Page 1



: Apple 9L0-612


: Security Best Practices for Mac OS X v10.4 Exam

Version : R6.1

Prepking - King of Computer Certification Important Information, Please Read Carefully Other Prepking products A) Offline Testing engine Use the offline Testing engine product to practice the questions in an exam environment. B) Study Guide (not available for all exams) Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is updated. Free updates are available for 90 days after the purchase. You should check your member zone at Prepking and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go 2.Click on Member zone/Log in (right side) 3. Then click My Account 4.The latest versions of all purchased products are downloadable from here. Just click the links. For most updates,it is enough just to print the new questions at the end of the new version, not the whole document. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to You should include the following: Exam number, version, page number, question number, and your login ID. Our experts will answer your mail promptly. Copyright Each PDF file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular PDF file is being distributed by you, Prepking reserves the right to take legal action against you according to the International Copyright Laws. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact

1. What are the recommended POSIX permissions for a web folder being shared through WebDAV? A. user - www group - www user/group/other - 775 B. user - root group - wheel user/group/other - 775 C. user - administrator group - web user/group/other - 744 D. user - administrator group - everyone user/group/other - 750 Answer: A 2. What Common Criteria tool lets you specify which log events to display? A. Audit Log Viewer B. /usr/sbin/ccfilter C. /usr/sbin/auditfilter D. /usr/sbin/auditreduce Answer: D 3. What is the result of adding the line below to the default slapd.conf file? disallow bind_anon A. All users must authenticate to connect to servers. B. Clients will be required to provide authentication to use LDAP. C. Nothing changes because that is the default setting for Open Directory. D. Anonymous BIND (Berkeley Internet Name Daemon) will no longer be used for this server. Answer: B 4. You have first enabled Personal File Sharing on your computer, and then turned on the built-in firewall. How does the default behavior of the Mac OS X firewall affect file sharing on your computer? A. No computer can connect to your computer via AFP. B. Any computer can connect to your computer via AFP. C. Only computers on the local subnet can connect to your computer via AFP. D. Only computers with a local Bonjour address can connect to your computer via AFP. Answer: B 5. Which command will force users on local computers to create passwords of at least 12 characters,

whether or not they are connected to a directory server? A. pwpolicy -l /NetInfo/DefaultLocalNode -a root -setpassword minChars=12 B. passwd -l /NetInfo/DefaultLocalNode -a root -setglobalpolicy minChars=12 C. passwd -n /NetInfo/DefaultLocalNode -a administrator -setpassword minChars=12 D. pwpolicy -n /NetInfo/DefaultLocalNode -a administrator -setglobalpolicy minChars=12 Answer: D 6. Which file do you configure to enable Common Criteria auditing on startup? A. /etc/audit B. /etc/hostconfig C. /etc/security/cc_audit D. /etc/security/audit_warn Answer: B 7. When using certificates, what role does a Certificate Authority (CA) play? A. A CA must be present on the server before SSL can be enabled. B. A CA is a trusted third party that ensures the identity of the server. C. A CA determines what ciphers are available for symmetric encryption. D. SSL routes traffic through the CA to verify the identity of the client and server. Answer: B 8. Which statement best describes Wired Equivalent Privacy (WEP)? A. WEP is a moderately secure firewall for wireless devices. B. WEP optimizes performance of 802.11 devices over distances, so they perform as well as their wired equivalents. C. WEP represents the first attempt at designing an algorithm to protect wireless communication from eavesdropping. D. WEP allows wireless access point administrators to require user names and passwords of users who want to connect to the wireless access point. Answer: C 9. Which two (2) actions might a rootkit perform? (Choose TWO.) A. Monitor disk activity on the root volume. B. Install security tools in root's home directory. C. Provide remote access to a computer by opening ports. D. Hide its presence by installing modified versions of system commands E. Provide a set of tools that allow the system administrator to monitor security events. Answer: CE

10. ________ is a command-line tool that displays the headers of packets seen by a computer's network interface card. A. arp B. ping C. netstat D. tcpdump Answer: D 11. Which statement about SSH tunneling is FALSE? A. SSH tunnels can support the PPP protocol. B. SSH tunnels secure all IP traffic, including UDP and TCP. C. SSH tunnels secure otherwise non-secure traffic, such as POP and AFP. D. Forwarding port 1023 and below requires root privileges for the initial receiving port. Answer: B 12. Why might you prefer WPA Enterprise over WPA Personal? A. You need 128-bit encryption. B. You do not want to manage a RADIUS server. C. You require more connections than WPA Personal allows D. The security implications of WPA Personal's shared key are not acceptable. Answer: D 13. Which two (2) authentication mechanisms are available to SSH users? (Choose TWO.) A. public/private key pair B. shared ssh_config files C. user name and password D. NTLM (NT LAN Manager) E. L2TP (Layer 2 Tunneling Protocol) Answer: AC 14. What does Stealth Mode on the Mac OS X Firewall do? A. It disables the sending of denials to blocked packets. B. It disables responses to all incoming connection attempts C. It creates a NAT gateway to hide the true IP address of the computer. D. It enables responses only to connection attempts from computers that are in the allowed computer list. Answer: A 15. If you see the password dialog shown above, which statement below MUST be true? <e ip="3.312.2209.b"></e>

A. Mail has found a relevant keychain entry. B. Mail needs to search a keychain for a relevant entry. C. Mail is preparing to change the ACL for the keychain entry. D. Mail has found a relevant keychain entry, but it was not accepted by the server. Answer: A 16. Which two (2) steps to obtain a certificate from a third-party are essential for signing email? (Choose TWO.) A. Create a key pair. B. Change the key size to 128 bits. C. Store a key pair in your login keychain. D. Generate a CSR (Certificate Signing Request). E. Use Certificate Assistant to generate a CA (Certificate Authority). Answer: AD 17. The Common Data Security Architecture (CDSA) is ________. A. a cryptographic services toolkit B. a file system security infrastructure C. a secure authentication method built into LDAP D. a modular approach to networking and Internet services Answer: A 18. Why is an SSL certificate included with each Mac OS X Server installation? A. It provides extensions to the HTTP protocol. B. It encrypts email traffic sent between two hosts. C. It enables communications for tools such as Server Admin. D. It provides an initial Certificate Authority (CA) signed by VeriSign. Answer: C 19. Which two (2) of these files have privileges that allow the Apache web server to read them? (Choose TWO.) A. -rw-r----- 1 bob www 2832 Jan 30 14:26 menu.html B. ---x--x--- 1 www www 2832 Jan 30 14:26 index.html C. -rw-r---w- 1 bob staff 2832 Jan 30 14:26 about.html D. -rw-r--r-- 1 bob staff 2832 Jan 30 14:26 index2.html E. -rw------- 1 bob www 2832 Jan 30 14:26 products.html Answer: AD 20. You are configuring an AirPort network for WPA Enterprise. Which step is required? A. On the client, enter the IP address of the RADIUS server.

B. On the client, enter the shared secret of the RADIUS server. C. On the client, choose the EAP (Extensible Authentication Protocol) of the RADIUS server. D. On the base station, choose the EAP (Extensible Authentication Protocol) of the RADIUS server. Answer: C 21. In a WPA Enterprise infrastructure, the RADIUS server manages ________. A. the TKIP process B. user names and passwords C. MAC addresses of authorized clients D. user Access Control Lists (user ACLs) Answer: B 22. WEP authentication ________; 802.1X does not. A. requires a RADIUS server to support encryption B. provides a secure connection between any two points C. supports per-user passwords without a RADIUS server D. uses a shared encryption key for all devices on the network Answer: D 23. What two (2) command-line tools can help identify suspicious activity that could indicate malicious software on a computer? (Choose TWO.) A. ps B. secutil C. hdiutil D. scanps E. netstat Answer: AE 24. A shadow password is stored ________. A. in the local LDAP database B. in the local NetInfo database C. in a file in /var/db/shadow/hash/ D. when you use the crypt() command Answer: C 25. You have configured your AirPort Base Station for 128-bit WEP authentication, and have assigned a network passphrase. Why would you need to distribute the 26-digit hex key to your users? A. WEP with 802.1x requires a hex key for asymmetric encryption B. The hex key allows for compatibility with older machines and different platforms

C. WEP requires users to enter a hex key to connect to the network using 128-bit encryption. D. You want the strongest possible WEP key: a hex key is stronger than a passphrase, because it is not susceptible to dictionary attacks. Answer: B 26. Which statement is true of secure authentication for POP clients using Mac OS X Server mail services? A. Mac OS X Server mail services support LAN Manager password hashes. B. When using APOP authentication, the Mail server stores passwords in a recoverable form. C. When using Kerberos for authentication, the client should disable Open Directory authentication D. When using Kerberos for authentication, the Mail server must reside on the same host as the KDC Answer: B 27. You want to use Directory Access Control Lists (DACLs) in LDAP. Which step must you complete? A. Turn on Access Control in Server Admin. B. Edit the rules to allow "read" by anonymous. C. Add the line disallow bind_anon to slapd.conf. D. Edit the AccessControlEntry attribute in Inspector in Workgroup Manager. Answer: D 28. In your web browser you type a URL that starts with https://. To what port will your browser connect, by default? A. 80 B. 443 C. 5410 D. 8080 Answer: B 29. Which command will create an encrypted disk image? A. hdiutil create SecretImage.sparseimage -size 2g -encryption -fs HFS+ -volname SecretImage.sparseimage B. mkdisk /mnt/SecretImage.sparseimage mount -encryption -fs HFS+ /dev/ram /mnt/SecretImage.sparseimage C. mkdisk create SecretImage.sparseimage -size 2g -encryption -fs HFS+ -volname SecretImage.sparseimage D. hdiutil /mnt/SecretImage.sparseimage mount -encryption -fs HFS+ /dev/ram /mnt/SecretImage.sparseimage Answer: A 30. How do you interact with the Authorization framework when you want to add or remove user rights?

A. Edit the /etc/authorization file. B. Edit the /var/authorization file. C. Edit the /etc/rc/rc.common file. D. Use Workgroup Manager to modify user policies. E. Use dscl to add policy information to the local NetInfo database. Answer: A 31. Which security technology protects email passwords from network snooping? A. SAPL B. Kerberos C. Shadow Hash D. Digital Signatures Answer: B 32. Why should you avoid logging in as an administrator to perform routine tasks? A. If you log in as an administrator, malicious programs can listen on privileged ports (ports below 1024) without requiring further authentication. B. If you log in as an administrator, untrusted programs can write to sensitive areas of the file structure without requiring further authentication. C. If you log in as an administrator, and a malicious user gains access to your computer, he or she can edit users' home folders without requiring further authentication. D. If you log in as an administrator, and launch Terminal to perform routine tasks, malicious programs can run sudo commands without requiring further authentication. Answer: B 33. What two (2) steps are necessary to configure your HTTP website to forward to an SSL website? (Choose TWO.) A. In Server Admin, start the https service. B. In Server Admin's Web pane, create a rule that forwards all traffic through port 8080 C. In Server Admin's Web pane, select the Enable Secure Forwarding checkbox and click OK. D. In Server Admin's Web pane, select the Enable Secure Sockets Layer (SSL) checkbox and click OK. E. In Server Admin's Web pane, edit the http:// site, and select "Add new alias or redirect", then enter the URL for the secure site.

Answer: DE 34. You want to use ACLs to prevent members of the Guest group from reading your file, named file1. Which command will accomplish this? A. aclctl guest+r file1 B. aclctl add "guest deny read" file1 C. chmod +a "guest deny read" file1 D. chmod setacl "guest deny read" file1 Answer: C 35. Which command will find files that have the SUID bit set? A. sudo locate -s B. sudo locate -perm suid C. sudo find / -perm suid -print D. sudo find / -perm +4000 -print Answer: D 36. Which two (2) steps can you take to prevent your mail service in Mac OS X Server v10.4 from being used as an open relay? (Choose TWO.) A. Require SMTP authentication. B. Require APOP authentication. C. Configure the firewall to block port 110. D. Configure the firewall to block port 323. E. Limit the hosts and networks from which you accept relays. Answer: AE 37. Which two (2) protocols encrypt data transferred over the network? (Choose TWO.) A. SSH B. SMB C. SFTP D. SMTP E. HTTP Answer: AC 38. Which action will result in a secure connection to a server? A. Enable Secure Remote Apple Events in Sharing preferences on the server. B. Press and hold the Option key while double-clicking the server discovered via Bonjour. C. In Finder, choose "Connect to Server" from the Go menu, and enter afp-s://<servername> in the Server

100% Pass Guaranteed or Full Refund Word to Word Real Exam Questions from Real Test Buy full version of exam from this link below

Pass4sure 9L0-612 dumps