Issuu on Google+



: HP HP0-P17


: HP-UX 11i v3 Security Administration

Version : R6.1     

Prepking - King of Computer Certification Important Information, Please Read Carefully Other Prepking products A) Offline Testing engine Use the offline Testing engine product to practice the questions in an exam environment. B) Study Guide (not available for all exams) Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is updated. Free updates are available for 90 days after the purchase. You should check your member zone at Prepking and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go 2.Click on Member zone/Log in (right side) 3. Then click My Account 4.The latest versions of all purchased products are downloadable from here. Just click the links. For most updates,it is enough just to print the new questions at the end of the new version, not the whole document. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to You should include the following: Exam number, version, page number, question number, and your login ID. Our experts will answer your mail promptly. Copyright Each PDF file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular PDF file is being distributed by you, Prepking reserves the right to take legal action against you according to the International Copyright Laws. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact     

1. After running /usr/sbin/pwck, the following output is displayed: smbnull:*:101:101::/home/smbnull:/sbin/sh Login directory not found What should you do to tighten the security? A. Nothing - it is a valid system user ID. B. Nothing - it is used by CIFS/Samba to represent "nobody" with a positive UID. C. Edit the /etc/passwd entry to specify a dummy login directory and a false login shell. D. Delete it from /etc/passwd. Opensource Samba installs it by default and it is not required on HP-UX. Answer: C 2. Which chatr syntax enables buffer overflow protection on a per-binary basis? A. chatr +b enable <binary> B. chatr -es enable <binary> C. chatr +es enable <binary> D. chatr +bo enable <binary> E. chatr +es default <binary> Answer: C 3. What is the effect of the coreadm -e global-setid command? A. edits the core dump file B. reads and interprets the core dump file C. enables the kernel for system crash dumps D. enables setuid/setgid core dumps system wide E. causes all running setuid programs to generate a core file Answer: D 4. Identify ways HP Process Resource Manager (PRM) can protect a system against poorly designed applications. (Select three.) A. PRM can limit the amount of memory applications may consume. B. PRM can limit the amount of swap space applications may consume. C. PRM can limit the amount of disk bandwidth applications may consume. D. PRM can limit the amount of CPU resources applications may consume. E. PRM can limit the amount of network bandwidth applications may consume. F. PRM can limit the number of inbound network connections to configured applications. Answer: ACD 5. What is a limitation of HP Process Resource Manager (PRM) as it applies to Denial of Service (DoS) attacks? A. Processes must be grouped before they can be managed.     

B. PRM does not perform memory capping; only entitlement and selection. C. PRM only applies to time-shared processes; real-time processes are not affected. D. PRM requires a separate configuration file for time-shared and real-time processes. Answer: C 6. After running kctune executable_stack=2, what happens if MyProg executes code from the stack? A. MyProg continues running without incident. B. MyProg is killed before a single instruction can be executed. C. MyProg continues, but logs a warning to /var/adm/syslog/syslog.log. D. MyProg continues, but a warning message is logged to the kernel message buffer. Answer: D 7. Click the Exhibit button. You used the dmesg command to display the warning shown in the exhibit. Which kernel parameter setting makes this warning message appear?

A. kill_overflow is set to 1 B. exc_stack_code is set to 0 C. buffer_overflow is set to 1 D. executable_stack is set to 0 Answer: D 8. Which benefits does chroot provide to an application from a security perspective? (Select three.) A. forces an application to start in a specified directory B. allows the users to do a cd above the specified directory C. prevents an application from starting in a specified directory D. prevents the users from doing a cd above the specified directory E. allows the users of the application access to the directory and the directories below it F. prevents the users of the application access to the directory and the directories below it Answer: ADE 9. Which commands configure an application to operate within a secure compartment? (Select two.) A. privrun B. privedit C. setrules D. cmdprivadm E. setfilexsec     

Answer: DE 10. Some open source software tools use the /usr/local/sbin and /usr/local/src directories. What should you do with the /usr/local directory to maintain a secure system? A. Verify that /usr/local and its subdirectories are not world writable. B. Remove /usr/local/bin and /usr/local/sbin from the user's PATH variable. C. Set permissions on /usr/local and its subdirectories to 047 so all users have access. D. Use the swlist -l file | grep /usr/local command to see all files installed in those directories. Answer: A 11. Encrypted Volume and File System (EVFS) uses which type of key to encrypt data? A. digital certificate B. RSA-1024 bit public key C. RSA-2048 bit private key D. AES-128 bit symmetric key E. AES-256 bit asymmetric key Answer: D 12. Identify where Encrypted Volume and File System (EVFS) protects data. A. in transit B. in the kernel C. over the network D. on the storage device Answer: D 13. Which tool is recommended for providing file integrity information? A. hash B. cksum C. crypt D. md5sum Answer: D 14. How can you grant NFS filesystem access to specific users as opposed to all users? (Select two.) A. Specify the desired users to the /etc/dfs/sharetab entry for the mount point using the format "-access=user1:user2:user3". B. Add the desired users to an ACL and set the permissions of the shared filesystem such that only members of the ACL can access the data. C. Add the desired users to a group and set the permissions of the shared filesystem such that only members of the group can access the data. D. Add the desired users to a netgroup and specify the netgroup in the /etc/dfs/sharetab entry for the mount     

point using the format "-access=netgroup". Answer: BC 15. Which product encrypts data on zx2-based Integrity servers? A. HP-UX VxFS filesystem B. HP-UX Encryption Module C. HP-UX Trusted Computing Services D. HP-UX Integrity Trusted Platform Module Answer: C 16. Where can an HP-UX 11i v3 EVFS-encrypted backup tape from an HP Integrity rx7640 Server be restored and decrypted? A. only on the HP-UX system where the tape was created B. on any HP-UX system where the symmetric encryption key resides C. on any HP-UX system where the backup owner's public key resides D. on any HP-UX system where the backup owner's public/private key pair resides Answer: D 17. Where are Trusted Computing Services (TCS) protected EVFS keys stored? A. HP-UX kernel B. EVFS volume C. system stable storage D. HP-UX root file system E. Trusted Platform Module Answer: D 18. Which statement is true regarding an HP-UX VxFS filesystem using ACLs? A. Default ACLs can only be placed on a file. B. Default ACLs have the same owner as the owner of the file the ACL controls. C. A directory's ACL can have default entries that are applied to files subsequently. D. An ACL has an owner that can be different from the owner of the file the ACL controls. Answer: C 19. In order to restrict the access to the /etc/group file through FTP, which statement should be included in the /etc/ftpd/ftpaccess file? A. noaccess B. noretrieve

/etc/group /etc/group

C. accessdeny


D. suppressaccess


Answer: B     

20. Identify the features of the TCP Wrappers product. (Select three.) A. enhances cryptographic authentication B. provides protection against IP address spoofing C. provides protection against hostname spoofing D. provides data encryption on TCP "wrapped" connections E. provides enhanced protection for RPC daemons using TCP/IP connections F. provides enhanced security for daemons managed by inetd using TCP/IP connections G. may be configured to provide enhanced security for any daemon using TCP/IP connections Answer: BCF 21. Select the IPFilter rule that will help protect the system from a Denial of Service attack against SMTP (sendmail) from the 14.13.45 network. A. pass in proto tcp from to any port 25 keep limit 10 cumulative B. pass in proto tcp from to any port 25 keep allow 10 cumulative C. pass in quick proto tcp from to any port 25 keep limit 10 cumulative D. pass in quick proto tcp from to any port 25 keep max_conn 10 cumulative Answer: C 22. Based on the netstat -in output below, which IPFilter rule disables incoming telnet connections to Name







Ipkts 6543





Oerrs Coll 0

0 lan1





0 lan0






0 0

394005 1138978





A. deny in telnet log quick on lan1 proto tcp from any to any B. grant all,!telnet in log quick on lan1 proto tcp from any to any C. disable in log quick on proto tcp from any to any telnet D. block return-rst in log quick on lan1 proto tcp from any to any port = 23 Answer: D 23. In order to avoid including the system's hostname and ftpd version in the FTP login banner, which file should be edited? A. /etc/inetd.conf B. /etc/ftpd/ftp-exec C. /etc/ftpd/ftpaccess     

D. /etc/ftpd/ftpservers Answer: C 24. Which service should be disabled to prevent a remote user from gathering user names on the local system? A. rup B. rwho C. rusers D. finger Answer: D 25. Which feature set does Nessus offer for securing HP-UX systems? A. a packet sniffer, packet logger, and network intrusion detection system B. a tool that provides limited root privileges to specified users, and logs the root activity C. a remote scanner tool used to automate the testing and discovery of known security problems D. a security and data integrity tool used to monitor and alert administrators of specific file changes Answer: C 26. In order to avoid including the ftpd version in the FTP login banner, which statement should be included in the /etc/ftpd/ftpaccess file? A. suppresssysinfo


B. suppressversion


C. avoidftpdversion


D. suppressftpdversion yes E. DO_NOT_PRINT_VERSION yes Answer: B 27. When using HP Secure Shell, what should be used whenever possible to ensure the most secure communication? A. ~.rhosts B. SSH protocol v1 C. SSH protocol v2 D. SSH X11 forwarding E. SSH agent forwarding F. /etc/hosts.equiv Answer: C 28. Which command configures NIS clients so that they bind to a list of specified NIS servers in a specific order rather than send UDP broadcasts to locate available servers? A. ypset     

B. ypinit -c C. ypbind -ypset D. ypbind -ypsetme Answer: B 29. When configuring an LDAP-UX client, which option enables authenticated access and encrypted traffic to the LDAP Server? A. 3DES/PKI B. TLS/SHA1 C. AES/Public Key D. TLS/SASL Digest MD5 Answer: D 30. Which HP-UX 11i v3 daemon implements the nfsauth service, which is responsible for handling NFS authentication requests? A. nfsd B. nfsauthd C. rpc.statd D. nfsmapid E. rpc.mountd Answer: E 31. Given the following contents of the PAM_AUTHZ config file: deny:unix_group:groupB allow:unix_user:user1,user2,user3,user4 allow:unix_group:groupA deny:unix_group:groupC allow:unix_local_user If user1 is a member of groupA and groupC and user2 is a member of groupB, which statement is true? A. user1 and user2 are both denied access. B. user1 and user2 are both granted access. C. user1 is denied access and user2 is granted access. D. user1 is granted access and user2 is denied access. Answer: D 32. Which non-secure server-side components can you replace with the HP-UX Secure Shell product? (Select three.) A. ftpd B. rcpd     

C. rpcd D. rlogind E. fingerd F. remshd Answer: ADF 33. Which feature of BIND helps prevent DNS cache poisoning? A. disabling TTL B. using TXT records C. enabling DNSSEC D. authenticated SOA records Answer: C 34. HP Secure Internet Services provides which feature? A. SSL enabled webserver B. SSL enabled ARPA commands C. Kerberos versions of ARPA commands D. secure remote login services based on OpenSSH Answer: C 35. Which file specifies which NIS clients are permitted to bind to an NIS server? A. /etc/secureclients B. /var/yp/securenets C. /etc/secureservers D. /var/yp/securebinds E. /var/yp/secureclients Answer: B 36. If you must have a guest account, which steps can you take to limit system access for the account? (Select three.) A. Use a restricted shell for the account. B. Assign permissions with chmod -R 555 /home/guest. C. Assign permissions with chmod -R 666 /home/guest. D. Assign permissions with chmod 444 /home/guest/.profile. E. Assign ownership with chown -R guest:guest /home/guest. Answer: ABD 37. Which features does Bastille provide? (Select two.) A. encrypts filesystems B. installs latest security patches     

100% Pass Guaranteed or Full Refund Word to Word Real Exam Questions from Real Test Buy full version of exam from this link below

Pass4sure HP0-P17 dumps