Hi all,

I have some questions which I know how to solve technically, however, do not know if they will give me full credits depending on what the solution is.

1. If an SElinux setting is the default but in that way is less secure should I change it if on my exam they ask to configure SElinux for a service?
Or should I just check that the service works without SElinux errors.

2. If there is asked to limit access to the local network this can be done in different ways: /etc/hosts.allow|deny, iptables, service configuration file, SElinux do I get fully credited if I just deny it with IPtables?
Or should all possibilities be used to limit access(do note that I have it about the RHCE exam and the credits you get for your work)?

3. If a question for example is: configure vsftp to allow access to the /home directories. Can I then use a chroot and disable anonymous login? or should I just disable anonymous login?

Any help would be much appreciated

You have to do what you think is right - that's what the exam is testing.
In general, stick to doing what is actually written down in front of you. Don't try to complicate the question.

Take question 2: I can disable it with iptables, the service, ... But using only iptables will solve the problem. IMHO I don't see that this answer can help me in any way. I can't do anything with thinking I do it right when I actually do it wrong and want to do it right Having some answers on these questions should help me focus on what I really have to do and what is optional as this exam is time limited.

Also this example:
There is asked to create a 1000MB /home. Should the actual size to store files be literally 1000MB? Or can I create a partition that is 1000MB and will it be ok?
Or can I create a /home that is 1024MB then? will that give me still full credit?

As a good practice, you should but in exams, you don't get extra marks for that.

IN exam, anything that works, ie any single solution will do, be it tcpwrappers or service config or iptables. You don't get extra marks for doing all. But in real life, I suggest to use a few lines of defence and be paranoid.

I don't quite understand the question but I dont see why someone should spend much time over the "disabling anonymous login" as this should be straight forward.

as long as you are not far off, the examiners wont be picky about that. They know it is hard to get the exact partition size so their marking script will be flexible in this area. I think the exam script would be clear in this area.

cheers.

Most students sitting exams face this dilemma - you are concerned not so much that you achieve the asked-for result but that you produce the method the examiner will give the most marks to.

Where this matters, it is in your work notes for the course and really needs to be discussed with a tutor, since each examiner will mark the exam differently anyway.

Usually, with the RHCE exam, whatever completely fulfills the spec of the job description is given full marks. So you could describe a system which utilizes every method you can think of, with justification for them, and you'll get very good grades indeed... and run into time constraints.

So your problem is more about exam strategy.

So you need example problem from the institution giving you the exam - anybody else can only tell you about general practise - you need to know how the practise will be marked.

Mostly, though, you are worrying too much.

Look at the section of your notes which talks about creating a /home directory and partition and use the method it says. It is most likely that all you need to do is create a 1000MB partition to house /home.

You are unlikely to be penalised for 1024MB partition, but that will not be a correct answer unless you state that you want to be sure that at least 1000MB file storage is available.

Where you are interested in the amount of file storage will be where you are administering user accounts on a file server. Users may be charged by their bandwidth. In which case, questions will specify this.

Strategy:
This is a proffessional certification - treat each question as a job spec. Your task is to fulfil this spec efficiently.

The time constraint is part of the efficiency test, the more complete your solution within the time the more marks you will get.

To manage time, many students use a three-pass method ... you go through the exam providing the minimum answers to complete the job. That way you answer all questions but some will not be complete. However, you should have time to spare, and your answers are likely to be a passing grade. Most students find this takes half to two-thirds the available time.

Next go through the paper again looking for solutions that could be more complete. This is the second pass - if you are provided with the weighting for each question (the number of total marks it is worth) then you want to make sure that your answers are consistent with the mark-weight compared with other answers.

Lastly, co over the paper in reverse order looking for mistakes. This is usually done in the last 5-10mins.

Philosophy: forget about getting the "right" answer. That does not exist and you'll only make yourself ill. Stick to efficiency.

2 members found this post helpful.

Lets look at your specifics in tems of exam strategy...
If all you are asked to do is configure SELinux for a service than that is all you should do. For completeness, you may want to add that there may be security concerns in keeping the default configuration.

This is actually what you do professionally when a client gives you a job description which you think is poorly thought out - you tell the client, in a report, how you would go about doing what they ask, then add that you have concerns about what they ask for and detail them with what would be required to address those concerns.

It is up to the client to decide if they want those concerns addressed.

You need to read the question carefully for what sort of limit is needed to the access. If you want to block a particular host, then host allow/deny is the way to go.

Whichever you choose - choose by efficiency - it is the one which completes the job and is also the quickest to write down. If you need more than one approach, the marks will be a clue ... if other questions work out to 5 points per method and this question awards 10 points, then you'll probably need two methods - or one hard one.

Note: if the question just wants to deny access to a user, resetting that users password would be a correct answer.

Efficiency again - there are lots of ways to do this - in the absence of guidance, choose the one that is fastest to write down.

Use meta data to help you choose: Does the question want USER to have access to /home/$USER or does it want USER to have access to /home/* - what may be the purpose of this?How does this consideration narrow down your options (it will)?

No question is asked in a vaccuum - for RHCE you are expected to hae had experience and a course behind you. Use it.

1 members found this post helpful.

I studied without following a course and this morning I did do the exam.

Thank you all for you reactions and clearing this up for me!
This is greatly appreciated

@deadeyes how was the result?,.. sorry just asking.

I failed on the rhce part. I don't have a clear view though on what I did wrong(I know some part for sure). I had expected to have better grades. And the exam structure was changed.

@deadeyes sorry to hear that,.. but I am sure you will pass if you try again. Maybe, a more understanding of the question structure. descarte and Simon Bridge advices were straight to the point. I will keep their words in mind when resiting for mine.

Hi all,

Sorry to bump this "old" thread up again.
I am preparing for doing a second shot and was just reading this thread again.
Last time I was just taking the exam when Simon Bridge was replying to me.
After I finished the exam and failed the RHCE part I was a bit disappointed about the result so I wasn't that carefully reading.

Now this time I am reading carefully and I think I didn't thanked Simon Bridge enough for his advice. I think he did an amazing job answering my questions and making the exam more clear. Thanks Simon Bridge!

I am pretty assured I will pass this second time . I thought about the whole exam again and found some things I had been doing wrong.
I have better knowledge about SElinux and some services. (note that I used the RHCE Exam Guide from Michael Jang or something and that it is not complete)

Still one question..
Since the first time I took it I have been wondering...
I configured SElinux but was not sure if everything would still work. So I disabled it at the end. I guess I didn't get any grades for the SElinux part then. Is that correct? Maybe if I just enabled SElinux I would have passed then(I dont know how many marks where on this part)?

Read the notes about how you will be examined carefully. If you were expected to set up a particular machine according to a particular specification, and you did not do that, then you will lose marks. Per your example, if the required result needed SELinux enabled, then you would have lost marks for disabling it. It is not possible to know how critical this was without the mark breakdown or a marking schedule.

A trick may be to write your rationale as a comment in the relevant configuration file. Commenting configs as you go is generally good practise since it tells the engineer to come after you what you did and why. An experienced sysadmin may actually boost your grade because of this... though this will be personal to the marker. Of course, the trouble is, you may write too much and hang yourself.

Most organisations provide a marking schedule and/or some means to get a breakdown of your grade. You need to know your strengths and challenges from the organization's POV. Ask them.

I understand that it is not possible to determine how critical this was without the mark breakdown. It was rather a thought
I am aware that I lost marks for this. I just wonder if I lost ALL marks on SElinux. I would expect I did loose all the marks as there is checked for the result and that the exam is checked using a script. So I would also expect to loose all marks if for example I forget to enable a service as it does not work at all.

In my daily job I write comments in configuration directives I have changed.
However in case of the RHCE I would think this is not relevant as the exam is checked using a script.

Thanks again for your advice, time and patience

That is pretty bad assessment practise. Basically, you have to configure your system in the manner the script expects. You don't know how good the script is. You don't know if it looks for what is written in config files for eg.

I wonder if this is universal these days, - i.e. script supplied by redhat - or if it is just a few examiners?