You are administering a database and you receive a requirement to apply the following
restrictions:
1. A connection must be terminated after four unsuccessful login attempts by user.
2. A user should not be able to create more than four simultaneous sessions.
3. User session must be terminated after 15 minutes of inactivity.
4. Users must be prompted to change their passwords every 15 days.
How would you accomplish these requirements?
A.
by granting a secure application role to the users
B.
by creating and assigning a profile to the users and setting the REMOTE_OS_AUTHENT
parameter to FALSE
C.
By creating and assigning a profile to the users and setting the
SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter to 4
D.
By Implementing Fine-Grained Auditing (FGA) and setting the
REMOTE_LOGIN_PASSWORD_FILE parameter to NONE.
E.
By implementing the database resource Manager plan and setting the
SEC_MAX_FAILED_LOGIN_ATTEMPTS parameters to 4.
Explanation:
You can design your applications to automatically grant a role to the user who is
trying to log in, provided the user meets criteria that you specify. To do so, you create a secure
application role, which is a role that is associated with a PL/SQL procedure (or PL/SQL package
that contains multiple procedures). The procedure validates the user: if the user fails the
validation, then the user cannot log in. If the user passes the validation, then the procedure grants
the user a role so that he or she can use the application. The user has this role only as long as he
or she is logged in to the application. When the user logs out, the role is revoked.
Incorrect:
Not B: REMOTE_OS_AUTHENT specifies whether remote clients will be authenticated with the
value of the OS_AUTHENT_PREFIX parameter.
Not C, not E: SEC_MAX_FAILED_LOGIN_ATTEMPTS specifies the number of authentication
attempts that can be made by a client on a connection to the server process. After the specified
number of failure attempts, the connection will be automatically dropped by the server process.
Not D: REMOTE_LOGIN_PASSWORDFILE specifies whether Oracle checks for a password file.
Values:
shared
One or more databases can use the password file. The password file can contain SYS as well as
non-SYS users.
exclusive
The password file can be used by only one database. The password file can contain SYS as well
as non-SYS users.none
Oracle ignores any password file. Therefore, privileged users must be authenticated by the
operating system.
Note:
The REMOTE_OS_AUTHENT parameter is deprecated. It is retained for backward compatibility
only.
C
C
C is only correct for condition 1. What about the other conditions?
The Answer about using a profile and all the necessary limit is missing.
C
C
http://docs.oracle.com/cd/B19306_01/server.102/b14200/statements_6010.htm
1. SEC_MAX_FAILED_LOGIN_ATTEMPTS specifies the number of authentication attempts that can be made by a client on a connection to the server process. After the specified number of failure attempts, the connection will be automatically dropped by the server process.
2. SESSIONS_PER_USER
Specify the number of concurrent sessions to which you want to limit the user.
3. IDLE_TIME
Specify the permitted periods of continuous inactive time during a session, expressed in minutes. Long-running queries and other operations are not subject to this limit.
4. PASSWORD_LIFE_TIME
Specify the number of days the same password can be used for authentication. If you also set a value for PASSWORD_GRACE_TIME, the password expires if it is not changed within the grace period, and further connections are rejected. If you do not set a value for PASSWORD_GRACE_TIME, its default of UNLIMITED will cause the database to issue a warning but let the user continue to connect indefinitely.