[Q55-Q78] Use Real 1z0-1104-23 - 100% Cover Real Exam Questions [May-2024]

Use Real 1z0-1104-23 - 100% Cover Real Exam Questions [May-2024] 

Dumps Brief Outline Of The 1z0-1104-23 Exam - PDFDumps

Oracle 1z0-1104-23 Exam Syllabus Topics:

Topic	Details
Topic 1	Configure, deploy and maintain OCI Certificates Implement Network, Platform, and Infrastructure Security
Topic 2	Understand MFA, Identity Federation, and SSO Describe OCI Shared Security Responsibility Model
Topic 3	Create and configure Web Application Firewall Implement security monitoring and alerting
Topic 4	Utilize OS Management to manage and monitor updates Understand and implement Security Zones and Security Advisor
Topic 5	Describe key capabilities provided by Data Safe Describe the use case for auditing and review OCI Audit Logs
Topic 6	Implement conditional and advanced policies Configure Dynamic Groups, Network Sources, and Tag-Based Access Control
Topic 7	Discuss core security services offered by OCI Configure security for Oracle Autonomous Database and DB Systems

 

NEW QUESTION # 55
Which securityissues can be identified by Oracle Vulnerability Scanning Service? Select TWO correct answers

• A. Ports that are unintentionally left open can be a potential attack vector for cloud resources
• B. Distributed Denial of Service (DDoS)
• C. SQL Injection
• D. CISpublished Industry-standard benchmarks

Answer: A,D

Explanation:

NEW QUESTION # 56
What information do youget by using the Network Visualizer tool?

• A. State of subnets in a VCN
• B. Routes defined between subnets and gateways
• C. Interconnectivity of VCNs
• D. Organization of subnets and VLANs across availability domains

Answer: C

Explanation:
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/network_visualizer.htm You can view and understand the following from this diagram:
How VCNs are inter-connected
How on-premises networks are connected (using FastConnect or Site-to-Site VPN) Which routing entities (DRGs and so on) control trafficrouting How your transit routing is configured

NEW QUESTION # 57
Which type of file system does file storage use?

• A. Paravirtualized
• B. NVMe
• C. NFSv3
• D. iSCSI
• E. SSD

Answer: C

Explanation:
The File Storage service supports the Network File System version 3.0 (NFSv3) protocol. The service supports the Network Lock Manager (NLM) protocol for file locking functionality.
https://docs.oracle.com/en-us/iaas/Content/File/Concepts/filestorageoverview.htm

NEW QUESTION # 58
Which statements are CORRECT about Multi-Factor Authentication in OCI ? Select TWO correct answers

• A. A user can registermultiple devices to use for MFA.
• B. Users cannot enable MFA for themselves
• C. Members of the Administrators group can disable MFA for other users
• D. Members of the Administrators group cannot enable MFA for another user

Answer: C,D

Explanation:
Explanation
Graphical user interface, text, application, email Description automatically generated

Graphical user interface, text, application Description automatically generated

NEW QUESTION # 59
What is the minimum active storage duration for logs used by Logging Analytics to be archived?

• A. 10 days
• B. 60 days
• C. 15 days
• D. 30 days

Answer: D

Explanation:
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/manage-storage.html#:~:text=The%20minimum%20Ac The minimum Active Storage Duration (Days) for logs before they can be archived is 30 days.

NEW QUESTION # 60
which two responsibilities will be oracle when you move your it infrastructure to oracle cloud infrastructure?

• A. MAINTAINING CUSTOMER DATA
• B. Strong Isolation
• C. ACCOUNT ACCESS MANAGEMENT
• D. PROVIDING STRONG SECURITY LIST
• E. Strong IAM Framework

Answer: B,E

Explanation:
Oracle is responsible for providing a strong Identity and Access Management (IAM) framework in OCI. The IAM service lets you control who has access to your cloud resources, what type of access they have, and to which specific resources. You can find more details about this in the Oracle Cloud Infrastructure documentation.
Oracle also ensures strong isolation in its cloud infrastructure, which means that your resources are isolated from other tenants and from Oracle staff. This isolation extends from physical separation of hardware all the way up to access controls on APIs. You can find more details about this in the Oracle Cloud Infrastructure documentation.

NEW QUESTION # 61
Which volume type contains the image used to boot a compute instance?

• A. Boot volume
• B. Block volume
• C. Startup volume
• D. Init 6 volume

Answer: A

Explanation:
Boot Volumes
When you launch a virtual machine (VM) or bare metal instance based on a platform image or custom image, a new boot volume for the instance is created in the same compartment. That boot volume is associated with that instanceuntil you terminate the instance. When you terminate the instance, you can preserve the boot volume and its data
https://docs.oracle.com/en-us/iaas/Content/Block/Concepts/bootvolumes.htm

NEW QUESTION # 62
As a solutions architect, you need to assist operations team to write an I AM policy to give users in group-uat1 and group- uat2 access to manage all resources in the compartment Uat. Which is the CORRECT IAM policy ?

• A. Allow group group-uat1 group-uat2 tomanage all resources in compartment Uat
• B. Allow any-user to manage all resources in tenancy where target.compartment= Uat
• C. Allow group /group-uat*/ to manage all resources in compartment Uat
• D. Allow any-user to manage all resources in compartment Uat where request.group=/group-uat/*

Answer: C

Explanation:
This policy allows users in groups whose names start with "group-uat" to manage all resources in the compartment named "Uat"12.

NEW QUESTION # 63
Challenge 4 - Task 1 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Create a VCN using wizard with the name IAD-WAF-PBT-VCN-01

Answer:

Explanation:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.
Click Start VCN Wizard.
Select Create VCN with Internet Connectivity and click Start VCN Wizard.
On the Configuration page, enter the following:
a) Name: IAD-WAF-PBT-VCN-01
b) Note: Leave all the other options in their default setting.
c) Click Next.
d) Verify the details on the Review and Create page.
Click Create to start creating the VCN and its resources.
Click View Virtual Cloud Network to verify the creation of the VCN and its resources.
You can now see that the VCN has been successfully created and is in the Available state, with the following components:
VCN
Public subnet
Private subnet
Internet gateway
NAT gateway
Service gateway
This format keeps the instructions intact while preserving the original content.

NEW QUESTION # 64
You configured the events service for your Cloud Guard problems to send email notifications, but you do not see any, which three things should you check to resolve this? (Choose three.)

• A. Ensure that you have the Cloud Guard retention policy configured,
• B. Ensure that Cloud Guard is enabled in every single region individually
• C. Ensure that your Cloud Guard targets have the Cloud Event responder recipe attached with the notification rule enabled.
• D. Ensure that the Event rule is created in the same compartment (or parent of it) where your problem resource exists.
• E. Ensure that the event is configured in the Cloud Guard reporting region.

Answer: B,C,D

NEW QUESTION # 65
You notice problems in Cloud Guard, and the Risk score in your dashboard shows a very high number at 9300. What should you do next? (Choose the best Answer.)

• A. Dismiss all of the Risk levels: HIGH problems
• B. Do nothing. Keep monitoring your Risk score: eventually it will go down.
• C. Dismiss all of the Risk levels: LOW and MINOR problems.
• D. Identify your Risk level: CRITICAL and HIGH problems from the Problem page and see if you can resolve them

Answer: D

NEW QUESTION # 66
What are the security recommendations and best practices for Oracle Functions?

• A. Ensure that functions in a VCN have restricted access to resources and services.
• B. Define a policy statement that enables access to functions for requests coming from multiple IP addresses.
• C. Add applications to network security groups for fine-grained ingress/egress rules.
• D. Grant privileges to UID and GID 1000, such that the functions running within a container acquire the default rootcapabilities.

Answer: C

Explanation:
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm

NEW QUESTION # 67
Which OCI cloud service lets you centrally manage the encryption keys thatprotect your data and the secret credentials that you use to securely access resources?

• A. Vault
• B. Data Guard
• C. Data Safe
• D. Cloud Guard

Answer: A

Explanation:
Oracle Cloud Infrastructure Vault is a managed service that lets you centrally manage the encryption keysthat protect your data and the secret credentials that you use to securely access resources. Vaults securely store master encryption keys and secrets that you might otherwise store in configuration files or in code. Specifically, depending on the protection mode, keys are either stored on the server or they are stored on highly available and durable hardware security modules (HSM) that meet Federal Information Processing Standards (FIPS) 140-2 Security Level 3 security certification.
https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm

NEW QUESTION # 68
How can you establish private connectivity over two VCN within same OCI region without traversing the traffic over public internet ?

• A. Local VCN Peering
• B. Remote VCN Peering
• C. Data Guard
• D. NAT Gateway

Answer: A

Explanation:

NEW QUESTION # 69
Which Virtual Cloud Network (VCN) configuration within a region will allow successful local peering using a local peering gateway? (Choose the best Answer.)

• A. VCN1 with 192.168.0.0/16 and VCN2 with 192.168.0.0/24
• B. VICN1 with 10.0.0.0/16 and VCN2 with 10.0.0.0/24
• C. VCN with 10.0.0.0/16 and VCN2 with 192.168.0.0/16
• D. VCN1 with 10.0.0.0/16 and VCN2 with 192 168 0 0/14
• E. VCN1 with 192.168.0.0/24 and VCN2 with 192.168.0.0/24

Answer: C

NEW QUESTION # 70
Which two Cloud Guard tasks can be configured using API or Console? (Choose two.)

• A. Create targets against your compartments to monitor resources within those.
• B. Clone config detector recipes to customize your security policies
• C. Run behavior analytics on your users.
• D. Create your own rules within the existing recipes

Answer: A,D

NEW QUESTION # 71
When doesCloud Guard re-open an issue and update the history?

• A. If it detects an issue for a previously resolved configuration problem
• B. If it detects an issue for a previously dismissed configuration problem
• C. If it detects an issue again for an Open (unresolved) problem
• D. If it detects an issue for a previously resolved/dismissed activity problem

Answer: A

Explanation:
Explanation
If Cloud Guard detects an issue again for:
An Open (unresolved) problem, it updates the problem history, but doesn't create a new problem.
A previouslysolved problem, it reopens the issue and updates the history.
A previously dismissed problem, it updates the history.
https://docs.oracle.com/en-us/iaas/cloud-guard/using/problems-page.htm

NEW QUESTION # 72
Challenge 3 - Task 3 of 4
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Configure a Virtual Cloud Network (VCN) and a Private Subnet.
* Provision a Compute Instance in the private subnet and enable Bastion Plugin.
* Create a Bastion and Bastion session.
* Connect to a compute instance using Managed SSH session.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
1. Create a Bastion with the name SPPBTBASTION99233424-lab.user01
[Eliminate Specical Characters] Eg:SPPBTBASTION992831403labuser13
2. Create a Session with the name PBT-1-Session-01, for compute instance in private subnet, with default username as "opc"

Answer:

Explanation:
See the solution below in Explanation
Explanation:
Solutions:
Create Bastion:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click Create Bastion and enter the following details:
a. Bastion name: SPPBTBASTION992831403labuser13
b. Configure Networking:
i. Target virtual cloud network: Select PBT-BAS-VCN-01
ii. Target Subnet: Select PBT-BAS-SNET-01 (Private Subnet) Note: Click Change compartment and select the working compartment to locate VCN and Private subnet gateway.
c. CIDR block allowlist: 0.0.0.0/0 (from anywhere) You can add one or more address ranges in the CIDR notation that you want to allow to connect to sessions hosted by this bastion.
d. Click Create Bastion.
After a few minutes, you can see that the Bastion has been successfully created, and the state is Active.
Create a Bastion Session:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click the SPPBTBASTION992831403labuser13 bastion.
Click Create a Session and enter the following details:
a. Bastion name: PBT-1-Session-01
b. Session type: Select Managed SSH session.
c. Session name: PBT-1-Session-01 d. Username: Enter opc e. Compute instance in: Select PBT-BAS-VM-01.
Note: Click Change compartment and select the working compartment to locate VCN for the compute instance.
f. Add SSH key
g. Click Generate SSH key pair. h. Click Save private key. This will save the private key to your local workstation.
i. Click Save public key. This will save the public key to your local workstation.
j. Click Create session.
After a few minutes, you can see that the Bastion session has been successfully created, and the state is Active.

NEW QUESTION # 73
You are the first responder of a security incident for ABC Org. You have identified sever-al IP addresses and URLs in the logs that you suspect may be related to the incident. However, you need more information to confidently determine whether they are indeed malicious or not. Which OCI service can you use to obtain a more refined information and confidence score for these identified indicators? (Choose the best Answer.)

• A. OCI Security Zones
• B. OCI Web Application Firewall
• C. OCI Threat Intelligence
• D. OCI Incidence Responder

Answer: C

NEW QUESTION # 74
You need to create matching rules for a conditional policy. Which TWO matching rules syntax can be used? (Choose two.)

• A. namespace =| !='value'
• B. variable =|!="value"
• C. Key =| !='value'
• D. any/all {<condition>, <condition>,...}

Answer: B,D

NEW QUESTION # 75
What does an audit log event include?

• A. Header
• B. Type of input
• C. Audit type
• D. Footer

Answer: A

Explanation:
Explanation
The HTTP header fields and values in the request.
https://docs.oracle.com/en-us/iaas/Content/Audit/Reference/logeventreference.htm

NEW QUESTION # 76
How can you increase the expiration of a pre-authenticated request (PAR) associated with a bucket? (Choose the best Answer.)

• A. You cannot edit a pre-authenticated request. Delete the pre-authenticated request and recreate with the desired expiration
• B. Edit the pre-authenticated request and define the desired expiration
• C. Edit the bucket metadata and change the expiration date.
• D. Find the Identity and Access Management (IAM) policy associated with the PAR. De-fine the desired expiration in the policy

Answer: A

NEW QUESTION # 77
Which statement is true about standards?

• A. They are the foundation of corporate governance.
• B. They may be audited.
• C. They are methods and instructions on how to maintain or accomplish the directives of the policy.
• D. They are result of a regulation or contractual requirement or an industry requirement.

Answer: A

Explanation:
Standards are the foundation of corporate governance as they provide a framework for how a corporation is managed and controlled

NEW QUESTION # 78
......

Certification Training for 1z0-1104-23 Exam Dumps Test Engine: https://actualtorrent.pdfdumps.com/1z0-1104-23-valid-exam.html