|
| 1 | +# Check Your Understanding |
| 2 | + |
| 3 | +## Introduction |
| 4 | + |
| 5 | +This quiz reviews the core concepts from the Oracle Data Safe workshop. Complete the scored questions to confirm your understanding of how Data Safe helps assess security posture, discover and mask sensitive data, and enforce SQL Firewall policies. |
| 6 | + |
| 7 | +Estimated Time: 10 minutes |
| 8 | + |
| 9 | +### Objectives |
| 10 | + |
| 11 | +In this lab, you will: |
| 12 | + |
| 13 | +* Review the main purpose of Oracle Data Safe |
| 14 | +* Confirm how Security Assessment helps track configuration risk |
| 15 | +* Distinguish User Assessment from Security Assessment |
| 16 | +* Recognize the purpose of Data Discovery and Data Masking |
| 17 | +* Understand how SQL Firewall protects a database with an allow-list |
| 18 | + |
| 19 | +### Prerequisites |
| 20 | + |
| 21 | +Complete the previous workshop labs before taking this quiz. |
| 22 | + |
| 23 | +```quiz-config |
| 24 | +passing: 75 |
| 25 | +badge: images/security-badge.png |
| 26 | +``` |
| 27 | + |
| 28 | +## Task 1: Complete the quiz |
| 29 | + |
| 30 | +1. Review the questions before you submit your answers. |
| 31 | + |
| 32 | +2. Complete all scored quiz blocks below. You need 75% or higher to pass. |
| 33 | + |
| 34 | + ```quiz score |
| 35 | + Q: In Oracle Data Safe Security Assessment, what must you do to monitor security configuration drift on your target database over time? |
| 36 | + - Create a new target database registration |
| 37 | + * Set a baseline assessment |
| 38 | + - Enable activity auditing |
| 39 | + - Generate a PDF report |
| 40 | + > Setting a baseline allows Data Safe to compare later assessment refreshes against it and highlight security drift over time. |
| 41 | + ``` |
| 42 | +
|
| 43 | + ```quiz score |
| 44 | + Q: In Oracle Data Safe's User Assessment, which of the following actions can you perform? (Select all that apply) |
| 45 | + * Evaluate user entitlements and roles |
| 46 | + * Identify users with administrative privileges |
| 47 | + - Monitor real-time user activities |
| 48 | + * Assess password policies for compliance |
| 49 | + > User Assessment helps evaluate user entitlements, privileged access, and password-related risk indicators. It does not provide real-time activity monitoring. |
| 50 | + ``` |
| 51 | +
|
| 52 | + ```quiz score |
| 53 | + Q: In the Data Discovery lab, what is the output of a successful Data Discovery job in Oracle Data Safe? |
| 54 | + - A masking policy ready to execute |
| 55 | + * A sensitive data model (SDM) containing discovered sensitive columns and referential relationships |
| 56 | + - An encrypted copy of the target database |
| 57 | + - An audit policy applied to all sensitive tables |
| 58 | + > Data Discovery produces a sensitive data model that lists discovered sensitive columns, their metadata, and referential relationships. |
| 59 | + ``` |
| 60 | +
|
| 61 | + ```quiz score |
| 62 | + Q: Which of the following statements about Data Masking in Oracle Data Safe are true? (Select all that apply) |
| 63 | + * Data masking permanently replaces sensitive data with fictitious yet realistic data |
| 64 | + * Data masking preserves referential integrity by masking related columns consistently |
| 65 | + * You can create a masking policy directly from a sensitive data model generated by Data Discovery |
| 66 | + - Masked data does not need to pass any validation checks since it is fictitious |
| 67 | + > Data masking replaces sensitive values, preserves referential integrity, and can use a sensitive data model as its source. Masked data still needs to pass validation checks so applications continue to function correctly. |
| 68 | + ``` |
| 69 | +
|
| 70 | + ```quiz score |
| 71 | + Q: What is the correct sequence of steps when configuring SQL Firewall for a database user through Oracle Data Safe? |
| 72 | + - Enable the firewall policy, capture SQL activities, generate allowlists |
| 73 | + * Capture SQL activities, generate a firewall policy with allowlists, enable the firewall policy |
| 74 | + - Generate allowlists, capture SQL activities, enable the firewall policy |
| 75 | + - Enable the firewall policy, generate allowlists, capture SQL activities |
| 76 | + > The correct workflow is to capture the user's normal SQL activity first, generate the policy and allow-list from that activity, and then enable enforcement. |
| 77 | + ``` |
| 78 | +
|
| 79 | +## Acknowledgements |
| 80 | +
|
| 81 | +* **Author** - Jody Glover, Linda Foinding |
| 82 | +* **Last Updated By/Date** - Linda Foinding, March 2026 |
0 commit comments