Oracle Cloud Infrastructure 1z0-1104-21 Real Exam Questions and Answers FREE Updated on Jun 06, 2022
1z0-1104-21 Ultimate Study Guide - GuideTorrent
NEW QUESTION 30
You create a new compartment, "apps," to host some production apps and you create an apps_group and added users to it.
What would you do to ensure the users have access to the apps compartment?
- A. Add an IAM policy for the individual users to access the apps compartment.
- B. Add an lAM policy to attach tenancy to the apps group.
- C. No action is required.
- D. Add an IAM policy for apps_group granting access to the apps compartment.
Answer: D
NEW QUESTION 31
As a lead Security Architect, you have tasked to restrict access to and from the worker nodes in pods running in Oracle Container Engine for Kubernetes?
- A. Identity and Access Management
- B. Security Lists
- C. Cloud Guard
- D. Vulnerability Scanning
Answer: B
Explanation:
NEW QUESTION 32
you want to create a stateless rule for SSH in security list and the ingress role has already been properly configured what combination should you use on the engress role what commination should you use on the egress rule?
- A. select tcp for protocol: enter all for source port" and 22 for destination port.
- B. select tcp for protocol: enter 22 for source port" and 22 for destination port
- C. select udp for protocol: enter 22 for source port" and all for destination port
- D. select tcp for protocol: enter 22 for source port" and all for destination port
Answer: A
NEW QUESTION 33
Operations team has made a mistake in updating the secret contents and immediately need to resume using older secret contents in OCI Secret Management within a Vault.
As a Security Administrator, what step should you perform to rollback to last version? Select TWO correct answers.
- A. Mark the secret version as 'deprecated'
- B. Mark the secret version as 'Previous'
- C. Mark the secret version as 'Rewind'
- D. Upload new secret and mark as 'Pending'. Promote this secret version as 'Current'
Answer: B,D
Explanation:
NEW QUESTION 34
On which option do you set Oracle Cloud Infrastructure Budget?
- A. Compartments
- B. Instances
- C. Free-form tags
- D. Tenancy
Answer: A
Explanation:
How Budgets Work
Budgets are set on cost-tracking tags or on compartments (including the root compartment) to track all spending in that cost-tracking tag or for that compartment and its children.
https://docs.oracle.com/en-us/iaas/Content/Billing/Concepts/budgetsoverview.htm
NEW QUESTION 35
With regard to OCI Audit Log Service, which of the statement is INCORRECT?
- A. Retention period for audit events cannot be modified
- B. Audit Events gets collected when modification within objects stored in an Object Storage bucket
- C. REST API calls can be recorded by Audit service
- D. Events logged by the Audit service can be viewed by using the Console, API, or the SDK for Java
Answer: B
NEW QUESTION 36
Which type of firewalls are designed to protect against web application attacks, such as SQL injection and cross-site scripting?
- A. Packet filtering firewall
- B. Incident firewall
- C. Stateful inspection firewall
- D. Web Application Firewall
Answer: D
Explanation:
SQL injections. Cross-site scripting. Distributed denial of service (DDoS) attacks. Botnets. These are just some of the cyber-weapons increasingly being used by malicious actors to target web applications, cause data breaches, and expose sensitive business information.
Oracle WAF uses a multilayered approach to protect web applications from a host of cyberthreats including malicious bots, application layer (L7) DDoS attacks, cross-site scripting, SQL injection, and vulnerabilities defined by the Open Web Application Security Project (OWASP). When a threat is identified, Oracle WAF automatically blocks it and alerts security operations teams so they can investigate further.
https://www.oracle.com/a/ocom/docs/security/oci-web-application-firewall.pdf
NEW QUESTION 37
What would you use to make Oracle Cloud Infrastructure Identity and Access Management govern resources in a tenancy?
- A. Users
- B. Dynamic groups
- C. Groups
- D. Policies
Answer: D
NEW QUESTION 38
You subscribe to a PaaS service that follows the Shared Responsibility model.
Which type of security is your responsibility?
- A. Guest OS
- B. Network
- C. Infrastructure
- D. Data
Answer: D
Explanation:
https://www.oracle.com/a/ocom/docs/cloud/oracle-ctr-2020-shared-responsibility.pdf
NEW QUESTION 39
How can you restrict access to OCI console from unknown IP addresses?
- A. Create tenancy's authentication policy and create WAF rules
- B. Create PAR to restrict access the access
- C. Create tenancy's authentication policy and add a network source
- D. Make OCI resources private instead of public
Answer: C
Explanation:
NEW QUESTION 40
Which OCI service can index, enrich, aggregate, explore, search, analyze, correlate, visualize and monitor data?
- A. WAF
- B. Data Safe
- C. Data Guard
- D. Logging Analytics
Answer: D
Explanation:
NEW QUESTION 41
Where are logs stored?
- A. Cloud Agent
- B. OCI Block Storage
- C. OCI File Storage
- D. OCI Object Storage
Answer: D
Explanation:
You can collect log data continuously from Oracle Cloud Infrastructure (OCI) Object Storage. To enable the log collection, create ObjectCollectionRule resource using REST API or CLI. After the successful creation of this resource and having the required IAM policies, the log collection will be initiated.
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/collect-logs-your-oci-object-storage-bucket.html
NEW QUESTION 42
Which Cloud Guard component identifies issues with resources or user actions and alerts you when an issue is found?
- A. Problems
- B. Targets
- C. Detectors
- D. Responders
Answer: C
Explanation:
Detector
Performs checks to identify potential security problems based on activities or configurations. Rules followed to identify problems are the same for all compartments in a target.
https://docs.oracle.com/en-us/iaas/cloud-guard/using/part-start.htm
NEW QUESTION 43
Which statements are CORRECT about Security Zone policy in OCI ? Select TWO correct answers
- A. Block volume can be moved from a security zone to a standard compartment
- B. Bucket can't be moved from a security zone to a standard compartment
- C. Resources in a security zone must be encrypted using customer-managed keys
- D. Resources in a security zone must be accessible from internet
Answer: B,C
Explanation:
NEW QUESTION 44
A company needs to have some buckets as public in the compartment. You want Cloud Guard to ignore the problem associated with public bucket. Select TWO correct answers
- A. Make the bucket private so that Cloud Guard won't detect it
- B. Dismiss the issues associated with these resources
- C. First make the bucket private and after few days make the bucket public again
- D. Configure Conditional groups for the detector to fix base line
Answer: B,D
NEW QUESTION 45
What does the following identity policy do?
Allow group my-group to use fn-invocation in compartment ABC where target.function.id = '<function-OCID>'
- A. Enables users in a group to create, update, and delete ALL applications and functions in a compartment
- B. Enables users to invoke all the functions in a compartment except for one specific function
- C. Enables users to invoke just one specific function
- D. Enables users to invoke all the functions in a specific application
Answer: C
NEW QUESTION 46
As a security administrator, you want to create cloud resources that align with Oracle's security principles and best practices. Which security service should you use?
- A. Identity and Access Management
- B. Security Advisor
- C. Cloud Guard
- D. Web Application Firewall (WAF)
Answer: B
Explanation:
NEW QUESTION 47
What information do you get by using the Network Visualizer tool?
- A. Interconnectivity of VCNs
- B. Organization of subnets and VLANs across availability domains
- C. Routes defined between subnets and gateways
- D. State of subnets in a VCN
Answer: A
Explanation:
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/network_visualizer.htm You can view and understand the following from this diagram:
How VCNs are inter-connected
How on-premises networks are connected (using FastConnect or Site-to-Site VPN) Which routing entities (DRGs and so on) control traffic routing How your transit routing is configured
NEW QUESTION 48
Which challenge is generally the first level of bot mitigation, but not sufficient with more advanced bot tools?
- A. Human interaction challenge
- B. Device fingerprint challenge
- C. JavaScript challenge
- D. CAPTCHA challenge
Answer: C
NEW QUESTION 49
Which is NOT a part of Observability and Management Services?
- A. Logging
- B. OCI Management Service
- C. Event Services
- D. Logging Analytics
Answer: B
Explanation:
https://www.oracle.com/in/manageability/
NEW QUESTION 50
What is the matching rule syntax for a single condition?
- A. Option A
- B. Option D
- C. Option B
- D. Option C
Answer: D
Explanation:
NEW QUESTION 51
Which cache rules criterion matches if the concatenation of the requested URL path and query are identical to the contents of the value field?
- A. URL_STARTS_WITH
- B. URL_IS
- C. URL_PART_ENDS_WITH
- D. URL_PART_CONTAINS
Answer: B
Explanation:
URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
https://docs.oracle.com/en-us/iaas/tools/terraform-provider-oci/4.57.0/docs/d/waas_waas_policy.html
NEW QUESTION 52
......
Ultimate Guide to Prepare 1z0-1104-21 Certification Exam for Oracle Cloud Infrastructure: https://torrentpdf.guidetorrent.com/1z0-1104-21-dumps-questions.html