手に入れよう!は2022年最新の有効な実践問題であなたの1z0-1104-22試験を合格させる(本日更新された95問)
Oracle Cloud Infrastructure 1z0-1104-22試験実践テスト問題集解答豪華セットを使おう!
Oracle 1z0-1104-22 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
質問 47
Which of the following services are NOT Security Services in OCI ? Select TWO answers.
- A. Cloud Guard
- B. Data Guard
- C. Block Volume
- D. Vault
正解: B,C
質問 48
what is the use case for Oracle cloud infrastructure logging analytics service?
- A. labels data packets that pass through the internet gateway
- B. monitors, aggregates, indexes and analyzes all log data from on-premises.
- C. automatically and manage any log based on a subscription model
- D. automatically create instances to collect logs analysis and send reports
正解: B
解説:
Oracle Cloud Infrastructure Logging Analytics is a machine learning-based cloud service that monitors, aggregates, indexes, and analyzes all log data from on-premises and multicloud environments. Enabling users to search, explore, and correlate this data to troubleshoot and resolve problems faster and derive insights to make better operational decisions.
https://www.oracle.com/manageability/logging-analytics/
質問 49
Which statements are CORRECT about Security Zone policy in OCI ? Select TWO correct answers
- A. Resources in a security zone must be accessible from internet
- B. Resources in a security zone must be encrypted using customer-managed keys
- C. Block volume can be moved from a security zone to a standard compartment
- D. Bucket can't be moved from a security zone to a standard compartment
正解: B,D
解説:
質問 50
What must be configured for a load balancer to accept incoming traffic?
- A. Service Gateway
- B. SSL certificate
- C. Listener
- D. Route table entry pointing to the listener IP address
正解: C
解説:
A listener is an entity that checks for connection requests. The load balancer listener listens for ingress client traffic using the port you specify within the listener and the load balancer's public IP.
https://docs.oracle.com/en-us/iaas/Content/GSG/Tasks/loadbalancing.htm
To create a listener:
On your Load Balancer Details page, click Listeners.
Click Create Listener.
Enter the following:
Name: Enter a friendly name. Avoid entering confidential information.
Protocol: Select HTTP.
Port: Enter 80 as the port on which to listen for incoming traffic.
Backend Set: Select the backend set you created.
Click Create.
質問 51
Operations team has made a mistake in updating the secret contents and immediately need to resume using older secret contents in OCI Secret Management within a Vault.
As a Security Administrator, what step should you perform to rollback to last version? Select TWO correct answers.
- A. Mark the secret version as 'Rewind'
- B. Mark the secret version as 'Previous'
- C. Upload new secret and mark as 'Pending'. Promote this secret version as 'Current'
- D. Mark the secret version as 'deprecated'
正解: B,C
解説:
質問 52
Which parameters customers need to configure while reading secrets by name using CL1 or API? Select TWO correct answers.
- A. Vault Id
- B. Certificates
- C. ASCII Value
- D. Secret Name
正解: A,D
解説:
質問 53
Which statement is not true about Cloud Security Posture?
- A. Problems contain data about the specific type of issue that was found.
- B. Problems are defined by the type of detector that creates them: activity or configuration.
- C. Problems can be resolved, dismissed, or remediated.
- D. Problems are created when Cloud Guard discovers a deviation from a responder rule.
正解: D
解説:
https://www.oracle.com/security/cloud-security/what-is-cspm/
質問 54
Which is NOT a part of Observability and Management Services?
- A. Logging Analytics
- B. Event Services
- C. Logging
- D. OCI Management Service
正解: D
解説:
https://www.oracle.com/in/manageability/
質問 55
You create a new compartment, "apps," to host some production apps and you create an apps_group and added users to it.
What would you do to ensure the users have access to the apps compartment?
- A. Add an lAM policy to attach tenancy to the apps group.
- B. Add an IAM policy for apps_group granting access to the apps compartment.
- C. Add an IAM policy for the individual users to access the apps compartment.
- D. No action is required.
正解: B
質問 56
You are using a custom application with third-party APIs to manage application and data hosted in an Oracle Cloud Infrastructure (OCI) tenancy. Although your third-party APIs don't support OCI's signature-based authentication, you want them to communicate with OCI resources. Which authentication option must you use to ensure this?
- A. API Signing Key
- B. OCI username and Password
- C. SSH Key Pair with 2048-bit algorithm
- D. Auth Token
正解: D
質問 57
You want to include all instances in any of two or more compartments, which syntax should you use for dynamic policy you want to create for "Prod" compartment and "SIT" compartment?
Prod OCID : 'JON.Prod'
SIT OCID : 'JON.SIT'
- A. Any { instance in compartment 'Prod' and Compartment 'SIT' }
- B. All { instance.compartment.id = 'JON.Prod', instance.compartment.id = 'JON.SIT'
- C. Any { instance.compartment.id = 'JON.Prod', instance.compartment.id = 'JON.SIT'
- D. All { instance in compartment 'Prod' and Compartment 'SIT' }
正解: C
解説:
質問 58
When does Cloud Guard re-open an issue and update the history?
- A. If it detects an issue again for an Open (unresolved) problem
- B. If it detects an issue for a previously resolved configuration problem
- C. If it detects an issue for a previously resolved/dismissed activity problem
- D. If it detects an issue for a previously dismissed configuration problem
正解: B
解説:
If Cloud Guard detects an issue again for:
An Open (unresolved) problem, it updates the problem history, but doesn't create a new problem.
A previously solved problem, it reopens the issue and updates the history.
A previously dismissed problem, it updates the history.
https://docs.oracle.com/en-us/iaas/cloud-guard/using/problems-page.htm
質問 59
With regard to vulnerability and cloud penetration testing, which rules of engagement apply? Select TWO correct answers.
- A. Physical penetration and vulnerability testing of Oracle facilities is prohibited
- B. You are responsible for any damages to Oracle Cloud customers that are caused by your testing activities
- C. Any port scanning must be performed in an aggressive mode
- D. Testing should target any other subscription or any other Oracle Cloud customer resources
正解: A,B
解説:
質問 60
What information do you get by using the Network Visualizer tool?
- A. Routes defined between subnets and gateways
- B. Interconnectivity of VCNs
- C. Organization of subnets and VLANs across availability domains
- D. State of subnets in a VCN
正解: B
解説:
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/network_visualizer.htm You can view and understand the following from this diagram:
How VCNs are inter-connected
How on-premises networks are connected (using FastConnect or Site-to-Site VPN) Which routing entities (DRGs and so on) control traffic routing How your transit routing is configured
質問 61
Which VCN configuration is CORRECT with regard to VCN peering within a same region ?
- A. 12.0.0.0/16 and 194.168.0.0/16
- B. 12.0.0.0/16 and 12.0.0.0/16
C 194.168.0.0/24 and 194.168.0.0/24 - C. 194.168.0.0/24 and 194.168.0.0/16
正解: A
質問 62
you want to create a stateless rule for SSH in security list and the ingress role has already been properly configured what combination should you use on the engress role what commination should you use on the egress rule?
- A. select udp for protocol: enter 22 for source port" and all for destination port
- B. select tcp for protocol: enter 22 for source port" and all for destination port
- C. select tcp for protocol: enter 22 for source port" and 22 for destination port
- D. select tcp for protocol: enter all for source port" and 22 for destination port.
正解: D
質問 63
Which architecture is based on the principle of "never trust, always verify"?
- A. Fluid perimeter
- B. Zero trust
- C. Federated identity
- D. Defense in depth
正解: B
解説:
Enterprise Interest in Zero Trust is Growing Ransomware and breaches are top of the news cycle and a major concern for organizations big and small. So, many are now looking at the Zero Trust architecture and its primary principle "never trust, always verify" to provide greater protection.
According to Report Linker, the Zero Trust security market is projected to grow from USD 15.6 billion in 2019 to USD 38.6 billion by 2024 and that sounds right based on the large number of companies pitching their Zero Trust wares at RSA 2020.
The enterprise was well represented at the conference and there was a tremendous amount of interest in Zero Trust. Interestingly, even though Zero Trust environments are often made up of several solutions from multiple vendors it hasn't prevented each of the vendors from evangelizing their flavors of Zero Trust. This left the thousands of attendees to attempt to cut through the Zero Trust buzz and noise and make their own conclusions to the best approach.
https://blogs.oracle.com/cloudsecurity/post/rsa-2020-recap-cloud-security-moves-to-the-front
質問 64
You subscribe to a PaaS service that follows the Shared Responsibility model.
Which type of security is your responsibility?
- A. Network
- B. Infrastructure
- C. Data
- D. Guest OS
正解: C
解説:
https://www.oracle.com/a/ocom/docs/cloud/oracle-ctr-2020-shared-responsibility.pdf
質問 65
......
完全版最新の問題集PDFで最新1z0-1104-22試験問題と解答:https://www.goshiken.com/Oracle/1z0-1104-22-mondaishu.html