Question 1

What are the security recommendations and best practices for Oracle Functions?
A. Ensure that functions in a VCN have restricted access to resources and services.
B. Define a policy statement that enables access to functions for requests coming from
multiple IP addresses. C. Grant privileges to UID and GID 1000, such that the functions
running within a container acquire the default root capabilities. D. Add applications to
network security groups for fine-grained ingress/egress rules.
Correct Answer: D

Question 2
A number of malicious requests for a web application is coming from a set of IP
addresses originating from Antartic a.
Which of the following statement will help to reduce these types of unauthorized
requests ?
A. Use WAF policy using Access Control Rules B. List specific set of IP addresses then
deny rules in Virtual Cloud Network Security Lists C. Delete NAT Gateway from Virtual Cloud
Network D. Change your home region in which your resources are currently deployed
Correct Answer: A

Question 3
When does Cloud Guard re-open an issue and update the history?
A. If it detects an issue again for an Open (unresolved) problem B. If it detects an issue
for a previously resolved/dismissed activity problem C. If it detects an issue for a previously
resolved configuration problem D. If it detects an issue for a previously dismissed
configuration problem
Correct Answer: C

Question 4
As a security administrator, you found out that there are users outside your co network
who are accessing OCI Object Storage Bucket. How can you prevent these users from
accessing OCI resources in corporate network?
A. Create an 1AM policy and add a network source B. Create PAR to restrict access the
access C. Make OCI resources private instead of public D. Create an 1AM policy and
create WAF rules
Correct Answer: A

Question 5
Which statement is true about standards?
A. They are the foundation of corporate governance. B. They may be audited.
C. They are methods and instructions on how to maintain or accomplish the directives of the
policy. D. They are result of a regulation or contractual requirement or an industry
requirement.
Correct Answer: D
Question 6
Which components are a part of the OCI Identity and Access Management service?
A. Regional subnets B. Policies C. Compute instances D. VCN
Correct Answer: B

Question 7
Which parameters customers need to configure while reading secrets by name using CL1
or API? Select TWO correct answers.
A. Certificates B. Secret Name C. ASCII Value D. Vault Id
Correct Answer: B,D

Question 8
A member of operations team has set Pre-Authenticated Request (PAR) associated with
a bucket to an incorrect date and now wants to edit the PAR request. How can this be
achieved?
A. Delete the PAR and recreate it with the required date B. Don't set an expiration time
for PAR C. Delete the bucket associated with PAR and recreate it D. Delete both PAR as
well as the bucket then recreate both
Correct Answer: A

Explanation: (Only visible for ExamsLabs members)

Question 9
Which resources can be used to create and manage from Vault Service ? Select TWO
correct answers
A. Keys B. Cloud Guard C. Secret D. IAM
Correct Answer: A,C

Explanation: (Only visible for ExamsLabs members)

Question 10
you are part of security operation of an organization with thousand of your users
accessing Oracle cloud infrastructure it was reported that an unknown user action was
executed resulting in configuration error you are tasked to quickly identify the details
of all users who were active in the last six hours also with any rest API call that were
executed. Which oci feature should you use?
A. audit analysis dashboard B. objectcollectionrule C. management agent log
integration D. service connector hub
Correct Answer: A

Question 11
As a Security Admin you want to inspect the metadata and actual data in your Oracle
databases to discover sensitive data and provide comprehensive results listing the
sensitive columns and related information. Which Data Safe feature will help you to
achieve the above requirement ?
 A. Data Masking B. Data Discovery C. Security Assessment D. User Assessment
Correct Answer: B

Question 12
You have configured the Management Agent on an Oracle Cloud Infrastructure (OCI)
Linux instance for log ingestion purposes.
Which is a required configuration for OCI Logging Analytics service to collect data from
multiple logs of this Instance?
A. Log - Log Group Association B. Entity - Log Association C. Source - Entity
Association D. Log Group - Source Association
Correct Answer: C

Question 13
Oracle Object Storage achieves data durability by which of the mechanisms ? Select
TWO correct answers
A. Service Gateway B. Redundant Storage across availability domains C. Redundant
Array of Independent Disks D. Object Versioning
Correct Answer: B,D

Question 14
Where is sensitive configuration data (like certificates, and credentials) is stored by
Kubernetes cluster control plane?
A. Block Volume B. ETCD C. Oracle Functions D. Boot Volume
Correct Answer: B

Question 15
How can you restrict access to OCI console from unknown IP addresses?
A. Create tenancy's authentication policy and create WAF rules B. Create tenancy's
authentication policy and add a network source C. Make OCI resources private instead of
public D. Create PAR to restrict access the access
Correct Answer: B

Question 16
you want to create a stateless rule for SSH in security list and the ingress role has
already been properly configured what combination should you use on the engress role
what commination should you use on the egress rule?
A. select udp for protocol: enter 22 for source port" and all for destination port B. select
tcp for protocol: enter 22 for source port" and 22 for destination port C. select tcp for
protocol: enter all for source port" and 22 for destination port. D. select tcp for protocol:
enter 22 for source port" and all for destination port
Correct Answer: C
Question 17
your company has hired a consulting firm to audit your oracle cloud infrastructure
activity and configuration you have created a set of users who will be performing the
audit, you assigned these user to the orgauditgrp group. the auditor required the ability
to see the configuration of all resources within tenant and you have agreed to exempt
the dev compartment from the audit.
which IAM policy should be created to grant the orgauditgrp the ability to look at
configuration for all resources except for those resources inside the dev compartment?
A. allow group orgauditgrp to read all-resources in tenancy where
target.compartment.name !=dev B. allow group orgauditgrp to read all-resources in
compartment !=dev C. allow group orgauditgrp to inspect all-resources in tenancy where
target compartment.name !=dev D. allow group orgauditgrp to inspect all-resources in
compartment !=dev
Correct Answer: C

Question 18
A company needs to have some buckets as public in the compartment. You want Cloud
Guard to ignore the problem associated with public bucket. Select TWO correct answers
A. Dismiss the issues associated with these resources B. Make the bucket private so
that Cloud Guard won't detect it C. Configure Conditional groups for the detector to fix
base line D. First make the bucket private and after few days make the bucket public again
Correct Answer: A,C

Question 19
Logical isolation for resources is provided by which OCI feature?
A. Tenancy B. Region C. Compartments D. Availability Zone
Correct Answer: C

Question 20
What information do you get by using the Network Visualizer tool?
A. State of subnets in a VCN B. Interconnectivity of VCNs C. Routes defined between
subnets and gateways D. Organization of subnets and VLANs across availability domains
Correct Answer: B