A.
Virtual Private Database (VPD) policies on objects in an application root are automatically synchronized with all application PDBs contained in the application container.
B.
Application-common TSDP policies are always container specific.
C.
Application-common Transparent Security Data Protection (TSDP) policies can be created only within an application install/patch BEGIN-END block.
D.
Application-common Oracle Label Security (OLS) policies cannot be created in an application root outside an install/patch BEGIN-END block.
E.
Fine-grained auditing (FGA) policies in an application root are automatically synchronized to all application PDBs contained in the application container.
F.
Application-common OLS policies can be created in an application root inside an install/patch BEGIN-END block.
G.
Unified auditing can be automatically synchronized to all application PDBs in an application container.
isn't D and F talking about the same thing?
D. Application-common Oracle Label Security (OLS) policies cannot be created in an application root outside an install/patch BEGIN-END block.
F. Application-common Oracle Label Security (OLS) policies can be created in an application root inside an install/patch BEGIN-END block.
A. FALSE
B. TRUE -> https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/using-transparent-sensitive-data-protection.html#GUID-0AC97E6B-9B00-4D20-8F26-8B23896DDD3C
C. FALSE -> In an application root, you cannot use TSDP statements in BEGIN/END block.
D. TRUE - Application-common Oracle Label Security (OLS) policies cannot be created in an application root outside an install/patch BEGIN-END block
E. FALSE -> You cannot create Oracle Label Security policies in the CDB root or the application root. https://docs.oracle.com/en/database/oracle/oracle-database/19/olsag/introduction-to-oracle-label-security.html#GUID-405CF532-F1E1-43F5-8E02-78E7927B2A6D
F. FALSE - it will be effective in each PDB that belongs to this application root
G. TRUE - FGA policies will propagate to PDBs set in the CONTAINER = clause.
BDG
B - That is, the policy is effective only in the application root container.
https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/using-transparent-sensitive-data-protection.html#GUID-0AC97E6B-9B00-4D20-8F26-8B23896DDD3C:~:text=A%20TSDP%20policy%20that%20is%20defined%20in%20the%20application%20root%20container%20behaves%20as%20if%20it%20is%20a%20local%20policy%20to%20the%20application%20root.%20That%20is%2C%20the%20policy%20is%20effective%20only%20in%20the%20application%20root%20container.
D - You cannot create Oracle Label Security policies in the CDB root or the application root.
https://docs.oracle.com/en/database/oracle/oracle-database/12.2/olsag/introduction-to-oracle-label-security.html#GUID-405CF532-F1E1-43F5-8E02-78E7927B2A6D:~:text=You%20cannot%20create%20Oracle%20Label%20Security%20policies%20in%20the%20CDB%20root%20or%20the%20application%20root.
BFG?
A - False. VPD enforce row-level security, and are specific to individual PDB unless it's applied to a common object.
B - True. All TSDP are container specific.
C - False. TSDP can be create inside or outside an application install/patch BEGIN-END block.
D - False. OLS policies can be create inside or outside an application install/patch BEGIN-END block.
E - False. FGA policies are defined at individual object level.
F - True. OLS policies can be create inside or outside an application install/patch BEGIN-END block.
G - True. Unified auditing is a centralized auditing feature, captures and records audit trails across all PDBs.
A: false VPD policies on COMMON object are automatically... (COMMON not all type of objects)
B: false can be created on pdb or on root container
C: false inside BEGIN-END give an ERROR
D: true it can't be created in application root (with or without BEGIN/END block)
E: true yes if it's created inside BEGIN/END block
F: false it can't be creted in application root
G: true
I read again and I think BDG -> B is true because container specific means it has a local scope (PDB or APPCDB or CDB). I exclude E because It's not automatic but sync command is needed
I think ABG is the correct answer:
A is true when it involves a common vpd policy: https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/using-oracle-vpd-to-control-data-access.html#GUID-E6343F14-933E-4980-A67A-D5AAEC5743C5
C is false: https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/using-transparent-sensitive-data-protection.html#GUID-0AC97E6B-9B00-4D20-8F26-8B23896DDD3C
D and F are false as you cannot define common ols-policies; OLS policies can only be defined on a per-pdb basis. A further restriction is that an OLS policy cannot be defned in the CDB root
nor in the application root.
G is true if common application objects: https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/configuring-audit-policies.html#GUID-E02D0A5B-6591-4CD1-AF2B-29B0850BB6CB
E is false because fga policies only apply to an individual pdb. https://docs.oracle.com/en/database/oracle/oracle-database/18/multi/managing-security-for-a-multitenant-environment.html#GUID-6F15B297-08C6-4904-938D-3DAA429E14B0
I took the exam yesterday, i confirm that B and G are correct. A seems correct, but the question in exam was choose 2 answers only (and A was not there).
ABC Correct
A - When you install an application in the application root, all the common Virtual Private Database policies that protect the common objects will be applied to and immediately enforced for all PDBs in the application container.
B - In a multitenant environment, you can apply TSDP policies to the current PDB or current application PDB only.
C - By DBMS_TSDP_PROTECT.ADD_POLICY
D/F Incorrect - You cannot create Oracle Label Security policies in the CDB root or the application root.
E- Incorrect - When you create a fine-grained audit policy in the CDB root, the policy cannot be applied to all PDBs.
G- Incorrect - you can create unified audit policies for individual PDBs and in the root.
I think C is False: "When you create scripts for application install, upgrade, patch, or uninstall operations, you can include SQL statements within the ALTER PLUGGABLE DATABASE app_name BEGIN INSTALL and ALTER PLUGGABLE DATABASE app_name END INSTALL blocks to perform various operations. If you include TSDP statements within these blocks, then the TSDP statements will fail. You can, however, include TSDP statements outside these blocks in the script" (https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/using-transparent-sensitive-data-protection.html#GUID-0AC97E6B-9B00-4D20-8F26-8B23896DDD3C)
I think BDG -> A is incorrect because (VPD) policies on objects in an application root not are automatically synchronized
B -> correct because TSPD operations are container-specific
upvoted 5 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
RinD
Highly Voted 3 years, 9 months agoNiciMilo
3 years, 6 months agosoftware+examtopics
Most Recent 1 month, 2 weeks agodancymonkey
12 months agozouve
1 year, 3 months agoAlvinzzz
1 year, 7 months ago_gio_
1 year, 7 months ago_gio_
1 year, 5 months agolchdb
1 year, 5 months agoErikJanssen
2 years, 1 month agostomine
2 years, 2 months agoAlfredNg
3 years, 5 months agoleozanon94
2 years, 10 months agoAldrid
3 years, 8 months agoogdru
3 years, 7 months agoRogazan
3 years, 8 months agoerial
4 years, 4 months agotaotsumiau
4 years, 7 months agoald85
4 years, 7 months ago