Category: 310-301

Exam 310-301: Sun Certified Security Administrator

How is it possible that you still experience remote exploits your adversaries are using to obtain interactive sessions inside your firewall?

You maintain an extremely protective policy when configuring your firewall rules. Your security policy denies all inbound connection requests to your corporate network.

How is it possible that you still experience remote exploits your adversaries are using to obtain interactive sessions inside your firewall?

What do you minimally need to do to get the pre-selection mask in effect for your test?

You administer a system which has BSM enabled. You just added an extra audit-class to the flag: entry in /etc/security/audit_control, and you executed audit -s. Now you want to validate that this extra class is audited correctly, so you execute a command that should generate an audit record. Unfortunately, nothing appears in the audit log because the audit pre-selection mask is not yet in effect. What do you minimally need to do to get the pre-selection mask in effect for your test?

What happened?

Refer to the Exhibit.

You notice that the following line has been added to /etc/passwd:

admin:x:0:0:Administrator:/:/bin/sh

You try to determine when this file was changed. You look at the file creation date, but based on that information, the file has not been touched since the system was installed. You look at the BSM logs for this system and find the three records that are shown in the exhibit.

What happened?


Page 1 of 1712345...10...Last »