oracle 1z0-116 practice test

Oracle Database Security Administration Exam

Last exam update: Nov 17 ,2024
Page 1 out of 6. Viewing questions 1-15 out of 90

Question 1

Which two statements are true about the Secure External Password Store (SEPS)?

  • A. Password credentials are stored on the database server.
  • B. Bypassing database authentication adds significant performance benefits to middle-tier applications.
  • C. The database does not need to authenticate the connection because the password credentials are stored in a wallet.
  • D. Wallet usage secures deployments that rely on password credentials for connecting to databases Instances.
  • E. Password rotation policies can be enforced without changing application code.
Mark Question:
Answer:

AD


User Votes:
A 3 votes
50%
B
50%
C 3 votes
50%
D 3 votes
50%
E 3 votes
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000
econdeal
8 months ago

rpta dy e : Password credentials for connecting to databases can now be stored in a client-side Oracle wallet, a secure software container used to store authentication and signing credentials. This wallet usage can simplify large-scale deployments that rely on password credentials for connecting to databases. When this feature is configured, application code, batch jobs, and scripts no longer need embedded user names and passwords. Risk is reduced because such passwords are no longer exposed in the clear, and password management policies are more easily enforced without changing application code whenever user names or passwords change.

econdeal
6 months, 3 weeks ago

Password policies are more not can be??? the responce cyd


Question 2

You export and Import a table's data using Data Pump connected as a user who Is assigned DBA role
with default privileges.
There is a data redaction policy on the table.
Which two statements are true about the redaction policy?

  • A. The actual data in the tables is copied to the Data Pump target system with the redaction policy applied.
  • B. The policy Is not Included In export and Import operation.
  • C. The actual data in the tables is copied to the Data Pump target system without being redacted.
  • D. The policy Is Included In the export and Import operation but is not applied by default to the objects In the target system.
  • E. The policy is included in the export and import operation and applied by default to the objects in the target system.
Mark Question:
Answer:

BC


User Votes:
A 1 votes
50%
B 2 votes
50%
C 3 votes
50%
D 2 votes
50%
E 1 votes
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000
econdeal
7 months, 3 weeks ago

The DATAPUMP_EXP_FULL_DATABASE role includes the powerful EXEMPT REDACTION POLICY system privilege.

Remember that by default the DBA role is granted the DATAPUMP_EXP_FULL_DATABASE role as well as DATAPUMP_IMP_FULL_DATABASE.

This enables users who were granted these roles to be exempt from Data Redaction policies. This means that, when you export objects with Data Redaction policies defined on them, the actual data in the protected tables is copied to the Data Pump target system without being redacted. Users with these roles, including users who were granted the DBA role, are able to see the actual data in the target system.


Question 3

Examine this query:

Why is this account in this status?

  • A. The account uses a global authentication.
  • B. The user exceeded the value of FAILED_LOGIN _ATTEMPTS and its password has not been reset yet.
  • C. The account has the SYSDBA privilege granted.
  • D. The user exceeded the value of PASSWORD_LIFE_TIME and Its password has not been reset yet
  • E. The ACCOUNTS_ STATUS column is not updated until the user attempts to log in.
Mark Question:
Answer:

C


User Votes:
A
50%
B 3 votes
50%
C 1 votes
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000
prha
9 months, 2 weeks ago

LOCKED(TIMED)

The account is locked because the number of consecutive failed login attempts exceeded the FAILED_LOGIN_ATTEMPTS limit and the PASSWORD_LOCK_TIME has not yet elapsed. The account can be unlocked either by the ALTER USER ... ACCOUNT UNLOCK command or by waiting until the PASSWORD_LOCK_TIME has elapsed.


Question 4

You are the Service Consumer In the Cloud Shared Responsibility Model.
Which three are your responsibility when using the Infrastructure as a Service (IaaS)?

  • A. application
  • B. host Infrastructure
  • C. network
  • D. data
  • E. physical
  • F. guest OS
  • G. virtualization
  • H. database
Mark Question:
Answer:

BFG


User Votes:
A 2 votes
50%
B 2 votes
50%
C 1 votes
50%
D 2 votes
50%
E 1 votes
50%
F 2 votes
50%
G 1 votes
50%
H 2 votes
50%
Discussions
vote your answer:
A
B
C
D
E
F
G
H
0 / 1000
econdeal
8 months ago

Review https://www.oracle.com/a/ocom/docs/cloud/oracle-ctr-2020-shared-responsibility.pdf

econdeal
7 months, 3 weeks ago

respuesta a,d,f


Question 5

Which two statements are true about running the Oracle Database Security Assessment Tool (DBSAT)
Collector?

  • A. It runs only on UNIX/Linux systems.
  • B. It must connect to the database using a SYSDBA connection.
  • C. It must be run by an OS user with read permissions on files and directories under ORACLE_HOME.
  • D. It runs only on Windows systems.
  • E. It must be run on the server that contains the database.
Mark Question:
Answer:

CD


User Votes:
A
50%
B 3 votes
50%
C 3 votes
50%
D 1 votes
50%
E 3 votes
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000
prha
9 months, 2 weeks ago

B. True. DBSAT Collector requires a SYSDBA connection to the database for data collection.
E. True. It must be run on the server containing the database to collect accurate information about the database environment.

econdeal
8 months ago

rpta c y e . In order to collect complete data, the Oracle DBSAT Collector must be run on the server that contains the database, because it executes some operating system commands to collect process and file system information that cannot be obtained from the database. In addition, the Oracle DBSAT Collector must be run as an OS user with read permissions on files and directories under ORACLE_HOME in order to collect and process file system data using OS commands.


Question 6

Which two represent the set of users that are never affected by connect command rules?

  • A. SYS
  • B. users with the DV_ACCTMGR role
  • C. users with the DV_OWNER role
  • D. users with the DV_ADMIN role
  • E. SYSTEM
Mark Question:
Answer:

CE


User Votes:
A
50%
B 1 votes
50%
C 2 votes
50%
D 2 votes
50%
E 1 votes
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000
econdeal
8 months ago

Rpta c yd . the CONNECT command rule does not apply to users with the DV_OWNER and DV_ADMIN roles.


Question 7

You must rekey encrypted sensitive credential data In your database.
You run the command alter database dictionary rekey credentials.
Which three options ate true about the bkkey process?

  • A. Credential Data Is automatically encrypted using aes2S6.
  • B. The credential data encryption process does not de-obfuscate the obfuscated passwords before re-encrypts begin.
  • C. Both sys. links and sys . SCHEDULER_CREDENTIAL tables are rekeyed.
  • D. The rekey process prompts the user to provide a new key algorithm If needed.
  • E. The process of rekeylng does not automatically open the keystore.
  • F. The rekey process only applies to the sys.ltnks CREDENTUIALS table.
  • G. The rekey process only applies to the SYS.SCHEDULES$ credential table.
Mark Question:
Answer:

BFG


User Votes:
A 2 votes
50%
B 1 votes
50%
C 2 votes
50%
D
50%
E 2 votes
50%
F 1 votes
50%
G 1 votes
50%
Discussions
vote your answer:
A
B
C
D
E
F
G
0 / 1000
econdeal
8 months ago

A. You can manually encrypt the data that is stored in the SYS.LINK$ and SYS.SCHEDULER$_CREDENTIAL tables by using the ALTER DATABASE DICTIONARY statement. Though this feature makes use of Transparent Data Encryption (TDE), you do not need to have an Advanced Security Option license to perform the encryption, but you must have the SYSKM administrative privilege. TDE performs the encryption by using the AES256 (Advanced Encryption Standard) algorithm. The encryption follows the same behavior as other data that is encrypted using TDE.

Not b. and c ok. The database must have an open keystore and an encryption key before you run the ALTER DATABASE DICTIONARY statement with the ENCRYPT CREDENTIALS clause to encrypt SYS.LINK$ and SYS.SCHEDULER$_CREDENTIAL. The credential data encryption process de-obfuscates the obfuscated passwords and then encrypts them. The encryption applies to any future password changes that users may make after you complete this proces

econdeal
7 months, 3 weeks ago

rpta e . it can be retrieved to perform a database operation without manual intervention. However, some keystore operations that require the keystore password cannot be performed when the auto-login keystore is open. The auto-login keystore must be closed and the password-protected keystore must be opened for the keystore operations that require a password.


Question 8

Examine these steps:
1. Run the DBSAT Collector
2. Run the DBSAT Discoverer
3. Run the DBSAT Reporter
Identify the minimum required steps for producing a report of schemas with sensitive data.

  • A. 1,2
  • B. 2
  • C. 1,2,3
  • D. 2,3
Mark Question:
Answer:

C


User Votes:
A
50%
B 2 votes
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
econdeal
8 months ago

DBSAT Discoverer uses a configuration file along with
one or more pattern files that describe sensitive data
types, and regular expressions used to search column
names and column comments


Question 9

Examine this code which executes successfully:

If the IN_OFFICE_ON_WEEKEND rule set returns true for an attempt to connect from Inside the office
on weekends, which two are true about the effects of this configuration?

  • A. JIM con never connect.
  • B. This has no effect on tom's connect attempts.
  • C. TOM can never connect.
  • D. JIM can only connect when In the office on weekends.
  • E. This has no effect on JIM'S connection attempts.
Mark Question:
Answer:

AD


User Votes:
A 2 votes
50%
B 2 votes
50%
C 1 votes
50%
D 2 votes
50%
E 2 votes
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000
econdeal
7 months, 1 week ago

D. IF The Rule set IN_OFFICE_ON_WEEKEND no enable a all connect on weekend from inside off Office , except Jim.
A. if The Rule set IN OFIICE ON WEEKEND able a all connect only to connect on weekend from inside off office , in this case jim can connect never ?
B. Tom is has Disabled RUle enable, this rule disable all security , then Tom can connect always ??


Question 10

Database user SCOTT requires the privilege to select from all tables and you decide to configure this
using a global role.
You have not yet configured the database with Enterprise User Security.
You plan to perform these steps:
1. create role GLOBAI._ROI.E identified globally;
2. grant select any table to GLODAL_COLE;
3. grant GLOBAL_ROLE to SCOTT;
What is the result?

  • A. All statements succeed even without Enterprise User Security configuration, but the role is not effective.
  • B. The third statement falls because global roles can be granted only by using a central authority.
  • C. The second statement falls because granting a global role can be completed only by using a central authority.
  • D. The first statement falls because the database Is not set up with Enterprise User Security.
Mark Question:
Answer:

D


User Votes:
A 1 votes
50%
B 2 votes
50%
C
50%
D 2 votes
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

Which three are true concerning command rules?

  • A. System privileges override command rules.
  • B. If a command rule's associated rule set evaluation results In an error, the command is not allowed to execute.
  • C. A command can have only one command rule that applies to it.
  • D. For DML statement command rules, you can specify a wildcard for the object owner.
  • E. If a command rule's associated rule set Is disabled, then the rule set evaluates to true.
  • F. For DML statement command rules, you can specify a wildcard for the object name.
  • G. Object privileges override command rules.
Mark Question:
Answer:

ADF


User Votes:
A 1 votes
50%
B 2 votes
50%
C
50%
D 2 votes
50%
E 2 votes
50%
F 2 votes
50%
G
50%
Discussions
vote your answer:
A
B
C
D
E
F
G
0 / 1000
econdeal
7 months, 1 week ago


D, F Oracle Database Vault queries all the command rules that need to be applied.
For SELECT, DDL, and DML statements, multiple command rules may apply because the object owner and object name support wildcard notation.
B. If the associated rule set of any of the applicable command rules returns false or errors, Oracle Database Vault prevents the command from executing
E. If you disable a rule set, then the rule set always evaluates to TRUE.
C. FALSE . To customize and enforce the command rule, you associate it with a rule set, which is a collection of one or more rules.
G. False Command rules override object privileges.

econdeal
6 months, 3 weeks ago

E False , say if a command rule associated set is disabled no disable rule set THen the correct is B D y F


Question 12

You configured Kerberos authentication for databases running on servers A and B.
However a database link connecting the database on server A to the database on server B fails with
ORA-12638 Credential retrieval failed.
Where must you make a change to sqlnet.ora to allow the database link to use its stored credentials
Instead of trying to use Kerberos?

  • A. on client side of server B
  • B. on client side of server A
  • C. on server side of server B
  • D. on server side of server A
Mark Question:
Answer:

B


User Votes:
A
50%
B 2 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

A DBA user created and configured this secure application role:

Why does the error occur?

  • A. User psmith Is connecting outside of the SYSDATE specified.
  • B. The set hole hr_admin stuternent must be executed with the dbms. session. set_role procedure.
  • C. user psmith is connecting remotely.
  • D. The HR_ADMIN role must be granted to user PSMITH.
  • E. The HR.ROLE_CHECK procedure must be created with the AUTHID CURRENT_USERR clause.
  • F. The HR.ROLE_CHECK procedure must be created without the AUTHID clause.
Mark Question:
Answer:

D


User Votes:
A
50%
B
50%
C 2 votes
50%
D 1 votes
50%
E 1 votes
50%
F
50%
Discussions
vote your answer:
A
B
C
D
E
F
0 / 1000
econdeal
7 months ago

rpta C. i test that , only remoty is the error.

econdeal
6 months, 3 weeks ago

se corrige la respuesta es e The HR.ROLE_CHECK procedure must be created with the AUTHID CURRENT_USERR clausere


Question 14

You must mask data consistently In three database copies such that data relations across the
databases remain In place.
Which Data Masking Format allows this?

  • A. Shuffle
  • B. Auto Mask
  • C. Array List
  • D. Substitute
  • E. Random Strings
Mark Question:
Answer:

A


User Votes:
A 1 votes
50%
B
50%
C
50%
D 2 votes
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000
econdeal
7 months ago

Respuesta D. Deterministic masking provides a solution for this problem. You can use the Substitute format to mask employee ID column(s) in all three databases. The Substitute format uses a table of values from which to substitute the original value with a mask value. As long as this table of values does not change, the mask is deterministic or consistent across the three databases


Question 15

Examine this list:
1. You must monitor access to email column or salary column In the employees table.
2. If any activity is detected, the action must be audited and a notification sent out by email.
3. The database has Unified Auditing enabled.
4.
You have created and successfully tested the email sending procedure,
sysadmin_fga.emaii._ai.ert.
You create the audit policy:

A user with select privilege on hr.employees executes this :
SELECT email FROM HR.EMPLOYEES;
What will be the result?

  • A. The query will be executed, an entry will be created in the unified audit trail, and the mail will be sent.
  • B. The query will be executed, an entry will be created In FGA_LOG$ table, and the mall will be sent.
  • C. The query will be executed, but no audit entry will be created nor any mail sent.
  • D. The query will be executed, no audit entry will be created but the mall will be sent.
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C 2 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2