1 2 Previous Next 15 Replies Latest reply: Dec 26, 2012 12:52 PM by Roger25 RSS

    security question

      I ordered a test engine from uCertify, for the 1Z0-528 exam. When taking the test and giving the answer, i observed that one questions' answer is wrong.

      Which of the following security options is used for transparent data encryption and key management?

      A: Advanced Security Option
      B: Database Vault
      C: Enterprise Manager Data Masking Pack
      D: Audit Valut

      I answered A, which i thought it's correct. But the C answer then was marked with green (stating that C is correct). Shouldn't be A?
        • 1. Re: security question
          Srini Chavali-Oracle
          I think they are splitting hairs on semantics here - the key word is "management" of TDE and keys, which the EM Data Masking pack provides - http://docs.oracle.com/cd/E11857_01/em.111/e11982/database_management.htm#DAFBIABB - the actual functionality of masking is provided by ASO.

          • 2. Re: security question
            And where can i find in that link (oracle docs) that the management of TDE and keys is provided within EM Data Masking Pack?
            So the right answer should be C?
            • 3. Re: security question
              Srini Chavali-Oracle
              Roger22 wrote:
              And where can i find in that link (oracle docs) that the management of TDE and keys is provided within EM Data Masking Pack?
              So the right answer should be C?
              See the last line in section titled "Transparent Data Encryption" in the link above - again, I think this is splitting semantic hairs.

              • 4. Re: security question
                Ok.. now if you were at the exam, what would you responde? A or C? :)
                • 5. Re: security question
                  Srini Chavali-Oracle
                  Remember that these exams are based on Oracle training material - I would answer whatever was in that material :-)

                  • 6. Re: security question
                    Zoran Pavlovic
                    Management of keys and TDE is done by Advanced Security Option. Data Masking Pack is totally different product (you don't need to use data masking in order to implement encryption).

                    So answer for this is A.

                    Last line on that link only says that you can use Enterprise Manager for managing TDE! Data masking is totally different thing. Answer you get on that preparation engine is wrong.

                    P.S. I passed that exam about a year ago.


                    Edited by: Zoran Pavlovic on Dec 24, 2012 7:54 PM

                    Edited by: Zoran Pavlovic on Dec 24, 2012 7:56 PM
                    • 7. Re: security question
                      I agree with Zoran. There is not doubt - The correct answer is A.
                      • 8. Re: security question
                        Wrong, the "management" of TDE and keys, is not provided by EM Data Masking pack!
                        • 9. Re: security question
                          What was your passing score? The questions are similar to those from the authorized practice engine? and are they hard?
                          • 10. Re: security question
                            Zoran Pavlovic
                            I can't find my passing score now (Pearsonvue and Oracle changed their policy, so for now on you will get passing score from Oracle and not from Pearsonvue), but it was about 85%.

                            Questions weren't hard for me :) And what practice engine you are talking about?

                            If you have a hands on experience with that products (ASO, Data Masking, VPD, OLS, DBV, Audit Vault), it should be ok.


                            Edited by: Zoran Pavlovic on Dec 24, 2012 9:57 PM

                            Edited by: Zoran Pavlovic on Dec 24, 2012 11:01 PM
                            • 11. Re: security question
                              As far as I know there are no authorized practice engines for this exam. If you really want to learn, make sure you go through all exam topics (read relevant Oracle documentation, hands-on experience is not a must for passing the exam, but is really valuable).

                              I passed the exam long time ago, they probably changed questions...
                              • 12. Re: security question
                                There are authorized practice tests.. see http://www.ucertify.com/exams/Oracle/1Z0-528.html (ucertify i know it's an authorized vendor)

                                And I don't have any working experiende with these security solutions, but my master thesis was written about security solutions, and i wanted to learn more, so i read many materials. I think it should be ok at the exam.
                                • 13. Re: security question
                                  Also, at this question:

                                  Which one can be used with databases from different vendors?
                                  A. Advanced Security Option
                                  B. Oracle Database Vault
                                  C. Oracle Audit Vault
                                  D. Oracle Label Security
                                  E. Oracle Data Masking Pack
                                  F. Virtual Private Database

                                  I think it should be C and also E, not only C, because in the Data Masking Pack data sheet, it is stated that:

                                  Support for Heterogeneous Databases
                                  Oracle Data Masking Pack can support masking of data in heterogeneous databases,
                                  such as IBM DB2 and Microsoft SQLServer, through the use of Oracle Database
                                  • 14. Re: security question
                                    Roger22 wrote:
                                    Ok.. now if you were at the exam, what would you responde? A or C? :)
                                    I would give it what I believed to be the correct answer based on what I had read on the official Oracle docs.

                                    And I wouldn't be surprised if the answers on the actual exam looked nothing like the practice test.

                                    I prepared for 10g OCA and OCP by using the practice exams as an indicator of what I needed to study in the official oracle docs. Each question in the practice tests gave explanations and references back to the official docs, and it was THAT information I focused on. It wasn't at all uncommon to see some if the explanations to be self-contradictory, but when I saw something like that it just caused me to dig deeper into the docs until I was convinced I knew the correct answer regardless of what the practice test said. I deliberately tried to NOT focus on exact questions and answers, but to focus on the principles involved in each. And still, when I got to the exams my first impression was "where did they come up with THAT?" But in the end, I just convinced myself to keep my wits about me and answer each question as best I knew how, and I came out just fine.

                                    Edited by: EdStevens on Dec 26, 2012 8:12 AM
                                    1 2 Previous Next