Oracle 1z0-1104-23 Certification All-in-One Exam Guide Jun-2024
Get Real 1z0-1104-23 Exam Dumps [Jun-2024] Practice Tests
Oracle 1z0-1104-23 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
NEW QUESTION # 100
you want to create a stateless rule forSSH in security list and the ingress role has already been properly configured what combination should you use on the engress role what commination should you use on the egress rule?
- A. select udp for protocol: enter 22 for source port" and all for destination port
- B. select tcp for protocol: enter all for source port" and 22 for destination port.
- C. select tcp for protocol: enter 22 for source port" and 22 for destination port
- D. select tcp for protocol: enter 22 for source port" and all for destinationport
Answer: B
Explanation:
For SSH traffic, which uses TCP protocol and port 22, you would want to allow all source ports to connect to your destination port 22. This is because the source port for an SSH client can be any available port number.
NEW QUESTION # 101
Which two Cloud Guard tasks can be configured using API or Console? (Choose two.)
- A. Run behavior analytics on your users.
- B. Create your own rules within the existing recipes
- C. Create targets against your compartments to monitor resources within those.
- D. Clone config detector recipes to customize your security policies
Answer: B,C
NEW QUESTION # 102
An e-commerce company needs to authenticate with third-party API that don't support OCI's signature-based authentication.
What can be the solution for the above scenario?
- A. Asymmetric keys
- B. Security Token
- C. API Key Authentication
- D. Auth Token/Swift Password
Answer: D
Explanation:
NEW QUESTION # 103
Which are the three prerequisites for successfully configuring a Bastion managed SSH ses-sion to a compute instance in a private subnet? (Choose three.)
- A. The SSH port forwarding feature needs to be enabled
- B. The route table associated with the subnet needs to have a route rule to a service or NAT gateway.
- C. The private subnet must have a service or NAT gateway.
- D. The compute instance must have the Bastion cloud agent disabled
- E. The compute instance must have the Bastion cloud agent enabled.
- F. The private subret must not have any gateway in it
Answer: B,C,E
NEW QUESTION # 104
Operations team has made a mistake in updating the secret contents and immediately need to resume usingolder secret contents in OCI Secret Management within a Vault.
As a Security Administrator, what step should you perform to rollback to last version? Select TWO correct answers.
- A. Upload new secret and mark as 'Pending'. Promote this secret version as 'Current'
- B. Mark the secret version as 'deprecated'
- C. Mark the secret version as 'Rewind'
- D. Mark the secret version as'Previous'
Answer: A,D
Explanation:
Explanation
Graphical user interface, text, application Description automatically generated
NEW QUESTION # 105
You are using a custom application with third-party APIs to manage application and data hosted in an Oracle Cloud Infrastructure(OCI) tenancy. Although your third-party APIs don't support OCI's signature-based authentication, you want them to communicate with OCI resources. Which authentication option must you use to ensure this?
- A. API Signing Key
- B. Auth Token
- C. SSH Key Pair with 2048-bit algorithm
- D. OCI username and Password
Answer: B
Explanation:
An auth token in OCI is an Oracle-generated token that you can use to authenticate with third-party APIs78. This can be useful when the third-party APIs do not support OCI's signature-based authentication
NEW QUESTION # 106
Which challenge is generally the first level of bot mitigation, but not sufficient with more advanced bot tools?
- A. JavaScript challenge
- B. CAPTCHA challenge
- C. Device fingerprint challenge
- D. Human interaction challenge
Answer: B
Explanation:
Explanation
CAPTCHA challenge is generally the first level of bot mitigation, but it is not sufficient with more advanced bot tools
NEW QUESTION # 107
Which cache rules criterion matches if the concatenation of the requested URL path and query are identical to the contents of the value field?
- A. URL_PART_ENDS_WITH
- B. URL_IS
- C. URL_PART_CONTAINS
- D. URL_STARTS_WITH
Answer: B
Explanation:
URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
https://docs.oracle.com/en-us/iaas/tools/terraform-provider-oci/4.57.0/docs/d/waas_waas_policy.html
NEW QUESTION # 108
Oracle Object Storage achieves data durability by which of the mechanisms ? Select TWO correct answers
- A. Service Gateway
- B. Redundant Storage across availability domains
- C. Object Versioning
- D. Redundant Array of IndependentDisks
Answer: B,C
Explanation:
NEW QUESTION # 109
which three resources are required to encrypt a block volume with the customer managed key?
- A. SYMMETRIC MASTER KEY ENCRYPTlON KEY
- B. Secrets
- C. IAM Policy Allowing Block Storage to Use Keys
- D. OCI VAIRT
- E. BLOCK KEY
- F. MAXIMUM SECURITY ZONE
Answer: B,C,D
Explanation:
Explanation
https://docs.oracle.com/en-us/iaas/Content/SecurityAdvisor/Tasks/creatingsecureblockvolume.htm
NEW QUESTION # 110
Which VCNconfiguration is CORRECT with regard to VCN peering within a same region ?
- A. 194.168.0.0/24 and 194.168.0.0/16
- B. 12.0.0.0/16 and 12.0.0.0/16C 194.168.0.0/24 and 194.168.0.0/24
- C. 12.0.0.0/16 and 194.168.0.0/16
Answer: C
Explanation:
When setting up VCN peering within the same region, the VCNs must have non-overlapping CIDRs12. In this case, the CIDR blocks 12.0.0.0/16 and 194.168.0.0/16 are different and do not overlap, making them suitable for VCN peering
NEW QUESTION # 111
You have configured Management Agent on an Oracle Cloud Infrastructure (OCI) Linux instance for log Ingestion purposes. OR When using Management Agent to collect logs continuously. Which is required configuration for OCI Logging Analytics service to collect data from multiple logs of this Instance? (Choose the best Answer.)
- A. Log-Log Group Association
- B. Log Group-Source Association
- C. Entity Log Association
- D. Source-Entity Association
Answer: D
NEW QUESTION # 112
you want to create a stateless rule forSSH in security list and the ingress role has already been properly configured what combination should you use on the engress role what commination should you use on the egress rule?
- A. select udp for protocol: enter 22 for source port" and all for destination port
- B. select tcp for protocol: enter all for source port" and 22 for destination port.
- C. select tcp for protocol: enter 22 for source port" and 22 for destination port
- D. select tcp for protocol: enter 22 for source port" and all for destinationport
Answer: B
Explanation:
Explanation
For SSH traffic, which uses TCP protocol and port 22, you would want to allow all source ports to connect to your destination port 22. This is because the source port for an SSH client can be any available port number.
NEW QUESTION # 113
You create a new compartment, "apps," to host some production apps and you create an apps_group and added users to it.
What would you do to ensure the users have access to the apps compartment?
- A. No action is required.
- B. Add an IAM policy for apps_group granting access to the apps compartment.
- C. Add an IAM policy for the individual users to access the apps compartment.
- D. Add an lAM policy to attach tenancy to the apps group.
Answer: B
Explanation:
In Oracle Cloud Infrastructure, you can ensure that users have access to a specific compartment by adding an IAM policy for the group those users belong to, granting access to that compartment45.
NEW QUESTION # 114
Which OCI services can encrypt all data-at-rest? Select TWO correct answers
- A. File Storage
- B. Geolocation Steering
- C. NAT Gateway
- D. Block Volumes
Answer: A,D
Explanation:
NEW QUESTION # 115
You are the first responder of a security incident for ABC Org. You have identified sever-al IP addresses and URLs in the logs that you suspect may be related to the incident. However, you need more information to confidently determine whether they are indeed malicious or not. Which OCI service can you use to obtain a more refined information and confidence score for these identified indicators? (Choose the best Answer.)
- A. OCI Web Application Firewall
- B. OCI Security Zones
- C. OCI Threat Intelligence
- D. OCI Incidence Responder
Answer: C
NEW QUESTION # 116
Bot Management in OCI provides which of the features? Select TWO correct answers.
- A. IP Prefix Steering
- B. CAPTCHA Challenge
- C. Bad Bot Denylist
- D. Good Bot Allowlist
Answer: B,D
Explanation:
NEW QUESTION # 117
You are a security administrator for your company's Oracle Cloud Infrastructure (OCI) tenancy. Your storage administrator tells you he or she cannot associate an encryption key from OCI Voult to an Object Storage bucket in the new compartment. What is the reason? (Choose the best Answer.)
- A. The storage administrator forgot to select "Oracle Managed on the bucket
- B. The secret for the key was not created beforehand.
- C. There is no identity and Access Management (IAM) policy that allows the Object Store service to use the key.
- D. The resource bucket policy lacks the necessary Access Control List (ACL)
Answer: C
NEW QUESTION # 118
What information do youget by using the Network Visualizer tool?
- A. Interconnectivity of VCNs
- B. State of subnets in a VCN
- C. Organization of subnets and VLANs across availability domains
- D. Routes defined between subnets and gateways
Answer: A
Explanation:
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/network_visualizer.htm You can view and understand the following from this diagram:
How VCNs are inter-connected
How on-premises networks are connected (using FastConnect or Site-to-Site VPN) Which routing entities (DRGs and so on) control trafficrouting How your transit routing is configured
NEW QUESTION # 119
What do the features of OS Management Service do?
- A. Encourage manual setup to avoid machine-induced errors.
- B. Add complexity in using multiple tools tomanage mixed-OS environments.
- C. Provide paid service and support to OCI subscribers for fixes on priority.
- D. Increase security and reliability by regular bug fixes.
Answer: D
Explanation:
https://docs.oracle.com/en/solutions/oci-best-practices/manage-your-operating-systems1.html
NEW QUESTION # 120
Which two responsibilities must be taken care of by a customer while managing Web Application Firewall (WAF)? (Choose two.)
- A. Import new Open Web Application Security Project (OWASP) Core Rule Sets (CRS) as they are released
- B. Provide High Availability (HA) for the WAF edge nodes.
- C. Onboard and configure the WAF policy for the web application
- D. Patch their WAF instance when Oracle makes faxes available.
- E. Tune WAF's access rules and bot management strategies according to the web application traffic
Answer: C,E
NEW QUESTION # 121
When doesCloud Guard re-open an issue and update the history?
- A. If it detects an issue for a previously resolved configuration problem
- B. If it detects an issue for a previously dismissed configuration problem
- C. If it detects an issue for a previously resolved/dismissed activity problem
- D. If it detects an issue again for an Open (unresolved) problem
Answer: A
Explanation:
If Cloud Guard detects an issue again for:
An Open (unresolved) problem, it updates the problem history, but doesn't create a new problem.
A previouslysolved problem, it reopens the issue and updates the history.
A previously dismissed problem, it updates the history.
https://docs.oracle.com/en-us/iaas/cloud-guard/using/problems-page.htm
NEW QUESTION # 122
VCN Flow log record details about the traffic that has been denied or approved is based on which of the following statements?
- A. Configuration of route table
- B. Auth tokens
- C. Security Lists orNetwork Security Group Rules
- D. Web Application Firewall (WAF)
Answer: C
Explanation:
Explanation
Graphical user interface, application, Teams Description automatically generated
NEW QUESTION # 123
Which statement about Oracle Cloud Infrastructure Multi-Factor Authentication (MFA)is NOT valid?
- A. Users cannot disable MFA for themselves.
- B. An administrator can disable MFA for another user.
- C. A user can register only one device to use for MFA.
- D. Users must install a supported authenticator app on the mobile device they intend to register for MFA.
Answer: A
Explanation:
In Oracle Cloud Infrastructure, users can disable Multi-Factor Authentication (MFA) for themselves456. If a user loses their MFA device or wants to register a new one, they can disable MFA for their account and then set it up again with the new device
NEW QUESTION # 124
which two responsibilities will be oracle when you move your it infrastructure to oracle cloud infrastructure?
- A. PROVIDING STRONG SECURITY LIST
- B. Strong IAM Framework
- C. ACCOUNT ACCESS MANAGEMENT
- D. Strong Isolation
- E. MAINTAINING CUSTOMER DATA
Answer: B,D
Explanation:
Oracle is responsible for providing a strong Identity and Access Management (IAM) framework in OCI.
The IAM service lets you control who has access to your cloud resources, what type of access they have, and to which specific resources. You can find more details about this in the Oracle Cloud Infrastructure documentation.
Oracle also ensures strong isolation in its cloud infrastructure, which means that your resources are isolated from other tenants and from Oracle staff. This isolation extends from physical separation of hardware all the way up to access controls on APIs. You can find more details about this in the Oracle Cloud Infrastructure documentation.
NEW QUESTION # 125
......
Last 1z0-1104-23 practice test reviews: Practice Test Oracle dumps: https://www.topexamcollection.com/1z0-1104-23-vce-collection.html
Try 1z0-1104-23 Free Now! Real Exam Question Answers: https://drive.google.com/open?id=1TnFbCKWTSuHfQ84BTaRWLMI9SFPRmCKU
