root@solaris:~# useradd johnjayroot@solaris:~# passwd johnjayNew Password:Re-enter new Password:passwd: password successfully changed for johnjayroot@solaris:~# rolemod -p "Network Administrator,All,Stop" johnjayUX: rolemod: ERROR: Users must be modified with 'usermod'.root@solaris:~#

Once basic networking has been achieved, there is something called the Location Profile that loads system-wide network configuration information. This includes:

- Condition under which it is activated

- Naming service to use

- Domain name

- IP Filter rules

- IPsec policy

Incorrect:

Not A: The Automatic NCP is a system-defined profile and cannot be modified by a user. It contains one Link NCU and one Interface NCU for each physical link on the system. For this particular profile, Physical links take precedence over Wireless links when it is time to activate an NCU. This profile changes dynamically when new links are inserted or removed from the system.

* The following directives cause audit_binfile.so to be loaded, specify the directories for writing audit logs, and specify the percentage of required free space per directory.

auditconfig -setplugin audit_binfile active \

"p_dir=/var/audit/jedgar/eggplant,/var/audit/jedgar.aux/eggplant,

/var/audit/global/eggplant;p_minfree=20;p_fsize=4.5GB"

* The attributes specifying the configuration of audit_binfile plugin include:

p_dir

dir1[,dir2],.. [,dirn]

A list of directories, where the audit files will be created. Any valid writable directory can be specified.

p_fsize

The p_fsize attribute defines the maximum size that an audit file can become before it is automatically closed and a new audit file is opened. This is equivalent to an administrator issuing an audit -ncommand when the audit file size equals the value specified by the administrator. The default size is zero (0), which allows the file to grow without bound.

audit_remote

- send Solaris audit logs to a remote server

The audit_remote plugin module for Solaris audit, /usr/lib/security/audit_remote.so, sends binary audit records (audit.log) to audit servers as they are configured with auditconfig.

The audit_remote plugin is loaded by auditd if the plugin is configured as an active via auditconfig. Use the auditconfig -setplugin option to change all the plugin related configuration parameters.

Incorrect:

not D: Audit policy determines the characteristics of the audit records for the local host. When auditing is enabled, the contents of the /etc/security/audit_startup file determine the audit policy.

The following list provides a brief description of each default checkpoint in the order the checkpoints are executed in most manifests.

transfer-ips-install – At this checkpoint, the distribution constructor contacts the IPS publishers and adds to the image the packages that are listed in the software_data element of the manifest.

set-ips-attributes – At this checkpoint, the constructor sets the publisher to be used by the installed system. The values set by this checkpoint are not relevant if you are building an automated installation image.

pre-pkg-img-mod – At this checkpoint, the constructor imports into the image the SMF service files that were specified in the configuration element of the manifest. Also, the constructor modifies some files to optimize the image.

B: Link aggregations provide high availability and higher throughput by aggregating multiple interfaces at the MAC layer. IP Multipathing (IPMP) provides features such as higher availability at the IP layer. Both IPMP and Link Aggregation are based on the grouping of network interfaces, and some of their features overlap, such as higher availability. These technologies are however implemented at different layers of the stack, and have different strengths and weaknesses.

E: Internet Protocol Network Multipathing (IPMP) provides fault-tolerance and load balancing across multiple network interface cards. By using IPMP, you can configure one or more interfaces into an IP multipathing group. After configuring IPMP, the system automatically monitors the interfaces in the IPMP group for failure. If an interface in the group fails or is removed for maintenance, IPMP automatically migrates, or fails over, the failed interface's IP addresses

Incorrect:

Not A: The same (non-null) character string IPMP group name identifies all interfaces in the group. You can place interfaces from NICs of different speeds within the same IPMP group, as long as the NICs are of the same type.

Not C:If LACP (Link Aggregation Control Protocol) cannot aggregate all the ports that are compatible (for example, the remote system might have more restrictive hardware limitations), then all the ports that cannot be actively included in the channel are put in hot standby state and are used only if one of the channeled ports fails.

Not D: MP is built into Oracle Solaris and does not require any special hardware. Any interface that is supported by Oracle Solaris can be used with IPMP. However, IPMP does impose the following requirements on your network configuration and topology:

/All interfaces in an IPMP group must have unique MAC addresses.

/ All interfaces in an IPMP group must be of the same media type.

/ All interfaces in an IPMP group must be on the same IP link

C: You can use the scheduling-class property in zonecfg to set the scheduling class for the zone.

D: When you explicitly set the cpu-shares property, the fair share scheduler (FSS) will be used as the scheduling class for that zone. However, the preferred way to use FSS in this case is to set FSS to be the system default scheduling class with the dispadmin command. That way, all zones will benefit from getting a fair share of the system CPU resources. If cpu-shares is not set for a zone, the zone will use the system default scheduling class.

E: You can set the scheduling class for a zone through the resource pools facility. If the zone is associated with a pool that has its pool.scheduler property set to a valid scheduling class, then processes running in the zone run in that scheduling class by default.