1z0-1104-23 Exam Preparation Material with New 1z0-1104-23 Dumps Questions [Q91-Q113]

1z0-1104-23 Exam Preparation Material with New 1z0-1104-23 Dumps Questions

1z0-1104-23 2024 Training With 172 QA's

NEW QUESTION # 91
A company has OCI tenancy which has mount target associated with two File Systems, CG_1 and CG_2.
These FileSystems are accessed by IP-based clients AB_1 and AB_2 respectively. As a security administrator, how can you provide access to both clients such that CGI has Read only access on AB1 and CG_2 has Read/Write access on AB_2?

• A. Vault
• B. NFS v3 Unix Security
• C. NFS Export Option
• D. Access Control Lists

Answer: B,C

Explanation:
Explanation
Graphical user interface, text, application, email Description automatically generated

NEW QUESTION # 92
When using Management Agent to collect logs continuously, which is therequired configuration for OCI Logging Analytics to retrieve data from numerous logs for an instance?

• A. Agent - Entity Association
• B. Entity - Source Association
• C. Entity - Agent Association
• D. Source-Entity Association

Answer: D

Explanation:
Explanation

NEW QUESTION # 93
As a security administrator, you found out that there are users outside your co network who are accessing OCI Object Storage Bucket. How can you prevent these users from accessing OCI resources in corporate network?

• A. Create PAR to restrict access the access
• B. Create an 1AM policy and create WAF rules
• C. Create an 1AM policy and add a network source
• D. Make OCI resources private instead of public

Answer: C

Explanation:

NEW QUESTION # 94
A http web server hosted on an Oracle cloud infrastructure compute instance in a public subnet of the vcsl virtual cloudnetwork has a stateless security ingress rule for port 80 access through internet gateway stateful network security group notification for port 80 how will the Oci vcn handle request response traffic to the compute instance for a web page from the http server with port 80?

• A. network security group would supersede the security utility list and allow both inbound and outbound traffic
• B. the union of both configuration would happen and allow both inbound and outbound traffic
• C. due to the conflict in security configuration inbound request traffic would not be allowed
• D. Because there is no Egress ruled defined in Security List, The Response would not pass through Internet Gateway.

Answer: B

Explanation:
In OCI, if there's a stateless rule in the security list and a stateful rule in the network security group, both rules are evaluated. The union of both configurations would happen, allowing both inbound and outbound traffic. This means that if an incoming packet is allowed by either the security lists or the network security groups, then it's allowed into the instance. Similarly, if an outgoing packet is allowed by either, then it's allowed out of the instance

NEW QUESTION # 95
What is the matching rule syntax for a single condition?

• A. Option D
• B. Option C
• C. Option A
• D. Option B

Answer: B

Explanation:
Explanation
Text Description automatically generated

NEW QUESTION # 96
An automobile company needs to configure Bastion Managed SSH session to a compute instance in a private subnet. What are the TWO prerequisites to configure successfully?

• A. Route rule to a NAT or Service Gateway should be associated with the subnet of the route table
• B. NAT or Service Gateway should be attached to the private subnet
• C. There is no need for any gateway in private subnet
• D. SSH port forwarding should be enabled

Answer: A,B

Explanation:
For a Bastion Managed SSH session to a compute instance in a private subnet, the instance must have access to the internet, which can be provided by a NAT Gateway or a Service Gateway34. Additionally, a route rule directing traffic to the NAT or Service Gateway should be associated with the subnet's route table34.

NEW QUESTION # 97
Which type of firewalls are designed to protect against web application attacks, such as SQL injection and cross-site scripting?

• A. Packet filtering firewall
• B. Stateful inspection firewall
• C. Incident firewall
• D. Web Application Firewall

Answer: D

Explanation:
SQL injections. Cross-site scripting. Distributed denial of service(DDoS) attacks. Botnets. These are just some of the cyber-weapons increasingly being used by malicious actors to target web applications, cause data breaches, and expose sensitive business information.
Oracle WAF uses a multilayered approach to protect web applications from a host of cyberthreats including malicious bots, application layer (L7) DDoS attacks, cross-site scripting, SQL injection, and vulnerabilities defined by the Open Web Application Security Project (OWASP). When a threat is identified, Oracle WAF automatically blocks it and alerts security operations teams so they can investigate further.
https://www.oracle.com/a/ocom/docs/security/oci-web-application-firewall.pdf

NEW QUESTION # 98
Which OCI services can encrypt all data-at-rest ? Select TWO correct answers

• A. Block Volumes
• B. Geolocation Steering
• C. NAT Gateway
• D. File Storage

Answer: A,D

Explanation:
Explanation
Graphical user interface, text, application, email Description automatically generated

NEW QUESTION # 99
Which type of file system does file storage use?

• A. NVMe
• B. iSCSI
• C. Paravirtualized
• D. NFSv3
• E. SSD

Answer: D

Explanation:
The File Storage service supports the Network File System version 3.0 (NFSv3) protocol. The service supports the Network Lock Manager (NLM) protocol for file locking functionality.
https://docs.oracle.com/en-us/iaas/Content/File/Concepts/filestorageoverview.htm

NEW QUESTION # 100
As a solutions architect, you need to assist operations team to write an I AM policy to give users in group-uat1 and group- uat2 access to manage all resources in the compartment Uat. Which is the CORRECT IAM policy
?

• A. Allow group group-uat1 group-uat2 tomanage all resources in compartment Uat
• B. Allow group /group-uat*/ to manage all resources in compartment Uat
• C. Allow any-user to manage all resources in compartment Uat where request.group=/group-uat/*
• D. Allow any-user to manage all resources in tenancy where target.compartment= Uat

Answer: B

Explanation:
Explanation
This policy allows users in groups whose names start with "group-uat" to manage all resources in the compartment named "Uat"12.

NEW QUESTION # 101
When creating an OCI Vault, which factors may lead to select the Virtual Private Vault? Select TWO correct answers

• A. Ability to back up the vault
• B. Need for more than 9211 key versions
• C. Greater degree of isolation
• D. To mask Pll data for non-production environment

Answer: A,C

Explanation:

NEW QUESTION # 102
What would you use to make Oracle Cloud Infrastructure Identity and Access Management govern resources in a tenancy?

• A. Users
• B. Policies
• C. Dynamic groups
• D. Groups

Answer: B

Explanation:
Explanation
POLICY
A document that specifies who can access which resources, and how. Access is granted at the group and compartment level, which means you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy itself. If you give a group access to the tenancy, the group automatically gets the same type of access to all the compartments inside the tenancy. For more information, see Example Scenario and How Policies Work. The word "policy" is used by people in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization usesto control access to resources.
https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/overview.htm

NEW QUESTION # 103
Bot Management in OCI provides which of the features? Select TWO correct answers.

• A. IP Prefix Steering
• B. Bad Bot Denylist
• C. CAPTCHA Challenge
• D. Good Bot Allowlist

Answer: C,D

Explanation:

NEW QUESTION # 104
Which OCI cloud service lets you centrally manage the encryption keys thatprotect your data and the secret credentials that you use to securely access resources?

• A. Data Guard
• B. Data Safe
• C. Cloud Guard
• D. Vault

Answer: D

Explanation:
Oracle Cloud Infrastructure Vault is a managed service that lets you centrally manage the encryption keysthat protect your data and the secret credentials that you use to securely access resources. Vaults securely store master encryption keys and secrets that you might otherwise store in configuration files or in code. Specifically, depending on the protection mode, keys are either stored on the server or they are stored on highly available and durable hardware security modules (HSM) that meet Federal Information Processing Standards (FIPS) 140-2 Security Level 3 security certification.
https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm

NEW QUESTION # 105
What must be configured for a load balancer to accept incoming traffic?

• A. Service Gateway
• B. SSL certificate
• C. Listener
• D. Route table entry pointing to the listener IP address

Answer: C

Explanation:
Explanation
A listener is an entity that checks for connection requests. The load balancerlistener listens for ingress client traffic using the port you specify within the listener and the load balancer's public IP.
https://docs.oracle.com/en-us/iaas/Content/GSG/Tasks/loadbalancing.htm
To create a listener:
On your Load Balancer Details page, click Listeners.
Click Create Listener.
Enter the following:
Name: Enter afriendly name. Avoid entering confidential information.
Protocol: Select HTTP.
Port: Enter 80 as the port on which to listen for incoming traffic.
Backend Set: Select the backend set you created.
Click Create.

NEW QUESTION # 106
Which two responsibilities must be taken care of by a customer while managing Web Application Firewall (WAF)? (Choose two.)

• A. Import new Open Web Application Security Project (OWASP) Core Rule Sets (CRS) as they are released
• B. Onboard and configure the WAF policy for the web application
• C. Provide High Availability (HA) for the WAF edge nodes.
• D. Patch their WAF instance when Oracle makes faxes available.
• E. Tune WAF's access rules and bot management strategies according to the web application traffic

Answer: B,E

NEW QUESTION # 107
You notice problems in Cloud Guard, and the Risk score in your dashboard shows a very high number at 9300. What should you do next? (Choose the best Answer.)

• A. Do nothing. Keep monitoring your Risk score: eventually it will go down.
• B. Dismiss all of the Risk levels: LOW and MINOR problems.
• C. Identify your Risk level: CRITICAL and HIGH problems from the Problem page and see if you can resolve them
• D. Dismiss all of the Risk levels: HIGH problems

Answer: C

NEW QUESTION # 108
As a security administrator, you found out that there are users outside your co network who are accessing OCI Object Storage Bucket. How can you prevent these users from accessing OCI resources in corporate network?

• A. Create PAR to restrict access the access
• B. Create an 1AM policy and create WAF rules
• C. Create an 1AM policy and add a network source
• D. Make OCI resources private instead of public

Answer: C

Explanation:
Explanation
Graphical user interface, text, application Description automatically generated

NEW QUESTION # 109
You have created several Oracle Cloud Infrastructure Groups with the prefix of 'Test' in your tenancy. For example TestECommerce, TestCatalog, and TestAdministration. You want to create another group called TestGroupsAdmin to manage all the groups that start with "Test" except for the group TestAdministration.? (Choose the best Answer.)

• A. allow group TestGroupsAdmin to manage groups in tenancy where tar-get.group.name%D/Test*/ && !(target.group.name = `--1 'TestAdministration')
• B. allow group TestGroupsAdmin to manage groups in tenancy where target.group.name = /Test*/ and = 'TestAdministration')
• C. allow group TestGroupsAdmin to manage groups in tenancy where any {tar-get.group.name = / Test* /,target.group.name 1= Li 'TestAdministration}
• D. allow group TestGroupsAdmin to manage groups in tenancy where all {tar-get.group.name = / Test*/.target.group.name != 'TestAdministration'}

Answer: D

NEW QUESTION # 110
As a security architect, how can you preventunwanted bots while desirable bots are allowed to enter?

• A. Data Guard
• B. Compartments
• C. Vault
• D. Web Application Firewall (WAF)

Answer: D

Explanation:
Explanation
The Web Application Firewall (WAF) in OCI provides you with the ability to create and manage rules for internet threats5. Unwanted bots can be mitigated while tactically allowing desirable bots to enter5. Access rules can be limited based on geography or the signature of the request5.

NEW QUESTION # 111
You want to enable Cloud Guard in your tenancy. Which is NOT a prerequisite? Create LAM policies that allow Cloud Guard to read Oracle Cloud Infrastructure (OCI) resources.? (Choose the best Answer.)

• A. Add the required IAM policy for the user to access Cloud Guard
• B. Create IAM policy that allow cloud guard to read Oracle cloud infrastructure re-sources.
• C. Install the monitoring agent on the instances you want to monitor.
• D. Ensure that you have a paid tenancy

Answer: C

NEW QUESTION # 112
Challenge 1 - Task 5 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Answer:

Explanation:
See the solution below in Explanation
Explanation:
SOLUTION:
Select the Developer Tools icon at the right of the OCI console header and click Cloud Shell to launch your Cloud Shell.
While Cloud Shell is launching, take a moment to locate the public and private keys that you downloaded to your workstation in the previous section.
Example Public Key name: ssh-key-<date>.key.pub
Example Private Key name: ssh-key-<date>.key
Once the Cloud Shell window is open, upload the private key to the Cloud Shell:
Click the Settings icon in the top-right corner of the Cloud Shell window and click Upload.
Navigate to and select the private key. Either drag the private key to the Drop a file window or click Select from your computer, select the private key, and click Upload.
Change the private key permissions by issuing the following command:
chmod 400 <private key name>.key
Retrieve the Public IP address of the instance that you created in the previous section and paste it to connect to the instance using the opc user in the Cloud Shell.
ssh -i <private key name> opc<public IP address of instance>
After connecting to the compute instance, run the following commands to install/verify Python and OCI CLI packages on the Linux Instance.
sudo dnf -y install oraclelinux-developer-release-el8
sudo dnf install python36-oci-cli
After installing Python and the required dependencies, download the Python script to retrieve the secret.
wget https://objectstorage.us-ashburn-1.oraclecloud.com/n/ocuocictrng5/b/PBT_Storage/o/getsecret.py Open a Python file with a nano editor.
nano getsecret.py
In the Python script, replace the secret ID ocid with your secret ID.
Replace secret id value below with the ocid of your secret secret id = <secret id> For example: Secret id = "ocid1.vaultsecret.oci.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Note: if you have not already copied the secret ID, go to Vault and select the Secret link from the resources. Then, in List Scope, choose <your working compartment>, click your secret key, and copy the OCID.
To save the script hit:
Ctrl+o > Enter [To write/save]
Ctrl+x > Yes > Enter [To exit]
Make the getsecret .py script executable.
chmod +x getsecret.py
Run the following command to retrieve the secret:
python getsecret.py
The secret content created in the vault has been retrieved by the application running on the instance. Instance Principal and the Vault enable you to abstract the difficulty of developing your own security strategy for storing and encrypting passwords and other sensitive information.

NEW QUESTION # 113
......

Quickly and Easily Pass Oracle Exam with 1z0-1104-23 real Dumps: https://testking.vcetorrent.com/1z0-1104-23-valid-vce-torrent.html