Oracle Exam 1Z0-821 Topic 2 Question 8 Discussion

Actual exam question for Oracle's 1Z0-821 exam

Question #: 8
Topic #: 2

A change in your company's security policy now requires an audit trial of all administrators assuming the sysadm role, capturing:

There are two command necessary to accomplish this change. One is a rolemod command. What is the other?

Aauditconfig set policy=argv

Bauditconfig -setpolicy +argv

Cauditconfig -setflags lo, ex sysadm

Dauditconfig set flags=lo, ex sysadm

Show Suggested Answer

Suggested Answer: B

Audit Significant Events in Addition to Login/Logout (see step 2 below)

Use this procedure to audit administrative commands, attempts to invade the system, and other significant events as specified by your site security policy.

For all users and roles, add the AUE_PFEXEC audit event to their preselection mask.

# usermod -K audit_flags=lo, ps:no username

# rolemod -K audit_flags=lo, ps:no rolename

# auditconfig -setpolicy +argv

3- Record the environment in which audited commands are executed.

# auditconfig -setpolicy +arge

Note: [-t] -setpolicy [+|-]policy_flag[, policy_flag ...]

Set the kernel audit policy. A policy policy_flag is literal strings that denotes an audit policy. A prefix of + adds the policies specified to the current audit policies. A prefix of - removes the policies specified from the current audit policies. No policies can be set from a local zone unless the perzone policy is first set from the global zone.

by Bok at May 08, 2022, 07:59 AM

Limited Time Offer

25%

Off

Get Premium 1Z0-821 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!