Oracle Oracle Certifications 1Z0-574 Questions & Answers

• Question 71:

  How is Oracle Database Firewall (ODF) used to protect applications from attacks such as SQL- Injection?

  A. ODF is an option for the Oracle Database. A DBA configures this option to inspect database commands and compare them with a set of known attacks. An ODF agent periodically downloads the latest signatures in order to keep up with the latest known types of attacks.

  B. ODF is a feature of Oracle Advanced Security. A database security administrator configures each database realm with a set of acceptable ports and protocols from which database clients can connect. Valid connections are continuously monitored for suspicious activity.

  C. ODF is an agent based secure connection component that is installed on the database and on the clients. It creates a VPN-like connection between the two that greatly reduces the likelihood of man-inthe-middle and SQL-injection attacks. An administrator installs ODF and configures it for a specific environment.

  D. ODF is a stand-alone product that is installed in between the client and database. It monitors and/or blocks SQL statements, comparing them against a set of known good or known bad statements.

  Correct Answer: D

  Explanation: Oracle Database Firewall (ODF) - ODF is the first line of defense for both Oracle and non-Oracle databases. It monitors database activity on the network to help prevent unauthorized access, SQL injections, and other forms of attack. ODF uses positive (white list) and negative (black list) security models to validate SQL commands before they can reach the database. The ODF instances act as a firewall for incoming SQL traffic. Each instance can handle multiple downstream databases, and the instances are configured for high availability. SQL traffic must pass through the firewall boxes in order to reach the databases. ODF protects Oracle, MySQL, Microsoft SQL Server, IBM DB2 for Linux, Unix, and Windows, and Sybase databases

  References:

• Question 72:

  Assets may be packaged into deployable units by using a variety of strategies. Which of the following is not a valid asset packaging scenario?

  A. bundled as a single archive file

  B. unbundled with artifactsinthe original location

  C. unbundled with artifacts moved to a new location

  D. bundles as a single executable binary file thatis run stand-alone

  Correct Answer: D

  Explanation:

  The Reusable Asset Specification (RAS) provides the following guidelines with respect to asset packaging.

  *

  Every reusable asset must contain at a minimum one manifest file and at least one artifact, to be considered a valid reusable asset.

  *

  An asset package is the collection of artifact files plus a manifest. There are several asset packaging scenarios including:

  *

  Bundled As Single Archive File (not A)

  *

  Unbundled with artifacts in original location (not B)

  *

  Unbundled with artifacts moved to new location (not C)

  References:

• Question 73:

  In order to support rapid development, which one of the following principles must be applied?

  A. The architecture must provide a Rapid Application Development framework for user interface development.

  B. The architecture must provide guided development of the user interface without needlessly exposing the developer to implementation details.

  C. The architecture must provide access to the full implementation details of the interface in order permit maximum flexibility in the development process.

  D. Usability best practices are incorporated into proven user-interface techniques.

  Correct Answer: B

  Explanation:

  The architecture must provide rapid, guided development of the user interface without needlessly exposing

  the developer to implementation details.

  Reducing the time and resources required to deliver business solutions is required for IT to better support

  and align with business needs. Low level development is both time consuming and error prone.

  References:

• Question 74:

  Which of the following statements are true concerning, data formats used In Service-Oriented Integration (SOI)?

  A. SOA Services used in SOI should use application-specific data formats to ensure accurate transmission of data entities from the source systems.

  B. A single, canonical data model must be created to successfully build an enterprise-wide SOI.

  C. Data formats should be based on logical representations of business-level entities to facilitate composite application assembly.

  D. Application-specific data formats should be translated to and from normalized data formats.

  E. Data formats should use third normal form because this is the most efficient format for transmitting data.

  F. Binary data formats should not be used because they are costly and difficult to maintain.

  G. XML data formats should not be used because they are too verbose and result in poor performance.

  Correct Answer: CDF

  Explanation:

  C:Logical Data Representations

  Message and data formats should be based on logical

  representations of business objects rather than native application data structures.

  D: Providing consumer representations and reading from and writing to multiple source systems leads to the issue of data format transformations. For a very small number of source systems, point-to-point transformations can be used by the SOA Services. However, this approach becomes untenable as the number of source systems increases. Thus, a better approach is to create a normalized format for the data entities and then provide transformations to and from the normalized format for each source system.

  Normalized Data Formats Data transformations are to and from normalized formats. Normalized data formats facilitate composition and reduce the number of transformations that must be created and maintained.

  F: Binary data formats would be awkward.

  References:

• Question 75:

  What capabilities are provided by Oracle Enterprise Repository (OER)?

  A. Dependency Analysis

  B. Asset Prescription

  C. Asset Versioning

  D. O-R Mapping

  Correct Answer: AC

  Explanation: The primary focus of the Metadata Repository (aka Enterprise Metadata Repository or Enterprise Repository) is design-time, and it usually has no role in the runtime environment of most SOA deployments. The metadata repository is primarily a human interface for asset capture and presentment. It has integration with the service registry to promote the service interfaces and with the security framework for repository security like authentication and access control.

  Core capabilities of the metadata repository include:

  *

  Asset Management

  *

  Asset Lifecycle Management

  *

  Usage Tracking

  *

  Service Discovery

  *

  Version Management (C)

  *

  Service Taxonomy

  *

  Dependency Analysis (A)

  *

  Portfolio Management

  References:

• Question 76:

  The Oracle Reference Architecture (ORA) includes the central layers as well as Technology Perspectives and Industry perspectives. Which statements best describe how these are related within ORA?

  A. The Technology Perspectives are reference architectures incorporating specific technologies, products, and standards.

  B. The Technology Perspectives provide a view of ORA focused on specific technologies, product and standards.

  C. The Industry Perspectives are reference architectures for specificindustries, for example, Telco, Pharma.

  D. The Industry Perspectives extend the central layers of ORA toincludeindustry-specific capabilities, components, and so on.

  E. ORA is a collection of reference architectures, some based on technology (Technology Perspectives), and some based on industry verticals (Industry Perspectives).

  Correct Answer: BD

  Explanation:

  The core ORA material is extended via architecture perspectives. There are two types of perspectives:

  Technology and Industry(not E).

  B:Technology perspectives extend the core material by adding the unique capabilities, components,

  standards, and approaches that a specific technology strategy offers. SOA, BPM, EPM/BI, and EDA are

  examples of perspectives for ORA. Each technology strategy presents unique requirements to architecture

  that includes specific capabilities, principles, components, technologies, standards, etc. Rather than create

  another reference architecture for each strategy, ORA was designed to be extensible to incorporate new

  computing strategies as they emerge in the industry In order to present the reference architecture in the

  most effective manner, each new technology strategy adds a perspective to ORA. This enables the

  reference architecture to evolve holistically. New computing strategies extend the core material, providing

  further insight and detail as needed.

  A perspective extends the ORA core collateral by providing views, principles, patterns, and guidelines that

  are significant to that technology domain yet cohesive with the overall ORA.

  Industry perspectives extend the core material by adding the business functions, business processes, data entities, software capabilities and components that an industry vertical requires. Retail, Financial, Telco, and Pharma are examples of industry perspectives for ORA.

  References:

• Question 77:

  Choose the three statements from the following list that accurately reflect architectural principles of Oracle Reference Architecture User Interaction.

  A. The architecture must support separating configuration and other types of metadata from the source code.

  B. The architecture must support orchestration of business application functions.

  C. The architecture must support end-user access to a wide variety of server-side functionality.

  D. The architecture must not attempt to replicate the capabilities of traditional client-server GUIs.

  E. The architecture must provide secure interaction between the end user and the server-side resources.

  F. The architecture must provide the end user with the capability to switch quickly between applications.

  Correct Answer: ACE

  Explanation:

  * Meta-data support

  The architecture must support separating configuration and other types of meta-data from the source code.

  *Access to Functionality

  The architecture must support end user access to a wide variety of server-side functionality.

  *Secure Interactions

  The architecture must provide secure interaction between the end user and the server-side resources.

  References:

• Question 78:

  Service composition is the creating of a new SOA Service by aggregating existing SOA Services. Which statements are correct concerning the use of service composition within the Service-Oriented Integration architecture?

  A. The SOI architecture is a layered architecture; therefore service composition is not allowed.

  B. Service composition is allowed, even encouraged, by the SOI architecture.

  C. Service composition within the SOI architecture is allowed only when the aggregation is over SOA Services from lower layers in the architecture.

  D. Service composition should be avoided because service aggregation is provided by the Mediation Layer.

  E. Service composition is allowed, but is discouraged because service composition leads to complex dependencies.

  Correct Answer: C

  Explanation: Service composition is the ability to leverage lower-level services to create a higher-level service When doing composition, the developer should respect the layering of the architecture. Thus, a Business Service could leverage existing Connectivity Services or Data Services and a Data Service could leverage existing Connectivity Services. But, a Data Service should not call a Business Service and a Connectivity Service should not call a Data Service or a Business Service

  References:

• Question 79:

  Which statement best describes the relationship between the Logical View and the Development view of the Service-Oriented Integration architecture?

  A. The two architectural views are Independent and there is no relationship between them.

  B. The Logical View defines the rationale for layers within the architecture. The Development View specifies the developer tools used for each layer.

  C. The Logical View defines the layers of the architecture and the capabilities within each layer. The Development View describes how aspects of the architecture impact developers following the architecture.

  D. The Logical View defines the layers of the architecture and the capabilities within each layer. The Development View specifies the developer tools that provide the capabilities for each layer.

  E. The Logical View specifies the developer tools required by each layer in the architecture. The Development View describes the developer impact of the tools specified.

  Correct Answer: C

  Explanation:

  * The Logical View of the architecture describes the various layers in the architecture. Each layer encapsulates specific capabilities for the overall architecture. Upper layers in the architecture leverage the capabilities provided by the lower layers.

  *The Development View of the architecture describes aspects of the architecture that are of interest to developers building assets that conform to and leverage the architecture. In a service-oriented integration architecture the primary developer artifacts are the SOA Services that are created to expose data and functionality contained in source systems.

  References:

• Question 80:

  Which of the following statements are true about applying security to SOA Services?

  A. SOA Services must base access control decisions on roles, attributes, rules, and so on, that are universal to all consumers.

  B. SOA Services are difficult to secure due to a lack of security standards for Web Services.

  C. SOA Services are a type of monolithic application with self-contained identity and role management.

  D. Data returned by a SOA Service may need to be redacted according to data classification schemes, depending on the privileges of users.

  Correct Answer: AD

  Explanation:

  A: In terms of access control, SOA Services must base access control decisions on roles, attributes, rules, etc. that are universal to all consumers.

  D: data provided by a SOA Service must adhere to data classification restrictions that might differ between consumers. For instance, the same query service may need to redact various rows or columns of data based on restrictions assigned to classes of consumers.

  References: