Oracle Database 11g Security Essentials
You have a system installed with Oracle 11g. You are concerned about the security of the database
instances in your system. You plan to use Oracle Database Vault to create several components to
manage the security of the database instances. Which of the following components can be created
using Oracle Database Vault?
Each correct answer represents a complete solution. Choose all that apply.
C. Command rules
Answer: A, C, and D
The components of Oracle Database Vault Access Control are as follows:
Realm: It is the efficient collection of database schemas, objects, and roles that have to be secured.
Secure application role: It is a unique Oracle Database role that is permitted on the basis of
assessment of an Oracle Database Vault rule set.
Command Rule: It is a unique rule that can be created to control the way users execute SQL
statements, including SELECT, ALTER SYSTEM, database definition language (DDL), and data
manipulation language (DML) statement.
Factor: It is an attribute or a named variable. It can be a user location, database IP address, or
session user, which can be secured and acknowledged by Oracle Database Vault.
Rule Set: It is a set of one or more rules that can be related with realm approval, command rule,
factors, or a secure application role. Answer: B is incorrect. Recovery Manager (RMAN) is an Oracle
utility that is used to manage backup and recovery operations. Recovery Manager can back up
database files (data files, control files, and archived redo log files) and restore or recover a database
by using a backup. Recovery Manager uses a central information repository called recovery catalog
in order to store metadata about backup and recovery operations. However, if a recovery catalog is
not created, Recovery Manager uses the target database's (the database that RMAN is backing up or
restoring) control file as a repository for storing the information necessary for backup and recovery
operations.Recovery Manager can be invoked as a command line utility from the operating system
command prompt. However, its few features can also be used through Oracle Enterprise Manager
Which of the following is NOT a feature of the Data Masking Pack?
A. Sophisticated Masking Techniques
B. Secure High Performance Mask Execution
C. Comprehensive and Extensible Mask Library
D. Automated patching for Oracle products and the operating system
Automated patching for Oracle products and the operating system is NOT a feature of the Data
Masking Pack. It is a feature of the Provisioning Pack.
Answer: C, A, and B are incorrect. The features of Oracle Data Masking Pack are as follows:
Comprehensive and Extensible Mask Library: Oracle Data Masking Pack provides the whole library,
which can be extended so as to meet data privacy and application requirements.
Sensitive Data Discovery and Referential Integrity: An information security administrator uses the
Oracle Data Masking Pack so as to quickly search the database to identify sensitive data. Oracle Data
Masking Pack discovers and preserves the referential relationship established between multiple
tables that share the same sensitive data.
Sophisticated Masking Techniques: Oracle Data Masking Pack provides several masking techniques,
such as condition-based masking, compound masking, and deterministic masking, so that after the
process of masking, the application works without any error.
Secure High Performance Mask Execution: Before mask execution, Oracle Data Masking Pack does
some validation checks so that the mask formats are the same as the data types of the table and
there are no errors in the masking process.
Rick works as a Database Administrator in Dolliver Inc. The company uses Oracle 11g on its database
server. There is a "customer_detail" table in the database. Rick wants to mask the customer number
in the table in such a way that it gets masked to the same value across the entire database. Which
masking technique of Data Masking Pack should he apply to accomplish the task?
A. Compound masking
B. Condition-based masking
D. Deterministic masking
Following are the sophisticated masking techniques of Oracle Data Masking Pack:
Condition-based masking: In this masking technique, various kinds of masks are applied to a similar
data set. The data set are selected based on the conditions applied to rows.
Compound masking: In this masking technique, those columns that have a certain relationship
between them are masked as a group, so that the data that is masked in the related column pertains
to the same relationship.
Deterministic masking: In this masking technique, consistent masking is done within and across all
Answer: C is incorrect. It is the data masking technique in networks.
Which of the following options employs labeling concepts used by government and defense
organizations to protect sensitive information and to provide data separation?
A. Oracle Label Security
B. Oracle Database Vault Security
C. Oracle Audit Vault Security
D. Oracle Advanced Security
Oracle Label Security makes use of the label theory, which is used by government and defense
organizations to preserve sensitive information and to provide data separation.
Answer: C is incorrect. Oracle Audit Vault Security is a secure tamper proof Oracle database feature
that mitigates many security risks and helps to protect an organization from insiders.
Answer: B is incorrect. Oracle Database Vault Security is used for high granular access restriction and
separation of duties.
Answer: D is incorrect. Oracle Advanced Security is used for the transparent encryption of data and
management of keys.
You are a Database Administrator in Dolliver Inc. Oracle 11g is installed as the database server in the
company. You want to protect data from privileged users through some preventive controls and also
secure the database transparently. Which of the following security options will you adopt to
accomplish the task?
A. Enterprise Manager Data Masking Pack
B. Database Vault
C. Audit Vault
D. Advanced Security
Oracle Database Vault is a security option in Oracle 11g that protects applications and sensitive data
from privileged users by preventive controls, thus reducing the risk of unauthorized access. It also
secures databases transparently, removing costly and time-consuming application changes. A
number of access controls are set up so as to implement dynamic and flexible security requirements.
Answer: C, A, and D are incorrect. Following are the four main security options available in Oracle
1.Advanced Security Option: It is used for the transparent encryption of data and the management
2.Audit Vault: It is used for monitoring both non-Oracle and Oracle data sources.
3.Enterprise Manager Data Masking Pack: It is used for tuning control over sensitive data.
4.Database Vault: It is used for high granular access restriction and separation of duties.
Sam works as a Database Administrator for uCertify Inc. The company is using Oracle 11g as the
database server. Sam wants to adopt a security feature on the database that enforces the security
rules, regardless of the way the data is accessed. Which of the following security features should he
adopt to accomplish the task?
A. Real Application Cluster (RAC)
B. Virtual Private Database (VPD)
C. Enhanced security features with execution context
D. Label Security
Virtual Private Database (VPD) is one of the security features of Oracle 11g that couples fine-grained
access control with a secure application context. In this feature, the security rules are attached to
the data instead of the application which ensures that security rules are enforced regardless of how
the data is accessed. It is useful in situations where associated database roles and standard object
privileges are not able to meet the application security requirements.
Answer: D is incorrect. Label Security is not used for this purpose, as it restricts access to rows in any
table that is based on the label of the user requesting the access and the label on the row of the
Answer: A is incorrect. RAC is not used, as it allows a number of instances at different servers to
access the same database files.
Answer: C is incorrect. It is the security feature of SQL Server.
David works as a Database Administrator for Gentech Inc. The company is using Oracle 11g as the
database server. David wants to adapt such a security option that will provide no application
changes to the database, built-in key management, and high performance to the database. Which
security option should he adopt to accomplish the task?
A. Database Vault
B. Label Security
C. Audit Vault
D. Advanced Security Option
The Oracle Advanced Security Option protects sensitive data on the network or on the backup media
from unauthorized users by transparently encrypting the data with no application changes. This
option provides high performance to the database and has a built-in key management facility that
removes the complexity associated with the key management solution.
Answer: A is incorrect. Database Vault protects application data from access by database
administrators and any other privileged user.
Answer: C is incorrect. Audit Vault detects insider threats and also alerts you about suspicious
Answer: B is incorrect. Label Security provides Oracle database sensitivity of consolidated data
through multiple databases.
You work as a Database Administrator for uCertify Inc. The company uses Oracle 11g on its database
server. The server contains a database named "Company_Project_Details". The database is shared
among multiple departments of the company for regular updation. Looking at the security issues of
the database, you have been assigned the task to apply some security solution to the database.
To accomplish the task, you plan to apply Database Label Security on this database. Which of the
following components of the Database Label Security should you apply in order to secure this
Each correct answer represents a complete solution. Choose all that apply.
B. Source database
Answer: C, A, and D
The components of Oracle Database Label Security are as follows:
Levels: It is a hierarchical component that denotes data sensitivity. Every individual data label should
have a level. The levels can be confidential, sensitive, and highly sensitive.
Compartments: It is a non-hierarchical component, which is sometimes referred to as category. It is
an optional component. To compartmentalize data, one or more compartments are defined for a
specific type of data, knowledge area, or project that requires special approval.
Groups: It is very similar to compartment with a few exceptions and is also an optional component.
It is used to segregate data by organization.
Answer: B is incorrect. It is a component of Audit Vault from which data is collected.
Which of the following components of Oracle Database Vault is a Java application that is built on top
of the Oracle Database Vault PL/SQL application programming interfaces (API)?
A. Oracle Database Vault Administrator (DVA)
B. Oracle Database Vault Access Control Components
C. Oracle Database Vault DVSYS and DVF Schemas
D. Oracle Database Vault Reporting and Monitoring Tools
The components of Oracle Database Vault (ODV) are as follows:
Oracle Database Vault Access Control Components: These enable a user to create a number of
components for the database instance security management.
Oracle Database Vault Administrator (DVA): It is a Java application built on top of the Oracle
Database Vault PL/SQL application programming interfaces (API).
Oracle Database Vault Configuration Assistant (DVCA): It is used to perform maintenance tasks on
the Oracle Database Vault installation for which it uses the command-line utility.
Oracle Database Vault DVSYS and DVF Schemas: DVSYS and DVF are schemas provided by ODV.
Oracle Database Vault PL/SQL Interfaces and Packages: PL/SQL interfaces and packages are provided
by ODV. These allow security managers or application developers to configure the required access
Oracle Database Vault and Oracle Label Security PL/SQL APIs: The access control capabilities
provided by ODV is integrated with Oracle Label Security which in turn provides a collection of
Oracle Database Vault Reporting and Monitoring Tools: These tools are used to generate reports on
the number of activities monitored by ODV.
Sam works as a Database Administrator for Gentech Inc. The company is using Oracle 11g as the
database server. Sam wants to protect the company's data by encrypting the physical data files
created on the operating system. Which of the following types of encryption should he use to
accomplish the task?
A. Network encryption
B. Transparent Data Encryption (TDE) for tablespace
C. Transparent Data Encryption (TDE) for securefiles
D. Transparent Data Encryption (TDE) for column
Transparent tablespace encryption is used to encrypt not only the columns or rows but the whole
tablespace. So all the data that is put into the tablespace (including transportable tablespaces,
backups, and so on) gets automatically encrypted, making it easier to see that all relevant data is
encrypted. It is also used to encrypt the physical data files created on the operating system.
Answer: D is incorrect. It is used to encrypt important data that is written in the application table
Answer: C is incorrect. It is used to perform block-level encryption of LOB contents.
Answer: A is incorrect. It is used to encrypt data that is traveling across the network between the
database and client or mid-tier applications.
You will not find better practice material than testsexpert PDf questions with
answers on the web because it provides real exams preparation environment.
Our practice tests and PDF question, answers are developed by industry
leading experts according to the real exam scenario. At the moment we
provides only question with detailed answers at affordable cost. You will not
find comparative material elsewhere on the web at this price. We offer Cisco,
Microsoft, HP, IBM, Adobe, Comptia, Oracle exams training material and many
We also provide PDF Training Material for:
Cisco Microsoft HP IBM Adobe Comptia Oracle
CCNA MCTS AIS Lotus CS4 A+ 11g DBA
CCNP MCSE APC WebSphere CS3 Security+ 10g DBA
CCIP MCITP APS Mastery ACE Server+ OSA 10g
CCIE MBS ASE SOA CS5 Network+ OCA 9i
CCVP MCPD CSA Storage CS2 Linux+ 11i
CCSP MCAD MASE Rational Captivate iNet+ 9i Forms
CXFF MCAS APP Tivoli Flex Project+ Weblogic
CCENT MCSA CSD IBM DB2 CSM RFID+ Oracle 8i
CCDE MCDBA CSE IBM XML MX7 HTI+ PTADCE
We provide latest exams preparation material only.
Contact US at: email@example.com
Join Us at