Which two responsibilities must be taken care of by a customer
while managing a Web Application Firewall (WAF)?
A. Tune the WAF's access rules and
bot management strategies according to web application traffic.
B.
Patch their WAF instance when Oracle makes fixes
available.
C. Onboard and configure the WAF
policy for the web application.
D.
Import new OWASP Core Rule Sets as they are
released.
E.
Provide High Availability for the WAF edge
nodes.
Answer
A,C
You want to enable Cloud Guard in your tenancy. Which is NOT
a prerequisite?
A.
Ensure that you have a paid tenancy.
B.
Add the required IAM policy for the user to
access Cloud Guard.
C. Install the monitoring agent on
the instances you want to monitor.
D.
Create IAM policies that allow Cloud Guard to
read Oracle Cloud Infrastructure (OCI) resources.
Answer
C
Can you customize which of your identity provider appear on the
sign in page when user are accessing oracle identity cloud service either
locally or through a specific app?
A.
No, because users should always sign in using
their local authentication credentials
B.
Yes, by using sign-on policies
C. Yes, by using identity provider
policies
D.
No, because any identity provider that's set to
appear in the Sign In page will be displayed.
Answer
C
In OCI Secret management within a Vault, you have created a secret
and rotated the secret one time. The current version state shows:
In order to rollback to version 1, what should the Administrator
do?
A. From the version 1 menu, select
"Promote to Current".
B.
From the version 2 (latest) menu, select
"Rollback.." and select version 1 when given the option.
C.
Deprecate version 2 (latest). Create new Secret
Version 3. Create soft link from version 3 to version 1.
D.
Create a new secret version 3 and set top ding.
Copy the contents of Version 1 into version 3.
Answer
A
Which is true regarding importing a symmetric key into Vault
(Bring your own key)?
A.
The user must use the Command Line Interface
(CLI) for importing the key into the vault.
B. The key must be wrapped using a
RSA asymmetric key provided by the Vault.
C.
The key must be 1024 bits.
D.
The user performing the import must have the
"import" permission via an IAM Policy.
Answer
B
With which three database deployment options is Data Safe included?
A.
MYSQL
B. Exadata Cloud Service
C. Exadata Cloud at Customer
D. Autonomous Database
E.
Databases installed on oracle Cloud compute
Answer
B,C,D
Which value must an application have to retrieve a secret bundle
from Oracle Cloud Infrastructure?
A. Vault OCID
B.
Bundle OCID
C.
Key OCID
D.
Secret OCID
Answer
A
Which multi-factor authentication method never expires but can
be used only once ?
A. ByPass Code
B.
Mobile Application: OTP or Push Notificaton
C.
Text Messages
D.
Email
Answer
A
Which virtual cloud network configuration within a region is
valid to have successful local peering using a local peering gateway?
A. VCN1 WITH 10.0.0.0/16 AND VCN2
WITH 192.0.0.0/16
B.
VCN1 WITH 10.0.0.0/16 AND VCN2 WITH 10.0.0.0/24
C.
VCN1 WITH 192.0.0.0/16 AND VCN2 WITH
192.168.00/24
D.
VCN1 WITH 10.0.0.0/16 AND VCN2 WITH 10.0.0.0/16
E.
VCN1 WITH 192.168.0.0/16 AND VCN2 WITH
192.168.0.0/24
Answer
A
Your web application is protected by the Web Application Firewall
(WAF) service in Oracle Cloud Infrastructure. You want to block traffic
originating from a country where your company isn't allowed to do business.
Where would you create a WAF rule to block traffic from a specific
country?
A.
Origin Management
B. Access Control Rules
C.
Cache Rules
D.
Protection Rules
E.
Bot Management
Answer
B
What are three types of password policies supported by Oracle
Identity Cloud Service?
A. Standard
B. Simple
C.
Complex
D. Custom
E.
Hybrid
Answer
A,B,D
You are required to add a new user to Identity Cloud Service
these criteria:
->The password for the user should new expire.
->The user account should get locked after 20 consecutive
unsuccessful attempts.
Which password policy would you use for this requirement?
A.
Complex
B.
Standard
C. Simple
D.
Custom
Answer
C
In an identity domain, users are getting locked after 20 consecutive
unsuccessful login attempts. You want to change that to 5 consecutive
unsuccessful logins, as well as allow users to use a previously used password.
Which password policy would you use?
A.
Complex
B. Custom
C.
Standard
D.
Simple
Answer
B
How do you configure Oracle Identity Cloud Service so that user
accounts will never be locked because of consecutive, unsuccessful login
attempts?
A. Change the value of the Account
Lock Threshold field to 0.
B.
Change the value of the Max unsuccessful MFA
attempts field to 0.
C.
Modify a rule Of the default sign-on policy.
D.
Change the time Of the lockout duration interval
to 0 second.
Answer
A
Which two responsibilities will be on Oracle when you move your
infrastructure to Oracle Cloud Infrastructure?
A.
account access management
B. storage isolation
C. Strong IAM Framework Technology
D.
maintaining Customer data
E.
providing strong security lists
Answer
B,C
How can you synchronize users and Groups between Microsoft
active directory and Oracle identity Cloud Service?
A. Configure the Bridge
B.
Configure Delegated Authentication
C.
Use the import utility
D.
Use a flat file
Answer
A
which feature do you activate in Oracle identity Cloud
Service so that users can use their Microsoft active directory password to sign
in-to access resources that are protected by oracle identity cloud services?
A. Delegated Authentication
B.
The Bridge
C.
The Import Utility
D.
Identity Provider
Answer
A
Which Oracle Data Safe feature minimizes the amount of personal
data and internal test. Development and analytics teams to operate with reduced
risk?
A.
Security Assessment
B. Data Masking
C.
Data Auditing
D.
Data Discovery
E.
Data Encryption
Answer
B
Which standard provides an XML-based system for authentication
and authorization between the service provider and identity provider?
A. Security Assertion Markup
Language
B.
System for Cross-Domain Identity Management
C.
Identity Domain
D.
OAuth
Answer
A
An organization requires that for every user. a strong
authentication be these conditions:
->Analyze their contextual risk.
->Reduce the risk of online identity theft and fraud by
analyzing user. device. network threat information.
What mechanism should be used to achieve this?
A. Adaptive Security
B.
SAML 2.0 Authentication
C.
OAuth 2.0
D.
Multifactor, Authentication
Answer
A
Which of these are VALID password policies while
Administering Oracle Identity Cloud Service ?
Select TWO correct answers
A.
Basic
B. Standard
C. Simple
D.
Complicated
Answer
B,C
A company wants to ensure strong authentication capabilities
for its users, based on their behaviour within Oracle Identity Cloud Service
including access from unknown devices, impossible to travel between locations
etc.
Which feature can achieve this ?
A.
Multifactor Authentication
B.
OAuth 2.0
C. Adaptive Security
D.
SAML
Answer
C
Which security feature can be used to sign in to Oracle
Identity Cloud Service to access resources and applications protected by Oracle
Identity Cloud Service when security administrators don't have to synchronize
user passwords between an on-premises Microsoft Active Directory (AD) enterprise
directory structure and Oracle Identity Cloud Service ?
A.
The bridge
B. Delegated Authentication
C.
Identity Provider
D.
Import Utility
Answer
B
Which password policy never expires and can use previous
passwords ?
A.
Custom
B.
Standard
C. Simple
D.
Complicated
Answer
C
Which password policy can be used to lock user account after
5 consecutive, unsuccessful attempts which doesn't allow users to use
previously used passwords ?
A.
Custom
B. Standard
C.
Complicated
D.
Simple
Answer
B
Which password policy can be used to lock user account after
5 consecutive, unsuccessful attempts which allows users to use previously used
passwords ?
A. Custom
B.
Standard
C.
Complicated
D.
Simple
Answer
A
Cloud Guard detected a risk score of zero in the dashboard,
what does this mean ?
A.
Risk score doesn't say anything. These are just
numbers
B.
LOW or MINOR issues
C. No problem detected for any
resource
D.
Larger number of problems that have high risk
levels ( HIGH or CRITICAL)
Answer
C
How can you establish private connectivity over two VCN
within same OCI region without traversing the traffic over public internet ?
A.
NAT Gateway
B.
Data Guard
C. Local VCN Peering
D.
Remote VCN Peering
Answer
C
Which VCN configuration is CORRECT with regard to VCN
peering within a same region ?
A. 12.0.0.0/16 and 194.168.0.0/16
B.
12.0.0.0/16 and 12.0.0.0/16
C.
194.168.0.0/24 and 194.168.0.0/24
D.
194.168.0.0/24 and 194.168.0.0/16
Answer
A
Which databases does Oracle Data Safe supports ?
Select TWO correct answers.
A.
Teradata
B. Oracle Cloud Databases
C. Oracle On-Premises Databases
D.
SQL Server
Answer
B,C
How can you synchronize user account information between
Oracle Applications Cloud and Microsoft Active Directory ?
A.
Identity provider
B.
Delegated authentication
C. Bridge for Microsoft Active
Directory
D.
Import utility
Answer
C
Which of these is an XML-based system for authentication and
authorization between a Service Provider (SP) and an Identity Provider (IdP) ?
A.
HyperText Markup Language (HTML)
B. Security Assertion Markup
Language (SAML)
C.
Python
D.
JavaScript Object Notation (JSON)
Answer
B
Which tasks are supported by REST API SCIM 2.0 for Oracle
Identity Cloud Service ?
Select TWO correct answers.
A.
Network threat protection
B. Perform administrative tasks
like job scheduling
C. Manage users, groups, and Apps
D.
Prevent malicious attacks like SQL injection
Answer
B,C
Which industry-standard protocols and layers are supported
by Oracle lIdentity Cloud Service SDK for authentication ?
Select TWO correct answers.
A. OAuth 2.0
B. OpenID Connect 1.0
C.
Kerberos
D.
RADIUS
Answer
A,B
As a Security Administrator, you need to configure an user
account such that the account gets never locked even after multiple
unsuccessful login attempts by the user.
How can you meet this requirement ?
A.
Enable auto unlock account
B.
Change the Value to Federated User
C. Change Account lock threshold
field to 0
D.
Uncheck Previous passwords remembered
Answer
C
A company has OCI tenancy which has mount target associated
with two File Systems, CG_1 and CG 2. These File Systems are accessed by
IP-based clients AB_1 and AB_2 respectively. As a security administrator, how
can you provide access to both clients such that CG 1 has Read only access on
AB_1 and CG 2 has Read/Write access on AB_2 ?
A. NFS Export Option
B.
Access Control Lists
C.
NFS v3 Unix Security
D.
Vault
Answer
A
An e-commerce company needs to authenticate with third-party
API that don't support OC's signature-based authentication.
What can be the solution for the above scenario ?
A.
Security Token
B.
API Key Authentication
C. Auth Token/Swift Password
D.
Asymmetric keys
Answer
C
As a Security Admin you want to inspect the metadata and
actual data in your Oracle databases to discover sensitive data and provide
comprehensive results listing the sensitive columns and related information.
Which Data Safe feature will help you to achieve the above
requirement ?
A.
Data Masking
B. Data Discovery
C.
Security Assessment
D.
User Assessment
Answer
B
A number of malicious requests for a web application is
coming from a set of IP addresses originating from Antartica.
Which of the following statement will help to reduce these
types of unauthorized requests ?
A.
Delete NAT Gateway from Virtual Cloud Network
B. Use WAF policy using Access
Control Rules
C.
List specific set of IP addresses then deny
rules in Virtual Cloud Network Security Lists
D.
Change your home region in which your resources
are currently deployed
Answer
B
Which resources can be used to create and manage from Vault
Service ?
Select TWO correct answers
A. Secret
B. Keys
C.
IAM
D.
Cloud Guard
Answer
A,B
I hope it's helpful for you. If you have any queries, don't hesitate to contact me.
0 comments:
Post a Comment
If you have any doubts, please let me know. I will help you.