1z0-1104-21 Dumps 2022 - New Oracle 1z0-1104-21 Exam Questions
Free 1z0-1104-21 braindumps download (1z0-1104-21 exam dumps Free Updated)
NEW QUESTION 24
As a lead Security Architect, you have tasked to restrict access to and from the worker nodes in pods running in Oracle Container Engine for Kubernetes?
- A. Vulnerability Scanning
- B. Identity and Access Management
- C. Security Lists
- D. Cloud Guard
Answer: C
Explanation:
NEW QUESTION 25
For how long are API calls audited and available?
- A. 365 days
- B. 60 days
- C. 90 days
- D. 30 days
Answer: C
NEW QUESTION 26
Where are logs stored?
- A. OCI File Storage
- B. Cloud Agent
- C. OCI Block Storage
- D. OCI Object Storage
Answer: D
Explanation:
You can collect log data continuously from Oracle Cloud Infrastructure (OCI) Object Storage. To enable the log collection, create ObjectCollectionRule resource using REST API or CLI. After the successful creation of this resource and having the required IAM policies, the log collection will be initiated.
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/collect-logs-your-oci-object-storage-bucket.html
NEW QUESTION 27
Which OCI cloud service lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources?
- A. Data Safe
- B. Data Guard
- C. Cloud Guard
- D. Vault
Answer: D
Explanation:
Oracle Cloud Infrastructure Vault is a managed service that lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources. Vaults securely store master encryption keys and secrets that you might otherwise store in configuration files or in code. Specifically, depending on the protection mode, keys are either stored on the server or they are stored on highly available and durable hardware security modules (HSM) that meet Federal Information Processing Standards (FIPS) 140-2 Security Level 3 security certification.
https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm
NEW QUESTION 28
As a security administrator, you found out that there are users outside your co network who are accessing OCI Object Storage Bucket. How can you prevent these users from accessing OCI resources in corporate network?
- A. Make OCI resources private instead of public
- B. Create PAR to restrict access the access
- C. Create an 1AM policy and add a network source
- D. Create an 1AM policy and create WAF rules
Answer: C
Explanation:
NEW QUESTION 29
Which VCN configuration is CORRECT with regard to VCN peering within a same region ?
- A. 194.168.0.0/24 and 194.168.0.0/16
- B. 12.0.0.0/16 and 12.0.0.0/16
C 194.168.0.0/24 and 194.168.0.0/24 - C. 12.0.0.0/16 and 194.168.0.0/16
Answer: C
NEW QUESTION 30
A company needs to have some buckets as public in the compartment. You want Cloud Guard to ignore the problem associated with public bucket. Select TWO correct answers
- A. Make the bucket private so that Cloud Guard won't detect it
- B. First make the bucket private and after few days make the bucket public again
- C. Dismiss the issues associated with these resources
- D. Configure Conditional groups for the detector to fix base line
Answer: C,D
NEW QUESTION 31
Which type of file system does file storage use?
- A. NFSv3
- B. Paravirtualized
- C. SSD
- D. NVMe
- E. iSCSI
Answer: A
Explanation:
The File Storage service supports the Network File System version 3.0 (NFSv3) protocol. The service supports the Network Lock Manager (NLM) protocol for file locking functionality.
https://docs.oracle.com/en-us/iaas/Content/File/Concepts/filestorageoverview.htm
NEW QUESTION 32
Operations team has made a mistake in updating the secret contents and immediately need to resume using older secret contents in OCI Secret Management within a Vault.
As a Security Administrator, what step should you perform to rollback to last version? Select TWO correct answers.
- A. Upload new secret and mark as 'Pending'. Promote this secret version as 'Current'
- B. Mark the secret version as 'Rewind'
- C. Mark the secret version as 'Previous'
- D. Mark the secret version as 'deprecated'
Answer: A,C
Explanation:
NEW QUESTION 33
Which parameters customers need to configure while reading secrets by name using CL1 or API? Select TWO correct answers.
- A. Secret Name
- B. ASCII Value
- C. Vault Id
- D. Certificates
Answer: A,C
Explanation:
NEW QUESTION 34
An e-commerce company needs to authenticate with third-party API that don't support OCI's signature-based authentication.
What can be the solution for the above scenario?
- A. Auth Token/Swift Password
- B. Security Token
- C. Asymmetric keys
- D. API Key Authentication
Answer: A
Explanation:
NEW QUESTION 35
Which statement is true about standards?
- A. They are the foundation of corporate governance.
- B. They are result of a regulation or contractual requirement or an industry requirement.
- C. They may be audited.
- D. They are methods and instructions on how to maintain or accomplish the directives of the policy.
Answer: B
NEW QUESTION 36
How can you convert a fixed load balancer to a flexible load balancer?
- A. Delete the fixed load balancer and create a new one.
- B. Use Update Shape workflows.
- C. There is no way to covert the load balancer.
- D. Using the Edit Listener option.
Answer: B
NEW QUESTION 37
What is the matching rule syntax for a single condition?
- A. Option B
- B. Option D
- C. Option C
- D. Option A
Answer: C
Explanation:
NEW QUESTION 38
Which Cloud Guard component identifies issues with resources or user actions and alerts you when an issue is found?
- A. Detectors
- B. Responders
- C. Problems
- D. Targets
Answer: A
Explanation:
Detector
Performs checks to identify potential security problems based on activities or configurations. Rules followed to identify problems are the same for all compartments in a target.
https://docs.oracle.com/en-us/iaas/cloud-guard/using/part-start.htm
NEW QUESTION 39
What do the features of OS Management Service do?
- A. Provide paid service and support to OCI subscribers for fixes on priority.
- B. Encourage manual setup to avoid machine-induced errors.
- C. Add complexity in using multiple tools to manage mixed-OS environments.
- D. Increase security and reliability by regular bug fixes.
Answer: D
Explanation:
https://docs.oracle.com/en/solutions/oci-best-practices/manage-your-operating-systems1.html
NEW QUESTION 40
which two responsibilities will be oracle when you move your it infrastructure to oracle cloud infrastructure?
- A. MAINTAINING CUSTOMER DATA
- B. ACCOUNT ACCESS MANAGEMENT
- C. PROVIDING STRONG SECURITY LIST
- D. Strong IAM Framework
- E. Strong Isolation
Answer: D,E
NEW QUESTION 41
Which statement is true about Oracle Cloud Infrastructure (OCI) Object Storage server-side encryption?
- A. Each object in a bucket is always encrypted with the same data encryption key.
- B. All the traffic to and from object storage is encrypted by using Transport Layer Security.
- C. Customer-provided encryption keys are never stored in OCI Vault service.
- D. Encryption is not enabled by default.
Answer: B
NEW QUESTION 42
A number of malicious requests for a web application is coming from a set of IP addresses originating from Antartic a.
Which of the following statement will help to reduce these types of unauthorized requests ?
- A. Use WAF policy using Access Control Rules
- B. List specific set of IP addresses then deny rules in Virtual Cloud Network Security Lists
- C. Delete NAT Gateway from Virtual Cloud Network
- D. Change your home region in which your resources are currently deployed
Answer: A
NEW QUESTION 43
Which OCI services can encrypt all data-at-rest ? Select TWO correct answers
- A. File Storage
- B. Geolocation Steering
- C. NAT Gateway
- D. Block Volumes
Answer: A,D
Explanation:
NEW QUESTION 44
Which Oracle Cloud Service provides restricted access to target resources?
- A. Load balancer
- B. Bastion
- C. Internet Gateway
- D. SSL certificate
Answer: B
Explanation:
Bastion
Oracle Cloud Infrastructure Bastion provides restricted and time-limited access to target resources that don't have public endpoints.
https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_features.htm
NEW QUESTION 45
You want to make API calls against other OCI services from your instance without configuring user credentials. How would you achieve this?
- A. Create a dynamic group and add a policy.
- B. No configuration is required for making API calls.
- C. Create a dynamic group and add your instance.
- D. Create a group and add a policy.
Answer: A
Explanation:
DYNAMIC GROUP
Dynamic groups allow you to group Oracle Cloud Infrastructure instances as principal actors, similar to user groups. You can then create policies to permit instances in these groups to make API calls against Oracle Cloud Infrastructure services. Membership in the group is determined by a set of criteria you define, called matching rules. https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm
NEW QUESTION 46
......
Oracle 1z0-1104-21 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
Verified 1z0-1104-21 dumps Q&As - Pass Guarantee Exam Dumps Test Engine: https://pass4sures.realvce.com/1z0-1104-21-VCE-file.html