Oracle Exam 1Z0-821 Topic 3 Question 99 Discussion

Actual exam question for Oracle's 1Z0-821 exam

Question #: 99
Topic #: 3

United States of America export laws include restrictions on cryptography.

Identify the two methods with which these restrictions are accommodated in the Oracle Solaris 11 Cryptographic Framework.

ACorporations must utilize signed X.509 v3 certificates.

BA third-party provider object must be signed with a certificate issued by Oracle.

CLoadable kernel software modules must register using the Cryptographic Framework SPI.

DThird-party providers must utilize X.509 v3 certificates signed by trusted Root Certification Authorities.

ESystems destined for embargoed countries utilize loadable kernel software modules that restrict encryption to 64 bit keys.

Show Suggested Answer

Suggested Answer: B, C

B: Binary Signatures for Third-Party Software

The elfsign command provides a means to sign providers to be used with the Oracle Solaris Cryptographic Framework. Typically, this command is run by the developer of a provider.

The elfsign command has subcommands to request a certificate from Sun and to sign binaries. Another subcommand verifies the signature. Unsigned binaries cannot be used by the Oracle Solaris Cryptographic Framework. To sign one or more providers requires the certificate from Sun and the private key that was used to request the certificate.

C: Export law in the United States requires that the use of open cryptographic interfaces be restricted. The Oracle Solaris Cryptographic Framework satisfies the current law by requiring that kernel cryptographic providers and PKCS #11 cryptographic providers be signed.

by Jaleesa at Oct 21, 2024, 07:01 AM

Limited Time Offer

25%

Off

Get Premium 1Z0-821 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Ines

1 months ago

I can't believe they're asking about this stuff on the exam. Next thing you know, they'll be asking us to come up with encryption policies for the NSA. *chuckles*

upvoted 0 times

...

Chaya

1 months ago

Hmm, I'm not sure about E. Doesn't that seem a bit too specific and unlikely to be the right answer? I'd go with C and D.

upvoted 0 times

Annabelle

3 days ago

User 3: Yeah, E does seem a bit unlikely, C and D make more sense.

upvoted 0 times

...

Tran

4 days ago

User 2: I agree, C and D seem like the more reasonable options.

upvoted 0 times

...

Tanesha

7 days ago

User 1: I think E is too specific, I would go with C and D.

upvoted 0 times

...

Glen

1 months ago

Definitely C and D. The US export laws are all about restricting encryption, so the Cryptographic Framework has to have those controls in place.

upvoted 0 times

Ivette

10 days ago

Yes, the restrictions on cryptography are necessary to ensure compliance with US export laws.

upvoted 0 times

...

Sena

12 days ago

The Cryptographic Framework SPI is essential for loadable kernel software modules to register and comply with export laws.

upvoted 0 times

...

Ronna

29 days ago

It's important for third-party providers to use X.509 v3 certificates signed by trusted Root Certification Authorities.

upvoted 0 times

...

Tricia

1 months ago

I agree, C and D are the correct methods to accommodate the restrictions on cryptography.

upvoted 0 times

...

Lelia

2 months ago

I think the correct answer is C and D. The Cryptographic Framework requires kernel modules to be registered, and third-party providers need to use trusted certificates.

upvoted 0 times