1Z0-574 | Printable Oracle 1Z0-574 dumps


Q21. Web Services are a natural fit for building distributed computing platforms. Which of the following qualities of Web Services make them suitable for distributed computing? 

A. WSDL,SOAPand XML promote language and platform Independence and interoperability 

B. WSDL can be used to define components that can be distributed in multiple servers. 

C. UDDI allows services deployed in a distributed infrastructure to be discovered and consumed. 

D. Web Services are deployed to the web tier of the distributed architecture. 

Answer: A,C 

Explanation: Web Services are a natural fit for building distributed computing platforms. 

* WSDL, SOAP, and XML promote language and platform independence and interoperability. 

* UDDI allows services deployed in a distributed infrastructure to be discovered and consumed. 

* Simple Object Access Protocol (SOAP) enables service binding and invocation using standards based protocols such as HTTP and JMS. 

* The platform for SOA should support the WS-* standards 

Note: Openness is the property of distributed systems such that each subsystem is continually open to interaction with other systems. Web services protocols are standards which enable distributed systems to be extended and scaled. In general, an open system that scales has an advantage over a perfectly closed and self-contained system. 

Reference: Oracle Reference Architecture, Application Infrastructure Foundation, Release 3.0 

Q22. Which of the following are types of policy considerations designed to affect the way privileges are assigned to users? 

A. Principle of Alternating Privilege 

B. Separation of Duties 

C. DefenseinDepth 

D. Vacation, Job Rotation, and Transfer 

E. Principle of Least Privilege 

Answer: B,D,E 

Explanation: B: Separation of duties is a classic security principle that restricts the amount of power held by any one individual in order to prevent conflict of interest, the appearance of conflict of interest, fraud, and errors. Separation of duties is one of the fundamental principles of many regulatory mandates such as Sarbanes-Oxley (SOX) and the Gramm-Leach-Bliley Act (GLBA), and as a result IT organizations are placing greater emphasis on separation of duties across all IT functions, especially database administration. 

D: Vacation, Job Rotation, and Transfer are policy considerations.. Once way to detect and deter misuse of systems is to have a new person perform the duties of an existing worker. The new person might notice irregularities or questionable circumstances and be able to report it. The new worker might be there temporarily, i.e. filling in for someone on vacation, or might be a replacement as a result of periodic job rotations and transfers. In addition, workers that expect periodic rotations are less likely to misuse systems as they know others following behind them will eventually discover it and report them. E:Each user should have only those privileges appropriate to the tasks she needs to do, an idea termed the principle of least privilege. Least privilege mitigates risk by limiting privileges, so that it remains easy to do what is needed while concurrently reducing the ability to do inappropriate things, either inadvertently or maliciously. Note: The principle of least privilege. Users are given the least amount of privileges necessary in order to carry out their job functions. This applies to interactions between systems as well as user interactions. This reduces the opportunity for unauthorized access to sensitive information. Reference: Oracle Reference Architecture,Security, Release 3.1 

Q23. The Oracle Reference Architecture (ORA) includes the concept of Technology Perspectives. Which statements are true concerning ORA and Technology Perspectives? 

A. Each Technology Perspective focuses on a particular set of products and technology. 

B. A Technology Perspectiveincludesboth reference architecture views as well as practical guidance and approaches for successfully implementing the changes required to embrace the products and technology. 

C. The Technology Perspectives can be used individually or in combinations, for example, SOA with BI. 

D. The Technology Perspectives can be used individually or in combinations. When used in combinations, the SOA Technology Perspective must be included. 

E. Each Technology Perspective is part of ORA and is part of an Enterprise Technology Strategy; 

i.e. a Technology Perspective is the connection between ORA and an Enterprise Technology. 

Answer: A,C,D,E 

Explanation: Technology perspectives extend the core material by adding the unique capabilities, 

components, standards, and approaches that a specific technology strategy offers.(A) 

SOA, BPM, EPM/BI, and EDA are examples of perspectives for ORA. 

Each technology strategy presents unique requirements to architecture that includes specific capabilities, principles, components, technologies, standards, etc. Rather than create another reference architecture for each strategy, ORA was designed to be extensible to incorporate new computing strategies as they emerge in the industry. 

In order to present the reference architecture in the most effective manner, each new technology strategy adds a perspective to ORA. This enables the reference architecture to evolve holistically. New computing strategies extend the core material, providing further insight and detail as needed. 

A perspective extends the ORA core collateral by providing views, principles, patterns, and guidelines that are significant to that technology domain yet cohesive with the overall ORA. The perspective includes: 

* A foundation document describing the terms, concepts, standards, principles, etc. that are important to the ETS. 

* An infrastructure document that defines a reference architecture built using the technologies pertinent to the ETS. 

Reference: IT Strategies from Oracle, An Overview, Release 3.0 

Q24. How is Oracle Database Firewall (ODF) used to protect applications from attacks such as SQL- Injection? 

A. ODF is an option for the Oracle Database. A DBA configures this option to inspect database commands and compare them with a set of known attacks. An ODF agent periodically downloads the latest signatures in order to keep up with the latest known types of attacks. 

B. ODF is a feature of Oracle Advanced Security. A database security administrator configures each database realm with a set of acceptable ports and protocols from which database clients can connect. Valid connections are continuously monitored for suspicious activity. 

C. ODF is an agent based secure connection component that is installed on the database and on the clients. It creates a VPN-like connection between the two that greatly reduces the likelihood of man-in-the-middle and SQL-injection attacks. An administrator installs ODF and configures it for a specific environment. 

D. ODF is a stand-alone product that is installed in between the client and database. It monitors and/or blocks SQL statements, comparing them against a set of known good or known bad statements. 

Answer:

Explanation: Oracle Database Firewall (ODF) - ODF is the first line of defense for both Oracle and non-Oracle databases. It monitors database activity on the network to help prevent unauthorized access, SQL injections, and other forms of attack. ODF uses positive (white list) and negative (black list) security models to validate SQL commands before they can reach the database. The ODF instances act as a firewall for incoming SQL traffic. Each instance can handle multiple downstream databases, and the instances are configured for high availability. SQL traffic must pass through the firewall boxes in order to reach the databases. ODF protects Oracle, MySQL, Microsoft SQL Server, IBM DB2 for Linux, Unix, and Windows, and Sybase databases 

Reference: Oracle Reference Architecture,Security, Release 3.1 

Q25. Which four components of the following list should be found in the client tier of the Logical view of the Oracle Reference Architecture User Interaction? 

A. Personalization 

B. Communication services 

C. State management 

D. Customization 

E. Collaboration 

F. Syndication 

G. Controller 

H. Rendering 

Answer: B,C,G,H 

Explanation: The Client Tier is hosted on the display device. As mentioned above, this may be a browser or an thick client specific to the display device. 

Regardless of the choice for the Client Tier, there are standard capabilities provided by 

this tier in the architecture: 

Controller: The Controller accepts input from the user and performs actions based on that input. 

State Management: The State Management component is responsible for maintaining the current 

state of the user interface. 

Rendering: The Rendering component is responsible for delivering a view of the interface suitable 

for the end user. 

Communication Services: The Communication Services provide the means to access Service Tier 

capabilities. 

Note: Security Container, Data Management and Composition can also be included here. 

Reference: Oracle Reference Architecture, User Interaction, Release 3.0 

Q26. Which of the following is not a characteristic of Cloud computing? 

A. multi-tenancy 

B. elastic scaling 

C. pay-for-use pricing 

D. manual provisioning 

Answer:

Reference: Oracle Reference Architecture, Cloud Foundation Architecture, Release 3.0 

Q27. Oracle Entitlements Server (OES) provides fine grained authorization capabilities that, along with Oracle Access Manager (OAM), comprise the XACML based Authorization Service. What factors should be considered when choosing how to specify and deploy OES policy decision points (PDPs)? 

A. If a policy enforcement point exists in the DMZ, then a remote PDP should be deployed behind the inner firewall. 

B. If both OAM and OES are used, then OES should be configured to use the PDP embeddedin OAM. 

C. OES includes a security provider for Oracle WebLogic Server that will handle policy decisions locally. 

D. Oracle Advanced Security includes a universal stand-alone PDP that provides access for Java, NET, and SOAP clients. 

E. It is best to use a local PDP whenever possible to avoid network calls between the PEP and PDP. A remote PDP ran be used when a local PDP is not available for the client technology, or for other various exceptional cases. 

Answer: A,C,E 

Explanation: A, E:Policy decision points (PDPs) for computingnodes located outside the secure environment. For example, web servers located in theDMZ might leverage a central PDP, deployed behind a firewall. Policy enforcement is still local to the web servers but decisions are made remotely. 

C: OES integrates with OPSS (and other security platforms) to enable the use of local PEPs and 

PDPs. OPSS is a standards-based Java framework of plug-in security services and APIs. 

It provides the platform security for Oracle WebLogic Server. 

Note: OES is a fine-grained authorization engine that simplifies the management of complex entitlement policies. The authorization engine includes both local and centralized PDPs. OES integrates with OPSS (and other security platforms) to enable the use of local PEPs and PDPs. Policy administration is centralized, providing a broad perspective of access privileges, yet delegated, enabling multiple stakeholders to maintain the policies that affect them. 

Note 2: PDP - Policy Decision Point, where policy is evaluated and a decision is made. 

PDPs may be distributed throughout the IT environment and physically co-located with PEPs to avoid network latency. 

Note 3: PEP - Policy Enforcement Point, where permit/deny access decisions are enforced. This is generally included in SOA Service or application infrastructure, such as J2EE containers that manage security. It may also be represented as custom code within a SOA Service or application, providing fine grained entitlements evaluation. 

Reference: Oracle Reference Architecture, Security , Release 3.1 

Q28. Which of the following is the most correct definition of Grid computing? 

A. Grid computing refers to the ability to run computers off a power grid. 

B. Grid computing refers to the aggregation of multiple, distributed computing resources, making them function as a single computing resource with respect to a particular computational task. 

C. Grid computing refers to the vertical scaling of resources to add more capacity to the Infrastructure. 

D. Grid computing allows computing resources to be operated and managed independently, creating a distributed architecture. 

Answer:

Explanation: Grid computing is a technology architecture that virtualizes and pools IT resources, such as compute power, storage, and network capacity into a set of shared services that can be distributed and re-distributed as needed. Grid computing involves server virtualization, clustering, and dynamic provisioning. 

Note: With Grid computing, groups of independent, modular hardware and software components can be pooled and provisioned on demand to meet the changing needs of businesses. Grid computing is really a form of distributed computing and it aims to deliver flexible and dynamic infrastructures using tiered optimization. It uses virtualization at various levels of the middleware and database layer to achieve it. 

Reference: Oracle Reference Architecture, Application Infrastructure Foundation, Release 3.0 

Q29. Which three primary components form IT Strategies from Oracle (ITSO)? 

A. Enterprise Technology Strategies 

B. Maximum Availability Architecture 

C. Enterprise Solution Designs 

D. Oracle Reference Architecture 

E. Oracle Enterprise Architecture Framework 

F. Oracle Unified Method 

Answer: A,C,D 

Explanation: ITSO is made up of three primary elements. 

Enterprise Technology Strategies (ETS) 

Enterprise Solution Designs (ESD) 

Oracle Reference Architecture (ORA) 

Reference: IT Strategies from Oracle, An Overview, Release 3.0 

Q30. Which of the following are common management and monitoring standards available today? 

A. Simple Network Management Protocol (SNMP) 

B. Java Management Extensions (JMX) 

C. the Java EE Management specification (JSR 77) 

D. Information Technology Infrastructure Library (ITIL) 

Answer: A,B,C 

Explanation: * Simple Network Management Protocol (SNMP) is a well-known and popular protocol for network management. 

* Java Management Extensions (JMX) is a specification for monitoring and managing Java resources such as applications, JVM, and J2EE resources. 

* The Java EE Management specification (JSR 77) provides a standard model for managing a J2EE Platform and describes a standard data model for monitoring and managing the runtime state of any Java EE Web application server and its resources. 

Reference: Oracle Reference Architecture, Management and Monitoring, Release 3.0