Real Oracle 1z0-1104-23 Exam Questions [Updated 2024]
1z0-1104-23 Exam Dumps Pass with Updated 2024 Oracle Cloud Infrastructure 2023 Security Professional
Oracle 1z0-1104-23 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
NEW QUESTION # 66
A programmer is developing a Node.js application which will run in a Linux server on their on-premises data center. This application will access various Oracle Cloud Infrastructure (OCI) services using OCI SDKs. What is the secure way to access OCI services with OCI Identity and Access Management (IAM)? (Choose the best Answer.)
- A. Create a new OCI IAM user associated with a dynamic group and a policy that grants the desired permissions to OCI services. Add the on-premises Linux server in the dynamic group
- B. Create an OCI IAM policy with appropriate permissions to access the required OCT services and assign the policy to the on-premises Linux server.
- C. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services In the on-premises Linux server, add the user name and password to a file used by dj authentication.
- D. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. Is the on-premises Linux server, generate the key pair Used for signing API requests and upload the public key to the IAN user.
Answer: D
NEW QUESTION # 67
Which statement is true about using custom BYOI instances in Windows Servers that are managed by OS Management Service?
- A. Windows Servers that already has the minimum agent version does not require an agent update or installation.
- B. Windows Servers that does not have the minimum agent version does not require an agent update or installation.
- C. Windows Servers that already has the minimum agent version requires an agent update or installation.
- D. Windows Servers that does not have the minimum agent version requires an agent update or installation.
Answer: D
Explanation:
https://docs.oracle.com/cd/E11857_01/install.111/e15311/agnt_install_windows.htm
NEW QUESTION # 68
Bot Management in OCI provides which of the features? Select TWO correct answers.
- A. Bad Bot Denylist
- B. Good Bot Allowlist
- C. IP Prefix Steering
- D. CAPTCHA Challenge
Answer: B,D
Explanation:
NEW QUESTION # 69
Which VCNconfiguration is CORRECT with regard to VCN peering within a same region ?
- A. 194.168.0.0/24 and 194.168.0.0/16
- B. 12.0.0.0/16 and 12.0.0.0/16C 194.168.0.0/24 and 194.168.0.0/24
- C. 12.0.0.0/16 and 194.168.0.0/16
Answer: C
Explanation:
When setting up VCN peering within the same region, the VCNs must have non-overlapping CIDRs12. In this case, the CIDR blocks 12.0.0.0/16 and 194.168.0.0/16 are different and do not overlap, making them suitable for VCN peering
NEW QUESTION # 70
You configured the events service for your Cloud Guard problems to send email notifications, but you do not see any, which three things should you check to resolve this? (Choose three.)
- A. Ensure that you have the Cloud Guard retention policy configured,
- B. Ensure that the event is configured in the Cloud Guard reporting region.
- C. Ensure that Cloud Guard is enabled in every single region individually
- D. Ensure that the Event rule is created in the same compartment (or parent of it) where your problem resource exists.
- E. Ensure that your Cloud Guard targets have the Cloud Event responder recipe attached with the notification rule enabled.
Answer: C,D,E
NEW QUESTION # 71
Challenge 1 - Task 5 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Answer:
Explanation:
See the solution below in Explanation
Explanation:
SOLUTION:
Select the Developer Tools icon at the right of the OCI console header and click Cloud Shell to launch your Cloud Shell.
While Cloud Shell is launching, take a moment to locate the public and private keys that you downloaded to your workstation in the previous section.
Example Public Key name: ssh-key-<date>.key.pub
Example Private Key name: ssh-key-<date>.key
Once the Cloud Shell window is open, upload the private key to the Cloud Shell:
Click the Settings icon in the top-right corner of the Cloud Shell window and click Upload.
Navigate to and select the private key. Either drag the private key to the Drop a file window or click Select from your computer, select the private key, and click Upload.
Change the private key permissions by issuing the following command:
chmod 400 <private key name>.key
Retrieve the Public IP address of the instance that you created in the previous section and paste it to connect to the instance using the opc user in the Cloud Shell.
ssh -i <private key name> opc<public IP address of instance>
After connecting to the compute instance, run the following commands to install/verify Python and OCI CLI packages on the Linux Instance.
sudo dnf -y install oraclelinux-developer-release-el8
sudo dnf install python36-oci-cli
After installing Python and the required dependencies, download the Python script to retrieve the secret.
wget https://objectstorage.us-ashburn-1.oraclecloud.com/n/ocuocictrng5/b/PBT_Storage/o/getsecret.py Open a Python file with a nano editor.
nano getsecret.py
In the Python script, replace the secret ID ocid with your secret ID.
Replace secret id value below with the ocid of your secret secret id = <secret id> For example: Secret id = "ocid1.vaultsecret.oci.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Note: if you have not already copied the secret ID, go to Vault and select the Secret link from the resources. Then, in List Scope, choose <your working compartment>, click your secret key, and copy the OCID.
To save the script hit:
Ctrl+o > Enter [To write/save]
Ctrl+x > Yes > Enter [To exit]
Make the getsecret .py script executable.
chmod +x getsecret.py
Run the following command to retrieve the secret:
python getsecret.py
The secret content created in the vault has been retrieved by the application running on the instance. Instance Principal and the Vault enable you to abstract the difficulty of developing your own security strategy for storing and encrypting passwords and other sensitive information.
NEW QUESTION # 72
What is a prerequisite for creating a secret in OCI Vault? (Choose the best Answer.)
- A. You must unseal the Vault by using Shamir's Secret Sharing.
- B. You must create a digest hash of the secret value.
- C. The user must create a compute instance to run the Secret service.
- D. You must have an Vault-managed key to encrypt the secret.
Answer: D
NEW QUESTION # 73
which three resources are required to encrypt a block volume with the customer managed key?
- A. BLOCK KEY
- B. IAM Policy Allowing Block Storage to Use Keys
- C. OCI VAIRT
- D. Secrets
- E. SYMMETRIC MASTER KEY ENCRYPTlON KEY
- F. MAXIMUM SECURITY ZONE
Answer: B,C,D
Explanation:
https://docs.oracle.com/en-us/iaas/Content/SecurityAdvisor/Tasks/creatingsecureblockvolume.htm
NEW QUESTION # 74
When creating an OCI Vault, which factors may lead to select the Virtual Private Vault? Select TWO correct answers
- A. Need for more than 9211 key versions
- B. Greater degree of isolation
- C. Ability to back up the vault
- D. To mask Pll data for non-production environment
Answer: B,C
Explanation:
NEW QUESTION # 75
Challenge 4 - Task 1 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Create a VCN using wizard with the name IAD-WAF-PBT-VCN-01
Answer:
Explanation:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.
Click Start VCN Wizard.
Select Create VCN with Internet Connectivity and click Start VCN Wizard.
On the Configuration page, enter the following:
a) Name: IAD-WAF-PBT-VCN-01
b) Note: Leave all the other options in their default setting.
c) Click Next.
d) Verify the details on the Review and Create page.
Click Create to start creating the VCN and its resources.
Click View Virtual Cloud Network to verify the creation of the VCN and its resources.
You can now see that the VCN has been successfully created and is in the Available state, with the following components:
VCN
Public subnet
Private subnet
Internet gateway
NAT gateway
Service gateway
This format keeps the instructions intact while preserving the original content.
NEW QUESTION # 76
Which statements are CORRECT about Security Zone policy in OCI ? Select TWO correct answers
- A. Resources in a security zone must be accessible from internet
- B. Bucket can't be moved from a security zone to a standard compartment
- C. Block volume canbe moved from a security zone to a standard compartment
- D. Resources in a security zone must be encrypted using customer-managed keys
Answer: B,D
Explanation:
NEW QUESTION # 77
In Oracle Cloud Infrastructure (OCI) Secret management within OCI Vault, you have created a secret and rotated the secret one time. The current version state shows: Version Number | Status 2 (latest) | current 1 | Previous In order to rollback to version 1, What should the Administrator do? (Choose the best Answer.)
- A. From the version 2 (latest) menu, select "Rollback and choose version 1 when given the option
- B. Deprecate version 2 (test). Create new Secret Version 3. Create soft link from version 3 to version 1.
- C. Create a new secret version 3 and set to Pending. Copy the contents of version 1 into version
Answer: B
Explanation:
from the version 1 menu, select "Promote to Current"
NEW QUESTION # 78
VCN Flow log record details about the traffic that has been denied or approved is based on which of the following statements?
- A. Auth tokens
- B. Security Lists orNetwork Security Group Rules
- C. Configuration of route table
- D. Web Application Firewall (WAF)
Answer: B
Explanation:
Explanation
Graphical user interface, application, Teams Description automatically generated
NEW QUESTION # 79
You need to set up instance principals so that an application running on an Oracle Cloud Infrastructure (OCI) instance can call public OCI services, without the need to configure user credentials. A developer in your team has already configured the application to authenticate using the instance principals provider. Which is NOT a necessary step to complete this set up? (Choose the best Answer.)
- A. Generate Auth Tokens to enable instances in the dynamic group to authenticate with APIs.
- B. Create a dynamic group with matching rules to specify which instances you want to al-low to make API calls against services.
- C. Deploy the application to all the instances that belong to the dynamic group
- D. Create a policy granting permissions to the dynamic group to access services in your compartment or tenancy
Answer: A
NEW QUESTION # 80
Challenge 1 - Task 3 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Complete the following task in the OCI environment provisioned:
Create a new VCN with the name PBT_SECRET_VCN01 and public subnet within your assigned compartment.
Answer:
Explanation:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Virtual Cloud Network.
From the left navigation pane, under List Scope, select your working compartment from the drop-down menu.
Click Start VCN Wizard.
Select Create VCN with Internet Connectivity and click Start VCN Wizard.
On the Configuration page, enter the following:
Name: PBT_SECRET_VCN01
Compartment: your compartment name
Note: Leave all the other options in their default setting.
Click Next.
Verify the details on the Review and Create page.
Click Create to start creating the VCN and its resources.
Click View Virtual Cloud Network to verify the creation of the VCN and its resources.
You can now see that the VCN has been successfully created and is in the Available state, with the following components: VCN, Public subnet, Private subnet, Internet gateway, NAT gateway, Service gateway.
NEW QUESTION # 81
How can you limit access to an Oracle Cloud Infrastructure (OCI) Object Storage bucket to only the users Hark for within the corporate network? (Choose the best Answer.)
- A. Create an Identity and Access Management (TAM) policy and add a group that contains all the Internal computers
- B. Create an identity and Access Management (IAM) policy and add a network source that has the corporate network classless inter-domain routings (CIDR).
- C. Make the bucket private and limit the access using Security Lists
- D. Create pre authenticated request (PAR) that limits access to the corporate network CIDRS.
Answer: B
NEW QUESTION # 82
Which Cloud Guard component identifies issues with resources or user actions and alerts you when an issue is found?
- A. Problems
- B. Detectors
- C. Targets
- D. Responders
Answer: B
Explanation:
Detector
Performs checks to identify potential security problems based on activities or configurations. Rules followed to identify problems are the same for allcompartments in a target.
https://docs.oracle.com/en-us/iaas/cloud-guard/using/part-start.htm
NEW QUESTION # 83
Which security issue CANNOT be identified using the Oracle Cloud Infrastructure (OCI) Vulnerability Scanning Service (VSS)? (Choose the best Answer.)
- A. OS packages that require updates and patches to address vulnerabilities
- B. Ports that are unintentionally left open
- C. OS configurations that hackers might exploit
- D. Cross-Site Scripting (XSS)
Answer: D
NEW QUESTION # 84
Challenge 3 - Task 2 of 4
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Configure a Virtual Cloud Network (VCN) and a Private Subnet.
* Provision a Compute Instance in the private subnet and enable Bastion Plugin.
* Create a Bastion and Bastion session.
* Connect to a compute instance using Managed SSH session.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
Create a Compute Instance with the name PBT-BAS-VM-01, using the "Oracle Linux 8" image and shape "VM.Standard2.1", without SSH key and enable Bastion plugin.
Answer:
Explanation:
See the solution below in Explanation
Explanation:
Solutions:
From the navigation menu, select Compute and then click Instances.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click Create Instance. In the Create Instance dialogue box, provide the following details:
a. Name: PBT-BAS-VM-01
b. Placement: Select Availability Domain AD.
c. Image: Select the image Oracle Linux 8.
d. Shape: Click Change shape > Select Ampere shape series > Select VM.Standard2.1.
e. Click Select Shape to return to the Create compute instance window.
f. Networking: Pick your PBT-BAS-VCN-01 and Private Subnet.
g. Public IP address: Do not assign a Public IPv4 address.
h. Add SSH keys: Do not add any SSH key.
i. Note: Leave all the other options in their default setting.
j. Click Show Advanced Options.
On the Oracle Cloud Agent tab, select Bastion.
Click Create. (Click Yes, and create an instance on the "No SSH access" prompt) After a few minutes, you can see that the instance has been successfully created, and the state is Running.
Click the Oracle Cloud Agent tab on the instance details page.
Toggle the Enable Plugin switch to Enable for the Bastion plug-in, if the switch is disabled.
It can take 5-10 minutes for the change to take effect. After a few moments, the status of the Running for the Bastion-enabled service will be displayed.
NEW QUESTION # 85
......
1z0-1104-23 Exam Dumps, 1z0-1104-23 Practice Test Questions: https://actualtests.realvalidexam.com/1z0-1104-23-real-exam-dumps.html
