Select the best way to gather this information.

You are the primary administrator for a set of Oracle Solaris 11 servers. You noticed some changes to
configuration files. Yon are concerned that someone may have unauthorized access and that an authorized
user may be abusing the access privilege. You want to track users of these systems to determine what tasks
each user performs. Select the best way to gather this information.

You are the primary administrator for a set of Oracle Solaris 11 servers. You noticed some changes to
configuration files. Yon are concerned that someone may have unauthorized access and that an authorized
user may be abusing the access privilege. You want to track users of these systems to determine what tasks
each user performs. Select the best way to gather this information.

A.
Solaris auditing

B.
the system/event service

C.
the system-logging service

D.
Basic Audit Reporting Tool

E.
System Extended Accounting

Explanation:
Solaris auditing keeps a record of how the system is being used. The audit service includes tools to assist with
the analysis of the auditing data.
Incorrect:
not C: Basic Audit Reporting Tool
BART is a file tracking tool that operates entirely at the file system level. Using BART gives you the ability to
quickly, easily, and reliably gather information about the components of the software stack that is installed on
deployed systems. Using BART can greatly reduce the costs of administering a network of systems by
simplifying time-consuming administrative tasks.
Note:
* The audit service makes the following possible:
Monitoring security-relevant events that take place on the host
Recording the events in a network-wide audit trail
Detecting misuse or unauthorized activity
Reviewing patterns of access and the access histories of individuals and objects
Discovering attempts to bypass the protection mechanisms
Discovering extended use of privilege that occurs when a user changes identity
* Auditing is the collecting of data about the use of system resources. The audit data provides a record of
security-related system events. This data can then be used to assign responsibility for actions that take place
on a host. Successful auditing starts with two security features: identification and authentication. At each login,
after a user supplies a user name and password, a unique audit session ID is generated and associated with
the user’s process. The audit session ID is inherited by every process that is started during the login session.Even if a user changes identity within a single session, all user actions are tracked with the same audit session
ID.

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *