Which two statements are true about User Authentication in an Oracle Database? (Choose two.)
Which two statements are true about User Authentication in an Oracle Database? (Choose two.)
Password File authentication must be used for system-privileged administrative users to ensure secure authentication. Operating System authentication may also be used for these users, providing flexibility in the method of authentication.
I believe.
A. Password authentication must be used for system-privileged administrative users. Correct, can't find any reference where password authentication can be disabled. Some type of authentication has to be enabled. B. Password File authentication must be used for system-privileged administrative users. Wrong - Can use different methods. C. Operating System authentication may be used for system-privileged administrative users. Correct D. Password File authentication is supported for any type of database user. Wrong - "Password files are used to authenticate database administrators." E. REMOTE_LOGIN_PASSWORDFILE must be set to exclusive to permit password changes for system-privileged administrative users. Wrong - Can also be set to NONE which will allow password changes. https://docs.oracle.com/en/database/oracle/oracle-database/19/refrn/REMOTE_LOGIN_PASSWORDFILE.html#GUID-6619299E-95E8-4821-B123-3B5899F046C7 https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/configuring-authentication.html#GUID-30E91ECB-1DA1-4C9E-B630-3C9E541CD915
Statements A and B are incorrect. Password authentication and Password File authentication are both supported for system-privileged administrative users, but they are not required. Operating System authentication is also supported for system-privileged administrative users. Statement E is incorrect. REMOTE_LOGIN_PASSWORDFILE must be set to exclusive to permit password changes for all users, not just system-privileged administrative users.
I think C and E. https://docs.oracle.com/en/database/oracle/oracle-database/19/admin/getting-started-with-database-administration.html#GUID-662ACF2E-546A-4EF0-89EA-35D4633A0996 https://docs.oracle.com/en/database/oracle/oracle-database/19/refrn/REMOTE_LOGIN_PASSWORDFILE.html#GUID-6619299E-95E8-4821-B123-3B5899F046C7
Reason for determining that option A is incorrect The Oracle official documentation "Oracle Database Security Guide" provides detailed explanations of these authentication methods. Specifically, it clearly states that operating system authentication and network authentication can be used as authentication options for administrative users with system privileges.
https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/configuring-authentication.html#GUID-9779C17E-1ECA-4360-9833-64EE16E7269B 「Authentication of Database Administrators」 - 「3.3.2 Strong Authentication, Centralized Management for Administrators」 - Strong authentication methods for centrally managed databases include directory authentication, Kerberos authentication, and SSL authentication.
「3.3.2.1 About Strong Authentication for Database Administrators」 Consider using this type of authentication for database administration for the following situations: You have concerns about password file vulnerability.
Reason for determining that option E is incorrect https://docs.oracle.com/cd/E96517_01/refrn/REMOTE_LOGIN_PASSWORDFILE.html "1.277 REMOTE_LOGIN_PASSWORDFILE"
When administrative users with system privileges use password file authentication, the REMOTE_LOGIN_PASSWORDFILE parameter needs to be set. However, it is not mandatory to set it to either shared or exclusive. - When REMOTE_LOGIN_PASSWORDFILE = none: Password files are not used. With this setting, administrative users with system privileges must be authenticated by the operating system. Password file authentication cannot be used.
- When REMOTE_LOGIN_PASSWORDFILE = shared or exclusive: Password files are used. Administrative users with system privileges are authenticated using password files.
The difference between shared and exclusive is whether the password file can be shared by multiple databases or used by only one database. Therefore, when administrative users with system privileges use password file authentication, the REMOTE_LOGIN_PASSWORDFILE parameter must be set to either shared or exclusive. If set to none, password file authentication cannot be used. As mentioned in option E, it is not necessary to set the parameter to exclusive mode to allow password changes for administrative users with system privileges.
Selected Answer: BC
Reason for determining that option D is incorrect Looking closely at the wording of option D, it states, "Password File authentication is supported for any type of database user." There are two perspectives to consider when interpreting this statement.
Whether Password File authentication is technically possible: In Oracle Database, it is technically possible to include users other than administrative users with system privileges in the password file. From this perspective, option D could be considered correct.
Whether Password File authentication is recommended or commonly used: Generally, Password File authentication is used for administrative users with system privileges. Using Password File authentication for regular database users is not recommended, and standard database authentication is typically used instead. From this perspective, option D can be considered incorrect.
The Oracle official documentation emphasizes the primary use of Password File authentication for authenticating administrative users with system privileges. There is no clear recommendation for using Password File authentication for regular database users. Considering the above points, option D is likely to be incorrect. Just because Password File authentication is technically possible does not mean it is recommended or commonly used for all types of database users. However, depending on the interpretation of the question, there is a possibility that option D could be considered correct. To accurately understand the intent of the question, it is necessary to confirm the intention of the person who created the question.