By Format: Multiple Choice
Duration: 120 Minutes
Number of Questions: 72
Passing Score: 59%
Validation: Exam has been validated for product version Oracle Database 12c and 19c
Earn associated certifications
Passing this exam is required to earn these certifications. Select each certification title below to view full requirements.
Oracle Certified Professional Oracle Database Security Expert
Prepare to pass exam: 1Z0-116
Preparing for the Oracle Certified Professional Oracle Database Security Expert credential helps candidates gain knowledge related to assessing Oracle Database security needs along with gaining skills on how to manage Database users, manage and secure passwords, configure and use contexts, manage authorization, and configure fire grained access control. The candidate also gains skills in configuring and managing Database vault, auditing, network security, and encryption. In addition, you also demonstrate the mastery of the candidate on how to implement data masking and data redaction, invoking Database Security Assessment Tool, patching Databases, and managing Database security in the Cloud.
Take recommended training
Complete one of the courses below to prepare for your exam (optional):
Earn the Oracle Database Security Expert Credential
Additional Preparation and Information
A combination of Oracle training and hands-on experience (attained via labs and/or field experience), in the learning subscription, provides the best preparation for passing the exam.
Review exam topics
Overview
Assess security needs (risk reduction, regulatory compliance)
Assess the typical attack points for a database
Deploy the Maximum Security Architecture
Manage Database Users
Administer OS Authentication
Administer Kerberos Authentication
Administer PKI Certificate Authentication
Administer Enterprise User Security
Administer Centrally Managed Users
Identify Inactive accounts
Manage and Secure passwords
Secure Passwords in scripts and applications
Change a user’s password securely
Administer a secure external password store to secure passwords
Administer the Database Password File
Control the use of a password file
Configure and Use Contexts
Understand and use USERENV variables
Understand and Use Client Identifiers
Extend Unified Auditing with Context information
Use context information with Secure Application Roles
Manage Authorization
Administer System and Object Privileges
Assign Administrative Privileges
Configure Secure Application Roles
Configure Global Roles (EUS/CMU)
Perform Privilege Analysis
Configure Fine Grained Access Control
Configure Fine Grained Access Control (FGAC)
Configure FGAC with Real Application Security
Configure FGAC withVirtual Private Database
Configure FGAC with Oracle Label Security
Configure and Manage Database Vault
Describe the Default Separation of Duties with Database Vault
Configure Database Vault Factors, Rules, and Rule Sets
Configure Database Vault Mandatory and non-Mandatory Realms
Configure Database Vault Command Rules
Configure Realms, Command Rules, and Application Context to enforce trusted path access
Perform Database Vault Operations Control
Configure and Use Auditing
Perform Privileged User Audit
Configure Standard Audit
Configure Fine Grained Auditing
Configure and use Unified Audit
Cofigure Network Security
Assess the need for Network access control (ACL)
Manage Network ACLs in relation to microservice deployments
Configure ACLs to access passwords in a wallet
Configure Network Service Profiles
Configure and use Listener Valid-Node Checking
Enhance Database Communication Security with SEC_ parameters
Configure and Implement Encryption
Encrypt data in motion
Configure Native Network Encryption
Configure TLS Encryption
Encrypt data at rest with Transparent Database Encryption
Configure Column level and Tablespace level Encryption
Encrypt the Data Dictionary
Migrate unencrypted to encrypted data
Manage Encryption Keys
Administer and use the SYSKM Administrative Privilege
Administer Encryption Wallets
Implement Data Masking and Data Redaction
Implement Data Redaction
Implement Enterprise Manager Data Masking Pack
Configure and use the Application Data Model
Perform Sensitive Data Discovery
Deploy Data Masking Formats
Compare In-Database -vs- At-Source execution
Automate Masking operations with EMCLI
Configure Transparent Sensitive Data Protection (TSDP)
Invoke the Database Security Assessment Tool
Run the Database Security Assessment Tool
Patch Databases
Assess the need for of a CVE
Decode CVSS Risk Scoring
Manage Database Security in the Cloud
Asssess the Shared Responsibility Model
Manage hybrid cloud scenarios
Assess Autonomous Database Self Securing
Examkingdom Oracle 1Z0-116 Exam pdf
Best Oracle 1Z0-116 Downloads, Oracle 1Z0-116 Dumps at Certkingdom.com
Sample Question and Answers
QUESTION 1
What does the Application Data Modeling module of the Oracle Data Masking and Subsetting Pack search for?
A. data redaction policies
B. data masking transformations
C. parent/child relationships between the columns holding sensitive information
D. encrypted columns
Answer: C
Explanation:
Create an Application Data Model ” To begin using Oracle Data Masking and Subsetting, you must
create an Application Data Model (ADM). ADMs capture application metadata, referential
relationships, and discover sensitive data from the source database.
QUESTION 2
Database Vault is configured and enabled in the database. You create a rule set to enforce security on the hr. employees table.
Examine these requirements:
1. Users working In hr department are allowed to view all rows In HR.EMPLOYEES.
2. hr managers are allowed to view, update, and delete data in In HR.EMPLOYEES.
3. Audit records are to be collected for every evaluation of the rule set.
Which two options are true when creating the rule set?
A. One rule set contains two rules OR’ed together.
B. The rule set parameter audit_options must be set to dbms_macutl.g_ruleset_audtt_fail.
C. The rule set must be defined as is_static.
D. The rule set parameter eval_options must be set to dbms_macutl.g_ruleset_eval_all.
E. The rule set parameter audit_options must be set to dbms_macutl.g_buleset_audit_fail + DBMS MACUTL.G RULESET AUDIT SUCCESS.
Answer: CD
QUESTION 3
To avoid hard coding passwords in scripts, you have elected to create an external password store- Examine this list of steps:
1. Set the external password store wallet location.
ALTER SYSTEM SET EXTERNAL_KEYSTORE_CREDENTIAL_LOCATION =
“/tc/ORACLE/WALLETS/orcl/external_Btore” SCOPE c SPFILE;
2. Log in as a user who has syskm privileges.
3. Create an auto-logln keystore that contains the keystore password including the add secret clause.
ADMINISTER KEY MANAGEMENT ADD SECRET ‘password’
FOR CLIENT ‘TDE_WALLET’
TO LOCAL AUTO_LOGIH KEYSTORE ‘/etc/0RACLE/WALLETS/orcl/extemal_store’;
4. Restart the database instance as sysdba.
SHUTDOWN IMMEDIATE STARTUP
5. Create an auto-logln keystore that contains the keystore password.
ADMINISTER KEY MANAGEMENT
FOR CLIENT ‘TDE_WALLET’
TO LOCAL AUTO_L0GIN KEYSTORE ‘ /etc/ORACLE/WALLETS/orcl/external_store’ ;
6. Set an Encryption Key.
ADMINISTER KEY MANAGEMENT SET ENCRYPTION KEY IDENTIFIED BY keystore_password
WITH BACKUP
Identify the minimum number of steps in the correct order that must be performed to create the
external password store.
A. 2,1,3,4
B. 1,2,5,4
C. 1,2,3,6,4
D. 1,2,6,3,5
E. 2,3,6,4
F. 1,2,3,4
Answer: D
QUESTION 4
Oracle Database Vault is enabled In the database. You have these requirements:
1. Database administrator dbai must export and import data from and to a non-protected schema.
2. Database administrator dba2 must export and Import data from and to a protected schema.
Which three options together satisfy these requirements?
A. Grant become user to dbai.
B. Grant sysoper to both users.
C. Run d3ms_macadm.authorize_datapump_user procedure granting dbai privileges to impdp and expdp utilities.
D. Grant imp_full_database and exp_full_database to dbai and dba2.
E. Run dbms_macadm.authobize_datapump_useb procedure granting dba2 privileges to impdp and expdp utilities.
F. Grant become user to dba2.
G. Grant sysdba to both users.
Answer: ACE
QUESTION 5
You must restrict execution of the alter system checkpoint command to certain conditions, specified in a rule set used by a command rule.
Which two parameters must be specified In the dbms_macadm.create_command_rule procedure to do this?
A. PARAMETER_NAM£=>’CHECKPOINT’
B. OBJECT_OWNER=>’SYS
C. CLAUSE_NAME=>’CHECKPOINT’
D. CLAUSE_NAME=>’SYSTEM’
E. COMMANI>=>’ ALTER SYSTEM’
F. OBJECT_NAME=>’CHECKPOINT’
G. COMMAND=>’ALTER’
Answer: CD
No Comment