[Q29-Q49] 1z0-1104-21 Certification - The Ultimate Guide [Updated 2022] : IT Certification Exam Braindumps : http://blog.braindumpsit.com

QUESTION 29
As a solutions architect, you need to assist operations team to write an I AM policy to give users in group-uat1 and group- uat2 access to manage all resources in the compartment Uat. Which is the CORRECT IAM policy ?

Allow any-user to manage all resources in tenancy where target.compartment= Uat

Allow any-user to manage all resources in compartment Uat where request.group=/group-uat/*

Allow group /group-uat*/ to manage all resources in compartment Uat

Allow group group-uat1 group-uat2 to manage all resources in compartment Uat

QUESTION 30
What is the matching rule syntax for a single condition?

Option A

Option B

Option C

Option D

QUESTION 31
As a security administrator, you found out that there are users outside your co network who are accessing OCI Object Storage Bucket. How can you prevent these users from accessing OCI resources in corporate network?

Create an 1AM policy and create WAF rules

Create an 1AM policy and add a network source

Make OCI resources private instead of public

Create PAR to restrict access the access

QUESTION 32
Which of the following is necessary step when creating a secret in vault?

Vault-managed key is necessary to encrypt the secret

Digest Hash should be created of the secret value

Object Storage must be created to run secret service

Shamir’s secret sharing algorithm should be used to unseal the vault

QUESTION 33
Which architecture is based on the principle of “never trust, always verify”?

Federated identity

Zero trust

Fluid perimeter

Defense in depth

QUESTION 34
A number of malicious requests for a web application is coming from a set of IP addresses originating from Antartic a.
Which of the following statement will help to reduce these types of unauthorized requests ?

Delete NAT Gateway from Virtual Cloud Network

Use WAF policy using Access Control Rules

List specific set of IP addresses then deny rules in Virtual Cloud Network Security Lists

Change your home region in which your resources are currently deployed

QUESTION 35
When creating an OCI Vault, which factors may lead to select the Virtual Private Vault ? Select TWO correct answers

Need for more than 9211 key versions

Greater degree of isolation

To mask Pll data for non-production environment

Ability to back up the vault

QUESTION 36
Which OCI cloud service lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources?

Data Safe

Cloud Guard

Data Guard

Vault

QUESTION 37
Which type of software do you use to centrally distribute and monitor the patch level of systems throughout the enterprise?

Network Monitor software

Web Application Firewall

Patch Management software

Recovery Manager software

QUESTION 38
Which of these protects customer data at rest and in transit in a way that allows customers to meet their security and compliance requirements for cryptographic algorithms and key management?

Security controls

Customer isolation

Data encryption

Identity Federation

QUESTION 39
What do the features of OS Management Service do?

Add complexity in using multiple tools to manage mixed-OS environments.

Provide paid service and support to OCI subscribers for fixes on priority.

Increase security and reliability by regular bug fixes.

Encourage manual setup to avoid machine-induced errors.

QUESTION 40
A http web server hosted on an Oracle cloud infrastructure compute instance in a public subnet of the vcsl virtual cloud network has a stateless security ingress rule for port 80 access through internet gateway stateful network security group notification for port 80 how will the Oci vcn handle request response traffic to the compute instance for a web page from the http server with port 80?

network security group would supersede the security utility list and allow both inbound and outbound traffic

the union of both configuration would happen and allow both inbound and outbound traffic

due to the conflict in security configuration inbound request traffic would not be allowed

Because there is no Egress ruled defined in Security List, The Response would not pass through Internet Gateway.

QUESTION 41
Which statement is true about using custom BYOI instances in Windows Servers that are managed by OS Management Service?

Windows Servers that does not have the minimum agent version does not require an agent update or installation.

Windows Servers that already has the minimum agent version does not require an agent update or installation.

Windows Servers that already has the minimum agent version requires an agent update or installation.

Windows Servers that does not have the minimum agent version requires an agent update or installation.

QUESTION 42
Operations team has made a mistake in updating the secret contents and immediately need to resume using older secret contents in OCI Secret Management within a Vault.
As a Security Administrator, what step should you perform to rollback to last version? Select TWO correct answers.

Mark the secret version as ‘deprecated’

Mark the secret version as ‘Previous’

Mark the secret version as ‘Rewind’

Upload new secret and mark as ‘Pending’. Promote this secret version as ‘Current’

QUESTION 43
You create a new compartment, “apps,” to host some production apps and you create an apps_group and added users to it.
What would you do to ensure the users have access to the apps compartment?

Add an IAM policy for the individual users to access the apps compartment.

Add an IAM policy for apps_group granting access to the apps compartment.

Add an lAM policy to attach tenancy to the apps group.

No action is required.

QUESTION 44
Which WAF service component must be configured to allow, block, or log network requests when they meet specified criteria?

Protection rules

Bot Management

Origin

Web Application Firewall policy

QUESTION 45
An e-commerce company needs to authenticate with third-party API that don’t support OCI’s signature-based authentication.
What can be the solution for the above scenario?

Security Token

API Key Authentication

Asymmetric keys

Auth Token/Swift Password

QUESTION 46
which three resources are required to encrypt a block volume with the customer managed key?

MAXIMUM SECURITY ZONE

SYMMETRIC MASTER KEY ENCRYPTlON KEY

BLOCK KEY

OCI VAIRT

IAM Policy Allowing Block Storage to Use Keys

Secrets

QUESTION 47
What does the following identity policy do?
Allow group my-group to use fn-invocation in compartment ABC where target.function.id = ‘<function-OCID>’

Enables users in a group to create, update, and delete ALL applications and functions in a compartment

Enables users to invoke all the functions in a specific application

Enables users to invoke just one specific function

Enables users to invoke all the functions in a compartment except for one specific function

QUESTION 48
Which parameters customers need to configure while reading secrets by name using CL1 or API? Select TWO correct answers.

Certificates

Secret Name

ASCII Value

Vault Id

QUESTION 49
Which challenge is generally the first level of bot mitigation, but not sufficient with more advanced bot tools?

CAPTCHA challenge

JavaScript challenge

Device fingerprint challenge

Human interaction challenge

[Q29-Q49] 1z0-1104-21 Certification - The Ultimate Guide [Updated 2022]

Oracle 1z0-1104-21 Exam Syllabus Topics: