1z0-1104-22試験無料問題集（95題）「Oracle Cloud Infrastructure 2022 Security Professional 認定」

出題：1

your company has hired a consulting firm to audit your oracle cloud infrastructure activity and configuration you have created a set of users who will be performing the audit, you assigned these user to the orgauditgrp group. the auditor required the ability to see the configuration of all resources within tenant and you have agreed to exempt the dev compartment from the audit.
which IAM policy should be created to grant the orgauditgrp the ability to look at configuration for all resources except for those resources inside the dev compartment?

A. allow group orgauditgrp to inspect all-resources in compartment !=dev

B. allow group orgauditgrp to inspect all-resources in tenancy where target compartment.name !=dev

C. allow group orgauditgrp to read all-resources in compartment !=dev

D. allow group orgauditgrp to read all-resources in tenancy where target.compartment.name !=dev

正解：B 解答を投票する

出題：2

As a security administrator, you found out that there are users outside your co network who are accessing OCI Object Storage Bucket. How can you prevent these users from accessing OCI resources in corporate network?

A. Create an 1AM policy and create WAF rules

B. Create PAR to restrict access the access

C. Make OCI resources private instead of public

D. Create an 1AM policy and add a network source

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

you want to create a stateless rule for SSH in security list and the ingress role has already been properly configured what combination should you use on the engress role what commination should you use on the egress rule?

A. select tcp for protocol: enter 22 for source port" and all for destination port

B. select udp for protocol: enter 22 for source port" and all for destination port

C. select tcp for protocol: enter 22 for source port" and 22 for destination port

D. select tcp for protocol: enter all for source port" and 22 for destination port.

正解：D 解答を投票する

出題：4

You create a new compartment, "apps," to host some production apps and you create an apps_group and added users to it.
What would you do to ensure the users have access to the apps compartment?

A. No action is required.

B. Add an IAM policy for the individual users to access the apps compartment.

C. Add an IAM policy for apps_group granting access to the apps compartment.

D. Add an lAM policy to attach tenancy to the apps group.

正解：C 解答を投票する

出題：5

You want to make API calls against other OCI services from your instance without configuring user credentials. How would you achieve this?

A. No configuration is required for making API calls.

B. Create a group and add a policy.

C. Create a dynamic group and add a policy.

D. Create a dynamic group and add your instance.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which IAM policy should be created to give XYZ the ability to list contents of a resource excluding the f needs to authenticate in prod compartment ? Principle of least priviledge should be used.

A. Allow group XYZ to manage all resources in compartment != prod

B. Allow group XYZ to read all resources in tenancy where target.compartment.name != prod

C. Allow group XYZ to inspect all resources in tenancy where target.compartment.name != prod

D. Allow group XYZ to use all resources in compartment != prod

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Which type of software do you use to centrally distribute and monitor the patch level of systems throughout the enterprise?

A. Web Application Firewall

B. Recovery Manager software

C. Network Monitor software

D. Patch Management software

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Which statements are CORRECT about Security Zone policy in OCI ? Select TWO correct answers

A. Resources in a security zone must be accessible from internet

B. Resources in a security zone must be encrypted using customer-managed keys

C. Block volume can be moved from a security zone to a standard compartment

D. Bucket can't be moved from a security zone to a standard compartment

正解：B,D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

As a lead Security Architect, you have tasked to restrict access to and from the worker nodes in pods running in Oracle Container Engine for Kubernetes?

A. Cloud Guard

B. Vulnerability Scanning

C. Security Lists

D. Identity and Access Management

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

When using Management Agent to collect logs continuously, which is the required configuration for OCI Logging Analytics to retrieve data from numerous logs for an instance?

A. Source-Entity Association

B. Entity - Source Association

C. Agent - Entity Association

D. Entity - Agent Association

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

1z0-1104-22試験無料問題集「Oracle Cloud Infrastructure 2022 Security Professional 認定」