최신 1z0-1104-23 무료덤프 - Oracle Cloud Infrastructure 2023 Security Professional
What does the following identity policy do?
Allow group my-group to use fn-invocation in compartment ABC where target.function.id = '<function-OCID>'
Allow group my-group to use fn-invocation in compartment ABC where target.function.id = '<function-OCID>'
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
Challenge 3 - Task 1 of 4
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Configure a Virtual Cloud Network (VCN) and a Private Subnet.
* Provision a Compute Instance in the private subnet and enable Bastion Plugin.
* Create a Bastion and Bastion session.
* Connect to a compute instance using Managed SSH session.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
Create a Virtual Cloud Network (VCN) with the name PBT-BAS-VCN-01
Create a Private Subnet with the name PBT-BAS-SNET-01
Create a Service Gateway with the name PBT-BAS-SG-01, using the service "All IAD Services in Oracle Services Network" Add Route Rules for Service Gateway
Set Up a Bastion Host to Access the Compute Instance in a Private Subnet Scenario A compute instance is provisioned in a private subnet that is not accessible through the Internet. To access the compute instance resource in a private subnet, you must provide a time-bound SSH session without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Configure a Virtual Cloud Network (VCN) and a Private Subnet.
* Provision a Compute Instance in the private subnet and enable Bastion Plugin.
* Create a Bastion and Bastion session.
* Connect to a compute instance using Managed SSH session.
Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99233424-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
Create a Virtual Cloud Network (VCN) with the name PBT-BAS-VCN-01
Create a Private Subnet with the name PBT-BAS-SNET-01
Create a Service Gateway with the name PBT-BAS-SG-01, using the service "All IAD Services in Oracle Services Network" Add Route Rules for Service Gateway
정답:
See the solution below in Explanation
Explanation:
Solutions:
Sign in to your OCI free tier account.
Select Networking from the navigation menu and click Virtual Cloud Networks (VCNs).
Select your working compartment under List Scope from the drop-down menu in the left navigation pane.
Click Create VCN.
In the Create a Virtual Cloud Network dialogue box, enter the following details:
a. Name: PBT-BAS-VCN-01
b. IPV4CIDR Blocks: 10.0.0.0/16 c. Note: Leave all the other options in their default setting.
d. Click Create VCN. You can now see that the VCN has been created successfully.
Click Create Subnet.
In the Create Subnet dialogue box, enter the following details:
a. Name: PBT-BAS-SNET-01
b. Subnet Type: Regional
c. IPV4CIDR Blocks: 10.01.0/24 d. Subnet Access: Private Subnet
e. Note: Leave all the other options in their default setting.
f. Click Create Subnet. You can see that the subnet has been created successfully.
Under Resources, click Service Gateways in the left navigation pane.
Click Create Service Gateway and enter the following details:
a. Name: PBT-BAS-SG-01
b. Services: All <region> Services in Oracle Services Network.
c. Click Create Service Gateway. You can see that the service gateway has been created successfully.
d. Click Close.
Under Resources, click Route Tables in the left navigation pane.
Click the Default Route Table from the list.
Click Add Route Rules and enter the following values:
a. Target Type: Service Gateway
b. Destination Service: All <region> Services in Oracle Services Network.
c. Target Service Gateway: PBT-BAS-SG-01
d. Description: Description for Service gateway route rule e. Click Add Route Rules
Explanation:
Solutions:
Sign in to your OCI free tier account.
Select Networking from the navigation menu and click Virtual Cloud Networks (VCNs).
Select your working compartment under List Scope from the drop-down menu in the left navigation pane.
Click Create VCN.
In the Create a Virtual Cloud Network dialogue box, enter the following details:
a. Name: PBT-BAS-VCN-01
b. IPV4CIDR Blocks: 10.0.0.0/16 c. Note: Leave all the other options in their default setting.
d. Click Create VCN. You can now see that the VCN has been created successfully.
Click Create Subnet.
In the Create Subnet dialogue box, enter the following details:
a. Name: PBT-BAS-SNET-01
b. Subnet Type: Regional
c. IPV4CIDR Blocks: 10.01.0/24 d. Subnet Access: Private Subnet
e. Note: Leave all the other options in their default setting.
f. Click Create Subnet. You can see that the subnet has been created successfully.
Under Resources, click Service Gateways in the left navigation pane.
Click Create Service Gateway and enter the following details:
a. Name: PBT-BAS-SG-01
b. Services: All <region> Services in Oracle Services Network.
c. Click Create Service Gateway. You can see that the service gateway has been created successfully.
d. Click Close.
Under Resources, click Route Tables in the left navigation pane.
Click the Default Route Table from the list.
Click Add Route Rules and enter the following values:
a. Target Type: Service Gateway
b. Destination Service: All <region> Services in Oracle Services Network.
c. Target Service Gateway: PBT-BAS-SG-01
d. Description: Description for Service gateway route rule e. Click Add Route Rules
Which type of file system does file storage use?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
You want to include all instances in any of two or morecompartments, which syntax should you use for dynamic policy you want to create for "Prod" compartment and "SIT" compartment?
Prod OCID : 'JON.Prod'
SIT OCID : 'JON.SIT'
Prod OCID : 'JON.Prod'
SIT OCID : 'JON.SIT'
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
What information do youget by using the Network Visualizer tool?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
What is the configuration to avoid publishing messages during the specified time range known as?
정답: A
설명: (DumpTOP 회원만 볼 수 있음)
Which security issue CANNOT be identified using the Oracle Cloud Infrastructure (OCI) Vulnerability Scanning Service (VSS)? (Choose the best Answer.)
정답: C
Which statements are CORRECT about Security Zone policy in OCI ? Select TWO correct answers
정답: C,D
설명: (DumpTOP 회원만 볼 수 있음)
As a lead Security Architect, you have tasked to restrict access to and from the worker nodes in pods running in Oracle Container Engine for Kubernetes?
정답: C
설명: (DumpTOP 회원만 볼 수 있음)
In which two ways can you improve data durability in Oracle Cloud Infrastructure (OCI) Object Storage? (Choose two.)
정답: A,C