Free Oracle 1z0-1104-23 Practice Test & Real Exam Questions
What is the matching rule syntax for a single condition?


Correct Answer: A
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
Challenge 1 - Task 5 of 5
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Authorize OCI Resources to Retrieve the Secret from the Vault
Scenario
You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Preconfigured
To complete this requirement, you are provided with:
An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.
Correct Answer:
See the solution below in Explanation
Explanation:
SOLUTION:
Select the Developer Tools icon at the right of the OCI console header and click Cloud Shell to launch your Cloud Shell.
While Cloud Shell is launching, take a moment to locate the public and private keys that you downloaded to your workstation in the previous section.
Example Public Key name: ssh-key-<date>.key.pub
Example Private Key name: ssh-key-<date>.key
Once the Cloud Shell window is open, upload the private key to the Cloud Shell:
Click the Settings icon in the top-right corner of the Cloud Shell window and click Upload.
Navigate to and select the private key. Either drag the private key to the Drop a file window or click Select from your computer, select the private key, and click Upload.
Change the private key permissions by issuing the following command:
chmod 400 <private key name>.key
Retrieve the Public IP address of the instance that you created in the previous section and paste it to connect to the instance using the opc user in the Cloud Shell.
ssh -i <private key name> opc<public IP address of instance>
After connecting to the compute instance, run the following commands to install/verify Python and OCI CLI packages on the Linux Instance.
sudo dnf -y install oraclelinux-developer-release-el8
sudo dnf install python36-oci-cli
After installing Python and the required dependencies, download the Python script to retrieve the secret.
wget https://objectstorage.us-ashburn-1.oraclecloud.com/n/ocuocictrng5/b/PBT_Storage/o/getsecret.py Open a Python file with a nano editor.
nano getsecret.py
In the Python script, replace the secret ID ocid with your secret ID.
Replace secret id value below with the ocid of your secret secret id = <secret id> For example: Secret id = "ocid1.vaultsecret.oci.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Note: if you have not already copied the secret ID, go to Vault and select the Secret link from the resources. Then, in List Scope, choose <your working compartment>, click your secret key, and copy the OCID.
To save the script hit:
Ctrl+o > Enter [To write/save]
Ctrl+x > Yes > Enter [To exit]
Make the getsecret .py script executable.
chmod +x getsecret.py
Run the following command to retrieve the secret:
python getsecret.py
The secret content created in the vault has been retrieved by the application running on the instance. Instance Principal and the Vault enable you to abstract the difficulty of developing your own security strategy for storing and encrypting passwords and other sensitive information.
Explanation:
SOLUTION:
Select the Developer Tools icon at the right of the OCI console header and click Cloud Shell to launch your Cloud Shell.
While Cloud Shell is launching, take a moment to locate the public and private keys that you downloaded to your workstation in the previous section.
Example Public Key name: ssh-key-<date>.key.pub
Example Private Key name: ssh-key-<date>.key
Once the Cloud Shell window is open, upload the private key to the Cloud Shell:
Click the Settings icon in the top-right corner of the Cloud Shell window and click Upload.
Navigate to and select the private key. Either drag the private key to the Drop a file window or click Select from your computer, select the private key, and click Upload.
Change the private key permissions by issuing the following command:
chmod 400 <private key name>.key
Retrieve the Public IP address of the instance that you created in the previous section and paste it to connect to the instance using the opc user in the Cloud Shell.
ssh -i <private key name> opc<public IP address of instance>
After connecting to the compute instance, run the following commands to install/verify Python and OCI CLI packages on the Linux Instance.
sudo dnf -y install oraclelinux-developer-release-el8
sudo dnf install python36-oci-cli
After installing Python and the required dependencies, download the Python script to retrieve the secret.
wget https://objectstorage.us-ashburn-1.oraclecloud.com/n/ocuocictrng5/b/PBT_Storage/o/getsecret.py Open a Python file with a nano editor.
nano getsecret.py
In the Python script, replace the secret ID ocid with your secret ID.
Replace secret id value below with the ocid of your secret secret id = <secret id> For example: Secret id = "ocid1.vaultsecret.oci.iad.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Note: if you have not already copied the secret ID, go to Vault and select the Secret link from the resources. Then, in List Scope, choose <your working compartment>, click your secret key, and copy the OCID.
To save the script hit:
Ctrl+o > Enter [To write/save]
Ctrl+x > Yes > Enter [To exit]
Make the getsecret .py script executable.
chmod +x getsecret.py
Run the following command to retrieve the secret:
python getsecret.py
The secret content created in the vault has been retrieved by the application running on the instance. Instance Principal and the Vault enable you to abstract the difficulty of developing your own security strategy for storing and encrypting passwords and other sensitive information.
Which tasks can you perform on a dedicated virtual machine host?
Correct Answer: C
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
A company has OCI tenancy which has mount target associated with two File Systems, CG_1 and CG_2. These FileSystems are accessed by IP-based clients AB_1 and AB_2 respectively. As a security administrator, how can you provide access to both clients such that CGI has Read only access on AB1 and CG_2 has Read/Write access on AB_2?
Correct Answer: A,B
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
Which are the three prerequisites for successfully configuring a Bastion managed SSH ses-sion to a compute instance in a private subnet? (Choose three.)
Correct Answer: A,B,C
Vote an answer
Which statement about Oracle Cloud Infrastructure Multi-Factor Authentication (MFA)is NOT valid?
Correct Answer: A
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
How can you restrict access to OCI console from unknown IP addresses?
Correct Answer: B
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
How do you enable server-side encryption in an Oracle Cloud Infrastructure (OCI) Object Storage bucket? (Choose the best Answer.)
Correct Answer: C
Vote an answer
Which OCI cloud service lets you centrally manage the encryption keys thatprotect your data and the secret credentials that you use to securely access resources?
Correct Answer: B
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
What are Virtual Cloud Network (VCN) flow logs record details about traffic that has been accepted or rejected, based on? (Choose the best Answer.)
Correct Answer: A
Vote an answer
What are the security recommendations and best practices for Oracle Functions?
Correct Answer: C
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
Which is NOT a compliance document?
Correct Answer: D
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
Which two services can leverage Vault symmetric encryption keys for data-at-rest? (Choose two.) OR Which OCI services can encrypt all data-at-rest? (Choose two.)
Correct Answer: E,F
Vote an answer
Challenge 4 - Task 3 of 6
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Go to the VCN IAD-WAF-PBT-VCN-01.
Create a Security List with the name IAD-SP-PBT-LB-SL-01.
Create a Public subnet named LB-Subnet-IAD-SP-PBT-SNET-02 and attach the above-created security list.
Create a Load Balancer with the name IAD-SP-PBT-LB-01.
Create a Listener Name with the name IAD_SP_PBT_LB_LISN_01.
Add appropriate Ingress and Egress rules to IAD-SP-PBT-LB-SL-01, to allow http traffic to the Load Balancer subnet.
Configure Web Application Firewall to Protect Web Server Against XSS Attack Scenario You have to protect web applications hosted on OCI from cross-site scripting (XSS) attacks. You can use the OCI Web Application Firewall (WAF) capabilities to create rules that compare against incoming requests to determine if the request contains an XSS attack payload. If a request is determined to be an attack, WAF should return the HTTP Service Unavailable (503) error.
To ensure that the configured WAF blocks the XSS attack, run the following script: [http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))"](http://<public- ip-enforcement-point>/index.html?<p style="background:url(javascript:alert(1))">) To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
Configure a Virtual Cloud Network (VCN)
Create a Compute Instance and install the Web Server
Create a Load Balancer and update Security List
Create a WAF policy
Configure Protection Rules against XSS attacks
Verify the created environment against XSS attacks

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Complete the following task in the provisioned OCI environment:
Go to the VCN IAD-WAF-PBT-VCN-01.
Create a Security List with the name IAD-SP-PBT-LB-SL-01.
Create a Public subnet named LB-Subnet-IAD-SP-PBT-SNET-02 and attach the above-created security list.
Create a Load Balancer with the name IAD-SP-PBT-LB-01.
Create a Listener Name with the name IAD_SP_PBT_LB_LISN_01.
Add appropriate Ingress and Egress rules to IAD-SP-PBT-LB-SL-01, to allow http traffic to the Load Balancer subnet.
Correct Answer:
See the solution below in Explanation
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select <your assigned compartment> from the drop-down menu.
Click IAD-WAF-PBT-VCN-01 from the list of VCNs.
In the left navigation pane, under Resources, click Security Lists.
Click Create Security List.
In the Create Security List dialogue box, enter the following: a) Name: IAD-SP-PBT-LB-SL-01 b) Do not add any ingress or egress rules. c) Click Create Security List.
In the left navigation pane, under Resources, click Subnets.
Click Create Subnet.
In the Create Subnet dialogue box, enter the following: a) Name: LB-Subnet-IAD-SP-PBT-SNET-02 b) Create in Compartment: <your working compartment name> c) Subnet Type: Regional d) IPv4 CIDR Block: 10.0.4.0/24 e) Security List: From the drop-down menu, select the Security List you had created earlier, IAD-SP-PBT-LB-SL-01.
Click Create Subnet.
You now see that the subnet has been created successfully.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
Explanation:
SOLUTION:
From the navigation menu, select Networking and then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select <your assigned compartment> from the drop-down menu.
Click IAD-WAF-PBT-VCN-01 from the list of VCNs.
In the left navigation pane, under Resources, click Security Lists.
Click Create Security List.
In the Create Security List dialogue box, enter the following: a) Name: IAD-SP-PBT-LB-SL-01 b) Do not add any ingress or egress rules. c) Click Create Security List.
In the left navigation pane, under Resources, click Subnets.
Click Create Subnet.
In the Create Subnet dialogue box, enter the following: a) Name: LB-Subnet-IAD-SP-PBT-SNET-02 b) Create in Compartment: <your working compartment name> c) Subnet Type: Regional d) IPv4 CIDR Block: 10.0.4.0/24 e) Security List: From the drop-down menu, select the Security List you had created earlier, IAD-SP-PBT-LB-SL-01.
Click Create Subnet.
You now see that the subnet has been created successfully.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1.
You have three compartments: ProjectA, ProjectB, and ProjectC. For each compartment, there is an admin group set up: A-Admins, B-Admins, and C-Admins. Each admin group has full access over their respective compartments as shown in the graphic below. Your organization has set up a tag namespace, EmployeeGroup.Role and all your admin groups are tagged with a value of 'Admin'.
You want to set up a "Test" compartment for members of the three projects to share, and need to give admin aress to all three of your existing admin groups. Which policy should you write to accomplish this task? (Choose the best Answer.)
You want to set up a "Test" compartment for members of the three projects to share, and need to give admin aress to all three of your existing admin groups. Which policy should you write to accomplish this task? (Choose the best Answer.)
Correct Answer: B
Vote an answer
