Red Hat Enterprise Security: Network Services Expertise Exam Preparation
Guide
Overview
The EX333 Enterprise Security: Network Services Expertise
Exam tests the ability of an RHCE to use host-based, user-based,
and cryptographic security techniques to control access standard
network services. Only current RHCEs are eligible to take this
exam.
This guide provides information candidates may use in
preparing to take the EX333 Enterprise Security: Network
Services Expertise exam. Red Hat is not responsible for the
content or accuracy of other guides, books, on-line resources,
or any other information provided by organizations or
individuals other than Red Hat Global Learning Services. Red Hat
reserves the right to change this Guide when appropriate and
candidates who have enrolled in forthcoming classes or exams are
advised to check this guide periodically for changes.
Performance-based Exams
This exam is a performance-based evaluation of system
administration skills and knowledge. Candidates perform a number
of routine system administration tasks and are evaluated on
whether they have met specific objective criteria.
Performance-based testing means that candidates must perform
tasks similar to what they perform on the job.
Prospective employers of people with the EX333 Enterprise
Security: Network Services Certificate of Expertise credential
should verify any and all claims by people claiming to hold one
of this credential by requesting their certificate number and
verifying it.
Authorized Training Partners
Only Red Hat and Red Hat Certified Training Partners offer
this exam. Prospective candidates should exercise due diligence
when purchasing a seat in an exam from a provider other than Red
Hat itself. They should verify that the provider is, in fact, an
authorized training partner in good standing.
Official scores for this exam come exclusively from Red Hat
Certification Central. Red Hat does not authorize examiners or
training partners to report results to candidates directly.
Scores on the exam are usually reported within five (5) US
business days.
Exam results are reported as section scores. Red Hat does not
report performance on individual items, nor will it provide
additional information upon request.
Preparation for the EX333 Enterprise Security: Network
Services Expertise Exam
Red Hat encourages all candidates for the EX333 Enterprise
Security: Network Services Expertise Exam to consider taking
RHS333 - Red Hat Enterprise Security and Network Services
Attendance in this class is not required, so one can choose to
take just the exam. Many successful candidates who have come to
class already possessing substantial skills and knowledge have
reported that the class made a positive difference for them.
While attending Red Hat classes can be an important part of
one's preparation to take this exam, attending class does not
guarantee success on the exam. Previous experience, practice,
and native aptitude are also important determinants of success.
Many books and other resources on system administration for
Red Hat's products are available. Red Hat does not officially
endorse any as preparation guides for its exam. Nevertheless,
you may find additional reading deepens understanding and can
prove helpful.
Components of the Exam
The Enterprise Security: Network Services Expertise Exam is
organized into two sections:
- Centralized Authentication Security: 3.0 hours
- Network Service Security: 3.0 hours
In order to earn the Enterprise Security: Network Services
Certificate of Expertise, one must earn a score of 70 or higher
on each section.
Study Points for the Exam
Prerequisite skills for the Exam
Candidates must be a Red Hat Certified Engineer on a release
that is considered current in order to take this exam.
Enterprise Security: Network Services
Candidates should be able to perform the tasks listed below.
Centralized Authentication Security
- configure an NIS server to provide directory
services
- configure Kerberos to provide user authentication
- configure NFSv4 server
- configure a network client to use NIS for
directory information
- configure a network client to use Kerberos for
authentication
- configure a network client to mount an NFSv4
export
- configure r-clients (rlogin, rcp, etc.) and telnet to
use Kerberos
Network Services Security
- Use xinetd and TCP wrappers to restrict access to
network services
- Configure Postfix and Sendmail to:
- filter mail based on message characteristics
- use TLS for secure communication
- use the Real-time Blackhole List (RBL) via DNS
- Configure POP/IMAP to use SSL/TLS for secure
communication
- Configure the following aspects of DNS:
- master domain
- slave domain
- views
- forwarders
- blackhole lists (RBL)
- TSIG
- Use GPG tools to:
- generate key pairs
- sign documents
- encrypt documents
- decrypt documents
- verify document signatures
- Configure a certificate authority (CA) and sign
certificate requests
- Configure httpd to use a SSL certificate signed by a
certifying authority
- Configure httpd to use passwords and/or network location
to restrict access to content
- Configure FTP security to
- support FTP only users
- implement host based access restrictions
- Intrusion detection using tools in Red Hat
Enterprise Linux
As with all Red Hat performance-based exams, configurations
must persist after reboot without intervention.
Red Hat Courses Covering These Skills
RHS333 trains people with RHCE-level competency to
understand, prevent, detect, and properly respond to
sophisticated security threats aimed at enterprise systems. The
course equips system administrators and security professionals
with the skills and knowledge to harden computers against both
internal and external attacks, providing in-depth analysis of
the ever-changing threat models as they pertain to Red Hat
Enterprise Linux. RHS333 builds on the security skills developed
in other Red Hat training courses so that administrators can
design and implement an adequate security profile for critical
enterprise systems.