Identify three benefits of Unified Auditing.

Identify three benefits of Unified Auditing.

Identify three benefits of Unified Auditing.

A.
Decreased use of storage to store audit trail rows in the database.

B.
It improves overall auditing performance.

C.
It guarantees zero-loss auditing.

D.
The audit trail cannot be easily modified because it is read-only.

E.
It automatically audits Recovery Manager (RMAN) events.

Explanation:
A: Starting with 12c, Oracle has unified all of the auditing types into one single unit
called Unified auditing. You don’t have to turn on or off all of the different auidting types
individually and as a matter of fact auditing is enabled by default right out of the box. The AUD$
and FGA$ tables have been replaced with one single audit trail table. All of the audit data is now

stored in Secure Files table thus improving the overall management aspects of audit data itself.
B: Further the audit data can also be buffered solving most of the common performance related
problems seen on busy environments.
E: Unified Auditing is able to collect audit data for Fine Grained Audit, RMAN, Data Pump, Label
Security, Database Vault and Real Application Security operations.
Note:
* Benefits of the Unified Audit Trail
The benefits of a unified audit trail are many:
/ (B) Overall auditing performance is greatly improved. The default mode that unified audit works is
Queued Write mode. In this mode, the audit records are batched in SGA queue and is persisted in
a periodic way. Because the audit records are written to SGA queue, there is a significant
performance improvement.
/ The unified auditing functionality is always enabled and does not depend on the initialization
parameters that were used in previous releases
/ (A) The audit records, including records from the SYS audit trail, for all the audited components
of your Oracle Database installation are placed in one location and in one format, rather than your
having to look in different places to find audit trails in varying formats. This consolidated view
enables auditors to co-relate audit information from different components. For example, if an error
occurred during an INSERT statement, standard auditing can indicate the error number and the
SQL that was executed. Oracle Database Vault-specific information can indicate whether this error
happened because of a command rule violation or realm violation. Note that there will be two audit
records with a distinct AUDIT_TYPE. With this unification in place, SYS audit records appear with
AUDIT_TYPE set to Standard Audit.
/ The management and security of the audit trail is also improved by having it in single audit trail.
/ You can create named audit policies that enable you to audit the supported components listed at
the beginning of this section, as well as SYS administrative users. Furthermore, you can build
conditions and exclusions into your policies.
* Oracle Database 12c Unified Auditing enables selective and effective auditing inside the Oracle
database using policies and conditions. The new policy based syntax simplifies management of
auditing within the database and provides the ability to accelerate auditing based on conditions.

* The new architecture unifies the existing audit trails into a single audit trail, enabling simplified
management and increasing the security of audit data generated by the database.



Leave a Reply 10

Your email address will not be published. Required fields are marked *


Moeen Uddin

Moeen Uddin

A,B,E

WL

WL

From Student guide:

Unlike other Oracle Database components, you do not create a unified audit policy for Oracle RMAN events. The UNIFIED_AUDIT_TRAIL view automatically captures commonly audited Oracle RMAN events.

H*T*H

H*T*H

The given answer, ABE is wrong. The overall point of Unified Auditing is to address these issues:
1. Simplicity – Group audit actions together, have action based and condition based policies and allow easy inclusion/exclusion for auditing.
2. Consolidation – have ONE audit trail not several in different places.
3. Security – store it in the database in read only form and separate administration and viewing job roles.
4. Performance – achieve the above with negligible performance overhead

A is wrong because Unified Auditing has the capability to audit more database components than standard auditing does. Auditing more things = more audit records. More audit records does not decrease the storage used, it increases it.
B is correct. Buffering audit records in memory, then writing them to disk in batch is faster than continuously writing to disk.
C is correct. Under normal operating conditions, audit records are written to one of two queues held in the SGA. The content of a queue is only written to the database when either it fills up or a 3 second timeout occurs. At which point, audit records are written to the other queue. In the event of an instance crash, it’s possible audit records held in memory could be lost. However, writing audit records to the unified audit trail in the database can be configured to be immediate. Hence, zero-loss auditing. Comes with a performance hit though.
D is correct. The underlying table which holds the audit records is read only, so it cannot be easily modified or tampered with.
E is correct. You do not have to create/enable an audit policy for RMAN operations. They are audited automatically.

H*T*H

max

max

BDE
Overall auditing performance is greatly improved.
wrong C because a small rick of loosing audit data is given, because by default it’s written in buffer and if the instance crashes these data is lost!

Algerian

Algerian

D is wrong?

A:
modifiable -> NO
http://docs.oracle.com/cd/E11882_01/server.112/e40402/initparams017.htm#REFRN10006

B:
https://docs.oracle.com/database/121/DBSEG/auditing.htm#DBSEG1024
Overall auditing performance is greatly improved

E:
http://www.oracle.com/webfolder/technetwork/tutorials/obe/db/12c/r1/security/sec_uni_audit/sec_uni_audit.html
You want to audit Recovery Manager backup, restore and recover operations.You do not have to create any audit policy for RMAN operations. RMAN is audited by default.
Backup any of the tablespaces of the database.