1Z1-574 Oracle IT Architecture Essentials Practice Exam Set 4

For a large heterogeneous environment with a large number of hosts requiring scalability and
efficiency, what is the best strategy for deployment of Oracle Enterprise Manager?


Options are :

  • Use multiple Instances of Oracle Enterprise Manager to maximize performance.
  • Use centralized alert filtering.
  • Use multiple semi-autonomous agents collecting information and periodically relaying it to a central repository. (Correct)
  • Use a centralized control with persistent connections to all agents to pull data.

Answer : Use multiple semi-autonomous agents collecting information and periodically relaying it to a central repository.

Which of the following are true statements about the benefits of standardizing on a common
security framework?
A. Security requirements no longer need to be specified for eachindividual application; the
framework will automatically determine what security needs to be applied.
B. A common set of security services and information can be used across the organization,
promoting Infrastructure reuseand minimizing inconsistencies.
C. Secure application integrationis made easier via standardization on a preferred subset of
technologies and options.
D. Administration and auditing are improved due to rationalization and standardization of identities,
attributes, roles, policies, and so on.
E. Interoperability amid federation are easier to achieve via the adoption of common security and
technology standards.


Options are :

  • A,D,E
  • A,C,D
  • A,B,C
  • A,B,E (Correct)

Answer : A,B,E

You are developing an Integration component that uses customer data. The source system
defines customer data in a different format than expected. Which of the following options best
describes how you would develop the component?


Options are :

  • The data formats are different, so it is not possible to develop the component.
  • Externalize the data transformation by mapping the source data format to a canonical data format.
  • Write data from the source system into a database and read it back in the expected format.
  • Create an object representation of customer data and use itin the component. (Correct)

Answer : Create an object representation of customer data and use itin the component.

Data is often said to exist in one of three states:
1. In motion – being transmitted over a network or connection
2. At rest – persisted in a queue, disk, file, and so on
3. In memory – loaded into computer memory
The third state, in memory, is seldom mentioned in security standards, texts and requirements.
Why?


Options are :

  • Computer memory has built-in parity checking which protects against malicious alteration
  • No one has direct access to a computer’s memory, therefore it is the safest place to be.
  • All modern computers (developed since the mid-90s) automatically store data in memory in encrypted from to help ensure confidentiality and integrity, because of this, more emphasis has been placed on raising the level of protection in the other two states.
  • This state is often overlooked. Data in memory can easily be viewed by anyone with system administrator. (Correct)

Answer : This state is often overlooked. Data in memory can easily be viewed by anyone with system administrator.

Which of the following Oracle products provides a comprehensive Integrated Development
Environment (IDE)?
A. Oracle Enterprise Pack for Eclipse
B. Oracle JDeveloper
C. Oracle Service Registry
D. Enterprise Manager


Options are :

  • B,D
  • A,C
  • A,B (Correct)
  • C,D

Answer : A,B

The Service-Oriented Integration (SOI) architecture includes an event-handling capability as
illustrated and described in the Process View. Which statement best describes the rationale for
including event handling in the SOI architecture?



Options are :

  • By employing a publish-and-subscriber message approach, the event-handling capacity allows the SOI architecture to handle high-volume message traffic because publish-and-subscribe handles higher message volumes than request-response.
  • AH other interactions within the architecture are upper layers calling lower layers. The eventhandling capability allows a Connectivity Service to call a Business Service, thus providing the ability to lower layers to call upper layers in the architecture.
  • Event-Driven Architecture (EDA) is a subset of SOI, so including event handling provides the EDA part of SOI.
  • The event-handling capability allows arbitrarily complex events to be handled by the architecture; i.e. Complex Event Handling (CEP) is part of the SOI architecture.
  • The event-handling capability allows a back-end system that is included in the SOI to initiate action because something important has occurred within the back-end system. (Correct)

Answer : The event-handling capability allows a back-end system that is included in the SOI to initiate action because something important has occurred within the back-end system.

Service-Oriented Integration is based on creating a catalogue of SOA Services that expose
existing capabilities from back-end systems. Which statement best describes how an SOA Service
relates to the existing back-end systems?


Options are :

  • An SOA Service should expose the low-level interface of the back-end system to ensure that all back-end system capabilities are fully exposed.
  • All access to a back end system should be through a single SOA Service to ensure the backend system will net become overloaded by service requests.
  • Each SOA Service exposes the functionality from only a single back-end system to ensure the decoupling of SOA Services.
  • An SOA Service should expose higher-level business capabilities by encapsulating the lower level Interfaces of the back-end systems. (Correct)
  • An SOA Service should connect to at least two back-end systems; otherwise the SOA Service is just duplicating the existing interface to the back-end system.
  • Each SOA Service should expose only one isolated capability of the back-end systems to ensure isolation between SOA Service calls in composite applications.

Answer : An SOA Service should expose higher-level business capabilities by encapsulating the lower level Interfaces of the back-end systems.

Which of the following capabilities are provided by containers?
A. Transaction Support
B. Security Support
C. Thread Management
D. Business Processes


Options are :

  • B,C,D
  • A,C,D
  • A,B,D
  • A,B,C (Correct)

Answer : A,B,C

Which of the following statements best describes how the deployment supports closed-loop
governance?
A. The Metadata Repository is integrated with the operational systems to link operational metrics
to the assets to ensure that the assets perform asintended.
B. The Metadata Repositories deployed in each environment are chained to share asset usage
information.
C. A closed-loop governance framework is deployed on a clustered server to monitor the
governance activities.
D. Production systems are integrated to the developer desktops to validate the requirements
against the implemented code.


Options are :

  • B,C (Correct)
  • A,B
  • A,C
  • B,D

Answer : B,C

You need to redesign your application to improve performance. The potential solution requires the
data to be kept in memory for faster access. The in-memory data requires full support for SQL with
BI queries and there is no need to scale out further. Which Oracle product would you choose to
implement your solution?


Options are :

  • Oracle TimesTen (Correct)
  • Oracle TUXEDO
  • Oracle VM
  • Oracle Coherence

Answer : Oracle TimesTen

Oracle Web Services Manager uses an agent-based approach to providing Web Services security.
Where are these agents deployed?


Options are :

  • In the Oracle Service Bus proxy pipeline
  • In the Oracle WebLogic Server Web Service request Interceptors
  • In the Oracle WebLogic Server access gate
  • In the Oracle Access Manager web gate (Correct)
  • In any IPv4 of Later network firewall

Answer : In the Oracle Access Manager web gate

The Service-Oriented Integration architecture makes a distinction between technical
orchestrations and business processes. Which statement best describes these two concepts?




Options are :

  • A technical orchestration is a low-level implementation detail and has no relationship to business processes.
  • A business processes is likely to change when the business changes, whereas a technical orchestration is likely to change when back-end systems change. (Correct)
  • Business processes are implemented using BPMN, whereas technical orchestrations are Implemented using BPEL.
  • Each business process is implemented by calling a sequence of SOA Services. This sequential calling of SOA Services Is what is known as a technical orchestration.
  • A business process that is implemented within SOIis called a technical orchestration.

Answer : A business processes is likely to change when the business changes, whereas a technical orchestration is likely to change when back-end systems change.

Which of the following token profiles is not included in the WS-Security standard as a standard
type of identity token?


Options are :

  • username token profile
  • X.500 token profile
  • Kerberos token profile
  • XACML token profile (Correct)
  • SAML token profile

Answer : XACML token profile

Which statements are true with regard to authorization checks being done in the Mediation Layer?
A. Performing authorization checksin the Mediation Layer provides a centralized approach to
securing SOA Services.
B. Performing authorization checks in the Mediation Layer requires that all secured SOA Services
be accessed via the same protocol.
C. Performing authorization checks in the Mediation Layer requires that all secured SOA Services
be accessed only via the Mediation Layer.
D. Performing authorization checks in the Mediation Layer eliminates the need for role-based
authentication.
E. Performing authorization checks in the Mediation Layer requires that user authentication be
based on username and password.


Options are :

  • A,D (Correct)
  • B,C
  • A,B
  • C,D

Answer : A,D

Conventional Management and Monitoring tools focus and produce metrics on which one of the following?




Options are :

  • metrics that capture the combined behavior of several components interacting with the shared component
  • holistically across heterogeneous systems
  • metrics that focus on understanding the relationship and Interactions between component
  • metrics that measure individual resources (Correct)

Answer : metrics that measure individual resources

How is state typically managed in the browser interface?


Options are :

  • State is not managed. All modern UIs are stateless.
  • The services tier manages state and the client tier is stateless.
  • in the caching layer (Correct)
  • generally through the use of cookies in the browser

Answer : in the caching layer

What shortcomings of the Version Control Systems drive the need for a Metadata Repository?


Options are :

  • Version Control Systems don't provide the level of consumer tracking and reporting necessary to support software reuse.
  • Version Control Systems are not easily searchable.
  • Version Control Systems lack robust metadata that allows developers to determine relevance. (Correct)
  • Version Control Systems do not allow the asset versions to be rolled back to a previousstate

Answer : Version Control Systems lack robust metadata that allows developers to determine relevance.

Which one of the following statements best describes authentication as a service?


Options are :

  • Authentication is a service offered by the local computing platform to the application it is hosting. The application uses this service to authenticate users with a local LDAP.
  • Authentication is not a valid example of a security service.
  • Authentication is a service offered by both the local computing platform and the enterprise security framework. The local platform can be configured to direct requests to local LDAPs or common enterprise services, depending on the operating environment (dev/test/production). Meanwhile, the enterprise security framework services can virtualize several shared credential stores into a single shared service. (Correct)
  • Authentication is a service offered by the enterprise security framework. Applications access it directly, bypassing local platform security. The authentication service provides a level of abstraction between applications and the various instances of infrastructure (LDAPs, databases) that can be used to verify credentials.

Answer : Authentication is a service offered by both the local computing platform and the enterprise security framework. The local platform can be configured to direct requests to local LDAPs or common enterprise services, depending on the operating environment (dev/test/production). Meanwhile, the enterprise security framework services can virtualize several shared credential stores into a single shared service.

Which statement best describes the relationship between the Service-Oriented Integration (SOI)
architecture and the Application Integration Architecture (AIA) product from Oracle?


Options are :

  • AIA is a product specific Implementation of the SOI architecture.
  • AIAis an Oracle product and the SOI architecture is a product-agnostic architecture; therefore there is no relationship between the two.
  • AIA is a traditional Enterprise Application Integration (EAI) architecture; therefore AIA does not follow the SOI architecture.
  • AIA is one of many Oracle products that maps onto SOI architecture. (Correct)
  • AIA is an Oracle product that maps to some of the layers and capabilities defined by the SOI architecture.

Answer : AIA is one of many Oracle products that maps onto SOI architecture.

Which of the following are the implications of the architecture principle, "Asset-centric approach
must be applied to engineering processes"?


Options are :

  • The development Infrastructure must support asset-centric engineering.
  • Existing assets must be reused to fulfill whole or part functionality when available.
  • Solutions developed must beintegrated and tested early and often.
  • Assets must be associated with meaningful metadata that can be used to discover and interpret the assets. (Correct)

Answer : Assets must be associated with meaningful metadata that can be used to discover and interpret the assets.

Which of the following are common uses of an Attribute Service?
A. to maintain metadata pertaining to audit log entries and attestation reports
B. to acquire data that are necessary to make access-control decisions
C. to securely supply personally identifiable information to applications
D. to determine which security policy is assigned to a Web Service


Options are :

  • B,D
  • A,C
  • A,D
  • B,C (Correct)

Answer : B,C

Select the two layers of ORA application infrastructure from the following list:
A. Application
B. Platform
C. Abstraction
D. Computing Foundation


Options are :

  • C,D
  • A,B (Correct)
  • A,C
  • B,D

Answer : A,B

Which of the following is not a valid type of SAML assertion?


Options are :

  • authorization decision assertion
  • attribute assertion
  • audit assertion (Correct)
  • authentication assertion

Answer : audit assertion

Which three primary components form IT Strategies from Oracle (ITSO)?
A. Enterprise Technology Strategies
B. Maximum Availability Architecture
C. Enterprise Solution Designs
D. Oracle Reference Architecture
E. Oracle Enterprise Architecture Framework
F. Oracle Unified Method


Options are :

  • A,D,E (Correct)
  • A,C,F
  • A,C,D
  • A,B,C

Answer : A,D,E

Which of the following statements about asset-centric engineering is true?


Options are :

  • Asset-centric engineering uses multiple enterprise repositories to store and maintain the assets.
  • Asset-centric engineering requires that everything related to the assets,including metadata and payload, should be stored in the same repository. (Correct)
  • Project assets are maintained at each individual project level in an asset-centric engineering
  • Asset-centric engineering promotes an integrated asset management approach in which assets are shared across the enterprise.

Answer : Asset-centric engineering requires that everything related to the assets,including metadata and payload, should be stored in the same repository.

Which of the following are types of policy considerations designed to affect the way privileges are
assigned to users?
A.Principle of Alternating Privilege
B. Separation of Duties
C. DefenseinDepth
D. Vacation, Job Rotation, and Transfer
E. Principle of Least Privilege


Options are :

  • A,B,E
  • A,C,E
  • B,C,D
  • B,D,E (Correct)

Answer : B,D,E

Which of the following is NOT defined as a primary ORA computing foundation component?



Options are :

  • Grid Computing
  • Caching (Correct)
  • Distributed Computing
  • Utility Computing

Answer : Caching

Which of the following are strategies for alert management with Oracle Enterprise Manager?
A. controlling the volume of alerts
B. removing unwanted alerts
C. centralized filtering of alerts
D. automating fix for common alerts


Options are :

  • A,B
  • B,C
  • A,D
  • B,D (Correct)

Answer : B,D

Your company has decided to create an Enterprise Architecture following. The Open Group
Architecture Framework (TOGAF). Which option best describes how the IT Strategies from Oracle (ITSO) library of material relates to this TOGAF-based Initiative?



Options are :

  • ITSO has minimal applicability because TOGAF is a complete architecture framework. (Correct)
  • The TOGAF approach will need to be modified (customized) to incorporate the ITSO material.
  • TOGAF and ITSO are mutually exclusive. One or the other must be chosen as the basis for the company's Enterprise Architecture.
  • The ITSO material will need to be adapted to the TOGAF approach.
  • The ITSO material can be used as reference material within the TOGAF approach.

Answer : ITSO has minimal applicability because TOGAF is a complete architecture framework.

Which of the following statements are true about perimeter security?
A. Though it is often associated with network security, it also applies to physical security measures
as fences and locked doors.
B. It is most effective when there is only one perimeter. For example, when inner perimetersare
established, they reduce the effectiveness of outer perimeters.
C. The Demilitarized Zone (DMZ) is the most protected zone of the network, which should be
reserved for only the most sensitive data.
D. Connections should not be permitted to span more than one perimeter or firewall.
E. Perimeter security can be a component of a defense-in-depth strategy.
F. Perimeter security is most effective for protection against insider threats.


Options are :

  • A,D,E (Correct)
  • A,D,F
  • A,B,C
  • A,B,D

Answer : A,D,E

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions