You are administering a database and you receive a requirement to apply the following
restrictions:
1. A connection must be terminated after four unsuccessful login attempts by user.
2. A user should not be able to create more than four simultaneous sessions.
3. User session must be terminated after 15 minutes of inactivity.
4. Users must be prompted to change their passwords every 15 days.
How would you accomplish these requirements?
A.
by granting a secure application role to the users
B.
by creating and assigning a profile to the users and setting the REMOTE_OS_AUTHENT
parameter to FALSE
C.
By creating and assigning a profile to the users and setting the
SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter to 4
D.
By Implementing Fine-Grained Auditing (FGA) and setting the
REMOTE_LOGIN_PASSWORD_FILE parameter to NONE.
E.
By implementing the database resource Manager plan and setting the
SEC_MAX_FAILED_LOGIN_ATTEMPTS parameters to 4.
Explanation:
You can design your applications to automatically grant a role to the user who is
trying to log in, provided the user meets criteria that you specify. To do so, you create a secure
application role, which is a role that is associated with a PL/SQL procedure (or PL/SQL package
that contains multiple procedures). The procedure validates the user: if the user fails the
validation, then the user cannot log in. If the user passes the validation, then the procedure grants
the user a role so that he or she can use the application. The user has this role only as long as he
or she is logged in to the application. When the user logs out, the role is revoked.
Incorrect:
Not B: REMOTE_OS_AUTHENT specifies whether remote clients will be authenticated with the
value of the OS_AUTHENT_PREFIX parameter.
Not C, not E: SEC_MAX_FAILED_LOGIN_ATTEMPTS specifies the number of authenticationattempts that can be made by a client on a connection to the server process. After the specified
number of failure attempts, the connection will be automatically dropped by the server process.
Not D: REMOTE_LOGIN_PASSWORDFILE specifies whether Oracle checks for a password file.
Values:
shared
One or more databases can use the password file. The password file can contain SYS as well as
non-SYS users.
exclusive
The password file can be used by only one database. The password file can contain SYS as well
as non-SYS users.
none
Oracle ignores any password file. Therefore, privileged users must be authenticated by the
operating system.
Note:
The REMOTE_OS_AUTHENT parameter is deprecated. It is retained for backward compatibility
only.
me fo creating profile!
FAILED_LOGIN_ATTEMPTS in Profile -> Specify the number of failed attempts to log in to the user account before the account is LOCKED.
BUT
SEC_MAX_FAILED_LOGIN_ATTEMPTS specifies the number of authentication attempts that can be made by a client on a connection to the server process. These login attempts can be for multiple user accounts in the same connection. After the specified number of failure attempts, the connection will be automatically DROPPED by the server process.
So C
Please, smbd.smith don’t write comments if you don’t understand oracle, Please have a look to roles in the databases
the correct answer A
I’m with smbd.smth:
Use SEC_MAX_FAILED_LOGIN_ATTEMPTS to terminated connection after four unsuccessful login attempts.
The rest are normal profile settings:
– SESSIONS_PER_USER
– IDLE_TIME
– PASSWORD_LIFE_TIME
Thnx a lot, Shawn!
To jrd: IMHO this place is for our discussion. Why I can’t put here my opinion?
All of us can be wrong but it is inadmissible to speak about my knowledge of Oracle.
I saw your other answers here. I’m glad that you are really good in Oracle.
c
But what about “Users must be prompted to change their passwords every 15 days”? the default profile says it is 180 days?.
What is the correct answer?
Is it not B? Creating a new profile with all the requirements set, and disable access to the database “through the O.S” ( REMOTE_OS_AUTHENT )?
option C is correct. Why?
because says: “creating and assignind a profile to the user”, at this step you cover the SESSIONS_PER_USER, IDLE_TIME, PASSWORD_LIFE_TIME needs while using profiles, then continuing with the answer says: “and setting the SEC_MAX_FAILED_LOGING_ATTEMPTS to 4”, this is a database parameter at parameter file level it is not part of a profile, is a database parameter to limit the connection attempts at connection level (to drop the connection).
Then “jrd” you are wrong, please read the application security role, this refers to role mapping for database roles, when a user connect get the roles and when disconnect is dropped.
Respect please.
C
Create profiles :
1) SEC_MAX_FAILED_LOGIN_ATTEMPTS specifies the number of authentication attempts that can be made by a client on a connection to the server process. After the specified number of failure attempts, the connection will be automatically dropped by the server process.
2) SESSIONS_PER_USER Specify the number of concurrent sessions to which you want to limit the user.
3) IDLE_TIME Specify the permitted periods of continuous inactive time during a session, expressed in minutes.
4) PASSWORD_LIFE_TIME Specify the number of days the same password can be used for authentication.
So C.
CCCCC
C and ‘Boo’ to jrd
I would say it should be A, though.
‘Remember that the SEC_MAX_FAILED_LOGIN_ATTEMPTS initialization parameter is designed to prevent potential intruders from attacking your applications; it does NOT APPLY to VALID users. The sqlnet.ora INBOUND_CONNECT_TIMEOUT parameter and the FAILED_LOGIN_ATTEMPTS initialization parameter also restrict failed logins, but the difference is that these two parameters only apply to valid user accounts.’
Does this not mean that: if the user already exists (is valid) in the database, we should not resort to SEC_MAX_FAILED_LOGIN_ATTEMPTS?
Howdy, excellent web page you have going here
qryyporb http://cheonegron.com/easyblog/blogger/listings/kandaceberk7423.html
Thanks really helpful. Will share website with my pals
xatdjnnaja http://www.gentileassicurazioni.com/index.php/component/k2/itemlist/user/342206
Extremely instructive… looking forward to visiting again
pkdqseia http://supernewgames.com/profile/1647532/jeremiahfol.html
Great looking web site. Think you did a whole lot of your own html coding.|
http://www.uifsRoTw9J.com/uifsRoTw9J
That would be the finish of this report. Here youll discover some internet sites that we believe you will appreciate, just click the links.
Sites of interest we have a link to
Sites of interest we have a link to.
here are some links to web-sites that we link to since we think they may be really worth visiting
I conceive you have observed some very interesting details , thankyou for the post.
http://www.z31fpmNIwm.com/z31fpmNIwm
we came across a cool web page which you may delight in. Take a appear should you want
of course like your web site but you need to check the spelling on quite a few of your posts. Many of them are rife with spelling problems and I find it very bothersome to tell the truth nevertheless I will certainly come back again.
http://all4webs.com/blockspear33/hrmquhycph285.htm
although internet sites we backlink to beneath are considerably not associated to ours, we feel they may be truly really worth a go via, so possess a look
Here is a good Blog You may Come across Fascinating that we encourage you to visit.
please go to the sites we comply with, which includes this 1, as it represents our picks through the web
one of our guests not long ago proposed the following website
although web sites we backlink to beneath are considerably not associated to ours, we feel they are really worth a go by way of, so possess a look
one of our visitors recently advised the following website
here are some links to sites that we link to since we assume they’re worth visiting
usually posts some really exciting stuff like this. If you are new to this site
although sites we backlink to beneath are considerably not associated to ours, we feel they are actually really worth a go as a result of, so possess a look
just beneath, are various entirely not related web pages to ours, even so, they are certainly worth going over
below youll discover the link to some web sites that we think you ought to visit
Here are a number of the web-sites we suggest for our visitors
always a huge fan of linking to bloggers that I appreciate but really don’t get a great deal of link adore from
usually posts some incredibly fascinating stuff like this. If you are new to this site
that could be the finish of this article. Here youll come across some sites that we believe you will enjoy, just click the links over
although sites we backlink to beneath are considerably not connected to ours, we really feel they may be in fact worth a go as a result of, so have a look
Here is a great Blog You might Discover Fascinating that we Encourage You
although internet sites we backlink to below are considerably not connected to ours, we really feel they may be really really worth a go by means of, so possess a look
Thanks , I’ve just been looking for information about this subject for a long time and yours is the best I have came upon till now. However, what about the bottom line? Are you positive concerning the source?
http://www.XNmRAYW1iF.com/XNmRAYW1iF
C is correct answer
I’ve read several good stuff here. Certainly worth bookmarking for revisiting. I surprise how much effort you put to make such a magnificent informative site.
I have passed the exam on 20/9/2019 score 88% and 82%
and I can say 90% of the test king answers are wrong !!
Can you please share dump with me at [email protected]
sorry 20/9/2017!!
C