QUESTION NO: 1
Which three actions can be performed by using the DBMS_ASSERT package to prevent SQL
injection? (Choose three.)
A. Detect a wrong user.
B. Check input string length.
C. Verify qualified SQL names.
D. Validate TNS connect strings.
E. Verify an existing schema name.
F. Enclose string literals within double quotation marks.
Answer: C,E,F
QUESTION NO: 2
Examine the settings for a user session given below:
RESULT_CACHE_MODE= FORCE
What would be the implications of this setting on query execution? (Choose all that apply.)
A. All query results are stored in the result cache if possible.
B. Query results that are bigger than the available space in the result cache are not cached.
C. Query results are stored only when you explicitly use the /*+ result_cache */ hint in your query.
D. Query results are stored even when you explicitly use the /*+ no_result_cache */ hint in your
query.
Answer: A,B
QUESTION NO: 3
When do you use static SQL as a technique for avoiding SQL injection?
A. when the WHERE clause values are unknown
B. when the code contains data definition language (DDL) statements
C. when all Oracle identifiers are known at the time of code compilation
D. when the SET clause values are unknown at the time of code compilation
Answer: C
QUESTION NO: 4
Identify three guidelines for the DBMS_ASSERT package. (Choose three.)
A. Prefix all calls to DBMS_ASSERT with the SYS schema name.
B. Embed DBMS_ASSERT verification routines inside the injectable string.
C. Escape single quotes when you use the ENQUOTE_LITERAL procedure.
D. Define and raise exceptions explicitly to handle DBMS_ASSERT exceptions.
E. Prefix all calls to DBMS_ASSERT with a schema name that owns the subprogram that uses the
DBMS_ASSERT package.
Answer: A,C,D
QUESTION NO: 5
Which two statements are true about associative arrays and varrays? (Choose two.)
A. Only varrays must use sequential numbers as subscripts.
B. Only varrays can be used as column types in database tables.
C. Both associative arrays and varrays must use sequential numbers as subscripts.
D. Both associative arrays and varrays can be used as column types in database tables.
Answer: A,B
QUESTION NO: 6
Which two statements are true about the query results stored in the query result cache? (Choose
two.)
A. If any of the tables used to build a query is modified by an ongoing transaction in the current
session, the query result is not cached.
B. A query result based on a read-consistent snapshot of data that is older than the latest
committed version of the data is not cached.
C. Adding the RESULT_CACHE hint to inline views enables optimizations between the outer
query and the inline view, and the query result is cached.
D. A query result for a query that has a bind variable is stored in the cache and is reused if the
query is equivalent even when the bind variable has a different value.
Answer: A,B
QUESTION NO: 7
Which statements are true about temporary LOBs? (Choose all that apply.)
A. They can be created only for CLOB and NCLOB data.
B. They can be accessed only by the user who creates them.
C. They generate more redo information than persistent LOBs.
D. They exist for the duration of the session in which they are created.
E. They are stored temporarily in the default tablespace of the user who creates them.
Answer: B,D
QUESTION NO: 8
Identify the method that is used by fine-grained access (FGA).
A. using policy functions to generate predicates dynamically
B. creating triggers on corresponding tables to generate dynamic predicates
C. modifying the existing application code to include a predicate for all SQL statements
D. creating views with necessary predicates, and then creating synonyms with the same name as
the tables
Answer: A
QUESTION NO: 9
Identify two strategies against SQL injection. (Choose two.)
A. Using parameterized queries with bind arguments.
B. Use subprograms that are run with the definer's right.
C. Use RESTRICT_REFERENCE clauses in functions that use dynamic SQLs.
D. Validate user inputs to functions that use dynamic SQLs built with concatenated values.
Answer: A,D
QUESTION NO: 10
Identify the component of the PL/SQL hierarchical profiler that uploads the result of profiling into
database tables.
A. the trace file component
B. the analyzer component
C. the shared library component
D. the data collection component
Answer: B
I hope you must have find these questions very helpful. If you want to get complete set of real exam questions and their answer please visit our FAQ's section to know more.
