Ultimate Guide to the 1z0-1104-23 - Latest Apr 19, 2024 Edition Available Now
2024 Updated Verified Pass 1z0-1104-23 Exam - Real Questions and Answers
NEW QUESTION # 47
A company, ABC, is planning to launch a new web application on OCI. Based on past experiences, they expect a significant surge in traffic after the launch. You are responsible for ensuring that the application is highly available. Which step would you perform to achieve this goal? (Choose the best Answer.)
- A. Implement security controls, such as web application firewalls, to protect against com-mon attack vectors.
- B. Use a Virtual Cloud Network (VCN) with subnets, security lists, and routing rules to isolate the web application from the Internet and other resources.
- C. Use a load balancer to distribute incoming traffic evenly across multiple instances of the web application.
- D. Configure Cloud Guard to prevent large amounts of traffic from reaching the web application.
Answer: C
NEW QUESTION # 48
Which resources can be used to create and manage from Vault Service ? Select TWO correct answers
- A. Keys
- B. Cloud Guard
- C. IAM
- D. Secret
Answer: A,D
Explanation:
Explanation
Graphical user interface, text, application Description automatically generated
NEW QUESTION # 49
Challenge 3 - Task 4 of 4
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Configure a Virtual Cloud Network (VCN) and a Private Subnet.
* Provision a Compute Instance in the private subnet and enable Bastion Plugin.
* Create a Bastion and Bastion session.
* Connect to a compute instance using Managed SSH session.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
Connect to a compute instance using a Managed SSH Bastion session from your local machine terminal or Cloud shell.
Answer:
Explanation:
See the solution below in Explanation
Explanation:
Solutions:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click the SPPBTBASTION992831403labuser13 bastion.
Click the three dots next to the PBT-1-Session-01 managed SSH session to open the Actions menu and click the View SSH command.
Click Copy next to the SSH command and Close. (Copy the SSH command to a Notepad file) Use a Notepad text editor to replace <privateKey> with the private key of the SSH key pair that you provided when you created the session.
a. For example:
perl
ssh -i ssh-key-2023-08-02.key -o ProxyCommand="ssh -i ssh-key-2023-08-02.key -w %h:%p -p 22 ocid1.bastionsession.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@host.bastion.us-ashburn-1.oci.oraclecloud.com" -p 22 [email protected] Click the Cloud Shell icon at the right of the OCI console header.
Verify that you are in the home directory. a. cd ~
Upload the private key to the cloud shell you downloaded to your workstation earlier. Reference to upload file to cloud shell.
The file will be named similarly to ssh-key-<date>.key.
Locate and change the permission of the private key by executing the following commands: a. ls b. chmod 400 <private key file> Run the SSH command to connect the compute instance in the private subnet. a. For example:
perl
ssh -i ssh-key-2023-08-02.key -o ProxyCommand="ssh -i ssh-key-2023-08-02.key -w %h:%p -p 22 ocid1.bastionsession.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@host.bastion.us-ashburn-1.oci.oraclecloud.com" -p 22 [email protected] Note: Enter yes in response to "Are you sure you want to continue connecting (yes/no)?" 13. Verify the connected instance's Private IP address. a. ifconfig Take note of the inet/IP address for the ens3 interface in the output and compare it to the instance Private IP address created in this lab, i.e. PBT-BAS-VM-01.
Congratulations! You have successfully created an instance, enabled Bastion, and created a Bastion and session to connect the resources to a private endpoint.
NEW QUESTION # 50
You are using a custom application with third-party APIs to manage application and data hosted in an Oracle Cloud Infrastructure(OCI) tenancy. Although your third-party APIs don't support OCI's signature-based authentication, you want them to communicate with OCI resources. Which authentication option must you use to ensure this?
- A. Auth Token
- B. OCI username and Password
- C. API Signing Key
- D. SSH Key Pair with 2048-bit algorithm
Answer: A
Explanation:
Explanation
An auth token in OCI is an Oracle-generated token that you can use to authenticate with third-party APIs78. This can be useful when the third-party APIs do not support OCI's signature-based authentication
NEW QUESTION # 51
Which statement is not true about Cloud Security Posture?
- A. Problems can be resolved, dismissed, or remediated.
- B. Problems are defined by the type of detector that creates them: activity or configuration.
- C. Problems are created when Cloud Guard discovers a deviation from a responder rule.
- D. Problems contain data about the specific type of issue that was found.
Answer: C
Explanation:
Explanation
https://www.oracle.com/security/cloud-security/what-is-cspm/
NEW QUESTION # 52
Which statement is true about standards?
- A. They are result of a regulation or contractual requirement or an industry requirement.
- B. They are methods and instructions on how to maintain or accomplish the directives of the policy.
- C. They are the foundation of corporate governance.
- D. They may be audited.
Answer: C
Explanation:
Explanation
Standards are the foundation of corporate governance as they provide a framework for how a corporation is managed and controlled
NEW QUESTION # 53
Which Oracle Cloud Service provides restricted accessto target resources?
- A. Internet Gateway
- B. Load balancer
- C. SSL certificate
- D. Bastion
Answer: D
Explanation:
Explanation
Bastion
Oracle Cloud Infrastructure Bastion provides restricted and time-limited access to target resources that don't have public endpoints.
Diagram Description automatically generated
https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_features.htm
NEW QUESTION # 54
Which statements are CORRECT about Security Zone policy in OCI ? Select TWO correct answers
- A. Resources in a security zone must be accessible from internet
- B. Block volume canbe moved from a security zone to a standard compartment
- C. Bucket can't be moved from a security zone to a standard compartment
- D. Resources in a security zone must be encrypted using customer-managed keys
Answer: C,D
Explanation:
Explanation
Table Description automatically generated
NEW QUESTION # 55
Challenge 3 - Task 3 of 4
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Configure a Virtual Cloud Network (VCN) and a Private Subnet.
* Provision a Compute Instance in the private subnet and enable Bastion Plugin.
* Create a Bastion and Bastion session.
* Connect to a compute instance using Managed SSH session.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
1. Create a Bastion with the name SPPBTBASTION99233424-lab.user01
[Eliminate Specical Characters] Eg:SPPBTBASTION992831403labuser13
2. Create a Session with the name PBT-1-Session-01, for compute instance in private subnet, with default username as "opc"
Answer:
Explanation:
See the solution below in Explanation
Explanation:
Solutions:
Create Bastion:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click Create Bastion and enter the following details:
a. Bastion name: SPPBTBASTION992831403labuser13
b. Configure Networking:
i. Target virtual cloud network: Select PBT-BAS-VCN-01
ii. Target Subnet: Select PBT-BAS-SNET-01 (Private Subnet) Note: Click Change compartment and select the working compartment to locate VCN and Private subnet gateway.
c. CIDR block allowlist: 0.0.0.0/0 (from anywhere) You can add one or more address ranges in the CIDR notation that you want to allow to connect to sessions hosted by this bastion.
d. Click Create Bastion.
After a few minutes, you can see that the Bastion has been successfully created, and the state is Active.
Create a Bastion Session:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click the SPPBTBASTION992831403labuser13 bastion.
Click Create a Session and enter the following details:
a. Bastion name: PBT-1-Session-01
b. Session type: Select Managed SSH session.
c. Session name: PBT-1-Session-01 d. Username: Enter opc e. Compute instance in: Select PBT-BAS-VM-01.
Note: Click Change compartment and select the working compartment to locate VCN for the compute instance.
f. Add SSH key
g. Click Generate SSH key pair. h. Click Save private key. This will save the private key to your local workstation.
i. Click Save public key. This will save the public key to your local workstation.
j. Click Create session.
After a few minutes, you can see that the Bastion session has been successfully created, and the state is Active.
NEW QUESTION # 56
Oracle Object Storage achieves data durability by which of the mechanisms ? Select TWO correct answers
- A. Object Versioning
- B. Redundant Storage across availability domains
- C. Redundant Array of IndependentDisks
- D. Service Gateway
Answer: A,B
Explanation:
Explanation
Graphical user interface, text, application, email Description automatically generated
NEW QUESTION # 57
Your company has implemented a new VPN connection policy, three months after you connected your on-premises network to Oracle Cloud Infrastructure (OCI). Your chief security officer has instructed you to edit the IPSec connection and replace the shared secrets with the new ones that he has provided. Where do you edit the shared secrets? (Choose the best Answer.)
- A. IPsec connection
- B. Customer Premises Equipment
- C. Dynamic Routing Gateway
- D. Individual tunnels
Answer: C
NEW QUESTION # 58
Which Oracle Cloud Service provides restricted accessto target resources?
- A. Internet Gateway
- B. Load balancer
- C. SSL certificate
- D. Bastion
Answer: D
Explanation:
Bastion
Oracle Cloud Infrastructure Bastion provides restricted and time-limited access to target resources that don't have public endpoints.
https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_features.htm
NEW QUESTION # 59
What must be configured for a load balancer to accept incoming traffic?
- A. Route table entry pointing to the listener IP address
- B. Listener
- C. SSL certificate
- D. Service Gateway
Answer: B
Explanation:
Explanation
A listener is an entity that checks for connection requests. The load balancerlistener listens for ingress client traffic using the port you specify within the listener and the load balancer's public IP.
https://docs.oracle.com/en-us/iaas/Content/GSG/Tasks/loadbalancing.htm
To create a listener:
On your Load Balancer Details page, click Listeners.
Click Create Listener.
Enter the following:
Name: Enter afriendly name. Avoid entering confidential information.
Protocol: Select HTTP.
Port: Enter 80 as the port on which to listen for incoming traffic.
Backend Set: Select the backend set you created.
Click Create.
NEW QUESTION # 60
Which statement is true about Oracle Cloud Infrastructure (OCI) Object Storage server-side encryption?
- A. Encryption is not enabled by default.
- B. All the traffic to and from object storage is encrypted by using Transport Layer Security.
- C. Each object in a bucket is always encrypted with the same data encryption key.
- D. Customer-provided encryption keys are never stored in OCI Vault service.
Answer: B
Explanation:
Oracle Cloud Infrastructure (OCI) Object Storage uses Transport Layer Security (TLS) to encrypt all traffic to and from Object Storage34. This ensures that data is secure during transit.
NEW QUESTION # 61
which three resources are required to encrypt a block volume with the customer managed key?
- A. BLOCK KEY
- B. Secrets
- C. OCI VAIRT
- D. MAXIMUM SECURITY ZONE
- E. IAM Policy Allowing Block Storage to Use Keys
- F. SYMMETRIC MASTER KEY ENCRYPTlON KEY
Answer: B,C,E
Explanation:
https://docs.oracle.com/en-us/iaas/Content/SecurityAdvisor/Tasks/creatingsecureblockvolume.htm
NEW QUESTION # 62
As a Security Admin you want to inspect the metadata and actual data in your Oracle databases to discover sensitive data and provide comprehensive results listing the sensitive columns and related information. Which Data Safe feature will help you to achieve the above requirement ?
- A. Data Discovery
- B. User Assessment
- C. Data Masking
- D. Security Assessment
Answer: A
Explanation:
NEW QUESTION # 63
......
Oracle 1z0-1104-23 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
Dumps Moneyack Guarantee - 1z0-1104-23 Dumps Approved Dumps: https://www.actual4exams.com/1z0-1104-23-valid-dump.html