• ホーム
  • ブログ
  • [2024年更新]1z0-1104-23のPDF問題完璧見込みで練習試験合格させます [Q27-Q48]

[2024年更新]1z0-1104-23のPDF問題完璧見込みで練習試験合格させます [Q27-Q48]

Share

[2024年更新]1z0-1104-23のPDF問題完璧見込みでGoShiken練習試験合格させます

Oracle 1z0-1104-23のPDF問題傑作練習用であなたの試験を合格してみせます

質問 # 27
You are a cloud Security administrator for a company. You are trying to create a dynamic rule that will match all instances in compartment "Test", with the OCID 'ocidl.compartment.ocl.lksnvkjnfbvrkblskivrIvruincbvbeidcbwvvyrsvi and a "Dev" compartment with OCID 'ocidl.compartment.ocl.kjsnfjkvskjfbvsbvsgljvndbblgjdnurvswrjnvljjeeft. What is the correct dynamic policy that will fulfill this request? (Choose the best Answer.)

  • A. All {compartment. name="Test", compartment.name="Dev"}
  • B. All {Instances in Compartment "Test" and Compartment "Dev"}
  • C. All {Instance.id=tocidtinstance.ocl.eu-frankfurt-Lnsvwradccnksvkkdumcsnvurlsnvnuw"}
  • D. Any {instance.compartment.id = 'ocidl.compartment.ocl.lksnvkjnfbvrkblskjvrIvruincbvbeidcbwvvyrsvi, in-stance.compartment.id = 'ocidl.compartment.ocl.kjsnfjkvskjfbvsbvsgljvndbblgjdnurvswrjnvijjeee}

正解:D


質問 # 28
Which statement is true about Oracle Cloud Infrastructure (OCI) Object Storage server-side encryption?

  • A. All the traffic to and from object storage is encrypted by using Transport Layer Security.
  • B. Each object in a bucket is always encrypted with the same data encryption key.
  • C. Encryption is not enabled by default.
  • D. Customer-provided encryption keys are never stored in OCI Vault service.

正解:A

解説:
Oracle Cloud Infrastructure (OCI) Object Storage uses Transport Layer Security (TLS) to encrypt all traffic to and from Object Storage34. This ensures that data is secure during transit.


質問 # 29
How can you establish private connectivity over two VCN within same OCI region without traversing the traffic over public internet ?

  • A. Local VCN Peering
  • B. Data Guard
  • C. NAT Gateway
  • D. Remote VCN Peering

正解:A

解説:
Explanation
Graphical user interface, text, application, email Description automatically generated


質問 # 30
Which cache rules criterion matches if the concatenation of the requested URL path and query are identical to the contents of the value field?

  • A. URL_IS
  • B. URL_PART_ENDS_WITH
  • C. URL_PART_CONTAINS
  • D. URL_STARTS_WITH

正解:A

解説:
URL_IS: Matches if the concatenation of request URL path and query is identical to the contents of the value field. URL must start with a /.
https://docs.oracle.com/en-us/iaas/tools/terraform-provider-oci/4.57.0/docs/d/waas_waas_policy.html


質問 # 31
A member of operations team has set Pre-Authenticated Request (PAR) associated with a bucket to an incorrect date and now wants to edit the PARrequest. How can this be achieved?

  • A. Don't set an expiration time for PAR
  • B. Delete the bucket associated with PAR and recreate it
  • C. Delete both PAR as well as the bucket then recreate both
  • D. Delete the PAR and recreate it with the required date

正解:D

解説:
Explanation
Graphical user interface, text, application, email Description automatically generated


質問 # 32
Which type of file system does file storage use?

  • A. SSD
  • B. Paravirtualized
  • C. NFSv3
  • D. iSCSI
  • E. NVMe

正解:C

解説:
The File Storage service supports the Network File System version 3.0 (NFSv3) protocol. The service supports the Network Lock Manager (NLM) protocol for file locking functionality.
https://docs.oracle.com/en-us/iaas/Content/File/Concepts/filestorageoverview.htm


質問 # 33
Which VCNconfiguration is CORRECT with regard to VCN peering within a same region ?

  • A. 12.0.0.0/16 and 12.0.0.0/16C 194.168.0.0/24 and 194.168.0.0/24
  • B. 194.168.0.0/24 and 194.168.0.0/16
  • C. 12.0.0.0/16 and 194.168.0.0/16

正解:C

解説:
When setting up VCN peering within the same region, the VCNs must have non-overlapping CIDRs12. In this case, the CIDR blocks 12.0.0.0/16 and 194.168.0.0/16 are different and do not overlap, making them suitable for VCN peering


質問 # 34
You want to include all instances in any of two or morecompartments, which syntax should you use for dynamic policy you want to create for "Prod" compartment and "SIT" compartment?
Prod OCID : 'JON.Prod'
SIT OCID : 'JON.SIT'

  • A. All { instance.compartment.id = 'JON.Prod', instance.compartment.id = 'JON.SIT'
  • B. Any { instance in compartment 'Prod' and Compartment 'SIT' }
  • C. Any { instance.compartment.id = 'JON.Prod', instance.compartment.id = 'JON.SIT'
  • D. All { instance in compartment 'Prod' and Compartment 'SIT' }

正解:C

解説:
Explanation
Graphical user interface, text, application, email Description automatically generated


質問 # 35
What is a prerequisite for creating a secret in OCI Vault? (Choose the best Answer.)

  • A. You must have an Vault-managed key to encrypt the secret.
  • B. You must create a digest hash of the secret value.
  • C. You must unseal the Vault by using Shamir's Secret Sharing.
  • D. The user must create a compute instance to run the Secret service.

正解:A


質問 # 36
As a solutions architect, you need to assist operations team to write an I AM policy to give users in group-uat1 and group- uat2 access to manage all resources in the compartment Uat. Which is the CORRECT IAM policy ?

  • A. Allow any-user to manage all resources in compartment Uat where request.group=/group-uat/*
  • B. Allow group /group-uat*/ to manage all resources in compartment Uat
  • C. Allow any-user to manage all resources in tenancy where target.compartment= Uat
  • D. Allow group group-uat1 group-uat2 tomanage all resources in compartment Uat

正解:B

解説:
This policy allows users in groups whose names start with "group-uat" to manage all resources in the compartment named "Uat"12.


質問 # 37
Which statement is not true about Cloud Security Posture?

  • A. Problems can be resolved, dismissed, or remediated.
  • B. Problems are defined by the type of detector that creates them: activity or configuration.
  • C. Problems contain data about the specific type of issue that was found.
  • D. Problems are created when Cloud Guard discovers a deviation from a responder rule.

正解:D

解説:
https://www.oracle.com/security/cloud-security/what-is-cspm/


質問 # 38
what is the use case for Oracle cloudinfrastructure logging analytics service?

  • A. automatically and manage any log based on a subscription model
  • B. monitors, aggregates, indexes and analyzes all log data from on-premises.
  • C. labels data packets that pass through the internet gateway
  • D. automatically create instances to collect logs analysis and send reports

正解:B

解説:
Explanation
Oracle Cloud Infrastructure Logging Analytics is a machine learning-based cloud service that monitors, aggregates, indexes, and analyzes all log data from on-premises and multicloud environments. Enabling users to search, explore, and correlate this data to troubleshoot and resolve problems faster and derive insights to make better operational decisions.
https://www.oracle.com/manageability/logging-analytics/


質問 # 39
Which of the following is necessary step when creating a secret in vault?

  • A. Object Storage must be created to run secret service
  • B. Digest Hash shouldbe created of the secret value
  • C. Vault-managed key is necessary to encrypt the secret
  • D. Shamir's secret sharing algorithm should be used to unseal the vault

正解:C

解説:
https://docs.oracle.com/en/database/other-databases/essbase/21/essad/create-vault-and-secrets.html


質問 # 40
As a security administrator, you want to create cloud resources that alignwith Oracle's security principles and best practices. Which security service should you use?

  • A. Identity and Access Management
  • B. Cloud Guard
  • C. Security Advisor
  • D. Web Application Firewall (WAF)

正解:C

解説:


質問 # 41
Which VCNconfiguration is CORRECT with regard to VCN peering within a same region ?

  • A. 12.0.0.0/16 and 12.0.0.0/16C 194.168.0.0/24 and 194.168.0.0/24
  • B. 194.168.0.0/24 and 194.168.0.0/16
  • C. 12.0.0.0/16 and 194.168.0.0/16

正解:C

解説:
Explanation
When setting up VCN peering within the same region, the VCNs must have non-overlapping CIDRs12. In this case, the CIDR blocks 12.0.0.0/16 and 194.168.0.0/16 are different and do not overlap, making them suitable for VCN peering


質問 # 42
Which statement is not true about Cloud Security Posture?

  • A. Problems can be resolved, dismissed, or remediated.
  • B. Problems are defined by the type of detector that creates them: activity or configuration.
  • C. Problems contain data about the specific type of issue that was found.
  • D. Problems are created when Cloud Guard discovers a deviation from a responder rule.

正解:D

解説:
Explanation
https://www.oracle.com/security/cloud-security/what-is-cspm/


質問 # 43
you want to create a stateless rule forSSH in security list and the ingress role has already been properly configured what combination should you use on the engress role what commination should you use on the egress rule?

  • A. select tcp for protocol: enter 22 for source port" and 22 for destination port
  • B. select tcp for protocol: enter all for source port" and 22 for destination port.
  • C. select udp for protocol: enter 22 for source port" and all for destination port
  • D. select tcp for protocol: enter 22 for source port" and all for destinationport

正解:B

解説:
Explanation
For SSH traffic, which uses TCP protocol and port 22, you would want to allow all source ports to connect to your destination port 22. This is because the source port for an SSH client can be any available port number.


質問 # 44
As a solutions architect, you need to assist operations team to write an I AM policy to give users in group-uat1 and group- uat2 access to manage all resources in the compartment Uat. Which is the CORRECT IAM policy
?

  • A. Allow any-user to manage all resources in compartment Uat where request.group=/group-uat/*
  • B. Allow group /group-uat*/ to manage all resources in compartment Uat
  • C. Allow any-user to manage all resources in tenancy where target.compartment= Uat
  • D. Allow group group-uat1 group-uat2 tomanage all resources in compartment Uat

正解:B

解説:
Explanation
This policy allows users in groups whose names start with "group-uat" to manage all resources in the compartment named "Uat"12.


質問 # 45
A customer has multiple virtual machines in a subnet that require access to the public Internet. They want to implement URL filtering to restrict access to certain websites. They have identified the following requirements: All virtual machines should be able to access educational websites. Some virtual machines should not be able to access gaming websites. Some virtual machines should not be able to access social media websites. Which is the best method to implement these requirements? (Choose the best Answer.)

  • A. Create separate subnets for each group of virtual machines with different access requirements and apply different security lists to each subnet.
  • B. Use the network firewall to generate URL lists based on the access requirements of the virtual machines, and then configure security rules to filter traffic accordingly.
  • C. Create a single security list for the subnet and apply URL filtering rules based on the requirements.
  • D. Use routing rules to direct traffic to different Internet gateways based on the virtual machines' access requirements.

正解:A


質問 # 46
Challenge 4 - Task 4 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Create a WAF policy with the name IAD-SP-PBT-WAF-01_99233424-lab.user01 Eg: IAD-SP-PBT-WAF-01_99232403-lab.user02

正解:

解説:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Identity & Security. Navigate to Web Application Firewall and click Policies under it.
From the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.
Click Create WAF Policy.
The Create WAF Policy dialogue box appears. Creating a WAF policy consists of the following sections accessible from the left-side navigation:
a) Basic information
b) Access control
c) Rate limiting
d) Protections
e) Select enforcement point
f) Review and create.
In the Basic Information section:
a) Name: IAD-SP-PBT-WAF-01_99233424-lab.user01
b) WAF Policy Compartment: Select your working compartment
c) Action: Keep the default preconfigured actions; do not edit.
d) Click the Select enforcement point section accessible from the left-side navigation.
Note: You will configure the other section later in this practice. You will directly configure the Enforcement point.
In the Select enforcement point section: a) Add Firewalls: Select a load balancer IAD-SP-PBT-LB-01 in your current compartment from the list. b) Click Next for Review and Create.
Under the Review and Create Section: a) Verify the enforcement point added in the previous step.
Click Create WAF Policy.
The Create WAF Policy dialogue box closes, and you are returned to the WAF Policy page. The WAF policy you created is listed.


質問 # 47
Which storage type is most effective when you want to move some unstructured data, consisting of images and videos, to cloud storage?

  • A. File storage
  • B. Archivestorage
  • C. Standard storage
  • D. Block volume

正解:C

解説:
Explanation
Use Oracle Cloud Infrastructure Object Storage for data to which you need fast, immediate, and frequent access. Data accessibility and performance justifies a higher price point to store data in the Object Storage tier.
The Object Storage service can store an unlimited amount of unstructured data of any content type, including analytic data and rich content, like images and videos.
https://docs.oracle.com/en/solutions/learn-migrate-app-data-to-cloud/considerations-object-storage.html#GUID-A


質問 # 48
......

オンライン問題傑作練習用であなたの試験を合格してみせます:https://www.goshiken.com/Oracle/1z0-1104-23-mondaishu.html

練習できる1z0-1104-23にはGoShiken明確な練習であなたをOracle Cloud Infrastructure 2023 Security Professional試験合格させます:https://drive.google.com/open?id=1BEPcXfj7REwE0LvzJUQKZe5VJJAxIrVl

関するブログ

もっと
1z0-1104-23無料問題集