nerdexam
Oracle

1Z0-062 · Question #182

Which activity is audited by default and recorded in the operating system audit trail irrespective of whether or not database auditing is enabled?

The correct answer is B. execution of SQL statements by users connected with the SYSDBA privilege. Oracle always writes privileged connection activity to the OS audit trail by default, independent of any database-level audit configuration.

Implementing Oracle Database Auditing

Question

Which activity is audited by default and recorded in the operating system audit trail irrespective of whether or not database auditing is enabled?

Options

  • Aconfiguration of unified auditing mode
  • Bexecution of SQL statements by users connected with the SYSDBA privilege
  • Cusage of the AUDIT statement
  • Dcreation of a fine grained audit policy

How the community answered

(39 responses)
  • A
    3% (1)
  • B
    87% (34)
  • C
    3% (1)
  • D
    8% (3)

Why each option

Oracle always writes privileged connection activity to the OS audit trail by default, independent of any database-level audit configuration.

Aconfiguration of unified auditing mode

Configuring unified auditing mode is an administrative action that is not automatically captured in the OS audit trail by default.

Bexecution of SQL statements by users connected with the SYSDBA privilegeCorrect

When a user connects with the SYSDBA or SYSOPER privilege, Oracle unconditionally records that activity to the operating system audit trail (the audit file destination), regardless of whether unified or traditional database auditing is enabled. This is a mandatory security control because SYSDBA access bypasses all database access controls, so an OS-level record that cannot be tampered with from within the database is required. This behavior is controlled by the AUDIT_SYS_OPERATIONS parameter, which defaults to TRUE in modern Oracle versions.

Cusage of the AUDIT statement

Issuing the AUDIT statement changes database audit policy but is itself not automatically written to the OS audit trail independent of database auditing settings.

Dcreation of a fine grained audit policy

Creating a fine-grained audit policy is a DDL operation inside the database and is not automatically captured in the OS audit trail by default.

Concept tested: Mandatory OS audit trail for SYSDBA connections

Source: https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/administering-the-audit-trail.html

Topics

#auditing#default auditing#OS audit trail#SYSDBA privilege

Community Discussion

No community discussion yet for this question.

Full 1Z0-062 Practice