Which Oracle Cloud Infrastructure (OCI) service can be used to protect sensitive and regulated data in OCI database services?
Correct Answer: C
Oracle Data Safe is a unified control center for your Oracle databases which helps you understand the sensitivity of your data, evaluate risks to data, mask sensitive data, implement and monitor security controls, assess user security, monitor user activity, and address data security compliance requirements. Whether you're using an Autonomous Database or an Oracle DB system, Oracle Data Safe delivers essential data security capabilities as a service on Oracle Cloud Infrastructure. Features of Oracle Data Safe: Oracle Data Safe provides the following set of features for protecting sensitive and regulated data in Oracle Cloud databases, all in a single, easy-to-use management console: 1) Security Assessment helps you assess the security of your cloud database configurations. It analyzes database configurations, user accounts, and security controls, and then reports the findings with recommendations for remediation activities that follow best practices to reduce or mitigate risk. 2) User Assessment helps you assess the security of your database users and identify high risk users. It reviews information about your users in the data dictionary on your target databases, and calculates a risk score for each user. For example, it evaluates the user types, how users are authenticated, the password policies assigned to each user, and how long it has been since each user has changed their password. It also provides a direct link to audit records related to each user. With this information, you can then deploy appropriate security controls and policies. 3) Data Discovery helps you find sensitive data in your cloud databases. You tell Data Discovery what kind of sensitive data to search for, and it inspects the actual data in your database and its data dictionary, and then returns to you a list of sensitive columns. By default, Data Discovery can search for a wide variety of sensitive data pertaining to identification, biographic, IT, financial, healthcare, employment, and academic information. 4) Data Masking provides a way for you to mask sensitive data so that the data is safe for non-production purposes. For example, organizations often need to create copies of their production data to support development and test activities. Simply copying the production data exposes sensitive data to new users. To avoid a security risk, you can use Data Masking to replace the sensitive data with realistic, but fictitious data. 5) Activity Auditing lets you audit user activity on your databases so you can monitor database usage and be alerted of unusual database activities.
Question 7
Which capability can be used to protect against unexpected hardware or power supply failures within an availability domain?
Correct Answer: A
A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain contains three fault domains. Fault domains provide anti-affinity: they let you distribute your instances so that the instances are not on the same physical hardware within a single availability domain. A hardware failure or Compute hardware maintenance event that affects one fault domain does not affect instances in other fault domains. In addition, the physical hardware in a fault domain has independent and redundant power supplies, which prevents a failure in the power supply hardware within one fault domain from affecting other fault domains. Usually fault domains to do the following things: 1) Protect against unexpected hardware failures or power supply failures. 2) Protect against planned outages because of Compute hardware maintenance.
Question 8
You have an application that requires a shared file system. Which of the following services would you use?
Correct Answer: A
Oracle Cloud Infrastructure File Storage service provides a durable, scalable, secure, enterprise-grade network file system. You can connect to a File Storage service file system from any bare metal, virtual machine, or container instance in your Virtual Cloud Network (VCN). You can also access a file system from outside the VCN using Oracle Cloud Infrastructure FastConnect and Internet Protocol security (IPSec) virtual private network (VPN). Large Compute clusters of thousands of instances can use the File Storage service for high-performance shared storage. Storage provisioning is fully managed and automatic as your use scales from a single byte to exabytes without upfront provisioning. The File Storage service supports the Network File System version 3.0 (NFSv3) protocol. The service supports the Network Lock Manager (NLM) protocol for file locking functionality. Oracle Cloud Infrastructure File Storage employs 5-way replicated storage, located in different fault domains, to provide redundancy for resilient data protection. Data is protected with erasure encoding. The File Storage service uses the "eventual overwrite" method of data eradication. Files are created in the file system with a unique encryption key. When you delete a single file, its associated encryption key is eradicated, making the file inaccessible. When you delete an entire file system, the file system is marked as inaccessible. The service systematically traverses deleted files and file systems, frees all the used space, and eradicates all residual files. Use the File Storage service when your application or workload includes big data and analytics, media processing, or content management, and you require Portable Operating System Interface (POSIX)-compliant file system access semantics and concurrently accessible storage. The File Storage service is designed to meet the needs of applications and users that need an enterprise file system across a wide range of use cases, including the following:
Question 9
Which resource do you manage in an Infrastructure-as-a-services (IAAS) offering?
Correct Answer: A
Infrastructure as a service (IaaS) is a type of cloud service model in which computing resources are hosted in the cloud. Businesses can use the IaaS model to shift some or all of their use of on-premises or colocated data center infrastructure to the cloud, where it is owned and managed by a cloud provider. These infrastructure elements can include compute, network, and storage hardware as well as other components and software. How Does IaaS Work? In a typical IaaS model, a business-which can be of any size-consumes services like compute, storage, and databases from a cloud provider. The cloud provider offers those services by hosting hardware and software in the cloud. The business will no longer need to purchase and manage its own equipment, or space to host the equipment, and the cost will shift to a pay-as-you-go model. When the business needs less, it pays for less. And when it grows, it can provision additional computing resources and other technologies in minutes.
Question 10
Which of the following services can you control access to via IAM?
Correct Answer: C
Oracle Cloud Infrastructure Identity and Access Management (IAM) lets you control who has access to your cloud resources. You can control what type of access a group of users have and to which specific resources. This section gives you an overview of IAM components and an example scenario to help you understand how they work together.
