1z0-1104-23試験無料問題集（172題）「Oracle Cloud Infrastructure 2023 Security Professional 認定」

出題：1

As a cloud network administrator, you have been tasked with defining ingress and egress access rules for microservices deployed as functions in Oracle Functions. In addition to defining some general access rules in the subnet's security list, you define more fine-grained rules for different functions using Oracle Cloud Infrastructure (OCI) Network Security Groups (NSGs). Once the NSGs are created, where should they be attached in order to apply to a specific deployed function? (Choose the best Answer.)

A. The pod hosting the application

B. The function itself

C. The function's docker container

D. The application hosting the function

正解：D 解答を投票する

出題：2

Challenge 4 - Task 1 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Create a VCN using wizard with the name IAD-WAF-PBT-VCN-01

正解：

See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select <your working compartment> from the drop-down menu.
Click Start VCN Wizard.
Select Create VCN with Internet Connectivity and click Start VCN Wizard.
On the Configuration page, enter the following:
a) Name: IAD-WAF-PBT-VCN-01
b) Note: Leave all the other options in their default setting.
c) Click Next.
d) Verify the details on the Review and Create page.
Click Create to start creating the VCN and its resources.
Click View Virtual Cloud Network to verify the creation of the VCN and its resources.
You can now see that the VCN has been successfully created and is in the Available state, with the following components:
VCN
Public subnet
Private subnet
Internet gateway
NAT gateway
Service gateway
This format keeps the instructions intact while preserving the original content.

出題：3

Which IAM policy should be created to give XYZ the ability to list contents of a resource excluding the fneeds to authenticatein prod compartment ? Principle of least priviledge should be used.

A. Allow group XYZ to manage all resources in compartment != prod

B. Allow group XYZ to read all resources in tenancy where target.compartment.name != prod

C. Allow group XYZ to inspect all resources in tenancy where target.compartment.name != prod

D. Allow group XYZ to use all resources in compartment != prod

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Which Cloud Guard component identifies issues with resources or user actions and alerts you when an issue is found?

A. Detectors

B. Problems

C. Responders

D. Targets

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Your company will transfer a fleet of 12 servers from on-premises to Oracle Cloud Infra-structure (OCI). The fleet will include two webservers. All 12 servers will be in the same sub-net, and share the exact same security permissions, with the only exception being the two web servers. In addition to the same permissions of the other 10 servers, they will have ports 80 and 443 enabled. The security policy must be hardened to ensure that only those two servers have those ports open. What should your configuration actions be for this scenario? (Choose the best Answer.)

A. Configure an OCI Load Balancer that has the two web servers as the backend servers with a health check policy that constantly monitors port 80 and port 443.

B. In the OCI Web Application Firewall, configure a traffic steering policy that grants access to ports 80 and 443 to the two web servers.

C. Configure a Network Security Group that includes all necessary permissions for all 12 servers Then configure the Security List that grants access to ports 80 and 443. Assign the Security List to the VNICS of the web servers.

D. Configure a Security List that includes all necessary permissions for all 12 servers. Then configure a Network Security Group that grants access to ports 80 and 443. As-sign the. Network Security Group to the VNICs of the two web servers.

正解：D 解答を投票する

出題：6

What does the following identity policy do?
Allow group my-group to use fn-invocation in compartment ABC where target.function.id = '<function-OCID>'

A. Enables users to invoke just one specific function

B. Enables users to invoke all the functions in a specific application

C. Enables users in a group to create, update, and delete ALL applications and functions in a compartment

D. Enables users to invoke all the functions in a compartment except for one specific function

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

You have created several Oracle Cloud Infrastructure Groups with the prefix of 'Test' in your tenancy. For example TestECommerce, TestCatalog, and TestAdministration. You want to create another group called TestGroupsAdmin to manage all the groups that start with "Test" except for the group TestAdministration.? (Choose the best Answer.)

A. allow group TestGroupsAdmin to manage groups in tenancy where all {tar-get.group.name = / Test*/.target.group.name != 'TestAdministration'}

B. allow group TestGroupsAdmin to manage groups in tenancy where any {tar-get.group.name = / Test* /,target.group.name 1= Li 'TestAdministration}

C. allow group TestGroupsAdmin to manage groups in tenancy where tar-get.group.name%D/Test*/ && !(target.group.name = `--1 'TestAdministration')

D. allow group TestGroupsAdmin to manage groups in tenancy where target.group.name = /Test*/ and = 'TestAdministration')

正解：A 解答を投票する

出題：8

Which tasks can you perform on a dedicated virtual machine host?

A. Instance configurations

B. Capacity reservations

C. Manual scaling

D. Creating instance pools

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

Select the component that encompasses the overall configuration of your WAF service on OCI.

A. Origin

B. Protection rules

C. Bot Management

D. Web Application Firewall policy

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Which cache rules criterion matches if the concatenation of the requested URL path and query are identical to the contents of the value field?

A. URL_IS

B. URL_STARTS_WITH

C. URL_PART_CONTAINS

D. URL_PART_ENDS_WITH

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

1z0-1104-23試験無料問題集「Oracle Cloud Infrastructure 2023 Security Professional 認定」