Oracle Database 11g Security Essentials
Question No: 11
Oracle Data Masking Pack allows you to perform which three actions?
Use predefined mask formats
Back up your data
Preview sample data before masking
Define application masking templates
Answer: A,C,D Explanation:
It#39;s not abackupsolution but it has anopportunityto share data, wheresensitiveinformationis masked.
Question No: 12
Based on which four factors can a Oracle Database Vault prevent access?
Time of day
Values in a column
Answer: A,B,C,D Explanation:
With Database Vault organizations can define authorization rules based on internal and external factors, suchas ip address, time of day, application being used, authentication type, etc. Database Vault rules can beassociated with over two dozen individual database
commands, such as create table, create view, drop tableand comes with many built-in factors, all of which can be extended via APIs
Question No: 13
Which of the following requires values in a specific column in targeted tables?
Database Vault realms
Database Vault command rules
Virtual Private Database
Answer: C Explanation:
VPD Provides column-level security (column masking)
Question No: 14
To implement a rigorous separation of duties policy, you should have separate named accounts defined for which three of the following areas?
Database account management
Database security management
Answer: A,B,D Explanation:
Oracle Database Vault defines the following main responsibilities:
Account management. Account management entails creating, modifying, and dropping user accounts.
Security administration. Security administration covers basic security tasks such as creating realms andcommand rules, setting security policies for database users’ access, and authorizing database users for jobsthey are allowed to perform.
Resource management. Resource management refers to managing the database system but not accessingbusiness data. It includes the following operations:
-Backup operations require a predefined time to perform the backup using predefined tools.
-Tuning and monitoring operations require ongoing performance monitoring and analysis.
-Patching operations require temporary access only during the time the patching takes place
Question No: 15
Which of the following statements about Transparent Data Encryption (TDE) is NOT true?
For a partitioned table, you can have some partitions in encrypted tablespaces and some in non- encryptedtablespaces.
For a partitioned table, you can encrypt a column in some partitions and not in others.
A range-based selection condition can use an index with tablespace-based Transparent Data Encryption(TDE).
An index on a value in an encrypted tablespace does not have to be encrypted.
Answer: A Explanation:
ORA-28346: an encrypted column cannot serve as a partitioning column
Cause: An attempt was made to encrypt a partitioning key column or createpartitioning index with encrypted columns.
Action: The column must be decrypted. ORA-28347: encryption properties mismatch
Cause: An attempt was made to issue an ALTER TABLE EXCHANGE
PARTITION | SUBPARTITION command, but encryption properties weremismatched. Action: Make sure encryption algorithms and columns keys are identical. Thecorresponding columns must be encrypted on both tables with the same salt andnon-salt flavor.
You can create an index on an encrypted column if it has been encrypted without salt. TDE tablespace encryption also allows index range scans on data in encryptedtablespaces. This is not possible with TDE column encryption.
If you need to perform range scans over indexed, encrypted,columns, then you should use TDE tablespace encryption in place ofTDE column encryption.
Question No: 16
Which two of the following are reasons to use Oracle Audit Vault?
To consolidate audit reports from multiple databases
To reduce the performance impact of auditing across multiple databases
To limit space required for audit trails
To ensure consistent auditing across multiple databases
Answer: A,C Explanation:
Audit repository exists for Oracle database (Release 10.2.0.4) to consolidate and manage audit trail records.
By default, ARCHIVELOG mode is enabled in the Audit Vault Server database. The ARCHIVELOG modecopies filled online redo logs to disk. This enables you to back up the database while it is open and beingaccessed by users, and to recover the database to any desired point in time. You should monitor the diskspace usage for the redo logs.
Question No: 17
The data in the primary database is encrypted using TDE. With which type of Data Guard standby must you have a wallet open on the standby server?
Both physical and logical standby
Neither physical nor logical standby requires an open wallet
Answer: C Explanation:
Oracle Data Guard supports Transparent Data Encryption (TDE). If the primarydatabase uses TDE, then each standby database in a Data Guard configuration musthave a copy of the encryption wallet from the primary database. If you reset themaster encryption key in the primary database, then the wallet containing the masterencryption key needs to be copied to each standby database.
Question No: 18
In terms of security, what use case is a classic example of separation of duties?
Denying users access to administrative functions
Denying managers access to employee data
Denying administrators access to data values
Allowing administrators to back up data from only one department
Allowing administrators to back up data from an entire enterprise
Answer: C Explanation:
Separation of duties is denying administrators access to data values.
Question No: 19
Your customer realizes that they must implement more robust and flexible auditing for their enterprise databases. However, based on the specific requirements of their particular industry, they are concerned that they may not be able to achieve their goals with Oracle Audit Vault. Which three features does Oracle Audit Vault provide to allow them to achieve their very specific goals?
You can use Oracle Audit Vault to compare security policies with current settings on target databases.
You can use Orade Audit Vault to create custom audit reports to span audit information from multipledatabases.
You can use Oracle Audit Vault to provide custom auditing for many different types of databases.
You can use Oracle Audit Vault to collect data from multiple types of databases.
Answer: B,C,D Explanation:
This section provides guidelines for selecting the correct Oracle Audit Vault collectorfor the source databases from which you want to extract audit data. In brief, for OracleDatabase,
the type of collector that you select depends on the type of auditing that youhave enabled in the source database. The Microsoft SQL Server, Sybase ASE, and IBMDB2 databases each use one collector specific to each of these database products.
Question No: 20
How do you handle Oracle audit trails after the audit records have been inserted into Oracle Audit Vault?
Audit trails must be deleted manually
Oracle Audit Vault automatically cleans up audit trails after the audit records have been inserted Into theVault.
You cannot delete any audit trails when using Oracle Audit Vault.
You schedule Oracle Audit Vault jobs to clean up audit trails on a scheduled basis.
Answer: D Explanation:
Oracle Audit Vault is integrated with the DBMS_AUDIT_MGMT package on a sourcedatabase. This integration automates the purging of audit records from the AUD$ andFGA_LOG$ files, and from the operating system .aud and .xml files after they havebeen successfully inserted into the Audit Vault repository by the Audit Vault collector.
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|