Select the best way to gather this information.

You are the primary administrator for a set of Oracle Solaris 11 servers. You noticed some
changes to configuration files. Yon are concerned that someone may have unauthorized access
and that an authorized user may be abusing the access privilege. You want to track users of these
systems to determine what tasks each user performs. Select the best way to gather this
information.

You are the primary administrator for a set of Oracle Solaris 11 servers. You noticed some
changes to configuration files. Yon are concerned that someone may have unauthorized access
and that an authorized user may be abusing the access privilege. You want to track users of these
systems to determine what tasks each user performs. Select the best way to gather this
information.

A.
Solaris auditing

B.
the system/event service

C.
the system-logging service

D.
Basic Audit Reporting Tool

E.
System Extended Accounting

Explanation:
Solaris auditing keeps a record of how the system is being used. The audit service
includes tools to assist with the analysis of the auditing data.
Incorrect:
not C: Basic Audit Reporting Tool
BART is a file tracking tool that operates entirely at the file system level. Using BART gives you
the ability to quickly, easily, and reliably gather information about the components of the software
stack that is installed on deployed systems. Using BART can greatly reduce the costs of
administering a network of systems by simplifying time-consuming administrative tasks.

Note:
* The audit service makes the following possible:
Monitoring security-relevant events that take place on the host
Recording the events in a network-wide audit trail
Detecting misuse or unauthorized activity
Reviewing patterns of access and the access histories of individuals and objects
Discovering attempts to bypass the protection mechanisms
Discovering extended use of privilege that occurs when a user changes identity
* Auditing is the collecting of data about the use of system resources. The audit data provides a
record of security-related system events. This data can then be used to assign responsibility for
actions that take place on a host. Successful auditing starts with two security features:
identification and authentication. At each login, after a user supplies a user name and password, a
unique audit session ID is generated and associated with the user’s process. The audit session ID
is inherited by every process that is started during the login session. Even if a user changes
identity within a single session, all user actions are tracked with the same audit session ID.

Show Hint

Leave a Reply 1

Your email address will not be published. Required fields are marked *