Latest 1z0-1104-21 Exam Real Tests Free Updated Today [Q47-Q69]

Rate this post

Latest 1z0-1104-21 Exam Real Tests Free Updated Today

1z0-1104-21 Real Exam Question Answers Updated [May 13, 2022]

Oracle 1z0-1104-21 Exam Syllabus Topics:

Topic	Details
Topic 1	Describe use case for Penetration and Vulnerability Testing Cloud Security Business Drivers and Challenges
Topic 2	Describe key capabilities provided by Data Safe Describe use case for auditing and review OCI Audit Logs
Topic 3	Implement security monitoring and alerting Secure connectivity of virtual networks (DRG v2, Peering)
Topic 4	Understand and implement Security Zones and Security Advisor Identify the Cloud Security use cases, challenges, and trends
Topic 5	Create and configure Web Application Firewall Configure Network Security Groups (NSGs) and Security Lists
Topic 6	Configure and manage Secrets in OCI Vault Secure connectivity of hybrid networks (Site-to-Site VPN, FastConnect)
Topic 7	Describe the use case for VCN Flow Logs Use Compartments to isolate resources

NO.47 Which statement is true about using custom BYOI instances in Windows Servers that are managed by OS Management Service?

Windows Servers that does not have the minimum agent version does not require an agent update or installation.

Windows Servers that already has the minimum agent version does not require an agent update or installation.

Windows Servers that already has the minimum agent version requires an agent update or installation.

Windows Servers that does not have the minimum agent version requires an agent update or installation.

https://docs.oracle.com/cd/E11857_01/install.111/e15311/agnt_install_windows.htm

NO.48 Bot Management in OCI provides which of the features? Select TWO correct answers.

Bad Bot Denylist

CAPTCHA Challenge

IP Prefix Steering

Good Bot Allowlist

NO.49 Which statement is true about origin management in WAF?
Statement A: Multiple origins can be defined.
Statement B: Only a single origin can be active for a WAF.

Only statement B is true.

Both the statements are false.

Both the statements are true.

Only statement A is true.

NO.50 Which is NOT a part of Observability and Management Services?

Event Services

OCI Management Service

Logging Analytics

Logging

https://www.oracle.com/in/manageability/

NO.51 you are part of security operation of an organization with thousand of your users accessing Oracle cloud infrastructure it was reported that an unknown user action was executed resulting in configuration error you are tasked to quickly identify the details of all users who were active in the last six hours also with any rest API call that were executed. Which oci feature should you use?

service connector hub

management agent log integration

objectcollectionrule

audit analysis dashboard

NO.52 Which IAM policy should be created to give XYZ the ability to list contents of a resource excluding the f needs to authenticate in prod compartment ? Principle of least priviledge should be used.

Allow group XYZ to manage all resources in compartment != prod

Allow group XYZ to use all resources in compartment != prod

Allow group XYZ to inspect all resources in tenancy where target.compartment.name != prod

Allow group XYZ to read all resources in tenancy where target.compartment.name != prod

NO.53 You create a new compartment, “apps,” to host some production apps and you create an apps_group and added users to it.
What would you do to ensure the users have access to the apps compartment?

Add an IAM policy for the individual users to access the apps compartment.

Add an IAM policy for apps_group granting access to the apps compartment.

Add an lAM policy to attach tenancy to the apps group.

No action is required.

NO.54 which three resources are required to encrypt a block volume with the customer managed key?

MAXIMUM SECURITY ZONE

SYMMETRIC MASTER KEY ENCRYPTlON KEY

BLOCK KEY

OCI VAIRT

IAM Policy Allowing Block Storage to Use Keys

Secrets

https://docs.oracle.com/en-us/iaas/Content/SecurityAdvisor/Tasks/creatingsecureblockvolume.htm

NO.55 Which type of software do you use to centrally distribute and monitor the patch level of systems throughout the enterprise?

Network Monitor software

Web Application Firewall

Patch Management software

Recovery Manager software

https://docs.oracle.com/cd/E11857_01/em.111/e18710/T531901T535649.htm

NO.56 which two responsibilities will be oracle when you move your it infrastructure to oracle cloud infrastructure?

Strong IAM Framework

PROVIDING STRONG SECURITY LIST

Strong Isolation

MAINTAINING CUSTOMER DATA

ACCOUNT ACCESS MANAGEMENT

NO.57 Logical isolation for resources is provided by which OCI feature?

Tenancy

Availability Zone

Region

Compartments

NO.58 Which statement is true about standards?

They may be audited.

They are result of a regulation or contractual requirement or an industry requirement.

They are methods and instructions on how to maintain or accomplish the directives of the policy.

They are the foundation of corporate governance.

NO.59 Which statement is not true about Cloud Security Posture?

Problems contain data about the specific type of issue that was found.

Problems can be resolved, dismissed, or remediated.

Problems are defined by the type of detector that creates them: activity or configuration.

Problems are created when Cloud Guard discovers a deviation from a responder rule.

https://www.oracle.com/security/cloud-security/what-is-cspm/

NO.60 Which of these protects customer data at rest and in transit in a way that allows customers to meet their security and compliance requirements for cryptographic algorithms and key management?

Security controls

Customer isolation

Data encryption

Identity Federation

DATA ENCRYPTION
Protect customer data at-rest and in-transit in a way that allows customers to meet their security and compliance requirements for cryptographic algorithms and key management.
https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_overview.htm

NO.61 What does the following identity policy do?
Allow group my-group to use fn-invocation in compartment ABC where target.function.id = ‘<function-OCID>’

Enables users in a group to create, update, and delete ALL applications and functions in a compartment

Enables users to invoke all the functions in a specific application

Enables users to invoke just one specific function

Enables users to invoke all the functions in a compartment except for one specific function

NO.62 Which is NOT a compliance document?

Certificate

Penetration test report

Attestation

Bridge letter

Types of Compliance Documents
When viewing compliance documents, you can filter on the following types:
Attestation. A Payment Card Industry (PCI) Data Security Standard (DSS) Attestation of Compliance document.
Audit. A general audit report.
Bridge Letter (BridgeLetter). A bridge letter. Bridge letters provide compliance information for the period of time between the end date of an SOC report and the date of the release of a new SOC report.
Certificate. A document indicating certification by a particular authority, with regard to certification requirements and examination results conforming to said requirements.
SOC3. A Service Organization Controls 3 audit report that provides information relating to a service organization’s internal controls for security, availability, confidentiality, and privacy.
Other. A compliance document that doesn’t fit into any of the preceding, more specific categories.
https://docs.oracle.com/en-us/iaas/Content/ComplianceDocuments/Concepts/compliancedocsoverview.htm

NO.63 Which of the following is necessary step when creating a secret in vault?

Vault-managed key is necessary to encrypt the secret

Digest Hash should be created of the secret value

Object Storage must be created to run secret service

Shamir’s secret sharing algorithm should be used to unseal the vault

https://docs.oracle.com/en/database/other-databases/essbase/21/essad/create-vault-and-secrets.html

NO.64 What do the features of OS Management Service do?

Add complexity in using multiple tools to manage mixed-OS environments.

Provide paid service and support to OCI subscribers for fixes on priority.

Increase security and reliability by regular bug fixes.

Encourage manual setup to avoid machine-induced errors.

https://docs.oracle.com/en/solutions/oci-best-practices/manage-your-operating-systems1.html

NO.65 Cloud Guard detected a risk score of zero in the dashboard, what does this mean ?

Risk score doesn’t say anything. These are just numbers

LOW or MINOR issues

Larger number of problems that have high risk levels ( HIGH or CRITICAL )

No problem detected for any resource

NO.66 Which of the following services are NOT Security Services in OCI ? Select TWO answers.

Data Guard

Cloud Guard

Vault

Block Volume

NO.67 As a security administrator, you want to create cloud resources that align with Oracle’s security principles and best practices. Which security service should you use?

Identity and Access Management

Cloud Guard

Security Advisor

Web Application Firewall (WAF)

NO.68 your company has hired a consulting firm to audit your oracle cloud infrastructure activity and configuration you have created a set of users who will be performing the audit, you assigned these user to the orgauditgrp group. the auditor required the ability to see the configuration of all resources within tenant and you have agreed to exempt the dev compartment from the audit.
which IAM policy should be created to grant the orgauditgrp the ability to look at configuration for all resources except for those resources inside the dev compartment?

allow group orgauditgrp to read all-resources in tenancy where target.compartment.name !=dev

allow group orgauditgrp to read all-resources in compartment !=dev

allow group orgauditgrp to inspect all-resources in tenancy where target compartment.name !=dev

allow group orgauditgrp to inspect all-resources in compartment !=dev

NO.69 VCN Flow log record details about the traffic that has been denied or approved is based on which of the following statements?

Configuration of route table

Security Lists or Network Security Group Rules

Web Application Firewall (WAF)

Auth tokens