Real 1z0-1104-23 dumps Accurate Questions and Answers with Free and Fast Updates
Real 1z0-1104-23 Quesions Pass Certification Exams Easily
Oracle 1z0-1104-23 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
NEW QUESTION # 85
How can you increase the expiration of a pre-authenticated request (PAR) associated with a bucket? (Choose the best Answer.)
- A. Edit the pre-authenticated request and define the desired expiration
- B. Find the Identity and Access Management (IAM) policy associated with the PAR. De-fine the desired expiration in the policy
- C. Edit the bucket metadata and change the expiration date.
- D. You cannot edit a pre-authenticated request. Delete the pre-authenticated request and recreate with the desired expiration
Answer: D
NEW QUESTION # 86
Which storage type is most effective when you want to move some unstructured data, consisting of images and videos, to cloud storage?
- A. Standard storage
- B. Archivestorage
- C. File storage
- D. Block volume
Answer: A
Explanation:
Explanation
Use Oracle Cloud Infrastructure Object Storage for data to which you need fast, immediate, and frequent access. Data accessibility and performance justifies a higher price point to store data in the Object Storage tier.
The Object Storage service can store an unlimited amount of unstructured data of any content type, including analytic data and rich content, like images and videos.
https://docs.oracle.com/en/solutions/learn-migrate-app-data-to-cloud/considerations-object-storage.html#GUID-A
NEW QUESTION # 87
Which Security Zone policy is NOT valid?
- A. Resources in asecurity zone should not be accessible from the public internet.
- B. A boot volume can be moved from a security zone to a standard compartment.
- C. Resources in a security zone must be automatically backed up regularly.
- D. A compute instance cannot be moved from a security zone to a standard compartment.
Answer: B
Explanation:
According to OCI's Security Zone policies, a boot volume cannot be moved from a security zone to a standard compartment23. This policy is in place to ensure that resources in a security zone are not moved to a potentially less secure standard compartment23.
NEW QUESTION # 88
A http web server hosted on an Oracle cloud infrastructure compute instance in a public subnet of the vcsl virtual cloudnetwork has a stateless security ingress rule for port 80 access through internet gateway stateful network security group notification for port 80 how will the Oci vcn handle request response traffic to the compute instance for a web page from the http server with port 80?
- A. due to the conflict in security configuration inbound request traffic would not be allowed
- B. network security group would supersede the security utility list and allow both inbound and outbound traffic
- C. the union of both configuration would happen and allow both inbound and outbound traffic
- D. Because there is no Egress ruled defined in Security List, The Response would not pass through Internet Gateway.
Answer: C
Explanation:
In OCI, if there's a stateless rule in the security list and a stateful rule in the network security group, both rules are evaluated. The union of both configurations would happen, allowing both inbound and outbound traffic. This means that if an incoming packet is allowed by either the security lists or the network security groups, then it's allowed into the instance. Similarly, if an outgoing packet is allowed by either, then it's allowed out of the instance
NEW QUESTION # 89
What is the minimum active storage duration for logs used by Logging Analytics to be archived?
- A. 10 days
- B. 30 days
- C. 15 days
- D. 60 days
Answer: B
Explanation:
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/manage-storage.html#:~:text=The%20minimum%20Active%20Storage%20Duration,be%20archived%20is%2030%20days.
The minimum Active Storage Duration (Days) for logs before they can be archived is 30 days.
NEW QUESTION # 90
Which OCI services can encrypt all data-at-rest ? Select TWO correct answers
- A. Geolocation Steering
- B. File Storage
- C. NAT Gateway
- D. Block Volumes
Answer: B,D
Explanation:
Explanation
Graphical user interface, text, application, email Description automatically generated
NEW QUESTION # 91
Which architecture is based on the principle of "never trust, always verify"?
- A. Federated identity
- B. Fluidperimeter
- C. Zero trust
- D. Defense in depth
Answer: C
Explanation:
Explanation
Enterprise Interest in Zero Trust is GrowingRansomware and breaches are top of the news cycle and a major concern for organizations big and small. So, many are now looking at the Zero Trust architecture and its primary principle "never trust, always verify" to provide greater protection.
According to Report Linker, the Zero Trust security market is projected to grow from USD 15.6 billion in
2019 to USD 38.6 billion by 2024 and that sounds right based on the large number of companies pitching their Zero Trustwares at RSA 2020.
The enterprise was well represented at the conference and there was a tremendous amount of interest in Zero Trust. Interestingly, even though Zero Trust environments are often made up of several solutions from multiple vendors it hasn'tprevented each of the vendors from evangelizing their flavors of Zero Trust. This left the thousands of attendees to attempt to cut through the Zero Trust buzz and noise and make their own conclusions to the best approach.
https://blogs.oracle.com/cloudsecurity/post/rsa-2020-recap-cloud-security-moves-to-the-front
NEW QUESTION # 92
You need to create matching rules for a conditional policy. Which TWO matching rules syntax can be used? (Choose two.)
- A. Key =| !='value'
- B. any/all {<condition>, <condition>,...}
- C. variable =|!="value"
- D. namespace =| !='value'
Answer: B,C
NEW QUESTION # 93
Which component helps move logging data to other services, such as archiving log data in object storage?
- A. Service Log Category
- B. Service Connector Hub
- C. Unified Monitoring Agent
- D. Agent Configuration
Answer: B
Explanation:
Explanation
Service Connector Hub
Service Connector Hub moves logging data to other services in Oracle Cloud Infrastructure. For example, use Service Connector Hub to alarm on log data, send log data to databases, and archive log data to Object Storage. For more information, see Service Connector Hub.
https://docs.oracle.com/en-us/iaas/Content/Logging/Concepts/loggingoverview.htm
NEW QUESTION # 94
Which resources can be used to create and manage from Vault Service ? Select TWO correct answers
- A. IAM
- B. Secret
- C. Cloud Guard
- D. Keys
Answer: B,D
Explanation:
Explanation
Graphical user interface, text, application Description automatically generated
NEW QUESTION # 95
which two responsibilities will be oracle when you move your it infrastructure to oracle cloud infrastructure?
- A. Strong Isolation
- B. MAINTAINING CUSTOMER DATA
- C. PROVIDING STRONG SECURITY LIST
- D. ACCOUNT ACCESS MANAGEMENT
- E. Strong IAM Framework
Answer: A,E
Explanation:
Oracle is responsible for providing a strong Identity and Access Management (IAM) framework in OCI.
The IAM service lets you control who has access to your cloud resources, what type of access they have, and to which specific resources. You can find more details about this in the Oracle Cloud Infrastructure documentation.
Oracle also ensures strong isolation in its cloud infrastructure, which means that your resources are isolated from other tenants and from Oracle staff. This isolation extends from physical separation of hardware all the way up to access controls on APIs. You can find more details about this in the Oracle Cloud Infrastructure documentation.
NEW QUESTION # 96
What are the security recommendations and best practices for Oracle Functions?
- A. Ensure that functions in a VCN have restricted access to resources and services.
- B. Add applications to network security groups for fine-grained ingress/egress rules.
- C. Define a policy statement that enables access to functions for requests coming from multiple IP addresses.
- D. Grant privileges to UID and GID 1000, such that the functions running within a container acquire the default rootcapabilities.
Answer: B
Explanation:
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm
NEW QUESTION # 97
A number of malicious requests for a web application is coming from a set of IP addresses originating from Antartica.
Which of the following statement will help to reduce these types of unauthorized requests ?
- A. Delete NAT Gateway from Virtual Cloud Network
- B. Change your home region in which your resources are currently deployed
- C. List specific set of IP addresses then deny rules in Virtual Cloud Network Security Lists
- D. Use WAF policy using Access Control Rules
Answer: D
Explanation:
A Web Application Firewall (WAF) policy can help protect your web application from malicious requests3. Access Control Rules in a WAF policy can be used to allow, block, or count requests from specific IP addresses or CIDR blocks3. This can be particularly useful when you're seeing a number of malicious requests coming from a specific set of IP addresses3. By setting up appropriate Access Control Rules, you can effectively reduce these types of unauthorized requests3.
NEW QUESTION # 98
Which of the following services are NOT Security Services in OCI ? Select TWO answers.
- A. Cloud Guard
- B. Block Volume
- C. Vault
- D. Data Guard
Answer: B,D
Explanation:
Data Guard is a feature of Oracle Database that provides a set of tools to manage data availability, and it's not a security service. It provides a comprehensive set of services that create, maintain, manage, and monitor one or more standby databases to enable production Oracle databases to survive disasters and data corruptions. You can find more details about this in the Oracle Data Guard documentation.
Block Volume is a storage service in OCI, not a security service. It provides scalable block storage using NVMe SSDs or spinning HDDs. You can find more details about this in the Oracle Cloud Infrastructure documentation
NEW QUESTION # 99
As a security architect, how can you preventunwanted bots while desirable bots are allowed to enter?
- A. Web Application Firewall (WAF)
- B. Data Guard
- C. Vault
- D. Compartments
Answer: A
Explanation:
The Web Application Firewall (WAF) in OCI provides you with the ability to create and manage rules for internet threats5. Unwanted bots can be mitigated while tactically allowing desirable bots to enter5. Access rules can be limited based on geography or the signature of the request5.
NEW QUESTION # 100
What would you use to make Oracle Cloud Infrastructure Identity and Access Management govern resources in a tenancy?
- A. Dynamic groups
- B. Users
- C. Groups
- D. Policies
Answer: D
Explanation:
POLICY
A document that specifies who can access which resources, and how. Access is granted at the group and compartment level, which means you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy itself. If you give a group access to the tenancy, the group automatically gets the same type of access to all the compartments inside the tenancy. For more information, see Example Scenario and How Policies Work. The word "policy" is used by people in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization usesto control access to resources.
https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/overview.htm
NEW QUESTION # 101
Bot Management in OCI provides which of the features? Select TWO correct answers.
- A. Bad Bot Denylist
- B. CAPTCHA Challenge
- C. Good Bot Allowlist
- D. IP Prefix Steering
Answer: B,C
Explanation:
NEW QUESTION # 102
you want to create a stateless rule forSSH in security list and the ingress role has already been properly configured what combination should you use on the engress role what commination should you use on the egress rule?
- A. select tcp for protocol: enter all for source port" and 22 for destination port.
- B. select udp for protocol: enter 22 for source port" and all for destination port
- C. select tcp for protocol: enter 22 for source port" and 22 for destination port
- D. select tcp for protocol: enter 22 for source port" and all for destinationport
Answer: A
Explanation:
Explanation
For SSH traffic, which uses TCP protocol and port 22, you would want to allow all source ports to connect to your destination port 22. This is because the source port for an SSH client can be any available port number.
NEW QUESTION # 103
What does the following identity policy do?
Allow group my-group to use fn-invocation in compartment ABC where target.function.id ='<function-OCID>'
- A. Enables users to invoke all the functions in a specific application
- B. Enables users in a group to create, update, and delete ALL applications and functions in a compartment
- C. Enables users to invoke all the functions in a compartment except for one specific function
- D. Enables users to invoke just one specific function
Answer: D
Explanation:
Explanation
The policy Allow group my-group to use fn-invocation in compartment ABC where target.function.id ='<function-OCID>' gives the group my-group permission to invoke a specific function (identified by its OCID) in the compartment ABC. The fn-invocation verb allows a group to invoke a function, and the condition where target.function.id = '<function-OCID>' ensures that only the specified function can be invoked by this group
NEW QUESTION # 104
Which of the following is necessary step when creating a secret in vault?
- A. Object Storage must be created to run secret service
- B. Digest Hash shouldbe created of the secret value
- C. Shamir's secret sharing algorithm should be used to unseal the vault
- D. Vault-managed key is necessary to encrypt the secret
Answer: D
Explanation:
https://docs.oracle.com/en/database/other-databases/essbase/21/essad/create-vault-and-secrets.html
NEW QUESTION # 105
Which VCNconfiguration is CORRECT with regard to VCN peering within a same region ?
- A. 12.0.0.0/16 and 12.0.0.0/16C 194.168.0.0/24 and 194.168.0.0/24
- B. 194.168.0.0/24 and 194.168.0.0/16
- C. 12.0.0.0/16 and 194.168.0.0/16
Answer: C
Explanation:
Explanation
When setting up VCN peering within the same region, the VCNs must have non-overlapping CIDRs12. In this case, the CIDR blocks 12.0.0.0/16 and 194.168.0.0/16 are different and do not overlap, making them suitable for VCN peering
NEW QUESTION # 106
What is the minimum active storage duration for logs used by Logging Analytics to be archived?
- A. 10 days
- B. 30 days
- C. 15 days
- D. 60 days
Answer: B
Explanation:
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/manage-storage.html#:~:text=The%20minimum%20Ac The minimum Active Storage Duration (Days) for logs before they can be archived is 30 days.
NEW QUESTION # 107
Challenge 1 - Task 5 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Answer:
Explanation:
See the solution below in Explanation
Explanation:
SOLUTION:
Select the Developer Tools icon at the right of the OCI console header and click Cloud Shell to launch your Cloud Shell.
While Cloud Shell is launching, take a moment to locate the public and private keys that you downloaded to your workstation in the previous section.
Example Public Key name: ssh-key-<date>.key.pub
Example Private Key name: ssh-key-<date>.key
Once the Cloud Shell window is open, upload the private key to the Cloud Shell:
Click the Settings icon in the top-right corner of the Cloud Shell window and click Upload.
Navigate to and select the private key. Either drag the private key to the Drop a file window or click Select from your computer, select the private key, and click Upload.
Change the private key permissions by issuing the following command:
chmod 400 <private key name>.key
Retrieve the Public IP address of the instance that you created in the previous section and paste it to connect to the instance using the opc user in the Cloud Shell.
ssh -i <private key name> opc<public IP address of instance>
After connecting to the compute instance, run the following commands to install/verify Python and OCI CLI packages on the Linux Instance.
sudo dnf -y install oraclelinux-developer-release-el8
sudo dnf install python36-oci-cli
After installing Python and the required dependencies, download the Python script to retrieve the secret.
wget https://objectstorage.us-ashburn-1.oraclecloud.com/n/ocuocictrng5/b/PBT_Storage/o/getsecret.py Open a Python file with a nano editor.
nano getsecret.py
In the Python script, replace the secret ID ocid with your secret ID.
Replace secret id value below with the ocid of your secret secret id = <secret id> For example: Secret id = "ocid1.vaultsecret.oci.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Note: if you have not already copied the secret ID, go to Vault and select the Secret link from the resources. Then, in List Scope, choose <your working compartment>, click your secret key, and copy the OCID.
To save the script hit:
Ctrl+o > Enter [To write/save]
Ctrl+x > Yes > Enter [To exit]
Make the getsecret .py script executable.
chmod +x getsecret.py
Run the following command to retrieve the secret:
python getsecret.py
The secret content created in the vault has been retrieved by the application running on the instance. Instance Principal and the Vault enable you to abstract the difficulty of developing your own security strategy for storing and encrypting passwords and other sensitive information.
NEW QUESTION # 108
Challenge 4 - Task 3 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Go to the VCN IAD-WAF-PBT-VCN-01.
Create a Security List with the name IAD-SP-PBT-LB-SL-01.
Create a Public subnet named LB-Subnet-IAD-SP-PBT-SNET-02 and attach the above-created security list.
Create a Load Balancer with the name IAD-SP-PBT-LB-01.
Create a Listener Name with the name IAD_SP_PBT_LB_LISN_01.
Add appropriate Ingress and Egress rules to IAD-SP-PBT-LB-SL-01, to allow http traffic to the Load Balancer subnet.
Answer:
Explanation:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select <your assigned compartment> from the drop-down menu.
Click IAD-WAF-PBT-VCN-01 from the list of VCNs.
In the left navigation pane, under Resources, click Security Lists.
Click Create Security List.
In the Create Security List dialogue box, enter the following: a) Name: IAD-SP-PBT-LB-SL-01 b) Do not add any ingress or egress rules. c) Click Create Security List.
In the left navigation pane, under Resources, click Subnets.
Click Create Subnet.
In the Create Subnet dialogue box, enter the following: a) Name: LB-Subnet-IAD-SP-PBT-SNET-02 b) Create in Compartment: <your working compartment name> c) Subnet Type: Regional d) IPv4 CIDR Block: 10.0.4.0/24 e) Security List: From the drop-down menu, select the Security List you had created earlier, IAD-SP-PBT-LB-SL-01.
Click Create Subnet.
You now see that the subnet has been created successfully.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
NEW QUESTION # 109
Which OCI service canindex, enrich, aggregate, explore, search, analyze, correlate, visualize and monitor data?
- A. Data Safe
- B. WAF
- C. Data Guard
- D. Logging Analytics
Answer: D
Explanation:
Explanation
NEW QUESTION # 110
......
1z0-1104-23 Dumps are Available for Instant Access: https://www.validexam.com/1z0-1104-23-latest-dumps.html
Practice with these 1z0-1104-23 dumps Certification Sample Questions: https://drive.google.com/open?id=1PphmNAwo_jkKBJf7YoGtW2r7hnn7bF07