rpta C. i test that , only remoty is the error.
oracle 1z0-116 practice test
Oracle Database Security Administration Exam
Last exam update: Apr 13 ,2025
Question 1
Which three are true concerning command rules?
- A. System privileges override command rules.
- B. If a command rule's associated rule set evaluation results In an error, the command is not allowed to execute.
- C. A command can have only one command rule that applies to it.
- D. For DML statement command rules, you can specify a wildcard for the object owner.
- E. If a command rule's associated rule set Is disabled, then the rule set evaluates to true.
- F. For DML statement command rules, you can specify a wildcard for the object name.
- G. Object privileges override command rules.
Answer:
ADF
Discussions
0
/ 1000
Question 2
You configured Kerberos authentication for databases running on servers A and B.
However a database link connecting the database on server A to the database on server B fails with
ORA-12638 Credential retrieval failed.
Where must you make a change to sqlnet.ora to allow the database link to use its stored credentials
Instead of trying to use Kerberos?
- A. on client side of server B
- B. on client side of server A
- C. on server side of server B
- D. on server side of server A
Answer:
B
Discussions
0
/ 1000
Question 3
A DBA user created and configured this secure application role:
Why does the error occur?
- A. User psmith Is connecting outside of the SYSDATE specified.
- B. The set hole hr_admin stuternent must be executed with the dbms. session. set_role procedure.
- C. user psmith is connecting remotely.
- D. The HR_ADMIN role must be granted to user PSMITH.
- E. The HR.ROLE_CHECK procedure must be created with the AUTHID CURRENT_USERR clause.
- F. The HR.ROLE_CHECK procedure must be created without the AUTHID clause.
Answer:
D
Discussions
0
/ 1000
12 months ago
11 months, 3 weeks ago
se corrige la respuesta es e The HR.ROLE_CHECK procedure must be created with the AUTHID CURRENT_USERR clausere
Question 4
You must mask data consistently In three database copies such that data relations across the
databases remain In place.
Which Data Masking Format allows this?
- A. Shuffle
- B. Auto Mask
- C. Array List
- D. Substitute
- E. Random Strings
Answer:
A
Discussions
0
/ 1000
12 months ago
Respuesta D. Deterministic masking provides a solution for this problem. You can use the Substitute format to mask employee ID column(s) in all three databases. The Substitute format uses a table of values from which to substitute the original value with a mask value. As long as this table of values does not change, the mask is deterministic or consistent across the three databases
Question 5
Examine this list:
1. You must monitor access to email column or salary column In the employees table.
2. If any activity is detected, the action must be audited and a notification sent out by email.
3. The database has Unified Auditing enabled.
4.
You have created and successfully tested the email sending procedure,
sysadmin_fga.emaii._ai.ert.
You create the audit policy:
A user with select privilege on hr.employees executes this :
SELECT email FROM HR.EMPLOYEES;
What will be the result?
- A. The query will be executed, an entry will be created in the unified audit trail, and the mail will be sent.
- B. The query will be executed, an entry will be created In FGA_LOG$ table, and the mall will be sent.
- C. The query will be executed, but no audit entry will be created nor any mail sent.
- D. The query will be executed, no audit entry will be created but the mall will be sent.
Answer:
C
Discussions
0
/ 1000
Question 6
Database Vault Is configured and enabled In the Oracle database.
Three users are granted the dba, dv_omneb, and dv_acctmgb roles.
There is a requirement to create a user who can:
1. Connect to the database Instance
2. Select from dictionary views
Which users can complete the operation to meet the requirement?
- A. users granted DV_ACCTMGR and DV_OWNER roles
- B. users granted DV_OWNER role
- C. users granted DBA and DV_OWNER roles
- D. users granted DV_ACCTMGR and DBA roles
Answer:
D
Discussions
0
/ 1000
Question 7
Examine this command:
Which two statements are true?
- A. Opening the software keystore from remote computers is possible.
- B. Opening the software keystore from the local computer Is possible.
- C. Opening the software keystore from remote computers is not possible.
- D. Opening the software keystore must always be done manually on the local computer.
- E. Opening the software keystore from the local computer is not possible.
Answer:
AD
Discussions
0
/ 1000
1 year ago
By default, Oracle creates an auto-login keystore, which can be opened from computers other than the computer on which the keystore resides. If you specify the LOCAL keyword, then Oracle Database creates a local auto-login keystore, which can be opened only from the computer on which the keystore resides.
Question 8
Which two configurations can be used to protect sensitive data In a database?
- A. setting the SQL92_SECURITy initialization parameter to false
- B. enabling salt tor an encrypted column
- C. creating a procedure that defines the VPD restrictions in a VPD policy
- D. collecting sensitive data Information with Database Security Assessment Tool (DBSAT)
- E. enforcing row-level security at the table level
- F. enforcing row-level security at the database level
Answer:
CF
Discussions
0
/ 1000
Question 9
The sqinet.oia file on the client contains this parameter setting:
SQLNET.ENCRYPTION_CLIEKT = REQUESTED
What value for the parameter sQLNET.ENCRYPTION _server In the sqlnet.ora file on the server will
disable Encryption and Data Negotiation?
- A. REQUESTED
- B. ACCEPTED
- C. REQUIRED
- D. REJECTED
Answer:
D
Discussions
0
/ 1000
Question 10
You are Implementing a security policy that makes use of the USERENV namespace.
Which USERRENV value does not change for the duration of a session?
- A. SESSION_CSER
- B. CURRENT_OSER
- C. CURRENT SCHEMA
- D. CLIENT_INFO
Answer:
A
Discussions
0
/ 1000
Question 11
Examine the statement:
CREATE BOLE hr_admin IDENTIFIED USING pac_mgr.hr_admin_rola_ch9ck;
Which three are true about the sec_mgr. hr_admin_role_check procedure?
- A. It must use only one security check to validate the user.
- B. It must use the invokcr's rights to enable the role,
- C. It must use the deflner's rights to enable the role.
- D. It can Include one or more security checks to validate the user.
- E. It must contain a SET ROLE statement or a DBMS_SESSION.SET_ROLE call.
- F. It can use only the DBMS_SESSION. SET_ROLE procedure.
- G. Its owner SEC_MGR must be granted the execute any procedure role.
Answer:
CFG
Discussions
0
/ 1000
1 year ago
not a. not d. It must include one or more security checks to validate the user.
b correct not c.. It must use invoker's rights to enable the role.
e correct. It must issue a SET ROLE SQL statement or DBMS_SESSION.SET_ROLE procedure when the user passes the security checks.
Question 12
Which two are true about Database Privilege Analysis?
- A. It can be used after you install the Oracle Database without any additional database configuration steps.
- B. It must have the Database Vault option enabled.
- C. Privilege analysis data for dropped objects are kept.
- D. If a privilege is captured during run time, it is saved under the run-time capture name.
- E. It shows the grant paths to the privileges and suggests which grant path to keep.
- F. It cannot be used to capture the privileges that have been exercised on precompiled database objects.
Answer:
AE
Discussions
0
/ 1000
1 year ago
not c. If the role, user, or object has been dropped, then the values that reflect the privilege captures for these in the privilege analysis data dictionary views are dropped as well.
not e. Privilege analysis shows the grant paths to the privilege but it does not suggest which grant path to keep.
d correct If a privilege is captured during run time, then it is saved under the run-time capture name
Question 13
When querying the database view, VSECRYPTION_WALLET, the status Is OPEN_NO_MASTER _KEY.
What does this mean?
- A. You do not have select privileges on this database view.
- B. The master key has been corrupted.
- C. The key store is not open.
- D. The master key has not been created.
- E. This is expected behavior for this view.
Answer:
C
Discussions
0
/ 1000
1 year ago
If the keystore is open but you have not created a TDE master encryption key yet , the STATUS column of the V$ENCRYPTION_WALLET view reminds you with an OPEN_NO_MASTER_KEY status.
OR
If WALLET_LOCATION is set for SSL wallet in sqlnet.ora and you have created the SSL wallet using orapki then also V$ENCRYPTION_WALLET is shows OPEN_NO_MASTER_KEY even when TDE is NOT configured .
Question 14
Users and applications must be able to access a web server of type https using database package
UTL_HTTP.
Which three are part of the configuration to make this possible?
- A. Configure liscener.oia with an endpolnt for tcps
- B. Configure sqinet.ora with parameter sq.lnet.encrypt70N_server
- C. Download the root certificate from the Certificate Authority In Base64 format
- D. Configure sqlnet. ora with parameter tcp . invited_nodes
- E. Download the trusted certificate of the web server in Base64 format a
- F. Configure an Oracle wallet using mkstore or Wallet Manager
- G. Configure access control lists using DBMS_NETWORK_ACL._ADMIN
Answer:
BDF
Discussions
0
/ 1000
Question 15
Examine these statements which execute successfully:
Which are the two reasons that no rows Are returned from the query?
- A. Only DBA users can query SESSION_CONTEXT view contents.
- B. An administrator issues the ALTER SYSTEM FLUSH global context statement.
- C. The set_empno_crx_proc procedure must be in a package.
- D. The application context is global.
- E. Enterprise User Security is not configured and used for the user.
Answer:
DE
Discussions
0
/ 1000
D, F Oracle Database Vault queries all the command rules that need to be applied.
For SELECT, DDL, and DML statements, multiple command rules may apply because the object owner and object name support wildcard notation.
B. If the associated rule set of any of the applicable command rules returns false or errors, Oracle Database Vault prevents the command from executing
E. If you disable a rule set, then the rule set always evaluates to TRUE.
C. FALSE . To customize and enforce the command rule, you associate it with a rule set, which is a collection of one or more rules.
G. False Command rules override object privileges.
E False , say if a command rule associated set is disabled no disable rule set THen the correct is B D y F