• Home
  • Articles
  • 100% Real & Accurate 1z0-1104-23 Questions and Answers with Free and Fast Updates [Q54-Q72]

100% Real & Accurate 1z0-1104-23 Questions and Answers with Free and Fast Updates [Q54-Q72]

Share

100% Real & Accurate 1z0-1104-23 Questions and Answers with Free and Fast Updates

Get Unlimited Access to 1z0-1104-23 Certification Exam Cert Guide

NEW QUESTION # 54
you want to create a stateless rule forSSH in security list and the ingress role has already been properly configured what combination should you use on the engress role what commination should you use on the egress rule?

  • A. select tcp for protocol: enter 22 for source port" and 22 for destination port
  • B. select udp for protocol: enter 22 for source port" and all for destination port
  • C. select tcp for protocol: enter 22 for source port" and all for destinationport
  • D. select tcp for protocol: enter all for source port" and 22 for destination port.

Answer: D

Explanation:
For SSH traffic, which uses TCP protocol and port 22, you would want to allow all source ports to connect to your destination port 22. This is because the source port for an SSH client can be any available port number.


NEW QUESTION # 55
What are the security recommendations and best practices for Oracle Functions?

  • A. Grant privileges to UID and GID 1000, such that the functions running within a container acquire the default rootcapabilities.
  • B. Ensure that functions in a VCN have restricted access to resources and services.
  • C. Add applications to network security groups for fine-grained ingress/egress rules.
  • D. Define a policy statement that enables access to functions for requests coming from multiple IP addresses.

Answer: C

Explanation:
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm


NEW QUESTION # 56
Which storage type is most effective when you want to move some unstructured data, consisting of images and videos, to cloud storage?

  • A. Archivestorage
  • B. Standard storage
  • C. Block volume
  • D. File storage

Answer: B

Explanation:
Explanation
Use Oracle Cloud Infrastructure Object Storage for data to which you need fast, immediate, and frequent access. Data accessibility and performance justifies a higher price point to store data in the Object Storage tier.
The Object Storage service can store an unlimited amount of unstructured data of any content type, including analytic data and rich content, like images and videos.
https://docs.oracle.com/en/solutions/learn-migrate-app-data-to-cloud/considerations-object-storage.html#GUID-A


NEW QUESTION # 57
Challenge 3 - Task 4 of 4
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Configure a Virtual Cloud Network (VCN) and a Private Subnet.
* Provision a Compute Instance in the private subnet and enable Bastion Plugin.
* Create a Bastion and Bastion session.
* Connect to a compute instance using Managed SSH session.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
Connect to a compute instance using a Managed SSH Bastion session from your local machine terminal or Cloud shell.

Answer:

Explanation:
See the solution below in Explanation
Explanation:
Solutions:
From the navigation menu, select Identity & Security and then click Bastion.
In the left navigation pane, select your working compartment under List Scope from the drop-down menu.
Click the SPPBTBASTION992831403labuser13 bastion.
Click the three dots next to the PBT-1-Session-01 managed SSH session to open the Actions menu and click the View SSH command.
Click Copy next to the SSH command and Close. (Copy the SSH command to a Notepad file) Use a Notepad text editor to replace <privateKey> with the private key of the SSH key pair that you provided when you created the session.
a. For example:
perl
ssh -i ssh-key-2023-08-02.key -o ProxyCommand="ssh -i ssh-key-2023-08-02.key -w %h:%p -p 22 ocid1.bastionsession.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@host.bastion.us-ashburn-1.oci.oraclecloud.com" -p 22 [email protected] Click the Cloud Shell icon at the right of the OCI console header.
Verify that you are in the home directory. a. cd ~
Upload the private key to the cloud shell you downloaded to your workstation earlier. Reference to upload file to cloud shell.
The file will be named similarly to ssh-key-<date>.key.
Locate and change the permission of the private key by executing the following commands: a. ls b. chmod 400 <private key file> Run the SSH command to connect the compute instance in the private subnet. a. For example:
perl
ssh -i ssh-key-2023-08-02.key -o ProxyCommand="ssh -i ssh-key-2023-08-02.key -w %h:%p -p 22 ocid1.bastionsession.oc1.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@host.bastion.us-ashburn-1.oci.oraclecloud.com" -p 22 [email protected] Note: Enter yes in response to "Are you sure you want to continue connecting (yes/no)?" 13. Verify the connected instance's Private IP address. a. ifconfig Take note of the inet/IP address for the ens3 interface in the output and compare it to the instance Private IP address created in this lab, i.e. PBT-BAS-VM-01.
Congratulations! You have successfully created an instance, enabled Bastion, and created a Bastion and session to connect the resources to a private endpoint.


NEW QUESTION # 58
Your web application is protected by the Web Application Firewall (WAF) service in Oracle Cloud Infrastructure (OCT). You want to block traffic originating from a country where your company is not allowed to do business. Where would you create a WAF rule to block traffic from a specific country? (Choose the best Answer.)

  • A. Protection Rules
  • B. Origin Management
  • C. Access Control Rules
  • D. Bet Management
  • E. Cache Rules

Answer: C


NEW QUESTION # 59
You have created several Oracle Cloud Infrastructure Groups with the prefix of 'Test' in your tenancy. For example TestECommerce, TestCatalog, and TestAdministration. You want to create another group called TestGroupsAdmin to manage all the groups that start with "Test" except for the group TestAdministration.? (Choose the best Answer.)

  • A. allow group TestGroupsAdmin to manage groups in tenancy where any {tar-get.group.name = / Test* /,target.group.name 1= Li 'TestAdministration}
  • B. allow group TestGroupsAdmin to manage groups in tenancy where tar-get.group.name%D/Test*/ && !(target.group.name = `--1 'TestAdministration')
  • C. allow group TestGroupsAdmin to manage groups in tenancy where target.group.name = /Test*/ and = 'TestAdministration')
  • D. allow group TestGroupsAdmin to manage groups in tenancy where all {tar-get.group.name = / Test*/.target.group.name != 'TestAdministration'}

Answer: D


NEW QUESTION # 60
In Oracle Cloud Infrastructure (OCI) Secret management within OCI Vault, you have created a secret and rotated the secret one time. The current version state shows: Version Number | Status 2 (latest) | current 1 | Previous In order to rollback to version 1, What should the Administrator do? (Choose the best Answer.)

  • A. From the version 2 (latest) menu, select "Rollback and choose version 1 when given the option
  • B. Deprecate version 2 (test). Create new Secret Version 3. Create soft link from version 3 to version 1.
  • C. Create a new secret version 3 and set to Pending. Copy the contents of version 1 into version

Answer: B

Explanation:
from the version 1 menu, select "Promote to Current"


NEW QUESTION # 61
With regard to OCI Audit Log Service, which of the statement is INCORRECT?

  • A. Audit Events gets collected when modification within objects stored inan Object Storage bucket
  • B. Retention period for audit events cannot be modified
  • C. REST API calls can be recorded by Audit service
  • D. Events logged by the Audit service can be viewed by using the Console, API, or the SDK for Java

Answer: B

Explanation:
Explanation
The retention period for audit events in OCI Audit Log Service is 365 days and currently, it cannot be modified. The Audit service automatically retains logged events for 365 days (1 year). After that, they're automatically deleted. You can't modify this retention period.


NEW QUESTION # 62
Which OCI service canindex, enrich, aggregate, explore, search, analyze, correlate, visualize and monitor data?

  • A. Logging Analytics
  • B. Data Safe
  • C. WAF
  • D. Data Guard

Answer: A

Explanation:
Explanation


NEW QUESTION # 63
What is the matching rule syntax for a single condition?

  • A. Option A
  • B. Option D
  • C. Option B
  • D. Option C

Answer: D

Explanation:
Explanation
Text Description automatically generated


NEW QUESTION # 64
Which Cloud Guard component identifies issues with resources or user actions and alerts you when an issue is found?

  • A. Responders
  • B. Detectors
  • C. Targets
  • D. Problems

Answer: B

Explanation:
Detector
Performs checks to identify potential security problems based on activities or configurations. Rules followed to identify problems are the same for allcompartments in a target.
https://docs.oracle.com/en-us/iaas/cloud-guard/using/part-start.htm


NEW QUESTION # 65
Which statement is true about Oracle Cloud Infrastructure (OCI) Object Storage server-side encryption?

  • A. All the traffic to and from object storage is encrypted by using Transport Layer Security.
  • B. Encryption is not enabled by default.
  • C. Each object in a bucket is always encrypted with the same data encryption key.
  • D. Customer-provided encryption keys are never stored in OCI Vault service.

Answer: A

Explanation:
Oracle Cloud Infrastructure (OCI) Object Storage uses Transport Layer Security (TLS) to encrypt all traffic to and from Object Storage34. This ensures that data is secure during transit.


NEW QUESTION # 66
You have three compartments: ProjectA, ProjectB, and ProjectC. For each compartment, there is an admin group set up: A-Admins, B-Admins, and C-Admins. Each admin group has full access over their respective compartments as shown in the graphic below. Your organization has set up a tag namespace, EmployeeGroup.Role and all your admin groups are tagged with a value of 'Admin'.
You want to set up a "Test" compartment for members of the three projects to share, and need to give admin aress to all three of your existing admin groups. Which policy should you write to accomplish this task? (Choose the best Answer.)

  • A. Allow any-group to manage all-resources in compartment Test where re-quest.principal.group.tag.EmployeeGroup.Role=Admin
  • B. Allow all-group to manage all-resources in compartment Test where re-quest.principal.group.tag.EmployeeGroup.Role=Admin
  • C. Allow group any-group to manage all-resources in compartment Test where re-quest.principal.group.tag.EmployeeGroup.Role=Admin
  • D. Allow any-users to manage all-resources in compartment Test where re-quest.principal.group.tag.EmployeeGroup.Role=Admin

Answer: A


NEW QUESTION # 67
Which is NOT a part of Observability and Management Services?

  • A. Logging
  • B. Event Services
  • C. Logging Analytics
  • D. OCI Management Service

Answer: D

Explanation:
https://www.oracle.com/in/manageability/


NEW QUESTION # 68
For how long are API calls audited and available?

  • A. 30days
  • B. 365 days
  • C. 90 days
  • D. 60 days

Answer: B

Explanation:
https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/Audit/Tasks/settingretentionperiod.htm


NEW QUESTION # 69
In which two ways can you improve data durability in Oracle Cloud Infrastructure Object Storage?

  • A. Enable client-side encryption
  • B. Enable server-sideencryption
  • C. Setup volumes in a RAID1 configuration
  • D. Limit delete permissions
  • E. Enable Versioning

Answer: D,E

Explanation:
Enabling versioning can improve data durability in OCI Object Storage by keeping multiple versions of an object in the same bucket5.
Limiting delete permissions can also improve data durability by preventing unauthorized users from deleting data


NEW QUESTION # 70
Challenge 1 - Task 5 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Answer:

Explanation:
See the solution below in Explanation
Explanation:
SOLUTION:
Select the Developer Tools icon at the right of the OCI console header and click Cloud Shell to launch your Cloud Shell.
While Cloud Shell is launching, take a moment to locate the public and private keys that you downloaded to your workstation in the previous section.
Example Public Key name: ssh-key-<date>.key.pub
Example Private Key name: ssh-key-<date>.key
Once the Cloud Shell window is open, upload the private key to the Cloud Shell:
Click the Settings icon in the top-right corner of the Cloud Shell window and click Upload.
Navigate to and select the private key. Either drag the private key to the Drop a file window or click Select from your computer, select the private key, and click Upload.
Change the private key permissions by issuing the following command:
chmod 400 <private key name>.key
Retrieve the Public IP address of the instance that you created in the previous section and paste it to connect to the instance using the opc user in the Cloud Shell.
ssh -i <private key name> opc<public IP address of instance>
After connecting to the compute instance, run the following commands to install/verify Python and OCI CLI packages on the Linux Instance.
sudo dnf -y install oraclelinux-developer-release-el8
sudo dnf install python36-oci-cli
After installing Python and the required dependencies, download the Python script to retrieve the secret.
wget https://objectstorage.us-ashburn-1.oraclecloud.com/n/ocuocictrng5/b/PBT_Storage/o/getsecret.py Open a Python file with a nano editor.
nano getsecret.py
In the Python script, replace the secret ID ocid with your secret ID.
Replace secret id value below with the ocid of your secret secret id = <secret id> For example: Secret id = "ocid1.vaultsecret.oci.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Note: if you have not already copied the secret ID, go to Vault and select the Secret link from the resources. Then, in List Scope, choose <your working compartment>, click your secret key, and copy the OCID.
To save the script hit:
Ctrl+o > Enter [To write/save]
Ctrl+x > Yes > Enter [To exit]
Make the getsecret .py script executable.
chmod +x getsecret.py
Run the following command to retrieve the secret:
python getsecret.py
The secret content created in the vault has been retrieved by the application running on the instance. Instance Principal and the Vault enable you to abstract the difficulty of developing your own security strategy for storing and encrypting passwords and other sensitive information.


NEW QUESTION # 71
You have subscribed to a tenancy, in which you want to isolate the OCI resources from different users logically for governance. Which OCI resource will help you achieve logical separation? (Choose the best Answer.)

  • A. Availability Domain
  • B. Fault Domain
  • C. Dynamic Group
  • D. Compartment

Answer: D


NEW QUESTION # 72
......

Reliable Study Materials for 1z0-1104-23 Exam Success For Sure: https://troytec.itpassleader.com/Oracle/1z0-1104-23-dumps-pass-exam.html

Related Articles

more
Oracle 1z0-1104-23 Certification Practice Exam
0
0
0
0