{"results":[{"id":"amd-sev-requires-epyc-rome","text":"AMD SEV/SEV-ES requires 2nd-generation AMD EPYC (Rome) or later; RHEL 9 provides memory encryption but not security attestation.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"dax-persistent-memory-mount-option","text":"DAX (direct persistent memory mapping) for ext4/XFS requires NVDIMMs and the `dax` mount option (e.g., `mount -o dax /dev/pmem0 /mnt/dax`); it is a Technology Preview in RHEL 9.2.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"dax-requires-nvdimm-ext4-xfs","text":"DAX (Direct Access) requires persistent memory hardware (NVDIMMs), a compatible file system (ext4 or XFS), and the `dax` mount option (`mount -o dax`).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-api-requires-kerberos-credentials","text":"IdM API access requires valid Kerberos credentials to establish a session.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-auth-requires-kerberos-ticket","text":"Authenticating to Red Hat Identity Management (IdM) requires obtaining a Kerberos ticket with `kinit` before performing any administration tasks.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-integrated-dns-subsystem","text":"IdM provides an integrated DNS subsystem: BIND with LDAP backend stores zone data in the IdM directory (not zone files), supports configurable forward policies (`only` and `first`), reverse DNS zones via `in-addr.arpa` naming, and requires port 53 TCP/UDP open in firewalld — all managed through the IdM interface rather than traditional BIND administration.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-kerberos-gated-administration","text":"All IdM administration — both API and CLI — requires prior Kerberos authentication: kinit to obtain tickets, klist to verify, kdestroy to remove, with the API consuming credentials via ipalib.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"idm-vault-requires-kra","text":"The Dogtag KRA (Key Recovery Authority) must be installed (`ipa-kra-install`) on at least one IdM server before vaults can be used.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"inst-graphical-is-default-mode","text":"`inst.graphical` is the default Anaconda installation mode; `inst.text` forces text mode, `inst.cmdline` forces non-interactive mode (requires Kickstart).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"mcs-access-requires-all-categories","text":"A user must be assigned to all categories on a file to access it (conjunction rule — not just one matching category).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"registration-requires-root","text":"RHEL system registration with subscription-manager requires root privileges.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-aide-requires-appstream","text":"The `aide` package requires the AppStream repository for installation.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-arch-minimum-versions","text":"RHEL 9 minimum hardware versions by architecture: x86_64 requires x86-64-v2, aarch64 requires ARMv8.0-A, ppc64le requires POWER9, s390x requires z14.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-architecture-specific-subscriptions","text":"Each RHEL 9 architecture requires its own separate Red Hat subscription.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-boot-iso-requires-network","text":"The Boot ISO requires network access to BaseOS/AppStream repositories to install packages; the Installation ISO (Binary DVD) contains both repos.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-boot-iso-requires-network-source","text":"The RHEL 9 boot ISO (~700 MB) contains only the installer and kernel; it requires a network installation source and cannot install standalone.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-crypto-default-min-key-2048","text":"The DEFAULT and LEGACY crypto policies require minimum 2048-bit RSA/DH keys; FUTURE requires minimum 3072-bit.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-crypto-policy-command-set","text":"The command `update-crypto-policies --set POLICY` changes the system-wide cryptographic policy and requires root privileges.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-idm-ad-trust-prerequisites","text":"Establishing an IdM-AD trust requires common Kerberos encryption types, firewall ports (389/636, 88/464, 53, 135, 138, 139, 445, 3268), proper DNS resolution between domains, and Kerberos realm configuration.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"rhel9-logging-tls-requires-idm","text":"TLS for the logging system role requires managed nodes to be enrolled in an IdM domain for CA-signed certificates.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":38,"limit":20,"offset":0}