• Home
  • Articles
  • Pass Your Oracle 1z0-1104-23 Exam with Correct 172 Questions and Answers [Q85-Q108]

Pass Your Oracle 1z0-1104-23 Exam with Correct 172 Questions and Answers [Q85-Q108]

Share

Pass Your Oracle 1z0-1104-23 Exam with Correct 172 Questions and Answers

Latest [Jun 12, 2024] 2024 Realistic Verified 1z0-1104-23 Dumps

NEW QUESTION # 85
Which type of FastConnect supports configuring Oracle Cloud Infrastructure (OCI) Site-to-Site VPN for encryption? (Choose the best Answer.)

  • A. FastConnect Partner
  • B. FastConnect Privat Peering
  • C. FastConnect Public Peering
  • D. FastConnect Cross-Connect group

Answer: C


NEW QUESTION # 86
Which is true regarding importing a symmetric key into Vault (Bring your own key)? (Choose the best Answer.)

  • A. The key must be wrapped using a RSA asymmetric key provided by the Vault.
  • B. The user performing the import must have the 'import' permission via an IAM Policy.
  • C. The key must be 1024 bits.
  • D. The user must use the Command Line Interface (CLI) for importing the key into the Vault.

Answer: B


NEW QUESTION # 87
you want to create a stateless rule forSSH in security list and the ingress role has already been properly configured what combination should you use on the engress role what commination should you use on the egress rule?

  • A. select tcp for protocol: enter all for source port" and 22 for destination port.
  • B. select tcp for protocol: enter 22 for source port" and 22 for destination port
  • C. select tcp for protocol: enter 22 for source port" and all for destinationport
  • D. select udp for protocol: enter 22 for source port" and all for destination port

Answer: A

Explanation:
Explanation
For SSH traffic, which uses TCP protocol and port 22, you would want to allow all source ports to connect to your destination port 22. This is because the source port for an SSH client can be any available port number.


NEW QUESTION # 88
As a lead Security Architect, you have tasked to restrict access to and from the worker nodes in pods running in Oracle Container Engine for Kubernetes?

  • A. Identity and Access Management
  • B. Cloud Guard
  • C. Security Lists
  • D. Vulnerability Scanning

Answer: C

Explanation:
Explanation
Graphical user interface, text, application, email Description automatically generated


NEW QUESTION # 89
Which challenge is generally the first level of bot mitigation, but not sufficient with more advanced bot tools?

  • A. CAPTCHA challenge
  • B. Device fingerprint challenge
  • C. Human interaction challenge
  • D. JavaScript challenge

Answer: A

Explanation:
Explanation
CAPTCHA challenge is generally the first level of bot mitigation, but it is not sufficient with more advanced bot tools


NEW QUESTION # 90
Which are the three rules of engagement that apply to cloud penetration and vulnerability testing in Oracle Cloud Infrastructure (OCI)? (Choose three.)

  • A. You can attempt to access another customer's environment or data.
  • B. You are allowed to use loos or services that perform denial-of-service (DoS) attacks against your cloud assets.
  • C. You cannot conduct a test that exceeds the bandwidth quota of your subscription
  • D. You are responsible for any damages to Oracle Clout that are caused by your testing activities.
  • E. You can perform port scanning in a non-aggressive mode.

Answer: C,D,E


NEW QUESTION # 91
What is the use case for Oracle Cloud Infrastructure (OCI) Logging Analytics service? (Choose the best Answer.)

  • A. Create instances automatically to collect logs, analyze, and send reports
  • B. Label data packets that pass through the Internet gateway
  • C. Automate and manage any logs based on a subscription model
  • D. Correlate, visualize, and monitor all log data.

Answer: D


NEW QUESTION # 92
Where are logs stored?

  • A. OCI Object Storage
  • B. OCI File Storage
  • C. OCI Block Storage
  • D. Cloud Agent

Answer: A

Explanation:
Explanation
You can collect log data continuously from Oracle CloudInfrastructure (OCI) Object Storage. To enable the log collection, create ObjectCollectionRule resource using REST API or CLI. After the successful creation of this resource and having the required IAM policies, the log collection will be initiated.
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/collect-logs-your-oci-object-storage-bucket.html


NEW QUESTION # 93
Which two services can leverage Vault symmetric encryption keys for data-at-rest? (Choose two.) OR Which OCI services can encrypt all data-at-rest? (Choose two.)

  • A. Block Volume
  • B. WAF
  • C. CDN
  • D. Load Balancer
  • E. API Gateway
  • F. Object Storage

Answer: A,F


NEW QUESTION # 94
Challenge 4 - Task 2 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Create a Compute Instance with the name IAD-SP-PBT-VM-01, using the Oracle Linux 8 image and VM.Standard2.1 shape.
SSH to the compute instance using Cloud Shell.
Install and configure Apache web server:
a. Install Apache server:
sudo yum -y install httpd
b. Enable Apache and start Apache server:
bash
sudo systemctl enable httpd
sudo systemctl restart httpd
c. Create a firewall rule to enable HTTP connection through port 80 and reload the firewall:
css
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --reload
d. Create an index file for your web server:
vbnet
sudo bash -c 'echo You are visiting Web Server 1 >>
/var/www/html/index.html'

Answer:

Explanation:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Compute and then click Instances.
In the left navigation pane, under List Scope, select <your assigned compartment> from the drop-down menu.
Click Create Instance. In the Create Instance dialogue box, provide the following details:
a) Name: IAD-SP-PBT-VM-01
b) Placement: ADI
c) Note: If the Service Limit error is displayed, choose a different availability domain.
d) Image: Oracle Linux 8
e) Shape: Click Change shape; then select Ampere shape series and select VM.Standard2.1.
f) Networking: IAD-WAF-PBT-VCN-01 and Public Subnet
g) Public Address: Assign a Public IPv4 address.
h) Generate (or upload) SSH Keys:
i) Click Generate a key pair for me.
j) Click Save private key. This will save the private key to your local workstation.
k) Click Save public key. This will save the public key to your local workstation.
l) Click Create.
Note: After a few minutes, you can see that the instance has been successfully created and the state is Running.
Under instance access, copy the Public IP address value to a Notepad file. We refer to it as the VM-O1-Public IP address.
Click the Developer Tools icon at the right of the OCI console header and click Cloud Shell to launch your Cloud Shell and use SSH to log in to your instance, IAD-SP-PBT-VM-01, by using the following command:
php
ssh -i <private key file> <username>&<public-ip-address of VM-01>
Reminders: a) Upload the private key to the Cloud Shell you downloaded to your workstation earlier. Change the permission of the private key file by executing chmod 400 <private key file>. Reference to upload file to cloud shell b) <private key file> is the full path and name of the file that contains the private key associated with the instance you want to access. c) <username> is the default user opc. d) <public-ip-address> is the Public IP address of the instance. In our case, we refer to it as VM-01-Public IP. Note: Enter yes in response to "Are you sure you want to continue connecting (yes/no)?" e) You are now connected to the instance IAD-SP-PBT-VM-01.
While connected to your compute instance via SSH, run the following commands to install and configure the Apache web server: a) Install Apache Server:
sudo yum -y install httpd.
b) Enable Apache and start Apache server:
bash
sudo systemctl enable httpd.sudo systemctl restart httpd
c) Create a firewall rule to enable HTTP connection through port 80 and reload the firewall:
css
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --reload
d) Create an index file for your web server:
css
sudo bash -c 'echo You are visiting Web Server 1 >> /var/www/html/index.html' e) Exit the SSH connection:
bash
exit
After executing all the commands successfully, open a browser in your local system and enter the URL http://<Public IP of IAD-SP-PBT-VM-01>.
Note: Your browser will not return anything because port 80 is not opened yet for the instance subnet.


NEW QUESTION # 95
What is the minimum active storage duration for logs used by Logging Analytics to be archived?

  • A. 10 days
  • B. 15 days
  • C. 30 days
  • D. 60 days

Answer: C

Explanation:
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/manage-storage.html#:~:text=The%20minimum%20Ac The minimum Active Storage Duration (Days) for logs before they can be archived is 30 days.


NEW QUESTION # 96
Which type of file system does file storage use?

  • A. NFSv3
  • B. SSD
  • C. Paravirtualized
  • D. iSCSI
  • E. NVMe

Answer: A

Explanation:
Explanation
The File Storage service supports the Network File System version 3.0 (NFSv3) protocol. The service supports the Network Lock Manager (NLM) protocol for file locking functionality.
https://docs.oracle.com/en-us/iaas/Content/File/Concepts/filestorageoverview.htm


NEW QUESTION # 97
Which Oracle Cloud Service provides restricted accessto target resources?

  • A. Bastion
  • B. Internet Gateway
  • C. SSL certificate
  • D. Load balancer

Answer: A

Explanation:
Bastion
Oracle Cloud Infrastructure Bastion provides restricted and time-limited access to target resources that don't have public endpoints.

https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_features.htm


NEW QUESTION # 98
You are using a custom application with third-party APIs to manage application and data hosted in an Oracle Cloud Infrastructure(OCI) tenancy. Although your third-party APIs don't support OCI's signature-based authentication, you want them to communicate with OCI resources. Which authentication option must you use to ensure this?

  • A. Auth Token
  • B. API Signing Key
  • C. SSH Key Pair with 2048-bit algorithm
  • D. OCI username and Password

Answer: A

Explanation:
Explanation
An auth token in OCI is an Oracle-generated token that you can use to authenticate with third-party APIs78. This can be useful when the third-party APIs do not support OCI's signature-based authentication


NEW QUESTION # 99
Which Oracle Data Safe feature minimizes the amount of personal data and allows internal test, development, and analytics teams to operate with reduced risk?

  • A. data auditing
  • B. data encryption
  • C. data masking
  • D. security assessment
  • E. data discovery

Answer: C

Explanation:
Data masking in Oracle Data Safe minimizes the amount of personal data and allows internal test, development, and analytics teams to operate with reduced risk91011. It replaces sensitive or confidential information in non-production databases with realistic and fully functional data with similar characteristics as the original data


NEW QUESTION # 100
Where are logs stored?

  • A. OCI Object Storage
  • B. OCI File Storage
  • C. OCI Block Storage
  • D. Cloud Agent

Answer: A

Explanation:
You can collect log data continuously from Oracle CloudInfrastructure (OCI) Object Storage. To enable the log collection, create ObjectCollectionRule resource using REST API or CLI. After the successful creation of this resource and having the required IAM policies, the log collection will be initiated.
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/collect-logs-your-oci-object-storage-bucket.html


NEW QUESTION # 101
Which parameters customers need to configure while reading secrets by name using CL1 or API? Select TWO correct answers.

  • A. ASCII Value
  • B. Vault Id
  • C. Secret Name
  • D. Certificates

Answer: B,C

Explanation:


NEW QUESTION # 102
Which of the following is necessary step when creating a secret in vault?

  • A. Vault-managed key is necessary to encrypt the secret
  • B. Digest Hash shouldbe created of the secret value
  • C. Object Storage must be created to run secret service
  • D. Shamir's secret sharing algorithm should be used to unseal the vault

Answer: A

Explanation:
Explanation
https://docs.oracle.com/en/database/other-databases/essbase/21/essad/create-vault-and-secrets.html


NEW QUESTION # 103
Which statement is not true about Cloud Security Posture?

  • A. Problems contain data about the specific type of issue that was found.
  • B. Problems can be resolved, dismissed, or remediated.
  • C. Problems are defined by the type of detector that creates them: activity or configuration.
  • D. Problems are created when Cloud Guard discovers a deviation from a responder rule.

Answer: D

Explanation:
Explanation
https://www.oracle.com/security/cloud-security/what-is-cspm/


NEW QUESTION # 104
A http web server hosted on an Oracle cloud infrastructure compute instance in a public subnet of the vcsl virtual cloudnetwork has a stateless security ingress rule for port 80 access through internet gateway stateful network security group notification for port 80 how will the Oci vcn handle request response traffic to the compute instance for a web page from the http server with port 80?

  • A. due to the conflict in security configuration inbound request traffic would not be allowed
  • B. the union of both configuration would happen and allow both inbound and outbound traffic
  • C. Because there is no Egress ruled defined in Security List, The Response would not pass through Internet Gateway.
  • D. network security group would supersede the security utility list and allow both inbound and outbound traffic

Answer: B

Explanation:
Explanation
In OCI, if there's a stateless rule in the security list and a stateful rule in the network security group, both rules are evaluated. The union of both configurations would happen, allowing both inbound and outbound traffic. This means that if an incoming packet is allowed by either the security lists or the network security groups, then it's allowed into the instance. Similarly, if an outgoing packet is allowed by either, then it's allowed out of the instance


NEW QUESTION # 105
What would you use to make Oracle Cloud Infrastructure Identity and Access Management govern resources in a tenancy?

  • A. Policies
  • B. Users
  • C. Dynamic groups
  • D. Groups

Answer: A

Explanation:
POLICY
A document that specifies who can access which resources, and how. Access is granted at the group and compartment level, which means you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy itself. If you give a group access to the tenancy, the group automatically gets the same type of access to all the compartments inside the tenancy. For more information, see Example Scenario and How Policies Work. The word "policy" is used by people in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization usesto control access to resources.
https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/overview.htm


NEW QUESTION # 106
Which is NOT a compliance document?

  • A. Bridge letter
  • B. Penetration test report
  • C. Attestation
  • D. Certificate

Answer: B

Explanation:
Explanation
Types of Compliance Documents
When viewing compliance documents, you can filter onthe following types:
Attestation. A Payment Card Industry (PCI) Data Security Standard (DSS) Attestation of Compliance document.
Audit. A general audit report.
Bridge Letter (BridgeLetter). A bridge letter. Bridge letters provide compliance information forthe period of time between the end date of an SOC report and the date of the release of a new SOC report.
Certificate. A document indicating certification by a particular authority, with regard to certification requirements and examination results conforming to said requirements.
SOC3. A Service Organization Controls 3 audit report that provides information relating to a service organization's internal controls for security, availability, confidentiality, and privacy.
Other. A compliance document that doesn't fit into any of the preceding, more specific categories.
https://docs.oracle.com/en-us/iaas/Content/ComplianceDocuments/Concepts/compliancedocsoverview.htm


NEW QUESTION # 107
What are the security recommendations and best practices for Oracle Functions?

  • A. Define a policy statement that enables access to functions for requests coming from multiple IP addresses.
  • B. Grant privileges to UID and GID 1000, such that the functions running within a container acquire the default rootcapabilities.
  • C. Add applications to network security groups for fine-grained ingress/egress rules.
  • D. Ensure that functions in a VCN have restricted access to resources and services.

Answer: C

Explanation:
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm


NEW QUESTION # 108
......

Get 2024 Updated Free Oracle 1z0-1104-23 Exam Questions and Answer: https://freedownload.prep4sures.top/1z0-1104-23-real-sheets.html

Related Articles

more
Oracle 1z0-1104-23 Certification Practice Exam