LDAP_DIRECTORY_SYSAUTH is set to YES.
Users requiring DBAs access have been granted the sysdba enterprise role in Oracle
Internet Directory(OID).
SSL has been configure for the database and OLD and the password file has been
configured for the database.
User scott with sysdba privilege tries to connect remotely using this command:
$sqlplusscott/tiger@DB0l As sysdba where DB01 is the net service name.
Which authentication method will be attempted first?
A.
authentication by password file
B.
authentication by using certificates over SSL
C.
authentication by using the Oracle Internet Directory
D.
authentication by using the local OS of the database server
A is correct
Read last paragraph
About Strong Authentication for Database Administrators
Strong authentication lets you centrally control SYSDBA and SYSOPER access to multiple databases.
Consider using this type of authentication for database administration for the following situations:
You have concerns about password file vulnerability.
Your site has very strict security requirements.
You want to separate the identity management from your database. By using a directory server such as Oracle Internet Directory (OID), for example, you can maintain, secure, and administer that server separately.
To enable the Oracle Internet Directory server to authorize SYSDBA and SYSOPER connections, use one of the following methods described in this section, depending on your environment.
Configuring Directory Authentication for Administrative Users
You can use Oracle Internet Directory to configure directory authentication for administrative users.
Configure the administrative user by using the same procedures you would use to configure a typical user.
In Oracle Internet Directory, grant the SYSDBA or SYSOPER administrative privilege to the user for the database that this user will administer.
Grant SYSDBA or SYSOPER only to trusted users. See “Guidelines for Securing User Accounts and Privileges” for advice on this topic.
Set the LDAP_DIRECTORY_SYSAUTH initialization parameter to YES:
ALTER SYSTEM SET LDAP_DIRECTORY_SYSAUTH = YES;
When set to YES, the LDAP_DIRECTORY_SYSAUTH parameter enables SYSDBA and SYSOPER users to authenticate to the database by using a strong authentication method.
See Oracle Database Reference for more information about LDAP_DIRECTORY_SYSAUTH.
Set the LDAP_DIRECTORY_ACCESS parameter to either PASSWORD or SSL. For example:
ALTER SYSTEM SET LDAP_DIRECTORY_ACCESS = PASSWORD;
Ensure that the LDAP_DIRECTORY_ACCESS initialization parameter is not set to NONE. Setting this parameter to PASSWORD or SSL ensures that users can be authenticated using the SYSDBA or SYSOPER administrative privileges through Oracle Internet Directory. See Oracle Database Reference for more information about LDAP_DIRECTORY_ACCESS.
Afterward, this user can log in by including the net service name in the CONNECT statement in SQL*Plus. For example, to log on as SYSDBA if the net service name is orcl:
CONNECT SOMEUSER@ORCL AS SYSDBA
Enter password: password
If the database is configured to use a password file for remote authentication, Oracle Database checks the password file first.
Thanks Vonpire!
A. Thanks Vonpire
http://docs.oracle.com/cd/E25054_01/network.1111/e16543/authentication.htm
If the database is configured to use a password file for remote authentication, Oracle Database checks the password file first.
A
C
To enable the Oracle Internet Directory server to authorize SYSDBA and SYSOPER connections, use one of the following methods, depending on your environment:
Configuring Directory Authentication for Administrative Users
Configuring Kerberos Authentication for Administrative Users
Configuring Secure Sockets Layer Authentication for Administrative Users
should be A
If the database is configured to use a password file for remote authentication, Oracle Database checks the password file first.
A