Oracle edusum oracle Cloud Infrastructure Certification Changed 1z0-1104-23 Questions by Kira q83 vce pdf

Page: 9 / 10

Exam Name:	Oracle Cloud Infrastructure 2023 Security Professional
Exam Code:	1z0-1104-23 Dumps
Vendor:	Oracle	Certification:	Oracle Cloud Infrastructure Certification
Questions:	167 Q&A's	Shared By:	kira

Question 36

Challenge 1 - Task 1 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario:

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a best security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Questions 36

Preconfigured:

To complete this requirement, you are provided with:

An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Complete the following tasks in the OCI environment provisioned:

Create Master Encryption Key with the name my_pbt_msk with 256 bits shape.
Create a Secret with the name my-pbt-secret_99234021-lab.user01 and secret content.

For example: If your user name is 99346163-lab.user02, then the secret should be named as my-pbt-secret_99346163-lab.user02.

Options:

Discussion

Question 37

Challenge 3 - Task 3 of 4

Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario

A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

• Configure a Virtual Cloud Network (VCN) and a Private Subnet.

• Provision a Compute Instance in the private subnet and enable Bastion Plugin.

• Create a Bastion and Bastion session.

• Connect to a compute instance using Managed SSH session.

Questions 37

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

1. Create a Bastion with the name SPPBTBASTION99233424-lab.user01

[Eliminate Specical Characters] Eg:SPPBTBASTION992831403labuser13

2. Create a Session with the name PBT-1-Session-01, for compute instance in private subnet, with default username as "opc"

Options:

Discussion

Yusra

I passed my exam. Cramkey Dumps provides detailed explanations for each question and answer, so you can understand the concepts better.

Alisha Aug 29, 2024

I recently used their dumps for the certification exam I took and I have to say, I was really impressed.

Kylo

What makes Cramkey Dumps so reliable? Please guide.

Sami Aug 29, 2024

Well, for starters, they have a team of experts who are constantly updating their material to reflect the latest changes in the industry. Plus, they have a huge database of questions and answers, which makes it easy to study and prepare for the exam.

Josie

I just passed my certification exam using their dumps and I must say, I was thoroughly impressed.

Fatimah Oct 24, 2024

You’re right. The dumps were authentic and covered all the important topics. I felt confident going into the exam and it paid off.

Sam

Can I get help from these dumps and their support team for preparing my exam?

Audrey Aug 29, 2024

Definitely, you won't regret it. They've helped so many people pass their exams and I'm sure they'll help you too. Good luck with your studies!

Question 38

Challenge 1 - Task 2 of 5

Authorize OCI Resources to Retrieve the Secret from the Vault

Scenario

You are working on a Python program running on a compute instance that needs to access an external service. To access the external service, the program needs credentials (password). Given that it is not a good security practice, you decide not to hard code the credential in the program. Instead, you store the password (secret) in a vault using the OCI Vault service. The requirement now is to authorize the compute instance so that the Python program can retrieve the password (secret) by making an API call to the OCI Vault.

Questions 38

Preconfigured:

To complete this requirement, you are provided with:

An OCI Vault to store the secret required by the program, which is created in the root compartment as PBT_Vault_SP.
An instance principal IAM service, which enables instances to be authorized actors (principals) that can retrieve the secret from the OCI Vault.
A dynamic group named PBT_Dynamic_Group_SP with permissions to access the OCI Vault. This dynamic group includes all of the instances in your compartment.
Access to Cloud Shell.
Permissions to perform only the tasks within the challenge.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1.

Complete the following task:

In the field below, write the IAM policy, which allows a program running on a computer instance (principal instance) to retrieve a secret from the OCI Vault.

Options:

Discussion

Question 39

Challenge 2

Least-Privileged Model Enforcement Leveraging Custom Security Zones

Scenario

In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the Security Zone if the action violates the attached Maximum Security Zone policy.

As an application requirement, the customer requires a compute instance in the public subnet. You, therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.

To complete this deployment, you have to perform the following tasks in the environment provisioned for you:

• Create a Custom Security Zone recipe to allow compute instances in the public subnet.

• Create a Security Zone using the Custom Security Zone recipe.

• Configure a Virtual Cloud Network (VCN) and Public Subnet.

• Provision a Compute Instance in the public subnet.

Questions 39

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1

Complete the following tasks in the provisioned OCI environment:

Create a Custom Recipe with the name
Create a Security Zone with the name
Create a VCN with the name IAD-SP-PBT-VCN-01
Create a Public Subnet with the name IAD-SP-PBT-PUBSNET-01
Create a Compute Instance with the name IAD-SP-PBT-1-VM-01, using the "Oracle Linux 8" image and "VM.Standard2.1" as shape

Options:

Discussion

Answer:

Answer:

See the solution below in Explanation.

Explanation:

Explanation:

SOLUTION:Task 1: Create a Custom Security Zone recipe that permits the creation of a VCN with a public subnet, Internet Gateway, and a public bucket.

Sign into your Oracle Cloud Infrastructure (OCI) account.
From the navigation menu, click Identity & Security. Navigate to Security Zones and click Recipes.
In the left navigation pane, under Scope, select from the drop-down menu.
Click Create Recipe.
On Create Recipe page, enter the following values: a. Recipe name: [Your Recipe Name] b. Description: My custom security zone recipe. c. Create for compartment: Select your compartment from the drop-down list. d. Click Next e. Policy type: All f. Resource type: VIRTUALNETWORK g. Uncheck
Click create.

Task 2: Use the Custom Security Zone recipe created in Task 1 to create a Security Zone for your assigned compartment.

From the navigation menu, select Identity & Security. Navigate to Security Zones and click Overview.
In the left navigation pane, under Scope, select from the drop-down menu.
Click Create Security Zone.
On the Create Security Zone page, enter the following values: a. Security Zone Recipe: Select Customer-managed to use Custom Security Zone Recipe. b. Select Security Zone Recipe [Your Recipe Name] in the working compartment. c. Name: [Your Security Zone Name] d. Description: My Custom Security Zone. e. Create for compartment: Select the working compartment from the drop-down list.
Click Create Security Zone. The new security zone is in the Creating state. It can take several minutes to associate the working compartment with the security zone. When finished, the security zone is in the Active state.
On the Security Zone information tab, you can view the attached [Your Recipe Name] recipe.

Task 3: Use the VCN wizard to create a VCN and ensure that the Custom Security Zone recipe allows for the creation of a public subnet and Internet Gateway.

From the navigation menu, select Networking, then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select from the drop-down menu.
Click Create VCN.
On the Configuration page, enter the following: a. Name: IAD-SP-PBT-VCN-01 b. IPv4 CIDR Blocks: 10.0.0.0/16 c. Note: Leave all the other options in their default setting.
Click Create VNC.
After Create VNC, click in Create Subnet
On the Configuration page, enter the following: a. Name: IAD-SP-PBT-PUBSNET-01 b. Subnet Type: Regional c. IPv4 CIDR Blocks: 10.0.1.0/24 d. Subnet Access: Public Subnet e. Leave all the other options in their default setting.
Click Create Subnet.

Task 4: Create a Computer Instance

From the navigation menu, select Compute and then click Instances.
Click Create Instance. In the Create Instance dialog box, provide the following details:
Click create.

Note: After a couple of minutes, you can see that the instance has been successfully created and the status Running.

Page: 9 / 10

Title

Questions

Posted

oracle.certkiller.1z0-1104-23 exam questions tutorials.by bjorn.q37.vce.pdf

2024-10-06

oracle.certleader.1z0-1104-23 reviews questions.by essa.q46.vce.pdf

2024-10-21

oracle.pass4test.1z0-1104-23 premium exam questions.by matias.q64.vce.pdf

2024-11-10

oracle.passguide.oracle cloud infrastructure certification 1z0-1104-23 passing score.by ivy-mae.q9.vce.pdf