Which four account management capabilities can be configured using Oracle profiles? (Choose four.)
Which four account management capabilities can be configured using Oracle profiles? (Choose four.)
Oracle profiles allow administrators to control various aspects of user account management that enhance security and resource usage. One capability is setting the number of hours or fractions of a day for which an account is locked after a configured number of login attempts has been reached. This can be specified using the PASSWORD_LOCK_TIME parameter, even though it accepts values in days, fractions of a day can be used to represent hours. Second, the INACTIVE_ACCOUNT_TIME profile parameter allows setting the number of days an account may be inactive before it is locked. Third, Oracle accounts can be configured to avoid ever reusing a password if PASSWORD_REUSE_MAX is set to a value and PASSWORD_REUSE_TIME is set to UNLIMITED. Fourth, Oracle uses the PASSWORD_LOCK_TIME parameter to define the number of days for which an account is locked after reaching the specified number of failed login attempts.
Correct Answer: ABEF Wrong Answer: CDG A: 1/24 is one hour, 1/96 is 15 minutes B: INACTIVE_ACCOUNT_TIME C: the account will not be locked, it can not exceed this limit D: not possible so far E: PASSWORD_REUSE_MAX - defines the number of changes required before a password can be reused PASSWORD_REUSE_TIME - Sets the number of days before which a password cannot be reused. F: PASSWORD_LOCK_TIME G: the account will not be locked, it can not exceed this limit
i agree
E is a trap PASSWORD_REUSE_MAX defines the number of changed needed. But it doesn't need to be within some kind of period. I commented other details
A D E F A. the number of hours for which an account is locked after the configured number of login attempts has been reached -- [it accepts in days,you can enter fraction of days to achieve hours]. B. the number of days for which an account may be inactive before it is locked [Inactive is not a state for an account] C. the maximum amount of CPU time allowed for a user's sessions before their account is locked [account never get locked in such settings] D. the ability to prevent a password from ever being reused [PASSWORD_REUSE_MAX] E. the number of password changes required within a period of time before a password can be reused [PASSWORD_REUSE_TIME] F. the number of days for which an account is locked after the configured number of login attempts has been reached [PASSWORD_LOCK_TIME] G. the maximum number of sessions permitted for a user before the account is locked [account never get locked in such settings]
This time i have to give you right ! LOL Thx
B D E F because to lock an account after a configured number of login attempts is reached, the value is set in days, not hours. So A is wrong
Not D, but B. D - PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME cannot avoid to EVER reuse a password. You can set a max number of passwords and days before you can reuse a password, but not forever. B - Since 12.2 theres a new parameter The INACTIVE_ACCOUNT_TIME profile parameter locks a user account that has not logged in to the database instance in a specified number of days. Users are considered active users if they log in periodically. The INACTIVE_ACCOUNT_TIME timing is based on the number of days after the last time a user successfully logs in. Ref https://docs.oracle.com/en/database/oracle/oracle-database/12.2/dbseg/configuring-authentication.html#GUID-ED98E6DA-A30C-4052-A343-B516CD641737
But for D, there is this, speaking about PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME: "If you specify a value for either of these parameters and specify UNLIMITED for the other, then the user can never reuse a password." source: https://docs.oracle.com/database/121/SQLRF/statements_6012.htm#SQLRF01310
I would say instead that E is wrong, since it doesn't define "the number of password changes required within a period of time" but the time that has to pass before reusing the same password. For this and what you all said before, I would go with A-B-D-F
I agree with your analyse? E cannot be true. And D is in the documentation so A B D F
This is the most CORRECT one.
If you specify a value for either of these parameters and specify UNLIMITED for the other, then the user can never reuse a password. https://docs.oracle.com/en/database/oracle/oracle-database/19/sqlrf/CREATE-PROFILE.html#GUID-ABC7AE4D-64A8-4EA9-857D-BEF7300B64C3
B, it's true: INACTIVE_ACCOUNT_TIME Specify the permitted number of consecutive days of no logins to the user account, after which the account will be locked. The minimum value is 15 days. The maximum value is 24855. If you omit this clause, then the default is UNLIMITED. https://docs.oracle.com/en/database/oracle/oracle-database/19/sqlrf/CREATE-PROFILE.html#GUID-ABC7AE4D-64A8-4EA9-857D-BEF7300B64C3
D is wrong. Oracle Doc says PASSWORD_REUSE_MAX specifies the number of password changes required before the current password can be reused. It means that we can reuse it after specified number of changes. This never prevents it completely from reusing it. Right answer is ABEF.
A B D F A : PASSWORD_LOCK_TIME B : INACTIVE_ACCOUNT_TIME C : false D : PASSWORD_REUSE_MAX = UNLIMITED E : ? 'within a period of time'? F : PASSWORD_LOCK_TIME G : false
A - TRUE; PASSWORD_LOCK_TIME 3/24 = 3 hours B - TRUE; INACTIVE_ACCOUNT_TIME C - FALSE; RESOURCE=KERNEL, RESOURCE_NAME=CPU_PER_SESSION or CPU_PER_CALL allows to set limit of CPU usage, but user account is not locked when limit is reached D - TRUE; PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX, If you specify a value for either of these parameters and specify UNLIMITED for the other, then the user can never reuse a password. E - TRUE; same parameters as those mentioned in D F - FALSE; PASSWORD_LOCK_TIME ... see A ... this parameter is related to FAILED login attempts, not to all login attempts G - FALSE; SESSIONS_PER_USER, if limit is reached by a user, the user is not locked, but prevented to establish a new connection.
A and F the same : number of login attempts has been reached
So, From your view : if A frue => F tru if A false => F false
the answer is BDEF
I choose BDEF
i choose BDEF
Firstly, I have an issue with the answers, there are 5 correct ones and not 4. A is correct. The time interval is not important here, but you can lock an account for a specified time when this threshold has been reached (failed_login_attempts & password_lock_time). B is correct. Can be set with the incative_account_time of the profile. C is wrong. When the CPU limit has been reached the account is not locked, but rather the session receives either an ORA-02392 or an ORA-02393 errors. D is correct. This can be done by setting a value for either password_reuse_time or password_reuse_max and unlimited for the other, then a user can never reuse a password. E is correct. Again we use the password_reuse_time and password_reuse_max parameters (must be used together to have any effect). F is correct. It's essentially the same answer as option A, the only difference being the time interval. G is wrong. Accounts are not locked when this threshold is reached, additional sessions are simply denied with error ORA-00018.
I agree with your answers, except of F. Answer F is IMHO wrong, because it mentions all login attempts, not failed login attempts. "number of login attempts"
B, D, F is true, E is false https://docs.oracle.com/en/database/oracle/oracle-database/12.2/dbseg/configuring-authentication.html#GUID-ED98E6DA-A30C-4052-A343-B516CD641737 B / INACTIVE_ACCOUNT_TIME D / PASSWORD_REUSE_MAX or PASSWORD_REUSE_TIME to UNLIMITED F / PASSWORD_LOCK_TIME E / it's a trap PASSWORD_REUSE_MAX defines the number of changed needed. But it doesn't need to be within some kind of period
oh to see again that link. F is the simillar like A which is statistic number. PASSWORD_LOCK_TIME is about how many days WILL BE locked after attemps. So F seems wrong and E seems better choice than others except B and D
ADEF is correct
A is wrong cause PASSWORD_LOCK_TIME specifies the number of days NOT the number of hours for which the account is locked after the specified number of failed login attempts
There is a confusion between A & F but if you look at the documentation the value for PASSWORD_LOCK_TIME is in days not hours.
ABEF is the correct
A: password_lock_time: number of days after account is locked you can use"alter profile xxx limit password_lock_time 5/24" it works B: inactive_lock_time E: password_reuse_time & password_reuse_max F: password_lock_time, like the option A
i choose BDEF
I believe BDEF to be the correct answer. People are debating "B", however B is correct according to: https://docs.oracle.com/cd/B19306_01/server.102/b14200/statements_6010.htm "If you specify an integer for either of these parameters and specify UNLIMITED for the other, then the user can never reuse a password." as the above pertains to parameters: PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX
Correct Answers are: A, B, D, E