• Home
  • Articles
  • [Apr 24, 2024] 1z0-1104-23 Test Engine files, 1z0-1104-23 Dumps PDF [Q76-Q100]

[Apr 24, 2024] 1z0-1104-23 Test Engine files, 1z0-1104-23 Dumps PDF [Q76-Q100]

Share

[Apr 24, 2024] 1z0-1104-23 Test Engine files, 1z0-1104-23 Dumps PDF

Latest Oracle 1z0-1104-23 PDF and Dumps (2024) Free Exam Questions Answers

NEW QUESTION # 76
Which statements are CORRECT about Security Zone policy in OCI ? Select TWO correct answers

  • A. Block volume canbe moved from a security zone to a standard compartment
  • B. Resources in a security zone must be accessible from internet
  • C. Bucket can't be moved from a security zone to a standard compartment
  • D. Resources in a security zone must be encrypted using customer-managed keys

Answer: C,D

Explanation:
Explanation
Table Description automatically generated


NEW QUESTION # 77
Which OCI cloud service lets you centrally manage the encryption keys thatprotect your data and the secret credentials that you use to securely access resources?

  • A. Vault
  • B. Data Safe
  • C. Cloud Guard
  • D. Data Guard

Answer: A

Explanation:
Explanation
Oracle Cloud Infrastructure Vault is a managed service that lets you centrally manage the encryption keysthat protect your data and the secret credentials that you use to securely access resources. Vaults securely store master encryption keys and secrets that you might otherwise store in configuration files or in code.
Specifically, depending on the protection mode, keys are either stored on the server or they are stored on highly available and durable hardware security modules (HSM) that meet Federal Information Processing Standards (FIPS) 140-2 Security Level 3 security certification.
https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm


NEW QUESTION # 78
How can you establish private connectivity over two VCN within same OCI region without traversing the traffic over public internet ?

  • A. Local VCN Peering
  • B. Data Guard
  • C. Remote VCN Peering
  • D. NAT Gateway

Answer: A

Explanation:


NEW QUESTION # 79
Challenge 4 - Task 3 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Go to the VCN IAD-WAF-PBT-VCN-01.
Create a Security List with the name IAD-SP-PBT-LB-SL-01.
Create a Public subnet named LB-Subnet-IAD-SP-PBT-SNET-02 and attach the above-created security list.
Create a Load Balancer with the name IAD-SP-PBT-LB-01.
Create a Listener Name with the name IAD_SP_PBT_LB_LISN_01.
Add appropriate Ingress and Egress rules to IAD-SP-PBT-LB-SL-01, to allow http traffic to the Load Balancer subnet.

Answer:

Explanation:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select <your assigned compartment> from the drop-down menu.
Click IAD-WAF-PBT-VCN-01 from the list of VCNs.
In the left navigation pane, under Resources, click Security Lists.
Click Create Security List.
In the Create Security List dialogue box, enter the following: a) Name: IAD-SP-PBT-LB-SL-01 b) Do not add any ingress or egress rules. c) Click Create Security List.
In the left navigation pane, under Resources, click Subnets.
Click Create Subnet.
In the Create Subnet dialogue box, enter the following: a) Name: LB-Subnet-IAD-SP-PBT-SNET-02 b) Create in Compartment: <your working compartment name> c) Subnet Type: Regional d) IPv4 CIDR Block: 10.0.4.0/24 e) Security List: From the drop-down menu, select the Security List you had created earlier, IAD-SP-PBT-LB-SL-01.
Click Create Subnet.
You now see that the subnet has been created successfully.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.


NEW QUESTION # 80
Challenge 4 - Task 6 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
You will connect to the web server and append an XSS script. The protection rule will evaluate the requests and respond accordingly.

Answer:

Explanation:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Load Balancer.
From the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.
Select the load balancer IAD-SP-PBT-VM-01. Note down the Public IP address.
Open a web browser and enter the URL http://<Public IP of IAD-SP-PBT-VM-01>.
Verify the text in index.html is displayed:
arduino
129.153.147.141
You are visiting WAF Based Web Server 1
Now enter the following URL:
less
http://Public IP of IAD-SP-PBT-VM-01/index.html?<p Style="background:url(javascript:alert(1))"> arduino
129.153.147.141
Service Unavailable; Web Server is secured against XSS attacks.
This format keeps the instructions intact while preserving the original content.


NEW QUESTION # 81
Which securityissues can be identified by Oracle Vulnerability Scanning Service? Select TWO correct answers

  • A. CISpublished Industry-standard benchmarks
  • B. Distributed Denial of Service (DDoS)
  • C. SQL Injection
  • D. Ports that are unintentionally left open can be a potential attack vector for cloud resources

Answer: A,D

Explanation:


NEW QUESTION # 82
Hardware Security Modules (HSMs) in Oracle Key Management meet which Federal In-formation Processing Standards (FIPS) standard security certification that requires HSMs to be tamper-resistant and authentication to be identity-based? (Choose the best Answer.)

  • A. FIPS 140-3 Level 3
  • B. FIPS 140-1 Level 1
  • C. FIPS 140 2 Level 3
  • D. FIPS 140-2 Level 2

Answer: C


NEW QUESTION # 83
Which value must an application have to retrieve a secret bundle from Oracle Cloud Infrastructure? (Choose the best Answer.)

  • A. Vault OCID
  • B. Secret OCID
  • C. Bundle OCID
  • D. Key OCID

Answer: A


NEW QUESTION # 84
What are the security recommendations and best practices for Oracle Functions?

  • A. Add applications to network security groups for fine-grained ingress/egress rules.
  • B. Define a policy statement that enables access to functions for requests coming from multiple IP addresses.
  • C. Grant privileges to UID and GID 1000, such that the functions running within a container acquire the default rootcapabilities.
  • D. Ensure that functions in a VCN have restricted access to resources and services.

Answer: A

Explanation:
Explanation
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securitylists.htm


NEW QUESTION # 85
what is the use case for Oracle cloudinfrastructure logging analytics service?

  • A. automatically create instances to collect logs analysis and send reports
  • B. automatically and manage any log based on a subscription model
  • C. labels data packets that pass through the internet gateway
  • D. monitors, aggregates, indexes and analyzes all log data from on-premises.

Answer: D

Explanation:
Explanation
Oracle Cloud Infrastructure Logging Analytics is a machine learning-based cloud service that monitors, aggregates, indexes, and analyzes all log data from on-premises and multicloud environments. Enabling users to search, explore, and correlate this data to troubleshoot and resolve problems faster and derive insights to make better operational decisions.
https://www.oracle.com/manageability/logging-analytics/


NEW QUESTION # 86
Which is NOT a part of Observability and Management Services?

  • A. Event Services
  • B. OCI Management Service
  • C. Logging
  • D. Logging Analytics

Answer: B

Explanation:
https://www.oracle.com/in/manageability/


NEW QUESTION # 87
Which component helps move logging data to other services, such as archiving log data in object storage?

  • A. Service Connector Hub
  • B. Unified Monitoring Agent
  • C. Agent Configuration
  • D. Service Log Category

Answer: A

Explanation:
Service Connector Hub
Service Connector Hub moves logging data to other services in Oracle Cloud Infrastructure. For example, use Service Connector Hub to alarm on log data, send log data to databases, and archive log data to Object Storage. For more information, see Service Connector Hub.
https://docs.oracle.com/en-us/iaas/Content/Logging/Concepts/loggingoverview.htm


NEW QUESTION # 88
Where are logs stored?

  • A. OCI File Storage
  • B. OCI Object Storage
  • C. OCI Block Storage
  • D. Cloud Agent

Answer: B

Explanation:
You can collect log data continuously from Oracle CloudInfrastructure (OCI) Object Storage. To enable the log collection, create ObjectCollectionRule resource using REST API or CLI. After the successful creation of this resource and having the required IAM policies, the log collection will be initiated.
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/collect-logs-your-oci-object-storage-bucket.html


NEW QUESTION # 89
Which of the following is necessary step when creating a secret in vault?

  • A. Shamir's secret sharing algorithm should be used to unseal the vault
  • B. Object Storage must be created to run secret service
  • C. Digest Hash shouldbe created of the secret value
  • D. Vault-managed key is necessary to encrypt the secret

Answer: D

Explanation:
https://docs.oracle.com/en/database/other-databases/essbase/21/essad/create-vault-and-secrets.html


NEW QUESTION # 90
When using Management Agent to collect logs continuously, which is therequired configuration for OCI Logging Analytics to retrieve data from numerous logs for an instance?

  • A. Source-Entity Association
  • B. Agent - Entity Association
  • C. Entity - Source Association
  • D. Entity - Agent Association

Answer: A

Explanation:


NEW QUESTION # 91
Which VCNconfiguration is CORRECT with regard to VCN peering within a same region ?

  • A. 194.168.0.0/24 and 194.168.0.0/16
  • B. 12.0.0.0/16 and 194.168.0.0/16
  • C. 12.0.0.0/16 and 12.0.0.0/16C 194.168.0.0/24 and 194.168.0.0/24

Answer: B

Explanation:
When setting up VCN peering within the same region, the VCNs must have non-overlapping CIDRs12. In this case, the CIDR blocks 12.0.0.0/16 and 194.168.0.0/16 are different and do not overlap, making them suitable for VCN peering


NEW QUESTION # 92
Which statement is true about using custom BYOI instances in Windows Servers that are managed by OS Management Service?

  • A. Windows Servers that already has the minimum agent version requires an agent update or installation.
  • B. Windows Servers that does not have the minimum agent version does not require an agent update or installation.
  • C. Windows Servers that already has the minimum agent version does not require an agent update or installation.
  • D. Windows Servers that does not have the minimum agent version requires an agent update or installation.

Answer: D

Explanation:
https://docs.oracle.com/cd/E11857_01/install.111/e15311/agnt_install_windows.htm


NEW QUESTION # 93
As a security administrator, you want to create cloud resources that alignwith Oracle's security principles and best practices. Which security service should you use?

  • A. Cloud Guard
  • B. Identity and Access Management
  • C. Security Advisor
  • D. Web Application Firewall (WAF)

Answer: C

Explanation:
Explanation
Graphical user interface, text, application, email Description automatically generated


NEW QUESTION # 94
Challenge 2
Least-Privileged Model Enforcement Leveraging Custom Security Zones
Scenario
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the Security Zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You, therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Create a Custom Security Zone recipe to allow compute instances in the public subnet.
* Create a Security Zone using the Custom Security Zone recipe.
* Configure a Virtual Cloud Network (VCN) and Public Subnet.
* Provision a Compute Instance in the public subnet.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
Create a Custom Recipe with the name
Create a Security Zone with the name
Create a VCN with the name IAD-SP-PBT-VCN-01
Create a Public Subnet with the name IAD-SP-PBT-PUBSNET-01
Create a Compute Instance with the name IAD-SP-PBT-1-VM-01, using the "Oracle Linux 8" image and "VM.Standard2.1" as shape

Answer:

Explanation:
See the solution below in Explanation
Explanation:
SOLUTION:
Task 1: Create a Custom Security Zone recipe that permits the creation of a VCN with a public subnet, Internet Gateway, and a public bucket.
Sign into your Oracle Cloud Infrastructure (OCI) account.
From the navigation menu, click Identity & Security. Navigate to Security Zones and click Recipes.
In the left navigation pane, under Scope, select <your compartment> from the drop-down menu.
Click Create Recipe.
On Create Recipe page, enter the following values:
a. Recipe name: [Your Recipe Name] b. Description: My custom security zone recipe. c. Create for compartment: Select your compartment from the drop-down list. d. Click Next e. Policy type: All f. Resource type: VIRTUALNETWORK g. Uncheck deny public subnets deny internet gateway deny update route table h. Again, go to Resource type and select: OBJECTSTORAGE i. Uncheck deny public bucket deny buckets without vault key. j. On the Review page, review the number of policies that are enabled and disabled in this recipe.
Click create.
Task 2: Use the Custom Security Zone recipe created in Task 1 to create a Security Zone for your assigned compartment.
From the navigation menu, select Identity & Security. Navigate to Security Zones and click Overview.
In the left navigation pane, under Scope, select <your compartment> from the drop-down menu.
Click Create Security Zone.
On the Create Security Zone page, enter the following values: a. Security Zone Recipe: Select Customer-managed to use Custom Security Zone Recipe. b. Select Security Zone Recipe [Your Recipe Name] in the working compartment. c. Name: [Your Security Zone Name] d. Description: My Custom Security Zone. e. Create for compartment: Select the working compartment from the drop-down list.
Click Create Security Zone. The new security zone is in the Creating state. It can take several minutes to associate the working compartment with the security zone. When finished, the security zone is in the Active state.
On the Security Zone information tab, you can view the attached [Your Recipe Name] recipe.
Task 3: Use the VCN wizard to create a VCN and ensure that the Custom Security Zone recipe allows for the creation of a public subnet and Internet Gateway.
From the navigation menu, select Networking, then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select <your compartment> from the drop-down menu.
Click Create VCN.
On the Configuration page, enter the following: a. Name: IAD-SP-PBT-VCN-01 b. IPv4 CIDR Blocks: 10.0.0.0/16 c. Note: Leave all the other options in their default setting.
Click Create VNC.
After Create VNC, click in Create Subnet
On the Configuration page, enter the following: a. Name: IAD-SP-PBT-PUBSNET-01 b. Subnet Type: Regional c. IPv4 CIDR Blocks: 10.0.1.0/24 d. Subnet Access: Public Subnet e. Leave all the other options in their default setting.
Click Create Subnet.
Task 4: Create a Computer Instance
From the navigation menu, select Compute and then click Instances.
Click Create Instance. In the Create Instance dialog box, provide the following details:
Name: IAD-SP-PBT-1-VM-01
Placement: Select AD2.
Image: Oracle Linux 8
Shape: Click Change shape, click on specialty and previous generation and select VM.Standard2.1.
Networking: Pick your IAD-SP-PBT-PUBSNET-01 and Public Subnet.
Public IP address: Assign a Public IPv4 address.
Click create.
Note: After a couple of minutes, you can see that the instance has been successfully created and the status Running.


NEW QUESTION # 95
As a lead Security Architect, you have tasked to restrict access to and from the worker nodes in pods running in Oracle Container Engine for Kubernetes?

  • A. Cloud Guard
  • B. Vulnerability Scanning
  • C. Identity and Access Management
  • D. Security Lists

Answer: D

Explanation:
Explanation
Graphical user interface, text, application, email Description automatically generated


NEW QUESTION # 96
You are using a custom application with third-party APIs to manage application and data hosted in an Oracle Cloud Infrastructure(OCI) tenancy. Although your third-party APIs don't support OCI's signature-based authentication, you want them to communicate with OCI resources. Which authentication option must you use to ensure this?

  • A. SSH Key Pair with 2048-bit algorithm
  • B. Auth Token
  • C. API Signing Key
  • D. OCI username and Password

Answer: B

Explanation:
Explanation
An auth token in OCI is an Oracle-generated token that you can use to authenticate with third-party APIs78. This can be useful when the third-party APIs do not support OCI's signature-based authentication


NEW QUESTION # 97
Which statements are CORRECT about Security Zone policy in OCI ? Select TWO correct answers

  • A. Block volume canbe moved from a security zone to a standard compartment
  • B. Resources in a security zone must be accessible from internet
  • C. Bucket can't be moved from a security zone to a standard compartment
  • D. Resources in a security zone must be encrypted using customer-managed keys

Answer: C,D

Explanation:


NEW QUESTION # 98
You subscribe to a PaaS service that follows the Shared Responsibility model.
Which type of security is your responsibility?

  • A. Infrastructure
  • B. Data
  • C. Guest OS
  • D. Network

Answer: B

Explanation:
https://www.oracle.com/a/ocom/docs/cloud/oracle-ctr-2020-shared-responsibility.pdf


NEW QUESTION # 99
What does the following identity policy do?
Allow group my-group to use fn-invocation in compartment ABC where target.function.id = '<function-OCID>'

  • A. Enables users to invoke just one specific function
  • B. Enables users to invoke all the functions in a compartment except for one specific function
  • C. Enables users to invoke all the functions in a specific application
  • D. Enables users in a group to create, update, and delete ALL applications and functions in a compartment

Answer: A

Explanation:
The policy Allow group my-group to use fn-invocation in compartment ABC where target.function.id = '<function-OCID>' gives the group my-group permission to invoke a specific function (identified by its OCID) in the compartment ABC. The fn-invocation verb allows a group to invoke a function, and the condition where target.function.id = '<function-OCID>' ensures that only the specified function can be invoked by this group


NEW QUESTION # 100
......

Pass Your Oracle Cloud 1z0-1104-23 Exam on Apr 24, 2024 with 172 Questions: https://passleader.realexamfree.com/1z0-1104-23-real-exam-dumps.html

Related Articles

more
Oracle 1z0-1104-23 Certification Practice Exam

The passing rate of our valid exam braindumps for most certifications is high up to 99%. A small PDF dumps free is ready to download for new customers to tell if our exam dumps are suitable for their real exam.

Latest Exams Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 RealExamFree NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy