Red Hat Enterprise SELinux Policy Administration: Expertise Exam Preparation Guide

Overview

The EX429 SELinux Policy Administration Expertise Exam tests the ability of an RHCE to modify parameters within the included SELinux Policy in Red Hat Enterprise Linux and to configure custom SELinux policies.

This guide provides information candidates may use in preparing to take the SELinux Policy Administration Expertise Exam. Red Hat is not responsible for the content or accuracy of other guides, books, on-line resources, or any other information provided by organizations or individuals other than Red Hat Global Learning Services. Red Hat reserves the right to change this Guide when appropriate and candidates who have enrolled in forthcoming classes or exams are advised to check this guide periodically for changes.

Performance-based Exams

This exam is a performance-based evaluations of system administration skills and knowledge. Candidates perform a number of routine system administration tasks and are evaluated on whether they have met specific objective criteria. Performance-based testing means that candidates must perform tasks similar to what they perform on the job.

Prospective employers of people with the SELinux Policy Administration Certificate of Expertise credential should verify any and all claims by people claiming to hold one of this credential by requesting their certificate number and verifying it.

Authorized Training Partners

Only Red Hat and Red Hat Certified Training Partners administer this exam. Prospective candidates should exercise due diligence when purchasing a seat in an exam from a provider other than Red Hat itself. They should verify that the provider is, in fact, an authorized training partner in good standing.

Official scores for this exam come exclusively from Red Hat Certification Central. Red Hat does not authorize examiners or training partners to report results to candidates directly. Scores on the exam are usually reported within five (5) US business days.
Exam results are reported as section scores. Red Hat does not report performance on individual items, nor will it provide additional information upon request.

Preparation for the EX429 SELinux Policy Administration Expertise Exam

Red Hat encourages all candidates for the SELinux Policy Administration Expertise Exam to consider taking RHS429 Red Hat Enterprise SELinux Policy Administration Attendance in this class is not required, so one can choose to take just the exam. Many successful candidates who have come to class already possessing substantial skills and knowledge have reported that the class made a positive difference for them.

While attending Red Hat classes can be an important part of one's preparation to take this exam, attending class does not guarantee success on the exam. Previous experience, practice, and native aptitude are also important determinants of success.
Many books and other resources on system administration for Red Hat's products are available. Red Hat does not officially endorse any as preparation guides for its exam. Nevertheless, you may find additional reading deepens understanding and can prove helpful.

Components of the EX429 Exam

The EX429 exam is organized into two sections:

• SELinux Policy Writing: 2.5 hours
• Targeted Policy System Maintenance: 1.0 hours

In order to earn the EX429 SELinux Policy Administration Certificate of Expertise, one must earn a score of 70 or higher for SELinux Policy writing and a score of 80 or higher for Targeted Policy System Maintenance.

Study Points for the Exam

Prerequisite skills for the Exam

Candidates must be a Red Hat Certified Engineer on a release that is considered current in order to take this exam.

SELinux Policy Administration

Candidates should be able to perform the tasks listed below.

SELinux Policy Writing

• Specify an enforcement mode
• Specify a particular policy
• Update a system to use the latest SELinux packages
• Create and implement a custom policy module to support a given service, including:
  • Port bindings
  • File and directory access
  • Type transitions
  • Default file types
  • Booleans
  • Type Aliases
• Targeted Policy System Maintenance
• Specify an enforcement mode
• Specify a particular policy
• Modify an existing policy including:
  • Port bindings
  • File and directory access
  • Type transitions
  • Default file types
  • Booleans
  • Type Aliases
• Backup/Restore a filesystem preserving SELinux attributes

As with all Red Hat performance-based exams, configurations must persist after reboot without intervention.

Red Hat Courses Covering These Skills

RHS429 Red Hat Enterprise SELinux Policy Administration

RHS429 provides a four day tutorial on SELinux and SELinux policy writing. The first day of the course provides a introduction to SELinux, how it operates within the Red Hat targeted policy, and the tools used to manipulate it. The class then will spend the remaining days learning how policies are written, compiled, and debugged.