Oracle 12c Upgrade: 09 – Auditing

Card Set Information

Author:
Tralala
ID:
295646
Filename:
Oracle 12c Upgrade: 09 – Auditing
Updated:
2015-03-17 13:44:12
Tags:
Oracle 12c Upgrade 09 – Auditing
Folders:
Oracle 12c Upgrade
Description:
Oracle 12c Upgrade: 09 – Auditing
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user Tralala on FreezingBlue Flashcards. What would you like to do?


  1. Which view is used as a single resource for audit information?
    UNIFIED_AUDIT_TRAIL
  2. In which tablespace is the data for view UNIFIED_AUDIT_TRAIL found?
    SYSAUX, but Oracle recommends a dedicated tablespace.
  3. Which user owns the view UNIFIED_AUDIT_TRAIL?
    AUDSYS
  4. What role is required to view UNIFIED_AUDIT_TRAIL?
    AUDIT_ADMIN or AUDIT_VIEWER
  5. Which role can create, alter audit policies?
    AUDIT_ADMIN
  6. From which sources are records in the UNIFIED_AUDIT_TRAIL sourced?
    • Unified audit and AUDIT settings
    • FGA audit records from DBMS_FGA
    • Oracle Database Real Application Security
    • Oracle Recovery Manager
    • Oracle Database Vault
    • Oracle Label Security
    • Oracle Data Mining
    • Oracle Data Pump
    • Oracle SQL*Loader Direct Load
  7. If the database is opened read-only, how is auditing maintained?
    Records are written to OS file, $ORACLE_BASE/audit/$ORACLE_SID.
  8. What is mixed mode auditing?
    A combination of traditional and unified auditing.
  9. What type of auditing is enabled by default in 12c?
    Mixed mode auditing
  10. What parameter controls the traditional auditing?
    AUDIT_TRAIL
  11. In a Multitenant environment, where is the unified audit trail?
    Each PDB and Root has its own unified audit trail
  12. What happens if Unified Auditing is disabled in a Multitenant environment?
    Disables unified auditing in all PDBs in the CDB.
  13. What are the write modes for Unified Audit Trail?
    • immediate-write
    • queued-write
  14. Which write mode in Unified Audit Trail is more efficient?
    queued-write, but audit data can be lost in a crash
  15. How is the write mode for Unified Audit Trail changed?
    DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL.PROPERTY
  16. How are audit records written from external files in $ORACLE_BASE/audit/$ORACLE_SID?
    • Connect as user with AUDIT_ADMIN role
    • exec DBMS_AUDIT_MGMT.LOAD_UNIFIED_AUDIT_FILES;
    • Once data is loaded, the source Os files are automatically deleted.
  17. How does Unified Audit Trail work in Multitenant environment?
    • Can be on the CDB as a whole
    • Individual PDBs
    • FGA are only available for Root, not PDBs
  18. How can the location of the Unified Audit Trail be found?
    Using DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_LOCATION
  19. How can the location of the Unified Audit Trail be changed?
    Using DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_LOCATION
  20. How can the queue size of the Unified Audit Trail be increased?
    • The parameter UNIFIED_AUDIT_SGA_QUEUE_SIZE
    • Default 1M Max 30M
  21. Which background process handles writing on queued data to the Unified Audit Trail?
    GEN0
  22. How many queues are there in queued-write mode for Unified Audit Trail?
    2. One is writing to disk as the other fills.
  23. How is the SGA queue flushed manually?
    exec dbms_audit_mgmt.flush_unified_audit_trail
  24. How can it be determined if a database has been migrated to unified auditing?
    The view v$option parameter values 'Unified Auditing' is set to TRUE
  25. What is a Common Audit Policy?
    • One available to all PDBs
    • A common user must have AUDIT_ADMIN privilege to edit
  26. What is a Local Audit Policy?
    • One that is specific to Root or a PDB
    • A local user must have AUDIT_ADMIN privilege to edit in PDB
    • A common user must have AUDIT_ADMIN privilege to edit in Root
  27. What is the syntax to create and audit policy in a Multitenant environment?
    CREATE AUDIT POLICY policy_name action1, [action2] [CONTAINER= {CURRENT | ALL}
  28. How is Unified Auditing enabled?
    • Connect as user with AUDIT_ADMIN role
    • Shutdown the database
    • $ORACLE_HOME/rdbms/lib/make -f ins_rdbms.mk uniaud_on ioracle
    • Startup the database
  29. How is Unified Auditing disabled?
    • Connect as user with AUDIT_ADMIN role
    • Disable any enabled policies
    • Shutdown the database
    • $ORACLE_HOME/rdbms/lib make -f ins_rdbms.mk uniaud_off ioracle
    • Startup the database
  30. What is significant about the audit trail table owned by AUDSYS?
    It's read only
  31. How is an audit policy created?
    CREATE AUDIT POLICY
  32. What role is required to create an audit policy?
    AUDIT_ADMIN
  33. On what system wide options can an audit policy be based?
    • A system privilege (CREATE ANY TABLE)
    • A action (ALTER TABLE)
    • A role (DBA)
  34. Which view holds all possible system wide options?
    SYS.AUDITABLE_SYSTEM_ACTIONS
  35. What is the syntax to create a system wide audit policy?
    • CREATE AUDIT POLICY [POLICY_NAME]
    • PRIVILEGES [LIST OF PRIVILEGES]
    • ACTIONS [LIST OF ACTIONS]
    • ROLES [LIST OF ROLES]
  36. On what object specific options can an audit policy be based?
    Actions on a specific object (SELECT ON he.emp)
  37. What is the syntax to create a system wide audit policy?
    • CREATE AUDIT POLICY [POLICY_NAME]
    • ACTIONS [LIST OF OBJECT ACTIONS]
  38. Which view holds all possible system wide options?
    SYS.AUDITABLE_OBJECT_ACTIONS
  39. What is a Condition-Based audit policy?
    On that uses SYS_CONTEXT values to filter a system wide or object based privilege
  40. When defining a Condition-Based audit policy, what should be stated?
    • Where the condition is evaluated
    • Per Statement
    • Per Session
    • Per Database Instance
  41. What is the syntax to create a Condition-Based audit policy?
    • CREATE AUDIT POLICY [POLICY_NAME]
    • ACTION [LIST OF ACTIONS]
    • WHEN 'SYS_CONTEXT' ('TYPE', 'VALUE')='RESULT'
    • EVALUATE PER STATEMENT|SESSION|DATABASE INSTANCE
  42. Which table lists the unified audit policies?
    AUDIT_UNIFIED_POLICIES
  43. What are the Predefined Audit Policies?
    • ORA_ACCOUNT_MGMT - Account changes
    • ORA_DATABASE_PARAMETER - Parameter changes
    • ORA_SECURECONFIG - Secure configuration auditing
  44. How is an audit policy enabled for all users?
    AUDIT POLICY [policy_name];
  45. How is an audit policy enabled for some users?
    • AUDIT POLICY [policy_name] on asmith, pjones
    • or
    • AUDIT POLICY [policy_name] except dbrown, sjohnson
  46. How is an audit policy enabled for some users?
    • AUDIT POLICY [policy_name] on asmith, pjones
    • or
    • AUDIT POLICY [policy_name] except dbrown, sjohnson
  47. How is an audit policy enabled for some users?
    • AUDIT POLICY [policy_name] on asmith, pjones
    • or
    • AUDIT POLICY [policy_name] except dbrown, sjohnson
  48. How is an audit policy enabled for action success or failure?
    • AUDIT POLICY [policy_name] whenever successful
    • or
    • AUDIT POLICY [policy_name] whenever not successful
  49. How is an audit policy changed
    • ALTER AUDIT POLICY [POLICY_NAME]
    • ADD ACTION | ROLE | PRIVILEGES….
  50. What can't be changed when editing an audit policy in a Multitenant system?
    CONTAINER
  51. How is an audit policy disabled?
    NOAUDIT POLICY [POLICY_NAME]
  52. How is an audit policy removed?
    DROP AUDIT POLICY [POLICY_NAME]
  53. What happens if an attempt is made to drop an active audit policy?
    It fails
  54. Which view shows all audit policy currently enabled?
    AUDIT_UNIFIED_ENABLED_POLICIES

What would you like to do?

Home > Flashcards > Print Preview