Several of the magazines that I read publish a knowledge test each month. That, combined with the questions I receive on a regular basis, made me think that you may enjoy an IBM i security quiz.

By Carol Woodbury

Do you think you have a solid grasp of IBM i security concepts? Take this short test and find out how much you really know. The answers are at the end of this article.

#1: What special characters are allowed in a password at password level 0 and 1?

A. Any special character

B. No special characters

C. Ampersand (&) and question mark (?)

D. Pound (#), dollar ($), underline (_), at (@)

#2: What authority is required to change a user profile?

A. *SECADM special authority and *USE to the profile

B. *SECADM special authority

C. *ALLOBJ special authority

D. *SECADM and *ALLOBJ special authorities

#3: What authority is required to create a file share?

A. *ALLOBJ special authority

B. Ownership of the directory

C. *ALL authority to the directory

D. Ownership or *IOSYSCFG special authority

#4: True or false? You need *SAVSYS special authority to save an object.

#5: True or false? No authority checking is performed at security level (QSECURITY) 20.

#6: A profile can be a member of how many group profiles?

A. 1

B. 2

C. 8

D. 16

#7: True or false? A group can be a member of another group.

#8: What's the value of the QSECURITY system value as shipped by IBM?

A. 10

B. 30

C. 40

D. 60

#9: True or false? If you grant a user with *ALLOBJ special authority a private authority of *EXCLUDE, the user will not be able to access the object.

#10: What is saved when the Save Security Data (SAVSECDTA) command is run?

A. User profiles

B. Private authorities

C. Private authorities and user profiles

D. Private authorities, user profiles, and authorization lists

#11: True or false? QSECOFR and the QSECOFR service ID are two separate entities.

#12: True or false? The User profile attribute of a program is what configures a program to adopt its owner's authority.

#13: True or false? You can secure a user profile with an authorization list.

#14: *IOSYSCFG special authority allows you to:

A. Work with user profiles

B. Create file shares

C. Configure output queues

D. Create job descriptions

#15: What system value can be used to prevent default passwords?

A. QPWDRULES

B. QSECURITY

C. QDFTPWD

D. QINACTITV

Answer Key

#1: Answer: D

#2: Answer: A. You may think that D is also correct. While that authority combination would allow you to change a profile, *ALLOBJ is not required; only *USE authority to the profile is required.

#3: Answer: The combination of A and D is correct. You need to own the directory and have *ALLOBJ or *IOSYSCFG authority to create a file share.

#4: Answer: False. As long as you have *OBJEXIST to the object, you can save it.

#5: Answer: False. The same authority-checking algorithm is in effect at all security levels. But since all profiles are created with *ALLOBJ special authority, it appears that no authority checking is performed. And since the authority-checking algorithm is run at all security levels, if you re-work your security configuration, you can test it by removing profiles' *ALLOBJ prior to changing the security level and IPLing the system.

#6: Answer: D

#7: Answer: False. Attempting to make a group a member of another group will fail.

#8: Answer: C

#9: Answer: False. The security-checking algorithm first checks to see if the user has *ALLOBJ. If it does, access is granted because the private authority is not checked.

#10: Answer: D

#11: Answer: True. The QSECOFR user profile is not the same entity as the QSECOFR service ID that is used to sign in to Dedicated Service Tools (DST) or System Service Tools (STRSST).

#12: Answer: True. You may think it's the Use adopted authority that makes the program adopt, but that determines whether the program will use adopted authority from programs higher in the call stack.

#13: Answer: False

#14: Answer: B

#15: Answer: A. Specifying *LMTPRFNAME and *ALLCRTCHG (available starting in V7R2) prevents profiles from being created or changed to have a default password. And once you put one password rule in place, the operating system prevents end users from setting their password to a default password.

Summary

I hope that you've enjoyed this quiz. If you didn't get them all correct, then maybe you've learned some new facts about IBM i security.

 

Carol Woodbury is IBM i Security SME and Senior Advisor to Kisco Systems, a firm focused on providing IBM i security solutions. Carol has over 30 years’ experience with IBM i security, starting her career as Security Team Leader and Chief Engineering Manager for iSeries Security at IBM in Rochester, MN. Since leaving IBM, she has co-founded two companies: SkyView Partners and DXR Security. Her practical experience and her intimate knowledge of the system combine for a unique viewpoint and experience level that cannot be matched.

Carol is known worldwide as an author and award-winning speaker on security technology, specializing in IBM i security topics. She has written seven books on IBM i security, including her two current books, IBM i Security Administration and Compliance, 3^rd Edition and Mastering IBM i Security, A Modern, Step-by-Step Approach. Carol has been named an IBM Champion since 2018 and holds her CISSP and CRISC security certifications.

---

MC Press books written by Carol Woodbury available now on the MC Press Bookstore.

		IBM i Security Administration and Compliance: Third Edition Don't miss the newest edition by the industry’s #1 IBM i security expert. List Price $71.95 Now On Sale
		Mastering IBM i Security Get the must-have guide by the industry’s #1 security authority. List Price $49.95 Now On Sale

Also Read

Voice AI surge: How talking tech could reshape business

Generative AI isn’t just about technology; it’s about business transformation

New IBV study: AI drives mainframe innovation