OCP-1Z0-052-V8.02-34题

34. A user, who is authenticated externally, logs in to a remote machine and connects to the database

instance. What action would you take to ensure that a user cannot connect to the database instance by

merely logging in to a remote machine?

A.Set REMOTE_OS_ROLES to FALSE.

B.Set the OS_ROLES parameter to FALSE.

C.Set the REMOTE_OS_AUTHENT parameter to FALSE.

D.Set the REMOTE_LOGIN_PASSWORD_FILE parameter to NONE.

Answer: C

答案解析：

参考： http://blog.csdn.net/rlhua/article/details/12277557

限制远程数据库验证：默认情况下， REMOTE_OS_AUTHENT参数设置为FALSE。一定不要更改这个设置，除非可确保所有客户机都能适当地验证用户。在引入了安全外部口令存储（在Oracle Database 10g发行版2 中提供）后，允许远程操作系统验证就有了令人信服的理由。

在远程验证过程中：

• 数据库用户通过外部方式来进行验证

• 远程系统验证用户

• 用户登录数据库，不必接受另外的验证

注：如果撤销了一些权限，务必全面测试应用程序。

Initialization Parameter	Default Setting	Description
OS_AUTHENT_PREFIX	OPS$	Specifies a prefix that Oracle Database uses to identify users attempting to connect to the database. Oracle Database concatenates the value of this parameter to the beginning of the user operating system account name and password. When a user attempts a connection request, Oracle Database compares the prefixed username with user names in the database.
REMOTE_LISTENER	No default setting	Specifies a network name that resolves to an address or address list of Oracle Net remote listeners (that is, listeners that are not running on the same computer as this instance). The address or address list is specified in the tnsnames.ora file or other address repository as configured for your system.
REMOTE_OS_AUTHENT	FALSE	Specifies whether remote clients will be authenticated with the value of the OS_AUTHENT_PREFIX parameter.
REMOTE_OS_ROLES	FALSE	Specifies whether operating system roles are allowed for remote clients. The default value, FALSE, causes Oracle Database to identify and manage roles for remote clients.

官方参考： http://docs.oracle.com/cd/E11882_01/server.112/e10575/tdpsg_network_secure.htm#sthref346