Monday, February 14, 2022

OCI Cloud Security Associate 2021 1Z0-1104-21 Exam Questions Part 2

     No comments

 


Your company has implemented a new VPN connection policy, three months after you connected your on-premises network to Oracle Cloud Infrastructure. Your chief security officer has instructed you to edit the IPSec connection and replace the shared secrets with the new ones that he provided you. Where do you edit the shared secrets?

A.      Individual tunnels

B.      Customer Premises Equipment

C.      IPSEC connection

D.      Dynamic Routing Gateway

Answer

C

 Which value must an application have to retrieve a secret bundle from Oracle Cloud Infrastructure?

A.      Vault OCID

B.      Bundle OCID

C.      Key OCID

D.      Secret OCID

Answer

A

Hardware Security Modules (HSMS) in Oracle Key Management meet which Federal Information Processing Standard (FIPS) standard security certification that requires HSMS to be temper- resistance and authentication to be identity based?

A.      FIPS 140-3 Level 3

B.      FIPS 140-2 Level 3

C.      FIPS 140-1 Level

D.      FIPS 140-2 Level 2

Answer

B

You have created several Oracle Cloud Infrastructure Groups with the prefix of 'Test' in your tenancy. For example, TestEcommerce, Testcatalog, and TestAdministration. You want to create another group called TestGroupsAdmin to manage all the groups that start with "Test" except for the group TestAdministration.

A.      allow group TestGroupsAdmin to manage groups in tenancy where

target.group.name%D/Test*/ && !(target.group.name = 'TestAdministration')

B.      allow group TestGroupsAdmin to manage groups in tenancy where all

{target.group.name = / Test*/.target.group.name != 'TestAdministration'}

C.      allow group TestGroupsAdmin to manage groups in tenancy Where any

{target.group.name = / Test* /,target.group.name l= 'TestAdministration}

D.      allow group TestGroupsAdmin to manage groups in tenancy where

target.group.name = /Test*/ and = 'TestAdministration') 

Answer

B

Your company has hired a consulting firm to audit your Oracle Cloud Infrastructure activity and configuration. You have created a set of OCI Users who will be performing the audit. You assigned these Users to the OrgAuditgrp group. The auditors require the ability to                                       see the configuration of all resources within the tenant. You have agreed to exempt the Dev compartment from the audit. You must follow the least privilege principle. Which IAM policy should be created to grant the orgAuditGrp the ability to look at configuration for all resources, except for those resources inside the Dev compartment?

 

A.      allow group OrgAuditGrp to inspect all-resources in tenancy

where target.compartment.name != 'Dev'

B.      allow group OrgAuditGrp to read all-resources in tenancy

where target.compartment.name != 'Dev'

C.      allow group OrgAuditGrp to read all-resources in

compartment !! = Dev

D.      allow group OrgAuditGrp to inspect all-resources in

compartment ! = Dev

Answer

A

Which two services can leverage Vault symmetric encryption keys for data-at-rest?

A.      Load Balancer

B.      Block volume 

C.      API Gateway

D.      Object Storage

E.       CDN

F.       WAF

Answer

B,D

You want to enable Cloud Guard in your tenancy. Which is NOT a prerequisite?

A.      Ensure that you have a paid tenancy.

B.      Add the required IAM policy for the user to access Cloud Guard.

C.      Install the monitoring agent on the instances you want to monitor.

D.      Create IAM policies that allow Cloud Guard to read Oracle Cloud Infrastructure (OCI) resources.

Answer

C

You have subscribed to a tenancy, in which you want to isolate the OCI resources from different users logically for governance. Which OCI resource will help you achieve logical separation?

A.      Fault Domain

B.      Availability Domain

C.      Compartment

D.      Dynamic Group

E.       Group

Answer

C

In OCI Secret management within a Vault, you have created a secret and rotated the secret one time. The current version state shows:

Version Number | Status

2 (latest)              | Current

1                           | Previous

In order to rollback to version 1, what should the Administrator do?

A.      From the version 1 menu, select "Promote to Current".

B.      From the version 2 (latest) menu, select "Rollback..." and select version 1 when given the option.

C.      Deprecate version 2 (latest). Create new Secret Version 3. Create soft link from version 3 to version 1.

D.      Create a new secret version 3 and set top ding. Copy the contents of Version 1 into version 3.

Answer

A

Which three resources are required to encrypt a Block Volume with a Customer-managed key?

A.      Symmetric Master Enctyption Key

B.      IAM Policy allowing service blockstorage to use keys

C.      a Vault

D.      a Secret

E.       Maximum Security Zone

F.       Block Key

Answer

A,B,C

0 comments:

Post a Comment

If you have any doubts, please let me know. I will help you.