Oracle 1Z0-1104-22 Online Practice Questions and Exam Preparation

Oracle 1Z0-1104-22 Online Questions & Answers

• Question 31:

  What does the following identity policy do?

  Allow group my-group to use fn-invocation in compartment ABC where target.function.id = `'

  A. Enables users in a group to create, update, and delete ALL applications and functions in a compartment
  B. Enables users to invoke all the functions in a specific application
  C. Enables users to invoke just one specific function
  D. Enables users to invoke all the functions in a compartment except for one specific function
  C. Enables users to invoke just one specific function

• Question 32:

  Which architecture is based on the principle of "never trust, always verify"?

  A. Federated identity
  B. Zero trust
  C. Fluidperimeter
  D. Defense in depth
  B. Zero trust

  ---

  Enterprise Interest in Zero Trust is GrowingRansomware and breaches are top of the news cycle and a major concern for organizations big and small. So, many are now looking at the Zero Trust architecture and its primary principle "never trust, always verify" to provide greater protection. According to Report Linker, the Zero Trust security market is projected to grow from USD 15.6 billion in 2019 to USD 38.6 billion by 2024 and that sounds right based on the large number of companies pitching their Zero Trustwares at RSA 2020. The enterprise was well represented at the conference and there was a tremendous amount of interest in Zero Trust. Interestingly, even though Zero Trust environments are often made up of several solutions from multiple vendors it hasn'tprevented each of the vendors from evangelizing their flavors of Zero Trust. This left the thousands of attendees to attempt to cut through the Zero Trust buzz and noise and make their own conclusions to the best approach.

  https://blogs.oracle.com/cloudsecurity/post/rsa-2020-recap-cloud-security-moves-to-the- front

• Question 33:

  Where is sensitive configuration data (like certificates, and credentials) is stored by Kubernetes cluster control plane?

  A. Block Volume
  B. ETCD
  C. Oracle Functions
  D. Boot Volume
  B. ETCD

  ---

  

• Question 34:

  Which OCI cloud service lets you centrally manage the encryption keys thatprotect your data and the secret credentials that you use to securely access resources?

  A. Data Safe
  B. Cloud Guard
  C. Data Guard
  D. Vault
  D. Vault

  ---

  Oracle Cloud Infrastructure Vault is a managed service that lets you centrally manage the encryption keysthat protect your data and the secret credentials that you use to securely access resources. Vaults securely store master encryption keys and secrets that you might otherwise store in configuration files or in code. Specifically, depending on the protection mode, keys are either stored on the server or they are stored on highly available and durable hardware security modules (HSM) that meet Federal Information Processing Standards (FIPS) 140-2 Security Level 3 security certification.

  https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm

• Question 35:

  What would you use to make Oracle Cloud Infrastructure Identity and Access Management govern resources in a tenancy?

  A. Policies
  B. Users
  C. Dynamic groups
  D. Groups
  A. Policies

  ---

  POLICY A document that specifies who can access which resources, and how. Access is granted at the group and compartment level, which means you can write a policy that gives a group a specific type of access within a specific compartment, or to the tenancy itself. If you give a group access to the tenancy, the group automatically gets the same type of access to all the compartments inside the tenancy. For more information, see Example Scenario and How Policies Work. The word "policy" is used by people in different ways: to mean an individual statement written in the policy language; to mean a collection of statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID) assigned to it); and to mean the overall body of policies your organization usesto control access to resources.

  https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/overview.htm

• Question 36:

  

  Which tasks can you perform on a dedicated virtual machine host?

  A. Manual scaling
  B. Creating instance pools
  C. Instance configurations
  D. Capacity reservations
  A. Manual scaling

  ---

  Supported features: Most of the Compute features for VM instances are supported for instances running on dedicated virtual machine hosts. However, the following features arenot supported: Autoscaling Capacity reservations Instance configurations Instance pools Burstable instances Reboot migration. You can use manual migration instead

  https://docs.oracle.com/en-us/iaas/Content/Compute/Concepts/dedicatedvmhosts.htm#Dedicated_Virtual_Machine_H osts

• Question 37:

  As a security architect, how can you preventunwanted bots while desirable bots are allowed to enter?

  A. Data Guard
  B. Vault
  C. Compartments
  D. Web Application Firewall (WAF)
  D. Web Application Firewall (WAF)

• Question 38:

  You are part of security operation of an organization with thousand of your users accessing Oracle cloud infrastructure it was reported that an unknown user action was executedresulting in configuration error you are tasked to quickly identify

  the details of all users who were active in the last six hours also with any rest API call that were executed. Which oci feature should you use?

  A. service connector hub
  B. management agent log integration
  C. objectcollectionrule
  D. audit analysis dashboard
  D. audit analysis dashboard

• Question 39:

  Which statement is true about Oracle Cloud Infrastructure (OCI) Object Storage server-side encryption?

  A. All the traffic to and from object storage is encrypted by using Transport Layer Security.
  B. Encryption is not enabled by default.
  C. Customer-provided encryption keys are never stored in OCI Vault service.
  D. Each object in a bucket is always encrypted with the same data encryption key.
  A. All the traffic to and from object storage is encrypted by using Transport Layer Security.

• Question 40:

  

  With regard to OCI Audit Log Service, which of the statement is INCORRECT?

  A. Retention period for audit events cannot be modified
  B. REST API calls can be recorded by Audit service
  C. Audit Events gets collected when modification within objects stored inan Object Storage bucket
  D. Events logged by the Audit service can be viewed by using the Console, API, or the SDK for Java
  C. Audit Events gets collected when modification within objects stored inan Object Storage bucket