Oracle Database on Windows: Patch this flaw now, we fixed it on Linux in July...

Oracle warns customers to patch a remotely exploitable flaw affecting Oracle Database on Windows servers.

Database giant Oracle has released a fix for a severe bug in Oracle Database Server on Windows.

The Oracle Database Server bug, tagged with the identifier CVE-2018-3110, is about as severe as is possible because it can not only give an attacker "complete control" over the vulnerable 11g, 12c, and new 18c database, but also provides shell access to the Windows server it is running on top of.

The bug, which stems from a Java virtual-machine component of the database, has a CVSS v3 base score of 9.9 out of 10.

Vulnerable versions include Oracle Database versions 11.2.0.4 and 12.2.0.1 on Windows. It also affects version 12.1.0.2 on Windows, Linux, and Unix servers, however the latter two were patched in Oracle's planned July update, according to Oracle.

Admins responsible for Oracle Database versions 11.2.0.4 and 12.2.0.1 on Windows need to apply the patches in the advisory for CVE-2018-3110, while anyone running 12.1.0.2 on Windows -- as well as any version of the database on Linux or Unix that did not apply the July updates -- should apply the updates available here.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

"Due to the nature of this vulnerability, Oracle strongly recommends that customers take action without delay."

The flaw can be explored remotely, however an attacker would need to possess valid user credentials.

The bug is easily exploitable and "allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM", Oracle explains in support notes.

"While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM,"

Oracle did alert customers to the Database Server on Windows issue before this week's Patch Tuesday from Microsoft, which contained Windows kernel and OS fixes for the just disclosed Foreshadow speculative execution side channel attacks affecting Intel Core and Xeon CPU.

Foreshadow didn't impact Oracle's SPARC or Oracle Intel x86 servers, Oracle did release Foreshadow patches for its Oracle Linux OS, Solaris and VM Server for X86 products.

PREVIOUS AND RELATED COVERAGE

 Oracle Solaris patch theft lands IT-support CEO in jail for two years

Oracle is happy that Terix's CEO is being jailed and fined $100,000.

Oracle critical update fixes 254 flaws - so get patching now

Fixes for vulnerabilities spread across 20 products and a Solaris patch that addresses the Spectre processor flaw.

Google Cloud adds support for Nvidia's Tesla P4 GPU

The compute accelerator is optimized for graphics-intensive applications and machine learning inference.

Gartner reveals one big reason Oracle's cloud hasn't caught on (TechRepublic)
Oracle is its own worst enemy when it comes to its cloud ambitions.

Google Next 2018: A deeper dive on AI and machine learning advances

Google Cloud announcements bring deep learning and big data analytics beyond data scientists, but enterprises will want more.

Microsoft Surface Go (CNET)

The new Microsoft Surface Go is the perfect size for casual coffee-shop computing, but getting the full experience quickly drives up the price.

March Latest Oracle 1z0-134 Exam Dumps Questions - Valid Oracle 1z0-134 Dumps PDF

Buy Oracle 1z0-134 - Questions Answers - Oracle 1z0-134 - Exam Dumps PDF Dumps4download

Question No : 1
My JMS Server uses a persistent file store. I need to ensure that the size of the persistent store does not exceed 1GB.Which option can I use to configure this? (Choose the best answer.)

A. Set the weblogic.store.FileSize to 1GB.
B. Set the weblogic.store.MaxFileSize to 1GB.
C. Set the weblogic.store.TotalFileSize to 1GB.
D. The file size limit must be configured at the operating system level.

Answer: D

Question No : 2
In your production environment, you have deployed an application that is accessing a registered Java EE shared library as well as an application deployment plan. In addition, both the library and the application annotations for some of their configuration properties.You are attempting to understand the current state of the properties that have been used in this deployment.From greatest to least, what is the correct order of precedence that is used by WebLogic Server when applying configuration properties during deployment? (Choose the best answer.)

A. Deployment Plan, Application descriptors, Library descriptors, Application annotations,
Library annotations
B. Deployment Plan, Application annotations, Library annotations, Application descriptors,Library descriptors
C. Deployment Plan, Library descriptors, Application descriptors, Library annotations,Application annotations
D. Deployment Plan, Application descriptors, Application annotations, Library descriptors,Library annotations
E. Deployment Plan, Library descriptors, Library annotations, Application descriptors,Application annotations

Answer: D
Explanation:
The elements of the Enterprise application's descriptor itself have precedence over all elements in the library descriptors.The deployment descriptor can still override values defined in the annotation.

2018 Verified Oracle 1z0-134 - Exam Questions - Oracle 1z0-134 - Dumps PDF Dumps4download

Question No : 3

You are concerned with messages being received systematically. You designed MessageDriven beans (MDB) to guarantee the most reliable way to consume messages. In which three scenarios would JMS always redeliver a message? (Choose three.)

A. when the onMessaqe() method of the MDB throws a Java error

B. when the transaction the MDB participates in eventually fails and rolls back

C. when the onMessage() method fails to acknowledge the reception of the message

D. when messages are not being sent as part of a transaction

E. when messages are non-persistent

Answer: B,C,D

Explanation:

An MDB pool processes each message at least once. Potentially, a message can be process more than once:

* If an application fails, a transaction rolls back, or the hosting server instance fail during or after the onMessage() method completes but before the message is acknowledged or committed, the message will be redelivered and processed again.

* Non-persistent messages are also redelivered in the case of failure, except for the case where the message's host JMS server shuts down or crashes, in which case the messages are destroyed.To ensure that a message is processed exactly once, use container-managed transactions so that failures cause transactional MDB work to rollback and force the message to be redelivered.

Question No : 4

As part of a manual migration of JMS-related services, you just configured a custom file store and targeted it to the same migratable target as the JMS server. Which two statements pertain to the successful configuration of this JMS store and the manual migration? (Choose two.)

A. The custom store could be made available to a backup server target with prernigration/post-migration scripts.

B. The custom store should not be targeted to the same migratable target as the migratable service.

C. All the candidate servers in the migratable target should have access to this custom store.

D. The JMS server that is using the default file store should be migrated to a migratable target.

Answer: A,C

Explanation:

For persistent messaging, you must configure a custom persistent store that is targeted to the same migratable target as the JMS service. Unless you are using pre/post migration scripts to move the store data across migrated servers, the custom store must be

configured such that all the candidate servers in the migratable target have access to it.

Download Oracle 1z0-134 - Exam Dumps - Oracle 1z0-134 - Dumps Questions Dumps4download.us

Question No : 5

What does the WLST command pwd() do?

A. Displays the current location in the configuration or runtime bean hierarchy.

B. Displays the location in the file system where the current WLST session was launched.

C. Initiates an operation to change the current WLST user’s password.

D. Prints the name of the current domain.

E. Prints the name of the current server.

Answer: A

Explanation:

The pwd command displays the current location in the configuration or runtime bean hierarchy.This command is useful when you have turned off the prompt display of the path information using the prompt command.

Question No : 6

You are required to configure a Coherence cluster for a WebLogic domain. Review the image below for the architecture of the WebLogic domain.

The configuration represents the following:

Based on this configuration, what is the typical configuration of a Coherence cluster for this domain?

A. Single Coherence cluster that includes both WebLogic clusters.EAR cluster is storagedisabled.GAR cluster is storage-enabled.

B. Single Coherence cluster that includes both WebLogic clusters/EAR cluster is storageenabled.GAR cluster is storage-disabled.

C. A Coherence cluster for each WebLogic cluster.EAR and GAR clusters use a replicated topology with storage enabled.

D. Single Coherence cluster that includes both WebLogic clusters.EAR and standalone GAR clusters are both storage-enabled.

Answer: A

Explanation:

A Coherence cluster can contain any number of managed Coherence servers. The servers can be standalone managed servers or can be part of a WebLogic Server cluster that is associated with a Coherence cluster.

* storage-disabled – a managed Coherence server that is not responsible for storing data and is used to host Coherence applications (cache clients). A Coherence application GAR

is packaged within an EAR and deployed on storage-disabled managed Coherence

servers.

* storage-enabled – a managed Coherence server that is responsible for storing data in the cluster. Coherence applications are packaged as Grid ARchives (GAR) and deployed on

storage-enabled managed Coherence servers.

2018 Oracle 1z0-134 - Exam Dumps Questions - March Oracle 1z0-134 - Dumps PDF

Question No : 7

You are creating a Domain Template to simplify the process of deploying a domain across multiple hosts.Which five types of information can be included in a Domain Template? (Choose five.)

A. domain configuration, those included in the config.xml file

B. Java Enterprise Edition (Java EE) applications and shared libraries

C. Windows and UNIX server start scripts

D. Windows Start menu entries

E. custom folders and files

F. LDAP data

G. JTA log

H. e-mail notification settings

Answer: A,B,C,D,E

Explanation: A: config.xml and any JDBC and JMS resources defined in config.xml are not displayed in the Current Template View pane by default because the Domain Template Builder automatically includes them in the template when creating the template. B: The Add or Omit Applications screen is displayed only if applications are included in the template or domain that you selected. C: When you are creating a template, you want the scripts and files that you are packaging with your template to be free of local domain environment settings and ready for use by the Configuration Wizard. The Domain Template Builder automatically updates any standard scripts included in a template (such as start scripts) by replacing hard-coded values for various domain environment settings with replacement variables. D: The Specify Start Menu Entries screen prompts you to create items to be added to the Windows Start menu. E: By default, the Domain Template Builder includes files from the WebLogic domain or template you specified as the source for the new template. If you selected a domain as the source for your new template, some files and directories are included automatically. 

Question No : 8

You have a multithreaded application that looks up the WebLoqic JMS ConnectionFactory object from the JNDI tree.Which statement is correct in this scenario? (Choose the best answer.)

A. It is not permitted. A multithreaded application cannot access the ConnectionFactory object.

B. The access to ConnectionFactory object MUST be synchronized.

C. The ConnectionFactory object can be referenced in a multithreaded application without any special considerations.

D. Multiple threads trying to use the ConnectionFactory object simultaneously will throw an exception.

E. In a multithreaded scenario, connection objects cannot be safely created from the ConnectionFactory.

Answer: B

Explanation: 

A connection factory supports concurrent use, enabling multiple threads to access the object simultaneously. A session and its message producers and consumers can only be accessed by one thread at a time (i.e. the access must be synchronized). Their behavior is undefined if multiple threads access them simultaneously.

Oracle 1z0-134 - Question Answers - Valid Oracle 1z0-134 - Dumps PDF Dumps4download

Question No : 9

You are monitoring a WebLogic JDBC data source and have decided to drop some connections because an earlier peak usage condition has now ended. In addition, this data source has not been enabled for automatic shrinking. What will occur once you execute the shrink() method on that JDBCDataSourceRuntimeMBean?

A. The number of connections in the pool will be reduced to the greater of either the current number of connections in use or to the minCapacity property setting.

B. The number of connections in the pool will be reduced to the current number of connections in use regardless of the minCapacity property setting.

C. The number of connections in the pool will be reduced to the minCapacity property setting regardless of the current number of connections in use.

D. The number of unused connections in the pool will be reduced by half.

Answer: A

Explanation:

When you shrink a data source, WebLogic Server reduces the number of connections in the pool to the greater of either the initial capacity or the number of connections currently in

use.

Question No : 10

A Web Module needs specific tuning. The Development team fine tunes the module in the deployment descriptor (weblogic.xml) as follows:

Which two are true? (Choose two.)

A. MyWorkManager is an application-scoped Work Manager.

B. Add the line <wl-dispatch-policy>MyWorkManager</wl-dispatch-policy> before <workmanager> tags in weblogic.xml to make the Web Module use the Work Manager MyWorkManager.

C. MyWorkManager is a Global Work Manager.

D. MyWorkManager is a Default Work Manager.

E. Once the application is deployed and started on a Managed WebLogic Server, MyWorkManager will appear under Environment/Work Managers on the WebLogic Console.

Answer: A,B

Explanation:

Get 2018 Oracle 1z0-134 - Exam Updates - 1z0-134 Questions With Valid Answers - Dumps