QUESTION NO: 48
Examine the statement:
CREATE BOLE hr_admin IDENTIFIED USING pac_mgr.hr_admin_rola_ch9ck;
Which three are true about the sec_mgr. hr_admin_role_check procedure? A. It must use only one security check to validate the user. B. It must use the invokers rights to enable the role. C. It must use the deflner's rights to enable the role. D. It can Include one or more security checks to validate the user. E. It must contain a SET ROLE statement or a DBMS_SESSION.SET_ROLE call. F. It can use only the DBMS_SESSION. SET_ROLE procedure. G. Its owner SEC_MGR must be granted the execute any procedure role. H. It must include one or more security checks to validate user.
QUESTION NO: 49
You configured Kerberos authentication for databases running on servers A and B.
However a database link connecting the database on server A to the database on server B fails with ORA-12638 Credential retrieval failed.
Where must you make a change to sqlnet.ora to allow the database link to use its stored credentials Instead of trying to use Kerberos? A. on client side of server B B. on client side of server A C. on server side of server B D. on server side of server A.
QUESTION NO: 50
Which four products, features, or methods can help facilitate compliance with various privacy-related regulatory requirements such as PCI-DSS and the EU GDPR? A. Data Redaction B. Data Guard C. Real Application Clusters D. Transparent Data Encryption E. Data Masking & Subsetting F. Oracle TDE G. Database Vault H. GoldenGate I. Oracle Sharding J. Real Application Testing .
QUESTION NO: 51
You develop an HR application that must allow multiple sessions to share application attributes.
Which statement is executed while implementing the requirement? A. CREATE CONTEXT global_hr USING hr_pkg; B. CREATE CONTEXT global_hr USING hr_pkg ACCESSED GLOBALLY; C. CREATE CONTEXT global_hr USING hr_pkg INITIALIZED GLOBALLY; D. CREATE CONTEXT global_hr USING hr_pkg INITIALIZED EXTERNALLY;.
QUESTION NO: 52
The sqinet.oia file on the client contains this parameter setting:
SQLNET.ENCRYPTION_CLIEKT = REQUESTED
What value for the parameter sQLNET.ENCRYPTION _server In the sqlnet.ora file on the server will disable Encryption and Data Negotiation?
A. REQUESTED B. ACCEPTED C. REQUIRED D. REJECTED.
QUESTION NO: 53
A DBA user created and configured this secure application role:
CREATE ROLE hr_admin IDENTIFIED USING hr.role_check;
CREATE OR REPLACE PROCEDURE hr.role_check
AUTHID DEFINER
AS
BEGIN
IF (SYS_CONTEXT ('userenv', 'ip_address') = '127.0.0.1' OR TO_CHAR (SYSDATE, 'HH24')
BETWEEN 8 AND 17)
THEN
EXECUTE IMMEDIATE 'SET ROLE hr_admin';
END IF;
END;
/
GRANT EXECUTE ON hr.role_check to psmith;
Now user psmith attempts to execute this procedure:
SQL> EXECUTE hr.role_check
BEGIN hr.role_check; END;
*
ERROR at line 1:
ORA-06565: cannot execute SET ROLE from within stored procedure
ORA-06512: at "HR. ROLE_CHECK", line 9
ORA-06512: at line 1
Why does the error occur? A. User psmith Is connecting outside of the SYSDATE specified. B. The SET ROLE hr_admin statement must be executed with the DBMS_SESSION.SET_ROLE_PROCEDURE C. user psmith is connecting remotely. D. The HR_ADMIN role must be granted to user PSMITH. E. The HR.ROLE_CHECK procedure must be created with the AUTHID CURRENT_USERR clause. F. The HR.ROLE_CHECK procedure must be created without the AUTHID clause.
QUESTION NO: 54
Examine this output:
SQL> select from v$pwfile_users;
USERNAME SYSDB SYSOP SYSAS SYSBA SYSDG SYSKM CON_ID
-------- ----- ----- ----- ----- ----- ----- ------
SYS TRUE TRUE FALSE FALSE FALSE FALSE 0
JOHN FALSE FALSE FALSE TRUE FALSE FALSE 0
Which three are true? A. John must connect as system to perform backup and recovery operations. B. John can query dba tables. C. John can perform backup and recovery operations by using SQL. D. John can perform backup and recovery operations by using RMAN. E. John must connect as sys to perform backup and recovery operations. F. John Is not able to perform startup and shutdown operations. G. John can query other user's data. .
QUESTION NO: 55
You are required to remove embedded passwords from scripts that connect to database instances.
Which tool can be used to implement this requirement? A. orapki B. netca C. dbca D. netmgr E. mkstore F. owm.
QUESTION NO: 56
Examine these commands and responses:
SQL> connect mary
Enter password:
Connected.
SQL> exec U1.PROC2 ('Code')
BEGIN U1. PROC2 ('code'); END;
*
ERROR at line 1:
ORA-06598: insufficient INHERIT PRIVILEGES privilege
ORA-06512: at "U1.PROC2", line 1
ORA-06512: at line 1
Which object privilege must be granted to allow execution of the stored procedure? A. grant EXECUTE ON MARY.PBOC2 Co U1; B. grant INHERIT PRIVILEGES ON USER U1 TO MARY; C. grant INHERIT PRIVILEGES ON USER MARY TO Ul ; D. grant EXECUTE ON Ul.PROC2 TO MARY;.
QUESTION NO: 57
Which two statements are true about Valid Node Checking for Registration (VNCR)? A. It denies Instance registration through IPC. B. It can only be used with Oracle RAC. C. It enforces the Listener connectivity through TCPS. D. It is a replacement for Class of Secure Transport (COST). E. It restricts specific instances from registering with the Listener.
QUESTION NO: 58
Which two configurations can be used to protect sensitive data In a database? A. setting the SQL92_SECURITy initialization parameter to false B. enabling salt tor an encrypted column C. creating a procedure that defines the VPD restrictions in a VPD policy D. collecting sensitive data Information with Database Security Assessment Tool (DBSAT) E. enforcing row-level security at the table level F. enforcing row-level security at the database level.
QUESTION NO: 59
Database Vault is configured and enabled in the database. You create a rule set to enforce security on the hr.employees table.
Examine these requirements:
1. Users working In hr department are allowed to view all rows In HR.EMPLOYEES.
2. hr managers are allowed to view, update, and delete data in In HR.EMPLOYEES.
3. Audit records are to be collected for every evaluation of the rule set.
Which two options are true when creating the rule set? A. One rule set contains two rules OR'ed together. B. The rule set parameter audit_options must be set to dbms_macutl.g_ruleset_audtt_fail. C. The rule set must be defined as is_static. D. The rule set parameter eval_options must be set to dbms_macutl.g_ruleset_eval_all. E. The rule set parameter audit_options must be set to dbms_macutl.g_buleset_audit_fail + DBMS MACUTL.G RULESET AUDIT SUCCESS.
QUESTION NO: 60
Which type of masking directly masks and subsets data In a nonproduction database with minimal or no Impact on production environments? A. conditional format B. heterogeneous C. in-database D. deterministic E. In-export.
QUESTION NO: 61
Examine this parameter In sqinet.ora:
SQLNET.ADTHENTICATION_SERVICES=(NONE)
For which two cases do you need a password file? A. to authenticate externally Identified users locally B. to authenticate nonprivllegcd database users locally C. to authenticate administrative privileged users remotely D. to authenticate externally Identified users remotely E. to authenticate nonprivileged database users remotely F. to authenticate administrative privileged users locally.
QUESTION NO: 62
You must mask data consistently In three database copies such that data relations across the databases remain In place.
Which Data Masking Format allows this? A. Shuffle B. Auto Mask C. Array List D. Substitute E. Random Strings.
QUESTION NO: 63
For which two are Oracle Label Security policies not applied? A. partitioned tables B. direct path exports C. users with the SYSDA privilege other than sys D. objects in the SYS schema E. conventional path exports.
QUESTION NO: 64
Using Unified Audit, you must determine who performed an pkan backup ot recovery operations on a database. You are connected as sysdba.
Which statement(s) achieve this?
A)
grant audit_view to sys;
select RMAN_OPERATION, RMAN_OBJECT_TYPE, DBUSERNAME from unified_audit_trail;
B)
select RMAN_OPERATION, RMAN_OBJECT_TYPE, DBUSERNAME from unified_audit_trail;
C)
grant audit_admin to sys;
select RMAN_OPERATION, RMAN_OBJECT_TYPE, DBUSERNAME from unified_audit_trail;
D)
create audit policy rman_pol1 privileges create session;
select RMAN_OPERATION, RMAN_OBJECT_TYPE, DBUSERNAME from unified_audit_trail;
E)
alter system set AUDIT_SYS_OPERATION = TRUE;
select RMAN_OPERATION, RMAN_OBJECT_TYPE, DBUSERNAME from unified_audit_trail; A. Option A B. Option B C. Option C D. Option D E. Option E.
QUESTION NO: 65
As an Autonomous Transaction Processing (ATP) database administrator, you want to extend the storage capacity In the database.
Examine this command and output from the database:
CREATE TABLESPACE CRMTS;
ORA-01031: insufficient privileges
What is the reason for the error? A. The storage quota has been reached for the ATP database. B. The create TABLESPACE statement is not available in ATP. C. There is not enough storage available in the ATP database. D. You must be explicitly granted the create TABLESPACE privilege in ATP. E. Database Vault prevents you from executing this command.
QUESTION NO: 66
Examine these commands that execute successfully:
CREATE TABLE employee (
first_name VARCHAR2 (128) ENCRYPT ,
last name VARCHAR2 (128) ENCRYPT NO SALT,
empID NUMBER,
salary NUMBER (6) ENCRYPT );
CREATE INDEX ix employee on employee (last_name);
Examine the execution plan generated for this query:
SELECT * FROM employee WHERE last_name='King'
---------------------------------------
|Id | Operation | Name |
---------------------------------------
|0 | SELECT STATEMENT | |
|* 1 | TABLE ACCESS FULL| EMPLOYEE |
---------------------------------------
What must be done to allow the index to be used? A. Use tablespace encryption instead of column encryption. B. Add the first_name column to the ix_employee Index to Improve its selectivity. C. Create a SQL baseline to preserve the execution plan from before the encryption. D. Enable encryption hardware acceleration on the CPUs of the machine.
QUESTION NO: 67
Examine this command:
ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE
FROM KEYSTORE '/etc/ORACLE/WALLETS/orcl'
IDENTIFIED BY password;
Which two statements are true?
A. Opening the software keystore from remote computers is possible. B. Opening the software keystore from the local computer Is possible. C. Opening the software keystore from remote computers is not possible. D. Opening the software keystore must always be done manually on the local computer E. Opening the software keystore from the local computer is not possible. .
QUESTION NO: 68
You grant user JANE the SYSDBA administrative privilege. Which two are true? A. User JANE must always connect as SYSDBA to the database instance. B. User JANE can grant SYSDBA privilege to roles. C. User JANE must use operating system authentication. D. User JANE can create objects In sys schema only when connected as SYSDBA. E. User JANE acquires the DBA role by default. F. User JANE can backup and recover the database.
QUESTION NO: 69
Which two statements are true about running the Oracle Database Security Assessment Tool (DBSAT) Collector? A. It runs only on UNIX/Linux systems. B. It must connect to the database using a SYSDBA connection. C. It must be run by an OS user with read permissions on files and directories under ORACLE_HOME. D. It runs only on Windows systems. E. It must be run on the server that contains the database.
|
