A change in your companys security policy now requires an audit trial of all administrators assuming the sysadm role, capturing: ✑ Executed commands, including options ✑ Logins and logouts There are two command necessary to accomplish this change. One is a rolemod command. What is the other? 

Answer options:

A. auditconfig set policy=argv
B. auditconfig -setpolicy +argv
C. auditconfig -setflags lo, ex sysadm
D. auditconfig set flags=lo, ex sysadm

B

Audit Significant Events in Addition to Login/Logout (see step 2 below) Use this procedure to audit administrative commands, attempts to invade the system, and other significant events as specified by your site security policy. 1. Audit all uses of privileged commands by users and roles. For all users and roles, add the AUE_PFEXEC audit event to their preselection mask. # usermod -K audit_flags=lo,ps:no username # rolemod -K audit_flags=lo,ps:no rolename 2. Record the arguments to audited commands. # auditconfig -setpolicy +argv 3- Record the environment in which audited commands are executed. # auditconfig -setpolicy +arge Note: [-t] -setpolicy [+|-]policy_flag[,policy_flag ...] Set the kernel audit policy. A policy policy_flag is literal strings that denotes an audit policy. A prefix of + adds the policies specified to the current audit policies. A prefix of - removes the policies specified from the current audit policies. No policies can be set from a local zone unless the perzone policy is first set from the global zone. Incorrect answers: A: No subcommand set policy. C: -setflags audit_flags - Set the default user audit preselection flags; see audit_flags(5). The default preselection flags are combined with the user`s specific audit flags to form the user`s audit preselection mask. D: No subcommand set flags. Reference: Oracle Solaris 11 Security Guidelines, Audit Significant Events in Addition to Login/Logout