PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free Oracle 1Z0-116 Practice Questions

Pass your Oracle Database Security Administration (1Z0-116) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free

Loading practice questions...

Same family resources

Explore More Oracle Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

Oracle SQL

Practice Questions1 blog

OCI AI Foundations

Practice Questions

OCI Architect

Practice Questions

OCI Foundations

Practice Questions

Oracle DBA

Practice Questions

OCI 2025 Data Science Professional (1Z0-1110-25)

Practice Questions

More From This Family

Videos and articles for deeper review.

ArticleOracle SQL 1Z0-071 Exam Guide 2026: Official Facts, Topic Traps, and Practice Plan12 min read
2026 Statistics

Key Facts: Oracle 1Z0-116 Exam

72 questions

Oracle 1Z0-116 has 72 multiple choice and multiple select questions

Oracle University - 1Z0-116 exam page

120 minutes

Time limit for the 1Z0-116 Database Security Administration exam

Oracle University - 1Z0-116 exam page

59%

Published passing score for the 1Z0-116 exam

Oracle University - 1Z0-116 exam page

12c and 19c

Oracle Database versions the 1Z0-116 exam is validated against

Oracle University - 1Z0-116 exam page

US$245

Registration fee for the Oracle 1Z0-116 exam (varies by country)

Oracle University / Pearson VUE

Unified auditing

Primary auditing model tested, available from Oracle Database 12c

Oracle Database 19c Security Guide

TDE

Transparent Data Encryption secures data at rest at column and tablespace level

Oracle Database 19c Advanced Security Guide

100

Free original practice questions in this OpenExamPrep bank

OpenExamPrep

Oracle Database Security Administration (1Z0-116) is a professional-level Oracle exam of 72 multiple choice and multiple select questions in 120 minutes, with a passing score of about 59%. It is validated against Oracle Database 12c and 19c and earns the Oracle Database Security Administration certification. Major topics include user and authentication management, authorization and Virtual Private Database, Oracle Database Vault, unified and fine-grained auditing, Transparent Data Encryption and network encryption, Oracle Data Redaction and Data Masking. The registration fee is about US$245. This 100-question bank provides original practice written to the official objectives with explanations for every answer.

Sample Oracle 1Z0-116 Practice Questions

Try these sample questions to test your Oracle 1Z0-116 exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Which Oracle term describes the recommended layered approach that combines preventive, detective and administrative controls to protect a database against the broadest range of threats?
A.Maximum Availability Architecture
B.Maximum Security Architecture
C.Defense Patch Bundle
D.Secure Configuration Baseline
Explanation: Oracle's Maximum Security Architecture (MSA) is the reference model that layers encryption, access control, auditing and assessment controls to reduce database risk. It is distinct from the Maximum Availability Architecture, which targets uptime rather than security.
2Which Oracle tool produces a report on database configuration, users, privileges and security feature usage to help assess risk and recommend hardening steps?
A.Database Security Assessment Tool (DBSAT)
B.Automatic Workload Repository (AWR)
C.SQL Tuning Advisor
D.Data Pump
Explanation: The Database Security Assessment Tool (DBSAT) collects configuration, user, privilege and feature-usage data and produces findings with recommendations, helping administrators assess and reduce security risk. AWR, SQL Tuning Advisor and Data Pump are performance or data-movement tools.
3A security review wants to reduce the database attack surface. Which action most directly reduces it?
A.Increasing the SGA size
B.Revoking unnecessary privileges and locking unused default accounts
C.Enabling parallel query
D.Raising OPEN_CURSORS
Explanation: Applying least privilege by revoking unneeded privileges and locking or expiring unused default accounts directly shrinks the attack surface. SGA size, parallel query and OPEN_CURSORS are performance settings that do not affect security exposure.
4Why does Oracle recommend applying Release Updates (RUs) promptly as part of a security program?
A.They increase the database block size
B.They deliver security fixes that close known vulnerabilities
C.They are required to enable archive logging
D.They reset all user passwords
Explanation: Quarterly Release Updates bundle security fixes that remediate publicly known CVEs and other vulnerabilities, so timely patching is a core preventive control. They do not change block size, enable archive logging or reset passwords.
5Which statement best describes the principle of separation of duties in a secure Oracle Database deployment?
A.A single DBA holds all administrative and security responsibilities
B.Database administration and security administration are split among different roles or people
C.All users share one administrative account
D.Auditing is disabled to simplify operations
Explanation: Separation of duties divides powerful responsibilities so no single account or person controls both day-to-day administration and the security configuration, reducing the risk of misuse. Oracle Database Vault is the feature that enforces this in the database.
6Which category of control does auditing primarily provide in a defense-in-depth strategy?
A.Preventive control
B.Detective control
C.Corrective control
D.Physical control
Explanation: Auditing records activity so suspicious or unauthorized actions can be detected after the fact, making it a detective control. Encryption and access control are preventive; restoring from backup is corrective.
7A compliance requirement states that personal data must be unreadable if storage media is stolen. Which Oracle feature most directly satisfies this 'data at rest' requirement?
A.Virtual Private Database
B.Transparent Data Encryption
C.Unified auditing
D.Secure application roles
Explanation: Transparent Data Encryption (TDE) encrypts data at rest in datafiles, so stolen media cannot be read without the keystore and master key. VPD filters rows, auditing records access, and secure application roles control privileges, none of which protect physically stolen files.
8Which of the following is a common database attack point that a security assessment should examine?
A.The number of redo log groups
B.SQL injection through application input
C.The size of the temporary tablespace
D.The default block checksum setting
Explanation: SQL injection, where untrusted input is concatenated into SQL, is a classic application-layer attack point that assessments evaluate, typically recommending bind variables and least privilege. Redo log count, temp tablespace size and block checksums are availability or integrity settings, not attack vectors.
9What does the principle of least privilege require when granting access to an application schema?
A.Grant DBA to simplify management
B.Grant only the specific privileges the application actually needs
C.Grant ALL PRIVILEGES but audit usage
D.Grant SYSDBA to the application user
Explanation: Least privilege means granting only the exact object and system privileges an application requires to function, and nothing more, which limits the damage from a compromised account. Granting DBA, ALL PRIVILEGES or SYSDBA violates the principle.
10Which Oracle feature is designed specifically to protect sensitive data from being viewed by highly privileged users such as a DBA, while still allowing them to perform administration?
A.Oracle Database Vault
B.Oracle Text
C.Oracle Spatial
D.Automatic Storage Management
Explanation: Oracle Database Vault uses realms and command rules to block even SYS or a DBA from accessing protected application data unless explicitly authorized, while normal administration continues. Oracle Text, Spatial and ASM are unrelated to privileged-user controls.

About the Oracle 1Z0-116 Exam

The Oracle Database Security Administration (1Z0-116) exam validates the ability to secure an Oracle Database against modern threats and meet regulatory requirements. It is validated against Oracle Database 12c and 19c and tests user and authentication management, authorization with privileges, roles and Virtual Private Database, Oracle Database Vault, unified and fine-grained auditing, Transparent Data Encryption, native network encryption, Oracle Data Redaction and Data Masking and Subsetting. Passing it earns the Oracle Database Security Administration certification. The exam is delivered as a proctored multiple choice test through Oracle University and Pearson VUE.

Assessment

72 multiple choice and multiple select questions covering Oracle Database security administration: security assessment, user and authentication management, authorization and VPD, Database Vault, auditing, encryption and network security, data redaction and masking.

Time Limit

120 minutes.

Passing Score

59% (published on the official Oracle exam page and subject to Oracle revision).

Exam Fee

US$245 registration fee (varies by country and currency; confirm on Oracle University / Pearson VUE). (Oracle University (delivered by Pearson VUE))

Oracle 1Z0-116 Exam Content Outline

12%

Security Overview and Assessment

Identify security risks and compliance drivers, recognise common database attack points, apply the Maximum Security Architecture, and use the Database Security Assessment Tool (DBSAT) and timely patching to reduce risk.

16%

User and Authentication Management

Create and manage users and profiles, enforce password complexity and lifecycle with profiles and verification functions, and configure OS, Kerberos, PKI/certificate, centrally managed users and enterprise user security.

18%

Authorization, Roles and VPD

Grant system and object privileges, design roles and secure application roles, implement fine-grained access control with Virtual Private Database (VPD), and use application contexts, USERENV and client identifiers for least privilege.

12%

Oracle Database Vault

Protect sensitive data from highly privileged users using realms, command rules, rule sets, factors and separation of duties so that SYSDBA-level access alone cannot read or change protected objects.

16%

Auditing

Configure unified auditing and audit policies, use predefined policies, implement fine-grained auditing (FGA), manage and purge the unified audit trail, and enrich audit records with context information.

16%

Encryption and Network Security

Implement Transparent Data Encryption (TDE) for columns and tablespaces, manage software keystores and the TDE master key, integrate Oracle Key Vault, and enable native network encryption and integrity for SQL*Net traffic.

10%

Data Redaction and Data Masking

Create Oracle Data Redaction policies using full, partial, random and regular-expression redaction at query time, and use Data Masking and Subsetting to protect sensitive data in non-production environments.

How to Pass the Oracle 1Z0-116 Exam

What You Need to Know

  • Passing score: 59% (published on the official Oracle exam page and subject to Oracle revision).
  • Assessment: 72 multiple choice and multiple select questions covering Oracle Database security administration: security assessment, user and authentication management, authorization and VPD, Database Vault, auditing, encryption and network security, data redaction and masking.
  • Time limit: 120 minutes.
  • Exam fee: US$245 registration fee (varies by country and currency; confirm on Oracle University / Pearson VUE).

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

Oracle 1Z0-116 Study Tips from Top Performers

1Build a hands-on Oracle Database 19c lab and actually configure TDE, a Database Vault realm, a VPD policy, a unified audit policy and a redaction policy; the exam rewards practical experience over memorisation.
2Know the TDE key hierarchy cold: the TDE master encryption key lives in a keystore (software or Oracle Key Vault) and protects the table and tablespace keys that encrypt the data.
3For unified auditing, practise CREATE AUDIT POLICY, AUDIT POLICY, NOAUDIT and querying UNIFIED_AUDIT_TRAIL, and know that the trail is read-only and purged with DBMS_AUDIT_MGMT.
4Understand Database Vault separation of duties: realms protect objects, command rules restrict commands, and even SYS or a DBA cannot bypass a realm without authorization.
5Distinguish Data Redaction (alters data at query time, original stored data unchanged) from Data Masking and Subsetting (permanently replaces data, used for non-production copies).
6Review the password and profile features: PASSWORD_VERIFY_FUNCTION, FAILED_LOGIN_ATTEMPTS, PASSWORD_LIFE_TIME and the gradual database password rollover introduced in 19c.

Frequently Asked Questions

How many questions are on the Oracle 1Z0-116 exam and how long is it?

The 1Z0-116 exam has 72 multiple choice and multiple select questions and a time limit of 120 minutes. It is delivered as a proctored exam through Oracle University and Pearson VUE.

What is the passing score for 1Z0-116?

The published passing score is about 59%. Oracle sets and may revise passing scores per exam, so confirm the current value on the official Oracle Database Security Administration exam page before you sit it.

Which Oracle Database versions does 1Z0-116 cover?

The exam is validated against Oracle Database 12c and 19c. Most candidates prepare on a 19c environment, which is the long-term support release for these security features.

What topics does 1Z0-116 cover?

It covers security assessment, user and authentication management, authorization and Virtual Private Database, Oracle Database Vault, unified and fine-grained auditing, Transparent Data Encryption and network encryption, and Oracle Data Redaction and Data Masking.

Is traditional auditing or unified auditing tested?

Unified auditing is the focus of the exam. From Oracle Database 12c onward, unified auditing consolidates audit records into a single read-only trail and uses audit policies created with CREATE AUDIT POLICY rather than AUDIT_TRAIL parameters alone.

Are these official Oracle exam questions?

No. These are original OpenExamPrep practice questions written to the published 1Z0-116 objectives. Oracle does not release live exam items; use these alongside the Oracle Database Security Guide and hands-on labs.