This page was exported from IT Certification Exam Braindumps [ http://blog.braindumpsit.com ] Export date:Sun Oct 6 18:19:43 2024 / +0000 GMT ___________________________________________________ Title: [Q29-Q49] 1z0-1104-21 Certification - The Ultimate Guide [Updated 2022] --------------------------------------------------- 1z0-1104-21 Certification - The Ultimate Guide [Updated 2022] 1z0-1104-21 Practice Exam and Study Guides - Verified By BraindumpsIT QUESTION 29As a solutions architect, you need to assist operations team to write an I AM policy to give users in group-uat1 and group- uat2 access to manage all resources in the compartment Uat. Which is the CORRECT IAM policy ?  Allow any-user to manage all resources in tenancy where target.compartment= Uat  Allow any-user to manage all resources in compartment Uat where request.group=/group-uat/*  Allow group /group-uat*/ to manage all resources in compartment Uat  Allow group group-uat1 group-uat2 to manage all resources in compartment Uat QUESTION 30What is the matching rule syntax for a single condition?  Option A  Option B  Option C  Option D QUESTION 31As a security administrator, you found out that there are users outside your co network who are accessing OCI Object Storage Bucket. How can you prevent these users from accessing OCI resources in corporate network?  Create an 1AM policy and create WAF rules  Create an 1AM policy and add a network source  Make OCI resources private instead of public  Create PAR to restrict access the access QUESTION 32Which of the following is necessary step when creating a secret in vault?  Vault-managed key is necessary to encrypt the secret  Digest Hash should be created of the secret value  Object Storage must be created to run secret service  Shamir’s secret sharing algorithm should be used to unseal the vault https://docs.oracle.com/en/database/other-databases/essbase/21/essad/create-vault-and-secrets.htmlQUESTION 33Which architecture is based on the principle of “never trust, always verify”?  Federated identity  Zero trust  Fluid perimeter  Defense in depth Enterprise Interest in Zero Trust is Growing Ransomware and breaches are top of the news cycle and a major concern for organizations big and small. So, many are now looking at the Zero Trust architecture and its primary principle “never trust, always verify” to provide greater protection.According to Report Linker, the Zero Trust security market is projected to grow from USD 15.6 billion in 2019 to USD 38.6 billion by 2024 and that sounds right based on the large number of companies pitching their Zero Trust wares at RSA 2020.The enterprise was well represented at the conference and there was a tremendous amount of interest in Zero Trust. Interestingly, even though Zero Trust environments are often made up of several solutions from multiple vendors it hasn’t prevented each of the vendors from evangelizing their flavors of Zero Trust. This left the thousands of attendees to attempt to cut through the Zero Trust buzz and noise and make their own conclusions to the best approach.https://blogs.oracle.com/cloudsecurity/post/rsa-2020-recap-cloud-security-moves-to-the-frontQUESTION 34A number of malicious requests for a web application is coming from a set of IP addresses originating from Antartic a.Which of the following statement will help to reduce these types of unauthorized requests ?  Delete NAT Gateway from Virtual Cloud Network  Use WAF policy using Access Control Rules  List specific set of IP addresses then deny rules in Virtual Cloud Network Security Lists  Change your home region in which your resources are currently deployed QUESTION 35When creating an OCI Vault, which factors may lead to select the Virtual Private Vault ? Select TWO correct answers  Need for more than 9211 key versions  Greater degree of isolation  To mask Pll data for non-production environment  Ability to back up the vault QUESTION 36Which OCI cloud service lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources?  Data Safe  Cloud Guard  Data Guard  Vault Oracle Cloud Infrastructure Vault is a managed service that lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources. Vaults securely store master encryption keys and secrets that you might otherwise store in configuration files or in code. Specifically, depending on the protection mode, keys are either stored on the server or they are stored on highly available and durable hardware security modules (HSM) that meet Federal Information Processing Standards (FIPS) 140-2 Security Level 3 security certification.https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htmQUESTION 37Which type of software do you use to centrally distribute and monitor the patch level of systems throughout the enterprise?  Network Monitor software  Web Application Firewall  Patch Management software  Recovery Manager software https://docs.oracle.com/cd/E11857_01/em.111/e18710/T531901T535649.htmQUESTION 38Which of these protects customer data at rest and in transit in a way that allows customers to meet their security and compliance requirements for cryptographic algorithms and key management?  Security controls  Customer isolation  Data encryption  Identity Federation DATA ENCRYPTIONProtect customer data at-rest and in-transit in a way that allows customers to meet their security and compliance requirements for cryptographic algorithms and key management.https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_overview.htmQUESTION 39What do the features of OS Management Service do?  Add complexity in using multiple tools to manage mixed-OS environments.  Provide paid service and support to OCI subscribers for fixes on priority.  Increase security and reliability by regular bug fixes.  Encourage manual setup to avoid machine-induced errors. https://docs.oracle.com/en/solutions/oci-best-practices/manage-your-operating-systems1.htmlQUESTION 40A http web server hosted on an Oracle cloud infrastructure compute instance in a public subnet of the vcsl virtual cloud network has a stateless security ingress rule for port 80 access through internet gateway stateful network security group notification for port 80 how will the Oci vcn handle request response traffic to the compute instance for a web page from the http server with port 80?  network security group would supersede the security utility list and allow both inbound and outbound traffic  the union of both configuration would happen and allow both inbound and outbound traffic  due to the conflict in security configuration inbound request traffic would not be allowed  Because there is no Egress ruled defined in Security List, The Response would not pass through Internet Gateway. QUESTION 41Which statement is true about using custom BYOI instances in Windows Servers that are managed by OS Management Service?  Windows Servers that does not have the minimum agent version does not require an agent update or installation.  Windows Servers that already has the minimum agent version does not require an agent update or installation.  Windows Servers that already has the minimum agent version requires an agent update or installation.  Windows Servers that does not have the minimum agent version requires an agent update or installation. https://docs.oracle.com/cd/E11857_01/install.111/e15311/agnt_install_windows.htmQUESTION 42Operations team has made a mistake in updating the secret contents and immediately need to resume using older secret contents in OCI Secret Management within a Vault.As a Security Administrator, what step should you perform to rollback to last version? Select TWO correct answers.  Mark the secret version as ‘deprecated’  Mark the secret version as ‘Previous’  Mark the secret version as ‘Rewind’  Upload new secret and mark as ‘Pending’. Promote this secret version as ‘Current’ QUESTION 43You create a new compartment, “apps,” to host some production apps and you create an apps_group and added users to it.What would you do to ensure the users have access to the apps compartment?  Add an IAM policy for the individual users to access the apps compartment.  Add an IAM policy for apps_group granting access to the apps compartment.  Add an lAM policy to attach tenancy to the apps group.  No action is required. QUESTION 44Which WAF service component must be configured to allow, block, or log network requests when they meet specified criteria?  Protection rules  Bot Management  Origin  Web Application Firewall policy Protection rulesProtection rules can be configured to either allow, block, or log network requests when they meet the specified criteria of a protection rule. The WAF will observe traffic to your web application over time and suggest new rules to apply.https://www.oracle.com/security/cloud-security/what-is-waf/QUESTION 45An e-commerce company needs to authenticate with third-party API that don’t support OCI’s signature-based authentication.What can be the solution for the above scenario?  Security Token  API Key Authentication  Asymmetric keys  Auth Token/Swift Password QUESTION 46which three resources are required to encrypt a block volume with the customer managed key?  MAXIMUM SECURITY ZONE  SYMMETRIC MASTER KEY ENCRYPTlON KEY  BLOCK KEY  OCI VAIRT  IAM Policy Allowing Block Storage to Use Keys  Secrets https://docs.oracle.com/en-us/iaas/Content/SecurityAdvisor/Tasks/creatingsecureblockvolume.htmQUESTION 47What does the following identity policy do?Allow group my-group to use fn-invocation in compartment ABC where target.function.id = ‘<function-OCID>’  Enables users in a group to create, update, and delete ALL applications and functions in a compartment  Enables users to invoke all the functions in a specific application  Enables users to invoke just one specific function  Enables users to invoke all the functions in a compartment except for one specific function QUESTION 48Which parameters customers need to configure while reading secrets by name using CL1 or API? Select TWO correct answers.  Certificates  Secret Name  ASCII Value  Vault Id QUESTION 49Which challenge is generally the first level of bot mitigation, but not sufficient with more advanced bot tools?  CAPTCHA challenge  JavaScript challenge  Device fingerprint challenge  Human interaction challenge  Loading … Oracle 1z0-1104-21 Exam Syllabus Topics: TopicDetailsTopic 1Describe OCI Shared Security Responsibility Model Understand MFA, Identity Federation, and SSOTopic 2Implement security monitoring and alerting Secure connectivity of virtual networks (DRG v2, Peering)Topic 3Describe use case for Penetration and Vulnerability Testing Cloud Security Business Drivers and ChallengesTopic 4Configure security for Oracle Autonomous Database and DB Systems Configure security for OKE and Oracle FunctionsTopic 5Design a scalable authorization model with users, groups, and policies Implement conditional and advanced policiesTopic 6Configure and manage Secrets in OCI Vault Secure connectivity of hybrid networks (Site-to-Site VPN, FastConnect)Topic 7Create and configure Web Application Firewall Configure Network Security Groups (NSGs) and Security ListsTopic 8Describe the use case for VCN Flow Logs Use Compartments to isolate resourcesTopic 9Describe key capabilities provided by Data Safe Describe use case for auditing and review OCI Audit Logs   Ultimate Guide to the 1z0-1104-21 - Latest Edition Available Now: https://www.braindumpsit.com/1z0-1104-21_real-exam.html --------------------------------------------------- Images: https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif https://blog.braindumpsit.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2022-05-11 09:42:57 Post date GMT: 2022-05-11 09:42:57 Post modified date: 2022-05-11 09:42:57 Post modified date GMT: 2022-05-11 09:42:57