oracle 1z0-116 practice test
Oracle Database Security Administration Exam
Last exam update: Nov 27 ,2023
Question 1
Which three are true concerning command rules?
- A. System privileges override command rules.
- B. If a command rule's associated rule set evaluation results In an error, the command is not allowed to execute.
- C. A command can have only one command rule that applies to it.
- D. For DML statement command rules, you can specify a wildcard for the object owner.
- E. If a command rule's associated rule set Is disabled, then the rule set evaluates to true.
- F. For DML statement command rules, you can specify a wildcard for the object name.
- G. Object privileges override command rules.
Answer:
ADF
Question 2
You configured Kerberos authentication for databases running on servers A and B.
However a database link connecting the database on server A to the database on server B fails with
ORA-12638 Credential retrieval failed.
Where must you make a change to sqlnet.ora to allow the database link to use its stored credentials
Instead of trying to use Kerberos?
- A. on client side of server B
- B. on client side of server A
- C. on server side of server B
- D. on server side of server A
Answer:
B
Question 3
A DBA user created and configured this secure application role:
Why does the error occur?
- A. User psmith Is connecting outside of the SYSDATE specified.
- B. The set hole hr_admin stuternent must be executed with the dbms. session. set_role procedure.
- C. user psmith is connecting remotely.
- D. The HR_ADMIN role must be granted to user PSMITH.
- E. The HR.ROLE_CHECK procedure must be created with the AUTHID CURRENT_USERR clause.
- F. The HR.ROLE_CHECK procedure must be created without the AUTHID clause.
Answer:
D
Question 4
You must mask data consistently In three database copies such that data relations across the
databases remain In place.
Which Data Masking Format allows this?
- A. Shuffle
- B. Auto Mask
- C. Array List
- D. Substitute
- E. Random Strings
Answer:
A
Question 5
Examine this list:
1. You must monitor access to email column or salary column In the employees table.
2. If any activity is detected, the action must be audited and a notification sent out by email.
3. The database has Unified Auditing enabled.
4.
You have created and successfully tested the email sending procedure,
sysadmin_fga.emaii._ai.ert.
You create the audit policy:
A user with select privilege on hr.employees executes this :
SELECT email FROM HR.EMPLOYEES;
What will be the result?
- A. The query will be executed, an entry will be created in the unified audit trail, and the mail will be sent.
- B. The query will be executed, an entry will be created In FGA_LOG$ table, and the mall will be sent.
- C. The query will be executed, but no audit entry will be created nor any mail sent.
- D. The query will be executed, no audit entry will be created but the mall will be sent.
Answer:
C
Question 6
Database Vault Is configured and enabled In the Oracle database.
Three users are granted the dba, dv_omneb, and dv_acctmgb roles.
There is a requirement to create a user who can:
1. Connect to the database Instance
2. Select from dictionary views
Which users can complete the operation to meet the requirement?
- A. users granted DV_ACCTMGR and DV_OWNER roles
- B. users granted DV_OWNER role
- C. users granted DBA and DV_OWNER roles
- D. users granted DV_ACCTMGR and DBA roles
Answer:
D
Question 7
Examine this command:
Which two statements are true?
- A. Opening the software keystore from remote computers is possible.
- B. Opening the software keystore from the local computer Is possible.
- C. Opening the software keystore from remote computers is not possible.
- D. Opening the software keystore must always be done manually on the local computer.
- E. Opening the software keystore from the local computer is not possible.
Answer:
AD
Question 8
Which two configurations can be used to protect sensitive data In a database?
- A. setting the SQL92_SECURITy initialization parameter to false
- B. enabling salt tor an encrypted column
- C. creating a procedure that defines the VPD restrictions in a VPD policy
- D. collecting sensitive data Information with Database Security Assessment Tool (DBSAT)
- E. enforcing row-level security at the table level
- F. enforcing row-level security at the database level
Answer:
CF
Question 9
The sqinet.oia file on the client contains this parameter setting:
SQLNET.ENCRYPTION_CLIEKT = REQUESTED
What value for the parameter sQLNET.ENCRYPTION _server In the sqlnet.ora file on the server will
disable Encryption and Data Negotiation?
- A. REQUESTED
- B. ACCEPTED
- C. REQUIRED
- D. REJECTED
Answer:
D
Question 10
You are Implementing a security policy that makes use of the USERENV namespace.
Which USERRENV value does not change for the duration of a session?
- A. SESSION_CSER
- B. CURRENT_OSER
- C. CURRENT SCHEMA
- D. CLIENT_INFO
Answer:
A
Question 11
Examine the statement:
CREATE BOLE hr_admin IDENTIFIED USING pac_mgr.hr_admin_rola_ch9ck;
Which three are true about the sec_mgr. hr_admin_role_check procedure?
- A. It must use only one security check to validate the user.
- B. It must use the invokcr's rights to enable the role,
- C. It must use the deflner's rights to enable the role.
- D. It can Include one or more security checks to validate the user.
- E. It must contain a SET ROLE statement or a DBMS_SESSION.SET_ROLE call.
- F. It can use only the DBMS_SESSION. SET_ROLE procedure.
- G. Its owner SEC_MGR must be granted the execute any procedure role.
Answer:
CFG
Question 12
Which two are true about Database Privilege Analysis?
- A. It can be used after you install the Oracle Database without any additional database configuration steps.
- B. It must have the Database Vault option enabled.
- C. Privilege analysis data for dropped objects are kept.
- D. If a privilege is captured during run time, it is saved under the run-time capture name.
- E. It shows the grant paths to the privileges and suggests which grant path to keep.
- F. It cannot be used to capture the privileges that have been exercised on precompiled database objects.
Answer:
AE
Question 13
When querying the database view, VSECRYPTION_WALLET, the status Is OPEN_NO_MASTER _KEY.
What does this mean?
- A. You do not have select privileges on this database view.
- B. The master key has been corrupted.
- C. The key store is not open.
- D. The master key has not been created.
- E. This is expected behavior for this view.
Answer:
C
Question 14
Users and applications must be able to access a web server of type https using database package
UTL_HTTP.
Which three are part of the configuration to make this possible?
- A. Configure liscener.oia with an endpolnt for tcps
- B. Configure sqinet.ora with parameter sq.lnet.encrypt70N_server
- C. Download the root certificate from the Certificate Authority In Base64 format
- D. Configure sqlnet. ora with parameter tcp . invited_nodes
- E. Download the trusted certificate of the web server in Base64 format a
- F. Configure an Oracle wallet using mkstore or Wallet Manager
- G. Configure access control lists using DBMS_NETWORK_ACL._ADMIN
Answer:
BDF
Question 15
Examine these statements which execute successfully:
Which are the two reasons that no rows Are returned from the query?
- A. Only DBA users can query SESSION_CONTEXT view contents.
- B. An administrator issues the ALTER SYSTEM FLUSH global context statement.
- C. The set_empno_crx_proc procedure must be in a package.
- D. The application context is global.
- E. Enterprise User Security is not configured and used for the user.
Answer:
DE