During a security assessment of a Solaris OE system, the examiner finds the run-control script, /etc/rc3.d/S20myapp. After verifying the need for this script with the system’s custodian, the examiner notices that the script starts a program in /opt/myapp/bin.

Which is a possible security concern with this configuration?

Which two describe attack methods that can cause a user to unexpectedly execute a Trojan horse instead of an intended setuid program? (Assume only that the user’s shell initialization file is writable to the attacker.)

You decide that it may be a good idea to prevent Trojan horse and backdoor attacks. Which three commands are often replaced by root kits? (Choose three.)

You suspect that the ls(1) command may have been Trojaned on a Solaris 9 OE system. What can you use to list the contents of a directory prior to starting your forensic analysis?

/var filled up, and even though you delete some large files, /var immediately fills up again. Apparently, some process is writing to a file in /var at high speed.

You use /bin/find to search for a large and recently changed file in /var, but nothing shows up.

What is the reason?

What are three results of a fork-bomb denial of service (DoS) attack on a CPU? (Choose three.)

You suspect that one of your systems has been compromised. You want to inspect the system’s binaries and kernel modules by checksumming them and comparing them to the Solaris Fingerprint Database. What prerequisite step should you take before generating the checksums?

An attacker has compromised a system by guessing a user account. The attacker then escalates privileges through a Trojan horse. The attacker will then put back doors on the system. What enables a remote root shell, bypassing the PAM mechanism?

Which is NOT a result of a host-based denial of service attack?

A site security policy dictates that all failed logins to critical systems must be logged and monitored. Which parameter must be changed in /etc/default/login to enable this functionality?