1Z0-574 | All About Refined 1Z0-574 pdf
Q61. Which one of the following user classification schemes best reflects what function or function performs?
A. role-based classification
B. rule-based classification
C. group-based classification
D. attribute-based classification
E. rank-based classification
Answer: A
Explanation: Given the potentially large number of users of a system, access privileges are generally not assigned at the user level. Instead, users are assigned to groups (mimicking the organizational structure of a company), or roles (defined based on job functions that users perform), or some combination of the two. Access privileges are then assigned to groups and/or roles. The most natural case is that they are assigned to roles, since roles align more closely with operations users naturally perform to accomplish their job. The industry term for this is Role-Based Access Control (RBAC). RBAC is more flexible than defining access rights based on usernames or static groups and enables an organization to be more versatile when allocating resources. With RBAC the system must determine if the subject (user or client) is associated with a role that has been granted access to a resource. This process of user to role ascertainment is called role mapping.
Incorrect answers
B: Rule-based access control is very similar to fine-grained access control, where access is controlled by rules defined in policies. The twist is that rules might refer to each other. For instance, access may be granted to resource/function A as long as it is not also granted to resource/function B. This form of control can be used to ensure that a group or individual is not given privileges that create a conflict of interest or inappropriate level of authority. For instance, the approver of expenses or purchases cannot be the same as the requestor.
C: Role is better here.
D: There are times when access should be based on characteristics the user has rather than the organization or roles to which the user belongs. For instance, a customer with premium status might be granted access to exclusive offers, and a sales representative that has achieved his target sales revenue might have access to certain perks. Such levels of status vary over time, making it difficult to manage access based on relatively static group or role assignments. Attribute-based access control offers a more dynamic method of evaluation. Decisions are based on attributes assigned to users, which are free to change as business events unfold. Access policies define the attributes and values a user must have, and access decisions are evaluated against the current values assigned to the user. Attributes can be used to support both course-grained and fine-grained authorization.
E: No such thing as rank-based classification
Reference: Oracle Reference Architecture,Security, Release 3.1
Q62. Which three primary types of materials form an Enterprise Technology Strategy?
A. ORA Technology Perspective
B. ORA Industry Perspective
C. Practitioner Guides
D. Maturity Model
E. Business Processes
F. Data Entities
Answer: A,C,D
Explanation: There are three primary types of collateral provided for each ETS:
* ORA Technology Perspective
* Practitioner Guides
* Maturity Model
Reference: IT Strategies from Oracle, An Overview, Release 3.0
Q63. Which of the following are asset packaging best practices?
A. Every reusable asset must contain at least one manifest file that self-describes the contents of the package.
B. Any components that can be precompiled must be precompiled in the package.
C. Non-runtime artifacts such as build and test artifacts must be included in the package.
D. Packaging of components must be modular and all common components must be packaged as independent libraries that can beincluded in multiple packages.
Answer: A,B,D
Explanation: Assets must be packaged using standards-based approaches with the goal of improving flexibility, reuse, and runtime performance. Applying packaging standards and best practices is a critical step in ensuring that the assets are deployed for the best quality and performance. It also accelerates the time-to-deployment.
Implications:
* Every reusable asset must contain at least one manifest file that self-describes the contents of the package.
* Any components that can be precompiled must be precompiled in the package.
* Non-runtime artifacts must not be included in the deployment package. (e.g. build and test artifacts) (not C)
* Packaging of components must be modular and all common components must be packaged as independent libraries that can be included in multiple packages.
Note: Further implications
* Libraries provided by the platform should not be included in the package. (e.g. Application Server system libraries)
* Libraries and components in a package must not be duplicated. The classloader hierarchy must be used to design the packages to avoid duplication.
* Common libraries must be placed outside the package to be loaded by a higher level classloader (e.g. System classloader).
* Packages must follow predefined industry or company standard naming conventions and structures.
* Static content must not be included in the deployable package. They must be served separately in exploded format.
Reference: Oracle Reference Architecture, Software Engineering, Release 3.0,
Q64. You need to redesign your application to improve performance. The potential solution requires the data to be kept in memory for faster access. The in-memory data requires full support for SQL with BI queries and there is no need to scale out further. Which Oracle product would you choose to implement your solution?
A. Oracle Coherence
B. Oracle TimesTen
C. Oracle TUXEDO
D. Oracle VM
Answer: B
Explanation: Oracle TimesTen In-Memory Database (TimesTen) is a full-featured, memory-optimized, relational database with persistence and recoverability. It provides applications with the instant responsiveness and very high throughput required by database-intensive applications. Deployed in the application tier, TimesTen operates on databases that fit entirely in physical memory (RAM). Applications access the TimesTen database using standard SQL interfaces. For customers with existing application data residing on the Oracle Database, TimesTen is deployed as an in-memory cache database with automatic data synchronization between TimesTen and the Oracle Database.
Q65. Which of the following statements are true?
A. The MVC pattern became very popular when the client-server architecture was in common use.
B. MVC was developed to map to three tiers of an n-tier architecture.
C. Federation, as applied to user interfaces, means that all security standards must only be applied at a level at which government security agencies are able to decrypt communications.
D. Federation, as applied to user interfaces, is the concept that parts of the user interface arecreatedand controlled by an organization that is separate from the organization creating the user interface.
E. When in a disconnected state, the Data Management capability in the client tier may act temporarily as the model allowing the user interface to function.
F. Federation, as applied to a user interfaces, means that data must be replicated.
Answer: A,D
Explanation: A: When the MVC pattern came into prominence, client-server was the system architecture de rigueur. Note: The model-view-controller (MVC) pattern separates the three major elements in the user interface; thereby providing separation of concerns which results in code that is more easily understood, reused, modified, and maintained. The three major elements in the user interface are: model, view, and controller.
D: Whereas the MVC pattern and modular programming are relatively old concepts (at least as far as software development is concerned), federation is a relatively new concept closely related to service orientation. Applied to user interfaces, federation is the concept that parts of the user interface are created and controlled by an organization (authority) that is separate from the organization (authority) creating the user interface.
Reference: Oracle Reference Architecture, User Interaction, Release 3.0
Q66. Which of the following options best describes the concept of data-driven testing?
A. Data-driven testing is a strategy used to perform load testing.
B. Data-driven testing is used to perform functional tests by iterating through data sets in a databank.
C. Data-driven testing uses a single predefined data set to perform repeated testing.
D. Data-driven testing uses database triggers to initiate and run test cases.
Answer: B
Explanation: One of the best ways to perform functional testing is through data-driven testing, in which a databank is created to cover the various functional use cases and is used to drive the testing. This requires the ability to iterate through a list of data sets in the databank, substitute them for the input values, and run the tests.
Reference: Oracle Reference Architecture, Software Engineering, Release 3.0, Data driven testing
Q67. Architecturally speaking, why might an organization deploy a SAML-based Web SSO solution if they already have a cookie-based Web SSO in place and working?
A. SAML generally performs better and requires less network overhead.
B. SAML supports federation across cookie domains.
C. SAML is required for Web Service security, which makesit a natural replacement for cookie based SSO solutions.
D. SAML isimmune to man-in-the-middle attacks.
Answer: B
Explanation: SSO solutions deployed for a localized domain often exchange state information in a browser cookie. These implementations are limited to the scope of the DNS domain as cookies are not visible across domains. SAML offers alternatives solutions that do not have this limitation.
Reference: Oracle Reference Architecture,Security, Release 3.1
Q68. The three common goals of Information security are known as the CIA triad. CIA stands for:
A. Confidentiality, Integrity and Auditing
B. Confidentiality, Integrity and Availability
C. Confidentiality, Integrity and Access Control
D. Confidentiality, Integrity and Authentication
E. Confidentiality,Integrity and Authorization
Answer: B
Explanation: For over twenty years, information security has held confidentiality, integrity and availability (known as the CIA triad) to be the core principles of information security.
There is continuous debate about extending this classic trio.
Note:
Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems.
In information security, integrity means that data cannot be modified undetectably.
For any information system to serve its purpose, the information must be available when it is needed.
Q69. Which product provides the standard communication protocols (for example, HTTPS) between the Client Tier and the Service Tier as well as Message Security?
A. Oracle platform Security Services
B. Oracle WebCenter
C. Application Development Framework
D. Oracle HI IP Server
Answer: A
Explanation: Oracle Platform Security Services comprises Oracle WebLogic Server's internal security framework and Oracle's security framework (referred to as Oracle Platform Security).
OPSS delivers security as a service within a comprehensive, standards-based security framework.
The Security Services includes SSL:Hypertext Transfer Protocol Secure (HTTPS) is a combination of Hypertext Transfer Protocol (HTTP) with SSL/TLS protocol.
Note:Oracle Platform Security Services (OPSS) provides enterprise product development teams, systems integrators (SIs), and independent software vendors (ISVs) with a standards-based, portable, integrated, enterprise-grade security framework for Java Standard Edition (Java SE) and
Java Enterprise Edition (Java EE) applications.
OPSS provides an abstraction layer in the form of standards-based application programming interfaces (APIs) that insulate developers from security and identity management implementation details. With OPSS, developers don’t need to know the details of cryptographic key management or interfaces with user repositories and other identity management infrastructures. Thanks to
OPSS, in-house developed applications, third-party applications, and integrated applications benefit from the same, uniform security, identity management, and audit services across the enterprise.
OPSS is the underlying security platform that provides security to Oracle Fusion Middleware including products like WebLogic Server, SOA, WebCenter, ADF, OES to name a few. OPSS is designed from the ground up to be portable to third-party application servers. As a result, developers can use OPSS as the single security framework for both Oracle and third-party environments, thus decreasing application development, administration, and maintenance costs.
Reference: Oracle. Fusion Middleware Security Overview, 11g Release 1, About Oracle Platform
Security Services
Q70. Which statement best describes how Service-Oriented Integration (SOI) differs from traditional Enterprise Application Integration (EAI)?
A. SOI is Just like EAI except that a service bus is used Instead of a hub or message bus.
B. SOI is different than hub-based EAI, but is the some as EAI using a message bus.
C. SOI uses a point to-point integration approach based on the Web Services Industry standards.
D. SOI uses SOA Services that are separate and distinct from the applications being integrated
E. EAI integrates applications whereas SOA integrates SOA Services.
Answer: E
Explanation: Enterprise Application Integration (EAI) is an approach for integrating multiple applications. EAI products are built around messaging products and are deployed in either a hub-and-spoke architecture or in a bus architecture. Some argue that service-oriented integration is actually a form EAI. This is not correct. EAI is an application-oriented architecture. EAI provides the mechanism to have applications interact to share data and functionality. Service-oriented integration adds the concept (and concrete deployment) of SOA Services that are separate and distinct, with a lifecycle that is independent, from any application in the computing environment.
Reference: Oracle Reference Architecture, Service-Oriented Integration, Release 3.0