Retired - Red Hat Enterprise Security: Network Services Expertise exam


Exam description

Note: This exam and credential are no longer available.

The Red Hat® Enterprise Security: Network Services Expertise Exam is a performance-based exam that tests the skills covered in the Red Hat Enterprise Security: Network Services (RHS333) course. To enroll in this exam, candidates must hold a current Red Hat Certified Engineer (RHCE®) certification.

Audience for this exam

  • Experienced RHCE Linux ®system administrators responsible for the overall security of their systems and networked services
  • Experienced RHCE Linux system administrators tasked with security on other operating systems but who now want to perform those tasks on a Red Hat Enterprise Linux system
  • An RHCE interested in earning RHCA certification

Prerequisites for this exam

Exam candidates must:

  • Hold a current RHCE certification at the time the exam is taken.
  • Have Red Hat Enterprise Security: Network Services (RHS333) or equivalent experience.
  • Understand that real-world system administration experience is also an important aspect of preparation for the exam.


Study points for the exam

Candidates should be able to perform the tasks listed below:

Centralized authentication security
  • Configure an NIS server to provide directory services
  • Configure Kerberos to provide user authentication
  • Configure NFSv4 server
  • Configure a network client to use NIS for directory information
  • Configure a network client to use Kerberos for authentication
  • Configure a network client to mount an NFSv4 export
  • Configure r-clients (rlogin, rcp, etc.) and telnet to use Kerberos
Network Services Security
  • Use xinetd and TCP wrappers to restrict access to network services
  • Configure Postfix and Sendmail to:
    • Filter mail based on message characteristics
    • Use TLS for secure communication
    • Use the Real-time Blackhole List (RBL) via DNS
  • Configure POP/IMAP to use SSL/TLS for secure communication
  • Configure the following aspects of DNS:
    • Master domain
    • Slave domain
    • Views
    • Forwarders
    • Blackhole lists (RBL)
    • TSIG
  • Use GPG tools to:
    • Generate key pairs
    • Sign documents
    • Encrypt documents
    • Decrypt documents
    • Verify document signatures
  • Configure a certificate authority (CA) and sign certificate requests
  • Configure httpd to use an SSL certificate signed by a certifying authority
  • Configure httpd to use passwords and/or network location to restrict access to content
  • Configure FTP security to:
    • Support FTP only users
    • Implement host-based access restrictions

As with all Red Hat performance-based exams, configurations must persist after reboot without intervention.

What you need to know


Candidates must be an RHCE on a release that is considered current in order to take this exam.

Components of the exam

The Enterprise Security: Network Services Expertise Exam is organized into two sections:

Centralized Authentication Security: 3.0 hours
Network Service Security: 3.0 hours

In order to earn the Enterprise Security: Network Services Certificate of Expertise, one must earn a score of 70 or higher on each section.