Oracle IT Architecture Essentials
Question No: 71
Audit logging is a form of what type of access control mechanism?
Explanation: There are many different forms of access control, which in turn can be classified into
one or more categories.
Detective – Detective controls are meant to record all activities. They are passive systems that are aware of events but are not designed to prevent them from happening. Audit logging is a form of detective access control.
Reference: Oracle Reference Architecture,Security, Release 3.1
Question No: 72
A customer with an existing WebCenter portal wants to expand his client device list to include a variety of mobile devices beyond basic browser support. What Oracle products are available to enable this expansion?
OWC, OHS, ADF Mobile, and Java ME
OWCA, ADF Mobile, OPSS, and Java ME
OWC, OHS, and ADF Mobile
OWCIC, ADF Mobile, and Java ME
Explanation: Oracle HTTP Server (OHS) – provides a HTTP listener for Oracle WebLogic Server and the framework for hosting static content, dynamic content, and
applications over the Web.
Java Platform, Micro Edition (Java ME)(not C):meets the needs of developers creating applications for the consumer and embedded markets. No other technology
provides such robust applications across so many types of size-constrained wireless and wireline devices, from mobile phones and PDAs to set-top boxes and vehicle telematics.c
Reference: Oracle Reference Architecture, User Interaction, Release 3.0
Question No: 73
Conceptually, management and monitoring capabilities consist of which of the following?
consolidating administration tasks for a variety of infrastructure components
homogeneous support for IT management environments
skilled architects to perform root-cause analysis
allowing enterprises to define, model, capture, and consolidate monitoringinformation into a single framework
Question No: 74
Because each back-end system is running in a separate process, any integration architecture is required to cross multiple process boundaries. A Service-Oriented Integration (SOI) architecture also introduces SOA Services that run in their own process, thus adding more process boundaries to be crossed. What approaches can be employed to reduce the performance impact of crossing multiple process boundaries?
There is nothing that can be done because process boundaries are just part of any integration architecture.
The SOA Services should expose larger-granularity operations to reduce the number of s-calls, which reduces the number of times process boundaries are crossed.
Service composition should be used to reduce the number of SOA Services that are exposed to the clients
The SOA Services should use XML-based request-and-response messages because XML is a platform- (and hence process-) neutral format.
The SOA Services can encapsulate multiple layers of theSOI architecture to reducenumber of service calls, which reduces the number of process boundaries being crossed.
Explanation: Each time a process boundary is crossed there are performance impacts from the
network and message marshalling and de-marshalling. This is a primary reason why SOA Services should expose relatively course-grained interfaces (B).
This is also a reason why a service implementation might span multiple layers in the architecture .(E)
Reference: Oracle Reference Architecture, Service-Oriented Integration, Release 3.0, Process Boundaries
Question No: 75
There are a number of ways to classify applications in order to assess business risks and assign appropriate security policies. Which of the following is not described as a primary means to classify an application?
by the user community it serves, such as HR, finance, all employees, general public, and so on
by the information it handles, such as classified information, personal information, publicly availableinformation, and so on
by business criticality, such as revenue-generating applications versus informational applications
by technology and/or vendor, such as .NET versus Java, and so on
by the applicability of existing laws and regulations pertaining to privacy, auditing, and access control
Explanation: Applications can be classified in a number of ways, such as:
By the user community it serves, such as HR, Finance, company executives, all employees, all persons working on behalf of the company (includes contractors and temporary workers), general public, etc. (not A)
Based on information confidentiality. Some applications process personal information while others do not. Likewise, in military terms, an application might be targeted towards individuals with a specific level of clearance. (not B)
Based on business criticality. Some applications may have a direct and severe contribution or impact to revenue. Examples include order processing, credit card processing, call processing, securities trading, and travel reservations. Others may have little or no impact. (not C)
Based on the applicability of existing laws and regulations. For example, HIPPA puts more security emphasis on patient records than would otherwise exist. (not E)
Based on network exposure. Levels might include: locked down (no network access), secure production environment access, general organization-wide intranet access, partner access, Internet access limited to a specific user community, and Internet access open to the public.
Reference: Oracle Reference Architecture,Security, Release 3.1
Question No: 76
Which statement best describes the reason why the Oracle Reference Architecture defines both a Service Contract and a Usage Agreement?
The Usage Agreement is a reusable portion of the Service Contract that can be shared by other Service Contracts.
The Usage Agreement defines how to use the SOA Service. The Service Contract defines the functionality provided by the SOA Service.
The Service Contract is the reusable portion of the Usage Agreement that can be shared by other Usage Agreements.
Defining both Usage Agreement and Service Contract provides a decoupling between service consumers and service providers.
The Service Contract defines the technical specifics of the SOA Service. The Usage Agreement defines the business aspects of the SOA Service.
Explanation: The usage agreement is not part of the Service; rather it defines what a particular service
consumer is entitled to consume from the Service.
Having both a usage agreement and a service contract provides a decoupling between the service provider and service consumer. This not only facilitates reuse but also provides a separation of concerns. The service contract defines the totality of what the Service guarantees to provide, and can be written and validated independent of any knowledge of specific service consumers. The usage agreement is service consumer specific and defines what capabilities of the Service each consumer is allowed to consume.
Reference: Oracle Reference Architecture,SOA Foundation, Release 3.1
Question No: 77
Which of the following are examples of dynamic modeling?
Explanation: Static modeling focuses on capturing the instance attributes and snapshots of
nodes and objects. Dynamic modeling generally refers to one or both of the following
Behavior modeling that focuses on the internal state changes
Interaction modeling that focuses on external collaborations.
Note: Modeling is a prime and foremost activity of the engineering process. Modeling bridges the gap between business and technology worlds through the language common to both sides.
Reference: Oracle Reference Architecture,Software Engineering, Release 3.0
Question No: 78
The Oracle Reference Architecture (ORA) contains both horizontal and vertical architectural layers. Which statements best describe the layers within ORA?
Lavers only provide a means to partition the capabilities encompassed by ORA and have no significance.
Horizontal layers are used to depict that upper layers build on the capabilities provided by lower layers
Vertical layers are used to depict capabilities applied across all the horizontal layers.
Horizontal layers are used to signify that the lower layers can be accessed only via the upper layers.
Vertical layers are used to depict enterprise-wide capabilities, whereas horizontal layers departmental capabilities.
Horizontal layers are stateful, whereas vertical layers are stateless.
Explanation: B: The horizontal layers illustrate that upper layers build upon or use the capabilities of
Examples: Shared Infrastructure, Information Management, Information Assets, Application Infrastructure
C:Layers depicted vertically are orthogonal to the horizontal layers and apply across the entire platform, working in conjunction with horizontal layers to provide a complete solution.
Examples: Enterprise Development, Enterprise Security, Enterprise Management
Note: In order to promote modularity and encapsulation, an architecture will usually be divided into layers. Each layer has a specific purpose and leverages technologies, standards, and products designed specifically to address that purpose. Layers generally build upon the layers below and provide benefits and capabilities to the layers above.
The ORA diagram in the figure below illustrates the many aspects of enterprise computing in the form of horizontal and vertical layers
Question No: 79
Oracle Entitlements Server (OES) provides fine grained authorization capabilities that, along with Oracle Access Manager (OAM), comprise the XACML based Authorization Service. What factors should be considered when choosing how to specify and deploy OES policy decision points (PDPs)?
If a policy enforcement point exists in the DMZ, then a remote PDP should be deployed behind the inner firewall.
If both OAM and OES are used, then OES should be configured to use the PDP embeddedin OAM.
OES includes a security provider for Oracle WebLogic Server that will handle policy decisions locally.
Oracle Advanced Security includes a universal stand-alone PDP that provides access for Java, NET, and SOAP clients.
It is best to use a local PDP whenever possible to avoid network calls between the PEP and PDP. A remote PDP ran be used when a local PDP is not available for the client technology, or for other various exceptional cases.
Explanation: A, E:Policy decision points (PDPs) for computingnodes located outside the secure environment. For example, web servers located in theDMZ might leverage a central PDP, deployed behind a firewall. Policy enforcement is
still local to the web servers but decisions are made remotely.
C: OES integrates with OPSS (and other security platforms) to enable the use of local PEPs and PDPs. OPSS is a standards-based Java framework of plug-in security services and APIs.
It provides the platform security for Oracle WebLogic Server.
Note: OES is a fine-grained authorization engine that simplifies the management of complex entitlement policies. The authorization engine includes both local and centralized PDPs. OES integrates with OPSS (and other security platforms) to enable the use of local PEPs and PDPs. Policy administration is centralized, providing a broad perspective of access privileges, yet delegated, enabling multiple stakeholders to maintain the policies that affect them.
Note 2: PDP – Policy Decision Point, where policy is evaluated and a decision is made.
PDPs may be distributed throughout the IT environment and physically co-located with PEPs to avoid network latency.
Note 3: PEP – Policy Enforcement Point, where permit/deny access decisions are enforced. This is generally included in SOA Service or application infrastructure, such as
J2EE containers that manage security. It may also be represented as custom code within a SOA Service or application, providing fine grained entitlements
Reference: Oracle Reference Architecture, Security , Release 3.1
Question No: 80
Which statement best describes the use of point-to-point integrations within a Service- Oriented Integration (SOI) architecture?
point-to-point integrations using web services are an Integral part of SOI and should be used extensively.
Only web service-based point-to-point integrations are allowed (but discouraged).
Point-to-point integrations should be avoided but are allowed as exceptions when requirements can be met only by point-to-point integration.
Point-to-point integrations are brittle and expensive to maintain and therefore should never be used.
Explanation: Avoid Point-to-Point Integrations. Point-to-point integrations are brittle, inflexible, and expensive to maintain. There are cases where point-to-point integrations are required but these should be handled as exception cases. Example exceptions include performance requirements that can only be met using point-to-point connections and when large
amounts of data must be moved.
Reference: Oracle Reference Architecture, Service-Oriented Integration, Release 3.0
|Lowest Price Guarantee||Yes||No||No|
|Free VCE Simulator||Yes||No||No|