Oracle
1Z0-052 · Question #48
1Z0-052 Question #48: Real Exam Question with Answer & Explanation
The correct answer is B. Create the role as a secure application role.. A secure application role delegates role-enabling logic to a PL/SQL stored procedure, eliminating any need for hardcoded passwords in application code or database tables.
Administering User Security
Question
You want to create a role to meet these requirements: 1. The role is to be protected from unauthorized usage. 2. The password of the role is not to be embedded in the application source code or stored in a table. Which method would you use to restrict enabling of such roles?
Options
- ACreate the role with external authentication.
- BCreate the role as a secure application role.
- CCreate the role as a password-protected role.
- DCreate a role and use Fine-Grained Access Control (FGAC) to secure the role.
Explanation
A secure application role delegates role-enabling logic to a PL/SQL stored procedure, eliminating any need for hardcoded passwords in application code or database tables.
Common mistakes.
- A. An externally authenticated role relies on OS credentials for role assignment but does not provide the application-level policy enforcement needed to meet both requirements without relying on OS identity.
- C. A password-protected role requires the application to supply the password at runtime, which must either be hardcoded in source code or stored in a database table - directly violating requirement 2.
- D. Fine-Grained Access Control (VPD/FGAC) restricts data access at the row or column level and is not a mechanism for controlling role enablement or protecting the role activation process.
Concept tested. Oracle secure application roles using PL/SQL packages
Topics
#secure application role#role authentication#application security#role protection
Community Discussion
No community discussion yet for this question.