Free 1z0-1104-23 pdf Files With Updated and Accurate Dumps Training
Top-Class 1z0-1104-23 Question Answers Study Guide
Oracle 1z0-1104-23 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
NEW QUESTION # 79
You are part of the security operations of an organization with thousands of users accessing Oracle Cloud Infrastructure (OCI). It is reported that an unknown user action was executed resulting in configuration errors. You are tasked with identifying the details of all users who were active in the last six hours along with any REST API calls that were executed. Which OCI feature should you use? (Choose the best Answer.)
- A. Service Connector Hub
- B. Management Agent Log Ingestion
- C. Object Collector Rule
- D. Audit Analysis Dashboard
Answer: D
NEW QUESTION # 80
Which of these protects customer data at rest and in transit in a way that allows customers to meet their security and compliance requirements forcryptographic algorithms and key management?
- A. Identity Federation
- B. Security controls
- C. Data encryption
- D. Customer isolation
Answer: C
Explanation:
DATA ENCRYPTION
Protect customer data at-rest and in-transit in a way that allows customers to meet their security and compliance requirements for cryptographic algorithms and key management.
https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_overview.htm
NEW QUESTION # 81
Challenge 1 - Task 3 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Complete the following task in the OCI environment provisioned:
Create a new VCN with the name PBT_SECRET_VCN01 and public subnet within your assigned compartment.
Answer:
Explanation:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Virtual Cloud Network.
From the left navigation pane, under List Scope, select your working compartment from the drop-down menu.
Click Start VCN Wizard.
Select Create VCN with Internet Connectivity and click Start VCN Wizard.
On the Configuration page, enter the following:
Name: PBT_SECRET_VCN01
Compartment: your compartment name
Note: Leave all the other options in their default setting.
Click Next.
Verify the details on the Review and Create page.
Click Create to start creating the VCN and its resources.
Click View Virtual Cloud Network to verify the creation of the VCN and its resources.
You can now see that the VCN has been successfully created and is in the Available state, with the following components: VCN, Public subnet, Private subnet, Internet gateway, NAT gateway, Service gateway.
NEW QUESTION # 82
A company plans to use Oracle Cloud services for their production and development environments, but they have different security requirements. Their security policy forbids development environment users from having access to the production environment and requires separate administrators to manage each environment. The company has only one tenancy in Oracle Cloud. How can they ensure that their security requirements are met in Oracle Cloud? (Choose the best Answer.)
- A. Assign the same identity domain administrator to both the production and development environments.
- B. Use a single identity domain for both production and development environments to simplify administration.
- C. Create a separate tenancy for the production environment to isolate administrative control.
- D. Create multiple identity domains, one for the production environment and another for the development environment.
Answer: D
NEW QUESTION # 83
Which of the following is necessary step when creating a secret in vault?
- A. Shamir's secret sharing algorithm should be used to unseal the vault
- B. Vault-managed key is necessary to encrypt the secret
- C. Object Storage must be created to run secret service
- D. Digest Hash shouldbe created of the secret value
Answer: B
Explanation:
Explanation
https://docs.oracle.com/en/database/other-databases/essbase/21/essad/create-vault-and-secrets.html
NEW QUESTION # 84
You are using a custom application with third-party APIs to manage application and data hosted in an Oracle Cloud Infrastructure(OCI) tenancy. Although your third-party APIs don't support OCI's signature-based authentication, you want them to communicate with OCI resources. Which authentication option must you use to ensure this?
- A. SSH Key Pair with 2048-bit algorithm
- B. API Signing Key
- C. OCI username and Password
- D. Auth Token
Answer: D
Explanation:
An auth token in OCI is an Oracle-generated token that you can use to authenticate with third-party APIs78. This can be useful when the third-party APIs do not support OCI's signature-based authentication
NEW QUESTION # 85
Which statement about Oracle Cloud Infrastructure Multi-Factor Authentication (MFA)is NOT valid?
- A. Users must install a supported authenticator app on the mobile device they intend to register for MFA.
- B. Users cannot disable MFA for themselves.
- C. A user can register only one device to use for MFA.
- D. An administrator can disable MFA for another user.
Answer: B
Explanation:
In Oracle Cloud Infrastructure, users can disable Multi-Factor Authentication (MFA) for themselves456. If a user loses their MFA device or wants to register a new one, they can disable MFA for their account and then set it up again with the new device
NEW QUESTION # 86
You are using a custom application with third-party APIs to manage application and data hosted in an Oracle Cloud Infrastructure (OCI) tenancy. Although your third-party APIs do not support OCI's signature-based authentication, you want them to communicate with OCI resources Which authentication option should you use to ensure this? (Choose the best Answer.)
- A. Auth Tokens
- B. OCI Username and password
- C. SSH Kay Par with 2048-bit algorithm
- D. At Signing Key
Answer: A
NEW QUESTION # 87
Logical isolation for resources is provided by which OCI feature?
- A. Tenancy
- B. Availability Zone
- C. Region
- D. Compartments
Answer: D
Explanation:
Explanation
Compartments in Oracle Cloud Infrastructure (OCI) are a fundamental component that allows you to create a heterogeneous collection of resources for organization, security isolation, and access control123. They provide a global logical namespace where policies can be enforced, similar to folders in a file system3. By being global, they stretch out to all OCI regions within a given tenancy3.
NEW QUESTION # 88
Which securityissues can be identified by Oracle Vulnerability Scanning Service? Select TWO correct answers
- A. CISpublished Industry-standard benchmarks
- B. SQL Injection
- C. Distributed Denial of Service (DDoS)
- D. Ports that are unintentionally left open can be a potential attack vector for cloud resources
Answer: A,D
Explanation:
NEW QUESTION # 89
You subscribe to a PaaS service that follows the Shared Responsibility model.
Which type of security is your responsibility?
- A. Data
- B. Guest OS
- C. Network
- D. Infrastructure
Answer: A
Explanation:
Explanation
https://www.oracle.com/a/ocom/docs/cloud/oracle-ctr-2020-shared-responsibility.pdf
NEW QUESTION # 90
You create a new compartment, "apps," to host some production apps and you create an apps_group and added users to it.
What would you do to ensure the users have access to the apps compartment?
- A. Add an IAM policy for the individual users to access the apps compartment.
- B. No action is required.
- C. Add an IAM policy for apps_group granting access to the apps compartment.
- D. Add an lAM policy to attach tenancy to the apps group.
Answer: C
Explanation:
In Oracle Cloud Infrastructure, you can ensure that users have access to a specific compartment by adding an IAM policy for the group those users belong to, granting access to that compartment45.
NEW QUESTION # 91
Hardware Security Modules (HSMs) in Oracle Key Management meet which Federal In-formation Processing Standards (FIPS) standard security certification that requires HSMs to be tamper-resistant and authentication to be identity-based? (Choose the best Answer.)
- A. FIPS 140-1 Level 1
- B. FIPS 140-3 Level 3
- C. FIPS 140-2 Level 2
- D. FIPS 140 2 Level 3
Answer: D
NEW QUESTION # 92
Which WAF service component must be configured to allow, block, or log network requests when they meet specified criteria?
- A. Web ApplicationFirewall policy
- B. Origin
- C. Bot Management
- D. Protection rules
Answer: D
Explanation:
Protection rules
Protection rules can be configured to either allow, block, or log network requests when they meet the specified criteria of a protection rule. The WAF will observe traffic to your web application over time and suggest new rules to apply.
https://www.oracle.com/security/cloud-security/what-is-waf/
NEW QUESTION # 93
As a security administrator, you found out that there are users outside your co network who are accessing OCI Object Storage Bucket. How can you prevent these users from accessing OCI resources in corporate network?
- A. Create PAR to restrict access the access
- B. Create an 1AM policy and add a network source
- C. Create an 1AM policy and create WAF rules
- D. Make OCI resources private instead of public
Answer: B
Explanation:
Explanation
Graphical user interface, text, application Description automatically generated
NEW QUESTION # 94
Select the component that encompasses the overall configuration of your WAF service on OCI.
- A. Origin
- B. Bot Management
- C. Protection rules
- D. Web Application Firewall policy
Answer: D
Explanation:
WAF Policy Management
Provides an overview of web application firewall (WAF) policies, including their creation, updating, and deletion.
WAF policies encompass the overall configuration of your WAF service, includingaccess rules, rate limiting rules, and protection rules.
https://docs.oracle.com/en-us/iaas/Content/WAF/Policies/waf-policy_management.htm
NEW QUESTION # 95
Which statement is true about using custom BYOI instances in Windows Servers that are managed by OS Management Service?
- A. Windows Servers that already has the minimum agent version requires an agent update or installation.
- B. Windows Servers that does not have the minimum agent version does not require an agent update or installation.
- C. Windows Servers that does not have the minimum agent version requires an agent update or installation.
- D. Windows Servers that already has the minimum agent version does not require an agent update or installation.
Answer: C
Explanation:
https://docs.oracle.com/cd/E11857_01/install.111/e15311/agnt_install_windows.htm
NEW QUESTION # 96
What is the minimum active storage duration for logs used by Logging Analytics to be archived?
- A. 60 days
- B. 30 days
- C. 15 days
- D. 10 days
Answer: B
Explanation:
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/manage-storage.html#:~:text=The%20minimum%20Active%20Storage%20Duration,be%20archived%20is%2030%20days.
The minimum Active Storage Duration (Days) for logs before they can be archived is 30 days.
NEW QUESTION # 97
What must be configured for a load balancer to accept incoming traffic?
- A. Service Gateway
- B. SSL certificate
- C. Route table entry pointing to the listener IP address
- D. Listener
Answer: D
Explanation:
Explanation
A listener is an entity that checks for connection requests. The load balancerlistener listens for ingress client traffic using the port you specify within the listener and the load balancer's public IP.
https://docs.oracle.com/en-us/iaas/Content/GSG/Tasks/loadbalancing.htm
To create a listener:
On your Load Balancer Details page, click Listeners.
Click Create Listener.
Enter the following:
Name: Enter afriendly name. Avoid entering confidential information.
Protocol: Select HTTP.
Port: Enter 80 as the port on which to listen for incoming traffic.
Backend Set: Select the backend set you created.
Click Create.
NEW QUESTION # 98
Which type of firewalls are designed to protect against web application attacks, such as SQL injection and cross-site scripting?
- A. Incident firewall
- B. Packet filtering firewall
- C. Web Application Firewall
- D. Stateful inspection firewall
Answer: C
Explanation:
SQL injections. Cross-site scripting. Distributed denial of service(DDoS) attacks. Botnets. These are just some of the cyber-weapons increasingly being used by malicious actors to target web applications, cause data breaches, and expose sensitive business information.
Oracle WAF uses a multilayered approach to protect web applications from a host of cyberthreats including malicious bots, application layer (L7) DDoS attacks, cross-site scripting, SQL injection, and vulnerabilities defined by the Open Web Application Security Project (OWASP). When a threat is identified, Oracle WAF automatically blocks it and alerts security operations teams so they can investigate further.
https://www.oracle.com/a/ocom/docs/security/oci-web-application-firewall.pdf
NEW QUESTION # 99
......
Real Updated 1z0-1104-23 Questions & Answers Pass Your Exam Easily: https://vcetorrent.passreview.com/1z0-1104-23-exam-questions.html