Which three options correctly describe this zone?

You have completed configuring a zone named dbzone on your Solaris 11 server. The configuration is as following:

The global zone displays the following network information:

The zone has never been booted. Which three options correctly describe this zone?

You have completed configuring a zone named dbzone on your Solaris 11 server. The configuration is as following:

The global zone displays the following network information:

The zone has never been booted. Which three options correctly describe this zone?

A.
It is a sparse root zone.

B.
It is a whole root zone.

C.
It is an immutable zone.

D.
It is a native zone.

E.
The zone shares the network interface with the host.

F.
The zone uses a virtual network interface.

G.
The hostid is the same as the global zone.

H.
The IP address of the zone is 10.0.2.18.

Explanation:
C: Immutable Zones provide read-only file system profiles for solaris non-global zones.
Note that ip-type: exclusive:
Starting with OpenSolaris build 37 and Oracle Solaris 10 8/07, a default zone can be configured as
an “exclusive-IP zone” which gives it exclusive access to the NIC(s) that the zone has been
assigned. Applications in such a zone can communicate directly with the NIC(s) available to the
zone.
Note on zones:
After installing Oracle Solaris on a system, but before creating any zones, all processes run in the
global zone. After you create a zone, it has processes that are associated with that zone and no
other zone. Any process created by a process in a non-global zone is also associated with that
non-global zone.
Any zone which is not the global zone is called a non-global zone. Most people call non-global
zones simply “zones.” Some people call them “local zones” but this is discouraged.
The default native zone file system model on Oracle Solaris 10 is called “sparse-root.” This model
emphasizes efficiency and security at the cost of some configuration flexibility. Sparse-root zones
optimize physical memory and disk space usage by sharing some directories, like /usr and /lib.
Sparse-root zones have their own private file areas for directories like /etc and /var. Whole-root
zones increase configuration flexibility but increase resource usage. They do not use shared file
systems for /usr, /lib, and a few others.
There is no supported way to convert an existing sparse-root zone to a whole-root zone. Creating
a new zone is required.
Reference: Reference: Zones and Containers FAQ

Show Hint

Leave a Reply 11

Your email address will not be published. Required fields are marked *

ton_adam

ton_adam

file-mac-profile is not set. So it’s not an immutable zone.

So I would think the correct answers would be E F G

Reply

david

david

I agree with you

Reply

david

david

b.e.g is correct. bcz solaris 11 zones is whole root zone

Reply

John

John

B, E and G for me too.

Reply

Vinicius Torres

Vinicius Torres

I think its B, E & G.

Reply

iietam

iietam

Corect answer are B, E ad F

Incorect A)

Note:
Sparse root zones are not available beginning with Oracle Solaris 11. You can create sparse root zones only in Oracle Solaris 10.

Reference;
https://docs.oracle.com/cd/E27363_01/doc.121/e27511/ftr_zones_mgmt.htm#OPCFG429

Incorect C)

A zone with a read-only zone root is called an Immutable Zone. A solaris Immutable Zone preserves the zone’s configuration by implementing read-only root file systems for non-global zones. This zone extends the zones secure runtime boundary by adding additional restrictions to the runtime environment. Unless performed as specific maintenance operations, modifications to system binaries or system configurations are blocked.

The mandatory write access control (MWAC) kernel policy is used to enforce file system write privilege through a zonecfg file-mac-profile property. Because the global zone is not subject to MWAC policy, the global zone can write to a non-global zone’s file system for installation, image updates, and maintenance.

In the exhibit shown above the value of property is not set,so

By default, the zonecfg file-mac-profile property is not set in a non-global zone. A zone is configured to have a writable root dataset.

In a solaris read-only zone, the file-mac-profile property is used to configure a read-only zone root. A read—only root restricts access to the runtime environment from inside the zone.

Through the zonecfg utility, the file-mac-profile can be set to one of the following values. All of the profiles except none will cause the /var/pkg directory and its contents to be read-only from inside the zone.

none
Standard, read-write, non-global zone, with no additional protection beyond the existing zones boundaries. Setting the value to none is equivalent to not setting file-mac-profile property.

Reference;
http://docs.oracle.com/cd/E23824_01/html/821-1460/glhdg.html#scrolltoc

Incoret D)

The following differences between solaris zones and native zones on the Oracle Solaris 10 release should be noted:

The solaris brand is the default instead of the native brand, which is the default on Oracle Solaris 10 systems.

solaris zones are whole-root type only.

The sparse root type of native zone available on Oracle Solaris 10 uses the SVR4 package management system, and IPS doesn’t use this framework. A read-only root zone configuration that is similar to the sparse root type is available.

Reference;
https://docs.oracle.com/cd/E23824_01/html/821-1460/gitsf.html

Incorect G)

The zone is never booted, so

root@solaris-usb:/zonetest# zonecfg -z zone1 info hostid
hostid:
root@solaris-usb:/zonetest#

Host ID Emulation

When applications are migrated from a standalone Oracle Solaris system into a zone on a new system, the hostid changes to be the hostid of the new machine.

In some cases, applications depend on the original hostid, and it is not possible to update the application configuration. In these cases, the zone can be configured to use the hostid of the original system. This is done by setting a zonecfg property to specify the hostid, as described in How to Configure the Zone. The value used should be the output of the hostid command as run on the original system. To view the hostid in an installed zone, also use the hostid command.

Reference;
https://docs.oracle.com/cd/E23824_01/html/821-1460/gjluz.html

Reply

iietam

iietam

Incorect H)
The zone is never booted, so the vnic is not created yet and there is no dhcp address assignment.
There are two ways to configure exclusive-IP zones:

Use the anet resource of the zonecfg utility to automatically create a temporary VNIC for the zone when the zone boots and delete it when the zone halts.

Preconfigure the data-link in the global zone and assigned it to the exclusive-IP zone by using the net resource of the zonecfg utility. The data-link is specified by using the physical property of the net resource. The physical property can be a VNIC. The address property of the net resource is not set.

Reference:
https://docs.oracle.com/cd/E36784_01/html/E36848/z.config.ov-6.html

Reply

Paul

Paul

Hi! All!

Passed Oracle Solaris 11 Administration 1Z0-821 exam with a good score of 90% (the passing line is 64% now)!

Got 70 questions in total, and questions were on:
1. Installing Oracle Solaris 11 using an Interactive Installer
2. Administering Services
3. Setting Up and Administering Data Storage
4. Administering Oracle Solaris Zones
5. Setting Up and Administering User Accounts
6. Controlling Access to Systems and Files
(New) 7. Managing the SYSLOG facilityManaging the CRON facility
(New) 8. Managing the SYSLOG facility

Pay close attention to the up 7 & 8 topics when preparing for the 1Z0-821 exam. Questions on those two topics are not available on this site.

And, you can refer to the most valid 1Z0-821 dumps (2017 version) here:

http://www.oraclebraindump.com/?s=1Z0-821

(Those questions are part of PassLeader 1Z0-821 dumps, recommend to get its full version 1Z0-821 dumps with VCE and PDF.)

Good Luck!

Reply