[2024年07月] 最新のOracle 1z0-1104-23テスト問題集とオンライン試験エンジン
Oracle 1z0-1104-23問題を提供していますOracle Cloud問題集と完璧な解答付き
Oracle 1z0-1104-23 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
質問 # 54
Your company has implemented a new VPN connection policy, three months after you connected your on-premises network to Oracle Cloud Infrastructure (OCI). Your chief security officer has instructed you to edit the IPSec connection and replace the shared secrets with the new ones that he has provided. Where do you edit the shared secrets? (Choose the best Answer.)
- A. Customer Premises Equipment
- B. IPsec connection
- C. Individual tunnels
- D. Dynamic Routing Gateway
正解:D
質問 # 55
Which statements are CORRECT about Multi-Factor Authentication in OCI ? Select TWO correct answers
- A. Members of the Administrators group can disable MFA for other users
- B. Users cannot enable MFA for themselves
- C. Members of the Administrators group cannot enable MFA for another user
- D. A user can registermultiple devices to use for MFA.
正解:A、C
解説:
Explanation
Graphical user interface, text, application, email Description automatically generated
Graphical user interface, text, application Description automatically generated
質問 # 56
VCN Flow log record details about the traffic that has been denied or approved is based on which of the following statements?
- A. Auth tokens
- B. Web Application Firewall (WAF)
- C. Configuration of route table
- D. Security Lists orNetwork Security Group Rules
正解:D
解説:
質問 # 57
Which storage type is most effective when you want to move some unstructured data, consisting of images and videos, to cloud storage?
- A. Block volume
- B. File storage
- C. Archivestorage
- D. Standard storage
正解:D
解説:
Use Oracle Cloud Infrastructure Object Storage for data to which you need fast, immediate, and frequent access. Data accessibility and performance justifies a higher price point to store data in the Object Storage tier.
The Object Storage service can store an unlimited amount of unstructured data of any content type, including analytic data and rich content, like images and videos.
https://docs.oracle.com/en/solutions/learn-migrate-app-data-to-cloud/considerations-object-storage.html#GUID-AC192B08-5160-4DA7-B43E-001753D99CF1
質問 # 58
You want software that can automatically collect and aggregate log data generated throughout your organization's infrastructure, analyze it, and send alerts if it detects a deviation from the norm.
Which software must you use?
- A. SecurityEvent Management (SEM)
- B. Security Integration Management (SIM)
- C. Security Information and Event Management (SIEM)
- D. Security Information Management (SIM)
正解:C
解説:
SIEM software can automatically collect and aggregate log data generated throughout your organization's infrastructure, analyze it, and send alerts if it detects a deviation from the norm23.
質問 # 59
What is the matching rule syntax for a single condition?
- A. Option A
- B. Option B
- C. Option D
- D. Option C
正解:D
解説:
質問 # 60
What information do youget by using the Network Visualizer tool?
- A. Organization of subnets and VLANs across availability domains
- B. Interconnectivity of VCNs
- C. Routes defined between subnets and gateways
- D. State of subnets in a VCN
正解:B
解説:
Explanation
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/network_visualizer.htm You can view and understand the following from this diagram:
How VCNs are inter-connected
How on-premises networks are connected (using FastConnect or Site-to-Site VPN) Which routing entities (DRGs and so on) control trafficrouting How your transit routing is configured
質問 # 61
As a security administrator, you found out that there are users outside your co network who are accessing OCI Object Storage Bucket. How can you prevent these users from accessing OCI resources in corporate network?
- A. Make OCI resources private instead of public
- B. Create an 1AM policy and add a network source
- C. Create an 1AM policy and create WAF rules
- D. Create PAR to restrict access the access
正解:B
解説:
質問 # 62
Which resources can be used to create and manage from Vault Service ? Select TWO correct answers
- A. Cloud Guard
- B. IAM
- C. Keys
- D. Secret
正解:C、D
解説:
Explanation
Graphical user interface, text, application Description automatically generated
質問 # 63
which two responsibilities will be oracle when you move your it infrastructure to oracle cloud infrastructure?
- A. PROVIDING STRONG SECURITY LIST
- B. Strong Isolation
- C. MAINTAINING CUSTOMER DATA
- D. Strong IAM Framework
- E. ACCOUNT ACCESS MANAGEMENT
正解:B、D
解説:
Oracle is responsible for providing a strong Identity and Access Management (IAM) framework in OCI. The IAM service lets you control who has access to your cloud resources, what type of access they have, and to which specific resources. You can find more details about this in the Oracle Cloud Infrastructure documentation.
Oracle also ensures strong isolation in its cloud infrastructure, which means that your resources are isolated from other tenants and from Oracle staff. This isolation extends from physical separation of hardware all the way up to access controls on APIs. You can find more details about this in the Oracle Cloud Infrastructure documentation.
質問 # 64
As a lead Security Architect, you have tasked to restrict access to and from the worker nodes in pods running in Oracle Container Engine for Kubernetes?
- A. Vulnerability Scanning
- B. Cloud Guard
- C. Security Lists
- D. Identity and Access Management
正解:C
解説:
Explanation
Graphical user interface, text, application, email Description automatically generated
質問 # 65
Challenge 1 - Task 4 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.
Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Complete the following tasks in the OCI environment provisioned:
Create a Linux Instance with the name [Provide Name Here] within the compartment.
Under placement, select the availability domain AD2.
Select Shape as VM.Standard2.1.
Provide your own public key to SSH the instance.
正解:
解説:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Compute and then click Instances.
From the left navigation pane, under List Scope, select your working compartment from the drop-down menu.
Click Create Instance. In the Create Instance dialog box, provide the following details:
Name: my_pbt_linux
Create in compartment: Select your work compartment name.
Placement: Select AD2.
Image: Oracle Linux 8
Shape: Click Change shape; then select Ampere shape series and select VM.Standard2.1.
Networking: Pick your PBT_SECRET_VCN01 and Public Subnet.
Public IP address: Assign a Public IPv4 address.
Generate SSH Keys.
Click Generate a key pair for me.
Click Save private key (This will save the private key to your local workstation).
Click create.
Note: After a couple of minutes, you can see that the instance has been successfully created and the status is Running.
After the instances are provisioned, details about it appear in the instance list. Copy and save the Public IP addresses, which will be required to connect to the instance using SSH.
質問 # 66
With regard to WAF in OCI, which of the following statements are NOT customer's responsibility? Select TWO answers.
- A. Configure Bot Managementstrategies for a website traffic
- B. Import latest OWASP Core Rule Sets
- C. Configure WAF policies for websites
- D. WAF edge nodes with High Availability
正解:B、D
解説:
Explanation
The management of WAF edge nodes and the importation of the latest OWASP Core Rule Sets are handled by Oracle, not the customer. The customer is responsible for configuring WAF policies and Bot Management strategies for their website traffic
質問 # 67
What is the configuration to avoid publishing messages during the specified time range known as?
- A. Suppression
- B. Resource group
- C. Trigger rule
- D. Statistic
正解:A
解説:
質問 # 68
You are a cloud Security administrator for a company. You are trying to create a dynamic rule that will match all instances in compartment "Test", with the OCID 'ocidl.compartment.ocl.lksnvkjnfbvrkblskivrIvruincbvbeidcbwvvyrsvi and a "Dev" compartment with OCID 'ocidl.compartment.ocl.kjsnfjkvskjfbvsbvsgljvndbblgjdnurvswrjnvljjeeft. What is the correct dynamic policy that will fulfill this request? (Choose the best Answer.)
- A. All {compartment. name="Test", compartment.name="Dev"}
- B. All {Instances in Compartment "Test" and Compartment "Dev"}
- C. Any {instance.compartment.id = 'ocidl.compartment.ocl.lksnvkjnfbvrkblskjvrIvruincbvbeidcbwvvyrsvi, in-stance.compartment.id = 'ocidl.compartment.ocl.kjsnfjkvskjfbvsbvsgljvndbblgjdnurvswrjnvijjeee}
- D. All {Instance.id=tocidtinstance.ocl.eu-frankfurt-Lnsvwradccnksvkkdumcsnvurlsnvnuw"}
正解:C
質問 # 69
You have configured Management Agent on an Oracle Cloud Infrastructure (OCI) Linux instance for log Ingestion purposes. OR When using Management Agent to collect logs continuously. Which is required configuration for OCI Logging Analytics service to collect data from multiple logs of this Instance? (Choose the best Answer.)
- A. Entity Log Association
- B. Source-Entity Association
- C. Log Group-Source Association
- D. Log-Log Group Association
正解:B
質問 # 70
You have three compartments: ProjectA, ProjectB, and ProjectC. For each compartment, there is an admin group set up: A-Admins, B-Admins, and C-Admins. Each admin group has full access over their respective compartments as shown in the graphic below. Your organization has set up a tag namespace, EmployeeGroup.Role and all your admin groups are tagged with a value of 'Admin'.
You want to set up a "Test" compartment for members of the three projects to share, and need to give admin aress to all three of your existing admin groups. Which policy should you write to accomplish this task? (Choose the best Answer.)
- A. Allow all-group to manage all-resources in compartment Test where re-quest.principal.group.tag.EmployeeGroup.Role=Admin
- B. Allow any-group to manage all-resources in compartment Test where re-quest.principal.group.tag.EmployeeGroup.Role=Admin
- C. Allow group any-group to manage all-resources in compartment Test where re-quest.principal.group.tag.EmployeeGroup.Role=Admin
- D. Allow any-users to manage all-resources in compartment Test where re-quest.principal.group.tag.EmployeeGroup.Role=Admin
正解:B
質問 # 71
Which of these protects customer data at rest and in transit in a way that allows customers to meet their security and compliance requirements forcryptographic algorithms and key management?
- A. Identity Federation
- B. Security controls
- C. Data encryption
- D. Customer isolation
正解:C
解説:
DATA ENCRYPTION
Protect customer data at-rest and in-transit in a way that allows customers to meet their security and compliance requirements for cryptographic algorithms and key management.
https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_overview.htm
質問 # 72
Which two are monitored by Cloud Guard in OCI, which can help with the overall security posture? (Choose two.)
- A. monitors user activity that can be unauthorized or suspicious
- B. helps detects misconfigured resources, such as publicly accessible storage buckets, in-stances, and restricted ports on security lists
- C. prevents you from creating misconfigurations on your resources in OCI
- D. masks sensitive data and monitors security controls on your Databases
正解:A、B
質問 # 73
......
2024年最新の1z0-1104-23テスト解説(更新されたのは172問があります):https://jp.fast2test.com/1z0-1104-23-premium-file.html