1z0-106 Oracle Linux 8 Advanced System Administration Questions and Answers

Option C (Correct):The-k passpart of theauditctlcommand defines a keyword (pass) for the audit rule. This keyword helps in filtering and searching logs in the audit trail.

Option D (Correct):The-w /etc/passwd -p wpart of the command sets up a watch on the/etc/passwdfile for write (w) operations. This audit rule will generate a log entry every time there is a write operation to/etc/passwd.

Option A (Incorrect):This command does not write directly to/etc/audit/rules.d/audit.rules; it defines a rule in memory that could be saved to this file later.

Option B (Incorrect):The rule only logs write (w) operations; it does not log read operations.

Option E (Incorrect):The command does not directly cause a write to/etc/audit/audit.rules.

Oracle Linux Reference:Refer to:

Oracle® Linux 8: Auditing and System Logs

man auditctlfor details on audit rules and options.

Explanation of Answer B:iostatis a tool used to monitor system input/output device loading by observing the time devices are active concerning their average transfer rates. The "Device Utilization Report" provides statistics about device utilization and throughput rates, which is critical in identifying performance bottlenecks.

Explanation of Answer E:iostatalso generates "CPU Utilization Reports." These reports provide data about how the CPU is utilized during input/output operations, showing the percentage of CPU time used for user processes, system processes, and the time the CPU remains idle.

Option B (Correct):Container applications are dependent on the host operating system's kernel because containers share the OS kernel, unlike virtual machines, which use a hypervisor. Compatibility of the host OS kernel version is required to run containers.

Option D (Correct):Podman, Buildah, and Skopeo are container tools for managing container applications. Podman runs containers without requiring a daemon like Docker, Buildah is used to build container images, and Skopeo is used for transferring container images. These tools can operate independently of one another, providing a flexible and modular approach to container management on Oracle Linux.

Option A (Incorrect):Container applications built on bare metal can run on virtual machines or cloud instances as long as the environment supports the container runtime.

Option C (Incorrect):Containers do not package the entire runtime stack; they include the application and its dependencies but rely on the host OS for the kernel.

Option E (Incorrect):Podman does not require a running daemon; one of its advantages over Docker is that it can run containers in rootless mode without needing a persistent daemon.

Oracle Linux Reference:Refer to:

Oracle® Linux 8: Podman and Containers Guide

man podman,man buildah,man skopeofor further details on these tools.

Explanation of Answer A:When thechrootcommand is executed with/jail, the environment is changed to use/jailas its new root directory. Inside this environment, only the directories and files copied into/jailare accessible. Since/jaildoes not contain a/rootdirectory, the commandcd(which defaults to changing to the user's home directory) will fail, displayingNo such file or directory. Thepwdcommand shows the root of the chroot environment (/), andlsdisplays the contents of/jail, which includesbinandlib64.

Understanding the anacrontab Entries:

The /etc/anacrontab file contains the following variables and job definitions:

SHELL=/bin/sh

PATH=/sbin:/bin:/usr/sbin:/usr/bin

MAILTO=root

# the maximal random delay added to the base delay of the jobs

RANDOM_DELAY=45

# the jobs are started during the following hours only

START_HOURS_RANGE=3-22

# period in days delay in minutes job-identifier command

1 5 dailyjob nice run-parts /etc/cron.daily

7 25 weeklyjob nice run-parts /etc/cron.weekly

@monthly 45 monthlyjob nice run-parts /etc/cron.monthly

Variables Explained:

RANDOM_DELAY=45

Specifies that arandom delaybetween 0 and 45 minutes is added to the base delay of each job.

START_HOURS_RANGE=3-22

Jobs are allowed to start only between03:00 (3 AM)and22:00 (10 PM).

Job Delays Calculated:

First Job (dailyjob):

Base Delay:5 minutes

Random Delay:0 to 45 minutes

Total Delay:5 + (0 to 45) =5 to 50 minutes

Second Job (weeklyjob):

Base Delay:25 minutes

Random Delay:0 to 45 minutes

Total Delay:25 + (0 to 45) =25 to 70 minutes

Third Job (monthlyjob):

Base Delay:45 minutes

Random Delay:0 to 45 minutes

Total Delay:45 + (0 to 45) =45 to 90 minutes

Option B: Jobs defined in this anacrontab file can be executed between 15:00 and 22:00

Explanation:

The START_HOURS_RANGE=3-22 setting allows jobs to start between03:00 and 22:00.

Therefore, it's true that jobscan be executed between 15:00 (3 PM) and 22:00 (10 PM).

This statement is correct because the specified time range falls within the allowed start hours.

Oracle Linux Reference:

Oracle® Linux 8: Scheduling Tasks- Section on "Anacron Configuration Files":

"The START_HOURS_RANGE variable defines the time window during which Anacron jobs can run."

Option C: Scripts run by the third job are delayed between 45 and 90 minutes.

Explanation:

The third job (monthlyjob) has abase delay of 45 minutes.

With a RANDOM_DELAY of up to 45 minutes, thetotal delaybefore execution is between45 and 90 minutes.

Therefore, this statement is accurate.

Oracle Linux Reference:

Oracle® Linux 8: Scheduling Tasks- Section on "Understanding Anacron Job Delays":

"Each job's delay is calculated by adding its defined delay to a random value between 0 and RANDOM_DELAY."

Why Other Options Are Not Correct:

Option A:Scripts run by the first job are delayed between 11 and 45 minutes.

Explanation:

The first job (dailyjob) has a total delay between5 and 50 minutes(5-minute base delay plus up to 45 minutes random delay).

Therefore, the statement specifying11 to 45 minutesis incorrect.

Option D:Jobs defined in this anacrontab file are randomly delayed by up to 51 minutes.

Explanation:

The maximum random delay is set by RANDOM_DELAY=45, so the random delay is up to45 minutes, not 51.

Therefore, this statement is false.

Option E:Scripts run by the second job are delayed between 31 and 70 minutes.

Explanation:

The second job (weeklyjob) has a total delay between25 and 70 minutes(25-minute base delay plus up to 45 minutes random delay).

The statement specifies a delay between31 and 70 minutes, which is incorrect because the minimum delay is 25 minutes.

Conclusion:

Options B and C are correct based on the configuration specified in /etc/anacrontab. They accurately reflect the possible execution times and delays for the jobs defined.

Option A (Correct):A user private group (UPG) ensures that each user has their own unique group created with the same name and ID as the user.

Option E (Correct):The UPG model helps prevent other users from modifying files by default, as newly created files are assigned to the user’s unique group and not to a shared group.

Option B (Incorrect):UPG does not give the capability to create new group users; this is related to group management commands.

Option C (Incorrect):UPG does not providesudocapabilities;sudoconfiguration is managed separately.

Option D (Incorrect):UPGs do not limit reading files to group users by default; it depends on specific file permissions.

Oracle Linux Reference:Refer to:

Oracle® Linux 8: Managing Users and Groups

The commandcryptsetup luksOpen /dev/xvdd1 cryptfsis used to open an encrypted LUKS partition. This command maps the encrypted block device/dev/xvdd1to a decrypted block device that is accessible under/dev/mapper/cryptfs.

Option A (Correct):This is correct because thecryptsetup luksOpencommand creates a device mapping under/dev/mapper/with the name specified (cryptfsin this case). This mapping allows you to access the encrypted content of/dev/xvdd1through the decrypted virtual device/dev/mapper/cryptfs.

Options B, C, D, E (Incorrect):These options are incorrect because they do not accurately reflect the standard behavior of thecryptsetup luksOpencommand. The device created will always be in the format/dev/mapper/whereis the alias specified in the command.

Oracle Linux Reference:For more information, refer to:

Oracle® Linux 8: Managing Storage Devices

man cryptsetupfor more details on theluksOpencommand and LUKS management.

Option D: anacron jobs may run only once a day.

Explanation:

Anacronis designed for systems that are not running continuously (e.g., desktops or laptops that may be powered off at night). It ensures that scheduled tasks are executed at the specified intervals.

Anacron jobs are defined with periods indays. The minimal unit of time for scheduling in Anacron isone day. Therefore, Anacron can schedule jobs to runonce a dayat most.

It is not intended for tasks that need to run multiple times per day.

Oracle Linux Reference:

Oracle® Linux 8: Scheduling Tasks- Section onAnacron Configuration Files:

"Anacron is used to run commands periodically with a frequency specified in days."

Option E: anacron jobs are used to run cron jobs if the system was powered off when they were scheduled to run.

Explanation:

Anacron complements Cron by ensuring thatscheduled jobs are not missedif the system is powered off or in standby mode at the time they were supposed to run.

When the system boots up, Anacron checks for any scheduled jobs that did not run and executes them accordingly.

This is particularly useful for laptops or desktops that are not always on.

Oracle Linux Reference:

Oracle® Linux 8: Scheduling Tasks- Section onUnderstanding Anacron:

"Anacron is designed to run commands periodically with specified frequency, but unlike cron, it does not assume that the system is running continuously."

Why Other Options Are Not Correct:

Option A:cron jobs may run only once a minute.

Explanation:

Cron allows scheduling tasks with a minimum granularity ofone minute. However, this means that tasks can be scheduled to runevery minute, not limited to only once a minute.

Multiple cron jobs can be scheduled to run at the same minute.

Therefore, the statement is misleading; cron jobs can runas frequently as every minute, but notonly once a minute.

Option B:All crontabs are held in the /etc/cron.d directory.

Explanation:

The /etc/cron.d directory is used for system-wide cron jobs provided by packages or administrators.

User-specific cron jobs are stored in /var/spool/cron/ or managed via the crontab command and not placed in /etc/cron.d.

Additionally, the system crontab file is /etc/crontab, and there are also directories like /etc/cron.hourly, /etc/cron.daily, etc.

Option C:The crond daemon looks for jobs only in /etc/crontab.

Explanation:

The crond daemon checks multiple locations for scheduled jobs:

User crontabs managed via the crontab -e command (stored in /var/spool/cron/).

System-wide crontab file (/etc/crontab).

The /etc/cron.d/ directory.

The /etc/cron.hourly/, /etc/cron.daily/, /etc/cron.weekly/, and /etc/cron.monthly/ directories.

Therefore, crond does not look for jobsonlyin /etc/crontab.

Conclusion:

OptionsDandEare correct because they accurately describe the characteristics and purposes of Anacron in the context of scheduling tasks on an Oracle Linux system.

Explanation of Answer A:

Network services running in a confined domain: SELinux provides domain confinement for services, ensuring they run with restricted access based on their defined policies.

The oracle user must be confined: The commandsemanage login -a -s guest_u oracleconfines theoracleuser to theguest_uSELinux user role, which is a confined role.

Access to files and directories based only on SELinux contexts: With SELinux enabled and the policy loaded, access is governed by SELinux contexts.

Persistent SELinux configuration across reboots: Thesetenforce enforcingcommand, combined with the appropriate policy configuration, ensures that SELinux remains in enforcing mode across reboots.

Users able to publish private HTML content: Thesetsebool -P http_enable_homedirs oncommand enables the use of user home directories for web content, allowing users to host personal web pages.

Explanation of Answer E:This option correctly matches the Kubernetes components with their descriptions:

Kubectl- d. Command-line interface used to control Kubernetes

Etcd- f. Stores configuration data relating to the cluster

Kubelet- c. Agent that allows nodes to communicate with the API

Kube-proxy- e. Performs networking functions and routes network traffic

Kube-apiserver- a. Processes and validates requests and performs operations

Kube-scheduler- b. Determines where containers should run based on resource availability

Option A (Correct):The rule is applied to both IPv4 and IPv6 packets. Theinettable is used for filtering both IPv4 and IPv6 traffic, and since the rule is added to theinettable, it affects both IP versions.

Option E (Correct):The rule drops TCP packets inbound on port 80. The rule specifies theinputchain in thefiltertable, and it drops (drop) all TCP traffic (tcp) destined for port 80 (dport 80), which means any incoming TCP traffic on port 80 will be dropped.

Option B (Incorrect):The command does not automatically update the configuration on disk; the rule is applied immediately in memory but does not persist across reboots unless explicitly saved.

Option C (Incorrect):The rule specifies TCP packets only, not all traffic. Therefore, it does not drop traffic for protocols other than TCP.

Option D (Incorrect):Although this statement is correct, it is less specific than Option A, which is more accurate because it mentions both IP versions.

Option F (Incorrect):The rule applies to inbound traffic, not outbound, so it does not drop outbound traffic.

Oracle Linux Reference:Refer to:

Oracle® Linux 8: Managing Firewall Rules with nftables

Option D (Correct):Creating an empty file named.autorelabelin the root directory tells SELinux to relabel the entire file system during the next reboot.

Option F (Correct):Thefixfiles -F onbootcommand schedules a full file system relabel on the next reboot.

Option A, B, C, E (Incorrect):These options do not correctly set the system to relabel on reboot.

Oracle Linux Reference:Refer to:

Oracle® Linux 8: SELinux Guide

Explanation of Answer D:The entrypool pool.ntp.org offlinein the/etc/chrony.conffile specifies that thechronydservice should not automatically poll the NTP pool servers atpool.ntp.orguntil it is explicitly enabled by thechronyccommand. This setting is typically used in environments where the network is not always available (e.g., laptops or isolated systems) to avoid unnecessary polling.

Option B (Correct):Btrfs uses a copy-on-write mechanism for both data and metadata, which ensures that the file system is more resilient to crashes and data corruption.

Option E (Correct):Btrfs supports online resizing, meaning that you can change the size of a mounted Btrfs file system without unmounting it.

Option G (Correct):Btrfs automatically defragments files in the background to maintain performance.

Option A (Incorrect):While Btrfs does support mirroring, it is not strictly block device mirroring in the traditional sense like RAID; it uses a different approach to redundancy.

Option C (Incorrect):Btrfs is not a cluster file system; it is designed for local file systems.

Option D (Incorrect):While Btrfs can store small files efficiently, it is not its primary design goal compared to other file systems optimized specifically for small files.

Option F (Incorrect):Btrfs is a file system with integrated volume management capabilities but is not a general-purpose volume manager like LVM.

Oracle Linux Reference:Refer to:

Oracle® Linux 8: Btrfs File System

man btrfsfor features and management.

Explanation of Answer B:The commandssh -L 5011:127.0.0.1:80 bob@10.10.2.20 -f sleep 30creates a local port forward. This means port5011on the client machine is forwarded to port80on the remote machine (10.10.2.20) using the SSH connection.

Explanation of Answer E:The-foption of thesshcommand causes the SSH connection process to fork to the background after authentication is complete. Thesleep 30command keeps the SSH connection alive for 30 seconds.