LinuC System Architect

LinuC-SA

Exam SA02 Objectives

In order to be certified as a LinuC System Architect, it is essential to take this exam and the SA01 exam. It covers the skills necessary to design and build an optimal architecture by taking a bird's-eye view of the entire lifecycle of a system that utilizes Linux and other OSS, including on-premise/cloud and real/virtualization.

Each item in the question pool is weighted according to its importance. The importance level indicates the relative importance of each topic. The more important a topic is, the more questions will be asked about it in the exam.

SA.05: Virtual Machine and Container

SA.05.1 Virtual machine design and management
Weight	3
Overview	Candidates understand basic virtualization technologies, evaluate performance, and troubleshoot issues. Candidates can manage virtualized environments, including migrating virtual machines and virtual disks.
Details	Understand factors affecting virtual machine operation and performance. Overcommitment NUMA Understand the advantages, disadvantages, and constraints of methods for virtual machine resource allocation and utilize them effectively. Pinning Scheduling, latency settings, and priority settings Understand hardware-assisted virtualization and virtual devices to aid in performance evaluation and troubleshooting. Linux features for hardware-assisted virtualization in x86 architecture (Intel VT-x, AMD-V) Process protection in operating systems for x86 architecture (Ring Protection) Understanding the operation, advantages, and disadvantages of virtio Key characteristics of major virtual disk formats (QCOW2, RAW) Migrate existing assets according to objectives. Migration from physical to virtual machines: virt-p2v Migration between virtual machines: virt-v2v Resize virtual disks

SA.05.2 Container design and build
Weight	3
Overview	Candidates understand mechanisms and methods for detailed container configuration (integration information, resource allocation, etc.). Candidates understand the structure of container images and effectively build, update, and manage them. Candidates can use appropriate volumes according to container use cases.
Details	Understand mechanisms for container resource allocation and permission settings. Configuration targets: CPU, memory, I/O, process ID Linux kernel features that realize this Understand the structure of container images. Image layers, container layers Image sharing among multiple containers Relationship between images and the host file system Build container images with considerations for size and security, understanding how to write Dockerfiles to achieve these. Selecting necessary and sufficient base images: scratch, distroless Specifying versions of components (e.g., apt/yum/dnf packages) Excluding unnecessary files: clearing download caches, using multi-stage builds, etc. Mount external volumes to containers, sharing and persisting data across multiple containers or hosts according to objectives. Bind mount tmpfs Understand detailed container operations in Docker. Set environment variables at startup Bulk manage multiple containers: docker compose

SA.05.3 Container orchestration
Weight	3
Overview	Candidates understand the basic operations of container orchestration and plan container-based system configurations.
Details	Understand the basic operations of container control by orchestration engines and their use cases. Declarative API, reconciliation loop Rescheduling at failure Auto-scaling Understand the configuration of interfaces that link orchestration engines and various resources. CRI, CNI, CSI Know the overview of components involved in Kubernetes operation and management. Pod, and workload resources managing Pods: Service, Deployment, StatefulSet Control plane components: kube-apiserver, kube-scheduler, etcd Data plane (nodes): kubelet, kube-proxy Commands: kubectl, kubeadm Understand the basic operations of major OSS related to service meshes and their integration with orchestration engines. Envoy Istio

SA.06: Security

SA.06.1 Authentication, authorization, and access control
Weight	3
Overview	Candidates can select appropriate methods for centralized authentication and authorization across multiple services, including external ones, and different operating systems, including multi-factor authentication. They can also configure and build specific setups using OSS. Candidates can compare various access control methods and appropriately configure access control functions in Linux.
Details	Understand the differences between Single Sign-On (SSO) implementation methods. Federation methods: OAuth, OpenID Connect, SAML Reverse proxy method Proxy authentication method Understand major implementations of multi-factor authentication and multi-step authentication. One-time passwords: Time-Based One-Time Password (TOTP) Understand passwordless authentication and FIDO authentication mechanisms. Build and operate authentication systems using Linux servers. Generation and management of one-time passwords Integrate with Active Directory using Samba. Build an Active Directory server on Linux Join Linux machines to Active Directory Understand the characteristics of various access control methods, including comparisons with Discretionary Access Control (DAC). Mandatory Access Control (MAC) Role-Based Access Control (RBAC) Attribute-Based Access Control (ABAC) Utilize Linux access control features according to specific purposes. SELinux AppArmor seccomp/BPF

SA.06.2 Security precautions
Weight	3
Overview	Candidates understand major attack methods that lead to system outage, information theft, leaks, and tampering. Candidates can diagnose and prevent issues across network, application, platform, and data layers.
Details	Understand the principles behind typical attack techniques, especially those that harm the system side. Various DoS/DDoS attack methods: Reflection attack, SYN flood, open resolver Applications used in DoS/DDoS: Memcached, NTP, DNS Unauthorized access methods: SQL and OS command injection, directory traversal, buffer overflow, credential stuffing Configure, execute, interpret detection results, and respond to vulnerability assessment tools. Manage vulnerabilities by deciding whether, when, and how often to fix them. Conduct penetration testing: GVM, ZAP Detect vulnerable packages (patches): Clair, Katello, Vuls Ensure compliance with standards: OpenSCAP Scan container images: Trivy Implement designs that allow only legitimate communications and access to prevent threats. WAF, DMZ, UTM Packet signature-based filtering, DPI Certificate-based authentication Prepare mitigation strategies against attacks and information leaks. DDoS Mitigation Device, ISP Blackhole Routing Rate limiting Sandboxing Encrypted file systems and storage: LUKS, dm-crypt, TPM Restrict access to external ports/devices (e.g., USB port restriction) Remove unused functions and settings to reduce potential vulnerabilities. Delete unnecessary users and access rights Detect unused services and software Configure permissions and resource settings for virtual machines/containers

SA.06.3 Detecting security incidents
Weight	3
Overview	Candidates understand the principles and applicable scopes of major methods for detecting security anomalies in systems. They can design the selection and operation methods of relevant Linux features and OSS.
Details	Understand the information scope and basic operation flow that can be obtained from the Linux Audit Framework (Audit). Selection of monitoring targets: file access monitoring, system call monitoring Querying audit logs and generating reports Understand the principles of Host-based Intrusion Detection Systems (HIDS) and integrate them into systems. File integrity monitoring: configuration and automation of AIDE and Tripwire Malware detection: configuration and use of chkrootkit and rkhunter Components and features of OSSEC Configure antivirus software (selection of monitoring targets, etc.) Understand the principles of Network-based Intrusion Detection Systems (NIDS) and integrate them into systems. Configuration and rule management of Snort Analyze abnormalities in detail using monitoring tools. Traffic analysis: tcpdump, Wireshark Understand the functional overview of Security Information and Event Management (SIEM) analysis tools. Normalization of aggregated logs from multiple sources Incident determination through correlation analysis

SA.07: Monitoring and Analysis

SA.07.1 Acquiring and collecting logs, metrics, and traces
Weight	3
Overview	Candidates can appropriately select what information to acquire based on the behavior of the system they want to monitor. Candidates can design specific methods for acquiring and aggregating major logs, metrics, and traces.
Details	Understand the metrics used to observe the behavior of the entire system. Application-level response and performance Request tracing Compare different methods for acquiring and aggregating logs, metrics, and traces. Push model, pull model With or without agents or exporters Storage methods for collected data: time-series databases Understand the applicable conditions and basic flow for acquiring logs and metrics via IPMI and SNMP. Basic operation of ipmitool and SNMP clients User authentication and access control functions of SNMP version 3 Understand the components of Zabbix and select methods for aggregating logs and metrics and communication between nodes. Zabbix Server, Agent, Sender Item type and key settings Understand the components of Prometheus and select methods for aggregating metrics and communication between nodes. Prometheus Server, Node exporter, Pushgateway Service discovery Centralize the collection and processing of logs using Fluentd (td-agent). fluent.conf, Match, Buffer Input, Output, Filter plugins: in_tail, out_file, filter_parser, etc. Understand the basic concepts of distributed tracing and the steps to acquire it. Trace, span, TraceId, SpanId Trace acquisition using OpenTelemetry: SDK, Collector Store to backend: Jaeger

SA.07.2 Monitoring and response
Weight	2
Overview	Candidates can set appropriate alert conditions and levels based on the monitoring objectives of logs and metrics. Candidates can use specific OSS to issue alerts, respond, and plan for automation and improvement of monitoring processes.
Details	Design alert conditions according to the purpose. Metrics-based judgment: thresholds, changes over a certain period, averages, etc. Log-based judgment: specific messages, tags, counts, etc. Correlation of multiple events Set up alerts and actions in Zabbix or Prometheus. Notifications: email, chat, registering with incident management services, etc. Automation of system operations: auto-scaling in load-balanced environments, temporary suspension of low-priority services, etc. Improve monitoring processes based on system operation status. Selection of log volume and level Elimination of false alerts Improvement of alert logic, review of severity

SA.07.3 Preserving and analyzing collected data
Weight	3
Overview	Candidates can analyze long-term resource usage across the board to help plan for expansion. Candidates can refer to logs, metrics, and traces using specific OSS for analysis and visualization. Candidates can design data preservation systems for purposes such as system security measures.
Details	Understand the visualization of distributed traces. Trace view, service map Timeline adjustment, filtering Perform basic visualization settings with Grafana. Data source settings: acquiring logs, metrics, and traces from Zabbix, Prometheus, and Jaeger respectively Query design, post processing: filtering, interpolation, grouping, etc. Panel settings Cache and timeout settings Analyze long-term data to plan for expansion or design changes. Long-term trends and growth tendencies in the usage of functions or resources Understand the purposes and precautions for preserving access logs and data. Log collection criteria, retention period, storage location settings Maintaining timestamp consistency in tracking data Consideration of anti-tampering to ensure data integrity

SA.08: Continuous Development, Testing, and Deployment

SA.08.1 Test design and optimization
Weight	3
Overview	Candidates understand the perspectives needed to test everything from the components of a system, including non-functional requirements, to the entire service, and plan, execute, and evaluate tests. Candidates can implement mechanisms to streamline continuous testing.
Details	Design methods to execute and evaluate tests that verify the behavior of system components. Verify parameter settings Confirm the achievement of requirements set for each component (e.g., response time) Verify communication between components Design methods to execute and evaluate tests that verify the behavior of the entire system. Input: abnormal values, edge cases, overload, spike, long-duration Failures: power failure, disconnection, partial component failure Scenarios: failover, backup and restore Appropriately identify the impact scope based on the target and nature of fixes or design changes, and plan for differential and regression testing. Subsystem and component dependencies Simultaneous execution of existing and additional functionality Impact on various non-functional requirements Understand the purpose and operational overview of tools that facilitate testing involving non-functional requirements. Load testing: Apache JMeter, distributed load testing tools Fault injection testing: Chaos Toolkit Plan and implement automated tests to enhance reproducibility and ease of retries. Automate configuration and health checks: InSpec, Serverspec, Ansible Automate UI actions: Selenium, Cypress Detect configuration drift and track differences Collect evidence

SA.08.2 Design for functional changes
Weight	2
Overview	Candidates can judge the necessity of backward compatibility during functional changes and design methods for providing and supporting compatible interfaces. Candidates can introduce procedures and environments that prevent, detect early, and counteract post-change issues.
Details	Determine how individual changes affect compatibility. API changes between frontend and backend Database schema changes Provide backward compatibility for access from older versions of the frontend and plan for end-of-support. Maintain traditional behavior using endpoint branching or reverse proxy Determine support deadlines or lifecycle using access logs Prevent and countermeasure issues, including human errors, in planned functional changes. Use version-controlled database schema change scripts Separate database updates from application updates Manage backporting of bug and security fixes to past versions where changes are generally frozen. Triage backport targets Manage change history using Git Numbering and naming of fixes

SA.08.3 Continuous integration and deployment
Weight	3
Overview	Candidates understand test methods and deployment methods assuming changes to operational systems. Candidates understand the concept of automation pipelines for build, test, and deployment, and can set up environments using specific CI/CD tools.
Details	Understand test methods that utilize real data and real requests. Canary testing (canary release) Shadow testing Compare various deployment methods in terms of procedures, data migration requirements, and rollback procedures in case of issues, and select the appropriate method. In-place upgrade Rolling update Blue-green deployment Configure immutable infrastructure. Ensure idempotency through infrastructure as code Externalize environment settings (credentials, network settings, runtime options, etc.) Facilitate rollback through version control of the code Configure specific IaC environments using system configuration tools such as OpenTofu, Ansible, and cloud-init. Automate construction of various resources in cloud infrastructure Set up physical servers, virtual machines, network devices, etc. Design standard CI/CD pipelines using Jenkins or GitLab CI/CD. Create scripts that automatically execute each step: building applications or containers, running test tools and collecting coverage, executing IaC tools, deploying, etc. Code and manage the history of the pipeline: Jenkinsfile, .gitlab-ci.yml Trigger the pipeline by repository commit Handle errors and pause the pipeline Configure for flexible deployment: release gates, automatic rollback

SA.09: Troubleshooting

SA.09.1 Basic procedures during failures
Weight	2
Overview	Candidates understand standard procedures for grasping the situation, root cause analysis, temporary and permanent countermeasures during failures, as well as the Linux functions utilized for these purposes.
Details	Detect failures, grasp the situation, and decide on a response strategy. Evaluate impact range, urgency, and importance Refer to information on system operating status and changes to identify the root cause corresponding to the symptoms. Check logs, metrics, and traces Review history of functional changes and maintenance updates Evaluate causality, isolate issues Reproduce in the same environment, and in environments with restricted functions or settings Formulate plans for overall system operation and recovery from temporary to permanent fixes, including responses in CI/CD and IaC environments. Select and configure services for partial operation continuation Temporary restores and patch fixes

SA.09.2 Case studies
Weight	4
Overview	Candidates know the causes, investigative and diagnostic methods, and solutions for specific failures that frequently occur in systems.
Details	Failures occurring during OS or service startup Issues caused by differences in process/function startup order and timing Resource conflicts: MAC address, IP address, port collisions, etc. Problems due to differences in behavior between automatic and manual (re)start Data-related failures Storage depletion Issues stemming from inconsistencies in clustered or distributed storage Maintaining service levels during storage reallocation or recovery Network failures Failures due to switch communication load Communication failures arising from inconsistencies between hardware and software configurations Issues caused by MTU Connectivity issues due to incomplete routing or firewall settings Issues in mixed IPv4 and IPv6 environments: missing access control settings, IPv6 fallback, etc. Failures in redundant or scale-out configurations Problems related to switching lines in redundant configurations Worker node failures in scale-out configurations and their impact on session persistence Failures in various services Issues related to reverse DNS lookup Issues with proxy settings Problems related to certificates in HTTPS sessions Failures originating from unintended configuration changes during operation Responses to and preventive maintenance for hardware failures (preventive replacement, preventive maintenance)