[Nov-2023] The Best Oracle Cloud Infrastructure Study Guide for the 1z0-1104-22 Exam

1z0-1104-22 certification guide Q&A from Training Expert TestSimulate

Oracle Cloud Infrastructure is one of the leading cloud providers, and security is a critical component in ensuring the reliability and trustworthiness of their cloud services. The Oracle 1z0-1104-22 exam covers all aspects of cloud security, including identity and access management, network security, data encryption, threat detection, and incident response. By passing 1z0-1104-22 exam, candidates can showcase their knowledge and skills in securing the Oracle Cloud Infrastructure to potential employers and enhance their career prospects.

 

NEW QUESTION # 24
On which option do you set Oracle Cloud Infrastructure Budget?

• A. Tenancy
• B. Compartments
• C. Instances
• D. Free-form tags

Answer: B

Explanation:
How Budgets Work
Budgets are set on cost-tracking tags or on compartments (including the root compartment) to track all spending in that cost-tracking tag or for that compartment and its children.
https://docs.oracle.com/en-us/iaas/Content/Billing/Concepts/budgetsoverview.htm

NEW QUESTION # 25
Which architecture is based on the principle of "never trust, always verify"?

• A. Federated identity
• B. Fluid perimeter
• C. Defense in depth
• D. Zero trust

Answer: D

Explanation:
Enterprise Interest in Zero Trust is Growing Ransomware and breaches are top of the news cycle and a major concern for organizations big and small. So, many are now looking at the Zero Trust architecture and its primary principle "never trust, always verify" to provide greater protection.
According to Report Linker, the Zero Trust security market is projected to grow from USD 15.6 billion in 2019 to USD 38.6 billion by 2024 and that sounds right based on the large number of companies pitching their Zero Trust wares at RSA 2020.
The enterprise was well represented at the conference and there was a tremendous amount of interest in Zero Trust. Interestingly, even though Zero Trust environments are often made up of several solutions from multiple vendors it hasn't prevented each of the vendors from evangelizing their flavors of Zero Trust. This left the thousands of attendees to attempt to cut through the Zero Trust buzz and noise and make their own conclusions to the best approach.
https://blogs.oracle.com/cloudsecurity/post/rsa-2020-recap-cloud-security-moves-to-the-front

NEW QUESTION # 26
Where are logs stored?

• A. Cloud Agent
• B. OCI File Storage
• C. OCI Block Storage
• D. OCI Object Storage

Answer: D

Explanation:
You can collect log data continuously from Oracle Cloud Infrastructure (OCI) Object Storage. To enable the log collection, create ObjectCollectionRule resource using REST API or CLI. After the successful creation of this resource and having the required IAM policies, the log collection will be initiated.
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/collect-logs-your-oci-object-storage-bucket.html

NEW QUESTION # 27
Which type of file system does file storage use?

• A. NVMe
• B. SSD
• C. Paravirtualized
• D. iSCSI
• E. NFSv3

Answer: E

Explanation:
The File Storage service supports the Network File System version 3.0 (NFSv3) protocol. The service supports the Network Lock Manager (NLM) protocol for file locking functionality.
https://docs.oracle.com/en-us/iaas/Content/File/Concepts/filestorageoverview.htm

NEW QUESTION # 28
Which VCN configuration is CORRECT with regard to VCN peering within a same region ?

• A. 194.168.0.0/24 and 194.168.0.0/16
• B. 12.0.0.0/16 and 12.0.0.0/16
  C 194.168.0.0/24 and 194.168.0.0/24
• C. 12.0.0.0/16 and 194.168.0.0/16

Answer: C

NEW QUESTION # 29
How can you establish private connectivity over two VCN within same OCI region without traversing the traffic over public internet ?

• A. Remote VCN Peering
• B. NAT Gateway
• C. Data Guard
• D. Local VCN Peering

Answer: D

Explanation:

NEW QUESTION # 30
What information do you get by using the Network Visualizer tool?

• A. Interconnectivity of VCNs
• B. Organization of subnets and VLANs across availability domains
• C. Routes defined between subnets and gateways
• D. State of subnets in a VCN

Answer: A

Explanation:
https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/network_visualizer.htm You can view and understand the following from this diagram:
How VCNs are inter-connected
How on-premises networks are connected (using FastConnect or Site-to-Site VPN) Which routing entities (DRGs and so on) control traffic routing How your transit routing is configured

NEW QUESTION # 31
Bot Management in OCI provides which of the features? Select TWO correct answers.

• A. CAPTCHA Challenge
• B. IP Prefix Steering
• C. Bad Bot Denylist
• D. Good Bot Allowlist

Answer: A,D

Explanation:

NEW QUESTION # 32
What is the configuration to avoid publishing messages during the specified time range known as?

• A. Trigger rule
• B. Statistic
• C. Suppression
• D. Resource group

Answer: C

Explanation:

NEW QUESTION # 33
What is the minimum active storage duration for logs used by Logging Analytics to be archived?

• A. 10 days
• B. 30 days
• C. 60 days
• D. 15 days

Answer: B

Explanation:
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/manage-storage.html#:~:text=The%20minimum%20Active%20Storage%20Duration,be%20archived%20is%2030%20days.
The minimum Active Storage Duration (Days) for logs before they can be archived is 30 days.

NEW QUESTION # 34
You are using a custom application with third-party APIs to manage application and data hosted in an Oracle Cloud Infrastructure (OCI) tenancy. Although your third-party APIs don't support OCI's signature-based authentication, you want them to communicate with OCI resources. Which authentication option must you use to ensure this?

• A. OCI username and Password
• B. Auth Token
• C. SSH Key Pair with 2048-bit algorithm
• D. API Signing Key

Answer: B

NEW QUESTION # 35
Which parameters customers need to configure while reading secrets by name using CL1 or API? Select TWO correct answers.

• A. Vault Id
• B. Certificates
• C. ASCII Value
• D. Secret Name

Answer: A,D

Explanation:

NEW QUESTION # 36
Which statement is not true about Cloud Security Posture?

• A. Problems are defined by the type of detector that creates them: activity or configuration.
• B. Problems can be resolved, dismissed, or remediated.
• C. Problems contain data about the specific type of issue that was found.
• D. Problems are created when Cloud Guard discovers a deviation from a responder rule.

Answer: D

Explanation:
https://www.oracle.com/security/cloud-security/what-is-cspm/

NEW QUESTION # 37
Which OCI cloud service lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources?

• A. Vault
• B. Data Safe
• C. Cloud Guard
• D. Data Guard

Answer: A

Explanation:
Oracle Cloud Infrastructure Vault is a managed service that lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources. Vaults securely store master encryption keys and secrets that you might otherwise store in configuration files or in code. Specifically, depending on the protection mode, keys are either stored on the server or they are stored on highly available and durable hardware security modules (HSM) that meet Federal Information Processing Standards (FIPS) 140-2 Security Level 3 security certification.
https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm

NEW QUESTION # 38
Which OCI service can index, enrich, aggregate, explore, search, analyze, correlate, visualize and monitor data?

• A. Data Safe
• B. Logging Analytics
• C. WAF
• D. Data Guard

Answer: B

Explanation:

NEW QUESTION # 39
What do the features of OS Management Service do?

• A. Provide paid service and support to OCI subscribers for fixes on priority.
• B. Add complexity in using multiple tools to manage mixed-OS environments.
• C. Encourage manual setup to avoid machine-induced errors.
• D. Increase security and reliability by regular bug fixes.

Answer: D

Explanation:
https://docs.oracle.com/en/solutions/oci-best-practices/manage-your-operating-systems1.html

NEW QUESTION # 40
which two responsibilities will be oracle when you move your it infrastructure to oracle cloud infrastructure?

• A. PROVIDING STRONG SECURITY LIST
• B. ACCOUNT ACCESS MANAGEMENT
• C. MAINTAINING CUSTOMER DATA
• D. Strong Isolation
• E. Strong IAM Framework

Answer: D,E

NEW QUESTION # 41
your company has hired a consulting firm to audit your oracle cloud infrastructure activity and configuration you have created a set of users who will be performing the audit, you assigned these user to the orgauditgrp group. the auditor required the ability to see the configuration of all resources within tenant and you have agreed to exempt the dev compartment from the audit.
which IAM policy should be created to grant the orgauditgrp the ability to look at configuration for all resources except for those resources inside the dev compartment?

• A. allow group orgauditgrp to inspect all-resources in compartment !=dev
• B. allow group orgauditgrp to read all-resources in compartment !=dev
• C. allow group orgauditgrp to inspect all-resources in tenancy where target compartment.name !=dev
• D. allow group orgauditgrp to read all-resources in tenancy where target.compartment.name !=dev

Answer: C

NEW QUESTION # 42
Which component helps move logging data to other services, such as archiving log data in object storage?

• A. Service Connector Hub
• B. Unified Monitoring Agent
• C. Service Log Category
• D. Agent Configuration

Answer: A

Explanation:
Service Connector Hub
Service Connector Hub moves logging data to other services in Oracle Cloud Infrastructure. For example, use Service Connector Hub to alarm on log data, send log data to databases, and archive log data to Object Storage. For more information, see Service Connector Hub.
https://docs.oracle.com/en-us/iaas/Content/Logging/Concepts/loggingoverview.htm

NEW QUESTION # 43
what is the use case for Oracle cloud infrastructure logging analytics service?

• A. automatically create instances to collect logs analysis and send reports
• B. automatically and manage any log based on a subscription model
• C. monitors, aggregates, indexes and analyzes all log data from on-premises.
• D. labels data packets that pass through the internet gateway

Answer: C

Explanation:
Oracle Cloud Infrastructure Logging Analytics is a machine learning-based cloud service that monitors, aggregates, indexes, and analyzes all log data from on-premises and multicloud environments. Enabling users to search, explore, and correlate this data to troubleshoot and resolve problems faster and derive insights to make better operational decisions.
https://www.oracle.com/manageability/logging-analytics/

NEW QUESTION # 44
A number of malicious requests for a web application is coming from a set of IP addresses originating from Antartica.
Which of the following statement will help to reduce these types of unauthorized requests ?

• A. Change your home region in which your resources are currently deployed
• B. Delete NAT Gateway from Virtual Cloud Network
• C. List specific set of IP addresses then deny rules in Virtual Cloud Network Security Lists
• D. Use WAF policy using Access Control Rules

Answer: D

NEW QUESTION # 45
How can you convert a fixed load balancer to a flexible load balancer?

• A. Using the Edit Listener option.
• B. There is no way to covert the load balancer.
• C. Use Update Shape workflows.
• D. Delete the fixed load balancer and create a new one.

Answer: C

NEW QUESTION # 46
As a security administrator, you want to create cloud resources that align with Oracle's security principles and best practices. Which security service should you use?

• A. Security Advisor
• B. Identity and Access Management
• C. Web Application Firewall (WAF)
• D. Cloud Guard

Answer: A

Explanation:

NEW QUESTION # 47
......

The Best Oracle 1z0-1104-22 Study Guides and Dumps of 2023: https://www.testsimulate.com/1z0-1104-22-study-materials.html