1Z0-116 Oracle Database Security Administration

Which two statements are true about the Secure External Password Store (SEPS)?. Password credentials are stored on the database server. Bypassing database authentication adds significant performance benefits to middle-tier applications. The database does not need to authenticate the connection because the password credentials are stored in a wallet. Wallet usage secures deployments that rely on password credentials for connecting to databases Instances. Password rotation policies can be enforced without changing application code.

You export and Import a table's data using Data Pump connected as a user who Is assigned DBA role with default privileges. There is a data redaction policy on the table. Which two statements are true about the redaction policy?. The actual data in the tables is copied to the Data Pump target system with the redaction policy applied. The policy Is not Included In export and Import operation. The actual data in the tables is copied to the Data Pump target system without being redacted. The policy Is Included In the export and Import operation but is not applied by default to the objects In the target system. The policy is included in the export and import operation and applied by default to the objects in the target system.

Examine this query: Why is this account in this status?. The account uses a global authentication. The user exceeded the value of FAILED_LOGIN _ATTEMPTS and its password has not been reset yet. The account has the SYSDBA privilege granted. The user exceeded the value of PASSWORD_LIFE_TIME and Its password has not been reset yet. The ACCOUNTS_ STATUS column is not updated until the user attempts to log in.

You are the Service Consumer In the Cloud Shared Responsibility Model. Which three are your responsibility when using the Infrastructure as a Service (IaaS)?. application. host Infrastructure. network. data. physical. guest OS. virtualitation. database.

Which two statements are true about running the Oracle Database Security Assessment Tool (DBSAT) Collector?. It runs only on UNIX/Linux systems. It must connect to the database using a SYSDBA connection. It must be run by an OS user with read permissions on files and directories under ORACLE_HOME. It runs only on Windows systems. It must be run on the server that contains the database.

Which two represent the set of users that are never affected by connect command rules?. SYS. users with the DV_ACCTMGR role. users with the DV_OWNER role. users with the DV_ADMIN role. SYSTEM.

You must rekey encrypted sensitive credential data In your database. You run the command alter database dictionary rekey credentials. Which three options ate true about the bkkey process?. Credential Data Is automatically encrypted using aes2S6. The credential data encryption process does not de-obfuscate the obfuscated passwords before re-encrypts begin. Both sys. links and sys . SCHEDULER_CREDENTIAL tables are rekeyed. The rekey process prompts the user to provide a new key algorithm If needed. The process of rekeylng does not automatically open the keystore. The rekey process only applies to the sys.ltnks CREDENTIALS table. The rekey process only applies to the SYS.SCHEDULES$ credential table.

Examine these steps: 1. Run the DBSAT Collector 2. Run the DBSAT Discoverer 3. Run the DBSAT Reporter Identify the minimum required steps for producing a report of schemas with sensitive data. 1,2. 2. 1,2,3. 2,3.

Examine this code which executes successfully: If the IN_OFFICE_ON_WEEKEND rule set returns true for an attempt to connect from Inside the office on weekends, which two are true about the effects of this configuration?. JIM can never connect. This has no effect on tom's connect attempts. TOM can never connect. JIM can only connect when In the office on weekends. This has no effect on JIM'S connection attempts.

Database user SCOTT requires the privilege to select from all tables and you decide to configure this using a global role. You have not yet configured the database with Enterprise User Security. You plan to perform these steps: 1. create role GLOBAI._ROI.E identified globally; 2. grant select any table to GLODAL_COLE; 3. grant GLOBAL_ROLE to SCOTT; What is the result?. All statements succeed even without Enterprise User Security configuration, but the role is not effective. The third statement falls because global roles can be granted only by using a central authority. The second statement falls because granting a global role can be completed only by using a central authority. The first statement falls because the database Is not set up with Enterprise User Security.

Which three are true concerning command rules?. System privileges override command rules. If a command rule's associated rule set evaluation results In an error, the command is not allowed to execute. A command can have only one command rule that applies to it. For DML statement command rules, you can specify a wildcard for the object owner. If a command rule's associated rule set Is disabled, then the rule set evaluates to true. For DML statement command rules, you can specify a wildcard for the object name. Object privileges override command rules.

You configured Kerberos authentication for databases running on servers A and B. However a database link connecting the database on server A to the database on server B fails with ORA-12638 Credential retrieval failed. Where must you make a change to sqlnet.ora to allow the database link to use its stored credentials Instead of trying to use Kerberos?. on client side of server B. on client side of server A. on server side of server B. on server side of server A.

A DBA user created and configured this secure application role: Why does the error occur?. User psmith Is connecting outside of the SYSDATE specified. The set hole hr_admin stuternent must be executed with the dbms. session. set_role procedure. user psmith is connecting remotely. The HR_ADMIN role must be granted to user PSMITH. The HR.ROLE_CHECK procedure must be created with the AUTHID CURRENT_USERR clause. The HR.ROLE_CHECK procedure must be created without the AUTHID clause.

You must mask data consistently In three database copies such that data relations across the databases remain In place. Which Data Masking Format allows this?. Shuffle. Auto Mask. Array List. Substitute. Random Strings.

Examine this list: 1. You must monitor access to email column or salary column In the employees table. 2. If any activity is detected, the action must be audited and a notification sent out by email. 3. The database has Unified Auditing enabled. 4. You have created and successfully tested the email sending procedure, sysadmin_fga.emaii._ai.ert. You create the audit policy: A user with select privilege on hr.employees executes this : SELECT email FROM HR.EMPLOYEES; What will be the result?. The query will be executed, an entry will be created in the unified audit trail, and the mail will be sent. The query will be executed, an entry will be created In FGA_LOG$ table, and the mall will be sent. The query will be executed, but no audit entry will be created nor any mail sent. The query will be executed, no audit entry will be created but the mall will be sent.

Database Vault Is configured and enabled In the Oracle database. Three users are granted the dba, dv_omneb, and dv_acctmgb roles. There is a requirement to create a user who can: 1. Connect to the database Instance 2. Select from dictionary views Which users can complete the operation to meet the requirement?. users granted DV_ACCTMGR and DV_OWNER roles. users granted DV_OWNER role. users granted DBA and DV_OWNER roles. users granted DV_ACCTMGR and DBA roles.

Examine this command: Which two statements are true?. Opening the software keystore from remote computers is possible. Opening the software keystore from the local computer Is possible. Opening the software keystore from remote computers is not possible. Opening the software keystore must always be done manually on the local computer. Opening the software keystore from the local computer is not possible.

Which two configurations can be used to protect sensitive data In a database?. setting the SQL92_SECURITy initialization parameter to false. enabling salt tor an encrypted column. creating a procedure that defines the VPD restrictions in a VPD policy. collecting sensitive data Information with Database Security Assessment Tool (DBSAT). enforcing row-level security at the table level. enforcing row-level security at the database level.

The sqinet.oia file on the client contains this parameter setting: SQLNET.ENCRYPTION_CLIEKT = REQUESTED What value for the parameter sQLNET.ENCRYPTION _server In the sqlnet.ora file on the server will disable Encryption and Data Negotiation?. REQUESTED. ACCEPTED. REQUIRED. REJECTED.

You are Implementing a security policy that makes use of the USERENV namespace. Which USERRENV value does not change for the duration of a session?. SESSION_CSER. CURRENT_OSER. CURRENT SCHEMA. CLIENT_INFO.

Examine the statement: CREATE BOLE hr_admin IDENTIFIED USING pac_mgr.hr_admin_rola_ch9ck; Which three are true about the sec_mgr. hr_admin_role_check procedure?. It must use only one security check to validate the user. It must use the invokcr's rights to enable the role,. It must use the deflner's rights to enable the role. It can Include one or more security checks to validate the user. It must contain a SET ROLE statement or a DBMS_SESSION.SET_ROLE call. It can use only the DBMS_SESSION. SET_ROLE procedure. Its owner SEC_MGR must be granted the execute any procedure role.

Which two are true about Database Privilege Analysis?. It can be used after you install the Oracle Database without any additional database configuration steps. It must have the Database Vault option enabled. Privilege analysis data for dropped objects are kept. If a privilege is captured during run time, it is saved under the run-time capture name. It shows the grant paths to the privileges and suggests which grant path to keep. It cannot be used to capture the privileges that have been exercised on precompiled database objects.

When querying the database view, VSECRYPTION_WALLET, the status Is OPEN_NO_MASTER _KEY. What does this mean?. You do not have select privileges on this database view. The master key has been corrupted. The key store is not open. The master key has not been created. This is expected behavior for this view.

Users and applications must be able to access a web server of type https using database package UTL_HTTP. Which three are part of the configuration to make this possible?. Configure liscener.oia with an endpolnt for tcps. Configure sqinet.ora with parameter sq.lnet.encrypt70N_server. Download the root certificate from the Certificate Authority In Base64 format. Configure sqlnet. ora with parameter tcp . invited_nodes. Download the trusted certificate of the web server in Base64 format a. Configure an Oracle wallet using mkstore or Wallet Manager. Configure access control lists using DBMS_NETWORK_ACL._ADMIN.

Examine these statements which execute successfully: Which are the two reasons that no rows Are returned from the query?. Only DBA users can query SESSION_CONTEXT view contents. An administrator issues the ALTER SYSTEM FLUSH global context statement. The set_empno_crx_proc procedure must be in a package. The application context is global. Enterprise User Security is not configured and used for the user.

Examine this security parameter and Its value: SEC_USER_ONAUTHORIZED_ACCESS_BANNER=/opt/oracla/admin/data/unauthwarninq.txt In which file must you include this parameter?. init. era. listener.ora. aqlnet.ora. tnsnaroes.ora. names.ora. server.xml.

Which three authentication methods are available with Centrally Managed Users (CMU)?. remote Access Services authentication. smart key authentication. public key Infrastructure (PKT) authentication. kerberos authentication. username/password authentication. SSH authentication.

Which two statements are true about Database Vault rules and rule sets?. You must create a rule set for a rule, before creating the rule. You con reference Oracle-supplied rules In rule sets that you create. If a rule set Is disabled. It Is evaluated to true without having Its rules evaluated. A given rule can be added to only one rule set. Deleting a rule set also deletes all the rules that have been added to It.

A policy predicate function Is associated with an enabled Virtual Private Database (VPD) policy for a table. Which two arguments are passed to the function?. the table name. the schema owning the table. the policy type. the policy name. the policy group to which the policy belongs.

For which two reasons would you define Network ACLs?. for configuring fine-grained access control for users and roles that need to access external network services from the database. for configuring fine-grained access control to Oracle wallets to make HTTP requests that require password or client-certificate authentication. to create auditing policies regarding the usage of network services from the database. to block network attacks or denial of service attacks directed at the database. to Improve the performance of the database applications that require access to remote network services.

While upgrading your Oracle database server from 10g to 19c, you want to ensure that the users can still connect with their current passwords after the upgrade. What do you need to set explicitly for this purpose?. SQLNET.ALLOWED_LOGON_VERSION_SERVER = 12a in the sqlnet.ora of the new database home. Client net. allowed_lLOGON_VERSION_client must be set to a lower value than the server SQLNET.ALLOWED LOGON. VEBSION .SERVER. SQLNET.ALLOWED_LOGON_VERSION_client = 8 in the sqlnec.ora file of the client application. SQLNET.ALLOWED_LOGON_VERSION_sebveb = 8 In the aqlnec.ora of the new database homo.

Examine this parameter In sqinet.ora: SQLNET.ADTHENTICATION_SEBVICES=(NONE) For which two cases do you need a password file?. to authenticate externally Identified users locally. to authenticate nonprivllegcd database users locally. to authenticate administrative privileged users remotely. to authenticate externally Identified users remotely. to authenticate nonprivileged database users remotely. to authenticate administrative privileged users locally.

You check the Risk Matrix of the latest Critical Patch Update (CPU). One of the " Common Vulnerability and Exposure reports (CVEs) has Base Score that is above 9 in the Risk Matrix. Which one is not a supported method to address this CVE?. Request a one off patch exception from Oracle Support. Implement a workaround recommended by Oracle Support. Upgrade to a new Release. Install a new Release Update. Install a new Release Update Revision.

You must redact the salary column of the HR.EMPLOYEES table to display only the number o. Examine this syntax: Which function type must be Inserted at the end of line #7?. DBMS_BEDACT.NONE. DBMS_REDACT.PARTIAL. DBMS_REDACT.FUI,I. DBMS REDACT.REGEXP. DBMS_RE DACT.RANDOM.

Examine these commands and the output used to configure Real Application Security: What does this output mean?. You treated an access control list that references a non-existent policy. You created an access control list that references a non-existent realm. You created a policy that references a non-existent access control list. You created a realm and an access control list that reference a non-existent policy. You created a policy that references a non-existent realm. You created a realm that references a non-existent policy.

Examine this sqlnet.ora file used by a client application: Which three are found in the wallet specified by the directory parameter?. the private key of the database service. the trusted certificates of the database service. the user certificate used to uniquely Identify the database service. the private key of the client application. the username, password, and service name required to connect to the database. the user certificate used to uniquely Identify the client application. the trusted certificates of the Certification Authority.

As the SYSKM user you must create the password-based keystore, which will be used for TDE. Examine this list: Identify the sequence that Oracle uses to search for the keystore and its location. 3,5,2,4,1. 1,4,5,2. 1,2,5,4. 1,2,3,5.

Examine this statement and its result: You issue this statement and then restart the database instance: Which Is true about generated audit records?. They now Include all application context attribute values. They are now written to XML files as well as the database. They now Include SQL statements and any bind variables. Information is now populated in auds .commentstext.

Which type of masking directly masks and subsets data In a nonproduction database with minimal or no Impact on production environments?. conditional format. heterogeneous. in-database. deterministic. In-export.

Which two commands can a user with the syskm privilege execute?. ALTER DATABASE DICTIONARY REKEY CREDENTIALS;. SELECT * FROM DBA_OBJECTS;. SELECT * FROM DBA_TABLESPACES WHERE ENCRYPTED = 'YES*;. ADMINISTER KEY MANAGEMENT SET KFYSTOBF OPEN IDENTIFIED BY password:. ALTER SYSTEM FLUSH PASSWORDFILE_METADATA_CACHE;. ALTER TABLESPACE APPDATA ENCRYPTION OFFLINE ENCRYPT;.

Which two statements are true about column-level transparent data encryption?. It can bo used for tables in encrypted tablcspaces. encrypted columns cannot have an Index. All encrypted columns of a table use the same encryption key. Column level encrypted data remains encrypted in the buffer cache. Column-level encryption keys are not encrypted by the master key.

You connect to the database Instance over a network to change the password of user scott. Which two methods avoid the new password for user scott from being compromised by network sniffing?. Set the server side sqlnet.ora parameter SQLNET.CRYPTO_CHECKSUM_SERVER-REQUESTED. Use ALTER USER SCOTT PASSWORD EXPIRE. Set the server side sqlnet.ora parameter SQLNET.ENCRYPTION_SERVER=REQUESTED. Use ALTER USER SCOTT IDENTIFIED BY VALUES '<value>*. Use ALTER USER SCOTT IDENTIFIED BY <password>. Use the SQL"PIus command password SCOTT.

Which two authorization rights does a Database Vault realm owner have that a realm participant does not have?. Add or remove realm-protected objects to or from the reaim. Grant or revoke privileges on realm-protected objects to or from other users. Add or remove realm-secured database roles to or from the realm. Grant or revoke system privileges to access objects protected by the realm. Add or remove participants to or from the realm. Add or remove owners to or from the realm. Grant or revoke realm-secured database roles.

Examine thhttps://www.daypo.com/images/diskette.pngese commands that execute successfully: What must be done to allow the index to be used?. Use tublespace encryption instead of column encryption. Add the first_name column to the ix_employee Index to Improve its selectivity. Create a SQL baseline to preserve the execution plan from before the encryption. Enable encryption hardware acceleration on the CPUs of the machine.

Which four products, features, or methods can help facilitate compliance with various privacy- related regulatory requirements such as PCI-DSS and the EU GDPR?. Data Redaction. Data Guard. Real Application Clusters. Transparent Data Encryption. Data Masking & Subsetting. Table Partitioning. Database Vault. GoldenGate. Oracle Sharding. Real Application Testing.

You are connected to an Oracle database Instance as a user with privileges to query the hr.employees table. You are not exempt from any reduction policies. Examine this query and result: You implement this Data Redaction policy: You re-execute the select statement. What is the result? A) B) C) D) E). Option A. Option B. Option C (ORA-28094). Option D. Option E.

You Issue this statement as user SYS: audit, context namespace kilimanjaro attributes a, b; Which is true?. The statement will audit all users. The statement will not audit any users. The statement will only audit sys. The statement must be updated to specify which users to audit.

For which two are Oracle Label Security policies not applied?. partitioned tables. direct path exports. users with the SYSDA privilege other than sys. objects in the SYS schema. conventional path exports.

Which two privileges can be restricted at the column level?. SELECT. INSERT. REVOKE. UPDATE. GRANT. DELETE.

Database Vault realm r protects all tables In the fin schema from DBA access User fin is configured as the owner in realm R. You must also prevent access to realm r protected tables by user FIN. Which achieves this?. Revoke the select any table privilege from user FIN. Make realm R a mandatory realm. Remove the owner authorization of user fin in realm R. Make user FIN participant In realm r. Instead of owner.

Examine these commands and responses: Which object privilege must be granted to allow execution of the stored procedure?. grant EXECUTE ON MARY.PBOC2 Co U1;. grant INHERIT PRIVILEGES ON USER U1 TO MARY;. grant INHERIT PRIVILEGES ON USER MARY TO Ul ;. grant EXECUTE ON Ul.PROC2 TO MARY;.

Which two tasks should you perform initially to Implement native network encryption without disrupting client applications?. Upgrade all OCI-basod clients to match the database version. Set the server side sqinet.oia parameter sqlnet.encryption_server = requested. Configure the listener with an endpoint for protocol TCPS. Verify which clients have encrypted connections using the view vSsession_CONNECT_INFO. Set the client side sqinec.ora parameter SQLNET.ENCRYPTION _client = required. Set the server side sqinot.ora parameter SQLNET.CRYPTO_CHECKSOM_SERVER - accepted. Modify all JDBC Thin based clients to include network encryption parameters in Java.

Examine this output: Which three are true?. John must connect as system to perform backup and recovery operations. John can query dba tables. John can perform backup and recovery operations by using SQL. John can perform backup and recovery operations by using RMAN. John must connect as sys to perform backup and recovery operations. John Is not able to perform startup and shutdown operations. John can query other user's data.

A database link must be created to connect a source Autonomous Database to target on premises database. Examine this command: Which two options are true?. The target database wallet can be uploaded to the data_pctmp_dtr directory. The db_link_cred parameter stores the password in a wallet. The db__link__cred references the credential for the username and password for the target database. The credential_name parameter automatically creates the credential object store. The database link port Is not correct because It must be restricted to 1521. Only data_pump_dir directory can be used to store credential wallets.

An audit administrator wants to log Client Context variables In the audit trail. Examine this query and the output: AUDIT CONTEXT NAMESPACE hr_Ct:x ATTRIBUTES hr_app_id NAMESPACE USERENV ATTRIBUTES ALL BY hr;. AUDIT CONTEXT NAMESPACE hr_ctx ATTRIBUTES hr_app_id NAMESPACE USERENV ATTRIBUTES current:_user( db_name BY hr;. CREATE AUDIT POLICY hr_omp_pol ACTIONS UPDATE ON hr.employoes;. AUDIT CONTEXT NAMESPACE hr_ctx ATTRIBUTES hr_app_id, current_user, db_name BY hr. AUDIT POLICY hr_emp_pol BY hr;. CREATE AUDIT POLICY hr_emp_pol ACTIONS SELECT ON hr. employees;. AUDIT POLICY hr_emp_pol EXCEPT hr;.

User jane must report on who has done RMAN backups on a database that has Unified Auditing enabled. What is the minimum that must be done to allow JANE to generate these reports?. Use create audit policy. Use grant audit_admin to Jane;. Use grant audit_viewer to Jane;. Use alter system set AUDIT_SYS_OPERATION= TRUE;.

Examine this configuration and requirement: 1. The hr user created a private database link in the pdb2 pluggable database linking to the hr schema In the PDBl pluggable database. 2. Other users in pdb2 must query the remote HR.EMPLOYEES table In PDBI using this database link. Which two operations together ensure that the database link provides access only to the HR.EMPLOYEES table in the PDBI pluggable database?. Only grant other users access to the HR.EMPLOYEES table In the pdb2 pluggable database. Grant other users access to the database link in the PDBI pluggable database. Grant access to the view of the remote HR.EMPLOYEES table In the PDB2 pluggable database. Grant other users access to the database link In the PDB2 pluggable database. Create a view In the HR schema for the remote hr. employees table of the pdb2 pluggable database .

Which two are true about auditing in an Oracle Database?. SYS logon operations are always audited In unified auditing. All SYS operations are audited by default in unified auditing. No SYS operations are audited by default In unified auditing. SYS logon operations are always audited in mixed mode auditing. No SYS operations are audited if audit_sys_operations is set on false in unified auditing. No SYS operations are audited if audit_sys_operations is set on false in mixed mode auditing.

The utl_http package is used to invoke REST API's to manage Oracle GoldenGate Microservlces Architecture components on host1. You must use dbms__network_acl_admin to specify a range of ports to be used when connecting to host01. What three requirements must you consider?. The lower_port may be null but the upper_port must specify a value. The port range must not overlap with any other port ranges for host01. upper_port must be greater than or equal to lower_port. The port range may not include values larger than or equal to 1024. Both lower_port and upper_port must not be NULL. The upper_port may be null but the lower_port must specify a value.

Which two does the master key encrypt with Transparent Data Encryption?. encrypted columns. encryption wallet. temporary segments. encrypted tablespace keys. encrypted tablespaces. encrypted column keys.

What Is the first step when analyzing security within a database?. Encrypt tablespaces using Transparent Data Encryption. Configure and enable Database Vault. Execute Database Security Assessment Tool (DBSAT). Mask nonproduction data using Data Masking & Subsetting. Deploy Oracle Key Vault. Create a Data Redaction Policy for your most sensitive tables.

Examine this command: What masking definitions does it list?. All with the name credit and the commands to deploy them on all databases with names starting with test. All with names starting with credit and created on databases with names starting with test. All with the name credit and created on databases with name starting with test. All with names starting with credit and created on any database. All with the name credit and the commands to deploy them on a database with the name test.

Examine this command that Is executed: What is the result?. The salary column is fine grain audited. The salary column is nullified when queried by the database users. The bind variables for the salary column are masked In trace files and vS views. The salary column is encrypted using TDE column encryption. The salary column is redacted when queried by database users.

Data Masking uses a combination of data patterns to discover sensitive dat a. Which three items are used?. column names. encrypted masks. column privileges. table privileges. column comments. column data. user-defined functions.

Which statement can be used to force password complexity in the password file?. orapwd file=orapwORCL format=12 force-yes. orapwd file=orapwORCL force=yes format=legacy. orapwd file=orapwOPCL forcaat=12. orapwd file=orapwOBCL forroat=12.2.

Examine this list of capabilities: 1. You can automatically restrict common users from accessing pluggable database (PDB). 2. Enabling Database Vault Operations Control In cdbsroot does not automatically enable It In PDBs. 3. Any common user granted the dv_admin role can enable Database Vault Operations Control. 4. To enable Database Vault Operations Control, use the dbms_macadm.enable_app_protection. 5. Common users' and Invokers' right procedures that must access PDB local data can be added to an exception list. 6. To disable Database Vault Operations Control, use the dbms_macadm.disable_app_protection. Which statements describe Database Vault Operations Control?. 3, 5, 6. 2, 3. 6. 2, 4, 6. 1, 4, 6. 1, 2, 3, 5.

Which CVSS Version 3.1 metric indicates how close an attacker needs to be to the vulnerable component?. Privileges Required. User Interaction. Attack Vector. Scope. Availability. Attack Complexity.

What is true about the client identifier?. The client Identifier is automatically included In the audit trail. The client Identifier is automatically set by the SQL-Net layer. A session can have multiple client Identifier values set simultaneously. The client Identifier cannot be changed during the session.

You develop an HR application that must allow multiple sessions to share application attributes. Which statement is executed while implementing the requirement?. CREATE CONTEXT global_hr USING hr_pkg;. CREATE CONTEXT global_hr USING hr_pkg ACCESSED GLOBALLY;. CREATE CONTEXT global_hr USING hr_pkg INITIALIZED GLOBALLY;. CREATE CONTEXT global_hr USING hr_pkg INITIALIZED EXTERNALLY;.

Examine these commands and responses: User Karen is an enterprise user. Which two commands are used to allow this login?. GRANT CREATE SESSION TO karan;. CREATE USER guest IDENTIFIED BY karen;. CREATE USER karen IDENTIFIED BY guest;. CREATE USER guest IDENTIFIED GLOBALLY as '';. GRANT CREATE SESSION TO guest;.

Which two statements are true about Database Vault factors?. A factor can reference a function In another schema to compute its value, provided execute privilege Is granted to the sys user. Changing a factor type can change how factors are evaluated. You can configure a factor to be evaluated only once per session. You get an error at the time of factor creation If the retrieval method function you have specified does not exist. You can use a factor to enforce conditions for a command rule.

As an Autonomous Transaction Processing (ATP) database administrator, you want to extend the storage capacity In the database. Examine this command and output from the database: What is the reason for the error?. The storage quota has been reached for the ATP database. The create TABLESAPECE statement is not available in ATP. There is not enough storage available in the ATP database. You must be explicitly granted the create TABLESPACE privilege in ATP. Database Vault prevents you from executing this command.

You grant user JANE the SYSDBA administrative privilege. Which two are true?. User JANE must always connect as SYSDBA to the database instance. User JANE can grant SYSDBA privilege to roles. User JANE must use operating system authentication. User JANE can create objects In sys schema only when connected as SYSDBA. User JANE acquires the DBA role by default. User JANE can backup and recover the database.

You are required to remove embedded passwords from scripts that connect to database instances. Which tool can be used to implement this requirement?. orapki. netca. dbca. netmgr. mkstore. owm.

Which two statements are true about Valid Node Checking for Registration (VNCR)?. It denies Instance registration through IPC. It can only be used with Oracle RAC. It enforces the Listener connectivity through TCPS. It is a replacement for Class of Secure Transport (COST). It restricts specific instances from registering with the Listener.

Which type of attack attempts to find data by repeatedly trying similar SQL with a modified predicate?. timing attack. Inference attack. data remanence attack. cache attack. side-channel attack. known-plaintext attack.

You must disable OS authentication for database administrative users on a RAC database. Which option must you use to do this?. Set sqlnet.aothentication_sebvices=(NONe» In sqlnet.ora on the database server. Remove all OS users from OS groups: osdba, osoper, osbackupdba, osdgdba, osrmdba, OSASMADMIN, OSASMDBA. Set REMOTE_LOGIH_PASSWORDFILE = EXCLUSIVE In the init.ora file. Set REMOTE_OS_AUTHENT = FALSE In the init.ora file.

Which statement is true about Network ACLs?. They ate used to control access by users to external network services and resources from the database through PL/SQL. They are used to provide access to database packages. They are used to control the usage of UTL_TCP, ITL_HTTP, and UTL_INADDR. They are used to configure proxy for PL/SQL network utility packages.

The listener configuration contains these lines related to Valid Node Checking for Registration (VNCR); Which two statements are true?. Both parameters cannot be set at the same time so will be Ignored. Listener listener will allow instance registration from IP address 192.168.20.2. Listener listener will allow Instance registration from REGISTRATION_INVITED_NODES_LISTENEP. Listener listener will only deny instance registration from REGISTRATION EXCLUDED NODES LISTENER. Listener listener will deny instance registration from IP address 192.168.20.2.

Database Vault is not used in your installation. Why is a conventional secure application role more secure than a normal role?. It Is In effect only when configured as a default role for the user. It requires a password to be set. It can be set only by a package or procedure that is created with deflner's rights. It can be set only by users with the grant any bole privilege. It can be set only by a package or procedure associated with the role definition.

Examine this command : GRANT EXEMPT ACCESS POLICY TO PUBLIC; Which Transparent Sensitive Data Protection functionality will be affected when this command is executed?. Data Redaction. Bind Masking. Virtual Private Database. Transparent Data Encryption.

When creating labels using Oracle Label Security, which is required?. level and group. level, compartment, and group. compartment. group. level. compartment and group. level and compartment.

Using Unified Audit, you must determine who performed an pkan backup ot recovery operations on a database. You are connected as sysdba. Which statement(s) achieve this? A) B) C) D) E). Option A (grant audit_viewer to sys). Option B. Option C. Option D. Option E.

Which three are part of an access control list (ACL) when using Real Application Security?. privileges. schemas. data realms. column constraints. policies. data realm constraints. roles.

If a column is not specified in a Data Redaction Policy, to which column(s) is it applied?. none of the columns. foreign key columns only. the primary and foreign key columns. columns with any type of constraint. the primary key column only.

You must restrict execution of the alter system checkpoint command to certain conditions, specified in a rule set used by a command rule. Which two parameters must be specified In the dbms_macadm.create_command_rule procedure to do this?. PARAMETER_NAM£=>'CHECKPOINT'. OBJECT_OWNER=>'SYS. CLAUSE_NAME=>'CHECKPOINT'. CLAUSE_NAME=>'SYSTEM'. COMMANI>=>' ALTER SYSTEM'. OBJECT_NAME=>'CHECKPOINT'. COMMAND=>'ALTER'.

Oracle Database Vault is enabled In the database. You have these requirements: 1. Database administrator dba1 must export and import data from and to a non-protected schema. 2. Database administrator dba2 must export and Import data from and to a protected schema. Which three options together satisfy these requirements?. Grant become user to dba1. Grant sysoper to both users. Run d3ms_macadm.authorize_datapump_user procedure granting dbai privileges to impdp and expdp utilities. Grant imp_full_database and exp_full_database to dbai and dba2. Run dbms_macadm.authobize_datapump_useb procedure granting dba2 privileges to impdp and expdp utilities. Grant become user to dba2. Grant sysdba to both users.

o avoid hard coding passwords in scripts, you have elected to create an external password store- Examine this list of steps: 1. Set the external password store wallet location. ALTER SYSTEM SET EXTERNAL_KEYSTORE_CREDENTIAL_LOCATION = "/tc/ORACLE/WALLETS/orcl/external_Btore" SCOPE c SPFILE; 2. Log in as a user who has syskm privileges. 3. Create an auto-logln keystore that contains the keystore password including the add secret clause. ADMINISTER KEY MANAGEMENT ADD SECRET 'password' FOR CLIENT 'TDE_WALLET' TO LOCAL AUTO_LOGIH KEYSTORE '/etc/0RACLE/WALLETS/orcl/extemal_store'; 4. Restart the database instance as sysdba. SHUTDOWN IMMEDIATE STARTUP 5. Create an auto-logln keystore that contains the keystore password. ADMINISTER KEY MANAGEMENT FOR CLIENT 'TDE_WALLET' TO LOCAL AUTO_L0GIN KEYSTORE ' /etc/ORACLE/WALLETS/orcl/external_store' ; 6. Set an Encryption Key. ADMINISTER KEY MANAGEMENT SET ENCRYPTION KEY IDENTIFIED BY keystore_password WITH BACKUP Identify the minimum number of steps in the correct order that must be performed to create the external password store. 2,1,3,4. 1,2,5,4. 1,2,3,6,4. 1,2,6,3,5. 2,3,6,4. 1,2,3,4.

Database Vault is configured and enabled in the database. You create a rule set to enforce security on the hr. employees table. Examine these requirements: 1. Users working In hr department are allowed to view all rows In HR.EMPLOYEES. 2. hr managers are allowed to view, update, and delete data in In HR.EMPLOYEES. 3. Audit records are to be collected for every evaluation of the rule set. Which two options are true when creating the rule set?. One rule set contains two rules OR'ed together. The rule set parameter audit_options must be set to dbms_macutl.g_ruleset_audtt_fail. The rule set must be defined as is_static. The rule set parameter eval_options must be set to dbms_macutl.g_ruleset_eval_all. The rule set parameter audit_options must be set to dbms_macutl.g_buleset_audit_fail + DBMS MACUTL.G RULESET AUDIT SUCCESS.

What does the Application Data Modeling module of the Oracle Data Masking and Subsetting Pack search for?. data redaction policies. data masking transformations. parent/child relationships between the columns holding sensitive information. encrypted columns.