oracle 1z0-1104-21 practice test

Oracle Cloud Infrastructure Security 2021 Associate Exam

Last exam update: Feb 21 ,2024
Page 1 out of 7. Viewing questions 1-15 out of 94

Question 1

Which statement about Oracle Cloud Infrastructure Multi-Factor Authentication (MFA) is NOT valid?

  • A. Users cannot disable MFA for themselves.
  • B. A user can register only one device to use for MFA.
  • C. Users must install a supported authenticator app on the mobile device they intend to register for MFA.
  • D. An administrator can disable MFA for another user.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which Security Zone policy is NOT valid?

  • A. A boot volume can be moved from a security zone to a standard compartment.
  • B. A compute instance cannot be moved from a security zone to a standard compartment.
  • C. Resources in a security zone should not be accessible from the public internet.
  • D. Resources in a security zone must be automatically backed up regularly.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

You have configured the Management Agent on an Oracle Cloud Infrastructure (OCI) Linux instance
for log ingestion purposes.
Which is a required configuration for OCI Logging Analytics service to collect data from multiple logs
of this Instance?

  • A. Log - Log Group Association
  • B. Entity - Log Association
  • C. Source - Entity Association
  • D. Log Group - Source Association
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which Oracle Data Safe feature minimizes the amount of personal data and allows internal test,
development, and analytics teams to operate with reduced risk?

  • A. data auditing
  • B. data encryption
  • C. security assessment
  • D. data masking
  • E. data discovery
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%

Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 5

You are using a custom application with third-party APIs to manage application and data hosted in an
Oracle Cloud Infrastructure (OCI) tenancy. Although your third-party APIs don't support OCI's
signature-based authentication, you want them to communicate with OCI resources. Which
authentication option must you use to ensure this?

  • A. OCI username and Password
  • B. API Signing Key
  • C. SSH Key Pair with 2048-bit algorithm
  • D. Auth Token
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

In which two ways can you improve data durability in Oracle Cloud Infrastructure Object Storage?

  • A. Setup volumes in a RAID1 configuration
  • B. Enable server-side encryption
  • C. Enable Versioning
  • D. Limit delete permissions
  • E. Enable client-side encryption
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%

Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 7

You want to make API calls against other OCI services from your instance without configuring user
credentials. How would you achieve this?

  • A. Create a dynamic group and add a policy.
  • B. Create a dynamic group and add your instance.
  • C. Create a group and add a policy.
  • D. No configuration is required for making API calls.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
DYNAMIC GROUP
Dynamic groups allow you to groupOracle Cloud Infrastructureinstances as principal actors, similar
to user groups. You can then create policies to permit instances in these groups to make API calls
againstOracle Cloud Infrastructureservices. Membership in the group is determined by a set of
criteria
you
define,
calledmatching
rules.
https://docs.cloud.oracle.com/en-
us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Which statement is true about Oracle Cloud Infrastructure (OCI) Object Storage server-side
encryption?

  • A. All the traffic to and from object storage is encrypted by using Transport Layer Security.
  • B. Encryption is not enabled by default.
  • C. Customer-provided encryption keys are never stored in OCI Vault service.
  • D. Each object in a bucket is always encrypted with the same data encryption key.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which statement is true about origin management in WAF?
Statement A: Multiple origins can be defined.
Statement B: Only a single origin can be active for a WAF.

  • A. Only statement B is true.
  • B. Both the statements are false.
  • C. Both the statements are true.
  • D. Only statement A is true.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which of these protects customer data at rest and in transit in a way that allows customers to meet
their security and compliance requirements for cryptographic algorithms and key management?

  • A. Security controls
  • B. Customer isolation
  • C. Data encryption
  • D. Identity Federation
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
DATA ENCRYPTION
Protect customer data at-rest and in-transit in a way that allows customers to meet their security and
compliance requirements for cryptographic algorithms and key management.
https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_overview.htm

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

What is the minimum active storage duration for logs used by Logging Analytics to be archived?

  • A. 60 days
  • B. 10 days
  • C. 30 days
  • D. 15 days
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
https://docs.oracle.com/en-us/iaas/logging-analytics/doc/manage-storage.html#:~:text=The%20minimum%20Active%20Storage%20Duration,be%20archived%20is%20
30%20days
.
The minimum Active Storage Duration (Days) for logs before they can be archived is30 days.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

Which components are a part of the OCI Identity and Access Management service?

  • A. Policies
  • B. Regional subnets
  • C. Compute instances
  • D. VCN
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/overview.htm

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Which WAF service component must be configured to allow, block, or log network requests when
they meet specified criteria?

  • A. Protection rules
  • B. Bot Management
  • C. Origin
  • D. Web Application Firewall policy
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Protection rules
Protection rules can be configured to either allow, block, or log network requests when they meet
the specified criteria of a protection rule. The WAF will observe traffic to your web application over
time and suggest new rules to apply.
https://www.oracle.com/security/cloud-security/what-is-waf/

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Which statement is true about standards?

  • A. They may be audited.
  • B. They are result of a regulation or contractual requirement or an industry requirement.
  • C. They are methods and instructions on how to maintain or accomplish the directives of the policy.
  • D. They are the foundation of corporate governance.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Which cache rules criterion matches if the concatenation of the requested URL path and query are
identical to the contents of the value field?

  • A. URL_PART_CONTAINS
  • B. URL_IS
  • C. URL_PART_ENDS_WITH
  • D. URL_STARTS_WITH
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
URL_IS:Matches if the concatenation of request URL path and query is identical to the contents of
thevaluefield. URL must start with a/.
https://docs.oracle.com/en-us/iaas/tools/terraform-provider-oci/4.57.0/docs/d/waas_waas_policy.html

Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2