1z0-106 Oracle Linux 8 Advanced System Administration Questions and Answers

Option A (Correct):Boot parameters are set in/etc/default/grubunder theGRUB_CMDLINE_LINUXdirective. After modifying this file, thegrub2-mkconfigcommand must be run to apply changes.

Option C (Correct):The/boot/loader/entries/directory contains configuration files for each kernel version, which store the boot parameters separately.

Option B (Incorrect):Boot parameters specified at the GRUB command line are not persistent across reboots unless added to the configuration file.

Option D (Incorrect):Parameters set from the GRUB menu are temporary and do not apply to subsequent reboots.

Oracle Linux Reference:Refer to:

Oracle® Linux 8: Configuring GRUB2

Explanation of Answer A:Consistent network device naming is enabled by default in Oracle Linux 8. This feature ensures that network interfaces retain their names across reboots, which is important for maintaining network configuration consistency. This is managed through the Predictable Network Interface Names feature, which is part of thesystemdproject and is implemented inudev.

Explanation of Answer B:Theudevdevice manager is responsible for dynamically managing device nodes in the/devdirectory. It generates network interface names based on several naming schemes, such as the interface’s physical location on the bus (likeenp0s3), MAC address, or other attributes. These schemes are used to provide consistent and predictable names for network interfaces.

Option D (Correct):The commandsetfacl --modify user:user2:r-x my_directorysets an Access Control List (ACL) entry that givesuser2read (r) and execute (x) permissions onmy_directory. The execute (x) permission is required to allow navigation into the directory.

Option A (Incorrect):The--defaultoption would set the default ACL for future files or directories created withinmy_directory, not the directory itself.

Option B (Incorrect):This option gives only read (r) permission, but without execute (x) permission,user2cannot navigate into the directory.

Option C (Incorrect):The-xoption is used to remove an ACL entry, not modify it.

Option E (Incorrect):This modifies the ACL for the grouptestinstead of the useruser2.

Oracle Linux Reference:Refer to:

Oracle® Linux 8: Using Access Control Lists

Option A (Correct):A slice unit in systemd is a grouping mechanism used for hierarchical management of resources (such as CPU, memory, and I/O) among a group of processes.

Options B, C, D (Incorrect):These options do not correctly describe the role or characteristics of slice units in Oracle Linux 8.

Oracle Linux Reference:Refer to:

Oracle® Linux 8: Managing Services with systemd

The/etc/sysconfigdirectory contains configuration files for various system services and applications. The content of this directory depends on which packages are installed on the system. Each package may provide one or more configuration files stored in/etc/sysconfigto control its behavior.

Explanation of Answer C:Thesscommand can be used to display all available internal TCP information, including established connections with detailed TCP metrics, which matches the output in Answer C.

Explanation of Answer D:Thesscommand can display listening ports (TCP in this case) with details like congestion control algorithms (cubic), which aligns with Answer D. The output indicates a listening TCP socket on port 80.

Option C (Correct):Thedmesg -Tcommand converts the timestamps in the kernel ring buffer messages to a human-readable format. The defaultdmesgoutput shows the timestamps in a raw format (seconds since the kernel started), while the-Toption translates these timestamps into a human-readable date and time.

Option A (Incorrect):The-toption is used to remove the timestamps entirely from the output.

Option B (Incorrect):The-xoption provides extended information about the message (e.g., facility, level).

Option D (Incorrect):The-Woption waits for new messages and does not convert timestamps to a human-readable format.

Oracle Linux Reference:Refer to:

man dmesgfor more details ondmesgoptions.

Option C (Correct):The-k passpart of theauditctlcommand defines a keyword (pass) for the audit rule. This keyword helps in filtering and searching logs in the audit trail.

Option D (Correct):The-w /etc/passwd -p wpart of the command sets up a watch on the/etc/passwdfile for write (w) operations. This audit rule will generate a log entry every time there is a write operation to/etc/passwd.

Option A (Incorrect):This command does not write directly to/etc/audit/rules.d/audit.rules; it defines a rule in memory that could be saved to this file later.

Option B (Incorrect):The rule only logs write (w) operations; it does not log read operations.

Option E (Incorrect):The command does not directly cause a write to/etc/audit/audit.rules.

Oracle Linux Reference:Refer to:

Oracle® Linux 8: Auditing and System Logs

man auditctlfor details on audit rules and options.

Option B (Correct):Thefdisk -lcommand lists information about all available disks, including their sizes, partition tables, and partition details.

Option E (Correct):fdiskcannot handle disks larger than 2 TB because it is limited to the Master Boot Record (MBR) partitioning scheme. To manage larger disks (over 2 TB), the GUID Partition Table (GPT) is required, andfdiskdoes not fully support GPT.

Option A (Incorrect):fdiskdoes not support HFS (Hierarchical File System, used by macOS). It primarily supports MBR and has limited support for GPT.

Option C (Incorrect):fdiskdoes not support partitioning disks larger than 2 TB with GPT;gdiskorpartedshould be used instead.

Option D (Incorrect):fdiskdoes not divide logical devices into block disks called partitions; it operates on physical storage devices to create partitions.

Oracle Linux Reference:Refer to:

Oracle® Linux 8: Managing Disks and Partitions

man fdiskfor more details on the usage and limitations of thefdiskutility.

Understanding the Command:

$ podman run --name=oracleshell -it oraclelinux:8-slim

(Note: The image is likely oraclelinux:8-slim without a space.)

podman run:Creates and starts a new container.

--name=oracleshell:Assigns the name oracleshell to the container.

-it:Runs the container in interactive mode with a pseudo-TTY.

oraclelinux:8-slim:Specifies the image to use.

Option A: The container creates and starts an interactive shell.

Explanation:

The -it option runs the container interactively.

If no command is specified, it executes the default command in the image (usually /bin/bash).

This provides an interactive shell inside the container.

Oracle Linux Reference:

Oracle® Linux 8: Managing Containers-Running Containers Interactively:

"You can run a container in interactive mode using the -i and -t options together."

Option D: The container is created and started in a single command.

Explanation:

The podman run command handles both creation and starting of the container.

There's no need to create the container separately.

Oracle Linux Reference:

Oracle® Linux 8: Managing Containers-Creating and Running Containers:

"The podman run command creates and starts a container in one operation."

Why Other Options Are Incorrect:

Option B:The container does not need to pre-exist; podman run creates it if it doesn't exist.

Option C:If the image doesn't exist locally, podman will attempt to pull it from the registry.

Oracle Linux Reference:

Oracle® Linux 8: Managing Containers-Pulling Images:

"If you attempt to run a container with an image that does not exist locally, Podman automatically pulls the image from a registry."

Option E:The container is not removed upon exit unless the --rm option is used.

Oracle Linux Reference:

Oracle® Linux 8: Managing Containers-Automatically Removing Containers:

"Use the --rm option to automatically remove the container when it exits."

Conclusion:

Correct Options:A, D

Summary:The command creates and starts a new container named oracleshell and opens an interactive shell session inside it.

Option A (Correct):The command creates a Kubernetes Deployment, which ensures the specified number of replicas (pods) are running at all times. The deployment will manage the creation and maintenance of these pods to ensure availability.

Option D (Correct):The deployment configuration specifies that the container running inside the pod exposes port 80 (containerPort: 80).

Option B (Incorrect):The deployment is namednginx-deployment, notnginx.

Option C (Incorrect):The command creates a Deployment object that manages multiple pods; it does not directly create a single pod namednginx.

Option E (Incorrect):The command specifies the nginx image version1.14.2, but it will not fail immediately if the image version is not available. Kubernetes will attempt to pull the image, and the failure will happen during that step if the image does not exist.

Oracle Linux Reference:Refer to:

Kubernetes Documentation on Deployments

kubectl createcommand usage details.

Option A (Correct):The configuration lineauthpriv.* /var/log/authwould direct all messages of theauthprivfacility (which includes sensitive authentication messages) to the/var/log/authfile. The log entries provided, which include authentication-related messages from PAM (pam_unix), would be logged due to this setting.

Option B (Incorrect):The*.emerg *setting logs emergency messages to all users, not specifically the provided log output.

Option C (Incorrect):This setting logs various non-authentication-related messages to/var/log/messages. It specifically excludesauthpriv.

Option D (Incorrect):This setting appears to be commented out and incorrect for the logging behavior described.

Option E (Incorrect):Thecron.*setting logs cron messages, unrelated to the provided authentication logs.

Oracle Linux Reference:Refer to:

Oracle® Linux 8: System Logging with rsyslog

Explanation of Answer A:

Network services running in a confined domain: SELinux provides domain confinement for services, ensuring they run with restricted access based on their defined policies.

The oracle user must be confined: The commandsemanage login -a -s guest_u oracleconfines theoracleuser to theguest_uSELinux user role, which is a confined role.

Access to files and directories based only on SELinux contexts: With SELinux enabled and the policy loaded, access is governed by SELinux contexts.

Persistent SELinux configuration across reboots: Thesetenforce enforcingcommand, combined with the appropriate policy configuration, ensures that SELinux remains in enforcing mode across reboots.

Users able to publish private HTML content: Thesetsebool -P http_enable_homedirs oncommand enables the use of user home directories for web content, allowing users to host personal web pages.

Explanation of Answer D:The entrypool pool.ntp.org offlinein the/etc/chrony.conffile specifies that thechronydservice should not automatically poll the NTP pool servers atpool.ntp.orguntil it is explicitly enabled by thechronyccommand. This setting is typically used in environments where the network is not always available (e.g., laptops or isolated systems) to avoid unnecessary polling.

Explanation of Answer A:Oracle Linux 8 uses cgroups version 2 (cgroups v2) by default. cgroups v2 is a unified hierarchy system that introduces improvements over version 1, including a simplified interface and better resource management capabilities.

Explanation of Answer B:A control group (cgroup) is a mechanism for grouping processes and setting limits or parameters on their resource usage, such as CPU, memory, or I/O. These limits and parameters are configured and managed through the cgroups filesystem.