Database Security 11gR2 PreSales Specialist Assessment

1. When should sensitive data be encrypted? Mark for Review

(1) Points

When in transit to users.

1,2 and 4. (*)

When stored in the database.

When the data is backed up.

When the data is in use in memory.

Inorrect, sensitive data should be encrypted when at rest in the database and
in transit and when backed up.

2. Which of the following products are used to implement security based on data
values in individual rows? Mark for Review
(1) Points

Audit Vault

Data Masking

Database Vault

Label Security (*)

Advanced Security Option

Incorrect, Label Security is used to implement security based on data values

in individual rows.

3. Which of the following are requirements that can lead to greater security
requirements? Mark for Review
(1) Points

(Choose all correct answers)

PCI (*)

HIPAA (*)

None of the above.

WWF

SOX (*)

Incorrect, PCI, SOX and HIPAA are regulations that can lead to greater
security requirements.
 4. What percentage of customers encrypt Personally Identifiable Information
(PII) in their database? Mark for Review
(1) Points

Between 30 and 50%.

Less than 30%. (*)

More than 80%.

100%

Between 50 and 80%.

Incorrect, 29% of customers encrypt PII in their database.

5. Which of the following products can produce reports of security violations?

Mark for Review
(1) Points

(Choose all correct answers)

Database Vault (*)

Audit Vault (*)

Advanced Security Option

Label Security

Data Masking

6. Where can you store the master key for the Advanced Security Option? Mark for
Review
(1) Points

In both an Oracle wallet or an HSM.

In either an Oracle wallet or an HSM. (*)

In an Oracle wallet.

In an HSM.

Correct, you can store the master key in either an Oracle Wallet or an HSM.

7. How do you handle Oracle audit trails once the audit records have been
inserted into Audit Vault? Mark for Review
(1) Points

Audit trails must be deleted manually.

Audit Vault automatically cleans up audit trails after the audit records have
been inserted into the Vault.

You cannot delete any audit trails when using Audit Vault. (*)

Incorrect, Audit Vault automatically cleans up audit trails after the audit
records have been inserted into the Vault.

8. Which of the following products are used to enforce strong authentication?

Mark for Review
(1) Points

Label Security

Advanced Security Option (*)

Database Vault

Data Masking

Audit Vault

Incorrect, Advanced Security Option is used to implement strong

authentication.

9. With the Data Masking pack, the only way to see the results of masking are to
mask data and examine the results. Mark for Review
(1) Points

True

False (*)

Incorrect, you can preview potential masking values before performing the
masking.

10. A Database Vault realm can prevent access to what group of data? Mark for
Review
(1) Points

Schema

Rows in a table.

Table (*)

Column

11. Which of the following benefits are provided by Audit Vault? Mark for Review
(1) Points

(Choose all correct answers)

 Consolidated audit reporting across multiple databases. (*)

Access limitations based on tables.

Encryption.

Alerts on security access violations. (*)

Access limitations based on data values.

Correct, Audit Vault provides consolidated reporting across multiple

databases and active alerts of security violations.

12. Which of the following options allow the finest-grained access control?
Mark for Review
(1) Points

Label Security (*)

Database Vault

Audit Vault

Advanced Security Option

Virtual Private Database

Incorrect, Label Security is used to implement security based on data values

in individual rows.

13. Which of the following products use a two-tier architecture for key
management? Mark for Review
(1) Points

Database Vault

Advanced Security Option (*)

Label Security

Data Masking

Audit Vault

Incorrect, Advanced Security Option uses a two-tier architecture for key

management.

14. Which of the following require changes to targeted tables? Mark for Review
(1) Points

Label Security (*)

Database Vault realms

 Virtual Private Database

Database Vault command rules

Incorrect, Label Security requires additional data to be added to targeted

tables.

15. Database Vault command rules are based on Database Vault rules. Mark for
Review
(1) Points

True

False (*)

16. You can specify a mask format for data based on a condition with the Data
Masking pack. Mark for Review
(1) Points

True (*)

False

Correct, you can specify a mask format for data based on a condition with the
Data Masking pack.

17. How will using the NOMAC option for TDE affect space usage? Mark for Review

(1) Points

Will have no effect on storage.

Will result in decreased storage (*)

Will result in increased storage

Correct, using the NOMAC option will reduce space usage for TDE.

18. What type of agents are supported by Audit Vault for SQL Server databases?
Mark for Review
(1) Points

Operating system

All of the above. (*)

Database

None of the above.

Redo
 Correct, Audit Vault supports operating system based auditing for SQL Server
databases.

19. Tablespaces encrypted with Transparent Data Encryption will . . . Mark for
Review
(1) Points

Always take up less space that the original, unencrypted tablespace.

Sometimes take up more space that the original unencrypted tablespace.

Always take up more space than the original unecrypted tablespace.

Sometimes take up less space than the original unencrypted tablespace. (*)

Correct, tablespace encryption incorporates data compression, which means

that the encrypted tablespace sometimes take up less space than the original
unencrypted tablespace.

20. Which of the following products used when sharing data outside of your
production environment? Mark for Review
(1) Points

Audit Vault

Database Vault

Data Masking

Advanced Security Option

Label Security (*)

21. A Database Vault rule set can be used with which of the following? Mark for
Review
(1) Points

1 and 2. (*)

None of these.

Commands

Tables

Realms

Inorrect, a Database Vault rule set can control access to both commands and
realms.

22. Transparent Data Encryption can encrypt which of the following methods of
data export and import? Mark for Review
(1) Points

All of the above. (*)

Data Pump

RMAN

1 and 2.

SQL*Loader

Correct, you can use TDE to encrypt data exports with either Data Pump or
RMAN.

23. Which of these is a critical driver for increased security practices? Mark
for Review
(1) Points

Data integrity concerns.

Line-of-business demands.

Need for reliable backups.

Increased compliance regulations. (*)

Incorrect, Increased compliance regulations can lead to additional security

requirements.

24. You can compare Audit Vault policies with current settings. Mark for Review

(1) Points

True (*)

False

Correct, you can Audit Vault policies with current settings.

25. What type of agents are supported by Audit Vault for Oracle databases? Mark
for Review
(1) Points

Database audit files.

Oracle audit trail from OS.

Operating system SYSLOG files.

All of the above. (*)

 Redo

26. Does Database Vault work with Transparent Data Encryption (TDS)? Mark for
Review
(1) Points

True (*)

False

Correct, Database Vault works with TDE.

27. When will changes in Database Vault access permissions take effect? Mark
for Review
(1) Points

After an ALTER SYSTEM DBV is issued.

After the next database backup.

Immediately. (*)

The next time the database server is stopped and started.

Correct, changes to Database Vault permissions take effect immediately.

28. Typically, which type of encryption performs better? Mark for Review
(1) Points

Column encryption typically perfoms better.

Tablespace encryption typically perfoms better. (*)

Both perform equally well.

Correct, tablespace encryption typically performs better.

29. You can define your own Audit Vault reports. Mark for Review
(1) Points

True (*)

False

Correct, you can define your own Audit Vault reports.

30. You can encrypt any data type with tablespace encryption. Mark for Review
(1) Points

True (*)
 False

31. You need one Audit Vault Agent for each database being audited. Mark for
Review
(1) Points

True

False (*)

Incorrect, you need one Audit Vault Agent for each server being audited, not
each database.

32. What type of agents are supported by Audit Vault for DB2 databases? Mark
for Review
(1) Points

None of the above.

All of the above. (*)

Redo

Database

Operating system

Correct, Audit Vault supports operating system based auditing for DB2
databases.

33. You can define Audit Vault alerts for which of the following events? Mark
for Review
(1) Points

(Choose all correct answers)

Granting of DBA privileges. (*)

Failed logins. (*)

Table drops. (*)

Failed logins. (*)

Direct views of sensitive data. (*)

Incorrect, you can define Audit Vault alerts for all these events, and more.

34. The 10gR5 release of the Data Masking pack comes with a set of pre-defined
masking formats. Mark for Review
(1) Points

True (*)

False

Correct, the 10gR5 release of the Data Masking pack comes with a set of pre-
defined masking formats.

35. In the latest release of the Advanced Security Option, you can store a key
in an HSM for what types of encryption? Mark for Review
(1) Points

1 and 2. (*)

Tablespace encryption

All of the above.

Column encryption

Schema encryption

36. Which of the following requirements can affect companies across the world?
Mark for Review
(1) Points

HIPAA

SOX

PCI (*)

Inorrect, Payment Card Industry security standards can affect companies

worldwide.

37. What is the typical performance impact of using Database Vault realms? Mark
for Review
(1) Points

15%

1% (*)

0%

10%

5%

Incorrect, the typical performance impact of using Database Vault realms is

1%.
 38. With Data Masking, data relationships defined without foreign keys (by an
application) are lost during the masking process. Mark for Review
(1) Points

True

False (*)

Incorrect, data masking maintains relationships defined by foreign keys

automatically.

39. The SQL Server Audit Vault Agent communicates with SQL Server through
SQL*Net. Mark for Review
(1) Points

True

False (*)

Incorrect, the SQL Server Agent uses JDBC to communicate with SQL Server.

40. You have to change your application logic when you encrypt data with
Transparent Data Encryption. Mark for Review
(1) Points

True

False (*)

41. Encryption for Transparent Data Encrytion is always performed during I/O
operations. Mark for Review
(1) Points

True

False (*)

Incorrect, encryption for TDE is done during I/O operations for tablespace
encryption, not column encryption.

42. You can only encrypt columns when you define a table. Mark for Review
(1) Points

True

False (*)

Incorrect, you can define columns as encrypted after a table is defined.

 43. Which type of Audit Vault Oracle Agent affects performance the most? Mark
for Review
(1) Points

Redo Audit (*)

Operating System Audit

Database Audit

Incorrect, the Redo Agent affects performance the most.

44. How do you have to handle partitions with encrypted tablespaces? Mark for
Review
(1) Points

All partitions must be in the same encrypted tablespace.

You cannot have partitions in encrypted tablespaces.

You can have different partitions in different tablespaces, both encrypted and
not encrypted. (*)

Inrrect, you can have different partitions in different tablespaces, both

encrypted and not encrypted.

45. Which of the following products are used to enforce separation of duties?
Mark for Review
(1) Points

(Choose all correct answers)

Audit Vault

Advanced Security Option (*)

Database Vault (*)

Data Masking

Label Security

46. How can you encrypt data with Transparent Data Encryption? Mark for Review
(1) Points

By tablespace.

By table.

1 and 3. (*)

By column.
 Inorrect, you can encrypt data at the column or tablespace level.

47. If you do not have the Oracle wallet with the master key for TDE, you will
not be able to access the encrypted data. Mark for Review
(1) Points

True (*)

False

Correct, if you do not have the Oracle wallet with the master key for TDE,
you will not be able to access the encrypted data.

48. In security terms, what is the definition of "separation of duties"? Mark

for Review
(1) Points

Denying managers access to employee data.

Denying admnistrators access to data values. (*)

Denying users access to administrative functions.

Allowing administrators to backup data from only one department.

Allowing administrators to back up data from an entire enterprise.

Inorrect, separation of duties is denying administrators access to data

values.

49. Audit Vault only works on Oracle 10g and above. Mark for Review
(1) Points

True

False (*)

Correct, Audit Vault can work on Oracle 9.1i and above.

50. Changing the master key uses fewer resources than changing table keys. Mark
for Review
(1) Points

True (*)

False

1. For the Advanced Security Option, you can enhance the security of your system
by which of the following? Mark for Review
(1) Points
 Change the table keys periodically.

Change both keys periodically.

Any of the above. (*)

Change the master key periodically.

4. The performance impact of encrypted tablespaces is typically which of the

following - Mark for Review
(1) Points

10 - 20%

30-40%

20-30%

Less than 10%. (*)

8. You need one Audit Vault Collector for each database being audited. Mark for
Review
(1) Points

True (*)

False

10. What databases can be audited by Audit Vault agents? Mark for Review
(1) Points

(Choose all correct answers)

MySQL

Oracle (*)

SQL Server (*)

Sybase (*)

DB2 (*)

11. You can only use pre-defined Audit Vault alerts. Mark for Review
(1) Points

True

False (*)

19. Secure application roles can be implemented with which Database Vault entity?
Mark for Review
(1) Points
 Factors

Commands

Rules

Realms

Rule sets (*)

30. You can use one Database Vault to protect more than one database. Mark for
Review
(1) Points

True (*)

False

32. With Data Masking, data relationships defined by foreign keys are lost during
the masking process. Mark for Review
(1) Points

True (*)

False

35. When will changes in Database Vault access permissions take effect? Mark for
Review
(1) Points

After an ALTER SYSTEM DBV is issued.

After the next database backup.

Immediately. (*)

The next time the database server is stopped and started.

37. Rule sets in Database Vault can control access to what entities? Mark for
Review
(1) Points

(Choose all correct answers)

Realms (*)

Commands (*)

Columns

Tables

Factors
 38. What are some of the potential repercussions from not protecting sensitive
PII? Mark for Review
(1) Points

Remediation costs

Termination

All of the above. (*)

None of the above.

Fines

Correct, all of the above are potential repercussion of security violations.

39. You can encrypt large objects, such as documents, with Transparent Data
Encryption. Mark for Review
(1) Points

True (*)

False