12C-OCP升级1z-060-007

最新推荐文章于 2021-04-09 01:22:36 发布
最新推荐文章于 2021-04-09 01:22:36 发布
阅读量719 收藏
点赞数
分类专栏: 12C OCP 1Z-060认证考试 文章标签: 12C 1z-060 OCP
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/kiwi_kid/article/details/50894834
版权
Which Oracle Database component is audited by default if the unified Auditing option is
enabled?
A. Oracle Data Pump
B. Oracle Recovery Manager (RMAN)
C. Oracle Label Security
D. Oracle Database Vault
E. Oracle Real Application Security
Answer: B

正确答案解析:
审计(Auditing)
审计功能(Audit)用于监视用户所执行的数据库操作,并且Oracle会将审计跟踪结果存放指定的地方。
统一审计(Unified Auditing)
Oracle Database 12c 推出一套全新的审计架构,称为统一审计功能。统一审计主要利用策略和条件在 Oracle 数据库内部有选择地执行有效的审计。新架构将现有审计跟踪统一为单一审计跟踪,从而简化了管理,提高了数据库生成的审计数据的安全性。
关于统一审计的基础知识,大家可以参考以下Oracle的官方在线文档,在这里仅作简单的介绍。
Database Security Guide
https://docs.oracle.com/database/121/DBSEG/auditing.htm#DBSEG630
初始安装的12c数据库,为了兼容以前的版本默认启用混合模式,即传统审计和统一审计同时有效。你可以通过手动移植到完全的统一审计,也可以使统一审计无效,沿用传统审计。 
你可以通过以下的SQL文,查询统一审计是否有效。TRUE表示完全的统一审计有效。FALSE表示并非是完全的统一审计。 
SQL>SELECT PARAMETER,VALUE FROM V$OPTION WHERE PARAMETER = 'Unified Auditing';
PARAMETER         VALUE
----------------  ----------
Unified Auditing  FALSE

那么我们如何的开启统一审计的模式呢 
SQL> conn /as sysdba
SQL> SHUTDOWN IMMEDIATE
SQL> EXIT
$ lsnrctl stop listener_name
$ cd $ORACLE_HOME/rdbms/lib
$ make -f ins_rdbms.mk uniaud_on ioracle ORACLE_HOME=$ORACLE_HOME
$ lsnrctl start listener_name
11:54:45 sys@prodcdb> col parameter for a30
11:57:30 sys@prodcdb> col VALUE for a30
11:57:41 sys@prodcdb> SELECT PARAMETER,VALUE FROM V$OPTION WHERE PARAMETER = 'Unified Auditing';
PARAMETER                      VALUE
------------------------------ ------------------------------
Unified Auditing               TRUE

同理,你也可以通过以下的方法把数据库统一审计功能关闭掉(UNIX为例)。 
SQL> conn /as sysdba
SQL> SHUTDOWN IMMEDIATE
SQL> EXIT
$ lsnrctl stop listener_name
$ cd $ORACLE_HOME/rdbms/lib
$ make -f ins_rdbms.mk uniaud_off ioracle
$ lsnrctl start listener_name
SQL> conn /as sysdba
SQL> STARTUP

默认有效的审计策略
12c数据库中预先定义了一些审计策略,并且根据版本不同,默认开启的审计策略也略有不同。
我们可以通过audit_unified_enabled_policies视图进行确认默认开启的统一审计的审计策略。


--12.1.0.2的默认审计策略

col USER_NAME for a30
col POLICY_NAME for a30
SQL> select USER_NAME,POLICY_NAME,ENABLED_OPT,SUCCESS,FAILURE from audit_unified_enabled_policies;
USER_NAME                      POLICY_NAME                    ENABLED_ SUC FAI
------------------------------ ------------------------------ -------- --- ---
ALL USERS                      ORA_SECURECONFIG               BY       YES YES
ALL USERS                      ORA_LOGON_FAILURES             BY       NO  YES

由上面的输出结果我们可以看到,不做任何配置的情况下, 
在12.1.0.2数据库的环境中,默认开启了ORA_SECURECONFIG和ORA_LOGON_FAILURES审计策略,数据库会根据这2个审计策略,对相应的操作进行审计。 
而在12.1.0.2数据库中,,ORA_SECURECONFIG审计策略移除了对所有LOGON和LOGOFF的审计,而增加了一个新的审计策略ORA_LOGON_FAILURES,用于仅审计登陆失败的操作。这样更加方管理,也能改善因为大量LOGON和LOGOFF的审计对表空间的浪费。
ORA_SECURECONFIG审计策略的详细可以参考以下官方在线文档,
http://docs.oracle.com/database/121/DBSEG/audit_config.htm#CHDIGFHG
ORA_LOGON_FAILURES审计策略的详细可以参考以下, 
http://docs.oracle.com/database/121/DBSEG/audit_config.htm#DBSEG703

附:无效掉默认的审计策略方法。 
SQL>--12.1.0.2的环境
SQL> noaudit policy ORA_SECURECONFIG;
Noaudit succeeded.
SQL> noaudit policy ORA_LOGON_FAILURES;
Noaudit succeeded.

我们摘取官方文档上的内容: 
CREATE AUDIT POLICY ORA_SECURECONFIG
 PRIVILEGES ALTER ANY TABLE, CREATE ANY TABLE, DROP ANY TABLE,
            CREATE ANY PROCEDURE, DROP ANY PROCEDURE, ALTER ANY PROCEDURE, 
            GRANT ANY PRIVILEGE, GRANT ANY OBJECT PRIVILEGE, GRANT ANY ROLE, 
            AUDIT SYSTEM, CREATE EXTERNAL JOB, CREATE ANY JOB, 
            CREATE ANY LIBRARY, 
            EXEMPT ACCESS POLICY, 
            CREATE USER, DROP USER, 
            ALTER DATABASE, ALTER SYSTEM, 
            CREATE PUBLIC SYNONYM, DROP PUBLIC SYNONYM, 
            CREATE SQL TRANSLATION PROFILE, CREATE ANY SQL TRANSLATION PROFILE, 
            DROP ANY SQL TRANSLATION PROFILE, ALTER ANY SQL TRANSLATION PROFILE, 
            TRANSLATE ANY SQL, 
            EXEMPT REDACTION POLICY,  
            PURGE DBA_RECYCLEBIN, LOGMINING, 
            ADMINISTER KEY MANAGEMENT
 ACTIONS    ALTER USER, CREATE ROLE, ALTER ROLE, DROP ROLE,
            SET ROLE, CREATE PROFILE, ALTER PROFILE, 
            DROP PROFILE, CREATE DATABASE LINK, 
            ALTER DATABASE LINK, DROP DATABASE LINK, 
            CREATE DIRECTORY, DROP DIRECTORY, 
            CREATE PLUGGABLE DATABASE,  
            DROP PLUGGABLE DATABASE, 
            ALTER PLUGGABLE DATABASE, 
            EXECUTE ON DBMS_RLS;

包含了这么多的审计的内容,在当中,我们并没有看到rman相关的内容的审计。这个时候,我们可以手工做下测试,用rman进行下备份恢复的实验
通过查看下面的视图 
select client_program_name,action_name,sql_text,system_privilege_used from UNIFIED_AUDIT_TRAIL order by event_timestamp desc;
CLIENT_PROGRAM_NAME       ACTION_NAME          SQL_TEXT                                 SYSTEM_PRIVILEGE_USED
------------------------- -------------------- ---------------------------------------- ------------------------------
rman@kiwi (TNS V1-V3)     ALTER DATABASE       alter database recover if needed         SYSDBA, ALTER DATABASE
                                                datafile 17
rman@kiwi (TNS V1-V3)     ALTER DATABASE       alter database recover datafile list clear SYSDBA, ALTER DATABASE

其实就是因为rman在本质上还是调用的sql_text的语句,它还是调用了ALTER DATABASE的权限,从而会触发ORA_SECURECONFIG的统一审计
所以正确的答案是:B
bigclouder
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
oracle升级OCP12c考试题库 Oracle-1z0-060
04-21
oracle升级OCP12c考试题库 Oracle-1z0-060,真实有效的,我是把PDF直接转换成doc格式,其覆盖率很过,通过考试没有问题,可以用10g OCP,11g OCP直接升级12c OCP
OCP-V13-060
jiayue's BLOG
09-28 1233
QUESTION 60 For which two situations would you use functionality provided by the Resource Manager? (Choose two.) A. setting idle timeout limits on resource plans B. saving storage space by using co
Oracle OCP 1Z0-060模拟试题库
08-06
Oracle OCP 1Z0-060模拟试题库,包括11g( 1Z0-051, 1Z0-052, 1Z0-053)
OCP Upgrade 1Z0-060 Exam guide 1st Edition
11-08
This guide will get Oracle admins up to date with the latest developments in Oracle 12c. It includes all the necessary information that you need to implement in your existing systems. All of the information in this book has been handpicked to help you study for the Oracle 12c upgrade exam. Each chapter has been written with the objective of helping you pass this exam with ease. Content in this book is aligned with the objectives of the exam, making it really easy to follow the course content. Every example mentioned in this book has been tried and tested in actual environment. Real-world examples will help you learn about new features such as multitenant containers database architecture, managing containers, pluggable databases, database administration enhancements, database auditing, tuning, backup, and flashback enhancements. You will also learn about storage enhancements, security updates, tuning, troubleshooting, and backup enhancements. This book also covers section 2 of the exam course making this book a complete guide for passing OCP 12c upgrade exam 1Z0-060.
oracle database 12c 升級考試1Z0-060
10-24
### Oracle Database 12c升级考试1Z0-060关键知识点解析 #### 考试概述 Oracle Database 12c升级考试1Z0-060是Oracle认证计划的一部分,旨在验证考生对Oracle Database 12c版本新特性的理解和掌握程度。通过此考试...
Oracle 12C OCP最新题库,1Z0-062_166Q / 1Z0-062_362Q / 1Z0-063 / 1Z0-071,含答案解析说明
05-17
1Z0-062:这是Oracle Database 12c Administrator Certified Professional升级考试,主要涵盖Oracle 12C的新特性、安装与配置、性能优化、备份与恢复、安全性以及高可用性等方面的知识。考生需要理解Pluggable ...
12C-OCP升级1z-060-004
kiwi的专栏
03-14 756
Which statement is true about Oracle Net Listener? A. It acts as the listening endpoint for the Oracle database instance for all local and nonlocal user connections. B. A single listener can servic
12C-OCP升级1z-060-012
kiwi的专栏
03-22 1486
What are three purposes of the RMAN “FROM” clause? A. to support PUSH-based active database duplication B. to support synchronization of a standby database with the primary database in a Data env
12C-OCP升级1z-060-011
kiwi的专栏
03-17 885
Which three are true about the large pool for an Oracle database instance that supports shared server connections? A. Allocates memory for RMAN backup and restore operations B. Allocates memory for
【Q&A】12C OCP 1z0-060 RMAN.docx
12-11
对oracle12c 考题进行了简单的中文翻译及答案讲解,有助于想学习oracle的同学借鉴和参考,使得在学习的过程中更加的轻松。
12C-OCP升级1z-060-003
kiwi的专栏
03-14 1084
Which two statements are true about the use of the procedures listed in the v$sysaux_occupants.move_procedure column? A. The procedure may be used for some components to relocate component data to t
12C-OCP升级1z-060-002
kiwi的专栏
03-14 1404
Examine the following commands for redefining a table with Virtual Private Database (VPD) policies: Which two statements are true about redefining the table? A. All the triggers for the table a
12C-OCP升级1z-060-008
kiwi的专栏
03-15 681
Your multitenant container (CDB) containing three pluggable databases (PDBs) is running in ARCHIVELOG mode. You find that the SYSAUX tablespace is corrupted in the root container. The steps to reco
ORACLE-1Z0-060题库(Upgrade to Oracle Database 12c
热门推荐
白非马的博客
12-26 1万+
**Exam 1z0-060 Upgrade to Oracle Database 12c Version: 8.6 [ Total Questions: 150 ] Your multitenant container (CDB) contains two pluggable databases (PDB), HR_PDB and ACCOUNTS_PDB, both of which use ...
Upgrade to OCP 12c 1Z0-060(11-20)
梅森上校的博客 业精于勤荒于嬉,形成于思毁于随。
10-19 679
Upgrade to OCP 12c 1Z0-060(11-20) Question 11: Which three are true about the large pool for an Oracle database instance that supports shared server connections? A. Allocates memory for RMAN backup ...
QUESTION 7 Oracle Database 12c 统一审计功能
jisen_huang的专栏
02-01 165
QUESTION 7 Which Oracle Database component is audited by default if the unified Auditing option is enabled? A. Oracle Data Pump B. Oracle Recovery Manager (RMAN) C. Oracle Label Security D. Oracle Database Vault E. Oracle Real Application Security Correct
oracle12c审计功能,oracle 12c开启关闭统一审计
weixin_32281549的博客
04-09 957
--------------------开启统一审计-------------------------------------------SQL> conn /as sysdbaSQL> shutdown immediateSQL> exit$ lsnrctl stop$ cd $ORACLE_HOME/rdbms/lib$ make -f ins_rdbms.mk uniaud...
oracle11g OCP 认证 1Z0-053考试笔记4
wlbzy的专栏
11-24 8948
302.You issue the following command: RMAN>CONFIGURE BACKUP OPTIMIZATION ON; What is the result of this command on your backups? B. Read-only datafiles will not be backed up as long as backups o
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值