Sei sulla pagina 1di 3
0 More Next Blog» Create Blog Sign In
0
More
Next Blog»
Create Blog
Sign In

W

e

d

n

e

s

d

a

y

,

1

OBIEE 11g Security Questions Part 2

21) Assigning an application role to be a member of a Catalog group creates complex group inheritance and maintenance situations and is not considered a best practice.

22) You use

permissions for application roles, and set access privileges for objects such

as subject areas and tables.

Ans) you use Identity Manager in the Oracle BI Administration Tool to manage permissions for application roles, and set access privileges for objects such as subject areas and tables.

in the Oracle BI Administration Tool to manage

23) Modify parameter in FMW_UPDATE_ROLE_AND_USER_REF_GUIDSparameter in Ans) NQSConfig.INI:

24) The default application roles are BI Administrator, BI Consumer, and BI Author.

25) When a user acts as proxy user for a target user, which mode of access allows only read only access to the target user's objects?

Ans) The following list describes the proxy levels:

· Restricted — Permissions are read-only to the objects to which the target user has access. Privileges are determined by the proxy user's account (not the target user's account). For example, suppose a proxy user has not been assigned the Access to Answers privilege, and the target user has. When the proxy user is acting as the target user, the target user cannot access Answers.

· Full — Permissions and privileges are inherited from the target user's account.

26) If a user belongs to two application roles or Catalog groups and both are granted permissions (neither denied), then the most restrictive permissions are given to the user. Ans) false

27) If a user belongs to two application roles or Catalog groups and both are granted permissions, then the least restrictive permissions are given to the user. The exception to this is if one of the two application roles or Catalog groups is explicitly denied the permissions, in which case the user is denied.

28) If you log in to the Administration Tool in online mode, then you can view all users from the Web Logic Server. If you log in to the Administration Tool in offline mode, then you can only view users that are stored in the repository. Ans) true

29) True or False: You cannot disable the Web Logic Server LDAP as an authenticator as it is required in case other authenticators fail. Ans) false

F

Search This Blog

3

e

b

r

authenticators fail. Ans) false F Search This Blog 3 e b r Posts 2014 (3) 2013

Posts

2014 (3)

2013 (54)

July (4)

May (2)

April (9)

March (6)

u

a

Search
Search

OBIEE11g Security Questions Part 2

►

January (13)

2012 (34) 2012 (34)

2011 (7) 2011 (7)

Google+Followers

Note: You may have your own LDAP directory (for example Oracle Internet Directory) that you may want to use as the default authenticator, and disable the Web Logic Server default authenticator. Having a single source authentication provider prevents user names and passwords being derived from multiple authentication sources, which could lead to multiple points of attack, or entry from unauthorized users.

30) When configuring an alternate authentication provider, setting the Control Flag to this value means the Login Module need not succeed. If it does succeed, return control to the application. If it fails and other Authentication providers are

r

y

configured, authentication proceeds down the Login Module list. Ans) SUFFICIENT: This Login Module need not succeed. If it does succeed, return control to the application. If it fails and other Authentication providers are configured, authentication proceeds down the Login Module list.

31) True or False: database authentication for OBIEE 11g is based on database user accounts. Ans) false Note: A suitable database schema containing the users, credentials and groups required for authentication, must be accessible from the Web Logic Server on which Oracle BI EE is running.

32) OPSS is the underlying platform on which the Oracle Fusion Middleware security framework is built. What does OPSS stand for? Ans) Oracle Platform Security Services (OPSS) is the underlying platform on which the Oracle Fusion Middleware security framework is built. 33) True or False: In Oracle Business Intelligence Release 11g the entire repository is encrypted using a key derived from a user supplied password. Ans) true

34) In Oracle Business Intelligence Release 11g the entire repository is encrypted using a key derived from a user supplied password. Note: A Release 11g repository can only be opened with the password. There is no mechanism for recovering a lost password.

35) If you want to enable user Fred to perform BIAuthors and BI Administrator

duties, you might create a new

BIAuthors privileges and BI Administrators privileges Ans) if you want to enable user Fred to perform BIAuthors and BI Administrator duties, you might create a new application role called BI Manager, which has both BIAuthors privileges and BI Administrators privileges

called BI Manager, which has both

36) True or False: The BI System Role must exist (with the BI Administrator role), for Oracle Business Intelligence to function correctly. Ans) True. Note: The BI System Role must exist (with the BIAdministrator role), for Oracle Business Intelligence to function correctly.

37) To use a database as the authentication provider, you must set up a

Ans: SQLAuthenticator

38) True or False: Explicitly denying a Presentation Services privilege takes precedence over user access rights either granted or inherited as a result of group or application role hierarchy. Ans: True

39) Presentation Services privileges can be granted to users both explicitly and by inheritance. However, explicitly denying a Presentation Services privilege takes precedence over user access rights either granted or inherited as a result of group or application role hierarchy.

40) The Oracle Business Intelligence default credential store is file-based, also known as being wallet-based, and is represented by the file Ans) the Oracle Business Intelligence default credential store is file-based, also known as being wallet-based, and is represented by the file cwallet.sso.

41) To enable high availability of the default embedded Oracle WebLogic Server LDAP identity store in a clustered environment, you configure the attribute. Ans) to enable high availability of the default embedded Oracle WebLogic Server LDAP identity store in a clustered environment, you configure the virtualize attribute. When you set the virtualize attribute value to true, Managed servers are able to use a copy of the embedded default Oracle WebLogic Server LDAP identity store.

42) If you are deploying the default Policy Store, then Oracle recommends that

you make a copy of the original location. Ans) system-jazn-data.xml

policy file and place it in a safe

43) Embedded LDAP Server → Oracle WebLogic Server Administration Console, Policy Store, Credential Store → Oracle Fusion Middleware Control, RPD → Oracle BI Administration Tool , Web catalog → Presentation Services Administration --- Correct

Ans) Oracle WebLogic Server Administration Console: LDAP Server Oracle Fusion Middleware Control: Policy Store, Credential Store Oracle BI Administration Tool: RPD

Presentation Services Administration: Web catalog

Posted by Avinash at 17:00
Posted by Avinash at 17:00

Recommend this on Google

No comments:

Post a Comment

Enter your comment

Comment as:

Select profile
Select profile
PPuubblliisshh
PPuubblliisshh
PPrreevviieeww
PPrreevviieeww

Subscribe to: Post Comments (Atom)

sharing the knowledge about OBIA & OBIEE(10g&11g). Simple template. Powered by Blogger.