New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

1z0-1104-23 Questions and Answers

Question # 6

You want to enable Cloud Guard in your tenancy. Which is NOT a prerequisite? Create LAM policies that allow Cloud Guard to read Oracle Cloud Infrastructure (OCI) resources.? (Choose the best Answer.)

A.

Install the monitoring agent on the instances you want to monitor.

B.

Add the required IAM policy for the user to access Cloud Guard

C.

Create IAM policy that allow cloud guard to read Oracle cloud infrastructure re-sources.

D.

Ensure that you have a paid tenancy

Full Access
Question # 7

Challenge 1 - Task 5 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Preconfigured

To complete this requirement, you are provided with:

  • An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
  • An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
  • A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
  • Access to Cloud Shell.
  • Permissions to perform only the tasks within the challenge.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Full Access
Question # 8

Challenge 4 - Task 2 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

  • Configure a Virtual Cloud Network (VCN)
  • Create a Compute Instance and install the Web Server
  • Create a Load Balancer and update Security List
  • Create a WAF policy
  • Configure Protection Rules against XSS attacks
  • Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

  • Create a Compute Instance with the name IAD-SP-PBT-VM-01, using the Oracle Linux 8 image and VM.Standard2.1 shape.
  • SSH to the compute instance using Cloud Shell.
  • Install and configure Apache web server:a. Install Apache server:
  • sudo yum -y install httpd

b. Enable Apache and start Apache server:

  • bash
  • sudo systemctl enable httpd
  • sudo systemctl restart httpd

c. Create a firewall rule to enable HTTP connection through port 80 and reload the firewall:

  • css
  • sudo firewall-cmd --permanent --add-port=80/tcp
  • sudo firewall-cmd --reload

d. Create an index file for your web server:

  • vbnet
  • sudo bash -c 'echo You are visiting Web Server 1 >>
  • /var/www/html/index.html'

Full Access
Question # 9

When doesCloud Guard re-open an issue and update the history?

A.

If it detects an issue again for an Open (unresolved) problem

B.

If it detects an issue for a previously resolved/dismissed activity problem

C.

If it detects an issue for a previously resolved configuration problem

D.

If it detects an issue for a previously dismissed configuration problem

Full Access
Question # 10

which three resources are required to encrypt a block volume with the customer managed key?

A.

MAXIMUM SECURITY ZONE

B.

SYMMETRIC MASTER KEY ENCRYPTlON KEY

C.

BLOCK KEY

D.

OCI VAIRT

E.

IAM Policy Allowing Block Storage to Use Keys

F.

Secrets

Full Access
Question # 11

You configured the events service for your Cloud Guard problems to send email notifications, but you do not see any, which three things should you check to resolve this? (Choose three.)

A.

Ensure that you have the Cloud Guard retention policy configured,

B.

Ensure that your Cloud Guard targets have the Cloud Event responder recipe attached with the notification rule enabled.

C.

Ensure that the Event rule is created in the same compartment (or parent of it) where your problem resource exists.

D.

Ensure that the event is configured in the Cloud Guard reporting region.

E.

Ensure that Cloud Guard is enabled in every single region individually

Full Access
Question # 12

Cloud Guard detected a risk score of zeroin the dashboard, what does this mean ?

A.

Risk score doesn't say anything. These are just numbers

B.

LOW or MINOR issues

C.

Larger number of problems that have high risk levels ( HIGH or CRITICAL )

D.

No problem detected for any resource

Full Access
Question # 13

Which statement about Oracle Cloud Infrastructure Multi-Factor Authentication (MFA)is NOT valid?

A.

Users cannot disable MFA for themselves.

B.

A user can register only one device to use for MFA.

C.

Users must install a supported authenticator app on the mobile device they intend to register for MFA.

D.

An administrator can disable MFA for another user.

Full Access
Question # 14

What must be configured for a load balancer to accept incoming traffic?

A.

Service Gateway

B.

SSL certificate

C.

Listener

D.

Route table entry pointing to the listener IP address

Full Access
Question # 15

What does an audit log event include?

A.

Audit type

B.

Header

C.

Footer

D.

Type of input

Full Access
Question # 16

You have three compartments: ProjectA, ProjectB, and ProjectC. For each compartment, there is an admin group set up: A-Admins, B-Admins, and C-Admins. Each admin group has full access over their respective compartments as shown in the graphic below. Your organization has set up a tag namespace, EmployeeGroup.Role and all your admin groups are tagged with a value of 'Admin'.

You want to set up a "Test" compartment for members of the three projects to share, and need to give admin aress to all three of your existing admin groups. Which policy should you write to accomplish this task? (Choose the best Answer.)

A.

Allow any-group to manage all-resources in compartment Test where re-quest.principal.group.tag.EmployeeGroup.Role=Admin

B.

Allow any-users to manage all-resources in compartment Test where re-quest.principal.group.tag.EmployeeGroup.Role=Admin

C.

Allow group any-group to manage all-resources in compartment Test where re-quest.principal.group.tag.EmployeeGroup.Role=Admin

D.

Allow all-group to manage all-resources in compartment Test where re-quest.principal.group.tag.EmployeeGroup.Role=Admin

Full Access
Question # 17

Which are the three rules of engagement that apply to cloud penetration and vulnerability testing in Oracle Cloud Infrastructure (OCI)? (Choose three.)

A.

You cannot conduct a test that exceeds the bandwidth quota of your subscription

B.

You can perform port scanning in a non-aggressive mode.

C.

You can attempt to access another customer's environment or data.

D.

You are responsible for any damages to Oracle Clout that are caused by your testing activities.

E.

You are allowed to use loos or services that perform denial-of-service (DoS) attacks against your cloud assets.

Full Access
Question # 18

Which tasks can you perform on a dedicated virtual machine host?

A.

Manual scaling

B.

Creating instance pools

C.

Instance configurations

D.

Capacity reservations

Full Access
Question # 19

An e-commerce company needs to authenticate with third-party API that don't support

OCI's signature-based authentication.

What can be the solution for the above scenario?

A.

Security Token

B.

API Key Authentication

C.

Asymmetric keys

D.

Auth Token/Swift Password

Full Access
Question # 20

Which component helps move logging data to other services, such as archiving log data in object storage?

A.

Agent Configuration

B.

Unified Monitoring Agent

C.

Service Connector Hub

D.

Service Log Category

Full Access
Question # 21

You create a new compartment, “apps,” to host some production apps and you create an apps_group and added users to it.

What would you do to ensure the users have access to the apps compartment?

A.

Add an IAM policy for the individual users to access the apps compartment.

B.

Add an IAM policy for apps_group granting access to the apps compartment.

C.

Add an lAM policy to attach tenancy to the apps group.

D.

No action is required.

Full Access
Question # 22

Which storage type is most effective when you want to move some unstructured data, consisting of images and videos, to cloud storage?

A.

Standard storage

B.

File storage

C.

Archivestorage

D.

Block volume

Full Access
Question # 23

For how long are API calls audited and available?

A.

30days

B.

90 days

C.

365 days

D.

60 days

Full Access
Question # 24

Which two services can leverage Vault symmetric encryption keys for data-at-rest? (Choose two.) OR Which OCI services can encrypt all data-at-rest? (Choose two.)

A.

Load Balancer

B.

Object Storage

C.

Block Volume

D.

WAF

E.

API Gateway

F.

CDN

Full Access
Question # 25

Which VCNconfiguration is CORRECT with regard to VCN peering within a same region ?

A.

12.0.0.0/16 and 194.168.0.0/16

B.

12.0.0.0/16 and 12.0.0.0/16C 194.168.0.0/24 and 194.168.0.0/24

C.

194.168.0.0/24 and 194.168.0.0/16

Full Access
Question # 26

Which is NOT a part of Observability and Management Services?

A.

Event Services

B.

OCI Management Service

C.

Logging Analytics

D.

Logging

Full Access
Question # 27

Which cache rules criterion matches if the concatenation of the requested URL path and query are identical to the contents of the value field?

A.

URL_PART_CONTAINS

B.

URL_IS

C.

URL_PART_ENDS_WITH

D.

URL_STARTS_WITH

Full Access
Question # 28

You subscribe to a PaaS service that follows the Shared Responsibility model.

Which type of security is your responsibility?

A.

Network

B.

Infrastructure

C.

Data

D.

Guest OS

Full Access
Question # 29

Which Virtual Cloud Network (VCN) configuration within a region will allow successful local peering using a local peering gateway? (Choose the best Answer.)

A.

VCN with 10.0.0.0/16 and VCN2 with 192.168.0.0/16

B.

VICN1 with 10.0.0.0/16 and VCN2 with 10.0.0.0/24

C.

VCN1 with 192.168.0.0/16 and VCN2 with 192.168.0.0/24

D.

VCN1 with 192.168.0.0/24 and VCN2 with 192.168.0.0/24

E.

VCN1 with 10.0.0.0/16 and VCN2 with 192 168 0 0/14

Full Access
Question # 30

You are using a custom application with third-party APIs to manage application and data hosted in an Oracle Cloud Infrastructure(OCI) tenancy. Although your third-party APIs don't support OCI's signature-based authentication, you want them to communicate with OCI resources. Which authentication option must you use to ensure this?

A.

OCI username and Password

B.

API Signing Key

C.

SSH Key Pair with 2048-bit algorithm

D.

Auth Token

Full Access
Question # 31

Which is true regarding importing a symmetric key into Vault (Bring your own key)? (Choose the best Answer.)

A.

The key must be wrapped using a RSA asymmetric key provided by the Vault.

B.

The key must be 1024 bits.

C.

The user must use the Command Line Interface (CLI) for importing the key into the Vault.

D.

The user performing the import must have the 'import' permission via an IAM Policy.

Full Access
Question # 32

In which two ways can you improve data durability in Oracle Cloud Infrastructure (OCI) Object Storage? (Choose two.)

A.

Enable server-side encryption

B.

Enable versioning

C.

Enable client-side encryption

D.

Setup volumes in a RAID configuration

E.

Limit delete permissions

Full Access
Question # 33

Challenge 3 - Task 4 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

• Configure a Virtual Cloud Network (VCN) and a Private Subnet.

• Provision a Compute Instance in the private subnet and enable Bastion Plugin.

• Create a Bastion and Bastion session.

• Connect to a compute instance using Managed SSH session.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

 

Connect to a compute instance using a Managed SSH Bastion session from your local machine terminal or Cloud shell.

Full Access
Question # 34

Challenge 4 - Task 3 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

  • Configure a Virtual Cloud Network (VCN)
  • Create a Compute Instance and install the Web Server
  • Create a Load Balancer and update Security List
  • Create a WAF policy
  • Configure Protection Rules against XSS attacks
  • Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

  • Go to the VCN IAD-WAF-PBT-VCN-01.
  • Create a Security List with the name IAD-SP-PBT-LB-SL-01.
  • Create a Public subnet named LB-Subnet-IAD-SP-PBT-SNET-02 and attach the above-created security list.
  • Create a Load Balancer with the name IAD-SP-PBT-LB-01.
  • Create a Listener Name with the name IAD_SP_PBT_LB_LISN_01.
  • Add appropriate Ingress and Egress rules to IAD-SP-PBT-LB-SL-01, to allow http traffic to the Load Balancer subnet.

Full Access
Question # 35

Challenge 4 - Task 5 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

  • Configure a Virtual Cloud Network (VCN)
  • Create a Compute Instance and install the Web Server
  • Create a Load Balancer and update Security List
  • Create a WAF policy
  • Configure Protection Rules against XSS attacks
  • Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

1. Create a Protection Rule with name WAF-PBT-XSS-Protection against XSS attack. for protecting web server

2. Create a New Rule Action with name WAF-PBT-XSS-Action where http response code will be 503 (Service Unavailable).

Full Access
Question # 36

Challenge 4 - Task 1 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

  • Configure a Virtual Cloud Network (VCN)
  • Create a Compute Instance and install the Web Server
  • Create a Load Balancer and update Security List
  • Create a WAF policy
  • Configure Protection Rules against XSS attacks
  • Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

Create a VCN using wizard with the name IAD-WAF-PBT-VCN-01

Full Access
Question # 37

Challenge 3 - Task 3 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

• Configure a Virtual Cloud Network (VCN) and a Private Subnet.

• Provision a Compute Instance in the private subnet and enable Bastion Plugin.

• Create a Bastion and Bastion session.

• Connect to a compute instance using Managed SSH session.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

1.      Create a Bastion with the name SPPBTBASTION99233424-lab.user01

[Eliminate Specical Characters] Eg:SPPBTBASTION992831403labuser13

2.      Create a Session with the name PBT-1-Session-01, for compute instance in private subnet, with default username as "opc"

Full Access
Question # 38

Challenge 4 - Task 4 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

  • Configure a Virtual Cloud Network (VCN)
  • Create a Compute Instance and install the Web Server
  • Create a Load Balancer and update Security List
  • Create a WAF policy
  • Configure Protection Rules against XSS attacks
  • Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

Create a WAF policy with the name IAD-SP-PBT-WAF-01_99233424-lab.user01

Eg: IAD-SP-PBT-WAF-01_99232403-lab.user02

Full Access
Question # 39

Challenge 1 - Task 2 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a good security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Preconfigured:

To complete this requirement, you are provided with:

  • An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
  • An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
  • A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
  • Access to Cloud Shell.
  • Permissions to perform only the tasks within the challenge.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Complete the following task:

In the field below, write the IAM policy, which allows a program running on a computer instance (principal instance) to retrieve a secret from the OCI Vault.

Full Access
Question # 40

Challenge 1 - Task 3 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Preconfigured

To complete this requirement, you are provided with:

  • An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
  • An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
  • A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
  • Access to Cloud Shell.
  • Permissions to perform only the tasks within the challenge.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Complete the following task in the OCI environment provisioned:

Create a new VCN with the name PBT_SECRET_VCN01 and public subnet within your assigned compartment.

Full Access
Question # 41

Challenge 1 - Task 1 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario:

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Preconfigured:

To complete this requirement, you are provided with:

  • An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
  • An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
  • A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
  • Access to Cloud Shell.
  • Permissions to perform only the tasks within the challenge.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Complete the following tasks in the OCI environment provisioned:

  • Create Master Encryption Key with the name my_pbt_msk with 256 bits shape.
  • Create a Secret with the name my-pbt-secret_99234021-lab.user01 and secret content.

For example: If your user name is 99346163-lab.user02, then the secret should be named as my-pbt-secret_99346163-lab.user02.

Full Access