You want to apply the principle of Least Privilege in all your live databases.
One of your requirements is to revoke unnecessary privileges from all users who have them using Privilege Analysis.
Which three types of analyses can be done using the DBMS_PRIVILEGE_CAPTURE package? (Choose three.)
The DBMS_PRIVILEGE_CAPTURE package allows for the analysis of all privileges used by all users, excluding only the SYS user, so it includes administrative users. It also allows for the analysis of privileges granted directly to a role that are then used by a user granted that role. Additionally, it can analyze privileges granted indirectly to a role used by a user granted that role.
i would say B, E , F are correct!
i agree
I agree also http://dbaparadise.com/2019/02/7-steps-to-setup-privilege-analysis/
b is wrong only SYS!!!!!!
A - E - F CORRECT!!!! A - Right - We can analyze the administrative user, the oracle just excludes the SYS user B - Wrong, oracle does not delete administrative user, like question A, only SYS user C - Wrong - We cannot analyze the permission of the scheme itself D - Wrong - We cannot analyze the privilege of our schema E - Right - we can analyze the permission that was given directly. F - Right - we can analyze the permission that was given indirectly.
we can analyze all users except SYS, i dunno but answer B saying all users except administrative Users! You cannot analyze the privileges of the SYS user. https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/performing-privilege-analysis-find-privilege-use.html#GUID-AD683DDB-D345-4702-B1F4-37B79F276B66
administrative users - SYS, SYSTEM. DBMS_PRIVILEGE_CAPTURE Analyzes all privilege use, except privileges used by the SYS (ONLY SYS!!!!!) DEF sounds right
DEF sounds right also for me. A and B: are false for administrative users. C: is false cause this procedure doesn't analyze privileges not used. D: is true cause you can set the type as G_DATABASE --> : "Captures all privilege use in the database, except privileges used by the SYS user." So including privileges in own schema. E and F are true cause it analyzes privileges directly and indirectly https://docs.oracle.com/en/database/oracle/oracle-database/21/arpls/DBMS_PRIVILEGE_CAPTURE.html#GUID-8E855D12-AF7B-4995-878B-B954FA92FF08
You are wrong bout the user SYSTEM, we can't analyze only the user SYS SQL> BEGIN DBMS_PRIVILEGE_CAPTURE.CREATE_CAPTURE( name => 'validando_permissao', description => 'Analyzes system privilege use', type => DBMS_PRIVILEGE_CAPTURE.G_CONTEXT, condition => 'SYS_CONTEXT(''USERENV'', ''SESSION_USER'')=''system'''); END; / 2 3 4 5 6 7 8 9 10 11 12 13 PL/SQL procedure successfully completed.
The option B seems to be more close. The answer is given in the same link. Analyzes all privilege use, except privileges used by the SYS user. So the options which are correct seems to be B C F.
https://www.databasejournal.com/oracle/oracle-database-12c-new-privilege-management-features/
Provided answer are wrong. C, D, and F the correct answer, everything described here: https://docs.oracle.com/en/database/oracle/oracle-database/19/arpls/DBMS_PRIVILEGE_CAPTURE.html
A C E is the correct answer
sorry BEF is definitely correct
the correct answer is AEF
DEF - i think Database privilege analysis enables you to create a policy that records the usage of system and object privileges that have been granted to users. You then can determine the privileges that your users are using and not using. From there, you can revoke any unused privileges, thereby reducing the number of excess privilege grants for users. C- you can analize only used privileges, but then determine the unsued privileges F - When using role-based analysis for the CREATE_CAPTURE procedure, privilege use is analyzed even if the privilege is indirectly granted to the specified role.
a tip, this procedure analized if you had used a privilege not is you have.. "You then can determine the privileges that your users are using and not using." what do you think?
133.1 DBMS_PRIVILEGE_CAPTURE Overview Database privilege analysis enables you to create a policy that records the usage of system and object privileges that have been granted to users. You then can determine the privileges that your users are using and not using. From there, you can revoke any unused privileges, thereby reducing the number of excess privilege grants for users.
SYS, SYSTEM, SYSBACKUP, SYSDG, SYSKM, SYSRAC, SYSMAN, and DBSNMP are administrative users as reported in 19c Database Administrator’s Guide, Par. 7.5 (Predefined User Accounts): Furthermore (19c Database PL/SQL Packages and Types Reference) given that DBMS_PRIVILEGE_CAPTURE.CREATE_CAPTURE "Analyzes all privilege use, except privileges used by the SYS user.", it follows that A cannot be right since SYS is included in "administrative users" The DBMS_PRIVILEGE_CAPTURE works on database, role and context level. Therefore B is right and C, D are not. E, F are right as "When using role-based analysis for the CREATE_CAPTURE procedure, privilege use is analyzed even if the privilege is indirectly granted to the specified role."
A. analysis of all privileges used by all users including administrative users in the database --> False, SYS is excluded B. analysis of all privileges used by all users but excluding administrative users in the database -->False, SYSTEM is included. C. analysis of privileges that a user has on their own schema objects that they did not use D. analysis of privileges that a user has on their own schema objects that they did use E. analysis of privileges granted directly to a role that are then used by a user who has been granted that role F. analysis of privileges granted indirectly to a role that are then used by a user who has been granted that role
F a TRUE
I would say C, D, and F ; but D makes no sense, but it's possible to do (as the question is asking).
D makes sense! :-) https://docs.oracle.com/en/database/oracle/oracle-database/19/arpls/DBMS_PRIVILEGE_CAPTURE.html 131.1 DBMS_PRIVILEGE_CAPTURE Overview Database privilege analysis enables you to create a policy that records the usage of system and object privileges that have been granted to users. You then can determine the privileges that your users are using and not using. From there, you can revoke any unused privileges, thereby reducing the number of excess privilege grants for users.
F confirmed by this: Usage Notes When using role-based analysis for the CREATE_CAPTURE procedure, privilege use is analyzed even if the privilege is indirectly granted to the specified role. For example, say role R2 contains role R1, and R1 contains privilege P1. If the privilege policy includes only role R2, any use of the P1 privilege is still analyzed, as privilege P1 is an indirect part of role R2.
A says: " including administrative users". The definition of administrative users is here: https://docs.oracle.com/database/121/ADMQS/GUID-CF1CD853-AF15-41EC-BC80-61918C73FDB5.htm#ADMQS12003 So as SYS is excluded from the analysis, I can say A is wrong.
A. An undo segment may be used by multiple transactions simultaneously - True B. Undo segments can wrap around to the first extent when a transaction fills the last extent of the undo segment - True (undo segment act as a circular buffer) C. Undo segments have a minimum of three extents - False (each segment has a minimum of two extents) D. Undo segments can extend when a transaction fills the last extent of the undo segment - True (Undo tablespace are locally managed with auto extent allocation ) E. A single transaction may use multiple undo segments simultaneously - False F. Undo segments must be stored in a BIGFILE tablespace - False G. Undo segments must be stored in a SMALLFILE tablespace - False (DBCA automatically creates a smallfile undo tablespece, but it can be configured as bigfile table space as well) So correct answers are: A, B, D
HOLD UP!
Anybody have answer for this question after exam?
C, D are wrong! Privileges in own Schema can not be analyzed!