Oracle 1z0-1104-23 問題集

質問 1：
You are a security administrator for your company's Oracle Cloud Infrastructure (OCI) tenancy. Your storage administrator tells you he or she cannot associate an encryption key from OCI Voult to an Object Storage bucket in the new compartment. What is the reason? (Choose the best Answer.)
A. The resource bucket policy lacks the necessary Access Control List (ACL)
B. There is no identity and Access Management (IAM) policy that allows the Object Store service to use the key.
C. The secret for the key was not created beforehand.
D. The storage administrator forgot to select "Oracle Managed on the bucket
正解：B

質問 2：
In Oracle Cloud Infrastructure (OCI) Secret management within OCI Vault, you have created a secret and rotated the secret one time. The current version state shows: Version Number | Status 2 (latest) | current 1 | Previous In order to rollback to version 1, What should the Administrator do? (Choose the best Answer.)
A. Deprecate version 2 (test). Create new Secret Version 3. Create soft link from version 3 to version 1.
B. Create a new secret version 3 and set to Pending. Copy the contents of version 1 into version
C. From the version 2 (latest) menu, select "Rollback and choose version 1 when given the option
正解：A
解説: (Topexam メンバーにのみ表示されます)

質問 3：
A company needs to have somebuckets as public in the compartment. You want Cloud Guard to ignore the problem associated with public bucket. Select TWO correct answers
A. Configure Conditional groups for the detector to fix base line
B. Dismiss the issues associated with these resources
C. Make the bucket private so that Cloud Guard won't detectit
D. First make the bucket private and after few days make the bucket public again
正解：A,B
解説: (Topexam メンバーにのみ表示されます)

質問 4：
You are a cloud Security administrator for a company. You are trying to create a dynamic rule that will match all instances in compartment "Test", with the OCID 'ocidl.compartment.ocl.lksnvkjnfbvrkblskivrIvruincbvbeidcbwvvyrsvi and a "Dev" compartment with OCID 'ocidl.compartment.ocl.kjsnfjkvskjfbvsbvsgljvndbblgjdnurvswrjnvljjeeft. What is the correct dynamic policy that will fulfill this request? (Choose the best Answer.)
A. All {Instances in Compartment "Test" and Compartment "Dev"}
B. All {Instance.id=tocidtinstance.ocl.eu-frankfurt-Lnsvwradccnksvkkdumcsnvurlsnvnuw"}
C. Any {instance.compartment.id = 'ocidl.compartment.ocl.lksnvkjnfbvrkblskjvrIvruincbvbeidcbwvvyrsvi, in-stance.compartment.id = 'ocidl.compartment.ocl.kjsnfjkvskjfbvsbvsgljvndbblgjdnurvswrjnvijjeee}
D. All {compartment. name="Test", compartment.name="Dev"}
正解：C

質問 5：
Which challenge is generally the first level of bot mitigation, but not sufficient with more advanced bot tools?
A. Human interaction challenge
B. CAPTCHA challenge
C. JavaScript challenge
D. Device fingerprint challenge
正解：B
解説: (Topexam メンバーにのみ表示されます)

質問 6：
You have configured Management Agent on an Oracle Cloud Infrastructure (OCI) Linux instance for log Ingestion purposes. OR When using Management Agent to collect logs continuously. Which is required configuration for OCI Logging Analytics service to collect data from multiple logs of this Instance? (Choose the best Answer.)
A. Log Group-Source Association
B. Entity Log Association
C. Log-Log Group Association
D. Source-Entity Association
正解：D

質問 7：
Challenge 4 - Task 1 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Create a VCN using wizard with the name IAD-WAF-PBT-VCN-01
正解：
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.
Click Start VCN Wizard.
Select Create VCN with Internet Connectivity and click Start VCN Wizard.
On the Configuration page, enter the following:
a) Name: IAD-WAF-PBT-VCN-01
b) Note: Leave all the other options in their default setting.
c) Click Next.
d) Verify the details on the Review and Create page.
Click Create to start creating the VCN and its resources.
Click View Virtual Cloud Network to verify the creation of the VCN and its resources.
You can now see that the VCN has been successfully created and is in the Available state, with the following components:
VCN
Public subnet
Private subnet
Internet gateway
NAT gateway
Service gateway
This format keeps the instructions intact while preserving the original content.

質問 8：
Which OCI cloud service lets you centrally manage the encryption keys thatprotect your data and the secret credentials that you use to securely access resources?
A. Vault
B. Cloud Guard
C. Data Safe
D. Data Guard
正解：A
解説: (Topexam メンバーにのみ表示されます)