EX333

Exam description

Note: This exam and credential are no longer available.

The Red Hat® Enterprise Security: Network Services Expertise Exam is a performance-based exam that tests the skills covered in the Red Hat Enterprise Security: Network Services (RHS333) course. To enroll in this exam, candidates must hold a current Red Hat Certified Engineer (RHCE®) certification.

Audience for this exam

• Experienced RHCE Linux ®system administrators responsible for the overall security of their systems and networked services
• Experienced RHCE Linux system administrators tasked with security on other operating systems but who now want to perform those tasks on a Red Hat Enterprise Linux system
• An RHCE interested in earning RHCA certification

Prerequisites for this exam

Exam candidates must:

• Hold a current RHCE certification at the time the exam is taken.
• Have Red Hat Enterprise Security: Network Services (RHS333) or equivalent experience.
• Understand that real-world system administration experience is also an important aspect of preparation for the exam.

Study points for the exam

Candidates should be able to perform the tasks listed below:

Centralized authentication security

• Configure an NIS server to provide directory services
• Configure Kerberos to provide user authentication
• Configure NFSv4 server
• Configure a network client to use NIS for directory information
• Configure a network client to use Kerberos for authentication
• Configure a network client to mount an NFSv4 export
• Configure r-clients (rlogin, rcp, etc.) and telnet to use Kerberos

Network Services Security

• Use xinetd and TCP wrappers to restrict access to network services
• Configure Postfix and Sendmail to:
  • Filter mail based on message characteristics
  • Use TLS for secure communication
  • Use the Real-time Blackhole List (RBL) via DNS
• Configure POP/IMAP to use SSL/TLS for secure communication
• Configure the following aspects of DNS:
  • Master domain
  • Slave domain
  • Views
  • Forwarders
  • Blackhole lists (RBL)
  • TSIG
• Use GPG tools to:
  • Generate key pairs
  • Sign documents
  • Encrypt documents
  • Decrypt documents
  • Verify document signatures
• Configure a certificate authority (CA) and sign certificate requests
• Configure httpd to use an SSL certificate signed by a certifying authority
• Configure httpd to use passwords and/or network location to restrict access to content
• Configure FTP security to:
  • Support FTP only users
  • Implement host-based access restrictions

As with all Red Hat performance-based exams, configurations must persist after reboot without intervention.

Preparation

Candidates must be an RHCE on a release that is considered current in order to take this exam.

Components of the exam

The Enterprise Security: Network Services Expertise Exam is organized into two sections:

Centralized Authentication Security: 3.0 hours

Network Service Security: 3.0 hours

In order to earn the Enterprise Security: Network Services Certificate of Expertise, one must earn a score of 70 or higher on each section.