Oracle Database Security Administration Intermediate Practice Exam: Medium Difficulty 2025

Your organization requires that all connections to the production database must use strong authentication. You've configured the sqlnet.ora file with SQLNET.ALLOWED_LOGON_VERSION_SERVER=12. A legacy application using Oracle Client 11g is failing to connect. What is the most appropriate solution to maintain security while resolving this issue?

A DBA needs to implement Transparent Data Encryption (TDE) for an existing tablespace containing 500GB of sensitive data. The database is running in ARCHIVELOG mode with limited downtime allowed. Which approach should be used?

You are configuring unified auditing for your database and need to audit all SELECT statements on the EMPLOYEES table in the HR schema, but only when queries return more than 100 rows. Which approach accomplishes this requirement?

A company uses Oracle Database Vault to protect sensitive financial data. The DV_OWNER account has been compromised. What is the immediate security implication and best practice response?

Your database has TDE column encryption enabled for the SALARY column in the EMPLOYEES table. A developer reports that queries using WHERE salary > 50000 are performing poorly compared to non-encrypted columns. What is the primary cause and recommended solution?

An organization needs to implement separation of duties where the DBA team cannot view sensitive customer data in production, but the application team needs full access. The DBA team must still perform all database maintenance. Which combination of Oracle security features best addresses this requirement?

You need to configure unified auditing to capture failed login attempts and successful privilege grants across the database. After creating and enabling the appropriate audit policies, you notice that audit records are not appearing in UNIFIED_AUDIT_TRAIL. What is the most likely cause?

A database administrator needs to rotate the TDE master encryption key as part of quarterly security procedures. The database has multiple encrypted tablespaces and is part of a Data Guard configuration. What is the correct sequence of actions?

Your security audit reveals that several application accounts have been granted SELECT ANY TABLE privilege. You need to identify which tables these accounts have actually queried in the past 30 days before removing the privilege. Which approach provides this information most effectively?

A healthcare application must ensure that patient records can only be accessed during business hours (8 AM - 6 PM) and only from the application server IP addresses. The security policy must be enforced at the database level. Which Oracle security feature combination best implements this requirement?