Oracle Access Management Suite Plus 11gEssentials v8.0 (1z0-479)

Page:    1 / 5   
Total 74 questions

Identify three uses of the Knowledge-Based Authentication functionality provided by Oracle
Adaptive Access Manager.

  • A. first authentication for forgot password
  • B. second factor authentication forchange password
  • C. offline SMS PIN-based authentication
  • D. high risk user authentication
  • E. user authorization


Answer : A,B,C

Your portfolio trading customer is using Oracle Entitlements Server (OES) to externalize authorization decisions from their share dealing application.
The trading customer has stipulated the following policy need to be implemented:
- Customers can purchase shared only if their credit limit is 20% higher than the value of the shares in their basket at checkout.
The value of basket and a customer's credit limit are both available in the application, and can be passed to OES as part of an authorization request if required.
You are looking to implement the most efficient policy within OES. Which three steps would you implement?

  • A. Configure a Policy Information Point (PIP) to retrieve the basket value and credit limit from an internal system.
  • B. Configure an authorization policy to include a condition that executes a custom function.
  • C. Configure the application to include the basket value and credit limit in the authorization request.
  • D. Create a custom function to calculate the difference between the basket value and the credit limit.
  • E. Use a PIP to call a web service that returns the calculated difference between the basket value and the credit limit.
  • F. Return an obligation that contains the difference value so that the application can decide whether to allow the transaction or not.


Answer : B,D,F

Identity two authentication engines that are available in Oracle Identity Federation (OIF)
11g.

  • A. LDAP
  • B. Flat File
  • C. MongoDB
  • D. JAAS
  • E. Excel File


Answer : A,D

Which two mechanisms does Oracle Access Manager provide for credential collection during authentication?

  • A. Embedded Credential Collector (ECC)
  • B. Security Store Collector (SSC)
  • C. Detached Credential Collector (DCC)
  • D. Security Token Services (STS)
  • E. CredentialSecurity Framework (CSF)


Answer : A,C

What would you need to configure to migrate all agents (WebGates) with different transport security modes from Oracle Access Manager 10g to Oracle Access Manager 11g in the same transport security mode.

  • A. Set themigration_modeproperty in theoam_migration.propertiesfile toCOMPLETE.
  • B. Set theagent_mode_to_overrideproperty in theoam_migration.propertiesfile to the new security mode.
  • C. Set theagent_mode_to_overrideproperty in theoam_migration.propertiesfile toRETAIN_EXISTING.
  • D. No configuration is required because this is done by default.


Answer : B

When defining an attribute on the Relying Party Partner Profile in Security Token Service, which three types of attribute sources are supported?

  • A. User Store (LDAP)
  • B. CSV File
  • C. Incoming Token Data
  • D. XML File
  • E. Static Value
  • F. User Store (Oracle Identity Analytics – Identity Warehouse)


Answer : A,C,E

How would you add support for additional Internet Identity Providers for Oracle Access
Management Mobile and Social, other than the preconfigured ones such as Facebook and
LinkedIn? (Choose the best answer.)

  • A. You do this by implementing theoracle.security.idaas.rp.spi.ServiceproviderJava interface.
  • B. Support for Internet Identity Providers is limited to the ones that are available out of the box from Oracle Access Management.
  • C. Support for Internet Identity Providers is enabled through the connectors built on the Identity Connector Framework (ICF).
  • D. You do this by implementing theoracle.security.idaas.rp.spi.IdentityProviderJava interface.


Answer : D

Explanation:
Referencehttps://docs.oracle.com/cd/E37115_01/admin.1112/e27239/oicconfiginetidentitys rvcs.htm#AIAAG8280

Which protocol does WebGate use to communicate with the Access Manager server?
(choose the best answer.)

  • A. TCP
  • B. HTTP
  • C. SSL
  • D. Oracle AccessProtocol (OAP)
  • E. Policy Administration Protocol (PAP)


Answer : C

Explanation: http://docs.oracle.com/cd/E25178_01/doc.1111/e15478/keytool.htm

Which two features of Oracle Access Management Mobile and Social are supported only when it is integrated with Oracle Adaptive Access Manager?

  • A. multi-step authentication (knowledge-based authentication and one-time password support)
  • B. JWT token support for authentication and authorization
  • C. ability to uniquely identify connecting mobile devices (device fingerprinting)
  • D. relying party support for Internet-based Identity Provides (Facebook, Google, Twitter, LinkedIn, and Yahoo)
  • E. basic (limited) device security checks during device registration and access requests


Answer : A,C

Which three statements are true about OAM-OAAM advanced integration?

  • A. Advanced integration using Trusted Authentication Protocol (TAP) is available for OAAM 11.1.1.5.0 and later only.
  • B. Advanced integration without using TAP does not require the OAAM Managed Server, whereas advanced integration using TAP requires the OAAM Managed Server.
  • C. Advanced integration with TAP works with both WebGate 10g and 11g, whereas advanced integration without TAP works with WebGate 10g only.
  • D. Advanced integration with TAP works with WebGate 10g only, whereas advanced integration without TAP works with both WebGate 10gand 11g.
  • E. In case of advanced integration using TAP, OAM acts as an asserter and not an authenticator.


Answer : B,C,E

Which are the four valid token types that Oracle Mobile and Social can return to a mobile client on authentication?

  • A. SAML Token
  • B. User Token
  • C. SecurID Token
  • D. Access Token
  • E. Client Registration Handle
  • F. Client Token
  • G. LTPA Token


Answer : B,C,E,F

How would you configure an authentication policy for federation in Oracle Access
Management 11gR2?

  • A. There are no authentication policies for federation.
  • B. Authentication policies are defined in the Oracle Identity Federation (OIF) console.
  • C. Authentication policies are definedin the Oracle Access Management console for each domain.
  • D. Authentication policies are provided in assertions.


Answer : C

Your customer has deployed an employee portal that you have protected with Oracle
Access Manager (OAM). The customer now wants a new portlet added to the home page to display the employee's salary details. The portlet will obtain the information through a call an internally exposed web service. Your customer has defined the following security requirements for the new portlet:
1. Employees must be authenticated through risk-based authentication before they can access the portal.
2. The web service must be secured from unauthenticated calls.
3. All security logic for the web service must be external to the web service.
4. The web service should return salary details only if the user's authentication risk score is below 500.
Which four steps must you perform to meet the requirements for the new portlet?

  • A. Deploy Oracle Adaptive Access Manager (OAAM) and integrate it with OAM, settings OAAM as the authentication scheme.
  • B. Configure Oracle Web Services Manager (OWSM) on the portal container to generate asecurity token.
  • C. Configure a cookie response in OAM to set the risk score into a cookie calledHTTP_RISK_SCORE.
  • D. Enable Identity Assertion propagation in the OAM policy.
  • E. Configure OWSM to call OAAM to obtain the risk score.
  • F. Configure an OWSMpolicy to protect the web service, consume the security token, and evaluate the risk score.


Answer : A,B,C,D

What extra configuration must be performed only when a detached Credentials Collector is separated from a Resource WebGate and not when they are combined?

  • A. The Allow Credential Collector Operations check box must be selected.
  • B. The Resource WebGate should set the Logout Redirect URL to the Detached Credentials Collector'slogout.pl.
  • C. The Allow Token Scope Operations check box must be selected.
  • D. The IP Validation check box must be selected.


Answer : B

Identify three required steps for configuring OAM-OAAM basic integration.

  • A. Set theOAAMEnabledproperty totrueinoam-config.xml.
  • B. Target the OAAM JDBC data source to the OAM Managed Server.
  • C. Protected a resource in an authentication policy using the OAAMBasic authentication scheme.
  • D. Install SOA Suite and configure the UnifiedMessaging Service (UMS) delivery channel for One Time Pin (OTP).
  • E. Install and configure Oracle Entitlements Server (OES).


Answer : A,B,C

Page:    1 / 5   
Total 74 questions