Home » Oracle » 1z0-822 » Which statement describes the user auuser audit mask?
Examine the following information:
Which statement describes the user auuser audit mask?
A. All failed and successful lo events, all failed and successful am events will be logged, no ss events will be logged.
B. All failed and successful lo events, all failed and successful am events and successful ss events will be logged.
C. All failed and successful lo events, all failed and successful am events and failed ss events will be logged.
D. All failed and successful lo events and all failed and successful ss events will be logged.
Correct Answer: A
Explanation/Reference:
Note:
* The Trusted Solaris environment provides audit classes including:
ss – Change system state
no – Invalid class
lo – Login or logout
* always-audit
Lists the audit classes that are audited for this user. Modifications to the system-wide classes are prefixed by a caret (^). Classes that are added to the system-wide classes are not prefixed by a caret.
never-audit
Lists the audit classes that are never audited for the user, even if these audit events are audited system- wide. Modifications to the system-wide classes are prefixed by a caret (^).
* Process preselection mask A combination of the system-wide audit mask and the user-specific audit mask, if a user audit mask has been specified. When a user logs in, the login process combines the preselected classes to establish the process preselection mask for the user’s processes. The process preselection mask specifies whether events in each audit class are to generate audit records.
The following algorithm describes how the system obtains the user’s process preselection mask:
(system-wide default flags + always-audit-classes) – never-audit-classes
* getent user_attr
getent
- get entries from administrative database
getent gets a list of entries from the administrative database specified by database. The information generally comes from one or more of the sources that are specified for the database in /etc/nsswitch.conf.
|
Download Printable PDF. VALID exam to help you PASS.
|
 |
I agree with Walacc.
Answer B is the correct one.
Very likely answer B is the correct one
A cannot be the right answer since user_attr contains audit_flags=SS\:NO which according to audit_flags man page: audit flags may be configured in the user_attr(4) database or in the profiles granted to the user by the audit_flags=always-audit-flags:never-audit-flags keyword.