Prepare 1z0-1104-22 Question Answers Free Update With 100% Exam Passing Guarantee [2023]
Dumps Real Oracle 1z0-1104-22 Exam Questions [Updated 2023]
Oracle 1z0-1104-22 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
NEW QUESTION 41
You want to make API calls against other OCI services from your instance without configuring user credentials. How would you achieve this?
- A. Create a group and add a policy.
- B. Create a dynamic group and add your instance.
- C. No configuration is required for making API calls.
- D. Create a dynamic group and add a policy.
Answer: D
Explanation:
DYNAMIC GROUP
Dynamic groups allow you to group Oracle Cloud Infrastructure instances as principal actors, similar to user groups. You can then create policies to permit instances in these groups to make API calls against Oracle Cloud Infrastructure services. Membership in the group is determined by a set of criteria you define, called matching rules. https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
NEW QUESTION 42
What is the matching rule syntax for a single condition?
- A. Option B
- B. Option C
- C. Option A
- D. Option D
Answer: B
Explanation:
NEW QUESTION 43
Which resources can be used to create and manage from Vault Service ? Select TWO correct answers
- A. Cloud Guard
- B. Keys
- C. IAM
- D. Secret
Answer: B,D
Explanation:
NEW QUESTION 44
you are part of security operation of an organization with thousand of your users accessing Oracle cloud infrastructure it was reported that an unknown user action was executed resulting in configuration error you are tasked to quickly identify the details of all users who were active in the last six hours also with any rest API call that were executed. Which oci feature should you use?
- A. service connector hub
- B. audit analysis dashboard
- C. objectcollectionrule
- D. management agent log integration
Answer: B
NEW QUESTION 45
How can you restrict access to OCI console from unknown IP addresses?
- A. Create tenancy's authentication policy and create WAF rules
- B. Create tenancy's authentication policy and add a network source
- C. Make OCI resources private instead of public
- D. Create PAR to restrict access the access
Answer: B
Explanation:
NEW QUESTION 46
Which of the following is necessary step when creating a secret in vault?
- A. Vault-managed key is necessary to encrypt the secret
- B. Object Storage must be created to run secret service
- C. Shamir's secret sharing algorithm should be used to unseal the vault
- D. Digest Hash should be created of the secret value
Answer: A
Explanation:
https://docs.oracle.com/en/database/other-databases/essbase/21/essad/create-vault-and-secrets.html
NEW QUESTION 47
A http web server hosted on an Oracle cloud infrastructure compute instance in a public subnet of the vcsl virtual cloud network has a stateless security ingress rule for port 80 access through internet gateway stateful network security group notification for port 80 how will the Oci vcn handle request response traffic to the compute instance for a web page from the http server with port 80?
- A. Because there is no Egress ruled defined in Security List, The Response would not pass through Internet Gateway.
- B. due to the conflict in security configuration inbound request traffic would not be allowed
- C. network security group would supersede the security utility list and allow both inbound and outbound traffic
- D. the union of both configuration would happen and allow both inbound and outbound traffic
Answer: A
NEW QUESTION 48
Which of these protects customer data at rest and in transit in a way that allows customers to meet their security and compliance requirements for cryptographic algorithms and key management?
- A. Data encryption
- B. Customer isolation
- C. Security controls
- D. Identity Federation
Answer: A
Explanation:
DATA ENCRYPTION
Protect customer data at-rest and in-transit in a way that allows customers to meet their security and compliance requirements for cryptographic algorithms and key management.
https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_overview.htm
NEW QUESTION 49
In which two ways can you improve data durability in Oracle Cloud Infrastructure Object Storage?
- A. Setup volumes in a RAID1 configuration
- B. Enable client-side encryption
- C. Enable server-side encryption
- D. Limit delete permissions
- E. Enable Versioning
Answer: A
NEW QUESTION 50
Which component helps move logging data to other services, such as archiving log data in object storage?
- A. Agent Configuration
- B. Service Connector Hub
- C. Service Log Category
- D. Unified Monitoring Agent
Answer: B
Explanation:
Service Connector Hub
Service Connector Hub moves logging data to other services in Oracle Cloud Infrastructure. For example, use Service Connector Hub to alarm on log data, send log data to databases, and archive log data to Object Storage. For more information, see Service Connector Hub.
https://docs.oracle.com/en-us/iaas/Content/Logging/Concepts/loggingoverview.htm
NEW QUESTION 51
When creating an OCI Vault, which factors may lead to select the Virtual Private Vault ? Select TWO correct answers
- A. Ability to back up the vault
- B. Greater degree of isolation
- C. Need for more than 9211 key versions
- D. To mask Pll data for non-production environment
Answer: A,B
Explanation:
NEW QUESTION 52
A number of malicious requests for a web application is coming from a set of IP addresses originating from Antartica.
Which of the following statement will help to reduce these types of unauthorized requests ?
- A. Delete NAT Gateway from Virtual Cloud Network
- B. Change your home region in which your resources are currently deployed
- C. Use WAF policy using Access Control Rules
- D. List specific set of IP addresses then deny rules in Virtual Cloud Network Security Lists
Answer: C
NEW QUESTION 53
Which is NOT a part of Observability and Management Services?
- A. Event Services
- B. Logging
- C. Logging Analytics
- D. OCI Management Service
Answer: D
Explanation:
https://www.oracle.com/in/manageability/
NEW QUESTION 54
Which architecture is based on the principle of "never trust, always verify"?
- A. Zero trust
- B. Defense in depth
- C. Federated identity
- D. Fluid perimeter
Answer: A
Explanation:
Enterprise Interest in Zero Trust is Growing Ransomware and breaches are top of the news cycle and a major concern for organizations big and small. So, many are now looking at the Zero Trust architecture and its primary principle "never trust, always verify" to provide greater protection.
According to Report Linker, the Zero Trust security market is projected to grow from USD 15.6 billion in 2019 to USD 38.6 billion by 2024 and that sounds right based on the large number of companies pitching their Zero Trust wares at RSA 2020.
The enterprise was well represented at the conference and there was a tremendous amount of interest in Zero Trust. Interestingly, even though Zero Trust environments are often made up of several solutions from multiple vendors it hasn't prevented each of the vendors from evangelizing their flavors of Zero Trust. This left the thousands of attendees to attempt to cut through the Zero Trust buzz and noise and make their own conclusions to the best approach.
https://blogs.oracle.com/cloudsecurity/post/rsa-2020-recap-cloud-security-moves-to-the-front
NEW QUESTION 55
As a security administrator, you found out that there are users outside your co network who are accessing OCI Object Storage Bucket. How can you prevent these users from accessing OCI resources in corporate network?
- A. Create an 1AM policy and create WAF rules
- B. Create an 1AM policy and add a network source
- C. Make OCI resources private instead of public
- D. Create PAR to restrict access the access
Answer: B
Explanation:
NEW QUESTION 56
What does an audit log event include?
- A. Audit type
- B. Header
- C. Type of input
- D. Footer
Answer: B
Explanation:
The HTTP header fields and values in the request.
https://docs.oracle.com/en-us/iaas/Content/Audit/Reference/logeventreference.htm
NEW QUESTION 57
Which OCI cloud service lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources?
- A. Data Safe
- B. Vault
- C. Cloud Guard
- D. Data Guard
Answer: B
Explanation:
Oracle Cloud Infrastructure Vault is a managed service that lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources. Vaults securely store master encryption keys and secrets that you might otherwise store in configuration files or in code. Specifically, depending on the protection mode, keys are either stored on the server or they are stored on highly available and durable hardware security modules (HSM) that meet Federal Information Processing Standards (FIPS) 140-2 Security Level 3 security certification.
https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm
NEW QUESTION 58
An automobile company needs to configure Bastion Managed SSH session to a compute instance in a private subnet. What are the TWO prerequisites to configure successfully?
- A. NAT or Service Gateway should be attached to the private subnet
- B. There is no need for any gateway in private subnet
- C. SSH port forwarding should be enabled
- D. Route rule to a NAT or Service Gateway should be associated with the subnet of the route table
Answer: A,D
NEW QUESTION 59
which two responsibilities will be oracle when you move your it infrastructure to oracle cloud infrastructure?
- A. PROVIDING STRONG SECURITY LIST
- B. Strong Isolation
- C. Strong IAM Framework
- D. ACCOUNT ACCESS MANAGEMENT
- E. MAINTAINING CUSTOMER DATA
Answer: B,C
NEW QUESTION 60
Which security issues can be identified by Oracle Vulnerability Scanning Service? Select TWO correct answers
- A. SQL Injection
- B. CIS published Industry-standard benchmarks
- C. Ports that are unintentionally left open can be a potential attack vector for cloud resources
- D. Distributed Denial of Service (DDoS)
Answer: B,C
Explanation:
NEW QUESTION 61
......
1z0-1104-22 Exam Dumps, 1z0-1104-22 Practice Test Questions: https://www.actual4exams.com/1z0-1104-22-valid-dump.html
Free 1z0-1104-22 Exam Dumps to Pass Exam Easily: https://drive.google.com/open?id=1DJ5QsyfNm9EJ1a6cEOG3lUUutY8UyfOR