Winter Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

1z0-1104-23 PDF

$38.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

1z0-1104-23 PDF + Testing Engine

$61.6

$175.99

3 Months Free Update

  • Exam Name: Oracle Cloud Infrastructure 2023 Security Professional
  • Last Update: Dec 3, 2024
  • Questions and Answers: 167
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

1z0-1104-23 Engine

$46.2

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

1z0-1104-23 Practice Exam Questions with Answers Oracle Cloud Infrastructure 2023 Security Professional Certification

Question # 6

Challenge 4 - Task 4 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

  • Configure a Virtual Cloud Network (VCN)
  • Create a Compute Instance and install the Web Server
  • Create a Load Balancer and update Security List
  • Create a WAF policy
  • Configure Protection Rules against XSS attacks
  • Verify the created environment against XSS attacks

1z0-1104-23 question answer

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

Create a WAF policy with the name IAD-SP-PBT-WAF-01_99233424-lab.user01

Eg: IAD-SP-PBT-WAF-01_99232403-lab.user02

Full Access
Question # 7

Challenge 3 - Task 4 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

• Configure a Virtual Cloud Network (VCN) and a Private Subnet.

• Provision a Compute Instance in the private subnet and enable Bastion Plugin.

• Create a Bastion and Bastion session.

• Connect to a compute instance using Managed SSH session.

1z0-1104-23 question answer

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

 

Connect to a compute instance using a Managed SSH Bastion session from your local machine terminal or Cloud shell.

Full Access
Question # 8

Which three Oracle Cloud Infrastructure (OCI) services are covered by Cloud Guard? (Choose three.)

A.

Oracle Integration Osud (OIC)

B.

Blockchain

C.

Object Storage

D.

Database Cloud Service

E.

Identity and Access Management (IAM)

Full Access
Question # 9

A member of operations team has set Pre-Authenticated Request (PAR) associated with a bucket to an incorrect date and now wants to edit the PARrequest. How can this be achieved?

A.

Don't set an expiration time for PAR

B.

Delete the bucket associated with PAR and recreate it

C.

Delete the PAR and recreate it with the required date

D.

Delete both PAR as well as the bucket then recreate both

Full Access
Question # 10

Challenge 3 - Task 1 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

• Configure a Virtual Cloud Network (VCN) and a Private Subnet.

• Provision a Compute Instance in the private subnet and enable Bastion Plugin.

• Create a Bastion and Bastion session.

• Connect to a compute instance using Managed SSH session.

1z0-1104-23 question answer

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

  • Create a Virtual Cloud Network (VCN) with the name PBT-BAS-VCN-01
  • Create a Private Subnet with the name PBT-BAS-SNET-01
  • Create a Service Gateway with the name PBT-BAS-SG-01, using the service "All IAD Services in Oracle Services Network"
  • Add Route Rules for Service Gateway
Full Access
Question # 11

Challenge 4 - Task 2 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

  • Configure a Virtual Cloud Network (VCN)
  • Create a Compute Instance and install the Web Server
  • Create a Load Balancer and update Security List
  • Create a WAF policy
  • Configure Protection Rules against XSS attacks
  • Verify the created environment against XSS attacks

1z0-1104-23 question answer

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

  • Create a Compute Instance with the name IAD-SP-PBT-VM-01, using the Oracle Linux 8 image and VM.Standard2.1 shape.
  • SSH to the compute instance using Cloud Shell.
  • Install and configure Apache web server:a. Install Apache server:
  • sudo yum -y install httpd

b. Enable Apache and start Apache server:

  • bash
  • sudo systemctl enable httpd
  • sudo systemctl restart httpd

c. Create a firewall rule to enable HTTP connection through port 80 and reload the firewall:

  • css
  • sudo firewall-cmd --permanent --add-port=80/tcp
  • sudo firewall-cmd --reload

d. Create an index file for your web server:

  • vbnet
  • sudo bash -c 'echo You are visiting Web Server 1 >>
  • /var/www/html/index.html'
Full Access
Question # 12

Challenge 4 - Task 5 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

  • Configure a Virtual Cloud Network (VCN)
  • Create a Compute Instance and install the Web Server
  • Create a Load Balancer and update Security List
  • Create a WAF policy
  • Configure Protection Rules against XSS attacks
  • Verify the created environment against XSS attacks

1z0-1104-23 question answer

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

1. Create a Protection Rule with name WAF-PBT-XSS-Protection against XSS attack. for protecting web server

2. Create a New Rule Action with name WAF-PBT-XSS-Action where http response code will be 503 (Service Unavailable).

Full Access
Question # 13

Challenge 1 - Task 4 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

1z0-1104-23 question answer

Preconfigured

To complete this requirement, you are provided with:

  • An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
  • An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
  • A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
  • Access to Cloud Shell.
  • Permissions to perform only the tasks within the challenge.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Complete the following tasks in the OCI environment provisioned:

  • Create a Linux Instance with the name [Provide Name Here] within the compartment.

Provide your own public key to SSH the instance.

Full Access
Question # 14

Challenge 2

Least-Privileged Model Enforcement Leveraging Custom Security Zones

Scenario

In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the Security Zone if the action violates the attached Maximum Security Zone policy.

As an application requirement, the customer requires a compute instance in the public subnet. You, therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

• Create a Custom Security Zone recipe to allow compute instances in the public subnet.

• Create a Security Zone using the Custom Security Zone recipe.

• Configure a Virtual Cloud Network (VCN) and Public Subnet.

• Provision a Compute Instance in the public subnet.

1z0-1104-23 question answer

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

  • Create a Custom Recipe with the name
  • Create a Security Zone with the name
  • Create a VCN with the name IAD-SP-PBT-VCN-01
  • Create a Public Subnet with the name IAD-SP-PBT-PUBSNET-01
  • Create a Compute Instance with the name IAD-SP-PBT-1-VM-01, using the "Oracle Linux 8" image and "VM.Standard2.1" as shape
Full Access
Question # 15

Challenge 3 - Task 2 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

• Configure a Virtual Cloud Network (VCN) and a Private Subnet.

• Provision a Compute Instance in the private subnet and enable Bastion Plugin.

• Create a Bastion and Bastion session.

• Connect to a compute instance using Managed SSH session.

1z0-1104-23 question answer

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

 

Create a Compute Instance with the name PBT-BAS-VM-01, using the "Oracle Linux 8" image and shape "VM.Standard2.1", without SSH key and enable Bastion plugin.

Full Access
Question # 16

Challenge 4 - Task 6 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

  • Configure a Virtual Cloud Network (VCN)
  • Create a Compute Instance and install the Web Server
  • Create a Load Balancer and update Security List
  • Create a WAF policy
  • Configure Protection Rules against XSS attacks
  • Verify the created environment against XSS attacks

1z0-1104-23 question answer

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

You will connect to the web server and append an XSS script. The protection rule will evaluate the requests and respond accordingly.

Full Access
Question # 17

Challenge 3 - Task 3 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

• Configure a Virtual Cloud Network (VCN) and a Private Subnet.

• Provision a Compute Instance in the private subnet and enable Bastion Plugin.

• Create a Bastion and Bastion session.

• Connect to a compute instance using Managed SSH session.

1z0-1104-23 question answer

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

1.      Create a Bastion with the name SPPBTBASTION99233424-lab.user01

[Eliminate Specical Characters] Eg:SPPBTBASTION992831403labuser13

2.      Create a Session with the name PBT-1-Session-01, for compute instance in private subnet, with default username as "opc"

Full Access
Question # 18

Challenge 4 - Task 1 of 6

Configure Web Application Firewall to Protect Web Server Against XSS Attack

Scenario

You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.

To ensure that the configured WAF blocks the XSS attack, run the following script: [http:// /index.html?

/index.html?

)

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

  • Configure a Virtual Cloud Network (VCN)
  • Create a Compute Instance and install the Web Server
  • Create a Load Balancer and update Security List
  • Create a WAF policy
  • Configure Protection Rules against XSS attacks
  • Verify the created environment against XSS attacks

1z0-1104-23 question answer

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.

Complete the following task in the provisioned OCI environment:

Create a VCN using wizard with the name IAD-WAF-PBT-VCN-01

Full Access
Question # 19

Which type of FastConnect supports configuring Oracle Cloud Infrastructure (OCI) Site-to-Site VPN for encryption? (Choose the best Answer.)

A.

FastConnect Public Peering

B.

FastConnect Cross-Connect group

C.

FastConnect Privat Peering

D.

FastConnect Partner

Full Access
Question # 20

On which option do you set Oracle Cloud Infrastructure Budget?

A.

Compartments

B.

Instances

C.

Free-form tags

D.

Tenancy

Full Access
Question # 21

You create a new compartment, “apps,” to host some production apps and you create an apps_group and added users to it.

What would you do to ensure the users have access to the apps compartment?

A.

Add an IAM policy for the individual users to access the apps compartment.

B.

Add an IAM policy for apps_group granting access to the apps compartment.

C.

Add an lAM policy to attach tenancy to the apps group.

D.

No action is required.

Full Access
Question # 22

Which component helps move logging data to other services, such as archiving log data in object storage?

A.

Agent Configuration

B.

Unified Monitoring Agent

C.

Service Connector Hub

D.

Service Log Category

Full Access
Question # 23

You have configured Management Agent on an Oracle Cloud Infrastructure (OCI) Linux instance for log Ingestion purposes. OR When using Management Agent to collect logs continuously. Which is required configuration for OCI Logging Analytics service to collect data from multiple logs of this Instance? (Choose the best Answer.)

A.

Entity Log Association

B.

Log-Log Group Association

C.

Source-Entity Association

D.

Log Group-Source Association

Full Access
Question # 24

A company plans to use Oracle Cloud services for their production and development environments, but they have different security requirements. Their security policy forbids development environment users from having access to the production environment and requires separate administrators to manage each environment. The company has only one tenancy in Oracle Cloud. How can they ensure that their security requirements are met in Oracle Cloud? (Choose the best Answer.)

A.

Create multiple identity domains, one for the production environment and another for the development environment.

B.

Use a single identity domain for both production and development environments to simplify administration.

C.

Assign the same identity domain administrator to both the production and development environments.

D.

Create a separate tenancy for the production environment to isolate administrative control.

Full Access
Question # 25

Operations team has made a mistake in updating the secret contents and immediately need to resume usingolder secret contents in OCI Secret Management within a Vault.

As a Security Administrator, what step should you perform to rollback to last version? Select TWO correct answers.

A.

Mark the secret version as 'deprecated'

B.

Mark the secret version as'Previous'

C.

Mark the secret version as 'Rewind'

D.

Upload new secret and mark as 'Pending'. Promote this secret version as 'Current'

Full Access