Course structure
To help you study, review the following exam objectives that highlight the task areas you can expect to see covered in the exam. Red Hat reserves the right to add, modify, and remove exam objectives. Such changes will be made public in advance.
Study points for the exam
- Use Red Hat Ansible® Engine
- Install Red Hat Ansible Engine on a control node.
- Configure managed nodes.
- Configure simple inventories.
- Perform basic management of systems.
- Run a provided playbook against specified nodes.
- Configure intrusion detection
- Install AIDE.
- Configure AIDE to monitor critical system files.
- Configure encrypted storage
- Encrypt and decrypt block devices using LUKS.
- Configure encrypted storage persistence using NBDE.
- Change encrypted storage passphrases.
- Restrict USB devices
- Install USBGuard.
- Write device policy rules with specific criteria to manage devices.
- Manage administrative policy and daemon configuration.
- Manage system login security using pluggable authentication modules (PAMs)
- Configure password quality requirements.
- Configure failed login policy.
- Modify PAM configuration files and parameters.
- Configure system auditing
- Write rules to log auditable events.
- Enable prepackaged rules.
- Produce audit reports.
- Configure SELinux
- Enable SELinux on a host running a simple application.
- Interpret SELinux violations and determine remedial action.
- Restrict user activity with SELinux user mappings.
- Analyze and correct existing SELinux configurations.
- Enforce security compliance
- Install OpenSCAP and Workbench.
- Use OpenSCAP and Red Hat Insights to scan hosts for security compliance.
- Use OpenSCAP Workbench to tailor policy.
- Use OpenSCAP Workbench to scan an individual host for security compliance.
- Use Red Hat Satellite server to implement an OpenSCAP policy.
- Apply OpenSCAP remediation scripts to hosts.
As with all Red Hat performance-based exams, configurations must persist after reboot without intervention.