[2023年12月21日] 無料Oracle Cloud 1z0-1104-23公式認定ガイドPDFダウンロード
Oracle 1z0-1104-23公式認定ガイドPDF
質問 # 13
Which tasks can you perform on a dedicated virtual machine host?
- A. Capacity reservations
- B. Creating instance pools
- C. Instance configurations
- D. Manual scaling
正解:D
解説:
Explanation
Supported features: Most of the Compute features for VM instances are supported for instances running on dedicated virtual machine hosts. However, the following features arenot supported:
Autoscaling
Capacity reservations
Instance configurations
Instance pools
Burstable instances
Reboot migration. You can use manual migration instead
https://docs.oracle.com/en-us/iaas/Content/Compute/Concepts/dedicatedvmhosts.htm#Dedicated_Virtual_Machi
質問 # 14
Which statement is true about using custom BYOI instances in Windows Servers that are managed by OS Management Service?
- A. Windows Servers that does not have the minimum agent version requires an agent update or installation.
- B. Windows Servers that does not have the minimum agent version does not require an agent update or installation.
- C. Windows Servers that already has the minimum agent version requires an agent update or installation.
- D. Windows Servers that already has the minimum agent version does not require an agent update or installation.
正解:A
解説:
Explanation
https://docs.oracle.com/cd/E11857_01/install.111/e15311/agnt_install_windows.htm
質問 # 15
Which components are a part of the OCI Identity and Access Management service?
- A. VCN
- B. Policies
- C. Compute instances
- D. Regional subnets
正解:B
解説:
Explanation
https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/overview.htm
質問 # 16
Which cache rules criterion matches if the concatenation of the requested URL path and query are identical to the contents of the value field?
- A. URL_IS
- B. URL_PART_CONTAINS
- C. URL_STARTS_WITH
- D. URL_PART_ENDS_WITH
正解:A
解説:
Explanation
URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
https://docs.oracle.com/en-us/iaas/tools/terraform-provider-oci/4.57.0/docs/d/waas_waas_policy.html
質問 # 17
Which OCI services can encrypt all data-at-rest ? Select TWO correct answers
- A. Geolocation Steering
- B. File Storage
- C. NAT Gateway
- D. Block Volumes
正解:B、D
解説:
Explanation
Graphical user interface, text, application, email Description automatically generated
質問 # 18
You create a new compartment, "apps," to host some production apps and you create an apps_group and added users to it.
What would you do to ensure the users have access to the apps compartment?
- A. Add an lAM policy to attach tenancy to the apps group.
- B. No action is required.
- C. Add an IAM policy for the individual users to access the apps compartment.
- D. Add an IAM policy for apps_group granting access to the apps compartment.
正解:D
解説:
Explanation
In Oracle Cloud Infrastructure, you can ensure that users have access to a specific compartment by adding an IAM policy for the group those users belong to, granting access to that compartment45.
質問 # 19
What must be configured for a load balancer to accept incoming traffic?
- A. SSL certificate
- B. Service Gateway
- C. Route table entry pointing to the listener IP address
- D. Listener
正解:D
解説:
Explanation
A listener is an entity that checks for connection requests. The load balancerlistener listens for ingress client traffic using the port you specify within the listener and the load balancer's public IP.
https://docs.oracle.com/en-us/iaas/Content/GSG/Tasks/loadbalancing.htm
To create a listener:
On your Load Balancer Details page, click Listeners.
Click Create Listener.
Enter the following:
Name: Enter afriendly name. Avoid entering confidential information.
Protocol: Select HTTP.
Port: Enter 80 as the port on which to listen for incoming traffic.
Backend Set: Select the backend set you created.
Click Create.
質問 # 20
With regard to WAF in OCI, which of the following statements are NOT customer's responsibility? Select TWO answers.
- A. Configure WAF policies for websites
- B. WAF edge nodes with High Availability
- C. Configure Bot Managementstrategies for a website traffic
- D. Import latest OWASP Core Rule Sets
正解:B、D
解説:
Explanation
The management of WAF edge nodes and the importation of the latest OWASP Core Rule Sets are handled by Oracle, not the customer. The customer is responsible for configuring WAF policies and Bot Management strategies for their website traffic
質問 # 21
An automobile company needs to configure Bastion Managed SSH session to a compute instance in a private subnet. What are the TWO prerequisites to configure successfully?
- A. NAT or Service Gateway should be attached to the private subnet
- B. SSH port forwarding should be enabled
- C. Route rule to a NAT or Service Gateway should be associated with the subnet of the route table
- D. There is no need for any gateway in private subnet
正解:A、C
解説:
Explanation
For a Bastion Managed SSH session to a compute instance in a private subnet, the instance must have access to the internet, which can be provided by a NAT Gateway or a Service Gateway34. Additionally, a route rule directing traffic to the NAT or Service Gateway should be associated with the subnet's route table34.
質問 # 22
You want software that can automatically collect and aggregate log data generated throughout your organization's infrastructure, analyze it, and send alerts if it detects a deviation from the norm.
Which software must you use?
- A. Security Integration Management (SIM)
- B. Security Information Management (SIM)
- C. SecurityEvent Management (SEM)
- D. Security Information and Event Management (SIEM)
正解:D
解説:
Explanation
SIEM software can automatically collect and aggregate log data generated throughout your organization's infrastructure, analyze it, and send alerts if it detects a deviation from the norm23.
質問 # 23
Which volume type contains the image used to boot a compute instance?
- A. Init 6 volume
- B. Block volume
- C. Startup volume
- D. Boot volume
正解:D
解説:
Explanation
Boot Volumes
When you launch a virtual machine (VM) or bare metal instance based on a platform image or custom image, a new boot volume for the instance is created in the same compartment. That boot volume is associated with that instanceuntil you terminate the instance. When you terminate the instance, you can preserve the boot volume and its data
https://docs.oracle.com/en-us/iaas/Content/Block/Concepts/bootvolumes.htm
質問 # 24
An e-commerce company needs to authenticate with third-party API that don't support OCI's signature-based authentication.
What can be the solution for the above scenario?
- A. Auth Token/Swift Password
- B. Asymmetric keys
- C. Security Token
- D. API Key Authentication
正解:A
解説:
Explanation
Graphical user interface, text, application, email Description automatically generated
質問 # 25
A http web server hosted on an Oracle cloud infrastructure compute instance in a public subnet of the vcsl virtual cloudnetwork has a stateless security ingress rule for port 80 access through internet gateway stateful network security group notification for port 80 how will the Oci vcn handle request response traffic to the compute instance for a web page from the http server with port 80?
- A. network security group would supersede the security utility list and allow both inbound and outbound traffic
- B. due to the conflict in security configuration inbound request traffic would not be allowed
- C. the union of both configuration would happen and allow both inbound and outbound traffic
- D. Because there is no Egress ruled defined in Security List, The Response would not pass through Internet Gateway.
正解:C
解説:
Explanation
In OCI, if there's a stateless rule in the security list and a stateful rule in the network security group, both rules are evaluated. The union of both configurations would happen, allowing both inbound and outbound traffic. This means that if an incoming packet is allowed by either the security lists or the network security groups, then it's allowed into the instance. Similarly, if an outgoing packet is allowed by either, then it's allowed out of the instance
質問 # 26
Which statement is true about origin management in WAF?
Statement A: Multiple origins can be defined.
Statement B: Only a single origin can be active fora WAF.
- A. Both the statements are true.
- B. Only statement A is true.
- C. Both the statements are false.
- D. Only statement B is true.
正解:B
解説:
Statement A: Multiple origins can be defined1. This is true. In Oracle Cloud Infrastructure's Web Application Firewall (WAF), multiple origins can be defined for a WAF policy using Origin Groups1. When at least two origins are configured, load balancing is enabled1.
Statement B: Only a single origin can be active for a WAF2. This is false. In the Origin Settings of the WAF policy, all origins are active under origin groups2.
質問 # 27
Which VCNconfiguration is CORRECT with regard to VCN peering within a same region ?
- A. 12.0.0.0/16 and 194.168.0.0/16
- B. 12.0.0.0/16 and 12.0.0.0/16C 194.168.0.0/24 and 194.168.0.0/24
- C. 194.168.0.0/24 and 194.168.0.0/16
正解:A
解説:
Explanation
When setting up VCN peering within the same region, the VCNs must have non-overlapping CIDRs12. In this case, the CIDR blocks 12.0.0.0/16 and 194.168.0.0/16 are different and do not overlap, making them suitable for VCN peering
質問 # 28
Which statement is true about Oracle Cloud Infrastructure (OCI) Object Storage server-side encryption?
- A. Customer-provided encryption keys are never stored in OCI Vault service.
- B. Each object in a bucket is always encrypted with the same data encryption key.
- C. Encryption is not enabled by default.
- D. All the traffic to and from object storage is encrypted by using Transport Layer Security.
正解:D
解説:
Oracle Cloud Infrastructure (OCI) Object Storage uses Transport Layer Security (TLS) to encrypt all traffic to and from Object Storage34. This ensures that data is secure during transit.
質問 # 29
Where are logs stored?
- A. OCI Block Storage
- B. Cloud Agent
- C. OCI Object Storage
- D. OCI File Storage
正解:C
解説:
Explanation
You can collect log data continuously from Oracle CloudInfrastructure (OCI) Object Storage. To enable the log collection, create ObjectCollectionRule resource using REST API or CLI. After the successful creation of this resource and having the required IAM policies, the log collection will be initiated.
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/collect-logs-your-oci-object-storage-bucket.html
質問 # 30
For how long are API calls audited and available?
- A. 365 days
- B. 60 days
- C. 30days
- D. 90 days
正解:A
解説:
Explanation
https://docs.public.oneportal.content.oci.oraclecloud.com/en-us/iaas/Content/Audit/Tasks/settingretentionperiod.
質問 # 31
What information do youget by using the Network Visualizer tool?
- A. Interconnectivity of VCNs
- B. Organization of subnets and VLANs across availability domains
- C. Routes defined between subnets and gateways
- D. State of subnets in a VCN
正解:A
解説:
Explanation
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/network_visualizer.htm You can view and understand the following from this diagram:
How VCNs are inter-connected
How on-premises networks are connected (using FastConnect or Site-to-Site VPN) Which routing entities (DRGs and so on) control trafficrouting How your transit routing is configured
質問 # 32
As a security administrator, you want to create cloud resources that alignwith Oracle's security principles and best practices. Which security service should you use?
- A. Identity and Access Management
- B. Cloud Guard
- C. Security Advisor
- D. Web Application Firewall (WAF)
正解:C
解説:
Explanation
Graphical user interface, text, application, email Description automatically generated
質問 # 33
What is the minimum active storage duration for logs used by Logging Analytics to be archived?
- A. 15 days
- B. 10 days
- C. 60 days
- D. 30 days
正解:D
解説:
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/manage-storage.html#:~:text=The%20minimum%20Ac The minimum Active Storage Duration (Days) for logs before they can be archived is 30 days.
質問 # 34
Which of the following is necessary step when creating a secret in vault?
- A. Digest Hash shouldbe created of the secret value
- B. Vault-managed key is necessary to encrypt the secret
- C. Object Storage must be created to run secret service
- D. Shamir's secret sharing algorithm should be used to unseal the vault
正解:B
解説:
Explanation
https://docs.oracle.com/en/database/other-databases/essbase/21/essad/create-vault-and-secrets.html
質問 # 35
Which architecture is based on the principle of "never trust, always verify"?
- A. Fluidperimeter
- B. Federated identity
- C. Defense in depth
- D. Zero trust
正解:D
解説:
Explanation
Enterprise Interest in Zero Trust is GrowingRansomware and breaches are top of the news cycle and a major concern for organizations big and small. So, many are now looking at the Zero Trust architecture and its primary principle "never trust, always verify" to provide greater protection.
According to Report Linker, the Zero Trust security market is projected to grow from USD 15.6 billion in
2019 to USD 38.6 billion by 2024 and that sounds right based on the large number of companies pitching their Zero Trustwares at RSA 2020.
The enterprise was well represented at the conference and there was a tremendous amount of interest in Zero Trust. Interestingly, even though Zero Trust environments are often made up of several solutions from multiple vendors it hasn'tprevented each of the vendors from evangelizing their flavors of Zero Trust. This left the thousands of attendees to attempt to cut through the Zero Trust buzz and noise and make their own conclusions to the best approach.
https://blogs.oracle.com/cloudsecurity/post/rsa-2020-recap-cloud-security-moves-to-the-front
質問 # 36
......
無料1z0-1104-23試験問題集試験点数を伸ばそう:https://jp.fast2test.com/1z0-1104-23-premium-file.html