In which two ways can you improve data durability in Oracle
Cloud Infrastructure Object Storage?
A. Setup volumes in a RAID1 configuration
B.
Enable server-side encryption
C. Enable Versioning
D.
Limit delete permissions
E.
Enable client-side encryption
Answer
A,C
What is the use case for Oracle Cloud Infrastructure Logging
Analytics service?
A.
Automate and manage any logs based on a subscription
model.
B.
Label data packets that pass through the
internet gateway.
C. Monitor, aggregate. index, and
analyze log data.
D.
Automatically create instances to collect logs, analyze,
and send reports.
Answer
C
You are using a custom application with third-party APIS to
manage application and data hosted in an -Oracle Cloud Infrastructure (OCI)
tenancy. Although your third-party APIS don't support OCI's signature- based
authentication, you want them to communicate with OCI resources. Which
authentication option must you use to ensure this?
A.
OCI username and Password
B.
API Signing Key
C. Auth Token
D.
SSH Key Pair with 2048-bit algorithm
Answer
C
Which Oracle Data Safe feature minimizes the amount of
personal data and allows internal test, development, and analytics teams to
operate with reduced risk?
A.
data auditing
B.
data encryption
C.
security assessment
D. data masking
E.
data discovery
Answer
D
You have configured the Management Agent on an Oracle Cloud
Infrastructure (OCI) Linux instance for log ingestion purposes. Which is a
required configuration for OCI Logging Analytics service to collect data from
multiple logs of this Instance?
A.
Log - Log Group Association
B.
Entity - Log Association
C. Source - Entity Association
D.
Log Group - Source Association
Answer
C
You are part of security operations of an organization with
thousands of users accessing Oracle Cloud Infrastructure (OCI). It was reported
that an unknown user action was executed resulting in configuration errors. You
are tasked to quickly identify the details of all users who were active in the
last six hours along with any REST API calls that were executed. What OCI
feature should you use?
A.
ObjectCollectionRule
B.
Management Agent Log Ingestion
C. Audit Analysis dashboard
D.
Service Connector Hub
Answer
C
Which Security Zone policy is NOT valid?
A. A boot volume can be moved from
a security zone to a standard compartment.
B.
A compute instance cannot be moved from a
security zone to a standard compartment.
C.
Resources in a security zone should not be accessible
from the public internet.
D.
Resources in a security zone must be automatically
backed up regularly.
Answer
A
Which two responsibilities will be on Oracle when you move
your IT infrastructure to Oracle Cloud Infrastructure?
A.
maintaining customer data
B. strong IAM framework
C. storage isolation
D.
providing strong security lists
E.
account access management
Answer
B,C
Which statement about Oracle Cloud Infrastructure
Multi-Factor Authentication (MFA) is NOT valid?
A. Users cannot disable MFA for
themselves.
B. An administrator can disable MFA
for another user.
C.
A user can register only one device to use for MFA.
D.
Users must install a supported authenticator app
on the mobile device they intend to register for MFA.
Answer
A,B
How can you limit access, to an Oracle Cloud Infrastructure
Object Storage bucket, to only the users within the corporate network?
A.
Create an Identity and Access Management policy
and add a group that will contain all the internal computers.
B. create an Identity and Access
Management policy and add network source that has the corporate network CIDRS.
C.
Create a Pre-Authenticated Request that limits
the access to the corporate network CIDRS.
D.
Make the bucket private and limit the access
using Security Lists.
Answer
B
How do you enable, server- side encryption in an Oracle
Cloud Infrastructure (OCI) Object Storage bucket?
A.
Upload your encryption key to the OCI vault and
associate it with the bucket you want to encrypt.
B.
Uploading encrypted objects will enable the encryption
in the bucket.
C. Server-side encryption is
enabled by default and requires no user action.
D.
Update the bucket's metadata value for encrypted
bucket to "true".
Answer
C
As a cloud network administrator, you have been tasked with
defining ingress and egress access rules for microservices deployed as
functions in Oracle Functions. In addition to defining some general access
rules in the subnet's security list, you have decided to define more
fine-grained rules for different functions using Oracle Cloud Infrastructure
(OCI) Network Security Groups (NSGS). Once the NSGS have been created, where
are they to be attached in order to apply to a specific deployed function?
A.
The function itself
B. The application hosting the
function
C.
The pod hosting the application
D.
The function's docker container
Answer
B
Pods running in your Oracle Container Engine for Kubernetes
(OKE) cluster, often need to communicate with other pods in the cluster or with
services outside the cluster. As the OKE cluster administrator, you have been
tasked with configuring permissions to restrict pod-to-pod communications
except as explicitly allowed. Where can you define these permissions?
A.
Security Lists
B.
RBAC Roles
C. Network Policies
D.
IAM Policies
Answer
C
What are the two items required to create a rule for the
Oracle Cloud Infrastructure Events Service?
A.
Service Connector
B. Actions
C. Rule Conditions
D.
Management Agent Cloud Service
E.
Install Key
Answer
B,C
Your web application is protected, by the Web Application
Firewall (WAF) service in Oracle Cloud Infrastructure. You want to block
traffic originating, from a country where your company isn't allowed to do
business. Where would you create, a WAF rule to block traffic from a specific
country?
A.
Origin Management
B. Access Control Rules
C.
Cache Rules
D.
Protection Rules
E.
Bot Management
Answer
B
Which two responsibilities must be taken care of by customer
while managing a Web Application Firewall (WAF)?
A. Tune the WAF's access rules and
bot management strategies according to web application traffic.
B.
Patch their WAF instance when Oracle makes fixes
available.
C. Onboard and configure the WAF
policy for the web application.
D.
Import new OWASP Core Rule Sets as they are released.
E.
Provide High Availability for the WAF edge
nodes.
Answer
A,C
What type of FastConnect supports configuring Oracle Cloud
Infrastructure Site-to-Site VPN for encryption ?
A. FastConnect Private Peering
B.
FastConnect Cross-Connect group
C.
FastConnect Partner
D.
FastConnect Public Peering
Answer
A
Which Virtual Cloud Network (VCN) configuration within a
region is valid to have successful local peering using a local peering gateway?
A. VCN1 with 10.0.0.0/16 and
VCN2 with 192.168.0.0/16
B.
vcN1 with 10.0.0.0/16 and
VCN2 with 10.0.0.0/24
C.
vcN1 with 192.168.0.0/24 and
VCN2 with 192.168.0.0/24
D.
VCN1 with 192.168.0.0/16 and
VCN2 with 192.168.0.0/24
E.
VCN1 with 10.0.0.0/16 and
VCN2 with 10.0.0.0/16
Answer
A
Which
solution enables you to privately connect two Virtual Cloud Networks (VCNS)
across different OCI regions without
routing traffic over the public Internet?
A.
Service Gateway
B. Remote Peering Connection
C.
Internet Gateway
D.
Local Peering Gateway
Answer
B
When configuring inter- tenancy virtual cloud network (VCN)
peering using local peering gateways (LPG), what OCID do you need from the
other tenancy in order to properly configure the Requestor and Acceptor
Identity Access Management (IAM) policies?
A. Tenancy OCID
B.
Cornpartment OCID
C.
Local Peering Gateway OCID
D.
Local Peering Connection OCID
E.
Virtual Cloud Network OCID
Answer
A
0 comments:
Post a Comment
If you have any doubts, please let me know. I will help you.