[UPDATED Oct-2023] Best Value Available Preparation Guide for 1z0-1104-22 Exam
1 Full 1z0-1104-22 Practice Test and 95 Unique Questions, Get it Now!
Oracle Cloud Infrastructure is a secure and reliable cloud platform that is designed to meet the needs of businesses of all sizes. The platform offers a wide range of security features and tools that help businesses to secure their data and applications. The Oracle 1z0-1104-22 exam is designed to ensure that security professionals have the knowledge and skills needed to leverage the security features and tools available in the Oracle Cloud Infrastructure.
NEW QUESTION # 54
Which statement is true about Oracle Cloud Infrastructure (OCI) Object Storage server-side encryption?
- A. Each object in a bucket is always encrypted with the same data encryption key.
- B. All the traffic to and from object storage is encrypted by using Transport Layer Security.
- C. Customer-provided encryption keys are never stored in OCI Vault service.
- D. Encryption is not enabled by default.
Answer: B
NEW QUESTION # 55
Which WAF service component must be configured to allow, block, or log network requests when they meet specified criteria?
- A. Bot Management
- B. Protection rules
- C. Origin
- D. Web Application Firewall policy
Answer: B
Explanation:
Protection rules
Protection rules can be configured to either allow, block, or log network requests when they meet the specified criteria of a protection rule. The WAF will observe traffic to your web application over time and suggest new rules to apply.
https://www.oracle.com/security/cloud-security/what-is-waf/
NEW QUESTION # 56
Cloud Guard detected a risk score of zero in the dashboard, what does this mean ?
- A. Larger number of problems that have high risk levels ( HIGH or CRITICAL )
- B. No problem detected for any resource
- C. LOW or MINOR issues
- D. Risk score doesn't say anything. These are just numbers
Answer: B
Explanation:
NEW QUESTION # 57
Which architecture is based on the principle of "never trust, always verify"?
- A. Defense in depth
- B. Zero trust
- C. Federated identity
- D. Fluid perimeter
Answer: B
Explanation:
Enterprise Interest in Zero Trust is Growing Ransomware and breaches are top of the news cycle and a major concern for organizations big and small. So, many are now looking at the Zero Trust architecture and its primary principle "never trust, always verify" to provide greater protection.
According to Report Linker, the Zero Trust security market is projected to grow from USD 15.6 billion in 2019 to USD 38.6 billion by 2024 and that sounds right based on the large number of companies pitching their Zero Trust wares at RSA 2020.
The enterprise was well represented at the conference and there was a tremendous amount of interest in Zero Trust. Interestingly, even though Zero Trust environments are often made up of several solutions from multiple vendors it hasn't prevented each of the vendors from evangelizing their flavors of Zero Trust. This left the thousands of attendees to attempt to cut through the Zero Trust buzz and noise and make their own conclusions to the best approach.
https://blogs.oracle.com/cloudsecurity/post/rsa-2020-recap-cloud-security-moves-to-the-front
NEW QUESTION # 58
As a lead Security Architect, you have tasked to restrict access to and from the worker nodes in pods running in Oracle Container Engine for Kubernetes?
- A. Identity and Access Management
- B. Vulnerability Scanning
- C. Cloud Guard
- D. Security Lists
Answer: D
Explanation:
NEW QUESTION # 59
What do the features of OS Management Service do?
- A. Increase security and reliability by regular bug fixes.
- B. Add complexity in using multiple tools to manage mixed-OS environments.
- C. Provide paid service and support to OCI subscribers for fixes on priority.
- D. Encourage manual setup to avoid machine-induced errors.
Answer: A
Explanation:
https://docs.oracle.com/en/solutions/oci-best-practices/manage-your-operating-systems1.html
NEW QUESTION # 60
As a security administrator, you want to create cloud resources that align with Oracle's security principles and best practices. Which security service should you use?
- A. Web Application Firewall (WAF)
- B. Identity and Access Management
- C. Cloud Guard
- D. Security Advisor
Answer: D
Explanation:
NEW QUESTION # 61
Which Cloud Guard component identifies issues with resources or user actions and alerts you when an issue is found?
- A. Problems
- B. Targets
- C. Responders
- D. Detectors
Answer: D
Explanation:
Detector
Performs checks to identify potential security problems based on activities or configurations. Rules followed to identify problems are the same for all compartments in a target.
https://docs.oracle.com/en-us/iaas/cloud-guard/using/part-start.htm
NEW QUESTION # 62
you are part of security operation of an organization with thousand of your users accessing Oracle cloud infrastructure it was reported that an unknown user action was executed resulting in configuration error you are tasked to quickly identify the details of all users who were active in the last six hours also with any rest API call that were executed. Which oci feature should you use?
- A. audit analysis dashboard
- B. objectcollectionrule
- C. service connector hub
- D. management agent log integration
Answer: A
NEW QUESTION # 63
How can you restrict access to OCI console from unknown IP addresses?
- A. Create PAR to restrict access the access
- B. Create tenancy's authentication policy and add a network source
- C. Create tenancy's authentication policy and create WAF rules
- D. Make OCI resources private instead of public
Answer: B
Explanation:
NEW QUESTION # 64
Which type of software do you use to centrally distribute and monitor the patch level of systems throughout the enterprise?
- A. Network Monitor software
- B. Recovery Manager software
- C. Web Application Firewall
- D. Patch Management software
Answer: D
Explanation:
https://docs.oracle.com/cd/E11857_01/em.111/e18710/T531901T535649.htm
NEW QUESTION # 65
Where are logs stored?
- A. OCI Object Storage
- B. OCI Block Storage
- C. Cloud Agent
- D. OCI File Storage
Answer: A
Explanation:
You can collect log data continuously from Oracle Cloud Infrastructure (OCI) Object Storage. To enable the log collection, create ObjectCollectionRule resource using REST API or CLI. After the successful creation of this resource and having the required IAM policies, the log collection will be initiated.
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/collect-logs-your-oci-object-storage-bucket.html
NEW QUESTION # 66
Which parameters customers need to configure while reading secrets by name using CL1 or API? Select TWO correct answers.
- A. Certificates
- B. ASCII Value
- C. Vault Id
- D. Secret Name
Answer: C,D
Explanation:
NEW QUESTION # 67
Which OCI services can encrypt all data-at-rest ? Select TWO correct answers
- A. NAT Gateway
- B. Geolocation Steering
- C. File Storage
- D. Block Volumes
Answer: C,D
Explanation:
NEW QUESTION # 68
what is the use case for Oracle cloud infrastructure logging analytics service?
- A. automatically create instances to collect logs analysis and send reports
- B. monitors, aggregates, indexes and analyzes all log data from on-premises.
- C. labels data packets that pass through the internet gateway
- D. automatically and manage any log based on a subscription model
Answer: B
Explanation:
Oracle Cloud Infrastructure Logging Analytics is a machine learning-based cloud service that monitors, aggregates, indexes, and analyzes all log data from on-premises and multicloud environments. Enabling users to search, explore, and correlate this data to troubleshoot and resolve problems faster and derive insights to make better operational decisions.
https://www.oracle.com/manageability/logging-analytics/
NEW QUESTION # 69
What must be configured for a load balancer to accept incoming traffic?
- A. Route table entry pointing to the listener IP address
- B. SSL certificate
- C. Service Gateway
- D. Listener
Answer: D
Explanation:
A listener is an entity that checks for connection requests. The load balancer listener listens for ingress client traffic using the port you specify within the listener and the load balancer's public IP.
https://docs.oracle.com/en-us/iaas/Content/GSG/Tasks/loadbalancing.htm
To create a listener:
On your Load Balancer Details page, click Listeners.
Click Create Listener.
Enter the following:
Name: Enter a friendly name. Avoid entering confidential information.
Protocol: Select HTTP.
Port: Enter 80 as the port on which to listen for incoming traffic.
Backend Set: Select the backend set you created.
Click Create.
NEW QUESTION # 70
As a security architect, how can you prevent unwanted bots while desirable bots are allowed to enter?
- A. Data Guard
- B. Vault
- C. Compartments
- D. Web Application Firewall (WAF)
Answer: D
NEW QUESTION # 71
Which OCI cloud service lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources?
- A. Vault
- B. Data Guard
- C. Cloud Guard
- D. Data Safe
Answer: A
Explanation:
Oracle Cloud Infrastructure Vault is a managed service that lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources. Vaults securely store master encryption keys and secrets that you might otherwise store in configuration files or in code. Specifically, depending on the protection mode, keys are either stored on the server or they are stored on highly available and durable hardware security modules (HSM) that meet Federal Information Processing Standards (FIPS) 140-2 Security Level 3 security certification.
https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm
NEW QUESTION # 72
Which volume type contains the image used to boot a compute instance?
- A. Boot volume
- B. Block volume
- C. Startup volume
- D. Init 6 volume
Answer: A
Explanation:
Boot Volumes
When you launch a virtual machine (VM) or bare metal instance based on a platform image or custom image, a new boot volume for the instance is created in the same compartment. That boot volume is associated with that instance until you terminate the instance. When you terminate the instance, you can preserve the boot volume and its data
https://docs.oracle.com/en-us/iaas/Content/Block/Concepts/bootvolumes.htm
NEW QUESTION # 73
Operations team has made a mistake in updating the secret contents and immediately need to resume using older secret contents in OCI Secret Management within a Vault.
As a Security Administrator, what step should you perform to rollback to last version? Select TWO correct answers.
- A. Mark the secret version as 'Rewind'
- B. Upload new secret and mark as 'Pending'. Promote this secret version as 'Current'
- C. Mark the secret version as 'deprecated'
- D. Mark the secret version as 'Previous'
Answer: B,D
Explanation:
NEW QUESTION # 74
......
Professionals who successfully pass the Oracle 1z0-1104-22 exam are awarded the Oracle Cloud Infrastructure Security Professional certification. Oracle Cloud Infrastructure 2022 Security Professional certification is a great addition to any professional's resume and can help individuals stand out in the job market. Oracle Cloud Infrastructure 2022 Security Professional certification also demonstrates a commitment to excellence in the field of cloud security, and is a valuable asset for professionals who want to advance their careers in this field.
Oracle 1z0-1104-22 certification exam covers a wide range of security topics, including network security, identity and access management, data protection, and threat detection and response. Candidates are required to have a deep understanding of the OCI security architecture and be able to design and implement security solutions that meet specific business requirements.
Get Instant Access to 1z0-1104-22 Practice Exam Questions: https://www.surepassexams.com/1z0-1104-22-exam-bootcamp.html
The Best 1z0-1104-22 Exam Study Material Premium Files and Preparation Tool: https://drive.google.com/open?id=1-NDY59MCKYjVBSRm86uIPnIXhlBouA0Z