1z0-1104-23 Dumps By Pros - 1st Attempt Guaranteed Success 100% Guarantee Download 1z0-1104-23 Exam Dumps PDF Q A Oracle 1z0-1104-23 Exam Syllabus Topics: TopicDetailsTopic 1Create and configure Web Application Firewall Implement security monitoring and alertingTopic 2Secure connectivity of hybrid networks using Site-to-Site VPN and FastConnect Design and implement a logging and logging analytics solutionTopic [...]

All Products Contact now

1z0-1104-23 Dumps By Pros - 1st Attempt Guaranteed Success [Q90-Q115]

Share

1z0-1104-23 Dumps By Pros - 1st Attempt Guaranteed Success

100% Guarantee Download 1z0-1104-23 Exam Dumps PDF Q&A


Oracle 1z0-1104-23 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Create and configure Web Application Firewall
  • Implement security monitoring and alerting
Topic 2
  • Secure connectivity of hybrid networks using Site-to-Site VPN and FastConnect
  • Design and implement a logging and logging analytics solution
Topic 3
  • Configure, deploy and maintain OCI Certificates
  • Implement Network, Platform, and Infrastructure Security
Topic 4
  • Use threat intelligence to identify rogue users
  • Configure security for OCI storage services
Topic 5
  • Understand MFA, Identity Federation, and SSO
  • Describe OCI Shared Security Responsibility Model
Topic 6
  • Discuss core security services offered by OCI
  • Configure security for Oracle Autonomous Database and DB Systems
Topic 7
  • Utilize OS Management to manage and monitor updates
  • Understand and implement Security Zones and Security Advisor

 

NEW QUESTION # 90
Which volume type contains the image used to boot a compute instance?

  • A. Block volume
  • B. Startup volume
  • C. Init 6 volume
  • D. Boot volume

Answer: D

Explanation:
Boot Volumes
When you launch a virtual machine (VM) or bare metal instance based on a platform image or custom image, a new boot volume for the instance is created in the same compartment. That boot volume is associated with that instanceuntil you terminate the instance. When you terminate the instance, you can preserve the boot volume and its data
https://docs.oracle.com/en-us/iaas/Content/Block/Concepts/bootvolumes.htm


NEW QUESTION # 91
Where is sensitive configuration data (like certificates, and credentials) is stored by Kubernetes cluster control plane?

  • A. Boot Volume
  • B. Block Volume
  • C. ETCD
  • D. Oracle Functions

Answer: C

Explanation:
Explanation
Graphical user interface, text, application, email Description automatically generated


NEW QUESTION # 92
Which resources can be used to create and manage from Vault Service ? Select TWO correct answers

  • A. Keys
  • B. IAM
  • C. Cloud Guard
  • D. Secret

Answer: A,D

Explanation:
Explanation
Graphical user interface, text, application Description automatically generated


NEW QUESTION # 93
How can you restrict access to OCI console from unknown IP addresses?

  • A. Create tenancy's authentication policy and create WAF rules
  • B. Create tenancy's authentication policy and add a network source
  • C. Make OCI resources private instead of public
  • D. Create PAR to restrict access the access

Answer: B

Explanation:
Explanation
Graphical user interface, text, application, Word Description automatically generated


NEW QUESTION # 94
Which components are a part of the OCI Identity and Access Management service?

  • A. Policies
  • B. VCN
  • C. Regional subnets
  • D. Compute instances

Answer: A

Explanation:
Explanation
https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/overview.htm


NEW QUESTION # 95
You create a new compartment, "apps," to host some production apps and you create an apps_group and added users to it.
What would you do to ensure the users have access to the apps compartment?

  • A. Add an IAM policy for the individual users to access the apps compartment.
  • B. Add an IAM policy for apps_group granting access to the apps compartment.
  • C. No action is required.
  • D. Add an lAM policy to attach tenancy to the apps group.

Answer: B

Explanation:
Explanation
In Oracle Cloud Infrastructure, you can ensure that users have access to a specific compartment by adding an IAM policy for the group those users belong to, granting access to that compartment45.


NEW QUESTION # 96
A programmer is developing a Node.js application which will run in a Linux server on their on-premises data center. This application will access various Oracle Cloud Infrastructure (OCI) services using OCI SDKs. What is the secure way to access OCI services with OCI Identity and Access Management (IAM)? (Choose the best Answer.)

  • A. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services In the on-premises Linux server, add the user name and password to a file used by dj authentication.
  • B. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. Is the on-premises Linux server, generate the key pair Used for signing API requests and upload the public key to the IAN user.
  • C. Create an OCI IAM policy with appropriate permissions to access the required OCT services and assign the policy to the on-premises Linux server.
  • D. Create a new OCI IAM user associated with a dynamic group and a policy that grants the desired permissions to OCI services. Add the on-premises Linux server in the dynamic group

Answer: B


NEW QUESTION # 97
You want to create a stateless rule for SSH in a security list, and the Ingress rule has al-ready been properly configured. Which combination should you use on the egress rule? (Choose the best Answer.)

  • A. Select UDP for Protocol; enter 22 for Source Part; and ALL for Destination Port.
  • B. Select TCP for Protocol enter ALL for Source Port; and 22 for Destination Port.
  • C. Select TCP for Protocol; enter 22 for Source Port; and 22 for Destination Port.
  • D. Select TCP for Protocol; enter 22 for Source Port; and ALL for Destination Port.

Answer: D


NEW QUESTION # 98
Which OCI services can encrypt all data-at-rest ? Select TWO correct answers

  • A. Geolocation Steering
  • B. NAT Gateway
  • C. File Storage
  • D. Block Volumes

Answer: C,D

Explanation:
Explanation
Graphical user interface, text, application, email Description automatically generated


NEW QUESTION # 99
Which three Oracle Cloud Infrastructure (OCI) services are covered by Cloud Guard? (Choose three.)

  • A. Oracle Integration Osud (OIC)
  • B. Blockchain
  • C. Identity and Access Management (IAM)
  • D. Database Cloud Service
  • E. Object Storage

Answer: C,D,E


NEW QUESTION # 100
A company has OCI tenancy which has mount target associated with two File Systems, CG_1 and CG_2.
These FileSystems are accessed by IP-based clients AB_1 and AB_2 respectively. As a security administrator, how can you provide access to both clients such that CGI has Read only access on AB1 and CG_2 has Read/Write access on AB_2?

  • A. NFS Export Option
  • B. Vault
  • C. NFS v3 Unix Security
  • D. Access Control Lists

Answer: A,C

Explanation:
Explanation
Graphical user interface, text, application, email Description automatically generated


NEW QUESTION # 101
You subscribe to a PaaS service that follows the Shared Responsibility model.
Which type of security is your responsibility?

  • A. Guest OS
  • B. Data
  • C. Network
  • D. Infrastructure

Answer: B

Explanation:
Explanation
https://www.oracle.com/a/ocom/docs/cloud/oracle-ctr-2020-shared-responsibility.pdf


NEW QUESTION # 102
A http web server hosted on an Oracle cloud infrastructure compute instance in a public subnet of the vcsl virtual cloudnetwork has a stateless security ingress rule for port 80 access through internet gateway stateful network security group notification for port 80 how will the Oci vcn handle request response traffic to the compute instance for a web page from the http server with port 80?

  • A. due to the conflict in security configuration inbound request traffic would not be allowed
  • B. network security group would supersede the security utility list and allow both inbound and outbound traffic
  • C. Because there is no Egress ruled defined in Security List, The Response would not pass through Internet Gateway.
  • D. the union of both configuration would happen and allow both inbound and outbound traffic

Answer: D

Explanation:
In OCI, if there's a stateless rule in the security list and a stateful rule in the network security group, both rules are evaluated. The union of both configurations would happen, allowing both inbound and outbound traffic. This means that if an incoming packet is allowed by either the security lists or the network security groups, then it's allowed into the instance. Similarly, if an outgoing packet is allowed by either, then it's allowed out of the instance


NEW QUESTION # 103
As a Security Admin you want to inspect the metadata and actual data in your Oracle databases to discover sensitive data and provide comprehensive results listing the sensitive columns and related information. Which Data Safe feature will help you to achieve the above requirement ?

  • A. Security Assessment
  • B. User Assessment
  • C. Data Discovery
  • D. Data Masking

Answer: C

Explanation:


NEW QUESTION # 104
Which Oracle Data Safe feature enables the internal test, development, and analytics teams to operate effectively while minimizing their exposure to sensitive data? (Choose the best Answer.)

  • A. Security assessment
  • B. Data masking
  • C. Data Auditing
  • D. Data encryption
  • E. Data discovery

Answer: B


NEW QUESTION # 105
As a lead Security Architect, you have tasked to restrict access to and from the worker nodes in pods running in Oracle Container Engine for Kubernetes?

  • A. Identity and Access Management
  • B. Security Lists
  • C. Vulnerability Scanning
  • D. Cloud Guard

Answer: B

Explanation:


NEW QUESTION # 106
Which cache rules criterion matches if the concatenation of the requested URL path and query are identical to the contents of the value field?

  • A. URL_STARTS_WITH
  • B. URL_PART_ENDS_WITH
  • C. URL_PART_CONTAINS
  • D. URL_IS

Answer: D

Explanation:
URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
https://docs.oracle.com/en-us/iaas/tools/terraform-provider-oci/4.57.0/docs/d/waas_waas_policy.html


NEW QUESTION # 107
Which tasks can you perform on a dedicated virtual machine host?

  • A. Creating instance pools
  • B. Capacity reservations
  • C. Manual scaling
  • D. Instance configurations

Answer: C

Explanation:
Supported features: Most of the Compute features for VM instances are supported for instances running on dedicated virtual machine hosts. However, the following features arenot supported:
Autoscaling
Capacity reservations
Instance configurations
Instance pools
Burstable instances
Reboot migration. You can use manual migration instead
https://docs.oracle.com/en-us/iaas/Content/Compute/Concepts/dedicatedvmhosts.htm#Dedicated_Virtual_Machine_Hosts


NEW QUESTION # 108
What information do youget by using the Network Visualizer tool?

  • A. Routes defined between subnets and gateways
  • B. Organization of subnets and VLANs across availability domains
  • C. State of subnets in a VCN
  • D. Interconnectivity of VCNs

Answer: D

Explanation:
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/network_visualizer.htm You can view and understand the following from this diagram:
How VCNs are inter-connected
How on-premises networks are connected (using FastConnect or Site-to-Site VPN) Which routing entities (DRGs and so on) control trafficrouting How your transit routing is configured


NEW QUESTION # 109
Which resources can be used to create and manage from Vault Service ? Select TWO correct answers

  • A. Keys
  • B. IAM
  • C. Cloud Guard
  • D. Secret

Answer: A,D

Explanation:


NEW QUESTION # 110
For how long are API calls audited and available?

  • A. 60 days
  • B. 30days
  • C. 365 days
  • D. 90 days

Answer: C

Explanation:
Explanation
https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/Audit/Tasks/settingretentionperiod.


NEW QUESTION # 111
What is the configuration to avoid publishing messages during the specified time range known as?

  • A. Suppression
  • B. Trigger rule
  • C. Statistic
  • D. Resource group

Answer: A

Explanation:
Graphical user interface, text, application, email Description automatically generated


NEW QUESTION # 112
Which statement is true about Oracle Cloud Infrastructure (OCI) Object Storage server-side encryption?

  • A. Each object in a bucket is always encrypted with the same data encryption key.
  • B. Customer-provided encryption keys are never stored in OCI Vault service.
  • C. Encryption is not enabled by default.
  • D. All the traffic to and from object storage is encrypted by using Transport Layer Security.

Answer: D

Explanation:
Oracle Cloud Infrastructure (OCI) Object Storage uses Transport Layer Security (TLS) to encrypt all traffic to and from Object Storage34. This ensures that data is secure during transit.


NEW QUESTION # 113
A http web server hosted on an Oracle cloud infrastructure compute instance in a public subnet of the vcsl virtual cloudnetwork has a stateless security ingress rule for port 80 access through internet gateway stateful network security group notification for port 80 how will the Oci vcn handle request response traffic to the compute instance for a web page from the http server with port 80?

  • A. due to the conflict in security configuration inbound request traffic would not be allowed
  • B. network security group would supersede the security utility list and allow both inbound and outbound traffic
  • C. Because there is no Egress ruled defined in Security List, The Response would not pass through Internet Gateway.
  • D. the union of both configuration would happen and allow both inbound and outbound traffic

Answer: D

Explanation:
Explanation
In OCI, if there's a stateless rule in the security list and a stateful rule in the network security group, both rules are evaluated. The union of both configurations would happen, allowing both inbound and outbound traffic. This means that if an incoming packet is allowed by either the security lists or the network security groups, then it's allowed into the instance. Similarly, if an outgoing packet is allowed by either, then it's allowed out of the instance


NEW QUESTION # 114
"Jazz Clothing" is an e-commerce company that wants to secure their in-transit communication to online store's hosted on Oracle Cloud Infrastructure (OCI) by ensuring secure Transport Layer Security (TLS) connections. They plan to automate the process of creating and rotating certificates using the OCI Certificates service to avoid outages due to expired certificates. What is a key benefit that Jazz Clothing will gain by automating their certificate management for TLS connections in OCI? (Choose the best Answer.)

  • A. Automated certificate management improves network performance by reducing the amount of processing required for each request
  • B. Automated certificate management reduces the risk of human error in the certificate creation and rotation process.
  • C. Automated certificate management guarantees 100% protection against all security threats.
  • D. Automated certificate management eliminates the need for traffic monitoring and auditing.

Answer: B


NEW QUESTION # 115
......

Earn Quick And Easy Success With 1z0-1104-23 Dumps: https://freetorrent.braindumpsvce.com/1z0-1104-23_exam-dumps-torrent.html

Related Articles

more
Oracle 1z0-1104-23 Certification Practice Exam