Red Hat Enterprise Security: Network Services Expertise Exam Preparation Guide

Overview

The EX333 Enterprise Security: Network Services Expertise Exam tests the ability of an RHCE to use host-based, user-based, and cryptographic security techniques to control access standard network services. Only current RHCEs are eligible to take this exam.

This guide provides information candidates may use in preparing to take the EX333 Enterprise Security: Network Services Expertise exam. Red Hat is not responsible for the content or accuracy of other guides, books, on-line resources, or any other information provided by organizations or individuals other than Red Hat Global Learning Services. Red Hat reserves the right to change this Guide when appropriate and candidates who have enrolled in forthcoming classes or exams are advised to check this guide periodically for changes.

Performance-based Exams

This exam is a performance-based evaluation of system administration skills and knowledge. Candidates perform a number of routine system administration tasks and are evaluated on whether they have met specific objective criteria. Performance-based testing means that candidates must perform tasks similar to what they perform on the job.
Prospective employers of people with the EX333 Enterprise Security: Network Services Certificate of Expertise credential should verify any and all claims by people claiming to hold one of this credential by requesting their certificate number and verifying it.

Authorized Training Partners

Only Red Hat and Red Hat Certified Training Partners offer this exam. Prospective candidates should exercise due diligence when purchasing a seat in an exam from a provider other than Red Hat itself. They should verify that the provider is, in fact, an authorized training partner in good standing.

Official scores for this exam come exclusively from Red Hat Certification Central. Red Hat does not authorize examiners or training partners to report results to candidates directly. Scores on the exam are usually reported within five (5) US business days.
Exam results are reported as section scores. Red Hat does not report performance on individual items, nor will it provide additional information upon request.

Preparation for the EX333 Enterprise Security: Network Services Expertise Exam

Red Hat encourages all candidates for the EX333 Enterprise Security: Network Services Expertise Exam to consider taking RHS333 - Red Hat Enterprise Security and Network Services Attendance in this class is not required, so one can choose to take just the exam. Many successful candidates who have come to class already possessing substantial skills and knowledge have reported that the class made a positive difference for them.

While attending Red Hat classes can be an important part of one's preparation to take this exam, attending class does not guarantee success on the exam. Previous experience, practice, and native aptitude are also important determinants of success.

Many books and other resources on system administration for Red Hat's products are available. Red Hat does not officially endorse any as preparation guides for its exam. Nevertheless, you may find additional reading deepens understanding and can prove helpful.

Components of the Exam

The Enterprise Security: Network Services Expertise Exam is organized into two sections:

•  Centralized Authentication Security: 3.0 hours
•  Network Service Security: 3.0 hours

In order to earn the Enterprise Security: Network Services Certificate of Expertise, one must earn a score of 70 or higher on each section.

Study Points for the Exam

Prerequisite skills for the Exam

Candidates must be a Red Hat Certified Engineer on a release that is considered current in order to take this exam.

Enterprise Security: Network Services

Candidates should be able to perform the tasks listed below.

Centralized Authentication Security

•  configure an NIS server to provide directory services
•  configure Kerberos to provide user authentication
•  configure NFSv4 server
•  configure a network client to use NIS for directory information
•  configure a network client to use Kerberos for authentication
•  configure a network client to mount an NFSv4 export
• configure r-clients (rlogin, rcp, etc.) and telnet to use Kerberos

Network Services Security

• Use xinetd and TCP wrappers to restrict access to network services
• Configure Postfix and Sendmail to:
  • filter mail based on message characteristics
  •  use TLS for secure communication
  • use the Real-time Blackhole List (RBL) via DNS
• Configure POP/IMAP to use SSL/TLS for secure communication
• Configure the following aspects of DNS:
  • master domain
  • slave domain
  • views
  • forwarders
  • blackhole lists (RBL)
  •  TSIG
• Use GPG tools to:
  • generate key pairs
  • sign documents
  • encrypt documents
  • decrypt documents
  • verify document signatures
• Configure a certificate authority (CA) and sign certificate requests
• Configure httpd to use a SSL certificate signed by a certifying authority
• Configure httpd to use passwords and/or network location to restrict access to content
•  Configure FTP security to
  • support FTP only users
  • implement host based access restrictions
•  Intrusion detection using tools in Red Hat Enterprise Linux

As with all Red Hat performance-based exams, configurations must persist after reboot without intervention.

Red Hat Courses Covering These Skills

RHS333 trains people with RHCE-level competency to understand, prevent, detect, and properly respond to sophisticated security threats aimed at enterprise systems. The course equips system administrators and security professionals with the skills and knowledge to harden computers against both internal and external attacks, providing in-depth analysis of the ever-changing threat models as they pertain to Red Hat Enterprise Linux. RHS333 builds on the security skills developed in other Red Hat training courses so that administrators can design and implement an adequate security profile for critical enterprise systems.