Which three are true? (Choose three.)
Which three are true? (Choose three.)
Application-common TSDP policies are always container specific, meaning they are defined and effective only within the specific application root container and not propagated to other PDBs. Application-common Oracle Label Security (OLS) policies cannot be created in an application root outside an install/patch BEGIN-END block, reinforcing the restriction on where and when these policies can be defined. Unified auditing can be automatically synchronized to all application PDBs in an application container, ensuring a consistent auditing framework across the container.
Agree with BDG
isn't D and F talking about the same thing? D. Application-common Oracle Label Security (OLS) policies cannot be created in an application root outside an install/patch BEGIN-END block. F. Application-common Oracle Label Security (OLS) policies can be created in an application root inside an install/patch BEGIN-END block.
ABC Correct A - When you install an application in the application root, all the common Virtual Private Database policies that protect the common objects will be applied to and immediately enforced for all PDBs in the application container. B - In a multitenant environment, you can apply TSDP policies to the current PDB or current application PDB only. C - By DBMS_TSDP_PROTECT.ADD_POLICY D/F Incorrect - You cannot create Oracle Label Security policies in the CDB root or the application root. E- Incorrect - When you create a fine-grained audit policy in the CDB root, the policy cannot be applied to all PDBs. G- Incorrect - you can create unified audit policies for individual PDBs and in the root.
I think C is False: "When you create scripts for application install, upgrade, patch, or uninstall operations, you can include SQL statements within the ALTER PLUGGABLE DATABASE app_name BEGIN INSTALL and ALTER PLUGGABLE DATABASE app_name END INSTALL blocks to perform various operations. If you include TSDP statements within these blocks, then the TSDP statements will fail. You can, however, include TSDP statements outside these blocks in the script" (https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/using-transparent-sensitive-data-protection.html#GUID-0AC97E6B-9B00-4D20-8F26-8B23896DDD3C)
A - will correct if 'on common objects' instead of 'on objects'!!
DBG are correct ones
A: false VPD policies on COMMON object are automatically... (COMMON not all type of objects) B: false can be created on pdb or on root container C: false inside BEGIN-END give an ERROR D: true it can't be created in application root (with or without BEGIN/END block) E: true yes if it's created inside BEGIN/END block F: false it can't be creted in application root G: true
I read again and I think BDG -> B is true because container specific means it has a local scope (PDB or APPCDB or CDB). I exclude E because It's not automatic but sync command is needed
i agree BDG
I think ABG
I took the exam yesterday, i confirm that B and G are correct. A seems correct, but the question in exam was choose 2 answers only (and A was not there).
BDG B - That is, the policy is effective only in the application root container. https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/using-transparent-sensitive-data-protection.html#GUID-0AC97E6B-9B00-4D20-8F26-8B23896DDD3C:~:text=A%20TSDP%20policy%20that%20is%20defined%20in%20the%20application%20root%20container%20behaves%20as%20if%20it%20is%20a%20local%20policy%20to%20the%20application%20root.%20That%20is%2C%20the%20policy%20is%20effective%20only%20in%20the%20application%20root%20container. D - You cannot create Oracle Label Security policies in the CDB root or the application root. https://docs.oracle.com/en/database/oracle/oracle-database/12.2/olsag/introduction-to-oracle-label-security.html#GUID-405CF532-F1E1-43F5-8E02-78E7927B2A6D:~:text=You%20cannot%20create%20Oracle%20Label%20Security%20policies%20in%20the%20CDB%20root%20or%20the%20application%20root.
DEG for me
BFG? A - False. VPD enforce row-level security, and are specific to individual PDB unless it's applied to a common object. B - True. All TSDP are container specific. C - False. TSDP can be create inside or outside an application install/patch BEGIN-END block. D - False. OLS policies can be create inside or outside an application install/patch BEGIN-END block. E - False. FGA policies are defined at individual object level. F - True. OLS policies can be create inside or outside an application install/patch BEGIN-END block. G - True. Unified auditing is a centralized auditing feature, captures and records audit trails across all PDBs.
I think ABG is the correct answer: A is true when it involves a common vpd policy: https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/using-oracle-vpd-to-control-data-access.html#GUID-E6343F14-933E-4980-A67A-D5AAEC5743C5 C is false: https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/using-transparent-sensitive-data-protection.html#GUID-0AC97E6B-9B00-4D20-8F26-8B23896DDD3C D and F are false as you cannot define common ols-policies; OLS policies can only be defined on a per-pdb basis. A further restriction is that an OLS policy cannot be defned in the CDB root nor in the application root. G is true if common application objects: https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/configuring-audit-policies.html#GUID-E02D0A5B-6591-4CD1-AF2B-29B0850BB6CB E is false because fga policies only apply to an individual pdb. https://docs.oracle.com/en/database/oracle/oracle-database/18/multi/managing-security-for-a-multitenant-environment.html#GUID-6F15B297-08C6-4904-938D-3DAA429E14B0
ABE Invalid: CDFG
Does this answer correct? I would thinking about ADG... Any comment?
I think BDG -> A is incorrect because (VPD) policies on objects in an application root not are automatically synchronized B -> correct because TSPD operations are container-specific