Docstoc

Oracle Database 11g Security Essentials

Document Sample
Oracle Database 11g Security Essentials Powered By Docstoc
					 Oracle •1Z0-528
Oracle Database 11g Security Essentials




                   Click the link below to buy full version as Low as $39

                   http://www.examcertify.com/1Z0-528.html




              Questions & Answers: 10
                                         Question: 1
You have a system installed with Oracle 11g. You are concerned about the security of the database
instances in your system. You plan to use Oracle Database Vault to create several components to
manage the security of the database instances. Which of the following components can be created using
Oracle Database Vault?
Each correct answer; represents a complete solution. Choose all that apply.

A. Realms
B. RMAN
C. Command rules
D. Factors


                                    Answer: A, C, and D
Explanation:
The components of Oracle Database Vault Access Control are as follows:
Realm: It is the efficient collection of database schemas, objects, and roles that have to be secured.
Secure application role: It is a unique Oracle Database role that is permitted on the basis of assessment
of an Oracle Database Vault rule set.
Command Rule: It is a unique rule that can be created to control the way users execute SQL statements,
including SELECT, ALTER SYSTEM, database definition language (DDL), and data manipulation language
(DML) statement.
Factor: It is an attribute or a named variable. It can be a user location, database IP address, or session
user, which can be secured and acknowledged by Oracle Database Vault.
Rule Set: It is a set of one or more rules that can be related with realm approval, command rule, factors,
or a secure application role. Answer; B is incorrect. Recovery Manager (RMAN) is an Oracle utility that is
used to manage backup and recovery operations. Recovery Manager can back up database files (data
files, control files, and archived redo log files) and restore or recover a database by using a backup.
Recovery Manager uses a central information repository called recovery catalog in order to store
metadata about backup and recovery operations. However, if a recovery catalog is not created,
Recovery Manager uses the target database's (the database that RMAN is backing up or restoring)
control file as a repository for storing the information necessary for backup and recovery
operations.Recovery Manager can be invoked as a command line utility from the operating system
command prompt. However, its few features can also be used through Oracle Enterprise Manager GUI.




http://www.examcertify.com/1Z0-528.html                                                            Page 2
                                        Question: 2
Which of the following is NOT a feature of the Data Masking Pack?

A. Sophisticated Masking Techniques
B. Secure High Performance Mask Execution
C. Comprehensive and Extensible Mask Library
D. Automated patching for Oracle products and the operating system


                                            Answer: D
Explanation:
Automated patching for Oracle products and the operating system is NOT a feature of the Data Masking
Pack. It is a feature of the Provisioning Pack.
Answer; C, A, and B are incorrect. The features of Oracle Data Masking Pack are as follows:
Comprehensive and Extensible Mask Library: Oracle Data Masking Pack provides the whole library,
which can be extended so as to meet data privacy and application requirements.
Sensitive Data Discovery and Referential Integrity: An information security administrator uses the Oracle
Data Masking Pack so as to quickly search the database to identify sensitive data. Oracle Data Masking
Pack discovers and preserves the referential relationship established between multiple tables that share
the same sensitive data.
Sophisticated Masking Techniques: Oracle Data Masking Pack provides several masking techniques, such
as condition-based masking, compound masking, and deterministic masking, so that after the process of
masking, the application works without any error.
Secure High Performance Mask Execution: Before mask execution, Oracle Data Masking Pack does some
validation checks so that the mask formats are the same as the data types of the table and there are no
errors in the masking process.




http://www.examcertify.com/1Z0-528.html                                                           Page 3
                                        Question: 3
Rick works as a Database Administrator in Dolliver Inc. The company uses Oracle 11g on its database
server. There is a "customer_detail" table in the database. Rick wants to mask the customer number in
the table in such a way that it gets masked to the same value across the entire database. Which masking
technique of Data Masking Pack should he apply to accomplish the task?

A. Compound masking
B. Condition-based masking
C. Shuffling
D. Deterministic masking


                                           Answer: D
Explanation:
Following are the sophisticated masking techniques of Oracle Data Masking Pack:
Condition-based masking: In this masking technique, various kinds of masks are applied to a similar data
set. The data set are selected based on the conditions applied to rows.
Compound masking: In this masking technique, those columns that have a certain relationship between
them are masked as a group, so that the data that is masked in the related column pertains to the same
relationship.
Deterministic masking: In this masking technique, consistent masking is done within and across all
databases.
Answer; C is incorrect. It is the data masking technique in networks.



                                        Question: 4
Which of the following options employs labeling concepts used by government and defense
organizations to protect sensitive information and to provide data separation?

A. Oracle Label Security
B. Oracle Database Vault Security
C. Oracle Audit Vault Security
D. Oracle Advanced Security


                                           Answer: A
Explanation:




http://www.examcertify.com/1Z0-528.html                                                          Page 4
Oracle Label Security makes use of the label theory, which is used by government and defense
organizations to preserve sensitive information and to provide data separation.
Answer; C is incorrect. Oracle Audit Vault Security is a secure tamper proof Oracle database feature that
mitigates many security risks and helps to protect an organization from insiders.
Answer; B is incorrect. Oracle Database Vault Security is used for high granular access restriction and
separation of duties.
Answer; D is incorrect. Oracle Advanced Security is used for the transparent encryption of data and
management of keys.



                                        Question: 5
You are a Database Administrator in Dolliver Inc. Oracle 11g is installed as the database server in the
company. You want to protect data from privileged users through some preventive controls and also
secure the database transparently. Which of the following security options will you adopt to accomplish
the task?

A. Enterprise Manager Data Masking Pack
B. Database Vault
C. Audit Vault
D. Advanced Security



                                            Answer: B
Explanation:
Oracle Database Vault is a security option in Oracle 11g that protects applications and sensitive data
from privileged users by preventive controls, thus reducing the risk of unauthorized access. It also
secures databases transparently, removing costly and time-consuming application changes. A number of
access controls are set up so as to implement dynamic and flexible security requirements.
Answer; C, A, and D are incorrect. Following are the four main security options available in Oracle 11g:
1.Advanced Security Option: It is used for the transparent encryption of data and the management of
keys.
2.Audit Vault: It is used for monitoring both non-Oracle and Oracle data sources.
3.Enterprise Manager Data Masking Pack: It is used for tuning control over sensitive data.
4.Database Vault: It is used for high granular access restriction and separation of duties.




http://www.examcertify.com/1Z0-528.html                                                           Page 5
                                        Question: 6
Sam works as a Database Administrator for uCertify Inc. The company is using Oracle 11g as the
database server. Sam wants to adopt a security feature on the database that enforces the security rules,
regardless of the way the data is accessed. Which of the following security features should he adopt to
accomplish the task?

A. Real Application Cluster (RAC)
B. Virtual Private Database (VPD)
C. Enhanced security features with execution context
D. Label Security


                                            Answer: B
Explanation:
Virtual Private Database (VPD) is one of the security features of Oracle 11g that couples fine-grained
access control with a secure application context. In this feature, the security rules are attached to the
data instead of the application which ensures that security rules are enforced regardless of how the data
is accessed. It is useful in situations where associated database roles and standard object privileges are
not able to meet the application security requirements.
Answer; D is incorrect. Label Security is not used for this purpose, as it restricts access to rows in any
table that is based on the label of the user requesting the access and the label on the row of the table
itself.
Answer; A is incorrect. RAC is not used, as it allows a number of instances at different servers to access
the same database files.
Answer; C is incorrect. It is the security feature of SQL Server.




http://www.examcertify.com/1Z0-528.html                                                            Page 6
                                         Question: 7
David works as a Database Administrator for Gentech Inc. The company is using Oracle 11g as the
database server. David wants to adapt such a security option that will provide no application changes to
the database, built-in key management, and high performance to the database. Which security option
should he adopt to accomplish the task?

A. Database Vault
B. Label Security
C. Audit Vault
D. Advanced Security Option


                                            Answer: D
Explanation:
The Oracle Advanced Security Option protects sensitive data on the network or on the backup media
from unauthorized users by transparently encrypting the data with no application changes. This option
provides high performance to the database and has a built-in key management facility that removes the
complexity associated with the key management solution.
Answer; A is incorrect. Database Vault protects application data from access by database administrators
and any other privileged user.
Answer; C is incorrect. Audit Vault detects insider threats and also alerts you about suspicious activity.
Answer; B is incorrect. Label Security provides Oracle database sensitivity of consolidated data through
multiple databases.



                                        Question: 8
You work as a Database Administrator for uCertify Inc. The company uses Oracle 11g on its database
server. The server contains a database named "Company_Project_Details". The database is shared
among multiple departments of the company for regular updation. Looking at the security issues of the
database, you have been assigned the task to apply some security solution to the database.
To accomplish the task, you plan to apply Database Label Security on this database. Which of the
following components of the Database Label Security should you apply in order to secure this database?
Each correct answer; represents a complete solution. Choose all that apply.

A. Compartments
B. Source database
C. Levels
D. Groups




http://www.examcertify.com/1Z0-528.html                                                            Page 7
                                    Answer: C, A, and D
Explanation:

The components of Oracle Database Label Security are as follows:
Levels: It is a hierarchical component that denotes data sensitivity. Every individual data label should
have a level. The levels can be confidential, sensitive, and highly sensitive.
Compartments: It is a non-hierarchical component, which is sometimes referred to as category. It is an
optional component. To compartmentalize data, one or more compartments are defined for a specific
type of data, knowledge area, or project that requires special approval.
Groups: It is very similar to compartment with a few exceptions and is also an optional component. It is
used to segregate data by organization.
Answer; B is incorrect. It is a component of Audit Vault from which data is collected.



                                        Question: 9
Which of the following components of Oracle Database Vault is a Java application that is built on top of
the Oracle Database Vault PL/SQL application programming interfaces (API)?

A. Oracle Database Vault Administrator (DVA)
B. Oracle Database Vault Access Control Components
C. Oracle Database Vault DVSYS and DVF Schemas
D. Oracle Database Vault Reporting and Monitoring Tools


                                            Answer: A
Explanation:

The components of Oracle Database Vault (ODV) are as follows:
Oracle Database Vault Access Control Components: These enable a user to create a number of
components for the database instance security management.
Oracle Database Vault Administrator (DVA): It is a Java application built on top of the Oracle Database
Vault PL/SQL application programming interfaces (API).
Oracle Database Vault Configuration Assistant (DVCA): It is used to perform maintenance tasks on the
Oracle Database Vault installation for which it uses the command-line utility.
Oracle Database Vault DVSYS and DVF Schemas: DVSYS and DVF are schemas provided by ODV.
Oracle Database Vault PL/SQL Interfaces and Packages: PL/SQL interfaces and packages are provided by
ODV. These allow security managers or application developers to configure the required access control
policy.
Oracle Database Vault and Oracle Label Security PL/SQL APIs: The access control capabilities provided by
ODV is integrated with Oracle Label Security which in turn provides a collection of PL/SQL APIs.




http://www.examcertify.com/1Z0-528.html                                                           Page 8
Oracle Database Vault Reporting and Monitoring Tools: These tools are used to generate reports on the
number of activities monitored by ODV.



                                        Question: 10
Sam works as a Database Administrator for Gentech Inc. The company is using Oracle 11g as the
database server. Sam wants to protect the company's data by encrypting the physical data files created
on the operating system. Which of the following types of encryption should he use to accomplish the
task?

A. Network encryption
B. Transparent Data Encryption (TDE) for tablespace
C. Transparent Data Encryption (TDE) for securefiles
D. Transparent Data Encryption (TDE) for column


                                             Answer: B

Explanation:
Transparent tablespace encryption is used to encrypt not only the columns or rows but the whole
tablespace. So all the data that is put into the tablespace (including transportable tablespaces, backups,
and so on) gets automatically encrypted, making it easier to see that all relevant data is encrypted. It is
also used to encrypt the physical data files created on the operating system.
Answer; D is incorrect. It is used to encrypt important data that is written in the application table
columns.
Answer; C is incorrect. It is used to perform block-level encryption of LOB contents.
Answer; A is incorrect. It is used to encrypt data that is traveling across the network between the
database and client or mid-tier applications.




http://www.examcertify.com/1Z0-528.html                                                              Page 9
 Oracle •1Z0-528
Oracle Database 11g Security Essentials




             Click the link below to buy full version as Low as $39

             http://www.examcertify.com/1Z0-528.html


   Oracle latest tests
   1Z0-899            1Z0-219
   1Z0-875            1Z0-562
   1Z0-557            1Z0-561
   1Z0-852            1Z0-543
   1Z0-058            1Z0-532
   1Z0-897            1Z0-895
   1Z0-889            1Z0-884
   1Z0-880            1Z0-879
   1Z0-877            1Z0-876
   1Z0-873            1Z0-872




http://www.examcertify.com/1Z0-528.html                               Page 10

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:22
posted:5/2/2012
language:English
pages:10