1z0-1104-23 Exam PDF [2024] Tests Free Updated Today with Correct 172 Questions
Oracle 1z0-1104-23 Exam Preparation Guide and PDF Download
NEW QUESTION # 59
What are Virtual Cloud Network (VCN) flow logs record details about traffic that has been accepted or rejected, based on? (Choose the best Answer.)
- A. Security Rules on Security List and Network Security Groups (NSGA)
- B. Instance Principals governing all compute Distances in a given compartment
- C. Route Rules in the VCN default Route Table
Answer: A
NEW QUESTION # 60
A company plans to use Oracle Cloud services for their production and development environments, but they have different security requirements. Their security policy forbids development environment users from having access to the production environment and requires separate administrators to manage each environment. The company has only one tenancy in Oracle Cloud. How can they ensure that their security requirements are met in Oracle Cloud? (Choose the best Answer.)
- A. Use a single identity domain for both production and development environments to simplify administration.
- B. Create multiple identity domains, one for the production environment and another for the development environment.
- C. Assign the same identity domain administrator to both the production and development environments.
- D. Create a separate tenancy for the production environment to isolate administrative control.
Answer: B
NEW QUESTION # 61
You need to set up instance principals so that an application running on an Oracle Cloud Infrastructure (OCI) instance can call public OCI services, without the need to configure user credentials. A developer in your team has already configured the application to authenticate using the instance principals provider. Which is NOT a necessary step to complete this set up? (Choose the best Answer.)
- A. Generate Auth Tokens to enable instances in the dynamic group to authenticate with APIs.
- B. Deploy the application to all the instances that belong to the dynamic group
- C. Create a dynamic group with matching rules to specify which instances you want to al-low to make API calls against services.
- D. Create a policy granting permissions to the dynamic group to access services in your compartment or tenancy
Answer: A
NEW QUESTION # 62
which two responsibilities will be oracle when you move your it infrastructure to oracle cloud infrastructure?
- A. MAINTAINING CUSTOMER DATA
- B. PROVIDING STRONG SECURITY LIST
- C. Strong Isolation
- D. ACCOUNT ACCESS MANAGEMENT
- E. Strong IAM Framework
Answer: C,E
Explanation:
Oracle is responsible for providing a strong Identity and Access Management (IAM) framework in OCI. The IAM service lets you control who has access to your cloud resources, what type of access they have, and to which specific resources. You can find more details about this in the Oracle Cloud Infrastructure documentation.
Oracle also ensures strong isolation in its cloud infrastructure, which means that your resources are isolated from other tenants and from Oracle staff. This isolation extends from physical separation of hardware all the way up to access controls on APIs. You can find more details about this in the Oracle Cloud Infrastructure documentation.
NEW QUESTION # 63
Which storage type is most effective when you want to move some unstructured data, consisting of images and videos, to cloud storage?
- A. Archivestorage
- B. Block volume
- C. Standard storage
- D. File storage
Answer: C
Explanation:
Use Oracle Cloud Infrastructure Object Storage for data to which you need fast, immediate, and frequent access. Data accessibility and performance justifies a higher price point to store data in the Object Storage tier.
The Object Storage service can store an unlimited amount of unstructured data of any content type, including analytic data and rich content, like images and videos.
https://docs.oracle.com/en/solutions/learn-migrate-app-data-to-cloud/considerations-object-storage.html#GUID-AC192B08-5160-4DA7-B43E-001753D99CF1
NEW QUESTION # 64
What would you use to make Oracle Cloud Infrastructure Identity and Access Management govern resources in a tenancy?
- A. Users
- B. Groups
- C. Dynamic groups
- D. Policies
Answer: D
Explanation:
Explanation
POLICY
A document that specifies who can access which resources, and how. Access is granted at the group and compartment level, which means you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy itself. If you give a group access to the tenancy, the group automatically gets the same type of access to all the compartments inside the tenancy. For more information, see Example Scenario and How Policies Work. The word "policy" is used by people in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization usesto control access to resources.
https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/overview.htm
NEW QUESTION # 65
Hardware Security Modules (HSMs) in Oracle Key Management meet which Federal In-formation Processing Standards (FIPS) standard security certification that requires HSMs to be tamper-resistant and authentication to be identity-based? (Choose the best Answer.)
- A. FIPS 140-1 Level 1
- B. FIPS 140 2 Level 3
- C. FIPS 140-3 Level 3
- D. FIPS 140-2 Level 2
Answer: B
NEW QUESTION # 66
A company, ABC, is planning to launch a new web application on OCI. Based on past experiences, they expect a significant surge in traffic after the launch. You are responsible for ensuring that the application is highly available. Which step would you perform to achieve this goal? (Choose the best Answer.)
- A. Use a load balancer to distribute incoming traffic evenly across multiple instances of the web application.
- B. Use a Virtual Cloud Network (VCN) with subnets, security lists, and routing rules to isolate the web application from the Internet and other resources.
- C. Configure Cloud Guard to prevent large amounts of traffic from reaching the web application.
- D. Implement security controls, such as web application firewalls, to protect against com-mon attack vectors.
Answer: A
NEW QUESTION # 67
Which Cloud Guard component identifies issues with resources or user actions and alerts you when an issue is found?
- A. Detectors
- B. Problems
- C. Responders
- D. Targets
Answer: A
Explanation:
Detector
Performs checks to identify potential security problems based on activities or configurations. Rules followed to identify problems are the same for allcompartments in a target.
https://docs.oracle.com/en-us/iaas/cloud-guard/using/part-start.htm
NEW QUESTION # 68
What does the following identity policy do?
Allow group my-group to use fn-invocation in compartment ABC where target.function.id = '<function-OCID>'
- A. Enables users to invoke all the functions in a specific application
- B. Enables users to invoke just one specific function
- C. Enables users to invoke all the functions in a compartment except for one specific function
- D. Enables users in a group to create, update, and delete ALL applications and functions in a compartment
Answer: B
Explanation:
The policy Allow group my-group to use fn-invocation in compartment ABC where target.function.id = '<function-OCID>' gives the group my-group permission to invoke a specific function (identified by its OCID) in the compartment ABC. The fn-invocation verb allows a group to invoke a function, and the condition where target.function.id = '<function-OCID>' ensures that only the specified function can be invoked by this group
NEW QUESTION # 69
Challenge 4 - Task 3 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Go to the VCN IAD-WAF-PBT-VCN-01.
Create a Security List with the name IAD-SP-PBT-LB-SL-01.
Create a Public subnet named LB-Subnet-IAD-SP-PBT-SNET-02 and attach the above-created security list.
Create a Load Balancer with the name IAD-SP-PBT-LB-01.
Create a Listener Name with the name IAD_SP_PBT_LB_LISN_01.
Add appropriate Ingress and Egress rules to IAD-SP-PBT-LB-SL-01, to allow http traffic to the Load Balancer subnet.
Answer:
Explanation:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select <your assigned compartment> from the drop-down menu.
Click IAD-WAF-PBT-VCN-01 from the list of VCNs.
In the left navigation pane, under Resources, click Security Lists.
Click Create Security List.
In the Create Security List dialogue box, enter the following: a) Name: IAD-SP-PBT-LB-SL-01 b) Do not add any ingress or egress rules. c) Click Create Security List.
In the left navigation pane, under Resources, click Subnets.
Click Create Subnet.
In the Create Subnet dialogue box, enter the following: a) Name: LB-Subnet-IAD-SP-PBT-SNET-02 b) Create in Compartment: <your working compartment name> c) Subnet Type: Regional d) IPv4 CIDR Block: 10.0.4.0/24 e) Security List: From the drop-down menu, select the Security List you had created earlier, IAD-SP-PBT-LB-SL-01.
Click Create Subnet.
You now see that the subnet has been created successfully.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
NEW QUESTION # 70
As a Security Admin you want to inspect the metadata and actual data in your Oracle databases to discover sensitive data and provide comprehensive results listing the sensitive columns and related information. Which Data Safe feature will help you to achieve the above requirement ?
- A. Data Discovery
- B. Data Masking
- C. Security Assessment
- D. User Assessment
Answer: A
Explanation:
NEW QUESTION # 71
Which three Oracle Cloud Infrastructure (OCI) services are covered by Cloud Guard? (Choose three.)
- A. Database Cloud Service
- B. Object Storage
- C. Identity and Access Management (IAM)
- D. Blockchain
- E. Oracle Integration Osud (OIC)
Answer: A,B,C
NEW QUESTION # 72
Which are the three prerequisites for successfully configuring a Bastion managed SSH ses-sion to a compute instance in a private subnet? (Choose three.)
- A. The private subret must not have any gateway in it
- B. The route table associated with the subnet needs to have a route rule to a service or NAT gateway.
- C. The private subnet must have a service or NAT gateway.
- D. The compute instance must have the Bastion cloud agent enabled.
- E. The SSH port forwarding feature needs to be enabled
- F. The compute instance must have the Bastion cloud agent disabled
Answer: B,C,D
NEW QUESTION # 73
you want to create a stateless rule forSSH in security list and the ingress role has already been properly configured what combination should you use on the engress role what commination should you use on the egress rule?
- A. select tcp for protocol: enter 22 for source port" and all for destinationport
- B. select udp for protocol: enter 22 for source port" and all for destination port
- C. select tcp for protocol: enter 22 for source port" and 22 for destination port
- D. select tcp for protocol: enter all for source port" and 22 for destination port.
Answer: D
Explanation:
Explanation
For SSH traffic, which uses TCP protocol and port 22, you would want to allow all source ports to connect to your destination port 22. This is because the source port for an SSH client can be any available port number.
NEW QUESTION # 74
What do the features of OS Management Service do?
- A. Encourage manual setup to avoid machine-induced errors.
- B. Provide paid service and support to OCI subscribers for fixes on priority.
- C. Add complexity in using multiple tools tomanage mixed-OS environments.
- D. Increase security and reliability by regular bug fixes.
Answer: D
Explanation:
Explanation
https://docs.oracle.com/en/solutions/oci-best-practices/manage-your-operating-systems1.html
NEW QUESTION # 75
Which statements are CORRECT about Multi-Factor Authentication in OCI ? Select TWO correct answers
- A. Users cannot enable MFA for themselves
- B. Members of the Administrators group cannot enable MFA for another user
- C. A user can registermultiple devices to use for MFA.
- D. Members of the Administrators group can disable MFA for other users
Answer: B,D
Explanation:
NEW QUESTION # 76
......
Oracle 1z0-1104-23 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
Verified & Correct 1z0-1104-23 Practice Test Reliable Source May 25, 2024 Updated: https://pass4sure.actual4cert.com/1z0-1104-23-pass4sure-vce.html