November 28, 2021

Top 20 Oracle Access Manager Interview Questions and Answers


                  Oracle Access Manager (Access Manager) is the key capability for Web Single Sign-on (SSO), authentication, authorization, centralized policy administration and agent management, real-time session management, and auditing in the new Oracle Access Management platform. Access Manager is a 100% Java solution that is incredibly scalable, allowing it to manage Internet-scale installations. It also works with heterogeneous environments that already exist, with agents certified for hundreds of web and application servers. Access Manager increases security, improves user experience and productivity, and improves compliance while lowering total cost of ownership by providing broad capabilities, scalability, and high availability.

Oracle Fusion Applications interview Questions and Answers

Ques: 1). What are the different security modes available in Oracle Access Manager?


Open: Allows communication without encryption. There is no authentication or encryption between the AccessGate and the Access Server in Open mode. The AccessGate does not need the Access Server to provide proof of identification, and the Access Server accepts connections from all AccessGates. Similarly, Identity Server does not require WebPass to provide confirmation of identity.

Simple: Oracle encryption is supported. TLS v1 is used to secure communications between Web clients in Simple mode (WebPass and Identity Server, Policy Manager and WebPass, and Access Server and WebGate). Oracle Access Manager components only use X.509 digital certificates in both Simple and Cert modes. The standard cert-decode plug-in decodes the certificate and delivers certificate information to the standard credential mapping authentication plug-in in Cert Authentication between WebGates and the Access Server. Oracle Access Manager saves the associated private key for each public key in the aaa key.pem file for the Access Server (or ois key.pem for the Identity Server).

Cert: A third-party certificate is required. If you have an internal Certificate Authority (CA) for processing server certificates, use Cert (SSL) mode. Communication between WebGate and Access Server, as well as between Identity Server and WebPass, is encrypted in Cert mode utilising Transport Layer Security (RFC 2246). (TLS v1).

BlockChain Interview Question and Answers

Ques: 2). What Is Oracle Access Manager's Architecture?


Identity Server, WebPass, Policy Manager, Access Server, and a WebGate are the primary components of the Oracle Access Manager architecture. Identity Server is a stand-alone C++ server that connects to LDAP directly.

It also receives requests from Webpass and responds to them. WebPass is a web server plugin that allows information to be passed between the identity server and the web server. It sends Identity XML SOAP requests to Identity Server and redirects HTTP requests from the browser to Access Server.

A web server plugin called Policy Manager (PMP or PAP) interfaces directly with user, configuration, and policy repositories. Access Server, commonly known as PDP, is a stand-alone C++ server. It receives requests from WebGates/AccessGates and responds to them.

It also uses LDAP for communication. It responds to queries from the Access Server SDK. WebGate (PEP) is a web server plugin that communicates with the access server. It passes user authentication data to access server for processing.

Oracle Accounts Payables Interview Questions and Answers

Ques: 3). In Oracle Access Manager, what is the Iwa mechanism?


The OAM offers a feature that allows Microsoft Internet Explorer users to authenticate to their Web packages using their computing device credentials on a regular basis. Windows Native Authentication is the term for this. The user logs in to the computer, and the Windows Domain Administrator authentication mechanism is used to complete the local authentication.

The user launches an Internet Explorer (IE) browser and asks a Web assist from the Access System.

The browser notifies the IIS Web server about the neighbourhood authentication and sends a token.

The token is used by the IIS Web server to authenticate the user and to set the REMOTE USER HTTP header variable, which indicates the customer name provided by the customer and authenticated by the server.

The WebGate creates an ObSSOCookie and sends it lower back to the browser.

The Access System authorization and different techniques proceed as usual.

The maximum session timeout length configured for the WebGate is applicable to the generated ObSSOCookie.

Oracle ADF Interview Questions and Answers           

Ques: 4). What Is An Access Server Sdk?

Answer :

The Access Manager Software Developer's Kit (SDK) allows you to extend the Access System's access management features. You can use this SDK to construct a customised AccessGate. The Access Manager SDK provides an environment in which you can establish an AccessGate by creating a dynamic link library or a shared object. You'll also need configureAccessGate.exe to make sure your client is working properly.

Oracle Fusion HCM Interview Questions and Answers

Ques: 5).  What Is Policy Manager Api?

Answer :

The Policy Manager API provides an interface that allows custom applications to establish and edit Access System policy domains and their contents using the Access Server's authentication, authorization, and auditing capabilities.

Oracle SCM Interview Questions and Answers

Ques: 6). Name some new features of OAM11gR2?


Dynamic Authentication -- Dynamic authentication is the ability to define what authentication scheme should be presented to a user base on some condition.

Persistent Login (Remember Me) -- Persistent Login is the ability to let users login without credentials after the first-time login.

Policy Evaluation Ordering -- The out-of-the -box algorithm is based on the "best match" algorithm for evaluating policies.

Delegated Administration -- The ability to select users who can administer their own application domains.

Unified Administration Console -- The console screen has a new look; a new single 'Launch Pad' screen with services that are enabled based on user roles.

Session Management -- Ability to set idle session timeout's at the application domain level

Oracle Financials Interview questions and Answers

Ques: 7). What is IIS?


Internet Information Services (IIS, formerly Internet Information Server) is a Microsoft extensible web server designed for use with the Windows NT family of operating systems. [2] HTTP, HTTPS, FTP, FTPS, SMTP, and NNTP are all supported by IIS. Since Windows NT 4.0, it has been a fundamental element of the Windows NT family, albeit it may be missing from other editions (e.g. Windows XP Home edition). When Windows is installed, IIS is not enabled by default. The IIS Manager can be accessed through the Control Panel's Microsoft Management Console or Administrative Tools.

Oracle Cloud Interview Questions and Answers

Ques: 8). What is the meaning of an Oracle Access Manager Basic License?


The Oracle Access Manager (OAM) Basic licence was intended to support Oracle AS Single Sign-On (OSSO) customers who purchased the Oracle iAS Suite or other Oracle E-Business Suite products. Customers who have valid Oracle Single Sign-On (OSSO) licences can swap them for an equivalent number of Access Manager licences under the OAM Basic licence, with some restrictions. Access Manager must employ Oracle infrastructure components due to the constraints; this was also a requirement for OSSO. The LDAP directory, for example, must be Oracle Internet Directory or Oracle Virtual Directory, and only Oracle application resources can be protected. Customers who want to remove the restrictions must acquire the complete Access Manager licence.

Oracle PL/SQL Interview Questions and Answers

Ques: 9). What is Oracle Webgate, and how does it work?


Oracle WebGate is a Web server plug-in that comes with Oracle Access Manager out of the box. Users' HTTP requests for Web resources are intercepted by the WebGate and forwarded to the Access Server for authentication and permission.

Oracle SQL Interview Questions and Answers

Ques: 10). 11g Access Manager Oracle HTTP Server 11g and IBM HTTP Server 7.0 support WebGates, but I prefer Apache Web Servers. If I want to use Access Manager 11g, what should I do?


Oracle Access Manager 10g WebGates can communicate with Access Manager 11g servers. Oracle Access Manager 10g WebGates have a wide range of web server certifications, including Apache, Domino, Microsoft IIS, and many others. With thousands of applications, I have a massive Oracle Access Manager 10gR3 implementation. Do I have to transfer them all at once to the new 11gR2 platform? No. Both Oracle Access Manager 10gR3 and Oracle Access Manager 11gR2 servers can be live in production at the same time, protecting distinct sets of applications, thanks to server side coexistence in Access Manager 11gR2. End users will continue having a seamless single sign-on experience as they navigate between applications protected by the two servers. This capability can be leveraged by customers with large deployments to perform the server migration in a phased manner over a period of time without impacting end users.

Oracle RDMS Interview Questions and Answers

Ques: 11). With thousands of applications, I have a massive Sun Access Manager 7.1 or Sun Access Manager 7.1 deployment. Is it necessary to migrate all of them to the new Access Manager 11gR2 platform at the same time?


No. Both the OpenSSO 8.0 (or Sun Access Manager 7.1) and Access Manager 11gR2 servers can be live in production at the same time safeguarding distinct sets of apps with Access Manager 11gR2. End users will continue to have a seamless single sign-on experience as they move between the two servers' protected apps. Customers with big deployments can utilise this capability to migrate servers in stages over time without affecting end users.

BI Publisher Interview Questions and Answers


Ques: 12).What Is An Identity Xml?


IdentityXML provides a programmatic interface for performing the actions that a user can perform while using a browser to access a COREid application. A software can, for example, submit an IdentityXML request to find members of a group defined in the Group Manager software or to add a person to the User Manager. Simple moves and multi-step procedures can be applied to trade person, institution, and company object profiles using IdentityXML. After you've finished constructing the IdentityXML request, you'll need to put up a SOAP wrapper to send the IdentityXML request to WebPass over HTTP. XML over SOAP is used by the IdentityXML API. Using an HTTP request, we send IdentityXML parameters to the COREid Server. A SOAP envelope is included in this HTTP request. When WebPass receives an HTTP request, the SOAP envelope identifies it as an IdentityXML request rather than a standard browser request. The request is passed to the COREid Server, which executes the request and returns a response. You could also use WSDL to put together the SOAP request. This appears to be the SOAP content material: SOAP envelope (with oblix namespace described), SOAP body (with authentication information), genuine request (with software name and params). Userservcenter, groupservcenter, or objservcenter are examples of application names (for companies).

Oracle 10g Interview Questions and Answers


Ques: 13). What are Header Variables and How Do I Use Them?


The Header Variable contains Oracle Access Manager allows administrators to build a web of trust in which a user's credentials are confirmed once and then delivered to each application that the user uses. The programme does not need to re-authenticate the user with its own mechanism when using these credentials. Users who have been authenticated by Oracle Access Manager are able to access applications without having to re-authenticate. A user's credentials can be sent in one of two ways:

• Using Cookies: A specific value is set on the browser's cookie that the application must extract to identify a user.

• Using Header Variables: An HTTP header set on the request by the agent and visible to the application. Authorization Policy Response in the Administration Console Header response values are inserted into a request by an OAM Agent, and can only be applied on Web servers that are protected by an agent registered with OAM 11g If the policy includes a redirect URL that is hosted by a Web server not protected by OAM, header responses are not applied.


Ques: 14). Explain the Oam-oaam Integration Architecture and Integration.


Using all of these products together will provide you complete control over the authentication process and comprehensive pre-/post-authentication testing capabilities against Adaptive Risk Manager models.

Two Oracle Access Manager AccessGates are used in the OAAM's ASA-OAM integration: one for fronting the Web server (a traditional WebGate) to Adaptive Strong Authenticator and one for the embedded AccessGate. The access server SDK must be installed and configured before the AccessGate device can be used. The ASDK location will be updated in the ASA bharosa papers. An application that will use the ASA authentication mechanism and will be tested for the ASA login touchdown page.


Ques: 15). What Happens When A User Submits A Request That Is Protected By An Access Gate (No Longer Webgate)?


The following is an example of the flow:

The consumer sends a resource request to the application or servlet that has the access gate code.

The access gate code creates an ObResourceRequest shape and calls the Access server to determine whether or not the resource is protected.

The server responds to the request for entry. If the aid isn't secured, gaining access to the gate allows anyone to gain access to the resource. Otherwise, Access Gate creates an ObAuthenticationScheme shape to inquire about the credentials the user wishes to send to Access Server. The request for entry to the server is granted. To get the credentials, the programme employs a form or one of several additional methods. The AccessGate creates the ObUserSession structure, which provides the Acc Server with user information. If credentials are verified valid, get admission to gate creates a session token for the person after which sends an authorization request to the get admission to server. Access server validates if the user is authz to get right of entry to that useful resource. Access gate permits user to get entry to the asked resource.


Ques: 16). What exactly is SSO?


SSO (single sign-on) is a session/user authentication method that allows a user to access different apps with just one username and password. The procedure authenticates the user for all of the programmes to which they have been granted access and removes the need for further questions when they switch applications during a session.


  • Provides users with unified sign-on and authentication across all their enterprise resources, including
  • desktops, client-server, custom, and host-based mainframe applications
  • Provides a centralized framework for security and compliance enforcement
  • Eliminates the need for multiple usernames and passwords
  • Helps enforce strong password and authentication policies.
  • Uses any LDAP directory, Active Directory, or any SQL database server as its user profile and credential repository


  • Reduces deployment risk and operational costs.
  • Allows enterprises to provide fast, secure access to applications for employees and partners.
  • Eliminates the overhead and limitations of traditional desktop client deployments.
  • Seamlessly integrates with Oracle Identity Management for common security policy enforcement and compliance reporting across applications


Ques: 17). What is Reverse Proxy?


A reverse proxy gives you architectural flexibility by allowing you to expose the same application on both the intranet and the extranet without having to make any changes to the existing application. By sending all requests through the proxy, you may safeguard all Web content from a single logical component.

This is true even for platforms that Oracle Access Manager does not support. All content on these servers can be safeguarded if you have multiple types of Web servers, such as iPlanet, Apache, and others, running on different platforms, such as MacOS, Solaris x86, mainframe, and so on. A reverse proxy can be used as a workaround for unsupported Web servers, removing the requirement to develop custom AccessGates for unsupported Web servers or systems that do not support AccessGates. This creates a single management point. You can manage the security of all of the Web servers through the reverse proxy without establishing a footprint on the other Web servers.


Ques: 18). What is Identity Store and how does it work? Describe the many types of identity stores.


The term "identity store" refers to a database that contains business users and groups. Weblogic includes an inbuilt LDAP that is used as the identity store by default by fusion middleware components. External LDAP servers, such as OID, AD, and others, can be configured to serve as identity stores.

System Store - Represents the identity store which will have groups or users that will act as “Administrators” to OAM that is only members of this identity store group/user can perform admin functions via oam console.

Default Store - This will be the identity store that will be used at time of patching for migration purpose or by Oracle security token service.


Ques: 19). In OAM, what are Authorization Policies?


The process of assessing whether a user has the permission to access a requested resource is known as authorization. Administrators can establish the circumstances under which a subject or identity has access to a resource by creating one or more authorization policies. A user may seek to view data or run a policy-protected application programme. The requested resource must be part of an application domain and be covered by a specified permission policy within that domain.


Ques: 20). In comparison to the ECC, what are the benefits of the DCC?


From a security and flexibility standpoint, the DCC has several advantages. The DCC can be placed anywhere in the DMZ because it is totally detached from the Access Manager server. It also adds security by terminating all unauthenticated end user login requests at the DCC in the DMZ, isolating the server from unauthenticated network traffic.



November 23, 2021

Top 20 AWS Database Interview Questions and Answers


Ques: 1). What are your thoughts on the Amazon Database?


Amazon Database is an Amazon Web Services offering that includes managed databases, managed services, and NoSQL. It also comes with a fully managed petabyte-scale data warehouse and in-memory caching as a service. There are four AWS database services to choose from, and the user can use one or all of them depending on their needs. DynamoDB, RDS, RedShift, and ElastiCache are the Amazon database services.


AWS(Amazon Web Services) Interview Questions and Answers

AWS Cloud Interview Questions and Answers


Ques: 2). What are the features of Amazon Database?


Following are the important features of Amazon Database:

  • Easy to administer
  • Highly scalable
  • Durable and reliable
  • Faster performance
  • Highly available
  • More secure
  • Cost-effective


AWS Cloudwatch interview Questions & Answers

AWS VPC Interview Questions and Answers


 Ques: 3). What is a key-value store, and how does it work?


A key-value store is a database service that makes it easier to store, update, and query items that are identified by their keys and values. These objects are made up of keys and values that make up the actual content that is saved.


AWS Lambda Interview Questions & Answers

AWS Aurora Interview Questions and Answers


Ques: 4).  What Is A Data Warehouse, And How Can Amazon Redshift Help With Storage?


A data warehouse can be conceived of as a repository for data acquired and stored from the company's systems and other sources. As a result, a data warehouse's design is three-tiered:

The tools that clean and collect data are found on the bottom rung.

We have tools in the intermediate layer that use Online Analytical Processing Server to alter the data.

We have various tools on the top layer that execute data analysis and data mining on the front end.

Setting up and maintaining a data warehouse costs a lot of money, especially as an organization's data grows and its data storage servers need to be upgraded on a regular basis. As a result, AWS RedShift was created, allowing businesses to store their data in Amazon's cloud-based warehouses.


AWS RedShift Interview Questions and Answers


Ques: 5). What Is The Difference Between A Leader Node And A Compute Node?


The queries from the client application are received in a leader node, where they are parsed and an execution plan is created. The stages for processing these queries are created, and the outcome is returned to the client application.

The steps allocated in the leader node are completed in a compute node, and the data is transferred. After that, the result is returned to the leader node before being delivered to the client application.


AWS Cloud Support Engineer Interview Question & Answers


Ques: 6). What Is Amazon ElastiCache, and How Does It Work?


Amazon ElastiCache is an in-memory key-value store that can handle Redis and Memcached as key-value engines. It is a fully managed and zero administration service that Amazon has hardened. You may use Amazon ElastiCache to either create a new high-performance application or upgrade an existing one. ElastiCache has a wide range of applications in gaming, healthcare, and other fields.


AWS Solution Architect Interview Questions & Answers


Ques: 7). What Is Amazon ElastiCache's Purpose?


The caching of information that is utilised repeatedly could increase the performance of online applications. Using in-memory-caching, the data may be accessed very quickly. There is no need to manage a separate caching server with ElastiCache. An open source compatible in-memory data source with high throughput and low latency can be readily deployed or run.


ActiveMQ Interview Questions & Answers

Ques: 8). When would I prefer Provisioned IOPS over Standard RDS storage?


Provisioned IOPS deliver high IO rates but on the other hand it is expensive as well. Batch processing workloads do not require manual intervention they enable full utilization of systems, therefore a provisioned IOPS will be preferred for batch oriented workload.


AWS DevOps Cloud Interview Questions & Answers


Ques: 9). What Oracle features are available in AWS RDS?


Oracle is a well-known relational database that is available through Amazon RDS with enterprise version features. Almost every Oracle functionality may be used with the RDS platform.

If no version is specified when the database is created, it defaults to the most recent version available at the moment. In a Python SDK programme, here's an example of how to access the supported DB Engine versions using the AWS API.


AWS Cloud Practitioner Essentials Questions and Answers


Ques: 10). What are the differences between Amazon RDS, DynamoDB, and Redshift?


Amazon RDS is a relational database management service that handles patching, upgrading, and data backups for you without requiring your involvement. RDS is a database management service that exclusively handles structured data.

On the other hand, DynamoDB is a NoSQL database service, which works with unstructured data.

Redshift is a data warehouse product that is utilised in data analysis and is a completely different service.

AWS EC2 Interview Questions and Answers

Ques: 11). Can I use Amazon RDS to operate many database instances for free?


Yes. You can operate many Single-AZ Micro database instances, and they're all free! Any use of more than 750 instance hours across all Amazon RDS Single-AZ Micro DB instances, across all qualifying database engines and locations, will be paid at normal Amazon RDS charges. For example, if you run two Single-AZ Micro DB instances for 400 hours each in a month, you'll have 800 instance hours total, with 750 hours being free. The remaining 50 hours will be charged at the usual Amazon RDS rate.

AWS Cloud Security Interview Questions and Answers

Ques: 12). What is Oracle Licensing and how does it work?


Oracle licenses can be used in RDS in two ways:

Model with a License

The license for the software you'll use is held by Amazon in this model. Also, through its support programme, AWS provides support for both AWS and Oracle products. As a result, the user does not need to purchase a separate license. The user's licensing costs are included in the platform pricing.

Bring Your Own license

In this arrangement, the user imports her license into the RDS platform. It is the user's responsibility to keep the license, database instance class, and database edition all in sync. The user directly contacts the Oracle support channel for any need. In this model the supported editions are Enterprise Edition (EE), Standard Edition (SE), Standard Edition One (SE1) and Standard Edition Two (SE2).

AWS Simple Storage Service (S3) Interview Questions and Answers

Ques: 13). If I delete my DB Instance, what happens to my backups and DB Snapshots?


When you delete a database instance, you have the option of creating a final database snapshot, which you can use to restore your database. After the instance is removed, RDS keeps this user-made DB snapshot together with all other manually created DB snapshots. Automated backups are also deleted, leaving just manually created DB Snapshots.

AWS Fargate Interview Questions and Answers

Ques: 14).  How can I load data into Amazon Redshift from various data sources such as Amazon RDS, Amazon DynamoDB, and Amazon EC2?


You have two options for loading the data:

The COPY command can be used to load data into Amazon Redshift in parallel from Amazon EMR, Amazon DynamoDB, or any SSH-enabled server.

AWS Data Pipeline is a fault-tolerant, high-performance solution for loading data from a range of AWS data sources. To load your data into Amazon Redshift, you can utilise AWS Data Pipeline to specify the data source, required data transformations, and then run a pre-written import script.

AWS SageMaker Interview Questions and Answers

Ques: 15). What is an RDS instance, and how does it work?


The Amazon Relational Database Service (Amazon RDS) is a web service that lets you easily construct a cloud-based relational database instance. Amazon RDS administers the database instance on your behalf, including backups, failover, and database software maintenance. Read Replicas, which are RDS instances that act as copies of the source master database for handling read-requests, can be launched for read-heavy applications. A source DB instance can have up to five (5) Read Replicas attached to it. The existing RDS Instances in the selected AWS region are listed on the Instances page. The information for an existing RDS Instance are displayed when you click on it.


Name - unique name/identifier for the RDS instance.

Engine - The version of the MySQL or Oracle engine of the RDS Instance.

RDS Subnet Group - The group of RDS Subnets for the VPC.

Availability Zone - The availability zone into which the RDS Instance will be created and launched.

Multi-AZ - Indicates that the RDS Instance will be used in a multiple availability zone configuration.

Instance class - If you selected a different instance type, the existing instance will be terminated and new RDS instance will be launched.

Storage - storage size in GBs for the instance that will be allocated for storing data.

Source instance - If the instance is a Read Replica, it will list the name of the source DB instance.

Status - The status of the RDS Instance (creating, modifying, available, rebooting, deleting). An RDS Instance will only be accessible when its status is 'available'.


AWS DynamoDB Interview Questions and Answers 

Ques: 16). What is Amazon Aurora and how does it work?


Amazon Aurora is a form of cloud-based relational database that works with MySQL and PostgreSQL. It performs five times faster than MySQL and three times faster than PostgreSQL. The performance and availability of traditional databases are combined with the simplicity and cost-effectiveness of open-source databases in this hybrid database type. Because Amazon RDS manages this database completely, operations like hardware provisioning, database setup, patching, and backups are all automated.

AWS Elastic Block Store (EBS) Interview Questions and Answers

Ques: 17). Which Amazon Web Services services will you use to collect and process e-commerce data in real time for analysis?


For real-time analysis, I'll utilise DynamoDB to collect and handle e-commerce data. DynamoDB is a fully managed NoSQL database service for unstructured data. It can even be used to extract e-commerce information from websites. RedShift may then be used to perform analysis on the retrieved e-commerce data. Elastic MapReduce can be utilised for analysis as well, but we won't use it here because real-time analysis isn't required.

AWS Amplify Interview Questions and Answers

Ques: 18). What happens if a user deletes a dB instance? What happens to the dB snapshots and backups?


The user is given the option of taking a last dB snapshot when a dB instance is removed. If you do so, your information from the snapshot will be restored. When the dB instance is removed, AWS RDS preserves all of the user-made dB snapshots together with all of the other manually created dB snapshots. Automated backups are erased at the same time, but manually produced dB snapshots are kept.

AWS Secrets Manager Interview Questions and Answers

Ques: 19). What Is A Dynamodbmapper Class And How Does It Work?


The DynamoDB's entry point is the mapper class. It allows users to access the endpoint and input the DynamoDB. Users can use the DynamoDB mapper class to retrieve data stored in various databases, run queries, scan them against the tables, and perform CRUD activities on the data items.

AWS Django Interview Questions and Answers

Ques: 20). What is the RDS interface, and how does it work?


To use the RDS service, Amazon provides an RDS interface. An RDS interface is required to interact with the RDS service, such as reading data, uploading data, and running other programmes.

The GUI Console, Command Line Interface, and AWS API are the three main interfaces available.

A GUI Console is the most basic interface via which users can interact with the RDS Service.

The Command Line Interface (CLI) provides you with CLI access to the service, allowing you to run DB commands and interact with it.

An AWS API is an Application Programming Interface that allows two systems to exchange data.

AWS Glue Interview Questions and Answers