1z0-1104-22 Pre-Exam Practice Tests (Updated 95 Questions) [Q57-Q77]

1z0-1104-22 Pre-Exam Practice Tests | (Updated 95 Questions)

Valid 1z0-1104-22 Exam Q&A PDF - One Year Free Update

NEW QUESTION # 57
Which Security Zone policy is NOT valid?

• A. A boot volume can be moved from a security zone to a standard compartment.
• B. Resources in a security zone should not be accessible from the public internet.
• C. Resources in a security zone must be automatically backed up regularly.
• D. A compute instance cannot be moved from a security zone to a standard compartment.

Answer: A

NEW QUESTION # 58
Which Cloud Guard component identifies issues with resources or user actions and alerts you when an issue is found?

• A. Responders
• B. Detectors
• C. Problems
• D. Targets

Answer: B

Explanation:
Detector
Performs checks to identify potential security problems based on activities or configurations. Rules followed to identify problems are the same for all compartments in a target.
https://docs.oracle.com/en-us/iaas/cloud-guard/using/part-start.htm

NEW QUESTION # 59
Which VCN configuration is CORRECT with regard to VCN peering within a same region ?

• A. 12.0.0.0/16 and 194.168.0.0/16
• B. 12.0.0.0/16 and 12.0.0.0/16
  C 194.168.0.0/24 and 194.168.0.0/24
• C. 194.168.0.0/24 and 194.168.0.0/16

Answer: A

NEW QUESTION # 60
What must be configured for a load balancer to accept incoming traffic?

• A. Service Gateway
• B. Route table entry pointing to the listener IP address
• C. Listener
• D. SSL certificate

Answer: C

Explanation:
A listener is an entity that checks for connection requests. The load balancer listener listens for ingress client traffic using the port you specify within the listener and the load balancer's public IP.
https://docs.oracle.com/en-us/iaas/Content/GSG/Tasks/loadbalancing.htm
To create a listener:
On your Load Balancer Details page, click Listeners.
Click Create Listener.
Enter the following:
Name: Enter a friendly name. Avoid entering confidential information.
Protocol: Select HTTP.
Port: Enter 80 as the port on which to listen for incoming traffic.
Backend Set: Select the backend set you created.
Click Create.

NEW QUESTION # 61
A company has OCI tenancy which has mount target associated with two File Systems, CG_1 and CG_2. These File Systems are accessed by IP-based clients AB_1 and AB_2 respectively. As a security administrator, how can you provide access to both clients such that CGI has Read only access on AB1 and CG_2 has Read/Write access on AB_2?

• A. Access Control Lists
• B. NFS Export Option
• C. Vault
• D. NFS v3 Unix Security

Answer: B,D

Explanation:

NEW QUESTION # 62
As a lead Security Architect, you have tasked to restrict access to and from the worker nodes in pods running in Oracle Container Engine for Kubernetes?

• A. Vulnerability Scanning
• B. Cloud Guard
• C. Security Lists
• D. Identity and Access Management

Answer: C

Explanation:

NEW QUESTION # 63
For how long are API calls audited and available?

• A. 30 days
• B. 60 days
• C. 90 days
• D. 365 days

Answer: C

NEW QUESTION # 64
Cloud Guard detected a risk score of zero in the dashboard, what does this mean ?

• A. Larger number of problems that have high risk levels ( HIGH or CRITICAL )
• B. No problem detected for any resource
• C. Risk score doesn't say anything. These are just numbers
• D. LOW or MINOR issues

Answer: B

Explanation:

NEW QUESTION # 65
You are using a custom application with third-party APIs to manage application and data hosted in an Oracle Cloud Infrastructure (OCI) tenancy. Although your third-party APIs don't support OCI's signature-based authentication, you want them to communicate with OCI resources. Which authentication option must you use to ensure this?

• A. Auth Token
• B. OCI username and Password
• C. SSH Key Pair with 2048-bit algorithm
• D. API Signing Key

Answer: A

NEW QUESTION # 66
An automobile company needs to configure Bastion Managed SSH session to a compute instance in a private subnet. What are the TWO prerequisites to configure successfully?

• A. SSH port forwarding should be enabled
• B. There is no need for any gateway in private subnet
• C. NAT or Service Gateway should be attached to the private subnet
• D. Route rule to a NAT or Service Gateway should be associated with the subnet of the route table

Answer: C,D

NEW QUESTION # 67
You want to include all instances in any of two or more compartments, which syntax should you use for dynamic policy you want to create for "Prod" compartment and "SIT" compartment?
Prod OCID : 'JON.Prod'
SIT OCID : 'JON.SIT'

• A. Any { instance in compartment 'Prod' and Compartment 'SIT' }
• B. All { instance.compartment.id = 'JON.Prod', instance.compartment.id = 'JON.SIT'
• C. All { instance in compartment 'Prod' and Compartment 'SIT' }
• D. Any { instance.compartment.id = 'JON.Prod', instance.compartment.id = 'JON.SIT'

Answer: D

Explanation:

NEW QUESTION # 68
What information do you get by using the Network Visualizer tool?

• A. Routes defined between subnets and gateways
• B. Organization of subnets and VLANs across availability domains
• C. Interconnectivity of VCNs
• D. State of subnets in a VCN

Answer: C

Explanation:
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/network_visualizer.htm You can view and understand the following from this diagram:
How VCNs are inter-connected
How on-premises networks are connected (using FastConnect or Site-to-Site VPN) Which routing entities (DRGs and so on) control traffic routing How your transit routing is configured

NEW QUESTION # 69
Which volume type contains the image used to boot a compute instance?

• A. Init 6 volume
• B. Block volume
• C. Boot volume
• D. Startup volume

Answer: C

Explanation:
Boot Volumes
When you launch a virtual machine (VM) or bare metal instance based on a platform image or custom image, a new boot volume for the instance is created in the same compartment. That boot volume is associated with that instance until you terminate the instance. When you terminate the instance, you can preserve the boot volume and its data
https://docs.oracle.com/en-us/iaas/Content/Block/Concepts/bootvolumes.htm

NEW QUESTION # 70
you want to create a stateless rule for SSH in security list and the ingress role has already been properly configured what combination should you use on the engress role what commination should you use on the egress rule?

• A. select udp for protocol: enter 22 for source port" and all for destination port
• B. select tcp for protocol: enter 22 for source port" and all for destination port
• C. select tcp for protocol: enter all for source port" and 22 for destination port.
• D. select tcp for protocol: enter 22 for source port" and 22 for destination port

Answer: C

NEW QUESTION # 71
what is the use case for Oracle cloud infrastructure logging analytics service?

• A. automatically create instances to collect logs analysis and send reports
• B. monitors, aggregates, indexes and analyzes all log data from on-premises.
• C. automatically and manage any log based on a subscription model
• D. labels data packets that pass through the internet gateway

Answer: B

Explanation:
Oracle Cloud Infrastructure Logging Analytics is a machine learning-based cloud service that monitors, aggregates, indexes, and analyzes all log data from on-premises and multicloud environments. Enabling users to search, explore, and correlate this data to troubleshoot and resolve problems faster and derive insights to make better operational decisions.
https://www.oracle.com/manageability/logging-analytics/

NEW QUESTION # 72
As a security administrator, you want to create cloud resources that align with Oracle's security principles and best practices. Which security service should you use?

• A. Web Application Firewall (WAF)
• B. Cloud Guard
• C. Identity and Access Management
• D. Security Advisor

Answer: D

Explanation:

NEW QUESTION # 73
Which OCI cloud service lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources?

• A. Vault
• B. Cloud Guard
• C. Data Guard
• D. Data Safe

Answer: A

Explanation:
Oracle Cloud Infrastructure Vault is a managed service that lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources. Vaults securely store master encryption keys and secrets that you might otherwise store in configuration files or in code. Specifically, depending on the protection mode, keys are either stored on the server or they are stored on highly available and durable hardware security modules (HSM) that meet Federal Information Processing Standards (FIPS) 140-2 Security Level 3 security certification.
https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm

NEW QUESTION # 74
You have configured the Management Agent on an Oracle Cloud Infrastructure (OCI) Linux instance for log ingestion purposes.
Which is a required configuration for OCI Logging Analytics service to collect data from multiple logs of this Instance?

• A. Log - Log Group Association
• B. Source - Entity Association
• C. Log Group - Source Association
• D. Entity - Log Association

Answer: B

NEW QUESTION # 75
You want software that can automatically collect and aggregate log data generated throughout your organization's infrastructure, analyze it, and send alerts if it detects a deviation from the norm.
Which software must you use?

• A. Security Integration Management (SIM)
• B. Security Information Management (SIM)
• C. Security Event Management (SEM)
• D. Security Information and Event Management (SIEM)

Answer: D

NEW QUESTION # 76
How can you convert a fixed load balancer to a flexible load balancer?

• A. There is no way to covert the load balancer.
• B. Delete the fixed load balancer and create a new one.
• C. Use Update Shape workflows.
• D. Using the Edit Listener option.

Answer: C

NEW QUESTION # 77
......

Oracle Cloud Infrastructure 2022 Security Professional Free Update Certification Sample Questions: https://examkiller.itexamreview.com/1z0-1104-22-valid-exam-braindumps.html