Latest [Feb 09, 2024] 100% Passing Guarantee – Brilliant 1z0-1104-23 Exam Questions PDF [Q97-Q111]

NEW QUESTION 97
Which of the following is necessary step when creating a secret in vault?

NEW QUESTION 98
You subscribe to a PaaS service that follows the Shared Responsibility model.
Which type of security is your responsibility?

NEW QUESTION 99
With regard to vulnerability and cloud penetration testing, which rules of engagement apply? Select TWO correct answers.

NEW QUESTION 100
Oracle Object Storage achieves data durability by which of the mechanisms ? Select TWO correct answers

NEW QUESTION 101
Challenge 2
Least-Privileged Model Enforcement Leveraging Custom Security Zones
Scenario
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the Security Zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You, therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Create a Custom Security Zone recipe to allow compute instances in the public subnet.
* Create a Security Zone using the Custom Security Zone recipe.
* Configure a Virtual Cloud Network (VCN) and Public Subnet.
* Provision a Compute Instance in the public subnet.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
Create a Custom Recipe with the name
Create a Security Zone with the name
Create a VCN with the name IAD-SP-PBT-VCN-01
Create a Public Subnet with the name IAD-SP-PBT-PUBSNET-01
Create a Compute Instance with the name IAD-SP-PBT-1-VM-01, using the “Oracle Linux 8” image and “VM.Standard2.1” as shape

NEW QUESTION 102
Challenge 1 – Task 4 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Complete the following tasks in the OCI environment provisioned:
Create a Linux Instance with the name [Provide Name Here] within the compartment.
Under placement, select the availability domain AD2.
Select Shape as VM.Standard2.1.
Provide your own public key to SSH the instance.

NEW QUESTION 103
What is the configuration to avoid publishing messages during the specified time range known as?

NEW QUESTION 104
A company has OCI tenancy which has mount target associated with two 1 punto File Systems, CG_1 and CG_2. These File Systems are accessed by IPbased clients AB_1 and AB_2 respectively. As a security administrator, how can you provide access to both clients such that CGI has Read only access on AB1 and CG_2 has Read/Write access on AB_2? OR In your Oracle Cloud Infrastructure (OCI) tenancy, you have a mount target that is associated with two file systems, IS A and rs a. These file systems are being accessed by two IP-based clients, CT_A and CT_B respectively. You need to provide access to both clients, such that CT_A has Read and Write access on FS _A and CT_B has Read Only access on FS_B. Which option would you use? (Choose the best Answer.)

NEW QUESTION 105
Operations team has made a mistake in updating the secret contents and immediately need to resume usingolder secret contents in OCI Secret Management within a Vault.
As a Security Administrator, what step should you perform to rollback to last version? Select TWO correct answers.

NEW QUESTION 106
What must be configured for a load balancer to accept incoming traffic?

NEW QUESTION 107
What must be configured for a load balancer to accept incoming traffic?

NEW QUESTION 108
When configuring inter-tenancy virtual cloud network (VCN) peering using local peering gateways (LPG), which OCID do you need from the other tenancy to properly configure the Requestor and Acceptor identity Access Management (IAM) policies? (Choose the best Answer.)

NEW QUESTION 109
As a security administrator, you want to create cloud resources that alignwith Oracle’s security principles and best practices. Which security service should you use?

NEW QUESTION 110
Challenge 4 – Task 5 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style=”background:url(javascript:alert(1))”](http://<public- ip-enforcement-point>/index.html?<p style=”background:url(javascript:alert(1))”>) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
1. Create a Protection Rule with name WAF-PBT-XSS-Protection against XSS attack. for protecting web server
2. Create a New Rule Action with name WAF-PBT-XSS-Action where http response code will be 503 (Service Unavailable).

NEW QUESTION 111
As a solutions architect, you need to assist operations team to write an I AM policy to give users in group-uat1 and group- uat2 access to manage all resources in the compartment Uat. Which is the CORRECT IAM policy
?