Identify three benefits of Unified Auditing.
A.
Decreased use of storage to store audit trail rows in the database.
B.
It improves overall auditing performance.
C.
It guarantees zero-loss auditing.
D.
The audit trail cannot be easily modified because it is read-only.
E.
It automatically audits Recovery Manager (RMAN) events.
Explanation:
A: Starting with 12c, Oracle has unified all of the auditing types into one single unitcalled Unified auditing. You don’t have to turn on or off all of the different auidting types
individually and as a matter of fact auditing is enabled by default right out of the box. The AUD$
and FGA$ tables have been replaced with one single audit trail table. All of the audit data is now
stored in Secure Files table thus improving the overall management aspects of audit data itself.
B: Further the audit data can also be buffered solving most of the common performance related
problems seen on busy environments.
E: Unified Auditing is able to collect audit data for Fine Grained Audit, RMAN, Data Pump, Label
Security, Database Vault and Real Application Security operations.
Note:
* Benefits of the Unified Audit Trail
The benefits of a unified audit trail are many:
/ (B) Overall auditing performance is greatly improved. The default mode that unified audit works is
Queued Write mode. In this mode, the audit records are batched in SGA queue and is persisted in
a periodic way. Because the audit records are written to SGA queue, there is a significant
performance improvement.
/ The unified auditing functionality is always enabled and does not depend on the initialization
parameters that were used in previous releases
/ (A) The audit records, including records from the SYS audit trail, for all the audited components
of your Oracle Database installation are placed in one location and in one format, rather than your
having to look in different places to find audit trails in varying formats. This consolidated view
enables auditors to co-relate audit information from different components. For example, if an error
occurred during an INSERT statement, standard auditing can indicate the error number and the
SQL that was executed. Oracle Database Vault-specific information can indicate whether this error
happened because of a command rule violation or realm violation. Note that there will be two audit
records with a distinct AUDIT_TYPE. With this unification in place, SYS audit records appear with
AUDIT_TYPE set to Standard Audit.
/ The management and security of the audit trail is also improved by having it in single audit trail.
/ You can create named audit policies that enable you to audit the supported components listed at
the beginning of this section, as well as SYS administrative users. Furthermore, you can build
conditions and exclusions into your policies.
* Oracle Database 12c Unified Auditing enables selective and effective auditing inside the Oracledatabase using policies and conditions. The new policy based syntax simplifies management of
auditing within the database and provides the ability to accelerate auditing based on conditions.
* The new architecture unifies the existing audit trails into a single audit trail, enabling simplified
management and increasing the security of audit data generated by the database.
B, D and E.
B,D,E
other info https://blogs.oracle.com/imc/entry/oracle_database_12c_new_unified
ABE
It should be BDE.
yeas BDE is the right answer
I think ABE, not D because it can’t be modified because it s read-only. if it is “not easily” modified then it can be modified (cleaned up) which is pretty easy using the built-on packages.
BDE is final answer.
BDE
ABE
BDE is correct.
B.Overall auditing performance is greatly improved
D. The unified audit trail, which resides in a read-only table in the AUDSYS schema in the SYSAUX
E.
BDE
D is wrong?
A:
modifiable -> NO
http://docs.oracle.com/cd/E11882_01/server.112/e40402/initparams017.htm#REFRN10006
B:
https://docs.oracle.com/database/121/DBSEG/auditing.htm#DBSEG1024
Overall auditing performance is greatly improved
E:
http://www.oracle.com/webfolder/technetwork/tutorials/obe/db/12c/r1/security/sec_uni_audit/sec_uni_audit.html
You want to audit Recovery Manager backup, restore and recover operations.You do not have to create any audit policy for RMAN operations. RMAN is audited by default.
Backup any of the tablespaces of the database.
A:
modifiable -> NO
http://docs.oracle.com/cd/E11882_01/server.112/e40402/initparams017.htm#REFRN10006
B:
https://docs.oracle.com/database/121/DBSEG/auditing.htm#DBSEG1024
Overall auditing performance is greatly improved
E:
http://www.oracle.com/webfolder/technetwork/tutorials/obe/db/12c/r1/security/sec_uni_audit/sec_uni_audit.html
You want to audit Recovery Manager backup, restore and recover operations.You do not have to create any audit policy for RMAN operations. RMAN is audited by default.
Backup any of the tablespaces of the database.
https://docs.oracle.com/database/121/DBSEG/guidelines.htm#DBSEG90008
https://blogs.oracle.com/imc/entry/oracle_database_12c_new_unified
My answer is: ABE
B, D, E