Security Associate

In which two ways can you improve data durability in Oracle Cloud Infrastructure Object Storage?. Setup volumes in a RAID1 configuration. Enable server-side encryption. Enable Versioning. Limit delete permissions. Enable client-side encryption.

What is the use case for Oracle Cloud Infrastructure Logging Analytics service?. Automate and manage any logs based on a subscription model. Label data packets that pass through the internet gateway. Monitor, aggregate. index, and analyze log data. Automatically create instances to collect logs, analyze, and send reports.

You are using a custom application with third-party APIS to manage application and data hosted in an -Oracle Cloud Infrastructure (OCI) tenancy. Although your third-party APIS don't support OCI's signature- based authentication, you want them to communicate with OCI resources. Which authentication option must you use to ensure this?. OCI username and Password. API Signing Key. Auth Token. SSH Key Pair with 2048-bit algorithm.

Which Oracle Data Safe feature minimizes the amount of personal data and allows internal test, development, and analytics teams to operate with reduced risk?. data auditing. data encryption. security assessment. data masking. data discovery.

You have configured the Management Agent on an Oracle Cloud Infrastructure (OCI) Linux instance for log ingestion purposes. Which is a required configuration for OCI Logging Analytics service to collect data from multiple logs of this Instance?. Log - Log Group Association. Entity - Log Association. Source - Entity Association. Log Group - Source Association.

You are part of security operations of an organization with thousands of users accessing Oracle Cloud Infrastructure (OCI). It was reported that an unknown user action was executed resulting in configuration errors. You are tasked to quickly identify the details of all users who were active in the last six hours along with any REST API calls that were executed. What OCI feature should you use?. ObjectCollectionRule. Management Agent Log Ingestion. Audit Analysis dashboard. Service Connector Hub.

Which Security Zone policy is NOT valid?. A boot volume can be moved from a security zone to a standard compartment. A compute instance cannot be moved from a security zone to a standard compartment. Resources in a security zone should not be accessible from the public internet. Resources in a security zone must be automatically backed up regularly.

Which two responsibilities will be on Oracle when you move your IT infrastructure to Oracle Cloud Infrastructure?. maintaining customer data. Strong IAM framework. Storage isolation. providing strong security lists. account access management.

Which statement about Oracle Cloud Infrastructure Multi-Factor Authentication (MFA) is NOT valid?. Users cannot disable MFA for themselves. An administrator can disable MFA for another user. A user can register only one device to use for MFA. Users must install a supported authenticator app on the mobile device they intend to register for MFA.

How can you limit access, to an Oracle Cloud Infrastructure Object Storage bucket, to only the users within the corporate network?. Create an Identity and Access Management policy and add a group that will contain all the internal computers. Create an Identity and Access Management policy and add network source that has the corporate network CIDRS. Create a Pre-Authenticated Request that limits the access to the corporate network CIDRS. Make the bucket private and limit the access using Security Lists.

How do you enable, server- side encryption in an Oracle Cloud Infrastructure (OCI) Object Storage bucket?. Upload your encryption key to the OCI vault and associate it with the bucket you want to encrypt. Uploading encrypted objects will enable the encryption in the bucket. Server-side encryption is enabled by default and requires no user action. Update the bucket's metadata value for encrypted bucket to "true".

As a cloud network administrator, you have been tasked with defining ingress and egress access rules for microservices deployed as functions in Oracle Functions. In addition to defining some general access rules in the subnet's security list, you have decided to define more fine-grained rules for different functions using Oracle Cloud Infrastructure (OCI) Network Security Groups (NSGS). Once the NSGS have been created, where are they to be attached in order to apply to a specific deployed function?. The function itself. The application hosting the function. The pod hosting the application. The function's docker container.

Pods running in your Oracle Container Engine for Kubernetes (OKE) cluster, often need to communicate with other pods in the cluster or with services outside the cluster. As the OKE cluster administrator, you have been tasked with configuring permissions to restrict pod-to-pod communications except as explicitly allowed. Where can you define these permissions?. Security Lists. RBAC Roles. Network Policies. IAM Policies.

What are the two items required to create a rule for the Oracle Cloud Infrastructure Events Service?. Service Connector. Actions. Rule Conditions. Management Agent Cloud Service. Install Key.

Your web application is protected, by the Web Application Firewall (WAF) service in Oracle Cloud Infrastructure. You want to block traffic originating, from a country where your company isn't allowed to do business. Where would you create, a WAF rule to block traffic from a specific country?. Origin Management. Access Control Rules. Cache Rules. Protection Rules. Bot Management.

Which two responsibilities must be taken care of by customer while managing a Web Application Firewall (WAF)?. Tune the WAF's access rules and bot management strategies according to web application traffic. Patch their WAF instance when Oracle makes fixes available. Onboard and configure the WAF policy for the web application. Import new OWASP Core Rule Sets as they are released. Provide High Availability for the WAF edge nodes.

What type of FastConnect supports configuring Oracle Cloud Infrastructure Site-to-Site VPN for encryption ?. FastConnect Private Peering. FastConnect Cross-Connect group. FastConnect Partner. FastConnect Public Peering.

Which Virtual Cloud Network (VCN) configuration within a region is valid to have successful local peering using a local peering gateway?. VCN1 with 10.0.0.0/16 and VCN2 with 192.168.0.0/16. vcN1 with 10.0.0.0/16 and VCN2 with 10.0.0.0/24. vcN1 with 192.168.0.0/24 and VCN2 with 192.168.0.0/24. VCN1 with 192.168.0.0/16 and VCN2 with 192.168.0.0/24. VCN1 with 10.0.0.0/16 and VCN2 with 10.0.0.0/16.

Which solution enables you to privately connect two Virtual Cloud Networks (VCNS) across different OCI regions without routing traffic over the public Internet?. Service Gateway. Remote Peering Connection. Internet Gateway. Local Peering Gateway.

When configuring inter- tenancy virtual cloud network (VCN) peering using local peering gateways (LPG), what OCID do you need from the other tenancy in order to properly configure the Requestor and Acceptor Identity Access Management (IAM) policies?. Tenancy OCID. Cornpartment OCID. Local Peering Gateway OCID. Local Peering Connection OCID. Virtual Cloud Network OCID.

Your company has implemented a new VPN connection policy, three months after you connected your on-premises network to Oracle Cloud Infrastructure. Your chief security officer has instructed you to edit the IPSec connection and replace the shared secrets with the new ones that he provided you. Where do you edit the shared secrets?. Individual tunnels. Customer Premises Equipment. IPSEC connection. Dynamic Routing Gateway.

Which value must an application have to retrieve a secret bundle from Oracle Cloud Infrastructure?. Vault OCID. Bundle OCID. Key OCID. Secret OCID.

Hardware Security Modules (HSMS) in Oracle Key Management meet which Federal Information Processing Standard (FIPS) standard security certification that requires HSMS to be temper- resistance and authentication to be identity based?. FIPS 140-3 Level 3. FIPS 140-2 Level 3. FIPS 140-1 Level. FIPS 140-2 Level 2.

You have created several Oracle Cloud Infrastructure Groups with the prefix of 'Test' in your tenancy. For example, TestEcommerce, Testcatalog, and TestAdministration. You want to create another group called TestGroupsAdmin to manage all the groups that start with "Test" except for the group TestAdministration. allow group TestGroupsAdmin to manage groups in tenancy where target.group.name%D/Test*/ && !(target.group.name = 'TestAdministration'). allow group TestGroupsAdmin to manage groups in tenancy where all {target.group.name = / Test*/.target.group.name != 'TestAdministration'}. allow group TestGroupsAdmin to manage groups in tenancy Where any {target.group.name = / Test* /,target.group.name l= 'TestAdministration}. allow group TestGroupsAdmin to manage groups in tenancy where target.group.name = /Test*/ and = 'TestAdministration').

Your company has hired a consulting firm to audit your Oracle Cloud Infrastructure activity and configuration. You have created a set of OCI Users who will be performing the audit. You assigned these Users to the OrgAuditgrp group. The auditors require the ability to see the configuration of all resources within the tenant. You have agreed to exempt the Dev compartment from the audit. You must follow the least privilege principle. Which IAM policy should be created to grant the orgAuditGrp the ability to look at configuration for all resources, except for those resources inside the Dev compartment?. allow group OrgAuditGrp to inspect all-resources in tenancy where target.compartment.name != 'Dev'. allow group OrgAuditGrp to read all-resources in tenancy where target.compartment.name != 'Dev'. allow group OrgAuditGrp to read all-resources in compartment !! = Dev. allow group OrgAuditGrp to inspect all-resources in compartment ! = Dev.

Which two services can leverage Vault symmetric encryption keys for data-at-rest?. Load Balancer. Block volume. API Gateway. Object Storage. CDN. WAF.

You want to enable Cloud Guard in your tenancy. Which is NOT a prerequisite?. Ensure that you have a paid tenancy. Add the required IAM policy for the user to access Cloud Guard. Install the monitoring agent on the instances you want to monitor. Create IAM policies that allow Cloud Guard to read Oracle Cloud Infrastructure (OCI) resources.

You have subscribed to a tenancy, in which you want to isolate the OCI resources from different users logically for governance. Which OCI resource will help you achieve logical separation?. Fault Domain. Availability Domain. Compartment. Dynamic Group. Group.

In OCI Secret management within a Vault, you have created a secret and rotated the secret one time. The current version state shows: Version Number | Status 2 (latest) | Current 1 | Previous In order to rollback to version 1, what should the Administrator do?. From the version 1 menu, select "Promote to Current". From the version 2 (latest) menu, select "Rollback..." and select version 1 when given the option. Deprecate version 2 (latest). Create new Secret Version 3. Create soft link from version 3 to version 1. Create a new secret version 3 and set top ding. Copy the contents of Version 1 into version 3.

Which three resources are required to encrypt a Block Volume with a Customer-managed key?. Symmetric Master Enctyption Key. IAM Policy allowing service blockstorage to use keys. a Vault. a Secret. Maximum Security Zone. Block Key.