Solaris Security Certification

The Sun Certified Security Administrator (SCSA) for the Solaris 9 or Solaris 10 exam realistically is for administrators with more then three years of  experience administering security in either version of  Solaris. Exam for Solaris 10 includes questions related for zones and as such is more difficult. 

Solaris 9 security certification exam structure

The Sun Certified Security Administrator for the Solaris 9 Operating System exam realistically is for administrators with more then three years of experience administering security in a Solaris Operating System (Solaris OS).

There is no prerequisites. It requires neither Solaris administration certification nor network certification.

It is recommended that candidates:

• Attend the course: SC-300: Administering Security on the Solaris OS,
• Have six to twelve months security administration job-role experience,
• Have previous Solaris OS and network administration certification.

The examination will include multiple choice scenario-based questions, matching, drag-drop, and free-response question types and will require in-depth knowledge on security topics including: general security concepts

• detection and device management
• security attacks
• file and system resources protection
• host and network prevention
• network connection access
• authentication
• encryption

Delivered at: Authorized Prometric Testing Centers

• Prerequisites: Six to twelve months administering security in a Solaris OS
• Other exams/assignments required for this certification: None
• Exam type: Multiple choice, drag-drop, matching
• Number of questions: 60
• Pass score: 60%
• Time limit: 90 minutes

The main topics include:

Solaris BSM auditing

Solaris device management

Solaris Fingerprint Database

• Given a security scenario:
  • a) manage the security of user accounts by setting account expiration, and restricting root logins,
  • b) manage dormant accounts through protection and deletion,
  • c) check user security by configuring the /etc/default/su file, or classifying and restricting non-login accounts and shells.
• Pluggable Authentication Module (PAM)
• Kerberos
• role-based access control (RBAC)
• Access Control Lists (ACLs)
• firewall

Solaris 9 Security Certification Exam Objectives

Exams purchased on Sun web site may only be used in the US. Once exam vouchers are purchased you have up to one year from the date of purchase to use it. Each voucher is valid for one exam and may only be used at an Authorized Prometric Testing Center. Exam vouchers are nonrefundable.

Solaris 9 Security Certification Exam Objectives

• Explain fundamental concepts concerning information security and explain what good security architectures include (people, process, technology, defense in depth).
• Identify the security life cycle (prevent, detect, react, and deter) and describe security awareness, security policies and procedures, physical security, platform security, network security, application security, and security operations and management.
• Describe concepts of unsecure systems, user trust, threat, and risk.
• Explain attackers, motives, and methods.
• Describe accountability, authentication, authorizations, privacy, confidentiality, integrity, and non-repudiation.
• Describe the benefit of evaluation standards and explain actions that can invalidate certification.
• Describe how the attackers gain information about the targets and describe methods to reduce disclosure of revealing information.

• Given a scenario, identify and monitor successful and unsuccessful logins and system log messages, and explain how to configure centralized logging and customize the system logging facility to use multiple log files.
• Describe the benefits and potential limitations of process accounting.
• Configure Solaris BSM auditing, including setting audit control flags and customizing audit events.
• Given a security scenario, generate an audit trail and analyze the audit data using the auditreduce, praudit, and audit commands.
• Explain the device management components including device_maps and device_allocate file, device-clean scripts, and authorizations using the auth_attr database, and describe how to configure these device management components.

Section 3: Security Attacks

• Differentiate between the different types of host-based Denial of Service (DoS) attacks, establish courses of action to prevent DoS attacks, and understand how DoS attacks are executed.
  
• Demonstrate privilege escalation by identifying Trojan horses and buffer overflow attacks, and explain backdoors, rootkits, and loadable kernel modules, and understand the limitations of these techniques.
  
• Given a security scenario, detect Trojan horse and back door attacks using the find command, checklists, file digests, checksums, the Solaris Fingerprint Database, and explain trust with respect to the kernel and the OpenBoot PROM and understand the limitations of these techniques.

Section 4: File and System Resources Protection

• Given a security scenario:
  • manage the security of user accounts by setting account expiration, and restricting root logins,
  • manage dormant accounts through protection and deletion,
  • check user security by configuring the /etc/default/su file, or classifying and restricting non-login accounts and shells.
    
• Describe the implementation of defensive password policies and understand the limitations of password authentication.
  
• Describe the function of a Pluggable Authentication Module (PAM), including the deployment of PAM in a production environment, and explain the features and limitations of Sun Kerberos.
  
• Describe the benefits and capabilities of role-based access control (RBAC), and explain how to configure profiles and executions including creating, assigning, and testing RBAC roles.
  
• Given a scenario, use Access Control Lists including setting file system permissions, implications of using Lax Permissions, manipulating the Set-User-ID and Set_Group-ID, and setting secure files using Access Control Lists.

Section 5: Host and Network Prevention

• Explain fundamental concepts concerning network security including firewall, IPsec, network intrusion and detection, describe how to harden network services by restricting run control services, inetd services, and RPC services, and understand host hardening techniques described in Sun security blueprints.
  
• Given a security scenario, describe steps to harden a system, install and configure Solaris Security Toolkit (SST), and describe how to create, run, and verify an SST configuration.

Section 6: Network Connection Access, Authentication, and Encryption

• Explain how to configure, install, and validate TCP wrappers.
• Explain cryptology concepts including secret-key and public-key cryptography, hash functions, encryption, and server and client authentication.
• Given a security scenario, configure Solaris Secure Shell.

The SCSA for the Solaris 10 Operating System Exam

The Sun Certified Security Administrator for the Solaris 10 Operating System exam is for test candidates with extensive job-role experience administering security in a Solaris Operating System (Solaris 10 or OpenSolaris) environment.

Sun Certification recommends that candidates attend the course: SC-301-S10: Personalizing Security on the Solaris 10 Operating System, and previous Solaris OS system and network administration certification is strongly recommended.

This exam presumes the test candidate has an in-depth knowledge of UNIX and Solaris OS features.

The exam includes multiple-choice, scenario-based questions and drag-and-drop questions and requires extensive knowledge of Solaris OS security administration topics including:

• general security principles and features,
• hardening and minimization,
• principles of least privilege,
• cryptographic features,
• Kerberos,
• user account and password security,
• network security,
• auditing and zone security.

Exams purchased on this Web site may only be used in the US. If you reside outside the US, please select a country to inquire about products delivered in your country. Once exam vouchers are purchased you have up to one year from the date of purchase to use it. Each voucher is valid for one exam and may only be used at an Authorized Prometric Testing Center in the country for which it was purchased. Please be aware that exam vouchers are nonrefundable for any reason.

Details

• Delivered at: Authorized Prometric Testing Centers
• Prerequisites: Six to twelve months administering security in a Solaris OS
• Exam type: Multiple choice, drag-drop, matching
• Number of questions: 59
• Pass score: 52%
• Time limit: 105 minutes

The SCSA for Solaris 10 Exam Objectives

# 1. Describe basic security principles including the need for a security policy, process, education and the need to audit, patch and securely configure systems.

# 2. Describe the purpose, features, and functions of the Solaris 10 security features as they relate to:

• Device Policy
• Kerberos enabled applications, LDAP and Inter operability enhancements
• Process Rights Management
• Solaris Containers
• User Rights Management

# 3. Describe the purpose, features, and functions of the Solaris 10 security features as they relate to:

• Password Strength, Syntax Checking, History and Aging Improvements
• Basic Audit and Report Tool for File Integrity
• IPfilter Stateful Packet Filtering Firewall
• Solaris Secure Shell
• IPsec/IKE Performance Enhancements

# 4. Describe the purpose, features, and functions of the Solaris 10 security features as they relate to:

• Solaris Auditing
• Trusted Extensions
• PAM Improvements
• Encryption and Message Digest Functions Built into the Solaris OS

Section 2: Installing Systems Securely

# 6. Manage patches including describing the Update Manager, describing signed patches, verifying signatures, and specifying a Web Proxy.

# 7. Perform hardening including implementing the Solaris Security Toolkit (SST).

Section 3: Principles of Least Privilege

# 9. Implement User Rights Management including using Access Control, using RBAC, and implementing password strength, syntax checking, and history and aging improvements.

# 11. Manage file system security, including using signed ELF objects, implementing BART for file integrity, and using the Solaris Fingerprint Database.

# 13. Secure networks including using Access Control, using TCP Wrappers, implementing the IPfitler Stateful Packet Filtering Firewall, describing Kerberos, implementing Solaris Secure Shell (SSH), and describing NFSv4.

# 14.Implement IPsec including describing IPsec, configuration IPsec, configuring IKE, and troubleshooting IPsec configurations.

# 15. Describe, implement, configure and troubleshoot Kerberos configurations, including Kerberos clients, KDCs, and Kerberized services such as Secure Shell and NFSv4.

# 17. Implement security in Solaris Zones including describing security characteristics, identifying differences from previous subjects, describe the Global Zones, identifying when and how to use Zones, describing resource management, identifying Zones and network security, and using patching Zones.

# 18. Describe how Security Components work together, how technologies interact, and identify infrastructure requirements.

# 19. Manage resources including describing resource controls and resource exhaustion attack prevention.

Top Visited					Switchboard
					Latest
					Past week
					Past month

NEWS CONTENTS

News

[Jan 7, 2007] Solaris 10 Operating System Certification Learning Path is now available

Recommended Training

To succeed fully in this exam, candidates can take advantage of the following course(s):

Supporting Courses

• Network Administration for the Solaris 9 Operating System (SA-399)
• Network Administration for the Solaris 9 Operating System (WSB-399)
• Network Administration for the Solaris 9 Operating System (CDS-399)

  ---

  Etc

  Society

  Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

  Quotes

  War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotes :  Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce :  Bernard Shaw : Mark Twain Quotes

  Bulletin:

  Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

  History:

  Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS :  Programming Languages History : PL/1 : Simula 67 : C : History of GCC development :  Scripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

  Classic books:

  The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month :  How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

  Most popular humor pages:

  Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

  The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

  ---

  Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

  FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

  This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

  You can use PayPal to to buy a cup of coffee for authors of this site

  Disclaimer:

  The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019