You are administering a database and you receive a requirement to apply the following
restrictions:
1. A connection must be terminated after four unsuccessful login attempts by user.
2. A user should not be able to create more than four simultaneous sessions.
3. User session must be terminated after 15 minutes of inactivity.
4. Users must be prompted to change their passwords every 15 days.
How would you accomplish these requirements?
A.
by granting a secure application role to the users
B.
by creating and assigning a profile to the users and setting the REMOTE_OS_AUTHENT
parameter to FALSE
C.
By creating and assigning a profile to the users and setting the
SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter to 4
D.
By Implementing Fine-Grained Auditing (FGA) and setting the
REMOTE_LOGIN_PASSWORD_FILE parameter to NONE.
E.
By implementing the database resource Manager plan and setting the
SEC_MAX_FAILED_LOGIN_ATTEMPTS parameters to 4.
Explanation:
You can design your applications to automatically grant a role to the user who is
trying to log in, provided the user meets criteria that you specify. To do so, you create a secure
application role,whichis a role that is associated with a PL/SQL procedure (or PL/SQL package
that contains multiple procedures). The procedure validates the user: if the user fails the
validation, then the user cannot log in. If the user passes the validation, then the procedure grants
the user a role so that he or she can use the application. The user has this role only as long as he
or she is logged in to the application. When the user logs out, the role is revoked.
Incorrect:
Not B: REMOTE_OS_AUTHENT specifies whether remote clients will be authenticated with the
value of the OS_AUTHENT_PREFIX parameter.
Not C, not E:SEC_MAX_FAILED_LOGIN_ATTEMPTSspecifies the number of authenticationattempts that can be made by a client on a connection to the server process. After the specified
number of failure attempts, the connection will be automatically dropped by the server process.
Not D: REMOTE_LOGIN_PASSWORDFILE specifies whether Oracle checks for a password file.
Values:
shared
One or more databases can use the password file. The password file can contain SYS as well as
non-SYS users.
exclusive
The password file can be used by only one database. The password file can contain SYS as well
as non-SYS users.
none
Oracle ignores any password file. Therefore, privileged users must be authenticated by the
operating system.
Note:
The REMOTE_OS_AUTHENT parameter is deprecated. It is retained for backward compatibility
only.
Estimates, more than 50% answers are incorrect and do not match, but the questions are almost 100% effective
1z0-060
me fo creating profile!
FAILED_LOGIN_ATTEMPTS in Profile -> Specify the number of failed attempts to log in to the user account before the account is LOCKED.
BUT
SEC_MAX_FAILED_LOGIN_ATTEMPTS specifies the number of authentication attempts that can be made by a client on a connection to the server process. These login attempts can be for multiple user accounts in the same connection. After the specified number of failure attempts, the connection will be automatically DROPPED by the server process.
So C
C – TRUE
SEC_MAX_FAILED_LOGIN_ATTEMPTS specifies the number of authentication attempts that can be made by a client on a connection to the server process. These login attempts can be for multiple user accounts in the same connection. After the specified number of failure attempts, the connection will be automatically dropped by the server process.
http://docs.oracle.com/database/121/REFRN/refrn10274.htm#REFRN10274
C is the right choice.
E TRUE
It Can be accomplished by using profiles too, but “Oracle recommends that you use the Database Resource Manager rather than CREATE PROFILE to establish resource limits. The Database Resource Manager offers a more flexible means of managing and tracking resource use.”
Refer to Oracle® Database SQL Language Reference 12c Release 1 (12.1) E41329-09
E
Resource Manager is not applicable here.
Use the CREATE PROFILE statement to create a profile, which is a set of limits on database resources. If you assign the profile to a user, then that user cannot exceed these limits.
Answer is : C
Should be A.
Why ?
I think C
http://docs.oracle.com/database/121/SQLRF/statements_6012.htm#SQLRF01310
http://docs.oracle.com/cd/B28359_01/server.111/b28320/initparams212.htm
C
Profiles resource parameters:
RESOURCE_NAME RESOURCE_TYPE LIMIT
————————— ————- ————–
COMPOSITE_LIMIT KERNEL UNLIMITED
CONNECT_TIME KERNEL UNLIMITED
CPU_PER_CALL KERNEL UNLIMITED
CPU_PER_SESSION KERNEL UNLIMITED
IDLE_TIME KERNEL UNLIMITED
LOGICAL_READS_PER_CALL KERNEL UNLIMITED
LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
PRIVATE_SGA KERNEL UNLIMITED
SESSIONS_PER_USER KERNEL UNLIMITED
FAILED_LOGIN_ATTEMPTS PASSWORD 10
PASSWORD_GRACE_TIME PASSWORD 7
PASSWORD_LIFE_TIME PASSWORD UNLIMITED
PASSWORD_LOCK_TIME PASSWORD 1
PASSWORD_REUSE_MAX PASSWORD UNLIMITED
PASSWORD_REUSE_TIME PASSWORD UNLIMITED
PASSWORD_VERIFY_FUNCTION PASSWORD NULL
C
Because Resource Manager cannot manage passwords, so E is incorrect
The question is “How would you accomplish these requirements”, did u see “these”???
if C is right,only 1 and 2 maybe good done ,how about 3,4 ?
So,the correct answer ,I think is A !~
Request 1. A connection must be terminated after four unsuccessful login attempts by user.
SEC_MAX_FAILED_LOGIN_ATTEMPTS specifies the number of authentication attempts that can be made by a client on a connection, after the specified number of failure attempts, the connection will be dropped.
FAILED_LOGIN_ATTEMPTS (Profiling) –> Specify the number of consecutive failed attempts to log in to the user account before the account is locked.
C