairs are specified, displays only information about resources meeting the given criteria. In the resource scope, any arguments are
ignored, and info displays information about the resource which is currently being added or modified.
Incorrect:
Not A: priocntl- process scheduler control
The priocntl() function provides for control over the scheduling of an active light weight process (LWP).
Not C: rctladm- display and/or modify global state of system resource controls. The rctladm command allows the examination and modification of active
resource controls on the running system.
Not D: prctl
- get or set the resource controls of running processes, tasks, and projects The prctl utility allows the examination and modification of the resource
controls associated with an active process, task, or project on the system. It allows access to the basic and privileged limits on the specified entity.
QUESTION 46
Consider the following commands and output on the local server:
Also, consider the following route table entry on a remote system:

192.168.2.0 192.168.1.200 UG 1 1
You must configure a virtual switch to connect over net0 to the remote system. Select two commands that complete the configuration.
A.
B.
C.
D.
E.
F.
ipadm set-ifprop p forwarding=on net0

ipadn set-prop p forwarding=on vnic2
ipacim set-prop p forwarding=on ipv4
ipadm set-prop p routing=on net0
routeadm ue ipv4-forwarding
routeadm ue ipv4-routing
Correct Answer: AF
Section: (none)
Explanation
URL: http://www.oracle.com/technetwork/articles/servers-storage-admin/o11-118-s11-script-zones- 524499.html
QUESTION 47
You are tasked to reconfigure zone1 to use virtual interface vnic1 as its network interface. Which two steps must be included?
A.
B.
C.
D.
E.
Disable IP Filter and IPsec.

Configure the NWAM NCP to Automatic.
Change the shared IP zone to an exclusive IP zone.
Reboot zone1 so that changes made with zonecfg take effect.
From the global zone, set the IP address of vnic1 and configure the default route.
Correct Answer: CD
Section: (none)
Explanation
Explanation:
* How to Reconfigure a Zone to Use a VNIC
1. Become an administrator.
2. Create the VNIC.
(C) 3. Change the zone's IP type from shared to exclusive.
4.Change the zone's interface to use a VNIC.
5. Verify and commit the changes you have implemented and then exit the zone.
(D) 6. Reboot the zone.
7. Log in to the zone.
8. Configure the VNIC with a valid IP address.
* Example. Reconfiguring a Zone Configuration to Use a VNIC In this example, zone2 already exists as a shared zone. The zone also uses the primary
interface of the system rather than a virtual link. You need to modify zone2 to use vnic2. To use vnic2, zone2's IP type must first be changed to
exclusive. Note that some of the output is truncated to focus on the relevant information that relates to virtual networks.
global# dladm create-vnic -l net0 vnic2
global# zonecfg -z zone2
(C) zonecfg:zone1> set ip-type=exclusive
zonecfg:zone1> remove net physical=net0
zonecfg:zone1> add net
zonecfg:zone1:net> set physical=vnic2
zonecfg:zone1:net> end
zonecfg:zone1> verify
zonecfg:zone1> commit
zonecfg:zone1> exit
(D) global# zoneadm -z zone2 reboot
global# zlogin zone2
zone2# ipadm create-ip vnic2
zone2# ipadm create-addr -a 192.168.3.85/24 vnic2
ipadm: vnic2/v4
zone2# exit
global# vi /etc/hosts
#
1 localhost
127.0.0.1 localhost
192.168.3.70 loghost #For net0
192.168.3.80 zone1 #using vnic1

192.168.3.85 zone2 #using vnic2
QUESTION 48
You need to create a virtual network with two zones, one with a web server and the other with an application server that the web server calls. You
decide to create a virtual switch and virtual network interface cards (VNICs) for the zones.
Select the command that will create the virtual switch.
A.
B.
C.
D.
E.
dladm create-etherswitch stub0

dladm create-vnic l net1 vnic1
dladm create-stub l vnic0 stub0
dladm create-vnic l stub0 vnic1
dladm create-etherstub vswitchweb1
Correct Answer: E
Section: (none)
Explanation
Explanation:
Create the etherstub.
global# dladm create-etherstub etherstub
Create a VNIC over the etherstub.
global# dladm create-vnic -l etherstub vnic
Note: Etherstubs / Virtual Switches
The Etherstub is craeated as a dummy device to connect the various virtual NICs. User can imagine etherstub as a Virtual Switch to help visualize the
virtual network as a replacement for a physical network where each physical switch is replaced by a virtual switch.
QUESTION 49
Which sequence of commands will create a virtual network interface?
A.
B.
C.
D.
Option A
Option B
Option C
Option D
Correct Answer: A
Section: (none)
Explanation
Explanation:
How to Create a Virtual Network Interface
This procedure shows how to create a virtual network interface card (VNIC).
1. Create a VNIC over a datalink.
# dladm create-vnic -l link vnic
link is the name of the datalink over which the VNIC is configured.
vnic is the VNIC which you can label with a customized name as well.
2. Create a VNIC IP interface over the link.
# ipadm create-ip vnic
3. Configure the VNIC with a valid IP address.
If you are assigning a static IP address, use the following syntax:

# ipadm create-addr -T static -a address addrobj
where addrobj uses the naming format interface/user-defined-string, such as e1000g0/v4globalz.
QUESTION 50
You are creating a native Oracle Solaris zone that will be called zd1. The zone must have a virtual network interface configured. You use the following
command to create the zone configuration:
# zonecfg z zd1
zonecfg:zd1> create
What is the minimum specification required to complete the configuration before the exit command is issued?
A.
B.
C.
D.
A zonepath must be set.

An anet resource must be added.
No other configuration parameters need to be set.
Both an anet configuration and a zonepath must be set.
Correct Answer: A
Section: (none)
Explanation
Explanation:
* Example:
root@solaris:~# zonecfg -z zd1
Use 'create' to begin configuring a new zone.
zonecfg:zd1> create
create: Using system default template 'SYSdefault'
zonecfg:zd1> exit
zonepath cannot be empty.
Zone zd1 failed to verify
zd1: Required resource missing
Configuration not saved; really quit (y/[n])? n
zonecfg:zd1> verify
zonepath cannot be empty.
zd1: Required resource missing
zonecfg:zd1> set zonepath=/zones/zd1
zonecfg:zd1> exit
Note:
* anet
Automatic network interface.

The anet resource represents the automatic creation of a network resource for an exclusive-IP zone.
QUESTION 51
Which two commands restart the pkg server daemon?
A.
B.
C.
D.
E.
pkill -HUP pkg.depotd

svcadm restart svc:/application/pkg/server
pkill -USR1 pkg.depot
svcadm refresh svc:/application/pkg/server
pkg fix
Correct Answer: BC
Section: (none)
Explanation
Explanation:
Use one of the following methods to restart the depot server process:
B: Use svcadm(1M) to restart the application/pkg/server instance.
C: Send a SIGUSR1 signal to the depot server process using kill(1). This executes a "graceful restart" that leaves the process intact but reloads all
configuration, package, and search data:
# kill -USR1 pid
Note:
* The pkd.depotd service is managed by SMF under the service identifier svc:/application/pkg/server.
QUESTION 52
Which three statements describe Solaris 11 boot environments (BEs)?
A.
B.
C.
D.
E.
F.
A full backup of your OS image is provided.

Packages can be installed and uninstalled in an inactive BE.
The OS can be upgraded in an active BE while the system is live without impacting production.
A new BE can be created from the snapshot of an existing BE.
A BE can become active without rebooting the system.
An active BE can be unmounted and upgraded without impacting production.
Correct Answer: ACD

Section: (none)
Explanation
Explanation:
The beadm utility enables you to create a new boot environment based on an existing snapshot.
Note:
* You can manage the boot environments on your system either by using the beadm command or by using the Package Manager.
* A boot environment is a bootable instance of the Oracle Solaris operating system image plus any other application software packages installed into
that image. System administrators can maintain multiple boot environments on their systems, and each boot environment can have different software
versions installed.
QUESTION 53
Consider the following:
root@scolll-server:~# pkg publisher
PUBLISHER TYPE STATUS URI
solaris origin online https://pkg.oracle.com/solaris/support/
What does "origin" in the TYPE column say about the package repository?
A.
B.
C.
D.
E.
It originates from oracle.com.

It contains all of the package metadata.
It supports packages for a single publisher.
It has been configured as the default publisher.
It contains only package content.
Correct Answer: B
Section: (none)
Explanation
QUESTION 54
Given the following commands and output:
Which statement summarizes this sequence of commands?

A.
B.
C.
D.
The BE solaris in the Global zone is the same BE that is listed in the third command.
The BE solaris-1 is activated to boot when the ozone zone is rebooted.
The BE solaris-1 was created when the BE solaris-2 was created.
The BE ozone2 is a BE of a zone with the zone name ozone2.
Correct Answer: A
Section: (none)
Explanation
Explanation:
Incorrect:
Not B: You cannot activate an unbootable BE in a nested BE.
Not D: The zone is named ozone (not ozone2).
Note:
* beadm supports the concept of a nested BE, specifically, as it pertains to BEs for non-global zones.
* beadm list [-a | -ds] [-H] [beName]
Lists information about the existing boot environment named beName, or lists information for all boot environments if beName is not provided. The
Active field indicates whether the boot environment is active now, represented by N; active on reboot, represented by R; or both, represented by NR.
Unbootable BEs inside of a nested BE are represented by an exclamation point (!)
QUESTION 55
Which two statements are correct regarding IPS repositories?
A.
B.
C.
D.
E.
Remote client access is governed by svc:/application/pkg/server.

Every new repository contains the solaris publisher by default.
One repository can replicate the contents of another.
The pkg.depotd process makes all local repositories remotely available.
A repository uses separate protocols for pkg and browser clients.
Correct Answer: AD
Section: (none)
Explanation
Explanation:
A: The pkd.depotd service is managed by SMF under the service identifier svc:/application/pkg/server.
D:
* Example:
Configure pkg.depotd to provide remote access. pkg.depotd provides an HTTP interface to a pkg repo. Here we are going to make the repo server
listen on port 10000, and use the repo dir we created as its default.
# svcadm disable pkg/server
# svccfg -s pkg/server setprop pkg/inst_root = /data/myrepo # svccfg -s pkg/server setprop pkg/port = 10000
# svcadm refresh pkg/server
# svcadm enable pkg/server
* pkg.depotd is the depot server for the image packaging system. It provides network access to the data contained within a package repository. Clients
that do not support direct access to a repository through the file system, or for which network access is the only available or preferred method of
transport, typically use the package depot.
QUESTION 56
A server has a nonglobal zone named zoneA. The following boot environments are listed in the global zone.
Which three statements describe the current state of the system?

A.
B.
C.
D.
E.
F.
The BE1 boot environment cannot be activated from the nonglobal zone.
The nonglobal zone cannot be booted to solaris-1 BE at this time.
The solaris-1 BE cannot be activated from the nonglobal zone.
To boot the nonglobal zone to the solaris-1 BE, the global zone must first be booted to the solaris-1 BE.
The solaris-1 BE has been activated in the nonglobal zone.
The nonglobal zone solaris-1 BE is not bootable and must be repaired.
Correct Answer: BCF

Section: (none)
Explanation
Explanation:
C: You cannot activate an unbootable BE in a nested BE.
BE solaris-1 is marked with !R.
BF: BE solaris-1 is marked with !R.
Incorrect:
Not A: BE1 can be activated. It is bootable (not marked with a !) Not D: Different BEs can be used in the two zones.
Not E: BE solaris-1 is not marked with an N. The Active field indicates whether the boot environment is active now, represented by N
QUESTION 57
Choose two true statements regarding signed IPS packages.
A.
B.
C.
D.
A signature takes the form of an action statement in a manifest.

A package can be signed before adding it to a repository.
A package manifest may contain more than one signature.
Only one organization can apply signatures to a given package.
Correct Answer: AC
Section: (none)
Explanation
Explanation:
A: IPS package manifests can be signed, with the signatures becoming part of the manifest. Signatures are represented as actions just as all other
manifest content is represented as actions.
C: A manifest can have multiple independent signatures.
QUESTION 58
What does the following command change?
pkg set-publisher G `*' g http://server1.domain.com solaris
A.
B.
C.
D.
E.
It updates all Solaris publishers and deletes the server1.domain.com origin.

It deletes all Solaris publishers and adds the server1.domain.com origin.
It adds server1.domain.com to the Solaris publisher list.
It sets the origin for the Solaris publisher to server1.domain.com.
It adds the server1.domain.com repository as an origin for the solaris publisher.
Correct Answer: B
Section: (none)
Explanation
QUESTION 59
The http://pkg.oracle.com/solaris/release publisher is available on this server. A new repository has been created in the /export/sllReaseRepo file
system and you want to add the gzip package to this repository. Which is a valid method for adding the gzip package to the /export/sllReleaseRepo
repository?
A.
B.
C.
D.
pkgrecv s http://pkg.oracle.com/solaris/release d /export/sllReleaseRepo gzip

pkgrecv s /export/sllReleaseRepo d http://pkg.oracle.com/solaris/release gzip
pkgrecv s pkgrecv d /export/sllReleaseRepo gzip
rsync aP http://pkg.oracle.com/solaris/release d /export/sllReleaseRepo gzip
Correct Answer: A
Section: (none)
Explanation
Explanation:
* pkgrecv
- Image Packaging System content retrieval utility
pkgrecv allows the user to retrieve packages from a pkg repository or package archive. pkgrecv can also optionally republish the retrieved packages to
a different package repository or archive them.
-s src_repo_uri
A URI representing the location of a pkg repository or package archive from which to receive package data.
-d path_or_uri
The file system path or URI of the target to republish packages to. If -a is specified, the target is a new package archive that cannot already exist.
Otherwise, the target must be a package repository that already exists. New repositories can be created using pkgrepo(1).
QUESTION 60
Consider the following:
What is true concerning this publisher's Signature Policy?

A.
B.
C.
D.
Only packages from this publisher must have at least one valid signature.
All manifests from this publisher must have a cryptographic signature.
All newly installed packages must have at least one valid signature.
Signed and unsigned packages from this publisher can be installed.
Correct Answer: B
Section: (none)
Explanation
Explanation:
Signature Policy: verify
Verify that all manifests with signatures are validly signed, but do not require all installed packages to be signed.
This is the default value.

QUESTION 61
Which two statements regarding the pkg command are correct?
A.
B.
C.
D.
E.
It requires HTTP to connect to a remote repository.

It uses the set-publisher subcommand to remove an origin.
It cannot point to both sticky and nonsticky publishers in the same repository.
It uses the unset-publisher subcommand to remove publishers.
It uses the set-publisher subcommand to remove publishers.
Correct Answer: AB
Section: (none)
Explanation
Explanation:
A: Configure pkg.depotd to provide remote access. pkg.depotd provides an HTTP interface to a pkg repo. Here we are going to make the repo server
B: Set-Publisher
With -G (--remove-origin), remove the URI or path from the list of origins for the given publisher. The special value * can be used to remove all origins.
Incorrect:
Not D: unset-publisher publisher ...
Remove the configuration associated with the given publisher or publisher
Not E: set-publisher
Update an existing publisher or add a package publisher. If no options affecting search order are specified, new publishers are appended to the search
order and are thus searched last.
QUESTION 62
What is the signature-policy attribute's default value for the pkg client?
A. None
B. Verify
C. Require
D. require-names
Correct Answer: B
Section: (none)
Explanation
Explanation:
Signature Policy: verify
Verify that all manifests with signatures are validly signed, but do not require all installed packages to be signed.
This is the default value.
QUESTION 63
The following command is issued:
pkg set-publisher P publisher2
What is the impact on your system?
A.
B.
C.
D.
makes the specified publisher sticky

makes the specified publisher the highest-ranked publisher
displays information about the specified publisher
moves the specified publisher one step higher in the search order
Correct Answer: B
Section: (none)
Explanation
Explanation:
Set-Publisher
With -P or --search-first, set the specified publisher first in the search order. When installing new packages, this publisher is searched first. Updates to
already installed packages come from the same publisher that originally provided the package as long as that publisher remains sticky. When -P or -search-first is used with -p, only added publishers are placed first in search order.
QUESTION 64
You added an update to the system using a support repository updates (SRU) image:
# mkdir /SRU
# mount F hsfs /var/tem/sru-name.iso /SRU
# pkgrecv s /SRU/repo d /export/IPS/repo `*'
You now want to clear all catalog, search and other cached information from this package repository.
Select the command that clears cached data.
A.
B.
C.
D.
pkg refresh
pkgrepo rebuild
pkgrepo refresh
pkg.depotd restart
Correct Answer: B
Section: (none)
Explanation
Explanation:
pkgrepo rebuild [-p publisher ...] -s repo_uri_or_path [--no-catalog] [--no-index] Discards all catalog, search, and other cached information found in the
repository, and then recreates it based on the current contents of the repository.
Incorrect:
Not A: pkg refresh [--full] [publisher ...]
Updates the client's list of available packages and publisher metadata for each publisher specified. If no publishers are specified, the operation is
performed for all publishers.
QUESTION 65
Your company decides to store its software packages in one repository. The new repository will include five publishers. How can you configure your pkg
clients such that each package is updated from the publisher originally used to install it?
A.
B.
C.
D.
E.
Configure it such that the preferred publisher has the highest rank.
Configure it such that each publisher is added with the --search-first option.
Configure it such that the top tanked publisher is sticky.
Configure it such that all publishers are sticky.
Configure it such that the bottom-ranked publisher is sticky.
Correct Answer: D
Section: (none)
Explanation
Explanation:
set-publisher --sticky
With --sticky, specify that updates to packages that were installed from this publisher must also come from this publisher. This is the default behavior.
QUESTION 66
Yon are testing the connectivity between an Oracle Solaris 11 system and a local IPS server that has the host name of mercury within the domain
purple.com.
The command ping mercury indicates the sever is alive.
The URI http://mercury.purple.com produces the error:
Firefox can't find the server at mercury.purple.com
Yon enter the command svcprop p config network/dns/client Which two can be verified?
A.
B.
C.
D.
E.
F.
the domain name of the local system

the name service switch configuration
the IP address of the IPS server
the IP address of the DNS server
the IP address of the local system
the host name of the local system
Correct Answer: AD
Section: (none)
Explanation
Explanation:
Example. Displaying Administratively Customized Properties (here only admin layer is displayed with l)
The following command uses SMF layers to display administratively customized properties.
example% svcprop -p config -l admin svc:/network/dns/client (A) config/domain astring admin my.domain.com
(D) config/nameserver net_address admin 10.22.33.44 10.44.33.11
Note:
* config/nameserver refers to the Solaris DNS server.
/ The nameserver keyword specifies DNS servers to query using IP address.
Example:
The /etc/resolv.conf file contains configuration directives for the DNS resolver. The following resolv.conf example shows two name servers and three
search suffixes:
domain nj.bigcorporation.com
nameserver 192.168.10.11
nameserver 192.168.20.88
* The svcprop utility prints values of properties in the service configuration repository. Properties are selected by -p options and the operands
QUESTION 67
You administer an Oracle Solaris 11 server. You created an IPS repository and set the pkg publisher origin. You did not configure the pkg/service
service. What type of access have you provided for your now repository?
A.
B.
C.
D.
a file interface repository

a local host-only repository
a testing-interface repository
a pkg.depotd configured interface
Correct Answer: B
Section: (none)
Explanation
Note:
You might want a local IPS repository for the following reasons:
Performance and security. You do not want your client systems to go to the Internet to retrieve new software packages or update existing packages.
Replication. You want to ensure that you can perform the same installation next year that you perform today.
Custom packages. You want to include your own IPS package in the same repository with Oracle Solaris OS packages.
QUESTION 68
While examining an Oracle Solaris 11 system, you discover an unfamiliar ELF binary in the /usr/bin directory. You want to know which package installed
the binary. Which pkg subcommand should you use to identify the package, based on the absolute path to the binary?
A.
B.
C.
D.
pkg info
pkg list
pkg search
pkg contents
Correct Answer: C
Section: (none)
Explanation
QUESTION 69
Oracle has released a new version of the Solaris operating system and it is located in a repository on SRVA and is stored in the rpool/export/sllRepo file
system. The repository is accessible to SRVB through the /remoteRepo NFS mount point.
You need to add a local repository on SRVB in the /export/sllReleaseRepo file system. The repository will be an exact copy of the repository that is
stored on SRVA. Currently, the only publisher on SVRB
is:
Which command must you use to copy the contents of the repository from SRVA to the local file system on SRVB?
A.
B.
C.
D.
E.
pkgrepo create /export/sllReleaseRepopkgrecv s /remoteRepo d /export/sllReleaseRepo

pkgrecv s file:///remoteRepo d file:///export/sllReleaseRepo `*'
pkgrecv s /remoteRepo d /export/sllReleaseRepo `*'
pkgrecv s /remoteRepo d file:///export/sllReleaseRepo `*'
rsync aP /remoteRepo /export/sllReleaseRepo
Correct Answer: A
Section: (none)
Explanation
Explanation:
* pkgrepo provides the ability to create and manage pkg package repositories. Package repositories are a predefined set of directories and files that
permit the storage and retrieval of package data by pkg and publication clients such as pkgsend or pkgrecv.
* Use the pkgrecv command to copy the repository.
Example:
# pkgrecv -s http://pkg.oracle.com/solaris/release/ -d /export/repoSolaris11 '*' Processing packages for publisher solaris ...
Creating Plan
Retrieving and evaluating 4288 package(s)...
PROCESS ITEMS GET (MB) SEND (MB)
developer/build/cmake 446/4288 332.1/4589.7 1000.2/14511.8
Completed 4288/4288 4589.7/4589.7 14511.8/14511.8
QUESTION 70
Your company has set a policy that all Oracle Solaris 11 instances must have a backup boot environment created whenever software packages are
added, removed, or updated. The current boot environment must not be modified. The backup boot environment must represent the system image
before the procedure and the new boot environment must represent the image before the procedure. The image properties on your system are as
follows:
You are instructed to install the top utility.

Which two will allow the top package to be installed on the system while adhering to the company policy?
A.
B.
C.
D.
E.
pkg property pkg-install=backup-bepkg install top

pkg set-property be-policy create-backuppkg install top
pkg install --be-name BE2 top
pkg set-property be-policy always-newpkg install top
pkg set-property create-backup truepkg install top
Correct Answer: CD
Section: (none)
Explanation
Explanation:
By default, a new BE is automatically created when you perform one of the following operations:
* (D) Set the be-policy image policy to always-new. Under this policy, all package operations are performed in a new BE set as active on the next boot.
* Update particular key system packages such as some drivers and other kernel components. This can happen when you install, uninstall, update,
change variant, or change facet.
* Often a new BE is created when you execute the pkg update command to update all packages that have updates available.
* Specify any of the following options: --be-name, --require-new-be, --backup-be-name, --require- backup-be.
QUESTION 71
You detected a failure of net0 in the IPMP group named ips1. The server hosting the failed NIC supports dynamic reconfiguration. Which statement is
true regarding the replacement of the hardware interface?
A.
B.
C.
D.
The NIC must be replaced with an identical physical interface card type.
The NIC will be configured after replacement with the dladm command.
The devfsadm command will be used to discover the replacement NIC.
The replacement NIC must occupy the same bus slot as the original NIC .
Correct Answer: B
Section: (none)
Explanation
Explanation:
When an underlying interface of an IPMP group fails, a typical solution would be to replace the failed interface by attaching a new NIC. RCM records the
configuration information associated with any NIC that is detached from a running system. If you replace a failed NIC with an identical NIC, then RCM
automatically configures the interface according to the persistent configurations that had been previously defined by using the ipadm command.
Incorrect:
Not A, not D: You can replace a failed NIC with a different NIC, provided that both are the same type, such as Ethernet. In this case, RCM plumbs the
new interface after it is attached. If you did not use customized link names when you first configured your interfaces, then you will have to configure the
new NIC before you can add the interface to the IPMP group. Not C: devfsadm, devfsadmd- administration command for /dev and /devices
Note:
* 1. On the system with the IPMP group configuration, assume the Primary Administrator role or become superuser.
2. Display the test address configuration
3. Remove the physical interface.
4. Replace the physical interface.
QUESTION 72
You want to configure your IPS repository server for high network bandwidth and network availability. Which two technologies are best suited for
achieving these goals?
A.
B.
C.
D.
E.
naxbw resource control

zpool disk aggregation
link load balance
link aggregation
IP multipathing
Correct Answer: DE
Section: (none)
Explanation
Explanation:
DE: Link aggregations provide high availability and higher throughput by aggregating multiple interfaces at the MAC layer. IP Multipathing (IPMP)
provides features such as higher availability at the IP layer. Both IPMP and Link Aggregation are based on the grouping of network interfaces, and some
of their features overlap, such as higher availability. These technologies are however implemented at different layers of the stack, and have different
strengths and weaknesses.
E: The IP network multipathing or IPMP is a facility provided by Solaris to provide fault-tolerance and load spreading for network interface cards (NICs).
With IPMP, two or more NICs are dedicated for each network to which the host connects.
The IPMP load spreading feature increases the machine's bandwidth by spreading the outbound load between all the cards in the same IPMP group.
QUESTION 73
You administer an Oracle Solaris 11 system that uses a user-defined Network Configuration Profile (NCP). You now need to modify the DNS name
servers. Select the profile type that you will need to modify.
A.
B.
C.
D.
Automatic-NCP
Location profile
Network Configuration Unit
External Network Modifiers
Correct Answer: B
Section: (none)
Explanation
Explanation:
Once basic networking has been achieved, there is something called the Location Profile that loads system-wide network configuration information. This
includes:
- Condition under which it is activated
- Naming service to use
- Domain name
- IP Filter rules
- IPsec policy
Incorrect:
Not A: The Automatic NCP is a system-defined profile and cannot be modified by a user. It contains one Link NCU and one Interface NCU for each
physical link on the system. For this particular profile, Physical links take precedence over Wireless links when it is time to activate an NCU. This profile
changes dynamically when new links are inserted or removed from the system.
QUESTION 74
What is true regarding an IPMP group?
A.
B.
C.
D.
All underlying interfaces are physical Ethernet links.

All interfaces connect to the same switch.
It does not persist across reboots.
Testing for failover can be done using the ipadm delete-ipmp command.
Correct Answer: C
Section: (none)
Explanation
Explanation:
To make IPMP groups persists across reboots you would have to do some work:
To configure an IPMP group that persists across system reboots, you would edit the hostname configuration file of the IPMP interface to add data
addresses.
Note: The same (non-null) character string IPMP group name identifies all interfaces in the group. You can place interfaces from NICs of different
speeds within the same IPMP group, as long as the NICs are of the same type. For example, you can configure the interfaces of 100-megabit Ethernet
NICs and the interfaces of one gigabit Ethernet NICs in the same group. As another example, suppose you have two 100-megabit Ethernet NICs. You
can configure one of the interfaces down to 10 megabits and still place the two interfaces into the same IPMP group.
Incorrect:
Not A: You cannot place two interfaces of different media types into an IPMP group. For example, you cannot place an ATM interface in the same group
as an Ethernet interface. Not B: An IP multipathing group, or IPMP group, consists of one or more physical interfaces on the same system that are
configured with the same IPMP group name. All interfaces in the IPMP group must be connected to the same IP link.
QUESTION 75
Which statement is true regarding an aggregation?
A.
B.
C.
D.
Its member links must all have the same range of operating speeds.
It can be called out by its link name or by its integer key.
Its LACP mode sets the behavior to active or passive.
Its default L2 policy is round-robin.
Correct Answer: A
Section: (none)
Explanation
QUESTION 76
You configured IPMP on the system:
Based on this information, select the correct conclusion.

A.
B.
C.
D.
E.
No default route is configured.

in.mpathd cannot identify failed interfaces.
There are no active interfaces in the group.
There are three standby interfaces in the group.
The property transitive-probing is false.
Correct Answer: E
Section: (none)
Explanation
Explanation:
Disabled in the MODE column means that all probe-based failure detection is disabled.
You must enable transitive probing to use this failure detection method that does not require test addresses.
Note:
* ipmpstat
- display IPMP subsystem status
The ipmpstat command concisely displays information about the IPMP subsystem. The -t option identifies the probe targets that are associated with
each IP interface in an IPMP group.
* Target mode displays IPMP probe target information. The following output fields are supported:
/ INTERFACE
The IP interface name associated with the information.
/ MODE
The probe target discovery mode:
routes
Probe targets found by means of the routing table.
multicast
Probe targets found by means of multicast ICMP probes.
disabled
All probe-based failure detection is disabled.
transitive
Failure detection is by means of transitive probing, where the health of the IP interface is determined by probing other active interfaces in the group.
/ TESTADDR
The source address used in outgoing probes. Active interfaces that are being used for data traffic, as well as interfaces that have been explicitly
configured with NOFAILOVER test addresses, will have the hostname (or IP address) that is used for sending and receiving the ICMP probes. All other
interfaces in the group will display the name of the interface from which the probes are sent. Note that if an active IP interface is configured with both
IPv4 and IPv6 test addresses, probe target information will be displayed separately for each test address.
/ TARGETS
A space-separated list of probe target hostnames (or IP addresses) for ICMP probes, or target interfaces for transitive probes. The IP targets will be
listed in firing order, and, if no probe targets could be found, this field will be empty.
QUESTION 77
Which network component is the default target for IPMP probe-based Failure detection?
A.
B.
C.
D.
the default router

any nongateway system on the same subnet
any group interface with a test address
the first responder to the in.mpathd broadcast request
Correct Answer: A
Section: (none)
Explanation
Explanation:
How to Manually Specify Target Systems for Probe-Based Failure Detection
1. Add a route to a particular host to be used as a target in probe-based failure detection. $ route -p add -host destination-IP gateway-IP -static where
destination-IP and gateway-IP are IPv4 addresses of the host to be used as a target. For example, you would type the following to specify the target
system 192.168.10.137, which is on the same subnet as the interfaces in IPMP group itops0:
$ route -p add -host 192.168.10.137 192.168.10.137 -static This new route will be automatically configured every time the system is restarted. If you
want to define only a temporary route to a target system for probe-based failure detection, then do not use the -p option.
2.Add routes to additional hosts on the network to be used as target systems.
QUESTION 78
You administer a server running a global zone with no virtual networking. Consider the following configuration:
Which is a valid IPMP configuration for this server?

A. net0 and net1 must be configured into an IPMP group, net2 can be configured into its own IPMP group, and net0 or net1 can be configured as a
standby interface.
B. net0 and net1 must be configured into one IPMP group, net2 and net3 must be configured into a second IPMP group, and all interfaces can be
configured for link detection.
C. net1 and net2 must be configured into an IPMP group, net0 can be configured into its own IPMP group, and net3 can be configured as a standby
interface.
D. net0 and net2 must be configured into an IPMP group, net0 can be configured into its own IPMP group, and net3 can be configured as a standby
interface.
Correct Answer: A
Section: (none)
Explanation
Explanation:
Must be in the same network range (see * below).

Different speeds are fine (see ** below).
* An IP multipathing group, or IPMP group, consists of one or more physical interfaces on the same system that are configured with the same IPMP
group name. All interfaces in the IPMP group must be connected to the same IP link (A, not B, not C, Not D).
** The same (non-null) character string IPMP group name identifies all interfaces in the group. You can place interfaces from NICs of different speeds
within the same IPMP group, as long as the NICs are of the same type. For example, you can configure the interfaces of 100-megabit Ethernet NICs
and the interfaces of one gigabit Ethernet NICs in the same group. As another example, suppose you have two 100-megabit Ethernet NICs. You can
configure one of the interfaces down to 10 megabits and still place the two interfaces into the same IPMP group.
QUESTION 79
You added three interfaces to an IPMP group. You now want to review the failure detection modes. Which command most you use to determine if all
interfaces in the group support link-based detection?
A.
B.
C.
D.
ipadm show-ifprop
dlstat show-link
dladm show-link
ipmpstat i
Correct Answer: D
Section: (none)
Explanation
Explanation:
Link-Based Failure Detection
Link-based failure detection is always enabled, provided that the interface supports this type of failure detection.
To determine whether a third-party interface supports link-based failure detection, use the ipmpstat -i command. If the output for a given interface
includes an unknown status for its LINK column, then that interface does not support link-based failure detection. Refer to the manufacturer's
documentation for more specific information about the device.
QUESTION 80
Your organization uses NFS to share data from Oracle Solaris servers to Oracle Solaris clients. The server currently has an NFS share configured for
the rpool/export/data file system. A client is currently mounting this file system. As administrator, you add a new file system rpool/export/data/
yesterdays_data, and copy data into the new file system.
Which action is required for the client currently mounting the rpool/expor/data file system to access the new data?
A. The rpool/export/data/yesterdays_data file system must be mounted.
B. No action is required because the data is automatically made available.
C. The rpool/export/data file system must be remounted.

D. The nfs/client server must be restarted.
Correct Answer: B
Section: (none)
Explanation
https://docs.oracle.com/cd/E23824_01/html/821-1454/rfsadmin-56.html
QUESTION 81
What are targets for IPMP probe-based failure detection configured by?
A.
B.
C.
D.
responses to SNMP requests

specifying host routes in the routing table
specifying hosts in /etc/default/mpathd
setting the property svc:/network/ipmp/config/transitive-probing
Correct Answer: B
Section: (none)
Explanation
Explanation:
How to Manually Specify Target Systems for Probe-Based Failure Detection
1. Add a route to a particular host to be used as a target in probe-based failure detection. $ route -p add -host destination-IP gateway-IP -static where
destination-IP and gateway-IP are IPv4 addresses of the host to be used as a target. For example, you would type the following to specify the target
system 192.168.10.137, which is on the same subnet as the interfaces in IPMP group itops0:
$ route -p add -host 192.168.10.137 192.168.10.137 -static This new route will be automatically configured every time the system is restarted. If you
want to define only a temporary route to a target system for probe-based failure detection, then do not use the -p option.
2.Add routes to additional hosts on the network to be used as target systems.
QUESTION 82
The default route for the NCP static is changed with the following command sequence:
When does the entered route take effect?

A.
B.
C.
D.
E.
after the set command

after the verify command
after the commit command
after the exit command
after enabling the location user (command not shown)
Correct Answer: C
Section: (none)
Explanation
Explanation:
* The netcfg command manipulates system network configuration profiles. The netcfg command can be invoked interactively, with an individual
subcommand, or by specifying a command file that contains a series of subcommands.
* subcommand: netcfg commit

Commits the current profile specification to persistent storage. A configuration must be correct to be committed. Therefore, this operation automatically
performs a verify operation on the profile or object as well. The commit operation is attempted automatically upon exiting the current scope by using
either the end or exit subcommand.
Note:
* from the netadm list output we see the line
ncp Automatic disabled
* Oracle Solaris 11 uses profile-based network configuration, which is comprised of two network configuration modes: manual (fixed) and automatic
(reactive). Depending on which network configuration mode you choose during an installation, either the DefaultFixed network configuration profile
(NCP) or the Automatic NCP is activated on the system. If the DefaultFixed NCP is active, the network is manually configured by using the dladm and
ipadm commands . If the Automatic NCP or a user-defined NCP that you previously created is active, the netcfg and netadm commands (formerly
nwamcfg and nwamadm) are used to create and manage network configuration.
QUESTION 83
How do you add a test address to an IPMP group?
A.
B.
C.
D.
Use ipadm create-addr to add the address to a member interface.

Use ipadm create-addr to add the address to the IPMP interface.
Use ipadm create-ip to add an address to a member interface.
Use ipadm create-ip to add an address to the IPMP interface.
Correct Answer: A
Section: (none)
Explanation
QUESTION 84
Which two statements correct regarding Link Aggregations?
A.
B.
C.
D.
E.
The MAC address of the first configured link is used for all links.
A link with an existing IP interface cannot be added to an aggregation.
The switch must support the Link Aggregation Control Protocol (LACP).
Links of differing bit rates can be aggregated, but performance gains may not be realized.
The f option of dladm allows aggregating devices that do not support link state notification.
Correct Answer: BC
Section: (none)
Explanation
An interface that has been created cannot become a member of an aggregation.
QUESTION 85
Which ipmpstat mode reports each link's status in an IPMP group?
A.
B.
C.
D.
E.
address
group
interface
probe
target
Correct Answer: C
Section: (none)
Explanation
Explanation:
Interface mode displays the state of all IP interfaces (IP links) that are tracked by in.mpathd on the system.
Incorrect:
Not A: Address mode displays the state of all IPMP data addresses on the system. Not B: Group mode displays the state of all IPMP groups on the
system. Not D: Probe mode displays information about the probes being sent by in.mpathd. Not E: Target mode displays IPMP probe target information.
QUESTION 86
You are about to configure an AI server and you need to determine if NWAM is configured, if the system has a manually configured IP interface. Which
command gives you this information?
A.
B.
C.
D.
nscfg list
netadm list
netcfg list
svcs network/physical
Correct Answer: B
Section: (none)
Explanation
QUESTION 87
You must configure a ZFS file system on an Oracle Solaris 11 server to share it over NFS. (rpool/export/share/data mounted on /export/share/data)
The file system must be configured for read-only access and must assign anonymous users a UID of 0. The file system must allow read and write
access for local users.
Assuming all ZFS properties except mountpoint are at their default settings, which option supports these requirements?
A.
B.
C.
D.
Option A
Option B
Option C
Option D
Correct Answer: B
Section: (none)
Explanation
Explanation:
Create the NFS share.
# zfs set share=name=fs1,path=/fs1,
prot=nfs tank/fs1
Set the sharenfs property to on.
# zfs set sharenfs=on tank/fs1
Incorrect:
Not A, Not C: The share is not published until the sharenfs or sharesmb property is set to on. For example:
# zfs set sharenfs=on rpool/fs1
# cat /etc/dfs/sharetab
/rpool/fs1 fs1 nfs sec=sys,rw
Not B: First create the share, then set the sharenfs to on.
Note:
When you create a NFS share of a ZFS file system, you must provide the following share components:
share=name
Identify a name for your share. Maximum share name is 80 characters.
path=pathname
Identify a path for your NFS share that must exist within the file system or directory to be shared.
prot=nfs or smb
Identify the protocol as NFS or SMB.
pool/filesystem
Identifies the ZFS file system to be shared.
Additional share options include:
rw= or ro=
Identifies whether the share is available as read/write or read-only to all clients. You can also specify a colon-separated list that includes hostnames, IP
addresses, or a netgroup.
QUESTION 88
You want to configure an anonymous IPMP group.
Which method lets you enable this behavior?
A.
B.
C.
D.
Set the config/transitive-probing property to true in the svc:/network/imp:default service.

Use the ipadm set-ifprop command to set the anonymous property to true for the IPMP interface.
Edit the /etc/default./mpathd file and set TRACK_INTERFACES_ONLY_WITH GROUPS=no.
Set the config/anonymous property to true in the svc:/network/ipmp:default service.
Correct Answer: C
Section: (none)
Explanation
Explanation:
* /etc/default/mpathd
Contains default values used by the in.mpathd daemon.
* By default, in.mpathd limits failure and repair detection to IP interfaces that are configured as part of a named IPMP group. Setting
TRACK_INTERFACES_ONLY_WITH_GROUPS to no enables failure and repair detection on all IP interfaces, even if they are not part of a named
IPMP group. IP interfaces that are tracked but not part of a named IPMP group are considered to be part of the "anonymous" IPMP group. In addition to
having no name, this IPMP group is special in that its IP interfaces are not equivalent and thus cannot take over for one another in the event of an IP
interface failure. That is, the anonymous IPMP group can only be used for failure and repair detection, and provides no high-availability or loadspreading
QUESTION 89
Which two conditions must exist in order to add a new link to an aggregation?
A.
B.
C.
D.
E.
The new link appears in the output of dladm show-phys.

The new link may already support an active interface.
The LACP policy must be set to L4.
The link may currently be in any state.
The new link has the same MAC address as the existing links.
Correct Answer: AD
Section: (none)
Explanation
Explanation:
A:
Note:
Use dladm show-phys to obtain information about the system's datalinks in relation to the physical NICs with which they are associated. Used without
any options, the command displays information similar to the following:
# dladm show-phys
LINK MEDIA STATE SPEED DUPLEX DEVICE
net0 Ethernet up 100Mb full e1000g0
net1 Ethernet down 0Mb -- nge0
net2 Ethernet up 100Mb full bge0
net3 Infiniband -- 0Mb -- ibd0
* Your link aggregation configuration is bound by the following requirements:
/You must use the dladm command to configure aggregations. / (not B) An interface that has been created cannot become a member of an
aggregation. /All interfaces in the aggregation must run at the same speed and in full-duplex mode. / (not E) You must set the value for MAC addresses
to "true" in the EEPROM parameter local-mac- address? For instructions, refer to How to Ensure That the MAC Address of an Interface Is Unique.
QUESTION 90
Examine the following command:
ipadm create-addr -T static -a 192.168.1.112/26 net0/v6
Which two statements are true?
A.
B.
C.
D.
E.
The interface is plumbed.

The interface is marked down.
The netmask value is ffffffc0.
The link local IPv6 address fe80::112 is created.
Multicast datagrams are not enabled on this interface.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 91
You added an interface to the IPMP group ipmp0 with the following commands:
# ipadm create-ip net4
# ipadm add-ipmp i net4 ipmp0
Which statement regarding the newly added interface is correct?
A.
B.
C.
D.
Link state failure detection will not occur.

Probe-based failure detection will not occur.
Without a data IP address, it cannot become active.
These changes will be lost when the system is booted.
Correct Answer: B
Section: (none)
Explanation
QUESTION 92
Examine the following information:
Which statement describes the user auuser audit mask?

A.
B.
C.
D.
All failed and successful lo events, all failed and successful am events will be logged, no ss events will be logged.
All failed and successful lo events, all failed and successful am events and successful ss events will be logged.
All failed and successful lo events, all failed and successful am events and failed ss events will be logged.
All failed and successful lo events and all failed and successful ss events will be logged.
Correct Answer: A
Section: (none)
Explanation
Note:
* The Trusted Solaris environment provides audit classes including:
ss - Change system state
no - Invalid class
lo - Login or logout
* always-audit
Lists the audit classes that are audited for this user. Modifications to the system-wide classes are prefixed by a caret (^). Classes that are added to the
system-wide classes are not prefixed by a caret.
never-audit
Lists the audit classes that are never audited for the user, even if these audit events are audited system- wide. Modifications to the system-wide classes
are prefixed by a caret (^).
* Process preselection mask A combination of the system-wide audit mask and the user-specific audit mask, if a user audit mask has been specified.
When a user logs in, the login process combines the preselected classes to establish the process preselection mask for the user's processes. The
process preselection mask specifies whether events in each audit class are to generate audit records.
The following algorithm describes how the system obtains the user's process preselection mask:
(system-wide default flags + always-audit-classes) - never-audit-classes
* getent user_attr
getent
- get entries from administrative database
getent gets a list of entries from the administrative database specified by database. The information generally comes from one or more of the sources
that are specified for the database in /etc/nsswitch.conf.
QUESTION 93
You are the primary administrator for a set of Oracle Solaris 11 servers. You noticed some changes to configuration files.
You are concerned that someone may have unauthorized access or that an authorized user may be abusing the access privilege. You decide to track a
set of security events across multiple servers. How will you configure the systems for this?
A.
B.
C.
D.
Configure a centralized system-logging server and direct all servers to use it.
Use audit-config to add the servers' host names to the audit_remote plug in.
Add centralized NFS file systems to the /etc/security/audit_control file on each server.
Modify the /etc/security/audit_startup file and add audit_remote logging on each server.
Correct Answer: B
Section: (none)
Explanation
Explanation:
audit_remote
- send Solaris audit logs to a remote server
The audit_remote plugin module for Solaris audit, /usr/lib/security/audit_remote.so, sends binary audit records (audit.log) to audit servers as they are
configured with auditconfig.
The audit_remote plugin is loaded by auditd if the plugin is configured as an active via auditconfig. Use the auditconfig -setplugin option to change all
the plugin related configuration parameters.
Incorrect:
not D: Audit policy determines the characteristics of the audit records for the local host. When auditing is enabled, the contents of the /etc/security/
audit_startup file determine the audit policy.
QUESTION 94
By default, which directory does the audit_binfile plug-in write log files in, and what is the maximum size of each log file?
A.
B.
C.
D.
E.
/var/adm/audit, 100 MB
/var/audit, 100 MB
/var/adm, no limit
/var/audit, no limit
/var/adm/audit, 16 EB
Correct Answer: D
Section: (none)
Explanation
Explanation:
* The following directives cause audit_binfile.so to be loaded, specify the directories for writing audit logs, and specify the percentage of required free
space per directory.
auditconfig -setplugin audit_binfile active \
"p_dir=/var/audit/jedgar/eggplant,/var/audit/jedgar.aux/eggplant, /var/audit/global/eggplant;p_minfree=20;p_fsize=4.5GB"
* The attributes specifying the configuration of audit_binfile plugin include:
p_dir
dir1[,dir2],.. [,dirn]
A list of directories, where the audit files will be created. Any valid writable directory can be specified.
p_fsize
The p_fsize attribute defines the maximum size that an audit file can become before it is automatically closed and a new audit file is opened. This is
equivalent to an administrator issuing an audit -ncommand when the audit file size equals the value specified by the administrator. The default size is
zero (0), which allows the file to grow without bound.
QUESTION 95
You are the primary administrator for a set of Oracle Solaris 11 servers. You noticed some changes to configuration files. Yon are concerned that
someone may have unauthorized access and that an authorized user may be abusing the access privilege. You want to track users of these systems to
determine what tasks each user performs. Select the best way to gather this information.
A.
B.
C.
D.
E.
Solaris auditing
the system/event service
the system-logging service
Basic Audit Reporting Tool
System Extended Accounting
Correct Answer: A
Section: (none)
Explanation
Explanation:
Solaris auditing keeps a record of how the system is being used. The audit service includes tools to assist with the analysis of the auditing data.
Incorrect:
not C: Basic Audit Reporting Tool
BART is a file tracking tool that operates entirely at the file system level. Using BART gives you the ability to quickly, easily, and reliably gather
information about the components of the software stack that is installed on deployed systems. Using BART can greatly reduce the costs of
administering a network of systems by simplifying time-consuming administrative tasks.
Note:
* The audit service makes the following possible:
Monitoring security-relevant events that take place on the host Recording the events in a network-wide audit trail
Detecting misuse or unauthorized activity
Reviewing patterns of access and the access histories of individuals and objects Discovering attempts to bypass the protection mechanisms
Discovering extended use of privilege that occurs when a user changes identity
* Auditing is the collecting of data about the use of system resources. The audit data provides a record of security-related system events. This data can
then be used to assign responsibility for actions that take place on a host. Successful auditing starts with two security features: identification and
authentication. At each login, after a user supplies a user name and password, a unique audit session ID is generated and associated with the user's
process. The audit session ID is inherited by every process that is started during the login session. Even if a user changes identity within a single
session, all user actions are tracked with the same audit session ID.
QUESTION 96
A contractor has been hired by you company to do some application-specific tuning. You are the administrator of the server that the contractor will be
working on. You decide to enable Oracle Solaris Auditing. How will auditing help prevent misuse of the server?
A.
B.
C.
D.
prevents attempts to bypass the protection mechanisms

stops unauthorized activity
acts as a deterrent
prevents misuse
Correct Answer: C
Section: (none)
Explanation
Explanation:
The audit service makes the following possible:
Monitoring security-relevant events that take place on the host Recording the events in a network-wide audit trail
Detecting misuse or unauthorized activity
Reviewing patterns of access and the access histories of individuals and objects Discovering attempts to bypass the protection mechanisms
Discovering extended use of privilege that occurs when a user changes identity
Incorrect:
Not A: auditing does not prevent attempts to bypass the protection mechanisms, it just discovers them.
QUESTION 97
Which two statements are true regarding the audit_remote plugin and the audit service?
A.
B.
C.
D.
E.
audit_remote is not loaded by default.

The standard service port defined by IANA is 16162.
Audit records are sent to all configured remote hosts.
The required GSS_API mechanism is kerberos_v5.
The maximum number of audit records queued before sending is 100.
Correct Answer: AB
Section: (none)
Explanation
Explanation:
A: The audit_remote plugin is loaded by auditd if the plugin is configured as an active via auditconfig. Use the auditconfig -setplugin option to change all
the plugin related configuration parameters
B: The solaris-audit service port assigned by IANA is 16162.
Incorrect:
Not D: audit_remote authenticates itself to the remote audit service by way of GSS-API (libgss(3LIB)). Default gss credentials are used as provided by
the gss implementation mechanism, such as Kerberos.
Note: audit_remote
- send Solaris audit logs to a remote server
QUESTION 98
Which three options will take precedence over one-another in a local zone that uses the Fair Share Scheduler?
A.
B.
C.
D.
E.
the global resource control zone.cpu-shares

the global default scheduling class
the local zone attribute scheduling-class
the local zone attribute cpu-shares
the scheduling class of the pool assigned to a zone
Correct Answer: CDE

Section: (none)
Explanation
Explanation:
C: You can use the scheduling-class property in zonecfg to set the scheduling class for the zone.
D: When you explicitly set the cpu-shares property, the fair share scheduler (FSS) will be used as the scheduling class for that zone. However, the
preferred way to use FSS in this case is to set FSS to be the system default scheduling class with the dispadmin command. That way, all zones will
benefit from getting a fair share of the system CPU resources. If cpu-shares is not set for a zone, the zone will use the system default scheduling class.
E: You can set the scheduling class for a zone through the resource pools facility. If the zone is associated with a pool that has its pool.scheduler
property set to a valid scheduling class, then processes running in the zone run in that scheduling class by default.
QUESTION 99
Which scheduling class cannot be assigned to a zone?
A.
B.
C.
D.
E.
RT
FX
TS
SYS
FSS
Correct Answer: D
Section: (none)
Explanation
Explanation:
Scheduling classes provide different CPU access characteristics to threads that are based on algorithmic logic. The scheduling classes include:
Realtime scheduling class (RT) (not a)
Interactive scheduling class (IA)
Fixed priority scheduling class (FX) (not b)
Timesharing scheduling class (TS) (not c)
Fair share scheduling class (FSS) (not E)
QUESTION 100
Can you change the scheduling class of a zone's processes to FSS without rebooting?
A.
B.
C.
D.
E.
No. Set the zone's scheduling-class attribute to FSS and reboot.

No. Run dispadmin d FSS inside the zone, then reboot.
No. Run dispadmin d FSS in the global zone, then reboot the nonglobal zone.
Yes. Run dispadmin d FSS inside the zone.
Yes. Run priocntl s c FSS i all inside the zone.
Correct Answer: E
Section: (none)
Explanation
Explanation:
* Syntax:
priocntl -s [-c class] [class-specific options]
[-i idtype] [idlist]
* The priocntl command displays or sets scheduling parameters of the specified process(es). It can also be used to display the current configuration
information for the system's process scheduler or execute a command with specified scheduling parameters.
Processes fall into distinct classes with a separate scheduling policy applied to each class. The process classes currently supported are the real-time
class, time-sharing class, interactive class, fair-share class, and the fixed priority class.
* priocntl options include:
-c
class
Specifies the class to be set. (The valid class arguments are RT for real-time, TS for time-sharing, IA for inter-active, FSS for fair-share, or FX for fixedpriority.) If the specified class is not already configured, it is automatically configured.
-s
Sets the scheduling parameters associated with a set of processes.
QUESTION 101
Which command reports the scheduling class a process falls under?
A. ps
B. priocnt1
C. dispadmin
D. rctladm
E. prstat
Correct Answer: A
Section: (none)
Explanation
QUESTION 102
You have a server that has two zones configured. These zones use the pool named pool_zones.
Examine the following configuration information:
The system has four CPUs. Assume that both zones are under heavy load. Examine the following partial output:
Which option describes the values you would expect to see for the CPU field for the zones?
A.
B.
C.
D.
E.
approximately 40% for z1 and approximately 60% for z2

Correct Answer: A
Section: (none)
Explanation
Explanation:
From the poolcfg c info command output we see that FSS (Fair Share Scheduler) is used. From the prctl command output we see that zone z1 has
been configured with a zone.cpu-shares value of 40.
* The pool_default has a value of 100 CPU shares.
* prstat
- report active process statistics
Option Z
-Z
Report information about processes and zones. In this mode, prstat displays separate reports about processes and zones at the same time.
QUESTION 103
Consider the following command:
dispadmin -c IA -g -r 1000000
Which statement correctly describes the result?
A. The quantum will be reported in milliseconds.
B. The quantum will be output every 1000000 milliseconds.
C. The quantum will be reported in microseconds.

D. The quantum will be output every 1000000 microseconds.
Correct Answer: C
Section: (none)
Explanation
QUESTION 104
Identify three ways in which the Fair Share Scheduler can be assigned.
A.
B.
C.
D.
E.
poolcfg
dispadmin
zonecfg set pool=<value>
zonecfg set cpu-shares=<value>
by creating a project and attaching a process to that project
Correct Answer: ABD

Section: (none)
Explanation
Explanation:
A: Resource Allocation: Zones, Pools and FSS
Example:
Then create a pool for your zone (in this example, we'll use the zones named 'habitue,' 'creator,' 'netid,' and 'linguo'): pooladm -x
pooladm -s
poolcfg -c 'create pool habitue-pool ( string pool.scheduler = "FSS" )' poolcfg -c 'create pool creator-pool ( string pool.scheduler = "FSS" )' poolcfg -c
'create pool linguo-pool ( string pool.scheduler = "FSS" )' poolcfg -c 'create pool netid-pool ( string pool.scheduler = "FSS" )' pooladm -c
B: Set the default scheduler for the system to be the FSS.
# dispadmin -d FSS
D: Example:
global# zonecfg -z global
zonecfg:myzone> set cpu-shares=100
zonecfg:myzone> set scheduling-class=FSS
zonecfg:myzone> exit
QUESTION 105
Which scheduling class distributes CPU resources among its processes based on assigned importance?
A.
B.
C.
D.
Fair Share Scheduler (FSS)

Real-Time (RT)
Fixed-priority (FX)
Timesharing (TS)
Correct Answer: C
Section: (none)
Explanation
Explanation:
The FX scheduler provides a scheduling policy for processes that require user or application control of scheduling priorities. The priorities of processes
that run under FX are fixed.
The FX class provides a fixed-priority preemptive scheduling policy. This policy is used by processes that require user or application control of
scheduling priorities but are not dynamically adjusted by the system. By default, the FX class has the same priority range as the TS, IA, and FSS
classes. The FX class allows user or application control of scheduling priorities through user priority values assigned to processes within the class.
These user priority values determine the scheduling priority of a fixedpriority process relative to other processes within its class.
Incorrect:
Not A: The fair share scheduling class enables you to allocate CPU time based on shares instead of the priority scheme of the timesharing (TS)
scheduling class. Not D: The goal of the time-sharing policy is to provide good response time to interactive processes and good throughput to CPUbound processes. The scheduler switches CPU allocation often enough to provide good response time, but not so often that the system spends too
much time on switching. Time slices are typically a few hundred milliseconds.
The time-sharing policy changes priorities dynamically and assigns time slices of different lengths.
QUESTION 106
You configured the Fail Share Scheduler on a server, and you defined CPU shares for two nonglobal zones. You now need to apply shares to the global
zone. The configuration needs to be persistent across a reboot operation. Which utility will you use?
A.
B.
C.
D.
prctl
priocntl
zonecfg
dispadmin
Correct Answer: D
Section: (none)
Explanation
Explanation:
* Set the default scheduler for the system to be the FSS.
# dispadmin -d FSS
* Scheduling Class on a System with Zones Installed
Non-global zones use the default scheduling class for the system. If the system is updated with a new default scheduling class setting, non-global zones
obtain the new setting when booted or rebooted. The preferred way to use FSS in this case is to set FSS to be the system default scheduling class with
the dispadmin command.
QUESTION 107
Which utility/service must you use to set processes with FSS by default?
A.
B.
C.
D.
priocntl
svc:/system/scheduler:default
dispadmin
projmod
Correct Answer: C
Section: (none)
Explanation
Explanation:
Set the default scheduler for the system to be the FSS.
# dispadmin -d FSS
QUESTION 108
You administer a system with three nonglobal zones. All three-zones (z1, z2, and z3) use a common resource pool. The pool is a fixed, two-CPU
configuration. The default scheduler is FSS.
Zones z1 and z2 run applications that, over time, consume all available CPU resources. You have allotted 20 shares each to these zones. Zone z3 runs
a mission-critical application, so you allotted it 60 shares.
Because of application maintenance, zone z3 is currently using about 10% of the CPU resources in the shared pool. Which option describes the
demand when available CPU resources are consumed by zones z1 and z2?
A. Zones z1 and z2 will consume CPU resources until each zone consumes approximately 20% of the CPU resources, and only then they will be
constrained.
B. Zones z1 and z2 will consume CPU resources until each zone consumes approximately 60% of the CPU resources, and only then they will be
constrained.
C. Zones z1 and z2 will consume CPU resources until each zone consumes approximately 90% of the CPU resources, and only then they will be
constrained.
D. Zones z1 and z2 will consume CPU resources until each zone consumes all the resources that they require, up to 100%.
Correct Answer: C
Section: (none)
Explanation
QUESTION 109
A recursive snapshot was taken of the root pool and the snapshot streams are stored on a remote system. The boot disk has failed, has been replaced,
and the root pool snapshots have been restored. Which two steps are still required to make the system bootable?
A.
B.
C.
D.
E.
Re-create the swap and dump devices.

Install the boot blocks on the new disk.
Restore the snapshot stream.
Set the bootfs property on the root pool.
Perform a ZFS rollback to restore the file systems in the root pool.
Correct Answer: BD
Section: (none)
Explanation
Explanation:
See steps 7 and 8 below.
How to Re-create a ZFS Root Pool and Restore Root Pool Snapshots
1. Boot from an installation DVD or the network.
2. Mount the remote snapshot file system if you have sent the root pool snapshots as a file to the remote system.
3. If the root pool disk is replaced and does not contain a disk label that is usable by ZFS, you must relabel the disk.
4. Re-create the root pool.
5. Restore the root pool snapshots.
6. Verify that the root pool datasets are restored.
7. Set the bootfs property on the root pool BE.
8. Install the boot blocks on the new disk.
9. Reboot the system.
QUESTION 110
Review the following output from the zpool status command:
Which three are true for pool1?

A.
B.
C.
D.
E.
F.
It this mirror is split, the new pool will contain disks c3t5d0 and c3t6d0.
If this mirror is split, by default the new pool will contain disks c3t3d0 and c3t5d0.
Data is striped across mirror-0 and mirror-1.
mirror-1 is a mirrored copy of data that is stored on mirror-0.
Disk c3t3d0 is a mirrored copy of disk c3t4d0.
If this mirror is split, pool1 will no longer be mirrored.
Correct Answer: BCE

Section: (none)
Explanation
Explanation:
* Simulation:
* Creating a New Pool By Splitting a Mirrored ZFS Storage Pool A mirrored ZFS storage pool can be quickly cloned as a backup pool by using the zpool
split command.
Currently, this feature cannot be used to split a mirrored root pool. You can use the zpool split command to detach disks from a mirrored ZFS storage
pool to create a new pool with one of the detached disks. The new pool will have identical contents to the original mirrored ZFS storage pool.
By default, a zpool split operation on a mirrored pool detaches the last disk for the newly created pool. After the split operation, import the new pool. For
example::
# zpool status tank
pool: tank
state: ONLINE
scrub: none requested

config:
NAME STATE READ WRITE CKSUM
tank ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
c1t0d0 ONLINE 0 0 0
c1t2d0 ONLINE 0 0 0
errors: No known data errors
# zpool split tank tank2
# zpool import tank2
# zpool status tank tank2
pool: tank
state: ONLINE
config:
tank ONLINE 0 0 0
c1t0d0 ONLINE 0 0 0
pool: tank2
state: ONLINE
config:
tank2 ONLINE 0 0 0
c1t2d0 ONLINE 0 0 0
QUESTION 111
The zfs holds command displays the following information:
Which two statements are true?
A.
B.
C.
D.
E.
F.
Use zfs destroy d pool12/data@nov to destroy the snapshot immediately.

Attempts to destroy the snapshot using zfs destroy pool12/data@nov will fail.
Attempts to destroy the pool12/data@nov snapshot will not destroy the snapshot immediately.
The zfs directory R pool12/data command will destroy the file system immediately.
The defer_destroy property is set to on for the pool12/data@nov data set.
The userrefs property is set to 1 (or higher) for the pool12/data@nov data set.
Correct Answer: BE
Section: (none)
Explanation
Explanation:
* Use the zfs holds command to display a list of held snapshots.
* Holding a snapshot prevents it from being destroyed (B). In addition, this feature allows a snapshot with clones to be deleted pending the removal of
the last clone by using the zfs destroy -d command. Each snapshot has an associated user-reference count, which is initialized to zero. This count
increases by one whenever a hold is put on a snapshot and decreases by one whenever a hold is released.
Note:
* Example:
# zfs holds tank/home@now
NAME TAG TIMESTAMP
tank/home@now keep Thu Jul 15 11:25:39 2010
* You can use the zfs release command to release a hold on a snapshot or set of snapshots. If the snapshot is released, the snapshot can be destroyed
by using the zfs destroy command.
* Two new properties identify snapshot hold information:
The defer_destroy property is on if the snapshot has been marked for deferred destruction by using the zfs destroy -d command. Otherwise, the
property is off.
The userrefs property is set to the number of holds on this snapshot, also referred to as the user- reference count.
QUESTION 112
Consider the following ZFS configuration:
You have created snapshots of the home directories which are as follows:
You have another storage pool named bpool on the same system. You use the following command to store the snapshots in this pool:
# zfs send rpool/export/home@11.28.12 | zfs recv -F bpool@11.28.12
What will be created in the pool bpool as a result of this operation?
bpool@12.25.11
A.
B.
C.
D.
E.
F.
bpool/export/home/ bpool/export/home/curly
bpool/export/home/ bpool/export/home/curly bpool/export/home@12.25.11
bpool/export/home/ bpool/export/home/curly bpool@12.25.11
bpool/curly bpool/curly@12.25.11
bpool/curly
bpool/curly
Correct Answer: E
Section: (none)
Explanation
QUESTION 113
What is the effect of configuring privileges via the zonecfg utility?
A.
B.
C.
D.
E.
It forces every /one process to run with the same privileges.

It restricts zone processes to the inherited set of zsched's privileges.
It restricts zone processes to the inherited set of zoneadmd's privileges.
It removes some privileges that are normally available in the zone.
It can add some new privileges to or exclude some default privileges from the zone.
Correct Answer: AE
Section: (none)
Explanation
Explanation:
Adding privileges must be performed the global zone administrator by using zonecfg(1M). While adding this functionality, we also added the ability to
remove privileges from a zone's limit set.
QUESTION 114
You decide to create a new rights profile to include a selection of Solaris authorizations and commands. The commands in your selection will require
extra privileges. Which two files will you modify to add these privileges and authorizations?
A.
B.
C.
D.
E.
F.
/etc/user_attr
/etc/security/auth_attr
/etc/security/prof_attr
/etc/security/exec_attr
/etc/security/prof_attr.d/core-os
/etc/security/auth_attr.d/core-os
Correct Answer: AC
Section: (none)
Explanation
Explanation:
Rights profiles The user_attr, prof_attr, and exec_attr databases are now read-only. These local files databases are assembled from fragments that are
located in /etc/user_attr.d, /etc/security/prof_attr.d, and /etc/security/exec_attr.d.
The fragment files are not merged into a single version of the file, but left as fragments. This change enables packages to deliver complete or partial
RBAC profiles. Entries that are added to the local files repository with the useradd and profiles commands are added to the local-entries file in the
fragment directory.
QUESTION 115
You have assigned rights profiles directly to the uses frank and now you want to add another profile. Which command enables you to list profiles directly
assigned to frank?
A.
B.
C.
D.
userattr profiles frank

profiles p frank
useratter p frank
profiles frank
Correct Answer: B
Section: (none)
Explanation
Explanation:
Example: Displaying Information About the System Administrator Rights Profile
Use the profiles command to display information about a specific rights profile. In the following example, information about the System Administrator
rights profile is displayed:
$ profiles -p "System Administrator" info
name=System Administrator
desc=Can perform most non-security administrative tasks profiles=Install Service Management,Audit Review,Extended Accounting Flow Etc.
QUESTION 116
Within the file /etc/security/exec_attr.d/core-os, the following line is found:
Network
Management:solaris:cmd:RO::/usr/sbin/dladm:euid=dladm;egid=netadm;\privs=sys_dl_config,net_raw access,proc_audit
To assume which of the following can a user using the su command execute dladm with full privileges?
A.
B.
C.
D.
E.
the net_rawacess role

the sys_dl_config profile
the Network Management role
a role that includes the sys_dl_config profile
a role that includes the Network Management profile
Correct Answer: C
Section: (none)
Explanation
Explanation:
Note:
* (not A, not B, not D) The privs key contains a comma-separated list of privilege numbers that will be effective when the command or action is run.
* euid and uid contain a single user name or a numeric user ID. Commands designated with euid run with the effective UID indicated, which is similar to
setting the setuid bit on an executable file. Commands designated with uid run with both the real and effective UIDs. Setting uid may be more
appropriate than setting the euid on privileged shell scripts.
* egid and gid contain a single group name or a numeric group ID. Commands designated with egid run with the effective GID indicated, which is similar
to setting the setgid bit on a file. Commands designated with gid run with both the real and effective GIDs. Setting gid may be more appropriate than
setting guid on privileged shell scripts.
* /etc/security/exec_attr is a local database that specifies the execution attributes associated with profiles.
/etc/security/exec_attr
Locally added entries. Make sure that the shipped header remains intact.
/etc/security/exec_attr.d/*
Entries added by package installation.
QUESTION 117
You must configure your server to use IPMP with probe based failure detection enabled. Which statement is a valid constraint or feature that applies to
this requirement?
A.
B.
C.
D.
Link-based detection is supported only on Generic Lan Driver version 2 (GLDv2)-complaint NICs.
GLDv2 NICs are not supported in Oracle Solaris 11.
GLDv3 NICs configured for link based detection by default.
You must first disable link based detection before configuring probe-based failure detection.
Correct Answer: C
Section: (none)
Explanation
Explanation:
Network drivers that support link-based failure detection monitor the interface's link state and notify the networking subsystem when that link state
changes.
Incorrect:
Not B: GLDv2 is a multi-threaded, clonable, loadable kernel module that provides support to device drivers for local area networks. Local area network
(LAN) device drivers in the Solaris OS are STREAMS-based drivers that use the Data Link Provider Interface (DLPI) to communicate with network
protocol stacks.
Not D: Link-based failure detection is always enabled, provided that the interface supports this type of failure detection.
You cannot disable link-based failure detection if this method is supported by the NIC driver.
Note:
* To write a network driver for the Oracle Solaris OS, use the Solaris Generic LAN Driver (GLD) framework.
/ For new Ethernet drivers, use the GLDv3 framework.
/ To maintain older Ethernet, Token Ring, or FDDI drivers, use the GLDv2 framework.
* To ensure continuous availability of the network to send or receive traffic, IPMP performs failure detection on the IPMP group's underlying IP
interfaces. Failed interfaces remain unusable until they are repaired. Remaining active interfaces continue to function while any existing standby
interfaces are deployed as needed.
The in.mpathd daemon handles the following types of failure detection:
/ Probe-based failure detection, of two types:
No test addresses are configured (transitive probing).
Test addresses are configured.
/ Link-based failure detection, if supported by the NIC driver
QUESTION 118
Your organization uses NFS to share data from Oracle Solaris servers to Oracle Solaris clients. For the nfsmapid daemon to work properly the client
and server must be on the same domain. Select the location that has the highest precedence when the nfsmapid daemon searches for a domain name.
A.
B.
C.
D.
the nfsmapid_domain parameter in the mapid SMF service.

the nfsmapid_domain parameter in the /etc/default/nfs file
the domain name in the /etc/default/domainname file, if it exists.
a_nfsv4idmapdomain TXT record found by the configured domain name servers
Correct Answer: A
Section: (none)
Explanation
Explanation:
See 1 below.
Precedence Rules
For nfsmapid to work properly, NFS version 4 clients and servers must have the same domain. To ensure matching NFS version 4 domains, nfsmapid
follows these strict precedence rules:
1. The daemon first checks the SMF repository for a value that has been assigned to the nfsmapid_domain parameter. If a value is found, the assigned
value takes precedence over any other settings. The assigned value is appended to the outbound attribute strings and is compared against inbound
attribute strings.
2. If no value has been assigned to nfsmapid_domain, then the daemon checks for a domain name from a DNS TXT RR. nfsmapid relies on directives
in the /etc/resolv.conf file that are used by the set of routines in the resolver. The resolver searches through the configured DNS servers for the
_nfsv4idmapdomain TXT RR.
3. If no DNS TXT record is configured to provide a domain name, then the nfsmapid daemon uses the value specified by the domain or search directive
in the /etc/resolv.conf file, with the directive specified last taking precedence.
4. If the /etc/resolv.conf file does not exist, nfsmapid obtains the NFS version 4 domain name by following the behavior of the domainname command.
Specifically, if the /etc/defaultdomain file exists, nfsmapid uses the contents of that file for the NFS version 4 domain. If the /etc/defaultdomain file does
not exist, nfsmapid uses the domain name that is provided by the network's configured naming service.
QUESTION 119
Link aggregation and IP multipathing both offer some benefits for network performance and reliability.
Identify two correct statements.
A.
B.
C.
D.
E.
IPMP requires full duplex, point-to-point links.

A router is a single point of failure for link aggregation.
Link aggregation allows a standby interface to be automatically enabled if another interface fails.
Depending on load balancing algorithms, packets may not be balanced among all IPMP active interfaces.
Link aggregation uses additional interfaces to improve performance, without requiring additional IP address.
Correct Answer: CE
Section: (none)
Explanation
Explanation:
C: If LACP (Link Aggregation Control Protocol) cannot aggregate all the ports that are compatible (for example, the remote system might have more
restrictive hardware limitations), then all the ports that cannot be actively included in the channel are put in hot standby state and are used only if one of
the channeled ports fails.
E: Link aggregations provide high availability and higher throughput by aggregating multiple interfaces at the MAC layer. IP Multipathing (IPMP) provides
features such as higher availability at the IP layer. Both IPMP and Link Aggregation are based on the grouping of network interfaces, and some of their
features overlap, such as higher availability. These technologies are however implemented at different layers of the stack, and have different strengths
and weaknesses.
Incorrect:
Not A: MP is built into Oracle Solaris and does not require any special hardware. Any interface that is supported by Oracle Solaris can be used with
IPMP. However, IPMP does impose the following requirements on your network configuration and topology:
/All interfaces in an IPMP group must have unique MAC addresses. / All interfaces in an IPMP group must be of the same media type. / All interfaces in
an IPMP group must be on the same IP link
Not B: A switch, not a router, would be a single point of failure of link aggregation (as it works on the Mac layer and not on the IP layer.
not D: Internet Protocol Network Multipathing (IPMP) provides fault-tolerance and load balancing across multiple network interface cards. By using
IPMP, you can configure one or more interfaces into an IP multipathing group. After configuring IPMP, the system automatically monitors the interfaces
in the IPMP group for failure. If an interface in the group fails or is removed for maintenance, IPMP automatically migrates, or fails over, the failed
interface's IP addresses
QUESTION 120
You are considering using IPMP and Link Aggregation. Which two statements are true about these technologies?
A.
B.
C.
D.
E.
IPMP requires all interfaces to support the same bit rate.

Both technologies can increase outbound bandwidth.
Link Aggregation does not offer link failure protection.
Link Aggregation requires all interfaces to support the same bit rate.
IPMP supports load spreading across all interfaces for inbound traffic
Correct Answer: BE
Section: (none)
Explanation
Explanation:
B: Link aggregations provide high availability and higher throughput by aggregating multiple interfaces at the MAC layer. IP Multipathing (IPMP) provides
features such as higher availability at the IP layer. Both IPMP and Link Aggregation are based on the grouping of network interfaces, and some of their
features overlap, such as higher availability. These technologies are however implemented at different layers of the stack, and have different strengths
and weaknesses.
E: Internet Protocol Network Multipathing (IPMP) provides fault-tolerance and load balancing across multiple network interface cards. By using IPMP,
you can configure one or more interfaces into an IP multipathing group. After configuring IPMP, the system automatically monitors the interfaces in the
IPMP group for failure. If an interface in the group fails or is removed for maintenance, IPMP automatically migrates, or fails over, the failed interface's
IP addresses
Incorrect:
Not A: The same (non-null) character string IPMP group name identifies all interfaces in the group. You can place interfaces from NICs of different
speeds within the same IPMP group, as long as the NICs are of the same type.
Not C:If LACP (Link Aggregation Control Protocol) cannot aggregate all the ports that are compatible (for example, the remote system might have more
restrictive hardware limitations), then all the ports that cannot be actively included in the channel are put in hot standby state and are used only if one of
the channeled ports fails.
Not D: MP is built into Oracle Solaris and does not require any special hardware. Any interface that is supported by Oracle Solaris can be used with
IPMP. However, IPMP does impose the following requirements on your network configuration and topology:
/All interfaces in an IPMP group must have unique MAC addresses. / All interfaces in an IPMP group must be of the same media type. / All interfaces in
an IPMP group must be on the same IP link
QUESTION 121
Which vmstat field output indicates the effort the system is making to find memory for future processes?
A. re
B. sr
C. free
D. fr
Correct Answer: A
Section: (none)
Explanation
Explanation:
re
page reclaims.
The information is given in units per second.
Note:
* vmstat reports virtual memory statistics regarding kernel thread, virtual memory, disk, trap, and CPU activity.
Incorrect:
Not B: sr, pages scanned by clock algorithm
Not C: free
size of the free list (Kbytes)
Not D: fr
kilobytes freed
QUESTION 122
Examine the output of the following commands:
Which statement is true concerning these resource controls settings?
A.
B.
C.
D.
The zone.max-lwps resource control was set to its value when the zone.max-processes resource control was set to its value.
The prctl command can be used to change the max value for these resource controls.
The zone.max-processes resource control will deny zombie processes from exhausting the resource table.
The zone.max-lwps resource control will deny zombie processes from exhausting the process table.
Correct Answer: C
Section: (none)
Explanation
Explanation:
* zone.max-processes
Maximum number of process table slots
simultaneously available to this zone.
Because both normal processes and
zombie processes take up process table
slots, the max-processes control thus
protects against zombies exhausting the
process table. Because zombie processes
do not have any LWPs by definition, the
max-lwps control cannot protect against
this possibility
Note:
* prctl - operations on a process
Use the prctl command to make runtime interrogations of and modifications to the resource controls associated with an active process, task, or project
on the system.
QUESTION 123
You and an associate named Frank administer a Solaris server. Frank will be responsible for monitoring system resource usage, so you set up a project
entry for his account. Consider the following commands and output:
Which is Frank's default project?

A.
B.
C.
D.
default
clockfix
user.frank
group.staff
Correct Answer: A
Section: (none)
Explanation
QUESTION 124
What can you retrieve using a vmstat command?
A.
B.
C.
D.
the number of kernel threads active on the system

the amount of physical memory available on the system
the rate of system calls made on the system
the amount of time spent on paging activity
Correct Answer: A
Section: (none)
Explanation
Explanation:
vmstat reports virtual memory statistics regarding kernel thread, virtual memory, disk, trap, and CPU activity.
QUESTION 125
Your task is to configure storage for an Oracle Solaris 11 system to support multiple web servers. Each web server will be contained in a separate zone.
The system has an attached disk array configured as a JBOD (Just a Bunch Of Disks). The system also has an internal solid-state drive.
The data accessed through the websites will be primarily read-only. The web servers are expected to be very busy, so configure the storage for
maximum performance. Because the data is primarily static, but redundancy is required to maintain high availability in the event of a hardware failure.
Data does not change often, but it is expected that the same data will be accessed many times throughout the day. Which configuration option best
meets the data storage requirements?
A.
B.
C.
D.
E.
a raid2 storage pool with a separate log device

a mirrored storage pool with a separate cache device
a mirrored storage pool with a separate log device
a three disk striped storage pool with a separate cache device
a raidz1 storage pool with a separate log and cache device
Correct Answer: B
Section: (none)
Explanation
Explanation:
Required to maintain high availability --> use a mirror.
The same data will be accessed many times throughout the day. Configure the storage for maximum performance. Use caching.
QUESTION 126
The zpool configuration on serverA is:
pool 1
c3t2d0
c3t3d0
pool 2
c3t4d0
c3t5d0
The zpool configuration on servetB is:
pool1
mirror-0
c3t2d0
c3t3d0
mirror-1
c3t4d0
c3t5d0
Which option will modify the configuration on serverA to match serverB?
A.
B.
C.
D.
E.
F.
zpool destroy pool2zpool attach pool1 c3t4d0 c3t5d0

zpool destroy pool2zpool attach pool1 c3t2d0 c3t2d0 c3t4d0 c3t5d0
zpool destroy pool2zpool add pool1 c3t4d0 c3t5d0
zpool destroy pool2zpool mirror pool1 pool2
zpool destroy pool2zpool attach pool1 c3t2d0 attach pool1 c3t3d0zpool attach pool1 c3t4d0 attach pool1 c3t5d0
zpool destroy pool1; zpool destroy pool2; zpool create pool1 mirror c3t2d0 c3t3d0 mirror c4t4d0 c3t5d0
Correct Answer: F
Section: (none)
Explanation
Explanation:
Example;root@solaris:~# zpool create pool1 mirror c8t0d0 c8t1d0 mirror c8t3d0 c8t4d0 root@solaris:~# zpool status
pool: pool1
state: ONLINE
scan: none requested
config:
pool1 ONLINE 0 0 0
c8t0d0 ONLINE 0 0 0
c8t1d0 ONLINE 0 0 0
c8t3d0 ONLINE 0 0 0
QUESTION 127
Which is the result of the following command?
# zfs send i dpool/sales/qrreports@qtrreport dpool/sales/qrreports@mth3qtrreport
A. An error message will be sent to standard error.
B. The dpool/sales/qrreports@qtrreport snapshot is saved to disk.
C. The dpool/sales/qrreports@mth3qtrreport snapshot is saved to disk
D. The difference between the First snapshot and the second snapshot will be written to disk
Correct Answer: A
Section: (none)
Explanation
Explanation:
root@solaris:~# zfs snapshot pool1/sales/qrreports@qrreportroot@solaris:~# zfs list -t snapshot -r pool1/sales/qrreportsNAME USED AVAIL REFER
MOUNTPOINTpool1/sales/qrreports@qrreport 0
- 31K -root@solaris:~# zfs send -i pool1/sales/qrreports@qrreport pool1/sales/qrreports@mth2qtrreportError: Stream can not be written to a
terminal.You must redirect standard output.
QUESTION 128
Your server has a package repository that local clients access remotely. Which option manages HTTP access to the repository?
A.
B.
C.
D.
pkg set-property
pkg.depotd
pkg.repotd
pkgrepo
Correct Answer: B
Section: (none)
Explanation
Explanation:
* pkg.depotd is the depot server for the image packaging system. It provides network access to the data contained within a package repository. Clients
that do not support direct access to a repository through the file system, or for which network access is the only available or preferred method of
transport, typically use the package depot.
* Example:
Configure pkg.depotd to provide remote access. pkg.depotd provides an HTTP interface to a pkg repo. Here we are going to make the repo server
QUESTION 129
How many Network Configuration Units (NCUs) are required to configure a working Network Configuration Profile (NCP)?
A.
B.
C.
D.
0
1
2
3
Correct Answer: C
Section: (none)
Explanation
Explanation:
NCPs define a set of data links and IP interfaces as Network Configuration Units (NCUs).
Example:
root@solaris:~# netadm list
TYPE PROFILE STATE
ncp acme.corp.ncp online
ncu:phys net0 online
ncu:ip net0 online
ncp Automatic disabled
loc acme.corp.loc online
loc Automatic offline
loc NoNet offline
loc User disableda
QUESTION 130
You are configuring a system on your network that was installed using LiveCD. You configured applied a static IP address to the system. You now need
to configure a default router. Assume that name services are file based and the router's IP address is 172.31.10.1. Which two methods should you use
to configure a default route on this Oracle Solaris 11 system?
A.
B.
C.
D.
E.
svccfg s network/physical setprop config/defroute=172.31.10.1;svcadm refresh network/physical; svcadm restart network/physical

svccfg s routing/route setprop config/defroute=172.31.10.1;svcadm refresh routing/route; svcadm restart routing/route
Add the IP address to the /etc/defaultrouter file and run route add default 172.31.10.1.
netadm modify p ncp DefaultFixed set-prop p defroute=172.31.10.1
ipadm set-prop p defaultrouter=172.31.10.1
Correct Answer: C
Section: (none)
Explanation
Explanation:
* AI Server Software Requirements include:
Default router
Ensure that your AI server has a default route set by using the netstat command to show network status. If your AI server does not have a default route
set, you can set a static default route by populating the /etc/defaultrouter file with the IP address of a static default route for your server's network.
* For any currently active NCP (fixed or reactive), use the route command with the -p option to persistently add a route:
# route -p add default ip-address
Because this command applies the specified route to the currently active NCP, the default route is removed and potentially replaced, if the active NCP
changes.
Incorrect:
Not A, Not B: The svccfg command manipulates data in the service configuration repository. svccfg can be invoked interactively, with an individual
subcommand, or by specifying a command file that contains a series of subcommands.
QUESTION 131
Select the two requirements of all interfaces in an IP network multipathing group (IPMP).
A.
B.
C.
D.
E.
be statically configured
have test IP addresses configured
have data IP addresses configured
be connected to the same IP subnet
have the same set of STREAMS modules
Correct Answer: DE
Section: (none)
Explanation
Explanation:
All interfaces in the same group must have the same STREAMS modules configured in the same order.
QUESTION 132
You need to configure three zones.
Identify the correct requirement.
A. zone1 will need a VNIC to connect to a physical Ethernet link.
B. zone1 will need at least two VNICs.
C. zone2 and zone3 will need a dedicated etherstub.

D. One etherstub will be necessary.
E. A flow is needed to filter HTTP requests to zone1.
Correct Answer: C
Section: (none)
Explanation
Explanation:
Note:
* In Oracle Solaris 11, etherstubs and VNICs are the basic components of network virtualization.
* The VNIC connects the virtual network to the external network. The VNIC also enables the zones to communicate with one another through the virtual
switch that is automatically created with the VNIC. For a virtual network to host traffic internally between zones and with the external LAN and the
Internet, each zone must have its own interface. Therefore, you must repeat this procedure as many times as the number of zones that will belong to
the virtual network.
* Create the etherstub.
# dladm create-etherstub etherstub
Perform this step only if you are creating a private virtual network which you want to restrict from being accessed by external systems.
QUESTION 133
Your company requires all nonglobal zones to have a limit on the number of processes. The policy is designed to prevent runaway processes from
impacting the global zone and other nonglobal zones. To set a limit on processes, you set the following controls:
rctl:
name: zone.max-processes
value: (priv=privileged,limit=1000,action=none)
rctl:
name: zone.max-lwps
value: (priv=privileged,limit=5000,action=deny)
You must now enable system logging for the zone.max-processes resource control to record when the limit is exceeded. Which command enables
system logging for a resource control?
A.
B.
C.
D.
priocntl
zonecfg
rctladm
prctl
Correct Answer: C
Section: (none)
Explanation
Explanation:
Global Actions on Resource Control Values
Global actions apply to resource control values for every resource control on the system. You can use the rctladm command to perform the following
actions:
* Display the global state of active system resource controls
* Set global logging actions
QUESTION 134
You want to prioritize the video streaming traffic over the HTTP server traffic. Which attribute can be used to identify the streaming video flow?
A.
B.
C.
D.
the NIC Transmit and Receive Ring

the Differentiated Service Field
the Application Port Number
IP address and TCP port
Correct Answer: B
Section: (none)
Explanation
Explanation:
* DiffServ uses the 6-bit Differentiated services Field (DS field) in the IP header for packet classification purposes.
* In the Diffserv model, the marker marks a packet with a value that reflects a forwarding behavior. Marking is the process of placing a value in the
packet's header to indicate how to forward the packet to the network. IPQoS contains two marker modules:
/ dscpmk Marks the DS field in an IP packet header with a numeric value that is called the Differentiated Services codepoint, or DSCP. A Diffservaware router can then use the DS codepoint to apply the appropriate forwarding behavior to the packet.
/ dlcosmk Marks the virtual local area network (VLAN) tag of an Ethernet frame header with a numeric value that is called the user priority. The user
priority indicates the class of service (CoS), which defines the appropriate forwarding behavior to be applied to the datagram.
Note:
* Differentiated services or DiffServ is a computer networking architecture that specifies a simple, scalable and coarse-grained mechanism for
classifying and managing network traffic and providing quality of service (QoS) on modern IP networks. DiffServ can, for example, be used to provide
low- latency to critical network traffic such as voice or streaming media while providing simple best-effort service to non-critical services such as web
traffic or file transfers.

* IPQoS, included in Solaris, includes the following modules, which are part of the Differentiated Services (Diffserv) architecture that is defined in RFC
2475:
Classifier
Meter
Marker
IPQoS adds the following enhancements to the Diffserv model:
Flow-accounting module
802.1D datagram marker
QUESTION 135
Which option provides limits for physical, swap, and locked memory?
A.
B.
C.
D.
rcap.max-rss
zone.max-locked-memory
capped-memory
zone.max-memory
Correct Answer: C
Section: (none)
Explanation
Explanation:
The capped-memory resource sets limits for physical, swap, and locked memory. Each limit is optional, but at least one must be set.
QUESTION 136
Partial output of the command zonecfg into displayed as follows:
rctl:
name: zone.cpu-shares
value: (priv=privileged,limit=20,action=none)
Upon booting the zone, you receive this warning:
WARNING: The zone.cpu-shares rctl is set but FSS is not the default scheduling class for this zone. FSS will be used for processes in the zone but to
get the full benefit of FSS, it should be the default scheduling class.
Which action resolves the issue?
A. In the global zone, run the command dispadmin d FSS.
B. In the nonglobal zone, run the command dispadmin d FSS.

C. Change the zone resource control value to (priv=privileged,limit=20,action=none,default)
D. Modify the general/scheduler property in the svc:/system/zones:default service.
Correct Answer: A
Section: (none)
Explanation
Explanation:
The default scheduler for Solaris uses time sharing to divide CPU time between running tasks. The fair share scheduler (FSS) uses "shares" to give
weighted prioritization to running processes based on the assigned CPU shares. You've assigned cpu-shares to the zone, but you aren't using the fair
share scheduler.
To enable the fair share scheduler as default on the system:
# dispadmin -d FSS
QUESTION 137
Which option describes how to revert a service back to a previous version?
A.
B.
C.
D.
Issue the svccfg delcust command.

Issue the revetsnap command.
Issue the restore_repository command.
Issue the svccfg revert command.
Correct Answer: D
Section: (none)
Explanation
Explanation:
svccfg
subcommand: revert [snapshot]
Reverts the administrative customizations of the currently selected instance and its service to those recorded in the named snapshot. If no argument is
given, use the currently selected snapshot and deselect it on success.
Incorrect:
Not A: Rollback to as-delivered system: svccfg delcust svccfg
subcommand: delcust [-M] [pattern]
Delete any administrative customizations for the current selection. If an argument is supplied, it is taken as a glob pattern and only property groups and
properties with names that match the argument are deleted.
Not B: There is no command revetsnap
Not C: Run the command /lib/svc/bin/restore_repository, and follow its instructions to restore one of the automatic backup copies of the repository. Upon
successful completion, the system or local zone will be rebooted, and the restored repository will take effect.
Not D:
QUESTION 138
The network/ssh service is offline and you suspect that one of its configuration files may be missing.
Which option will identify the missing file?
A.
B.
C.
D.
E.
F.
svcs l
svcs d
svcs D
svcs x
svcadm clear
viewing the network/ssh log file
Correct Answer: D
Section: (none)
Explanation
Explanation:
svcs -x: Explains why a service is not available.
Incorrect:
not A: svcs -l FMRI: Provides a long listing of information about FMRI; includes dependency information
not B, not C: svcs -d FMRI: Lists dependencies for FMRI.
not e: svcadm clear FMRI: Clear faults for FMRI.
QUESTION 139
At which two stages are backups of the service configuration repository made?
A.
B.
C.
D.
E.
F.
G.
during boot, after the early-manifest-import service finishes

during boot, before the manifest-import service starts
during manifest import, before the manifest-import service finishes
during manifest import, after the manifest-import service finishes
when a service is modified using the svccfg command
after the last successful boot
when the svcadm refresh command is executed
Correct Answer: BD
Section: (none)
Explanation
Explanation:
http://illumos.org/msg/SMF-8000-MY
QUESTION 140
You need to make a permanent modification to a machine's naming service. You need to change naming service from files to LDAP. Which two
alternative methods would accomplish this task?
A.
B.
C.
D.
E.
Modify the existing /etc/nsswitch.conf file and execute:# nscfg import -f name-service/switch
Modify the existing /etc/nsswitch-conf file and execute:# netcfg import name-service/switch# svcadm refresh name-service/switch
Modify the existing /etc/nsswitch.conf file and execute:# svcadm restart milestone/self-assembly
Use the netcfg command to modify the location profile for the DefaultFixad network configuration profile.
Use the svccfg command to set config/* properties in the name-service/switch service:# svcadm refresh name-service/switch# svcadm restart
name-service/switch
Correct Answer: AD
Section: (none)
Explanation
Explanation:
A:
* nscfg
- import, export name service configurations
* subcommand import
import [-fvq] FMRI
If none of the SMF repository properties for the specified FMRI are currently populated, import the legacy configuration files associated with the
specified FMRI into the SMF repository.
* Example: Importing DNS Client Configuration
The following command imports the DNS client configuration, stored in resolv.conf, into the SMF repository.
# nscfg import svc:/network/dns/client:default
* svcadm manipulate service instances
D: netcfg
- create and modify network configuration profiles
The netcfg utility manipulates system network configuration profiles. netcfg can be invoked interactively, with an individual subcommand, or by
specifying a command file that contains a series of subcommands.
/ netcfg location properties include:
/ nameservices: enum value list: files | dns | nis | ldap Specifies the name services that should be configured, such as DNS, NIS, and LDAP.
Incorrect:
Not B: netcfg has no subcommand import.
Note:
* Each workstation has a nsswitch.conf file in its /etc directory. Each line of that file identifies a particular type of network information, such as host,
password, and group, followed by one or more sources, such as NIS+ tables, NIS maps, the DNS hosts table, or local /etc, where the client is to look for
that information.
* The Solaris platform provides the following naming services.
/ DNS, the Domain Name System
/ /etc files, the original UNIX naming system
/ NIS, the Network Information Service
/ NIS+, the Network Information Service Plus
/ LDAP, the Lightweight Directory Access Protocol

Solaris 11 Advanced System Administrator

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Solaris 11 Advanced System Administrator

Încărcat de

Drepturi de autor:

Formate disponibile

Certkiller.1z0-822.140.

Which command creates the desired file system?

zfs create o mountpoint=/data,compression=on,algorithm=lzjb,deduplication=on,quota=2g /pool1/data

Now you remove a file from the cloned file system:

D. zfs create o dedupratio=2 pool1/data

manifest-valid and ba-init

It is a text file in a zonecfg configuration format.

when the manifest is checked during client preinstall

installadm create-profile n s11-sparc f /term/zone1manifest.xml c zonename="zone1"

* distro_const Command Options

Yes, by using the existing Solaris 10 Jumpstart server.

the task ID for the project canada

A task is a resource container for one process.

D: How to Create a New Task

A copy of a core file will appear in /var/core.

You examine the /var/adm/messages file:

Which four configuration elements are managed by the dumpadm utility?

the location of the dump device

Correct Answer: ABDE

The minfree value can be to protect a percentage of available disk space.

Reboot the system.

Correct Answer: ACDE

an XML file that describes current services and the instances

dependency require_all/none svc:/milestone/multi-user-server (online) dependency optional_all/none svc:/system/pools:default (disabled) dependency

Enable the service

Modify the LIMITPRIV variable in the /etc/usr/user_attr file.

* Example: Modifying Every User's Basic Privilege Set

Verify that netadm includes the Network Management profile.

The user will not acquire profiles allowed in /etc/secutity/policy.conf

It is the privilege set that nonroot users may inherit.

authorizations::help=AuthDelegate.html solaris.auth.manage:RO::Manage authorizations::help=AuthManage.html

Modify the privileges in the service configuration.

One network hosts a web server.

the system activity reporter (SAR)

rctladm z testzone zone.capped-memory=100M

Consider the following commands and output on the local server:

Also, consider the following route table entry on a remote system:

ipadm set-ifprop p forwarding=on net0

Disable IP Filter and IPsec.

192.168.3.80 zone1 #using vnic1

dladm create-etherswitch stub0

If you are assigning a static IP address, use the following syntax:

A zonepath must be set.

Automatic network interface.

pkill -HUP pkg.depotd

A full backup of your OS image is provided.

Correct Answer: ACD

It originates from oracle.com.

Which statement summarizes this sequence of commands?

Remote client access is governed by svc:/application/pkg/server.

Which three statements describe the current state of the system?

Correct Answer: BCF

A signature takes the form of an action statement in a manifest.

It updates all Solaris publishers and deletes the server1.domain.com origin.

pkgrecv s http://pkg.oracle.com/solaris/release d /export/sllReleaseRepo gzip

What is true concerning this publisher's Signature Policy?

This is the default value.

It requires HTTP to connect to a remote repository.

makes the specified publisher sticky

the domain name of the local system

a file interface repository

pkgrepo create /export/sllReleaseRepopkgrecv s /remoteRepo d /export/sllReleaseRepo

You are instructed to install the top utility.

pkg property pkg-install=backup-bepkg install top