Which two statements are true?

I think is B an D

Not A: Because is any access not only select access.
Not C: Because the access could be done by Jim or another user different from Jim with access privileges over the table.

DBMS_FGA.ADD_POLICY(
object_schema => ‘hr’,
object_name => ’emp’,
policy_name => ‘chk_hr_emp’,
audit_condition => ‘dept = ”SALES” ‘,
audit_column => ‘salary’
statement_types => ‘insert,update,delete,select’);

Default value for statement_types is SELECT

■Setting audit_trail to DBMS_FGA.DB sends the audit trail to the SYS.FGA_LOG$ table in the database and omits SQL Text and SQL Bind.

■Setting audit_trail to DBMS_FGA.DB+EXTENDED sends the audit trail to the SYS.FGA_LOG$ table in the database and includes SQL Text and SQL Bind.

■Setting audit_trail to DBMS_FGA.XML writes the audit trail in XML files sent to the operating system and omits SQL Text and SQL Bind.

■Setting audit_trail to DBMS_FGA.XML+EXTENDED writes the audit trail in XML files sent to the operating system and includes SQL Text and SQL Bind.

Default value fo audit_trail parameter in DBMS_FGA.ADD_POLICY is DB+EXTENDED

So, based on these the correct answer should be A and D.

B is not correct because this FGA policy is not true for insert, update and delete statements.

A and D

Each audit policy is applied to the query individually. However, at most one audit record may be generated for each policy, no matter how many rows being returned satisfy that policy’s audit_condition. In other words, whenever any number of rows being returned satisfy an audit condition defined on the table, a single audit record will be generated for each such policy.
The audit_condition is evaluated using the privileges of the user who creates the policy.
DBMS_FGA.ADD_POLICY( object_schema IN VARCHAR2 DEFAULT NULL, object_name IN VARCHAR2, policy_name IN VARCHAR2, audit_condition IN VARCHAR2 DEFAULT NULL, audit_column IN VARCHAR2 DEFAULT NULL, handler_schema IN VARCHAR2 DEFAULT NULL, handler_module IN VARCHAR2 DEFAULT NULL, enable IN BOOLEAN DEFAULT TRUE, statement_types IN VARCHAR2 DEFAULT SELECT, audit_trail IN BINARY_INTEGER DEFAULT NULL, audit_column_opts IN BINARY_INTEGER DEFAULT ANY_COLUMNS, policy_owner IN VARCHAR2 DEFAULT NULL);
The default for statement_type is ‘SELECT’. Therefore, Choice A is correct.
If audit_trail includes EXTENDED, then the query’s SQL Text and SQL Bind variable information are included in the audit trail.
The AUDIT_TRAIL parameter defines where audit records will be written. This parameter is set to DB by default.
If AUDIT_TRAIL is set to a value of NONE, standard database auditing is disabled. The AUDIT_TRAIL parameter is a static parameter and cannot be modified without restarting the database instance.
The possible parameter values that enable auditing are:
• DB: Enables database auditing and directs all audit records to the database audit trail (the SYS.AUD$ table)
• DB,EXTENDED: In addition to action of the DB value, captures the SQL executed along
with any bind variables (SQLTEXT and SQLBIND columns) of the audit table.
Setting audit_trail to DBMS_FGA.DB sends the audit trail to the SYS.FGA_LOG$ table in the database and omits SQL Text and SQL Bind.
By default, Oracle Database executes the policy predicate with the privileges of the user who owns the policy.
The default value for audit_trail is ‘DB’ and not ‘DB,EXTENDED’. If it is set to DB, then SQL statements are not captured.

The default value for statement_type=select. Hence A is correct.
D is wrong because the default audit_trail parameter is ‘DB’. For this, SQL text is not captured.
By default, the policy executes the predicate, i.e., “SELECT” statement and not all DML operations of the owner. Hence C can be ruled out.
At most one audit record may be generated for each policy, no matter how many rows being returned satisfy that policy’s audit_condition. In other words, whenever any number of rows being returned satisfy an audit condition defined on the table, a single audit record will be generated for each such policy.
In my opinion, A, B are correct.

As “statement_types” is not explicitly mentioned in the code, then it will take default value of “SELECT” which means that above policy is not applicable for DML operations.
This means that B and C are incorrect.
A and D are correct.

AB as B is more specific ( PRICE > 10000) than D

AB
In my opinion D is wrong because audit_trail => DBMS_FGA.DB_EXTENDED is not set in DBMS_FGA.ADD_POLICY

AB

A is correct.
D is correct as well:
DB+EXTENDED is the default value for audit_trail.
As audit_trail is not set to anything else, it’s DB+EXTENDED which means SQL statements are captured.

B is not correct as INSERT, DELETE and UPDATE are not audited, just SELECT, so an audit record isn’t written for all access.

The default value for AUDIT_TRAIL parameter is “DB” for databases created with DBCA (and NONE for databases created manually with CREATE DATABASE statement). So it’s AB, because unless audit_trail is changed to DB+EXTENDED, no SQL Statement will be written to audit trail.

http://docs.oracle.com/cd/B19306_01/network.102/b14266/cfgaudit.htm#i1011302
“Fine-grained auditing addresses these needs, taking you beyond standard auditing and enabling you to minimize false or unhelpful audits by specifying more detailed audit conditions. You do not need to set AUDIT_TRAIL to enable fine-grained auditing”
dbms_fga always capture whole syntax regardless AUDIT_TRAIL parameter.

for standard audit, create audit policy then enable
for value-based audit, use trigger
for capture whole syntax, use dbms_fga

AD

C and B are WRONG because the parameter “statement_types” is not specified.
So the audit policy is valid only for SELECT statements.

A and D are the right answers.