1Z0-574 | Up to the minute 1Z0-574 Exam Study Guides With New Update Exam Questions
Q51. Which of the following statements are true about the XACML standard and architecture?
A. The Policy Enforcement Point (PEP) is where permit / deny access decisions are made.
B. The Policy Information Point (PIP) provides information such as user attributes or environmental data that may be used to make access control decisions.
C. XACML defines an XML schema used to represent rules for access control.
D. XACML defines a TCP protocol used to communicate messages between Policy Enforcement Points.
E. SAML assertions can be used to carry XACML authorization decisions.
Answer: A,B,C,E
Explanation: A: PEP - Policy Enforcement Point, where permit/deny access decisions are enforced.
B: PIP - Policy Information Point, where information can be retrieved to evaluate policy conditions. For example, a user's role or time of day may be needed by the PDP to make a policy decision.
C: eXtensible Access Control Markup Language (XACML) provides a standard way to represent access control policy information using XML. XAMCL defines access control policies in terms of rules, which in turn are defined to include a target, an effect, and a set of conditions. XACML defines an XML schema used to represent rule
E: The SAML 2.0 profile of XACML 2.0 defines SAML assertions used to carry policies, policy queries and responses, authorization decisions, authorization query decisions and responses, and attribute assertions. In this way SAML authentication, attribute, and authorization assertions are incorporated into the security framework to complement XACML.
Reference: Oracle Reference Architecture,Security, Release 3.1
Q52. Which of the following environments are typically clustered?
A. Development Environment
B. User Acceptance Testing (UAT) Environment
C. Staging Environment
D. Nonfunctional Testing Environment
Answer: B
Explanation: UAT (also known as beta testing) : Formal testing with respect to user needs, requirements, and business processes conducted to determine whether or not a system satisfies the acceptance criteria and to enable the user, customers or other authorized entity to determine whether or not to accept the system.
Incorrect answer:
The staging tier is a environment that is as identical to the production environment as possible.
The purpose of the Staging environment is to simulate as much of the Production environment as possible. The Staging environment can also double as a Demonstration/Training environment.
Reference: Oracle Reference Architecture,Business Process Engineering, Release 3.0
Q53. Which one of the following types of access control should be used when access to a resource is dependent upon specific qualities of the user, for example, membership status, frequency of purchases, or level of certification?
A. role-based access control
B. rule-based access control
C. discretionary access control
D. content-dependent access control
E. attribute-based access control
Answer: C
Explanation: Content dependent access control involves restricting access to content, such as documents and emails, based on embedded keywords or certain assigned metadata. It works by inspecting the content and applying rules to determine if access is permitted. This approach is taken by many Data Loss Prevention solutions. It is possible to combine content dependent access control with role-based access control in order to restrict access to content by established roles.
Reference: Oracle Reference Architecture,Security, Release 3.1
Q54. Which statement best describes how the Oracle Reference Architecture (ORA) combines different Technology Perspectives?
A. A Technology Perspective is a specialized view of ORA focused on a particular set of products and technology; therefore, the core ORA material represents the combination of all of the Technology Perspectives.
B. Each Technology Perspective belongs to an Enterprise Technology Strategy. Each Enterprise Technology Strategy includes practical guidance on how to combine the strategy with other Enterprise Technology Strategies.
C. The composition of different Technology Perspectives is accomplished via Industry Perspectives. The Industry Perspective illustrates and describes how the different Technology Perspectives apply to a particular industry vertical.
D. The composition of different Technology Perspectives is accomplished via SOA Services. The SOA conceptual model is used to illustrate and describe how each Technology Perspective consumes and provides SOA Services.
Answer: D
Explanation: The intent of SOA is to provide common reusable SOA Services that can be leveraged by a variety of consumers. SOA Services are made available to various types of service consumers in order to rationalize the way business functions are performed and enterprise data is managed. Its modular architecture approach promotes reuse and business agility, and the use of widely adopted technology standards improves interoperability between business solutions.
Service consumers consist of various types of business solutions, such as BPM, EDA, MDM, BI.
SOA Services can also act as service consumers.
ORA provides a framework to describe how various technology perspectives are related.
Note:The reference architecture is designed to support an expanding list of technology strategies.
It is also important that the various technology perspectives can be easily combined since they are very much complementary.
ORA embraces service orientation at the core so that services provide a consistent mechanism to expose and combine various technologies and the capabilities.
A high-level conceptual model for SOA is used to illustrate how technology perspectives consume and provide SOA Services.
Reference: Oracle Reference Architectureand Service Orientation, Release 3.0
Q55. Which statement best describes synchronous versus asynchronous communications in a Service Oriented Integration (SOI) architecture?
A. Both synchronous and asynchronous communication should be supported by SOI. Synchronous communication provides an easier programming paradigm. Asynchronous communication provides greater decoupling between the requester and the responder.
B. The SOI architecture should use only synchronous communication because SOA Services are inherently synchronous. If a back end system supports only asynchronous communications, the "bridging synchronous and asynchronous communications" integration pattern can be used to convert from asynchronous communication to synchronous communication.
C. The SOI architecture should use only asynchronous communication because asynchronous communication provides greater decoupling in the architecture. If a back-end system supports only synchronous communications, the "bridging synchronous and asynchronous communications" integration pattern can be used to convert from synchronous communication to asynchronous communication.
D. The SOA Services in the SOI architecture should use only synchronous communication because SOA Services are inherently synchronous. All communication with back-end system should be asynchronous to decouple the SOA Services from the back-end systems.
E. The communication within the SOI architecture should be asynchronous and should follow the publish-and-subscribe integration pattern. The publish-and-subscribe pattern is the most flexible and provides the greatest decoupling and message throughput.
Answer: A
Explanation: When using synchronous communication the service consumer blocks until the service provider responds. This is usually the easiest type of communication to program in the consumer application. Thus, synchronous communication must be supported by the architecture.
Many applications included in integration scenarios do not provide a synchronous interface. Asynchronous communication is also used when the response time for the source system is too slow to support the timelines of the calling systems. Thus the architecture must support asynchronous communications.
Reference: Oracle Reference Architecture, Service-Oriented Integration, Release 3.0
Q56. You are developing an Integration component that uses customer data. The source system defines customer data in a different format than expected. Which of the following options best describes how you would develop the component?
A. Create an object representation of customer data and use itin the component.
B. Externalize the data transformation by mapping the source data format to a canonical data format.
C. The data formats are different, so it is not possible to develop the component.
D. Write data from the source system into a database and read it back in the expected format.
Answer: A
Explanation:
Note: It is quite common to encounter use cases that require transformation of information from one format to another, especially in the area of enterprise integration. Source systems and target systems may use very different representations of data and in some cases, a canonical data model might be used as a common intermediate format. In some cases, the transformation is a simple field-to-field mapping whereas in other cases it is a complex manipulation and conversion of data. It should be possible to visually map the source and target representations with the ability to enrich the elements to support both simple and complex data transformations.
Q57. Which WebCenter product Improves efficiency and productivity by enabling users to connect with others, regardless of their location, via web and voice conferencing, instant messaging, presence, and chat rooms?
A. Oracle WebCenter Intelligent Collaboration
B. Oracle WebCenter Anywhere
C. Oracle WebCenter Real-Time Collaboration
D. Oracle WebCenter Spaces
Answer: C
Explanation: Oracle WebCenter Real-Time Collaboration improves efficiency and productivity by enabling users to connect and collaborate with others via instant messaging, presence, chat rooms, and web and voice conferencing. It complements other Enterprise 2.0 services available in Oracle WebCenter by offering real-time collaboration capabilities to users who require direct interaction and immediate response.
Q58. Which of the following are strategies for alert management with Oracle Enterprise Manager?
A. controlling the volume of alerts
B. removing unwanted alerts
C. centralized filtering of alerts
D. automating fix for common alerts
Answer: B,D
Explanation: B: New in Enterprise Manager 10g Release 5 (10.2.0.5)
Alert Management Enhancements: Administrators can better manage their log-based alerts (e.g., alert log alerts) by setting duration-based notification rules that clear such alerts on a periodic basis, or by using new EMCLI verbs that support bulk clearing of such alerts.
D: New in Enterprise Manager 10g Release 5 (10.2.0.5)
Alert Management Enhancements: On-demand evaluation of alerts allow administrators to quickly verify whether the fixes implemented for alerts result in clearing of the alert.
Note: Advanced alert management
Q59. Which statement best describes the mapping of User Interaction logical architecture layers to deployment tiers?
A. The web tier and the application tier together map to the service layer, while the dates tier is an example of the resource layer component.
B. The web tier and the application tier together map to the client layer, while the data tier is an example of the resource layer component.
C. The web tier fulfills the majority of the client layer capabilities; the application tier maps to the service layer; the data tier is an example of the resource layer component.
D. The Logical view and Deployment view of the User Interaction architecture do not map effectively from one to the other because other intermediate views are needed.
Answer: D
Explanation:
Note: There are a myriad of ways that the architecture can be deployed within an enterprise.
The types and number of physical servers is determined based on company preferences and expected computational load. The actual products that are used to realize the architecture may also have significant impact on the deployment choices.
Reference: Oracle Reference Architecture, User Interaction, Release 3.0
Q60. Which of the following statements are true about defense-in-depth strategy?
A. It saves money by allowing organizations to remove costly perimeter security Infrastructure.
B. It is a strategy designed to win the battle by attrition. It consists of multiple security measures at various levels as opposed to a single barrier.
C. It includes security measures for the network, the operating system, the application, and data.
D. Due to network overhead issues, it should not be used in a distributed computing environment such as SOA or cloud computing.
E. It is a good strategy to protect an organization from insider threats.
Answer: B,C,E
Explanation: Defense in depth is a security strategy in which multiple, independent, and mutually reinforcing security controls are leveraged to secure an IT environment.
The basic premise is that a combination of mechanisms, procedures and policies at different layers within a system are harder to bypass than a single or small number security mechanisms. An attacker may penetrate the outer layers but will be stopped before reaching the target, which is usually the data or content stored in the 'innermost' layers of the environment. Defense in depth is also adopted from military defense strategy, where the enemy is defeated by attrition as it battles its way against several layers of defense.
Defense in depth should be applied so that a combination of firewalls, intrusion detection and prevention, user management, authentication, authorization, and encryption mechanisms are employed across tiers and network zones.
The strategy also includes protection of data persisted in the form of backups and transportable/mobile devices. Defense in depth should take into account OS and VM hardening as well as configuration control as means of preventing attackers from thwarting the system by entering via the OS or by tampering with application files.
Reference: Oracle Reference Architecture,Security, Release 3.1