1z0-1104-23 Dumps Updated Apr 23, 2024 Practice Test and 172 unique questions
2024 Latest 100% Exam Passing Ratio - 1z0-1104-23 Dumps PDF
Oracle 1z0-1104-23 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
NEW QUESTION # 39
How can you establish private connectivity over two VCN within same OCI region without traversing the traffic over public internet ?
- A. Remote VCN Peering
- B. NAT Gateway
- C. Local VCN Peering
- D. Data Guard
Answer: C
Explanation:
Explanation
Graphical user interface, text, application, email Description automatically generated
NEW QUESTION # 40
Which cache rules criterion matches if the concatenation of the requested URL path and query are identical to the contents of the value field?
- A. URL_STARTS_WITH
- B. URL_PART_ENDS_WITH
- C. URL_IS
- D. URL_PART_CONTAINS
Answer: C
Explanation:
Explanation
URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
https://docs.oracle.com/en-us/iaas/tools/terraform-provider-oci/4.57.0/docs/d/waas_waas_policy.html
NEW QUESTION # 41
Which statements are CORRECT about Security Zone policy in OCI ? Select TWO correct answers
- A. Resources in a security zone must be accessible from internet
- B. Bucket can't be moved from a security zone to a standard compartment
- C. Resources in a security zone must be encrypted using customer-managed keys
- D. Block volume canbe moved from a security zone to a standard compartment
Answer: B,C
Explanation:
NEW QUESTION # 42
Which IAM policy should be created to give XYZ the ability to list contents of a resource excluding the fneeds to authenticatein prod compartment ? Principle of least priviledge should be used.
- A. Allow group XYZ to manage all resources in compartment != prod
- B. Allow group XYZ to use all resources in compartment != prod
- C. Allow group XYZ to inspect all resources in tenancy where target.compartment.name != prod
- D. Allow group XYZ to read all resources in tenancy where target.compartment.name != prod
Answer: C
Explanation:
Explanation
Graphical user interface, text, application Description automatically generated
NEW QUESTION # 43
What do the features of OS Management Service do?
- A. Provide paid service and support to OCI subscribers for fixes on priority.
- B. Increase security and reliability by regular bug fixes.
- C. Encourage manual setup to avoid machine-induced errors.
- D. Add complexity in using multiple tools tomanage mixed-OS environments.
Answer: B
Explanation:
https://docs.oracle.com/en/solutions/oci-best-practices/manage-your-operating-systems1.html
NEW QUESTION # 44
Which Oracle Data Safe feature enables the internal test, development, and analytics teams to operate effectively while minimizing their exposure to sensitive data? (Choose the best Answer.)
- A. Data Auditing
- B. Data masking
- C. Security assessment
- D. Data encryption
- E. Data discovery
Answer: B
NEW QUESTION # 45
A http web server hosted on an Oracle cloud infrastructure compute instance in a public subnet of the vcsl virtual cloudnetwork has a stateless security ingress rule for port 80 access through internet gateway stateful network security group notification for port 80 how will the Oci vcn handle request response traffic to the compute instance for a web page from the http server with port 80?
- A. due to the conflict in security configuration inbound request traffic would not be allowed
- B. Because there is no Egress ruled defined in Security List, The Response would not pass through Internet Gateway.
- C. the union of both configuration would happen and allow both inbound and outbound traffic
- D. network security group would supersede the security utility list and allow both inbound and outbound traffic
Answer: C
Explanation:
Explanation
In OCI, if there's a stateless rule in the security list and a stateful rule in the network security group, both rules are evaluated. The union of both configurations would happen, allowing both inbound and outbound traffic. This means that if an incoming packet is allowed by either the security lists or the network security groups, then it's allowed into the instance. Similarly, if an outgoing packet is allowed by either, then it's allowed out of the instance
NEW QUESTION # 46
Your company will transfer a fleet of 12 servers from on-premises to Oracle Cloud Infra-structure (OCI). The fleet will include two webservers. All 12 servers will be in the same sub-net, and share the exact same security permissions, with the only exception being the two web servers. In addition to the same permissions of the other 10 servers, they will have ports 80 and 443 enabled. The security policy must be hardened to ensure that only those two servers have those ports open. What should your configuration actions be for this scenario? (Choose the best Answer.)
- A. Configure a Security List that includes all necessary permissions for all 12 servers. Then configure a Network Security Group that grants access to ports 80 and 443. As-sign the. Network Security Group to the VNICs of the two web servers.
- B. Configure a Network Security Group that includes all necessary permissions for all 12 servers Then configure the Security List that grants access to ports 80 and 443. Assign the Security List to the VNICS of the web servers.
- C. Configure an OCI Load Balancer that has the two web servers as the backend servers with a health check policy that constantly monitors port 80 and port 443.
- D. In the OCI Web Application Firewall, configure a traffic steering policy that grants access to ports 80 and 443 to the two web servers.
Answer: A
NEW QUESTION # 47
Which statement is true about standards?
- A. They are methods and instructions on how to maintain or accomplish the directives of the policy.
- B. They are result of a regulation or contractual requirement or an industry requirement.
- C. They are the foundation of corporate governance.
- D. They may be audited.
Answer: C
Explanation:
Explanation
Standards are the foundation of corporate governance as they provide a framework for how a corporation is managed and controlled
NEW QUESTION # 48
Which VCNconfiguration is CORRECT with regard to VCN peering within a same region ?
- A. 12.0.0.0/16 and 194.168.0.0/16
- B. 12.0.0.0/16 and 12.0.0.0/16C 194.168.0.0/24 and 194.168.0.0/24
- C. 194.168.0.0/24 and 194.168.0.0/16
Answer: A
Explanation:
When setting up VCN peering within the same region, the VCNs must have non-overlapping CIDRs12. In this case, the CIDR blocks 12.0.0.0/16 and 194.168.0.0/16 are different and do not overlap, making them suitable for VCN peering
NEW QUESTION # 49
A http web server hosted on an Oracle cloud infrastructure compute instance in a public subnet of the vcsl virtual cloudnetwork has a stateless security ingress rule for port 80 access through internet gateway stateful network security group notification for port 80 how will the Oci vcn handle request response traffic to the compute instance for a web page from the http server with port 80?
- A. due to the conflict in security configuration inbound request traffic would not be allowed
- B. Because there is no Egress ruled defined in Security List, The Response would not pass through Internet Gateway.
- C. the union of both configuration would happen and allow both inbound and outbound traffic
- D. network security group would supersede the security utility list and allow both inbound and outbound traffic
Answer: C
Explanation:
In OCI, if there's a stateless rule in the security list and a stateful rule in the network security group, both rules are evaluated. The union of both configurations would happen, allowing both inbound and outbound traffic. This means that if an incoming packet is allowed by either the security lists or the network security groups, then it's allowed into the instance. Similarly, if an outgoing packet is allowed by either, then it's allowed out of the instance
NEW QUESTION # 50
which two responsibilities will be oracle when you move your it infrastructure to oracle cloud infrastructure?
- A. MAINTAINING CUSTOMER DATA
- B. Strong Isolation
- C. ACCOUNT ACCESS MANAGEMENT
- D. PROVIDING STRONG SECURITY LIST
- E. Strong IAM Framework
Answer: B,E
Explanation:
Oracle is responsible for providing a strong Identity and Access Management (IAM) framework in OCI.
The IAM service lets you control who has access to your cloud resources, what type of access they have, and to which specific resources. You can find more details about this in the Oracle Cloud Infrastructure documentation.
Oracle also ensures strong isolation in its cloud infrastructure, which means that your resources are isolated from other tenants and from Oracle staff. This isolation extends from physical separation of hardware all the way up to access controls on APIs. You can find more details about this in the Oracle Cloud Infrastructure documentation.
NEW QUESTION # 51
How can you limit access to an Oracle Cloud Infrastructure (OCI) Object Storage bucket to only the users Hark for within the corporate network? (Choose the best Answer.)
- A. Make the bucket private and limit the access using Security Lists
- B. Create pre authenticated request (PAR) that limits access to the corporate network CIDRS.
- C. Create an Identity and Access Management (TAM) policy and add a group that contains all the Internal computers
- D. Create an identity and Access Management (IAM) policy and add a network source that has the corporate network classless inter-domain routings (CIDR).
Answer: D
NEW QUESTION # 52
An automobile company needs to configure Bastion Managed SSH session to a compute instance in a private subnet. What are the TWO prerequisites to configure successfully?
- A. NAT or Service Gateway should be attached to the private subnet
- B. There is no need for any gateway in private subnet
- C. Route rule to a NAT or Service Gateway should be associated with the subnet of the route table
- D. SSH port forwarding should be enabled
Answer: A,C
Explanation:
Explanation
For a Bastion Managed SSH session to a compute instance in a private subnet, the instance must have access to the internet, which can be provided by a NAT Gateway or a Service Gateway34. Additionally, a route rule directing traffic to the NAT or Service Gateway should be associated with the subnet's route table34.
NEW QUESTION # 53
You know that a few buckets in your compartment should stay public, and you do not want Cloud Guard to detect these as problems. In which two ways would you address this? (Choose two.)
- A. A public bucket is a security risk, so Cloud Guard will keep detecting it
- B. Fix the baseline by configuring the Conditional groups for the detector.
- C. Dismiss problems associated those resources
- D. Resolve or remediate those problems and you should not see Cloud Guand triggering on these resources ever again.
Answer: B,C
NEW QUESTION # 54
You have configured the Management Agent on an Oracle Cloud Infrastructure (OCI) Linux instance for log ingestion purposes.
Which is a required configuration for OCI Logging Analytics service to collect data from multiple logs of this Instance?
- A. Log - Log Group Association
- B. Entity - Log Association
- C. Source - Entity Association
- D. Log Group - Source Association
Answer: C
Explanation:
For OCI Logging Analytics service to collect data from multiple logs of an instance, a Source - Entity Association is required1. A source in Logging Analytics defines the metadata about the log data you want to collect, and an entity represents the source of the log data1. You associate sources with entities, and these associations instruct the Management Agent on your instance what log data to collect1.
NEW QUESTION # 55
Which parameters customers need to configure while reading secrets by name using CL1 or API? Select TWO correct answers.
- A. Secret Name
- B. Vault Id
- C. Certificates
- D. ASCII Value
Answer: A,B
Explanation:
Explanation
Graphical user interface, text, application, email Description automatically generated
NEW QUESTION # 56
Which architecture is based on the principle of "never trust, always verify"?
- A. Federated identity
- B. Defense in depth
- C. Fluidperimeter
- D. Zero trust
Answer: D
Explanation:
Enterprise Interest in Zero Trust is GrowingRansomware and breaches are top of the news cycle and a major concern for organizations big and small. So, many are now looking at the Zero Trust architecture and its primary principle "never trust, always verify" to provide greater protection.
According to Report Linker, the Zero Trust security market is projected to grow from USD 15.6 billion in 2019 to USD 38.6 billion by 2024 and that sounds right based on the large number of companies pitching their Zero Trustwares at RSA 2020.
The enterprise was well represented at the conference and there was a tremendous amount of interest in Zero Trust. Interestingly, even though Zero Trust environments are often made up of several solutions from multiple vendors it hasn'tprevented each of the vendors from evangelizing their flavors of Zero Trust. This left the thousands of attendees to attempt to cut through the Zero Trust buzz and noise and make their own conclusions to the best approach.
https://blogs.oracle.com/cloudsecurity/post/rsa-2020-recap-cloud-security-moves-to-the-front
NEW QUESTION # 57
......
Verified 1z0-1104-23 dumps Q&As - 100% Pass from TorrentVCE: https://www.torrentvce.com/1z0-1104-23-valid-vce-collection.html
Pass Exam With Full Sureness - 1z0-1104-23 Dumps with 172 Questions: https://drive.google.com/open?id=1f1Lb0TAwltL5ZSNHnYxKGN6JylfWz8S-