You wish to enable an audit policy for all database users, except SYS, SYSTEM, and SCOTT.
You issue the following statements:
SQL> AUDIT POLICY ORA_DATABASE_PARAMETER EXCEPT SYS;
SQL> AUDIT POLICY ORA_DATABASE_PARAMETER EXCEPT SYSTEM;
SQL> AUDIT POLICY ORA_DATABASE_PARAMETER EXCEPT SCOTT;
For which database users is the audit policy now active?
A.
All users except SYS
B.
All users except SCOTT
C.
All users except sys and SCOTT
D.
All users except sys, system, and SCOTT
Explanation:
If you run multiple AUDIT statements on the same unified audit policy but specify
different EXCEPT users, then Oracle Database uses the last exception user list, not any of the
users from the preceding lists. This means the effect of the earlier AUDIT POLICY … EXCEPTstatements are overridden by the latest AUDIT POLICY … EXCEPT statement.
Note:
*TheORA_DATABASE_PARAMETERpolicyaudits commonly used Oracle Database parameter
settings. By default, this policy is not enabled.
* You can use the keyword ALL to audit all actions. The following example shows how to audit all
actions on the HR.EMPLOYEES table, except actions by user pmulligan.
Example Auditing All Actions on a Table
CREATE AUDIT POLICY all_actions_on_hr_emp_pol
ACTIONS ALL ON HR.EMPLOYEES;
AUDIT POLICY all_actions_on_hr_emp_pol EXCEPT pmulligan;
Reference: Oracle Database Security Guide 12c, About Enabling Unified Audit Policies
B
The SYSTEM user is normally treated like a regular user, and should be able to be excluded for audit policies just like SCOTT. SYS is always audited.
So the answer is A, because the audit policy is active for all users except SYS. The question doesn’t ask which users are / are not audited, it asks which users the policy is active for, and since SCOTT and SYSTEM were mentioned explicitly in the audit policy (even though they are exempt from it) it is active for them.
after some research, the correct answer is B
Explanation: If you run multiple AUDIT statements on the same unified audit policy but specify different EXCEPT users, then Oracle Database uses the last exception user list, not any of the users from the preceding lists. This means the effect of the earlier AUDIT POLICY … EXCEPT statements are overridden by the latest AUDIT POLICY … EXCEPT statement
B is correct, tested!
If its otherwise, its union all. If its except, the recent statement is effective.
It should be C, because SYS cannot be excluded for any auditing so the policy always applied to SYS. And SCOTT was the last user the policy was applied to, so the previous apply attempts are overwritten – except for SYS because SYS is always audited.
B
B
B
I agree “B”.
https://docs.oracle.com/database/121/DBSEG/audit_config.htm#DBSEG1025
Note the following:
If you run multiple AUDIT statements on the same unified audit policy but specify different EXCEPT users, then Oracle Database uses the last exception user list, not any of the users from the preceding lists. This means the effect of the earlier AUDIT POLICY … EXCEPT statements are overridden by the latest AUDIT POLICY … EXCEPT statement.
Relo says:
March 17, 2015 at 8:17 pm
The SYSTEM user is normally treated like a regular user, and should be able to be excluded for audit policies just like SCOTT. SYS is always audited.
Denny says:
April 11, 2015 at 8:54 pm
It should be C, because SYS cannot be excluded for any auditing so the policy always applied to SYS.
So the correct answer is C!!!
B
C is incorrect: https://docs.oracle.com/database/121/DBSEG/audit_config.htm#DBSEG1086
If you are creating an audit policy, then use the AUDIT statement to enable it and optionally apply (or exclude) the audit settings to one or more users, including administrative users who log in with the SYSDBA administrative privilege (for example, the SYS user).
B is correct.
Oracle document says:
•If you run multiple AUDIT statements on the same unified audit policy but specify different EXCEPT users, then Oracle Database uses the last exception user list, not any of the users from the preceding lists. This means the effect of the earlier AUDIT POLICY … EXCEPT statements are overridden by the latest AUDIT POLICY … EXCEPT statement.
https://docs.oracle.com/database/121/DBSEG/audit_config.htm#DBSEG525