6.
How do you manage fine-grained auditing?
- A.With the AUDIT and NOAUDIT statements
- B.With the DBMS_FGA package
- C.With the GRANT and REVOKE statements
- D.With the CREATE, ALTER, and DROP statements
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Fine-grained auditing is managed using the DBMS_FGA package. The AUDIT and NOAUDT statements are used to manage statement, privilege, or object auditing. The GRANT and REVOKE statements are used to manage system, object, and role privileges. The CREATE, ALTER, and DROP statements are used to manage several types of database objects and settings. |
7.
Which of the following activities can be audited?
- A.Unsuccessful deletions from the audit_trail table
- B.Unsuccessful selects from the employee_salary table
- C.All GRANT and REVOKE statements on procedures executed by user system
- D.All of the above
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
Audit unsuccessful deletions from the audit table with the following SQL: AUDIT DELETE ON sys.aud$ WHENEVER NOT SUCCESSFUL; Audit unsuccessful selects from all tables with the following: AUDIT NOT EXISTS; Audit all grant and revoke statements on procedures executed by user SYSTEM with the following: AUDIT grant procedure BY system; |
8.
Where can the database write audit_trail records?
- A.In a database table
- B.In a file outside the database
- C.Both in the database and in an operating system file
- D.Either in the database or in an operating system file
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| The destination of audit_trail records is controlled by the initialization parameter audit_ trail. Setting this parameter to DB or DB_EXTENDED causes the audit trail to be written to a database table. Setting the parameter to OS causes the audit trail to be written to an operating system file. |
9.
Which of the following SQL statements limit attempts to guess passwords by locking an account
after three failed logon attempts?
- A.alter profile default limit failed_login_attempts 3;
- B.alter system set max_logon_failures = 3 scope=both;
- C.alter user set failed_login_attempts = 3;
- D.alter system set failed_login_attempts = 3 scope=both;
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| You limit the number of failed logon attempts with a profile. |
10.
Which of the following statements about user administration and security is the most true?
Select the best answer.
- A.Password-protected roles require a password before they can become enabled.
- B.You can disable any role that you find in your session_roles view.
- C.If you execute alter profile student limit idle_time 10; and then execute alter user scott profile student;, then user scott will be disconnected from future sessions after 10 minutes of idle time.
- D.You can limit a table to a maximum size on disk.
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| This question is tricky. All the options look correct and in fact are mostly true. But option D is the most correct option. Password-protected roles that are included in a user's default role list are enabled by default and do not need a password. Your session_roles view contains both roles granted directly to you and those you inherit through another role. You cannot disable roles that you inherit by way of another role without disabling the role granted directly to you. For example, you cannot disable SCHEDULER_ADMIN without disabling DBA. Limiting a profile to 10 minutes of idle time will cause future sessions to timeout after 10 idle minutes, but only if the initialization parameter RESOURCE_LIMIT is set to TRUE (the default is FALSE). Because each schema owner can be assigned tablespace quotas, you can effectively limit all of a user's segments to a maximum size, thus setting an upper limit on the size of any single table. |
|
|
||||||||||||||||||||||||||||
