Which two statements are true about the Secure External Password Store (SEPS)?
A. Password credentials are stored on the database server.
B. Bypassing database authentication adds significant performance benefits to middle-tier applications.
C. The database does not need to authenticate the connection because the password credentials are stored in a wallet.
D. Wallet usage secures deployments that rely on password credentials for connecting to databases Instances.
E. Password rotation policies can be enforced without changing application code.
Answer:
AD
User Votes:
A 2 votes
50%
B
50%
C 2 votes
50%
D 2 votes
50%
E 2 votes
50%
Discussions
0/ 1000
econdeal
2 weeks, 5 days ago
rpta dy e : Password credentials for connecting to databases can now be stored in a client-side Oracle wallet, a secure software container used to store authentication and signing credentials. This wallet usage can simplify large-scale deployments that rely on password credentials for connecting to databases. When this feature is configured, application code, batch jobs, and scripts no longer need embedded user names and passwords. Risk is reduced because such passwords are no longer exposed in the clear, and password management policies are more easily enforced without changing application code whenever user names or passwords change.
Question 2
You export and Import a table's data using Data Pump connected as a user who Is assigned DBA role with default privileges. There is a data redaction policy on the table. Which two statements are true about the redaction policy?
A. The actual data in the tables is copied to the Data Pump target system with the redaction policy applied.
B. The policy Is not Included In export and Import operation.
C. The actual data in the tables is copied to the Data Pump target system without being redacted.
D. The policy Is Included In the export and Import operation but is not applied by default to the objects In the target system.
E. The policy is included in the export and import operation and applied by default to the objects in the target system.
Answer:
BC
User Votes:
A 1 votes
50%
B 2 votes
50%
C 2 votes
50%
D 1 votes
50%
E 1 votes
50%
Discussions
0/ 1000
econdeal
2 weeks ago
The DATAPUMP_EXP_FULL_DATABASE role includes the powerful EXEMPT REDACTION POLICY system privilege.
Remember that by default the DBA role is granted the DATAPUMP_EXP_FULL_DATABASE role as well as DATAPUMP_IMP_FULL_DATABASE.
This enables users who were granted these roles to be exempt from Data Redaction policies. This means that, when you export objects with Data Redaction policies defined on them, the actual data in the protected tables is copied to the Data Pump target system without being redacted. Users with these roles, including users who were granted the DBA role, are able to see the actual data in the target system.
Question 3
Examine this query: Why is this account in this status?
A. The account uses a global authentication.
B. The user exceeded the value of FAILED_LOGIN _ATTEMPTS and its password has not been reset yet.
C. The account has the SYSDBA privilege granted.
D. The user exceeded the value of PASSWORD_LIFE_TIME and Its password has not been reset yet
E. The ACCOUNTS_ STATUS column is not updated until the user attempts to log in.
Answer:
C
User Votes:
A
50%
B 2 votes
50%
C 1 votes
50%
D
50%
E
50%
Discussions
0/ 1000
prha
2 months, 1 week ago
LOCKED(TIMED)
The account is locked because the number of consecutive failed login attempts exceeded the FAILED_LOGIN_ATTEMPTS limit and the PASSWORD_LOCK_TIME has not yet elapsed. The account can be unlocked either by the ALTER USER ... ACCOUNT UNLOCK command or by waiting until the PASSWORD_LOCK_TIME has elapsed.
Question 4
You are the Service Consumer In the Cloud Shared Responsibility Model. Which three are your responsibility when using the Infrastructure as a Service (IaaS)?
Which two statements are true about running the Oracle Database Security Assessment Tool (DBSAT) Collector?
A. It runs only on UNIX/Linux systems.
B. It must connect to the database using a SYSDBA connection.
C. It must be run by an OS user with read permissions on files and directories under ORACLE_HOME.
D. It runs only on Windows systems.
E. It must be run on the server that contains the database.
Answer:
CD
User Votes:
A
50%
B 1 votes
50%
C 2 votes
50%
D 1 votes
50%
E 2 votes
50%
Discussions
0/ 1000
prha
2 months, 1 week ago
B. True. DBSAT Collector requires a SYSDBA connection to the database for data collection. E. True. It must be run on the server containing the database to collect accurate information about the database environment.
econdeal
2 weeks, 5 days ago
rpta c y e . In order to collect complete data, the Oracle DBSAT Collector must be run on the server that contains the database, because it executes some operating system commands to collect process and file system information that cannot be obtained from the database. In addition, the Oracle DBSAT Collector must be run as an OS user with read permissions on files and directories under ORACLE_HOME in order to collect and process file system data using OS commands.
Question 6
Which two represent the set of users that are never affected by connect command rules?
A. SYS
B. users with the DV_ACCTMGR role
C. users with the DV_OWNER role
D. users with the DV_ADMIN role
E. SYSTEM
Answer:
CE
User Votes:
A
50%
B 1 votes
50%
C 2 votes
50%
D 2 votes
50%
E 1 votes
50%
Discussions
0/ 1000
econdeal
2 weeks, 5 days ago
Rpta c yd . the CONNECT command rule does not apply to users with the DV_OWNER and DV_ADMIN roles.
Question 7
You must rekey encrypted sensitive credential data In your database. You run the command alter database dictionary rekey credentials. Which three options ate true about the bkkey process?
A. Credential Data Is automatically encrypted using aes2S6.
B. The credential data encryption process does not de-obfuscate the obfuscated passwords before re-encrypts begin.
C. Both sys. links and sys . SCHEDULER_CREDENTIAL tables are rekeyed.
D. The rekey process prompts the user to provide a new key algorithm If needed.
E. The process of rekeylng does not automatically open the keystore.
F. The rekey process only applies to the sys.ltnks CREDENTUIALS table.
G. The rekey process only applies to the SYS.SCHEDULES$ credential table.
Answer:
BFG
User Votes:
A 2 votes
50%
B 1 votes
50%
C 2 votes
50%
D
50%
E 2 votes
50%
F 1 votes
50%
G 1 votes
50%
Discussions
0/ 1000
econdeal
2 weeks, 6 days ago
A. You can manually encrypt the data that is stored in the SYS.LINK$ and SYS.SCHEDULER$_CREDENTIAL tables by using the ALTER DATABASE DICTIONARY statement. Though this feature makes use of Transparent Data Encryption (TDE), you do not need to have an Advanced Security Option license to perform the encryption, but you must have the SYSKM administrative privilege. TDE performs the encryption by using the AES256 (Advanced Encryption Standard) algorithm. The encryption follows the same behavior as other data that is encrypted using TDE.
Not b. and c ok. The database must have an open keystore and an encryption key before you run the ALTER DATABASE DICTIONARY statement with the ENCRYPT CREDENTIALS clause to encrypt SYS.LINK$ and SYS.SCHEDULER$_CREDENTIAL. The credential data encryption process de-obfuscates the obfuscated passwords and then encrypts them. The encryption applies to any future password changes that users may make after you complete this proces
econdeal
1 week, 4 days ago
rpta e . it can be retrieved to perform a database operation without manual intervention. However, some keystore operations that require the keystore password cannot be performed when the auto-login keystore is open. The auto-login keystore must be closed and the password-protected keystore must be opened for the keystore operations that require a password.
Question 8
Examine these steps: 1. Run the DBSAT Collector 2. Run the DBSAT Discoverer 3. Run the DBSAT Reporter Identify the minimum required steps for producing a report of schemas with sensitive data.
A. 1,2
B. 2
C. 1,2,3
D. 2,3
Answer:
C
User Votes:
A
50%
B 2 votes
50%
C 1 votes
50%
D
50%
Discussions
0/ 1000
econdeal
2 weeks, 5 days ago
DBSAT Discoverer uses a configuration file along with one or more pattern files that describe sensitive data types, and regular expressions used to search column names and column comments
Question 9
Examine this code which executes successfully: If the IN_OFFICE_ON_WEEKEND rule set returns true for an attempt to connect from Inside the office on weekends, which two are true about the effects of this configuration?
A. JIM con never connect.
B. This has no effect on tom's connect attempts.
C. TOM can never connect.
D. JIM can only connect when In the office on weekends.
E. This has no effect on JIM'S connection attempts.
Answer:
AD
User Votes:
A 1 votes
50%
B 2 votes
50%
C 1 votes
50%
D 2 votes
50%
E 2 votes
50%
Discussions
0/ 1000
Question 10
Database user SCOTT requires the privilege to select from all tables and you decide to configure this using a global role. You have not yet configured the database with Enterprise User Security. You plan to perform these steps: 1. create role GLOBAI._ROI.E identified globally; 2. grant select any table to GLODAL_COLE; 3. grant GLOBAL_ROLE to SCOTT; What is the result?
A. All statements succeed even without Enterprise User Security configuration, but the role is not effective.
B. The third statement falls because global roles can be granted only by using a central authority.
C. The second statement falls because granting a global role can be completed only by using a central authority.
D. The first statement falls because the database Is not set up with Enterprise User Security.
Answer:
D
User Votes:
A
50%
B 2 votes
50%
C
50%
D 2 votes
50%
Discussions
0/ 1000
Question 11
Which three are true concerning command rules?
A. System privileges override command rules.
B. If a command rule's associated rule set evaluation results In an error, the command is not allowed to execute.
C. A command can have only one command rule that applies to it.
D. For DML statement command rules, you can specify a wildcard for the object owner.
E. If a command rule's associated rule set Is disabled, then the rule set evaluates to true.
F. For DML statement command rules, you can specify a wildcard for the object name.
G. Object privileges override command rules.
Answer:
ADF
User Votes:
A 1 votes
50%
B 1 votes
50%
C
50%
D 2 votes
50%
E 2 votes
50%
F 2 votes
50%
G
50%
Discussions
0/ 1000
Question 12
You configured Kerberos authentication for databases running on servers A and B. However a database link connecting the database on server A to the database on server B fails with ORA-12638 Credential retrieval failed. Where must you make a change to sqlnet.ora to allow the database link to use its stored credentials Instead of trying to use Kerberos?
A. on client side of server B
B. on client side of server A
C. on server side of server B
D. on server side of server A
Answer:
B
User Votes:
A
50%
B 2 votes
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
A DBA user created and configured this secure application role: Why does the error occur?
A. User psmith Is connecting outside of the SYSDATE specified.
B. The set hole hr_admin stuternent must be executed with the dbms. session. set_role procedure.
C. user psmith is connecting remotely.
D. The HR_ADMIN role must be granted to user PSMITH.
E. The HR.ROLE_CHECK procedure must be created with the AUTHID CURRENT_USERR clause.
F. The HR.ROLE_CHECK procedure must be created without the AUTHID clause.
Answer:
D
User Votes:
A
50%
B
50%
C 1 votes
50%
D 1 votes
50%
E 1 votes
50%
F
50%
Discussions
0/ 1000
Question 14
You must mask data consistently In three database copies such that data relations across the databases remain In place. Which Data Masking Format allows this?
A. Shuffle
B. Auto Mask
C. Array List
D. Substitute
E. Random Strings
Answer:
A
User Votes:
A 1 votes
50%
B
50%
C
50%
D 1 votes
50%
E
50%
Discussions
0/ 1000
Question 15
Examine this list: 1. You must monitor access to email column or salary column In the employees table. 2. If any activity is detected, the action must be audited and a notification sent out by email. 3. The database has Unified Auditing enabled. 4. You have created and successfully tested the email sending procedure, sysadmin_fga.emaii._ai.ert. You create the audit policy: A user with select privilege on hr.employees executes this : SELECT email FROM HR.EMPLOYEES; What will be the result?
A. The query will be executed, an entry will be created in the unified audit trail, and the mail will be sent.
B. The query will be executed, an entry will be created In FGA_LOG$ table, and the mall will be sent.
C. The query will be executed, but no audit entry will be created nor any mail sent.
D. The query will be executed, no audit entry will be created but the mall will be sent.
rpta dy e : Password credentials for connecting to databases can now be stored in a client-side Oracle wallet, a secure software container used to store authentication and signing credentials. This wallet usage can simplify large-scale deployments that rely on password credentials for connecting to databases. When this feature is configured, application code, batch jobs, and scripts no longer need embedded user names and passwords. Risk is reduced because such passwords are no longer exposed in the clear, and password management policies are more easily enforced without changing application code whenever user names or passwords change.