Which two statements are true about unified auditing?

Which two statements are true about unified auditing?

Which two statements are true about unified auditing?

A.
A unified audit trail captures audit information from unified audit policies and audit
settings.

B.
Unified auditing is enabled by executing make-fins_rdbms.mk uniaud_onioracle
Oracle_HOME=SOracle_HOME.

C.
Audit records are created for all users except sys.

D.
Audit records are created only for the DML and DDL operations performed on database
objects.

E.
Unified auditing is enabled by setting the audit_trail parameter to db, extended.

F.
A unified audit trail resides in a read-only table in the audsys schema in the system
tablespace.

Show Hint

Leave a Reply 8

Your email address will not be published. Required fields are marked *

Siegfried

Siegfried

A,B
https://docs.oracle.com/database/121/DBSEG/auditing.htm#DBSEG343
In unified auditing, the unified audit trail captures audit information from a variety of sources.
Audit records (including SYS audit records) from unified audit policies and AUDIT settings
Fine-grained audit records from the DBMS_FGA PL/SQL package
Oracle Database Real Application Security audit records
Oracle Recovery Manager audit records
Oracle Database Vault audit records
Oracle Label Security audit records
Oracle Data Mining records
Oracle Data Pump
Oracle SQL*Loader Direct Load

https://docs.oracle.com/database/121/TDPSG/GUID-BF747771-01D1-4BFB-
8489-08988E1181F6.htm#TDPSG55281

Enable the unified auditing executable.
UNIX: Run the following command:
make -f ins_rdbms.mk uniaud_on ioracle ORACLE_HOME=$ORACLE_HOME

https://docs.oracle.com/database/121/DBSEG/auditing.htm#DBSEG1024
The unified audit trail, which resides in a read-only table in the AUDSYS schema in the SYSAUX tablespace

Reply

Tri

Tri

Thanks Siegfried!

Reply

Tri

Tri

B confirm. https://blogs.oracle.com/UPGRADE/entry/unified_auditing_is_it_on

In case you’ll link it into the kernel
cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk uniaud_on ioracle ORACLE_HOME=$ORACLE_HOME

Reply

Tri

Tri

The answers: A,B

C wrong.
The audit records, including records from the SYS audit trail
https://docs.oracle.com/database/121/DBSEG/auditing.htm#DBSEG750

D wrong too.
Unified audit also audit for RMAN and Datapump
http://www.oracle.com/webfolder/technetwork/tutorials/obe/db/12c/r1/security/sec_uni_audit/sec_uni_audit.html

E wrong too.
Unified audit enabled by
“make -f ins_rdbms.mk uniaud_on ioracle ORACLE_HOME=$ORACLE_HOME”

F is also wrong.
Audit restore on sysaux tbs not system tbs.
These records reside in the AUDSYS schema. The audit records are stored in the SYSAUX tablespace by default.

Reply