Previous Page
Next Page

Certification ePractice Exam

For $75, Sun also offers the ePractice Certification Exam for the Sun Certified Security Administrator that provides students with preparation for Sun certifications by acquainting them with the format of the exam and its questions, providing instant feedback regarding skill levels and gaps, and suggesting specific Sun Educational Services training to fill those gaps. The exam includes sample test questions, the correct answers including explanations, and suggestions for future study.

The subscription duration for accessing the online ePractice exam is 180 days. You can find out more and order an online subscription at www.sun.com/training/certification/resources/epractice.html.

Sun Certified Security Administrator for the Solaris Operating System

Official Objective

Certification Objective

Ch #

Pg #

Beginner

Intermediate

Expert

General Security Concepts

 

1–3

    

Explain fundamental concepts concerning information security and explain what good security architectures include (people, process, technology, defense in depth).

Describe Principles of Information Security

Explain Information Security Fundamentals and Define Good Security Architectures

1

4, 13

   

Identify the security life cycle (prevent, detect, react, and deter) and describe security awareness, security policies and procedures, physical security, platform security, network security, application security, and security operations and management.

Identify the Security Life Cycle and Describe Best Security Practices

3

66

   

Describe concepts of unsecure systems, user trust, threat, and risk.

Describe Concepts of Insecure Systems, User Trust, Threat, and Risk

2

36

   

Explain attackers, motives, and methods.

Explain Attackers, Motives, and Methods

2

43

   

Describe accountability, authentication, authorizations, privacy, confidentiality, integrity, and non-repudiation.

Describe Principles of Information Security

Explain Information Security Fundamentals and Define Good Security Architectures

1

4, 13

   

Describe the benefit of evaluation standards and explain actions that can invalidate certification.

Describe the Benefits of Evaluation Standards

3

77

   

Describe how the attackers gain information about the targets and describe methods to reduce disclosure of revealing information.

Describe How Attackers Gain Information, and Describe Methods to Reduce Disclosure

2

51

   

Detection and Device Management

 

4–6

    

Given a scenario, identify and monitor successful and unsuccessful logins and system log messages, and explain how to configure centralized logging and customize the system logging facility to use multiple log files.

Identify, Monitor, and Disable Logins

Configure syslog, Customize the System Logging Facility, and Monitor and Control Superuser

4

96, 106

   

Describe the benefits and potential limitations of process accounting.

Configure syslog, Customize the System Logging Facility, and Monitor and Control Superuser

4

106

   

Configure Solaris BSM auditing, including setting audit control flags and customizing audit events.

Configure Solaris Auditing and Customize Audit Events

5

122

   

Given a security scenario, generate an audit trail and analyze the audit data using the auditreduce, praudit, and audit commands.

Generate an Audit Trail and Analyze the Audit Data

5

136

   

Explain the device management components, including device_maps and device_allocate file, device-clean scripts, and authorizations using the auth_attr database, and describe how to configure these device management components.

Control Access to Devices by Configuring and Managing Device Policy and Allocation

6

152

   

Security Attacks

 

7–8

    

Differentiate between the different types of host-based denial of service (DoS) attacks, establish courses of action to prevent DoS attacks, and understand how DoS attacks are executed.

Differentiate Between the Types of Host-Based Denial of Service Attacks and Understand How Attacks Are Executed

7

180

   

Demonstrate privilege escalation by identifying Trojan horses and buffer overflow attacks. Explain backdoors, rootkits, and loadable kernel modules, and understand the limitations of these techniques.

Identify, Detect, and Protect Against Trojan Horse Programs and Backdoors

Explain Rootkits that Exploit Loadable Kernel Modules

8

218, 236

   

Given a security scenario, detect Trojan horse and back door attacks using the find command, checklists, file digests, checksums, and the Solaris Fingerprint Database. Explain trust with respect to the kernel and the OpenBoot PROM and understand the limitations of these techniques.

Identify, Detect, and Protect Against Trojan Horse Programs and Backdoors

8

218

   

File and System Resources Protection

 

4, 9, 10, and 12

    

Given a security scenario: (1) manage the security of user accounts by setting account expiration, and restricting root logins; (2) manage dormant accounts through protection and deletion; and (3) check user security by configuring the /etc/default/su file, or classifying and restricting non-login accounts and shells.

Identify, Monitor, and Disable Logins

4

96

   

Describe the implementation of defensive password policies and understand the limitations of password authentication.

Identify, Monitor, and Disable Logins

4

96

   

Describe the function of a Pluggable Authentication Module (PAM), including the deployment of PAM in a production environment, and explain the features and limitations of Sun Kerberos.

Use the PAM Framework to Configure the Use of System Entry Services for User Authentication

12

341

   

Describe the benefits and capabilities of Role-Based Access Control (RBAC), and explain how to configure profiles and executions including creating, assigning, and testing RBAC roles.

Describe the Benefits and Capabilities of Role-Based Access Control

Explain How to Configure and Audit Role-Based Access Control

9

256, 261

   

Given a scenario, use access control lists including setting file system permissions, the implications of using lax permissions, manipulating the set- user-ID and set-group-ID, and setting secure files using access control lists.

Use UNIX Permissions to Protect Files

Use Access Control Lists to Set File Permissions

10

282, 293

   

Host and Network Prevention

 

1

    

Explain fundamental concepts concerning network security, including firewall, IPSEC, network intrusion and detection. Describe how to harden network services by restricting run control services, inetd services, and RPC services. Understand host hardening techniques described in Sun security blueprints.

Describe Principles of Information Security

Explain Information Security Fundamentals and Define Good Security Architectures

1

4, 13

   

Network Connection Access, Authentication, and Encryption

 

11 and 13

    

Explain cryptology concepts including secret-key and public-key cryptography, hash functions, encryption, and server and client authentication.

Explain How to Protect Files Using the Solaris Cryptographic Framework

Administer the Solaris Cryptographic Framework

11

307, 315

   

Given a security scenario, configure Solaris Secure Shell.

Use Solaris Secure Shell to Access a Remote Host Securely Over an Unsecured Network

13

358

   

Previous Page
Next Page