How would you accomplish the above?

In your database instance, the user sessions are connected to the database server from the remote
machines. You want to achieve the following for these users:
1. The user account must be locked after four unsuccessful login attempts.
2. The user must be prompted to change the password at regular intervals.
3. The user may not have more than three simultaneous sessions.
4. The user session must automatically be logged off if more than 10 minutes elapsed time used.
How would you accomplish the above?

In your database instance, the user sessions are connected to the database server from the remote
machines. You want to achieve the following for these users:
1. The user account must be locked after four unsuccessful login attempts.
2. The user must be prompted to change the password at regular intervals.
3. The user may not have more than three simultaneous sessions.
4. The user session must automatically be logged off if more than 10 minutes elapsed time used.
How would you accomplish the above?

A.
By assigning profiles for the users

B.
By implementing Fine-Grained Auditing (FGA)

C.
By granting a secure application role to the users

D.
By implementing the Database Resource Manager plan

Show Hint

Leave a Reply 4

Your email address will not be published. Required fields are marked *

jean

jean

default profile configuration file.
sys @ TEST0924> select * from dba_profiles where profile = ‘DEFAULT’;
PROFILE RESOURCE_NAME RESOURCE LIMIT
—————————— ——————– ———— ——– —————————— ———-
DEFAULT COMPOSITE_LIMIT KERNEL UNLIMITED
DEFAULT SESSIONS_PER_USER KERNEL UNLIMITED
DEFAULT CPU_PER_SESSION KERNEL UNLIMITED
DEFAULT CPU_PER_CALL KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_SESSION KERNEL UNLIMITED
DEFAULT LOGICAL_READS_PER_CALL KERNEL UNLIMITED
DEFAULT IDLE_TIME KERNEL UNLIMITED
DEFAULT CONNECT_TIME KERNEL UNLIMITED
DEFAULT PRIVATE_SGA KERNEL UNLIMITED
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 10
DEFAULT PASSWORD_LIFE_TIME PASSWORD 180
DEFAULT PASSWORD_REUSE_TIME PASSWORD UNLIMITED
DEFAULT PASSWORD_REUSE_MAX PASSWORD UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD NULL
DEFAULT PASSWORD_LOCK_TIME PASSWORD 1
DEFAULT PASSWORD_GRACE_TIME PASSWORD 7
16 rows selected.

Reply

rosh

rosh

Create a profile to enforce password security.
Also will set the default profile configuration file.

Reply

rosh

rosh

Secure Application Roles
After database access privileges are grouped into roles, the roles are granted to the application user. Securing these roles can be accomplished in two ways:

Embedding passwords inside the applications by creating what are called application roles

Creating application roles and specifying which PL/SQL package is authorized to enable the roles, which are called secure application roles

Within the package that implements the secure application role:

The application must do the necessary validation. For example, the application must validate that the user is in a particular department, the user session was created by proxy, the request comes from a particular IP address, or that the user was authenticated using an X.509 certificate. To perform the validation, applications can use session information accessible by using the SYS_CONTEXT SQL function with the USERENV namespace attributes (‘userenv’, ). The information returned by this function can indicate the way in which the user was authenticated, the IP address of the client, and whether the user was proxi

Reply

rosh

rosh

Fine grained audit policies can be used to create audit records when a table is accessed during specific periods or specific columns are accessed.

Reply