QUESTION NO: 24
You check the Risk Matrix of the latest Critical Patch Update (CPU).
One of the " Common Vulnerability and Exposure’’ reports (CVEs) has Base Score that is above 9 in the Risk Matrix.
Which one is not a supported method to address this CVE? A. Request a one off patch exception from Oracle Support. B. Implement a workaround recommended by Oracle Support. C. Upgrade to a new Release. D. Install a new Release Update. E. Install a new Release Update Revision.
QUESTION NO: 25
A database link must be created to connect a source Autonomous Database to target on premises database.
Examine this command:
BEGIN
DBMS_CLOUD ADMIN.CREATE_DATABASE_LINK (
db_link_name => SALESLINK',
hostname => 'sales.tgt.example.com',
port => 1522',
service_name => 'salesdb.example.com",
ssl_server_cert_dn => 'CN-sales.tgt.example.com, OU=Sales, O=Example DotCom, L=Redwood City,ST-California,C=US,
credential_name => 'DB_LINK_CRED',
directory_name => 'DATA_PUMP_DIR')
END;
Which two options are true? A. The target database wallet can be uploaded to the DATA_PUMP_DIR directory. B. The DB_LINK_CRED parameter stores the password in a wallet. C. The DB_LINK_CRED references the credential for the username and password for the target database. D. The credential_name parameter automatically creates the credential object store. E. The database link port Is not correct because It must be restricted to 1521. F. Only data_pump_dir directory can be used to store credential wallets.
QUESTION NO: 26
Which two tasks should you perform initially to Implement native network encryption without disrupting client applications? A. Upgrade all OCI-basod clients to match the database version. B. Set the server side sqlnet.ora parameter SQLNET.ENCRYPTION_SERVER = REQUESTED. C. Configure the listener with an endpoint for protocol TCPS. D. Verify which clients have encrypted connections using the view v$session_CONNECT_INFO. E. Set the client side sqlnet.ora parameter SQLNET.ENCRYPTION _CLIENT = REQUIRIED. F. Set the server side sqlnet.ora parameter SQLNET.CRYPTO_CHECKSOM_SERVER - ACCEPTED. G. Modify all JDBC Thin based clients to include network encryption parameters in Java.
QUESTION NO: 27
Examine this sqlnet.ora file used by a client application:
SQLNET.AUTHENTICATION SERVICES= (BEQ, TCPS)
SSL_VERSION = 1.2
SSL_CLIENT_AUTHENTICATION = TRUE
WALLET_LOCATION=
(SOURCE =
(METHOD = FILE)
(METHOD_DATA =
(DIRECTORY = /etc/oracle/client/wallet)
)
)
Which three are found in the wallet specified by the directory parameter? A. the private key of the database service B. the trusted certificates of the database service C. the user certificate used to uniquely Identify the database service D. the private key of the client application E. the username, password, and service name required to connect to the database F. the user certificate used to uniquely Identify the client application G. the trusted certificates of the Certification Authority.
QUESTION NO: 28
When creating labels using Oracle Label Security, which is required? A. level and group B. level, compartment, and group C. compartment D. group E. level F. compartment and group G. level and compartment.
QUESTION NO: 29
Which statement is true about Network ACLs? A. They ate used to control access by users to external network services and resources from the database through PL/SQL. B. They are used to provide access to database packages. C. They are used to control the usage of UTL_TCP, ITL_HTTP, and UTL_INADDR. D. They are used to configure proxy for PL/SQL network utility packages. .
QUESTION NO: 30
An audit administrator wants to log Client Context variables In the audit trail.
Examine this query and the output:
SQL> select ACTION_NAME, APPLICATION_CONTEXTS
from UNIFIED_AUDIT_TRAIL
where UNIFIED_AUDIT_POLICIES = 'HR_EMP_POL';
ACTION_NAME APPLICATION_CONTEXTS
----------- --------------------
SELECT (HR_CTX, HR_APP_ID=2323); (USERENV, CURRENT_USER=HR); (USERENV, DB_NAME-ORCLPDB) A. AUDIT CONTEXT NAMESPACE hr_Ct:x ATTRIBUTES hr_app_id NAMESPACE USERENV ATTRIBUTES ALL BY hr; B. AUDIT CONTEXT NAMESPACE hr_ctx ATTRIBUTES hr_app_id NAMESPACE USERENV ATTRIBUTES current_user, db_name BY HR; C. CREATE AUDIT POLICY hr_omp_pol ACTIONS UPDATE ON hr.employoes; D. AUDIT CONTEXT NAMESPACE hr_ctx ATTRIBUTES hr_app_id, current_user, db_name BY hr E. AUDIT POLICY hr_emp_pol BY hr; F. CREATE AUDIT POLICY hr_emp_pol ACTIONS SELECT ON hr. employees; G. AUDIT POLICY hr_emp_pol EXCEPT hr;.
QUESTION NO: 31
Which two commands can a user with the syskm privilege execute? A. ALTER DATABASE DICTIONARY REKEY CREDENTIALS; B. SELECT * FROM DBA_OBJECTS; C. SELECT * FROM DBA_TABLESPACES WHERE ENCRYPTED = 'YES*; D. ADMINISTER KEY MANAGAMENT SET KEYSTORE OPEN IDENTIFIED BY password; E. ALTER SYSTEM FLUSH PASSWORDFILE_METADATA_CACHE; F. ALTER TABLESPACE APPDATA ENCRYPTION OFFLINE ENCRYPT;.
QUESTION NO: 33
Oracle Database Vault is enabled In the database. You have these requirements:
1. Database administrator dba1 must export and import data from and to a non-protected schema.
2. Database administrator dba2 must export and Import data from and to a protected schema.
Which three options together satisfy these requirements? A. Grant become user to dba1. B. Grant sysoper to both users. C. Run dbms_macadm.authorize_datapump_user procedure granting dba1 privileges to impdp and expdp utilities. D. Grant imp_full_database and exp_full_database to dba1 and dba2. E. Run dbms_macadm.authorize_datapump_user procedure granting dba2 privileges to impdp and expdp utilities. F. Grant become user to dba2. G. Grant sysdba to both users.
QUESTION NO: 34
While upgrading your Oracle database server from 10g to 19c, you want to ensure that the users can still connect with their current passwords after the upgrade.
What do you need to set explicitly for this purpose? A. SQLNET.ALLOWED_LOGON_VERSION_SERVER = 12a in the sqlnet.ora of the new database home B. Client net. allowed_lLOGON_VERSION_client must be set to a lower value than the server SQLNET.ALLOWED_LOGON_VERSION_SERVER C. SQLNET.ALLOWED_LOGON_VERSION_client = 8 in the sqlnet.ora file of the client application D. SQLNET.ALLOWED_LOGON_VERSION_SERVER= 8 In the sqlnet.ora of the new database home. .
QUESTION NO: 35
You must redact the salary column of the HR.EMPLOYEES table to display only the number o.
Examine this syntax:
1. SQL> BEGIN
2. DBMS REDACT.ADD_POLICY
3. (object_schema => 'HR',
4. object_name => 'EMPLOYEES',
5. policy_name => 'EMPSAL_POLICY',
6. column_name => 'SALARY',
7. function_type =>
8. expression => '1-1');
9. END;
Which function type must be Inserted at the end of line #7? A. DBMS_BEDACT.NONE B. DBMS_REDACT.PARTIAL C. DBMS_REDACT.FULL D. DBMS REDACT.REGEXP E. DBMS_RE DACT.RANDOM.
QUESTION NO: 36
Examine this security parameter and Its value:
SEC_USER_UNAUTHORIZED_ACCESS_BANNER=/opt/oracla/admin/data/unauthwarninq.txt In which file must you include this parameter?
A. init.ora B. listener.ora C. sqlnet.ora D. tnsnames.ora E. names.ora F. server.xml.
QUESTION NO: 37
Examine this statement and its result:
SQL > show parameter audit_trail
NAME TYPE VALUES
----------- ------ ------
audit_trail string DB
You issue this statement and then restart the database instance:
SQL> alter system set audit_trail = db,extended scope=spfile;
Which Is true about generated audit records? A. They now Include all application context attribute values. B. They are now written to XML files as well as the database. C. They now Include SQL statements and any bind variables. D. Information is now populated in auds .commentstext.
QUESTION NO: 38
Which two privileges can be restricted at the column level? A. SELECT B. INSERT C. REVOKE D. UPDATE E. GRANT F. DELETE .
QUESTION NO: 39
You are connected to an Oracle database Instance as a user with privileges to query the hr.employees table.
You are not exempt from any reduction policies.
Examine this query and result:
SQL> select first_name, last_name, salary
from hr.employees
where salary> 17000;
FIRST_NAME LAST_NAME SALARY
---------- --------- ------
Steven King 24000
You implement this Data Redaction policy:
BEGIN
DBMS_REDACT.ADD_POLICY (OBJECT_SCHEMA => 'HR', OBJECT_NAME => 'EMPLOYEES', POLICY_NAME => 'HR_EMPLOYEE_REDACT', EXPRESSION => '1=1');
DBMS_REDACT.ALTER_POLICY (OBJECT_SCHEMA => 'HR', OBJECT_NAME => 'EMPLOYEES', POLICY_NAME => 'HR_EMPLOYEE_REDACT', FUNCTION_TYPE => DBMS_REDACT.FULL, ACTION => DBMS_REDACT.ADD_COLUMN, COLUMN_NAME => 'SALARY');
END;
/
You re-execute the select statement.
What is the result?
A)
No rows will br returned
B)
FIRST_NAME LAST_NAME SALARY
---------- --------- ------
Steven King
C)
ORA-28094: SQL construct not supported by data redaction
D)
FIRST_NAME LAST_NAME SALARY
---------- --------- ------
Steven King xxxxx
E)
FIRST_NAME LAST_NAME SALARY
---------- --------- ------
Steven King 0
A. Option A B. Option B C. Option C D. Option D E. Option E .
QUESTION NO: 40
Database Vault Is configured and enabled In the Oracle database.
Three users are granted the dba, dv_omneb, and dv_acctmgb roles.
There is a requirement to create a user who can:
1. Connect to the database Instance
2. Select from dictionary views
Which users can complete the operation to meet the requirement? A. users granted DV_ACCTMGR and DV_OWNER roles B. users granted DV_OWNER role C. users granted DBA and DV_OWNER roles D. users granted DV_ACCTMGR and DBA roles.
QUESTION NO: 41
Examine these commands and responses:
SQL> connect karen@ORCL
connected.
SQL> show user
USER is "GUEST"
User Karen is an enterprise user.
Which two commands are used to allow this login? A. GRANT CREATE SESSION TO karan; B. CREATE USER guest IDENTIFIED BY karen; C. CREATE USER karen IDENTIFIED BY guest; D. CREATE USER guest IDENTIFIED GLOBALLY as ' '; E. GRANT CREATE SESSION TO guest;.
QUESTION NO: 42
User jane must report on who has done RMAN backups on a database that has Unified Auditing enabled.
What is the minimum that must be done to allow JANE to generate these reports? A. Use create audit policy. B. Use grant audit_admin to Jane; C. Use grant audit_viewer to Jane; D. Use alter system set AUDIT_SYS_OPERATION= TRUE; .
QUESTION NO: 43
Which two are true about auditing in an Oracle Database? A. SYS logon operations are always audited In unified auditing. B. All SYS operations are audited by default in unified auditing. C. No SYS operations are audited by default In unified auditing. D. SYS logon operations are always audited in mixed mode auditing. E. No SYS operations are audited if audit_sys_operations is set on false in unified auditing. F. No SYS operations are audited if audit_sys_operations is set on false in mixed mode auditing.
QUESTION NO: 44
Examine these steps:
1. Run the DBSAT Collector
2. Run the DBSAT Discoverer
3. Run the DBSAT Reporter
Identify the minimum required steps for producing a report of schemas with sensitive data. A. 1,2 B. 2 C. 1,2,3 D. 2,3 .
QUESTION NO: 45
For which two reasons would you define Network ACLs? A. for configuring fine-grained access control for users and roles that need to access external network services from the database B. for configuring fine-grained access control to Oracle wallets to make HTTP requests that require password or client certificate authentication C. to create auditing policies regarding the usage of network services from the database D. to block network attacks or denial of service attacks directed at the database E. to Improve the performance of the database applications that require access to remote network services .
QUESTION NO: 46
Examine this code which executes successfully:
BEGIN
DBMS_MACADM.CREATE_CONNECT_COMMAND_RULE (
user_name => 'JIM'
rule_set_name => 'IN_OFFICE_ON_WEEKEND',
enabled => 'n'
);
DBMS_MACADM.CREATE_CONNECT_COMMAND_RULE (
user_name => 'TOM',
enabled => 'y'
rule_set_name => 'Disabled',
enabled => 'y'
);
END;
If the IN_OFFICE_ON_WEEKEND rule set returns true for an attempt to connect from Inside the office on weekends, which two are true about the effects of this configuration?
A. JIM con never connect. B. This has no effect on tom's connect attempts. C. TOM can never connect. D. JIM can only connect when In the office on weekends. E. This has no effect on JIM'S connection attempts.
QUESTION NO: 47
Examine this command that Is executed:
BEGIN
DBMS_TSDP_PROTECT.ENABLE_PROTECTION_COLUMN (
schema_name => 'HR',
table_name => 'EMPLOYEES',
column_name => 'SALARY',
policy => 'REDACT_AUDIT');
END;
/
What is the result? A. The salary column is fine grain audited. B. The salary column is nullified when queried by the database users. C. The bind variables for the salary column are masked In trace files and v$views. D. The salary column is encrypted using TDE column encryption. E. The salary column is redacted when queried by database users.
QUESTION NO: 32
Database Vault is not used in your installation.
Why is a conventional secure application role more secure than a normal role? A. It Is In effect only when configured as a default role for the user. B. It requires a password to be set. C. It can be set only by a package or procedure that is created with deflner's rights. D. It can be set only by users with the grant any role privilege. E. It can be set only by a package or procedure associated with the role definition.
|
