1Z0-574 Online Practice Questions and Answers

Correct Answer: B

Explanation:

For over twenty years, information security has held confidentiality, integrity and availability (known as the

CIA triad) to be the core principles of information security. There is continuous debate about extending this

classic trio.

Note:

Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or

systems.

In information security, integrity means that data cannot be modified undetectably. For any information system to serve its purpose, the information must be available when it is needed.

Correct Answer: AD

Explanation:

The Logical View of the architecture describes the various layers in the architecture. Each layer

encapsulates specific capabilities for the overall architecture. Upper layers in the architecture leverage the

capabilities provided by the lower layers.

The Client Tier is hosted on the display device.

The Service Tier hosts the capabilities that satisfy the requirements of the end user.

Correct Answer: D

Explanation:

You use the Web Services Manager Control Console to define Oracle Web Services Manager components

such as server agents. The server agent acts as an enforcement point for security policies.

Point your browser to the Web Services Manager Control Console and log in using your single sign-on

user name and password.

The Web Services Manager Control Console is accessed with a URL of the form:

http://:port_number/ccore

Correct Answer: ACD

Explanation:

ITSO is made up of three primary elements.

Enterprise Technology Strategies (ETS)

Enterprise Solution Designs (ESD)

Oracle Reference Architecture (ORA)

References:

Correct Answer: ABE

Explanation:

In order to provide security in a consistent manner, a common set of infrastructure, e.g. a security

framework, must be used. The purpose of this framework is to rationalize security across the enterprise by:

*

Establishing a master set of security data that reflect the policies, IT resources, participants and their attributes across the entire domain of security

*

Mapping organizational structures, computing resources, and users to roles in a way that clearly depicts access privileges for the organization

*

Maintaining fine-grained access rules based on roles that have been established for the organization

*

Propagating the master security data to individual applications and systems that enforce security (A)

*

Detecting changes to security data residing on systems that have not been propagated from the master source of record, and sending alerts regarding these inconsistencies

*

Providing common security services, such as authentication, authorization, credential mapping, auditing, etc. that solutions can leverage going forward in place of custom-developed and proprietary functions (B)

*

Facilitating interoperability between systems and trust between security domains by acting as a trusted authority and brokering credentials as needed(E)

*

Centrally managing security policies for SOA Service interactions

The security framework should provide these types of capabilities as a value-add to the existing infrastructure. The intent is not to discard the capabilities built into current applications, but rather to provide a common foundation that enhances security across the enterprise. Security enforcement can still be performed locally, but security data should be modeled and managed holistically.

Incorrect:

C: Not a main goal.

D: Ease of administration and auditing is not a main goal here.

References:

Correct Answer: A

Explanation:

There are many different forms of access control, which in turn can be classified into one or more

categories.

Detective - Detective controls are meant to record all activities. They are passive systems that are aware of

events but are not designed to prevent them from happening. Audit logging is a form of detective access

control.

References:

Correct Answer: C

Explanation:

Avoid Point-to-Point Integrations. Point-to-point integrations are brittle, inflexible, and expensive to

maintain. There are cases where point-to-point integrations are required but these should be handled as

exception cases. Example exceptions include performance requirements that can only be met using pointto-point connections and when large amounts of data must be moved.

References:

Correct Answer: B

Explanation:

Policy management is the demonstration of, and enforcement to, regulatory standards, industry standards,

and internal best practices.

Correct Answer: ADE

Explanation:

The three primary parts of a SOA Service as defined by ORA are contract, interface, and implementation.

Note:

A Service Contract describes the SOA Service in human-readable terms. The Service Implementation is

the technical realization of the contract. I A Service Interface provides a means for the consumers of a

SOA Service to access its functionality according to the Service Contract.

References:

Correct Answer: E

Explanation: Enterprise Application Integration (EAI) is an approach for integrating multiple applications. EAI products are built around messaging products and are deployed in either a hub-and-spoke architecture or in a bus architecture. Some argue that service-oriented integration is actually a form EAI. This is not correct. EAI is an application-oriented architecture. EAI provides the mechanism to have applications interact to share data and functionality. Service-oriented integration adds the concept (and concrete deployment) of SOA Services that are separate and distinct, with a lifecycle that is independent, from any application in the computing environment.

References: