The Oracle Reference Architecture provides a specific definition of SOA Service. Which statement best describes the relationship between SOA Service and Web Service?
Answer : C
Explanation: In service-oriented integration the consumer is decoupled from the source system via the SOA Service that encapsulates and abstracts the source systems behind a service interface. Consumers of the SOA Service should need no details about the underlying source system. They should base the service usage solely on the contract provided by the SOA Service.
Unfortunately, simply adding a wrapper (e.g. Web service) to an existing system does not eliminate point-to-point integration. In fact point-to-point integration can be accomplished quite nicely using Web service interfaces. To be truly service-oriented, the SOA Services created must be well designed and constructed so the source system details do not bleed through. Service infrastructure that provides capabilities such as service discovery and routing is also essential to decouple service providers and consumers.
Reference: Oracle Reference Architecture, Service-Oriented Integration, Release 3.0
When mapping Oracle Products onto the Logical view, what is the best approach?
Answer : C
Explanation: Oracle offers a comprehensive SOA solution through a suite of SOA products. Oracle
Fusion Middleware products cover the needs of the SOA infrastructure end-to-end.
The figure below shows the mapping of Oracle products to the SOA logical components.
Management of services is extremely important in SOA environments, where services are integrated, reused, and constantly changed. Oracle Enterprise Manager (OEM) simplifies monitoring and managing SOA environments. It addresses each of the challenges by helping model, monitor, and manage the SOA environment.
The products referred in the figure are:
* OSB - Oracle Service Bus
* OSR - Oracle Service Registry
* OER - Oracle Enterprise Repository
* OWSM - Oracle Web Service Management
* OEM - Oracle Enterprise Manager (with SOA management pack)
* IdM - Identity and Access Management
There isn't necessarily a one to one mapping between logical
architecture components and products. While some products target a specific logical need, most provide additional features, such as monitoring, management, and security.
Note:
The SOA infrastructure capabilities can be grouped into the following logical components as shown in Figure below.
* Service Bus
* SOA Security Framework
* Service Registry
* Metadata Repository
* Monitoring Framework3-2 ORA SOA Infrastructure
* Management Framework
Reference: Oracle Reference Architecture, SOA Infrastructure, Release 3.0
What additional functions might an authentication service perform aside from performing basic authentication?
Answer : E
Explanation: The authentication service can detect when the user's password needs to be reset or changed and redirect the user to a self-service management interface.
Reference: Oracle Reference Architecture,Security, Release 3.1
What best describes the best practice deployment of Metadata Repository?
Answer : A
Explanation: A metadata repository is used as a common repository for managing metadata of different applications. Many applications use the MDS repository to manage their metadata. Each deployed application uses a logical partition in metadata repository.
This logical partition also helps in maintaining the metadata lifecycle. Before deploying a application, you create a partition for it in MDS repository. This command creates a partition with the given name in the specified repository.
Note: The Metadata repository provides a centralized holding area for a great deal of SOA related information that will be utilized at design time to construct additional services and applications. The repository also provides the primary means for service discovery. In many ways, the service repository can be utilized as the center point for service oriented design.
Which statement best describes how the Oracle Reference Architecture (ORA) combines different Technology Perspectives?
Answer : D
Explanation: The intent of SOA is to provide common reusable SOA Services that can be leveraged by a variety of consumers. SOA Services are made available to various types of service consumers in order to rationalize the way business functions are performed and enterprise data is managed. Its modular architecture approach promotes reuse and business agility, and the use of widely adopted technology standards improves interoperability between business solutions.
Service consumers consist of various types of business solutions, such as BPM, EDA,
MDM, BI.
SOA Services can also act as service consumers.
ORA provides a framework to describe how various technology perspectives are related.
Note:The reference architecture is designed to support an expanding list of technology strategies. It is also important that the various technology perspectives can be easily combined since they are very much complementary.
ORA embraces service orientation at the core so that services provide a consistent mechanism to expose and combine various technologies and the capabilities.
A high-level conceptual model for SOA is used to illustrate how technology perspectives consume and provide SOA Services.
Reference: Oracle Reference Architectureand Service Orientation, Release 3.0
Which product provides the standard communication protocols (for example, HTTPS) between the Client Tier and the Service Tier as well as Message Security?
Answer : A
Explanation: Oracle Platform Security Services comprises Oracle WebLogic Server's internal security framework and Oracle's security framework (referred to as Oracle Platform
Security). OPSS delivers security as a service within a comprehensive, standards-based security framework.
The Security Services includes SSL:Hypertext Transfer Protocol Secure (HTTPS) is a combination of Hypertext Transfer Protocol (HTTP) with SSL/TLS protocol.
Note:Oracle Platform Security Services (OPSS) provides enterprise product development teams, systems integrators (SIs), and independent software vendors (ISVs) with a standards-based, portable, integrated, enterprise-grade security framework for Java
Standard Edition (Java SE) and Java Enterprise Edition (Java EE) applications.
OPSS provides an abstraction layer in the form of standards-based application programming interfaces (APIs) that insulate developers from security and identity management implementation details. With OPSS, developers dont need to know the details of cryptographic key management or interfaces with user repositories and other identity management infrastructures. Thanks to OPSS, in-house developed applications, third-party applications, and integrated applications benefit from the same, uniform security, identity management, and audit services across the enterprise.
OPSS is the underlying security platform that provides security to Oracle Fusion
Middleware including products like WebLogic Server, SOA, WebCenter, ADF, OES to name a few. OPSS is designed from the ground up to be portable to third-party application servers. As a result, developers can use OPSS as the single security framework for both
Oracle and third-party environments, thus decreasing application development, administration, and maintenance costs.
Reference: Oracle Fusion Middleware Security Overview, 11g Release 1, About Oracle
Platform Security Services -
Which of the following statements pertaining to role-based and group-based user classifications are true?
Answer : C,E
Explanation: A group is a set of users, classified by common trait.
A role is an abstract name for the permission to access a particular set of resources in an application.
Multiple users can be mapped to a role.
Users can be mapped to multiple roles.
Incorrect answers -
A, B: Just wrong.
D: A group is a collection of users, but a role does not need to be a collection of groups.
Note: Given the potentially large number of users of a system, access privileges are generally not assigned at the user level. Instead, users are assigned to groups (mimicking the organizational structure of a company), or roles (defined based on job functions that users perform), or some combination of the two. Access privileges are then assigned to groups and/or roles. The most natural case is that they are assigned to roles, since roles align more closely with operations users naturally perform to accomplish their job. The industry term for this is Role-Based Access Control (RBAC). RBAC is more flexible than defining access rights based on usernames or static groups and enables an organization to be more versatile when allocating resources.
With RBAC the system must determine if the subject (user or client) is associated with a role that has been granted access to a resource. This process of user to role ascertainment is called role mapping.
You are designing a mission-critical application that requires high performance. Your analysis concludes that Oracle Exadata would enable you to meet the performance goals.
What characteristics of Oracle Exadata make it possible to provide such superior performance?
Answer : A
Explanation: To overcome the limitations of conventional storage, Oracle Exadata Storage
Servers use a massively parallel architecture to dramatically increase data bandwidth between the database server and storage. Innovative technologies such as Exadata Smart
Scan, Exadata Smart Flash Cache, and Hybrid Columnar Compression enable Exadata to deliver extreme performance for everything from data warehousing to online transaction processing to mixed workloads.
Identify the true statements in the following list.
Answer : A,C,D,G
Explanation: C: AJAX is short for Asynchronous JavaScript And XML, which essentially limits the term to the set of RIA (Rich Internet Application) solutions based on JavaScript.
D: The Advanced Research Projects Agency created ARPA-net. Internet was developed from ARPA-net.
Note: A Rich Internet Application (RIA) is a Web application that has many of the characteristics of desktop application software, typically delivered by way of a site-specific browser, a browser plug-in, an independent sandbox, extensive use of JavaScript, or a virtual machine. Adobe Flash, JavaFX, and Microsoft Silverlight are currently the three most common platforms, with desktop browser penetration rates around 96%, 76%, and
66% respectively (as of August 2011).
Which of the following statements is true with respect to virtualization?
Answer : A,C
Explanation: A: Computer hardware virtualization (or hardware virtualisation) is the virtualization of computers or operating systems. It hides the physical characteristics of a computing platform from users, instead showing another abstract computing platform.
C: Computer clusters have historically run on separate physical computers with the same operating system. With the advent of virtualization, the cluster nodes may run on separate physical computers with different operating systems which are painted above with a virtual layer to look similar. The cluster may also be virtualized on various configurations as maintenance takes place.
Reference: Oracle White Paper, The Most Complete and Integrated Virtualization: From
Desktop to Datacenter -
Audit logging is a form of what type of access control mechanism?
Answer : A
Explanation: There are many different forms of access control, which in turn can be classified into one or more categories.
Detective - Detective controls are meant to record all activities. They are passive systems that are aware of events but are not designed to prevent them from happening. Audit logging is a form of detective access control.
Reference: Oracle Reference Architecture,Security, Release 3.1
A customer with an existing WebCenter portal wants to expand his client device list to include a variety of mobile devices beyond basic browser support. What Oracle products are available to enable this expansion?
Answer : A
Explanation: Oracle HTTP Server (OHS) - provides a HTTP listener for Oracle WebLogic
Server and the framework for hosting static content, dynamic content, and applications over the Web.
Java Platform, Micro Edition (Java ME)(not C):meets the needs of developers creating applications for the consumer and embedded markets. No other technology provides such robust applications across so many types of size-constrained wireless and wireline devices, from mobile phones and PDAs to set-top boxes and vehicle telematics.c
Reference: Oracle Reference Architecture, User Interaction, Release 3.0
Conceptually, management and monitoring capabilities consist of which of the following?
Answer : A,D
Because each back-end system is running in a separate process, any integration architecture is required to cross multiple process boundaries. A Service-Oriented
Integration (SOI) architecture also introduces SOA Services that run in their own process, thus adding more process boundaries to be crossed. What approaches can be employed to reduce the performance impact of crossing multiple process boundaries?
Answer : B,E
Explanation: Each time a process boundary is crossed there are performance impacts from the network and message marshalling and de-marshalling. This is a primary reason why
SOA Services should expose relatively course-grained interfaces (B).
This is also a reason why a service implementation might span multiple layers in the architecture .(E)
Reference: Oracle Reference Architecture, Service-Oriented Integration, Release 3.0,
Process Boundaries -
There are a number of ways to classify applications in order to assess business risks and assign appropriate security policies. Which of the following is not described as a primary means to classify an application?
Answer : D
Explanation: Applications can be classified in a number of ways, such as:
* By the user community it serves, such as HR, Finance, company executives, all employees, all persons working on behalf of the company (includes contractors and temporary workers), general public, etc. (not A)
* Based on information confidentiality. Some applications process personal information while others do not. Likewise, in military terms, an application might be targeted towards individuals with a specific level of clearance. (not B)
* Based on business criticality. Some applications may have a direct and severe contribution or impact to revenue. Examples include order processing, credit card processing, call processing, securities trading, and travel reservations. Others may have little or no impact. (not C)
* Based on the applicability of existing laws and regulations. For example, HIPPA puts more security emphasis on patient records than would otherwise exist. (not E)
* Based on network exposure. Levels might include: locked down (no network access), secure production environment access, general organization-wide intranet access, partner access, Internet access limited to a specific user community, and
Internet access open to the public.
Reference: Oracle Reference Architecture,Security, Release 3.1