Showing posts with label sso. Show all posts
Showing posts with label sso. Show all posts

June 07, 2022

Top 20 Amazon EMR Interview Questions and Answers

 

    Using open source frameworks like as Apache Spark, Apache Hive, and Presto, Amazon EMR is the industry-leading cloud big data platform for data processing, interactive analysis, and machine learning. With EMR, you can perform petabyte-scale analysis for half the price of typical on-premises solutions and over 1.7 times quicker than ordinary Apache Spark.


AWS(Amazon Web Services) Interview Questions and Answers


AWS Cloud Interview Questions and Answers


Ques. 1): What are the benefits of using Amazon EMR?

Answer:

Amazon EMR frees you up to focus on data transformation and analysis rather than maintaining computing resources or open-source apps, and it saves you money. You may supply as much or as little capacity on Amazon EC2 as you want using EMR, and build up scaling rules to handle changing compute demand. CloudWatch notifications may be set up to notify you of changes in your infrastructure so you can react quickly. You may use EMR to submit your workloads to Amazon EKS clusters if you utilise Kubernetes. Whether you employ EC2 or EKS, EMR's optimised runtimes help you save time and money by speeding up your analysis.


AWS AppSync Interview Questions and Answers


Ques. 2): How do I troubleshoot a query that keeps failing after each iteration?

Answer:

You may use the same tools that they use to troubleshoot Hadoop Jobs in the case of a processing failure. The Amazon EMR web portal, for example, may be used to locate and view error logs. Here's where you can learn more about troubleshooting an EMR task.


AWS Cloud9 Interview Questions and Answers


Ques. 3): What is the best way to create a data processing application?

Answer:

In Amazon EMR Studio, you can create, display, and debug data science and data engineering applications written in R, Python, Scala, and PySpark. You may also create a data processing task on your desktop and run it on Amazon EMR using Eclipse, Spyder, PyCharm, or RStudio. When spinning up a new cluster, you may also pick JupyterHub or Zeppelin in the software configuration and build your application on Amazon EMR utilising one or more instances.


Amazon Athena Interview Questions and Answers


Ques. 4): Is it possible to perform many queries in a single iteration?

Answer:

Yes, you may specify a previously ran iteration in subsequent processing by specifying the kinesis.checkpoint.iteration.no option. The approach ensures that subsequent runs on the same iteration use the exact same input records from the Kinesis stream as earlier runs.


AWS RedShift Interview Questions and Answers


Ques. 5): In Amazon EMR, how is a computation done?

Answer:

The Hadoop data processing engine is used by Amazon EMR to perform calculations using the MapReduce programming methodology. The customer uses the map() and reduce() methods to create their algorithm. A customer-specified number of Amazon EC2 instances, consisting of one master and several additional nodes, are started by the service. On these instances, Amazon EMR runs Hadoop software. The master node separates the input data into blocks and distributes the block processing to the subordinate nodes. The map function is then applied to the data that has been assigned to each node, resulting in intermediate data. The intermediate data is then sorted and partitioned before being transmitted to processes on the nodes that perform the reduction function locally.


AWS Cloud Practitioner Essentials Questions and Answers


Ques. 6): What distinguishes EMR Studio from EMR Notebooks?

Answer:

There are five major differences:

EMR Studio does not require access to the AWS Management Console. The EMR Studio server is not part of the AWS Management Console. If you don't want data scientists or engineers to have access to the AWS Management Console, this is a good option.

To log in to EMR Studio, you can utilise enterprise credentials from your identity provider using AWS Single Sign-On (SSO).

EMR Studio provides you with your first notebook encounter. Because EMR Studio kernels and applications operate on EMR clusters, you receive the benefit of distributed data processing with the Amazon EMR runtime for Apache Spark, which is designed for performance.

Attaching the laptop to an existing cluster or establishing a new one is all it takes to run code on a cluster.

EMR Studio features a user interface that is simple to use and abstracts hardware specifications. For instance, you can create cluster templates once and then utilise them to create future clusters.

EMR Studio facilitates debugging by allowing you to access native application user interfaces in one location with as few clicks as feasible.


AWS EC2 Interview Questions and Answers


Ques. 7): What tools are available to me for debugging?

Answer:

You may use a variety of tools to gather information about your cluster and figure out what went wrong. If you utilise Amazon EMR studio, you can leverage debugging tools like Spark UI and YARN Timeline Service. You can gain off-cluster access to persistent application user interfaces for Apache Spark, Tez UI, and the YARN timeline server through the Amazon EMR Console, as well as multiple on-cluster application user interfaces and a summary view of application history for all YARN apps. You may also use SSH to connect to your Master Node and inspect cluster instances using these web interfaces. See our docs for additional details.


AWS Lambda Interview Questions and Answers


Ques. 8): What are the advantages of utilising Command Line Tools or APIs rather than the AWS Management Console?

Answer:

The Command Line Tools or APIs allow you to programmatically launch and monitor the progress of running clusters, as well as build custom functionality for other Amazon EMR customers (such as sequences with multiple processing steps, scheduling, workflow, or monitoring) or build value-added tools or applications. The AWS Management Console, on the other hand, offers a simple graphical interface for starting and monitoring your clusters from a web browser.


AWS Cloud Security Interview Questions and Answers


Ques. 9): What distinguishes EMR Studio from SageMaker Studio?

Answer:

With Amazon EMR, you may utilise both EMR Studio and SageMaker Studio. EMR Studio is an integrated development environment (IDE) for developing, visualising, and debugging data engineering and data science applications in R, Python, Scala, and PySpark. Amazon SageMaker Studio is a web-based visual interface that allows you to complete all machine learning development phases in one place. SageMaker Studio provides you total control, visibility, and access to every step of the model development, training, and deployment process. You can upload data, create new notebooks, train and tune models, travel back and forth between phases to change experiments, compare findings, and push models to production all in one spot, increasing your productivity significantly.


AWS Simple Storage Service (S3) Interview Questions and Answers


Ques. 10): Is it possible to establish or open a workspace in EMR Studio without a cluster?

Answer:

Yes, a workspace may be created or opened without being attached to a cluster. You should only join them to a cluster when you need to execute. EMR Studio kernels and apps run on Amazon EMR clusters, allowing you to take advantage of distributed data processing with the Amazon EMR runtime for Apache Spark.


AWS Fargate Interview Questions and Answers


Ques. 11): What computational resources can I use in EMR Studio to execute notebooks?

Answer:

You may execute notebook code on Amazon EMR on Amazon Elastic Compute Cloud (Amazon EC2) or Amazon EMR on Amazon Elastic Kubernetes Service using EMR Studio (Amazon EKS). Notebooks can be added to either existing or new clusters. In EMR Studio, you can construct EMR clusters in two ways: by using an AWS Service Catalog pre-configured cluster template or by defining the cluster name, number of instances, and instance type.


AWS SageMaker Interview Questions and Answers


Ques. 12): What IAM policies are required to utilise EMR Studio?

Answer:

To interact with other AWS services, each EMR studio requires permissions. Your administrators must build an EMR Studio service role using the specified policies to grant the essential access to your EMR Studios. They must also create a user role for EMR Studio that defines permissions at the Studio level. They may assign a session policy to a user or group when they add users and groups from AWS Single Sign-On (AWS SSO) to EMR Studio to apply fine-grained authorization constraints. Administrators may utilise session policies to fine-tune user rights without having to create several IAM roles. See Policies and Permissions in the AWS Identity and Access Management User Guide for further information on session policies.


AWS DynamoDB Interview Questions and Answers


Ques. 13): What may EMR Notebooks be used for?

Answer:

EMR Notebooks make it simple to create Apache Spark apps and conduct interactive queries on your EMR cluster. Multiple users may build serverless notebooks straight from the interface, attach them to an existing shared EMR cluster, or provision a cluster and begin playing with Spark right away. Notebooks can be detached and reattached to new clusters. Notebooks are automatically saved to S3 buckets, and you may access them from the console to resume working. The libraries contained in the Anaconda repository are preconfigured in EMR Notebooks, allowing you to import and utilise them in your notebooks code to modify data and show results. Furthermore, EMR notebooks feature built-in Spark monitoring capabilities, allowing you to track the status of your Spark operations and debug code directly from the notebook.


AWS Cloudwatch interview Questions and Answers


Ques. 14): Is Amazon EMR compatible with Amazon EC2 Spot, Reserved, and On-Demand Instances?

Answer:

Yes. On-Demand, Spot, and Reserved Instances are all supported by Amazon EMR.


AWS Elastic Block Store (EBS) Interview Questions and Answers


Ques. 15): What role do Availability Zones play in Amazon EMR?

 Answer:

All nodes for a cluster are launched in the same Amazon EC2 Availability Zone using Amazon EMR. Running a cluster in the same zone enhances work flow performance. By default, Amazon EMR runs your cluster in the Availability Zone with the greatest available resources. You can, however, define a different Availability Zone if necessary. You may also utilise On-Demand Capacity Reservations to optimise your allocation for the lowest-priced on-demand instances, best spot capacity, or lowest-priced on-demand instances.


AWS Amplify Interview Questions and Answers 


Ques. 16): What are node types in a cluster?

Answer:

There are three sorts of nodes in an Amazon EMR cluster:

master node : A master node supervises the cluster by executing software components that coordinate the distribution of data and tasks among the other nodes for processing. The master node keeps track of task progress and oversees the cluster's health. A master node is present in every cluster, and it is feasible to establish a single-node cluster using only the master node.

core node : A core node is a node that contains software components that conduct jobs and store data in your cluster's Hadoop Distributed File System (HDFS). At least one core node exists in multi-node clusters.

task node: A task node is a node that only performs tasks and does not store data in HDFS. Task nodes are not required.


AWS Secrets Manager Interview Questions and Answers


Ques. 17): Can Amazon EMR restore a cluster's master node if it goes down?

Answer:

Yes. You may set up an EMR cluster with three master nodes (version 5.23 or later) to offer high availability for applications like YARN Resource Manager, HDFS Name Node, Spark, Hive, and Ganglia. If the primary master node fails or important processes, such as Resource Manager or Name Node, crash, Amazon EMR immediately switches to a backup master node. You may run your long-lived EMR clusters without interruption since the master node is not a potential single point of failure. When a master node fails, Amazon EMR immediately replaces it with a new master node that has the same configuration and boot-strap activities.


AWS Django Interview Questions and Answers


Ques. 18): What are the steps for configuring Hadoop settings for my cluster?

Answer:

For most workloads, the EMR default Hadoop setup is sufficient. However, depending on the memory and processing needs of your cluster, changing these values may be necessary. If your cluster activities are memory-intensive, for example, you may want to employ fewer tasks per core and limit the size of your job tracker heap. A pre-defined Bootstrap Action is offered to configure your cluster on starting in this case. For setup information and usage instructions, see the Developer's Guide's Configure Memory Intensive Bootstrap Action. You may also use an extra preset bootstrap action to tailor your cluster parameters to whatever value you like.


AWS Cloud Support Engineer Interview Question and Answers


Ques. 19): Is it possible to modify tags directly on Amazon EC2 instances?

Answer:

Yes, tags may be added or removed directly on Amazon EC2 instances in an Amazon EMR cluster. However, because Amazon EMR's tagging system does not immediately sync changes to a corresponding Amazon EC2 instance, we do not advocate doing so. To guarantee that the cluster and its associated Amazon EC2 instances have the necessary tags, we recommend using the Amazon EMR GUI, CLI, or API to add and delete tags for Amazon EMR clusters.


AWS Solution Architect Interview Questions and Answers


Ques. 20): How does Amazon EMR operate with Amazon EKS?

Answer:

Amazon EMR requires you to register your EKS cluster. Then, using the CLI, SDK, or EMR Studio, send your Spark tasks to EMR. The Kubernetes scheduler on EKS is used by EMR to schedule Pods. EMR on EKS creates a container for each task you perform. The container includes an Amazon Linux 2 base image with security updates, as well as Apache Spark and its dependencies, as well as your application's particular needs. Each Job is contained within a pod. This container is downloaded and executed by the Pod. If the container's image has already been deployed to the node, the download is skipped and a cached image is utilised instead. Log or metric forwarders, for example, can be deployed as sidecar containers to the pod. When the job finishes, the Pod finishes as well. You may continue debug the task using Spark UI after it has finished.


AWS Glue Interview Questions and Answers


More AWS Interview Questions and Answers:

AWS Cloud Interview Questions and Answers


AWS VPC Interview Questions and Answers


AWS DevOps Cloud Interview Questions and Answers


AWS Aurora Interview Questions and Answers


AWS Database Interview Questions and Answers


AWS ActiveMQ Interview Questions and Answers


AWS CloudFormation Interview Questions and Answers


AWS GuardDuty Questions and Answers


AWS Control Tower Interview Questions and Answers


AWS Lake Formation Interview Questions and Answers


AWS Data Pipeline Interview Questions and Answers


Amazon CloudSearch Interview Questions and Answers 


AWS Transit Gateway Interview Questions and Answers


Amazon Detective Interview Questions and Answers


Amazon OpenSearch Interview Questions and Answers





November 28, 2021

Top 20 Oracle Access Manager Interview Questions and Answers

  

                  Oracle Access Manager (Access Manager) is the key capability for Web Single Sign-on (SSO), authentication, authorization, centralized policy administration and agent management, real-time session management, and auditing in the new Oracle Access Management platform. Access Manager is a 100% Java solution that is incredibly scalable, allowing it to manage Internet-scale installations. It also works with heterogeneous environments that already exist, with agents certified for hundreds of web and application servers. Access Manager increases security, improves user experience and productivity, and improves compliance while lowering total cost of ownership by providing broad capabilities, scalability, and high availability.


Oracle Fusion Applications interview Questions and Answers


Ques: 1). What are the different security modes available in Oracle Access Manager?

Answer: 

Open: Allows communication without encryption. There is no authentication or encryption between the AccessGate and the Access Server in Open mode. The AccessGate does not need the Access Server to provide proof of identification, and the Access Server accepts connections from all AccessGates. Similarly, Identity Server does not require WebPass to provide confirmation of identity.

Simple: Oracle encryption is supported. TLS v1 is used to secure communications between Web clients in Simple mode (WebPass and Identity Server, Policy Manager and WebPass, and Access Server and WebGate). Oracle Access Manager components only use X.509 digital certificates in both Simple and Cert modes. The standard cert-decode plug-in decodes the certificate and delivers certificate information to the standard credential mapping authentication plug-in in Cert Authentication between WebGates and the Access Server. Oracle Access Manager saves the associated private key for each public key in the aaa key.pem file for the Access Server (or ois key.pem for the Identity Server).

Cert: A third-party certificate is required. If you have an internal Certificate Authority (CA) for processing server certificates, use Cert (SSL) mode. Communication between WebGate and Access Server, as well as between Identity Server and WebPass, is encrypted in Cert mode utilising Transport Layer Security (RFC 2246). (TLS v1).


BlockChain Interview Question and Answers


Ques: 2). What Is Oracle Access Manager's Architecture?

Answer: 

Identity Server, WebPass, Policy Manager, Access Server, and a WebGate are the primary components of the Oracle Access Manager architecture. Identity Server is a stand-alone C++ server that connects to LDAP directly.

It also receives requests from Webpass and responds to them. WebPass is a web server plugin that allows information to be passed between the identity server and the web server. It sends Identity XML SOAP requests to Identity Server and redirects HTTP requests from the browser to Access Server.

A web server plugin called Policy Manager (PMP or PAP) interfaces directly with user, configuration, and policy repositories. Access Server, commonly known as PDP, is a stand-alone C++ server. It receives requests from WebGates/AccessGates and responds to them.

It also uses LDAP for communication. It responds to queries from the Access Server SDK. WebGate (PEP) is a web server plugin that communicates with the access server. It passes user authentication data to access server for processing.


Oracle Accounts Payables Interview Questions and Answers


Ques: 3). In Oracle Access Manager, what is the Iwa mechanism?

Answer: 

The OAM offers a feature that allows Microsoft Internet Explorer users to authenticate to their Web packages using their computing device credentials on a regular basis. Windows Native Authentication is the term for this. The user logs in to the computer, and the Windows Domain Administrator authentication mechanism is used to complete the local authentication.

The user launches an Internet Explorer (IE) browser and asks a Web assist from the Access System.

The browser notifies the IIS Web server about the neighbourhood authentication and sends a token.

The token is used by the IIS Web server to authenticate the user and to set the REMOTE USER HTTP header variable, which indicates the customer name provided by the customer and authenticated by the server.

The WebGate creates an ObSSOCookie and sends it lower back to the browser.

The Access System authorization and different techniques proceed as usual.

The maximum session timeout length configured for the WebGate is applicable to the generated ObSSOCookie.


Oracle ADF Interview Questions and Answers           


Ques: 4). What Is An Access Server Sdk?

Answer :

The Access Manager Software Developer's Kit (SDK) allows you to extend the Access System's access management features. You can use this SDK to construct a customised AccessGate. The Access Manager SDK provides an environment in which you can establish an AccessGate by creating a dynamic link library or a shared object. You'll also need configureAccessGate.exe to make sure your client is working properly.


Oracle Fusion HCM Interview Questions and Answers


Ques: 5).  What Is Policy Manager Api?

Answer :

The Policy Manager API provides an interface that allows custom applications to establish and edit Access System policy domains and their contents using the Access Server's authentication, authorization, and auditing capabilities.


Oracle SCM Interview Questions and Answers


Ques: 6). Name some new features of OAM11gR2?

Answer: 

Dynamic Authentication -- Dynamic authentication is the ability to define what authentication scheme should be presented to a user base on some condition.

Persistent Login (Remember Me) -- Persistent Login is the ability to let users login without credentials after the first-time login.

Policy Evaluation Ordering -- The out-of-the -box algorithm is based on the "best match" algorithm for evaluating policies.

Delegated Administration -- The ability to select users who can administer their own application domains.

Unified Administration Console -- The console screen has a new look; a new single 'Launch Pad' screen with services that are enabled based on user roles.

Session Management -- Ability to set idle session timeout's at the application domain level


Oracle Financials Interview questions and Answers


Ques: 7). What is IIS?

Answer: 

Internet Information Services (IIS, formerly Internet Information Server) is a Microsoft extensible web server designed for use with the Windows NT family of operating systems. [2] HTTP, HTTPS, FTP, FTPS, SMTP, and NNTP are all supported by IIS. Since Windows NT 4.0, it has been a fundamental element of the Windows NT family, albeit it may be missing from other editions (e.g. Windows XP Home edition). When Windows is installed, IIS is not enabled by default. The IIS Manager can be accessed through the Control Panel's Microsoft Management Console or Administrative Tools.


Oracle Cloud Interview Questions and Answers


Ques: 8). What is the meaning of an Oracle Access Manager Basic License?

Answer: 

The Oracle Access Manager (OAM) Basic licence was intended to support Oracle AS Single Sign-On (OSSO) customers who purchased the Oracle iAS Suite or other Oracle E-Business Suite products. Customers who have valid Oracle Single Sign-On (OSSO) licences can swap them for an equivalent number of Access Manager licences under the OAM Basic licence, with some restrictions. Access Manager must employ Oracle infrastructure components due to the constraints; this was also a requirement for OSSO. The LDAP directory, for example, must be Oracle Internet Directory or Oracle Virtual Directory, and only Oracle application resources can be protected. Customers who want to remove the restrictions must acquire the complete Access Manager licence.


Oracle PL/SQL Interview Questions and Answers


Ques: 9). What is Oracle Webgate, and how does it work?

Answer: 

Oracle WebGate is a Web server plug-in that comes with Oracle Access Manager out of the box. Users' HTTP requests for Web resources are intercepted by the WebGate and forwarded to the Access Server for authentication and permission.


Oracle SQL Interview Questions and Answers


Ques: 10). 11g Access Manager Oracle HTTP Server 11g and IBM HTTP Server 7.0 support WebGates, but I prefer Apache Web Servers. If I want to use Access Manager 11g, what should I do?

Answer: 

Oracle Access Manager 10g WebGates can communicate with Access Manager 11g servers. Oracle Access Manager 10g WebGates have a wide range of web server certifications, including Apache, Domino, Microsoft IIS, and many others. With thousands of applications, I have a massive Oracle Access Manager 10gR3 implementation. Do I have to transfer them all at once to the new 11gR2 platform? No. Both Oracle Access Manager 10gR3 and Oracle Access Manager 11gR2 servers can be live in production at the same time, protecting distinct sets of applications, thanks to server side coexistence in Access Manager 11gR2. End users will continue having a seamless single sign-on experience as they navigate between applications protected by the two servers. This capability can be leveraged by customers with large deployments to perform the server migration in a phased manner over a period of time without impacting end users.


Oracle RDMS Interview Questions and Answers


Ques: 11). With thousands of applications, I have a massive Sun Access Manager 7.1 or Sun Access Manager 7.1 deployment. Is it necessary to migrate all of them to the new Access Manager 11gR2 platform at the same time?

Answer: 

No. Both the OpenSSO 8.0 (or Sun Access Manager 7.1) and Access Manager 11gR2 servers can be live in production at the same time safeguarding distinct sets of apps with Access Manager 11gR2. End users will continue to have a seamless single sign-on experience as they move between the two servers' protected apps. Customers with big deployments can utilise this capability to migrate servers in stages over time without affecting end users.


BI Publisher Interview Questions and Answers

 

Ques: 12).What Is An Identity Xml?

Answer: 

IdentityXML provides a programmatic interface for performing the actions that a user can perform while using a browser to access a COREid application. A software can, for example, submit an IdentityXML request to find members of a group defined in the Group Manager software or to add a person to the User Manager. Simple moves and multi-step procedures can be applied to trade person, institution, and company object profiles using IdentityXML. After you've finished constructing the IdentityXML request, you'll need to put up a SOAP wrapper to send the IdentityXML request to WebPass over HTTP. XML over SOAP is used by the IdentityXML API. Using an HTTP request, we send IdentityXML parameters to the COREid Server. A SOAP envelope is included in this HTTP request. When WebPass receives an HTTP request, the SOAP envelope identifies it as an IdentityXML request rather than a standard browser request. The request is passed to the COREid Server, which executes the request and returns a response. You could also use WSDL to put together the SOAP request. This appears to be the SOAP content material: SOAP envelope (with oblix namespace described), SOAP body (with authentication information), genuine request (with software name and params). Userservcenter, groupservcenter, or objservcenter are examples of application names (for companies).


Oracle 10g Interview Questions and Answers

 

Ques: 13). What are Header Variables and How Do I Use Them?

Answer: 

The Header Variable contains Oracle Access Manager allows administrators to build a web of trust in which a user's credentials are confirmed once and then delivered to each application that the user uses. The programme does not need to re-authenticate the user with its own mechanism when using these credentials. Users who have been authenticated by Oracle Access Manager are able to access applications without having to re-authenticate. A user's credentials can be sent in one of two ways:

• Using Cookies: A specific value is set on the browser's cookie that the application must extract to identify a user.

• Using Header Variables: An HTTP header set on the request by the agent and visible to the application. Authorization Policy Response in the Administration Console Header response values are inserted into a request by an OAM Agent, and can only be applied on Web servers that are protected by an agent registered with OAM 11g If the policy includes a redirect URL that is hosted by a Web server not protected by OAM, header responses are not applied.

 

Ques: 14). Explain the Oam-oaam Integration Architecture and Integration.

Answer: 

Using all of these products together will provide you complete control over the authentication process and comprehensive pre-/post-authentication testing capabilities against Adaptive Risk Manager models.

Two Oracle Access Manager AccessGates are used in the OAAM's ASA-OAM integration: one for fronting the Web server (a traditional WebGate) to Adaptive Strong Authenticator and one for the embedded AccessGate. The access server SDK must be installed and configured before the AccessGate device can be used. The ASDK location will be updated in the ASA bharosa papers. An application that will use the ASA authentication mechanism and will be tested for the ASA login touchdown page.

 

Ques: 15). What Happens When A User Submits A Request That Is Protected By An Access Gate (No Longer Webgate)?

Answer: 

The following is an example of the flow:

The consumer sends a resource request to the application or servlet that has the access gate code.

The access gate code creates an ObResourceRequest shape and calls the Access server to determine whether or not the resource is protected.

The server responds to the request for entry. If the aid isn't secured, gaining access to the gate allows anyone to gain access to the resource. Otherwise, Access Gate creates an ObAuthenticationScheme shape to inquire about the credentials the user wishes to send to Access Server. The request for entry to the server is granted. To get the credentials, the programme employs a form or one of several additional methods. The AccessGate creates the ObUserSession structure, which provides the Acc Server with user information. If credentials are verified valid, get admission to gate creates a session token for the person after which sends an authorization request to the get admission to server. Access server validates if the user is authz to get right of entry to that useful resource. Access gate permits user to get entry to the asked resource.

 

Ques: 16). What exactly is SSO?

Answer: 

SSO (single sign-on) is a session/user authentication method that allows a user to access different apps with just one username and password. The procedure authenticates the user for all of the programmes to which they have been granted access and removes the need for further questions when they switch applications during a session.

Overview:

  • Provides users with unified sign-on and authentication across all their enterprise resources, including
  • desktops, client-server, custom, and host-based mainframe applications
  • Provides a centralized framework for security and compliance enforcement
  • Eliminates the need for multiple usernames and passwords
  • Helps enforce strong password and authentication policies.
  • Uses any LDAP directory, Active Directory, or any SQL database server as its user profile and credential repository

Benefits

  • Reduces deployment risk and operational costs.
  • Allows enterprises to provide fast, secure access to applications for employees and partners.
  • Eliminates the overhead and limitations of traditional desktop client deployments.
  • Seamlessly integrates with Oracle Identity Management for common security policy enforcement and compliance reporting across applications

  

Ques: 17). What is Reverse Proxy?

Answer: 

A reverse proxy gives you architectural flexibility by allowing you to expose the same application on both the intranet and the extranet without having to make any changes to the existing application. By sending all requests through the proxy, you may safeguard all Web content from a single logical component.

This is true even for platforms that Oracle Access Manager does not support. All content on these servers can be safeguarded if you have multiple types of Web servers, such as iPlanet, Apache, and others, running on different platforms, such as MacOS, Solaris x86, mainframe, and so on. A reverse proxy can be used as a workaround for unsupported Web servers, removing the requirement to develop custom AccessGates for unsupported Web servers or systems that do not support AccessGates. This creates a single management point. You can manage the security of all of the Web servers through the reverse proxy without establishing a footprint on the other Web servers.

 

Ques: 18). What is Identity Store and how does it work? Describe the many types of identity stores.

Answer: 

The term "identity store" refers to a database that contains business users and groups. Weblogic includes an inbuilt LDAP that is used as the identity store by default by fusion middleware components. External LDAP servers, such as OID, AD, and others, can be configured to serve as identity stores.

System Store - Represents the identity store which will have groups or users that will act as “Administrators” to OAM that is only members of this identity store group/user can perform admin functions via oam console.

Default Store - This will be the identity store that will be used at time of patching for migration purpose or by Oracle security token service.

 

Ques: 19). In OAM, what are Authorization Policies?

Answer: 

The process of assessing whether a user has the permission to access a requested resource is known as authorization. Administrators can establish the circumstances under which a subject or identity has access to a resource by creating one or more authorization policies. A user may seek to view data or run a policy-protected application programme. The requested resource must be part of an application domain and be covered by a specified permission policy within that domain.

 

Ques: 20). In comparison to the ECC, what are the benefits of the DCC?

Answer: 

From a security and flexibility standpoint, the DCC has several advantages. The DCC can be placed anywhere in the DMZ because it is totally detached from the Access Manager server. It also adds security by terminating all unauthenticated end user login requests at the DCC in the DMZ, isolating the server from unauthenticated network traffic.