Review Questions and Answers | Solaris 9 Sun Certified System Administrator Study Guide

1.	You are the Solaris security administrator for your network. Aware of the possibility of hackers trying to use brute force to log into your network, you want to enable the logging of all failed login attempts. Which facility do you want to enable for tracking in the syslog.conf file? user kern auth sec login security
2.	You are configuring auditing for your Solaris 9 server. You want to find out information on the severity levels of entries located in your syslog.conf file. Which file can you look in to see how the severity levels are defined to the syslogd daemon? /etc/default/syslogd /etc/syslogd.conf /etc/syslog.conf sys/syslog.h
3.	You have recently configured role-based access control (RBAC) on your Solaris server. Three employees within your company have been assigned roles. You want to ensure that only these three employees have used their role accounts. What is the easiest way to check this, without seeing extraneous information? Examine the /var/adm/sulog file periodically. Examine the /var/log/syslog file periodically. Create a line in the /etc/syslog.conf file that reads su.* /var/su/log. Examine the /var/su/log file periodically. Create a line in the /etc/syslog.conf file that reads auth.* /var/su/log. Examine the /var/su/log file periodically.
4.	You are the Solaris server administrator for your company. Your custom-designed accounting database recently crashed and will not open. The syslog.conf file on the server that hosts the database is configured with all facilities. Which of the following facilities will generate messages regarding your failed accounting database? user kern daemon app alert err debug
5.	Examine the following excerpt from a syslog.conf file: .err;kern.notice;auth.notice /dev/sysmsg .err;kern.debug;daemon.notice;mail.crit /var/adm/messages .alert;kern.err;daemon.err operator .alert root .emerg mail.debug /var/spool/mqueue/logfile auth.* @server1 Based on the information provided, which of the following are possible destinations for daemon-generated messages? (Choose all that apply.) /dev/sysmsg /var/adm/messages operator root All logged-in users /var/spool/mqueue/logfile server1
6.	You are configuring logging for all computers on your Solaris 9 network. You want one of your servers to collect logged messages for all computers on the network. Which file do you edit to find the LOG_FROM_REMOTE option to set it to YES? /etc/syslog.conf /etc/default/syslogd /etc/inetd.conf /etc/default/inetd
7.	You are the primary Solaris administrator for your company. You have recently hired two new network administrators and you need to explain the severity levels of system logging. Which of the following is the correct order of severity, from most severe to least severe? emerg, crit, alert, err, warning, notice emerg, crit, err, alert, warning, notice emerg, alert, crit, err, warning, notice emerg, alert, err, crit, warning, notice
8.	Examine the following excerpt from a syslog.conf file: .err;kern.notice;auth.notice /dev/sysmsg .err;kern.debug;daemon.notice;mail.crit /var/adm/messages .alert;kern.err;daemon.err operator .alert root .emerg auth.* @server1 .debug;mail.none /var/adm/messages sendmail. /var/spool/mqueue/log Based on the information provided, where will messages from the sendmail service be logged? /dev/sysmsg /var/adm/messages server1 /var/spool/mqueue/log sendmail messages will not be logged.
9.	You are the Solaris administrator for your company. You want to use system logging and you currently have a default syslog.conf file on your computer. You've heard that the logger command can be used to manually enter comments into the system log file. You execute the following command: # logger Testing to see if this logger thing works Where should you look to see your logged message? /dev/sysmsg /var/adm/messages /var/log/syslog The console from which you issued the command. The message will not be logged.
10.	You are configuring system logging on your Solaris server. Which of the following pairs are valid selectors? (Choose all that apply.) news.info auth.warning daemon.err lpr.alert
11.	You are the Solaris server administrator for your company. You are configuring your external e-mail server, and you want it to record a log of all incoming TCP and UDP connections. Which file and option do you need to configure? (Choose two.) /etc/default/syslogd /etc/default/inetd /etc/syslog.conf /etc/inetd.conf LOG_FROM_REMOTE=YES ENABLE_CONNECTION_LOGGING=YES
12.	You are the Solaris administrator for your network. You are concerned that your log files generated by syslog are getting too large and unmanageable, and you want to rotate the logs more frequently. Which file is responsible for holding the configuration for log file rotation? /usr/lib/newsyslog /etc/logadm.conf /etc/syslog.conf /etc/inetd.conf
13.	Examine the following excerpt from a syslog.conf file: .err;kern.notice;auth.notice /dev/sysmsg .err;kern.debug;daemon.notice;mail.crit /var/adm/messages .alert;kern.err;daemon.err operator .alert root .emerg lpr.* /var/adm/log1 cron.warning /var/adm/log2 info.alert /var/adm/log3 auth.* /var/adm/log4 Based on this information, which log file or files will never receive any messages? (Choose all that apply.) /var/adm/log1 /var/adm/log2 /var/adm/log3 /var/adm/log4
14.	You are configuring the syslog service for your Solaris 9 server. Which of the following are valid destinations for logged messages? (Choose all that apply.) A filename on the local computer A remote computer, in the form of @computer The console of all logged-in users The console of a specific user or list of users
15.	Examine the following excerpt from a syslog.conf file: .emerg Based on the provided information, where will emergency messages be written? To all known log files on the computer To the default system log file on the computer To the console of the operator logged into the computer To all logged-in users on the computer
16.	You are configuring your Solaris server to support logging. When you boot your Solaris server, which run level starts the syslog service? 1 2 3 S
17.	You are the Solaris administrator for your network. You are running a routine security audit and want to see who was the last user logged into the computer that you are on. You run the last command. From which database does the last command pull its data? /var/adm/wtmpx /var/adm/utmpx /var/log/syslog /var/adm/messages
18.	Examine the following excerpt from a syslog.conf file: .err;kern.notice;auth.notice /dev/sysmsg .err;kern.debug;daemon.notice;mail.crit /var/adm/messages .alert;kern.err;daemon.err operator .alert root .emerg mail.debug /var/spool/mqueue/logfile auth.* /var/adm/authlog user.* /var/adm/userlog You want to start tracking user logins as part of your normal security procedures. Which of the following files will contain information about user logins? /dev/sysmsg /var/adm/messages /var/adm/authlog /var/adm/userlog
19.	The purpose of this daemon is to collect system messages. It also interfaces with the m4 macro processor and writes system messages to the console if necessary. Which daemon is it? sysd msgd syslogd inetd
20.	Examine the following excerpt from a syslog.conf file: .err;kern.notice;auth.notice /dev/sysmsg .err;kern.debug;daemon.notice;mail.crit /var/adm/messages .alert;kern.err;daemon.err operator .alert root .emerg mail.* /var/spool/mqueue/logfile auth.* @server1 You have recently implemented the sendmail service on the server by using this syslog.conf file. You have included an option to log all mail messages to the /var/spool/mqueue/logfile file. However, this file does not exist. Which of the following will happen when a sendmail message is generated? The syslog service will attempt to write the message and silently fail. The syslog service will attempt to write the message and will create the file as necessary. The syslog service will attempt to write the message and write an error to the console when the file is not found. The syslog service will write the message to the /var/adm/messages file instead of /var/spool/mqueue/logfile. The syslog service will write the message to the /var/log/syslog file instead of/var/spool/mqueue/logfile.

Answers

1.	C. The correct facility for logging security-related events is auth. Although sec, login, and security are tempting choices, none of them are legitimate facilities.
2.	D. The file containing severity level information is sys/syslog.h. The /etc/default/syslogd and /etc/syslog.conf files contain configuration information for the syslog service. The /etc/syslogd.conf file does not exist.
3.	A. The /var/adm/sulog file is built in and it logs all su activity. Users must use su to assume a role. The /var/log/syslog file collects system messages, not security information. In the syslog.conf file, su is not a valid facility; auth is, but it will log all information about security authorizations, which is far more than you want to log in this case.
4.	A. The user facility logs all user-generated messages, as well as messages from applications not expressly defined in the syslog.conf file. Databases are not defined by their own facility in syslog.conf; therefore, the user facility is correct. The kern facility is for kernel errors, and daemon is for daemon errors. There is no app facility. alert, err, and debug are warning levels, not facilities.
5.	A, B, C, D, E. Messages generated by daemons will use the daemon facility. The /var/adm/ messages file and operator user are expressly mentioned as daemon message recipients in the file. However, a daemon.alert could go to the root user, a daemon.emerg message could be written to all logged-in users, and a daemon.err could be written to /dev/sysmsg.
6.	B. The LOG_FROM_REMOTE=YES option is set within the /etc/default/syslogd file.
7.	C. From most severe to least, the levels are emerg, alert, crit, err, warning, notice, info, debug, and none.
8.	E. Because of the mail.none setting in the seventh line of the excerpt, sendmail messages will not be logged. The word sendmail is not a valid facility.
9.	E. The correct answer is that the message will not be logged. But why? The default priority for the logger command is user.notice, which is not defined in the default syslog.conf file. Therefore, the message will be written nowhere, and the attempted message write will silently fail. You need to either write the message with an already defined selector (with the -p option) or change the syslog.conf file to recognize user.notice messages.
10.	A, B, C, D. All of the provided answers are legitimate selector pairs. The possible facilities are user, kern, mail, daemon, auth, lpr, news, uucp, cron, local0-7, mark, and * (meaning all). The levels, from most severe to least, are emerg, alert, crit, err, warning, notice, info, debug, and none.
11.	B, F. The option you need to configure is ENABLE_CONNECTION_LOGGING, which is located in the /etc/default/inetd file.
12.	B. The /etc/logadm.conf file contains configuration information for log file rotation. The old mechanism for rotating log files was the /usr/lib/newsyslog script, but that method is no longer used.
13.	C. The /var/adm/log3 file will never receive any messages. This is because the keyword info is a level, not a facility. Therefore, the word info will always appear after the period in the selector.
14.	A, B, C, D. The answers represent all four valid options for the destination of logged messages. These are defined in the action field of the syslog.conf file.
15.	D. The asterisk (*) in the action field tells syslog to write the message to the console of all logged-in users. Most of the time, emergency situations will be the result of the computer (or at least a critical component) failing, and all logged-in users will need to be warned.
16.	B. The syslog service is started by the /etc/rc2.d/S74syslog script, which means that it's started by run level 2.
17.	A. The last command gets its information from the /var/adm/wtmpx file. The who command gets its information from the /var/adm/utpmx file.
18.	C. Anything involving security processes will be logged under the auth facility. So, in this case, logins will be logged to /var/adm/authlog.
19.	C. The explanation describes the syslogd daemon. The inetd daemon is responsible for listening for incoming network connections. The sysd and msgd daemons do not exist.
20.	A. If the log file specified in /etc/syslog.conf does not exist, the syslog service will silently fail when attempting to write the message. The file will not be automatically created, nor will an alternate log file be used.