You are administering a database and you receive a requirement to apply the following restrictions:
1. A connection must be terminated after four unsuccessful login attempts by user.
2. A user should not be able to create more than four simultaneous sessions.
3. User session must be terminated after 15 minutes of inactivity.
4. Users must be prompted to change their passwords every 15 days.
How would you accomplish these requirements?
A.
by granting a secure application role to the users
B.
by creating and assigning a profile to the users and setting the REMOTE_OS_AUTHENT parameter to
FALSE
C.
By creating and assigning a profile to the users and setting the SEC_MAX_FAILED_LOGIN_ATTEMPTS
parameter to 4
D.
By Implementing Fine-Grained Auditing (FGA) and setting the REMOTE_LOGIN_PASSWORD_FILEparameter to NONE.
E.
By implementing the database resource Manager plan and setting the
SEC_MAX_FAILED_LOGIN_ATTEMPTS parameters to 4.
Explanation:
You can design your applications to automatically grant a role to the user who is trying to log in, provided the
user meets criteria that you specify. To do so, you create a secure application role, which is a role that is
associated with a PL/SQL procedure (or PL/SQL package that contains multiple procedures). The procedure
validates the user: if the user fails the validation, then the user cannot log in. If the user passes the validation,
then the procedure grants the user a role so that he or she can use the application. The user has this role only
as long as he or she is logged in to the application. When the user logs out, the role is revoked.
Incorrect:
Not B: REMOTE_OS_AUTHENT specifies whether remote clients will be authenticated with the value of the
OS_AUTHENT_PREFIX parameter.
Not C, not E: SEC_MAX_FAILED_LOGIN_ATTEMPTS specifies the number of authentication attempts that
can be made by a client on a connection to the server process. After the specified number of failure attempts,
the connection will be automatically dropped by the server process.
Not D: REMOTE_LOGIN_PASSWORDFILE specifies whether Oracle checks for a password file.
Values:
shared
One or more databases can use the password file. The password file can contain SYS as well as non-SYS
users.
exclusive
The password file can be used by only one database. The password file can contain SYS as well as non-SYS
users.
none
Oracle ignores any password file. Therefore, privileged users must be authenticated by the operating system.
Note:
The REMOTE_OS_AUTHENT parameter is deprecated. It is retained for backward compatibility only.
C