1z0-1104-25 Oracle Cloud Infrastructure 2025 Security Professional Questions and Answers

Questions 4

Challenge 2

In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.

As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.

Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

1z0-1104-25 Question 4

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

Task 5: Provision a Compute Instance

Provision a compute instance in the IAD-SP-PBT-PUBSNET-01 public subnet, where:

Name IAD-SP-PBT-1-VM-01

image: Oracle Linux 8

Shape VM: Standard, A1, Flex

Enter the OCID of the created compute instance in the text box below.

Options:

Buy Now

Answer:

See the solution below in Explanation.

Explanation:

To provision a compute instance named IAD-SP-PBT-1-VM-01 in the IAD-SP-PBT-PUBSNET-01 public subnet with the specified configuration (Oracle Linux 8 image, VM Standard A1 Flex shape), follow these steps based on the Oracle Cloud Infrastructure (OCI) Compute documentation.

Step-by-Step Solution for Task 5: Provision a Compute Instance

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.com ).

Ensure you have access to the assigned compartment.

Navigate to Compute Instances:

From the OCI Console, click the navigation menu (hamburger icon) on the top left.

UnderCompute, selectInstances.

Create a New Compute Instance:

Click theCreate Instancebutton.

Configure the Instance Details:

Name:Enter IAD-SP-PBT-1-VM-01.

Compartment:Select the assigned compartment.

Placement:Choose the availability domain (e.g., AD-1) based on your region’s availability.

Select the Image:

UnderImage and Shape, clickChange Image.

SelectOracle Linux 8from the platform images list.

ClickSelect Image.

Choose the Shape:

ClickChange Shape.

SelectVM Standardcategory.

ChooseA1 Flexfrom the shape options.

Configure the OCPUs (e.g., 1 OCPU) and memory (e.g., 6 GB) as needed for A1 Flex, then clickSelect Shape.

Configure Networking:

UnderNetworking, ensure theVirtual Cloud Networkis set to IAD-SP-PBT-VCN-01.

Set theSubnetto IAD-SP-PBT-PUBSNET-01 (public subnet with CIDR 10.0.1.0/24).

EnableAssign a public IPv4 addressto allow external connectivity.

Leave the default security list or assign a custom one if configured previously.

Set Up SSH Access:

UnderAdd SSH Keys, either:

Upload your public SSH key file, or

Paste your public SSH key manually.

This ensures you can access the instance via SSH.

Launch the Instance:

ClickCreateto provision the compute instance.

Wait for the instance to reach theRunningstate (this may take a few minutes).

Note the Instance OCID:

Once the instance is running, go to the instance details page for IAD-SP-PBT-1-VM-01.

Copy theOCIDdisplayed (e.g., ocid1.instance.oc1..).

OCID of the Created Compute Instance

Enter the OCID of the created compute instance (IAD-SP-PBT-1-VM-01) into the text box. The exact OCID will be available after Step 9 (e.g., ocid1.instance.oc1..).

Notes

Ensure the security zone IAD_SAP-PBT-CSZ-01 and its associated recipe IAD-SP-PBT-CSP-01 allow compute instance creation in the public subnet (10.0.1.0/24).

Verify network connectivity by testing SSH access using the public IP assigned to the instance.

Questions 5

"Your company is building a highly available and secure web application on OCI. Because of increasing malicious web-based attacks, the security team has mandated that web servers should not be exposed directly to the Internet.

How should you architect the solution while ensuring fault tolerance and security?

Options:

Deploy at least three web servers in different fault domains within a public subnet, each with a public IP address. Deploy Web Application Firewall (WAF), and configure an origin for each public IP.

Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet, but skip WAF configuration.

Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet and configure a back-end set for all web servers. Deploy Web Application Firewall (WAF) and set the load balancer public IP address as the origin.

Deploy at least three web servers in different fault domains within a public subnet. Use OCI Traffic Management service for DNS-based load balancing."

Buy Now

Questions 6

Challenge 2 -Task 1

Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

1z0-1104-25 Question 6

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

Task3: Create and configure a Virtual Cloud Network and Private Subnet

Createand configure virtual cloud Network (VCN) named IAD SP-PBT-VCN-01, with an internet Gateway and configure appropriate route rules to allow external connectivity.

Enter the OCID of the created VCN in the text box below.

Options:

Buy Now

Answer:

See the solution below in Explanation.

Explanation:

To create and configure a Virtual Cloud Network (VCN) named IAD-SP-PBT-VCN-01 with an Internet Gateway and appropriate route rules for external connectivity, follow these steps based on the Oracle Cloud Infrastructure (OCI) Networking documentation.

Step-by-Step Solution for Task 3: Create and Configure a VCN and Private Subnet

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.com ).

Ensure you have access to the assigned compartment.

Navigate to Virtual Cloud Networks:

From the OCI Console, click the navigation menu (hamburger icon) on the top left.

UnderNetworking, selectVirtual Cloud Networks.

Create a New VCN:

ClickStart VCN Wizardand selectCreate VCN with Internet Connectivity.

VCN Name:Enter IAD-SP-PBT-VCN-01.

Compartment:Select the assigned compartment.

VCN CIDR Block:Enter 10.0.0.0/16 (matches the diagram's VCN CIDR).

Public Subnet CIDR Block:Enter 10.0.10.0/24 (matches the diagram's public subnet).

Accept the default settingsfor the public subnet and Internet Gateway creation.

ClickCreateto provision the VCN, Internet Gateway, and public subnet.

Verify the Internet Gateway:

After creation, go to the VCN details page for IAD-SP-PBT-VCN-01.

UnderResources, selectInternet Gateways.

Ensure the Internet Gateway is attached and enabled.

Configure Route Rules:

In the VCN details page, underResources, selectRoute Tables.

Select the default route table associated with the public subnet (10.0.10.0/24).

ClickAdd Route Rules.

Target Type:SelectInternet Gateway.

Destination CIDR Block:Enter 0.0.0.0/0.

Target Internet Gateway:Select the Internet Gateway created with the VCN.

ClickAdd Route Ruleto save.

Update Security List (if needed):

UnderResources, selectSecurity Lists.

Edit the default security list for the public subnet.

Add an ingress rule:

Source CIDR:0.0.0.0/0

IP Protocol:TCP

Source Port Range:All

Destination Port Range:22 (for SSH) or as required by your application.

Add an egress rule:

Destination CIDR:0.0.0.0/0

IP Protocol:All

Save the changes.

Note the VCN OCID:

Return to the VCN details page for IAD-SP-PBT-VCN-01.

Copy theOCIDdisplayed (e.g., ocid1.vcn.oc1..).

OCID of the Created VCN

Enter the OCID of the created VCN (IAD-SP-PBT-VCN-01) into the text box. The exact OCID will be available after Step 3 (e.g., ocid1.vcn.oc1..).

Questions 7

You have created a compartment TEST in your subscribed tenancy. Then, you created two groups, test1 and test2, and want the users in these groups to be able to manage all the resources in the TEST compartment.

Which policy would you use to achieve this?

Options:

Allow group/test*/to manage all resources in compartment test.

Allow group test1, test2 to manage all resources in compartment test.

Allow any-user to manage all resources in compartment test where any {request.groups.test1, test2}

Allow any-user to manage all resources in compartment test where request.group='test*'

Buy Now

Questions 8

A company is securing its compute instances (VMs and Bare Metal Machines) in Oracle Cloud infrastructure (OCI) using a network firewall. As shown in the diagram, traffic flows from the internet Gateway (IGW) to the firewall in the Public DMZ Subnet, and then to the compute instances in the Public Subnet.

1z0-1104-25 Question 8

When configuring security lists and network security groups (NSGs) in this setup, what should they consider?

Options:

If the policy used with the firewall has no rules specified, the firewall allows all traffic.

Ensure that any security list or NSG rules allow the traffic to enter the firewall for appropriate evaluation.

Add stateful rules to the security list attached to the firewall subnet or include the firewall in an NSG containing stateful rules for better performance.

Security list and NSG rules associated with the firewall subnet and VNICs are evaluated after the firewall.

Buy Now

Questions 9

An E-commerce company running on Oracle Cloud Infrastructure (OCI) wants to prevent accidental misconfigurations that could expose sensitive data. They need an OCI service that can enforce predefined security rules when creating or modifying cloud resources.

Which OCI service should they use?

Options:

OCI Web Application Firewall (WAF)

OCI Identity and Access Management (IAM)

OCI Security Zone

OCI Certificates

Buy Now

Questions 10

An OCI administrator notices that a compute instance running in the production compartment is unable to create Object Storage buckets using the OCI CLI command:

oci os bucket create --name mybucket --compartment-id --auth instance_principal

The error message returned states:

"NotAuthorizedOrNotFound: You are not authorized to perform this action."

The administrator verifies that the instance has Internet access and can reach OCI endpoints.

What then could be causing the issue?

Options:

The instance is using the wrong OCI CLI authentication method.

The bucket name is already in use, causing a conflict.

The policy is written at the root compartment instead of the production compartment.

The instance is not part of any Dynamic Group or the matching rule is incorrect.

Buy Now

Exam Code: 1z0-1104-25

Exam Name: Oracle Cloud Infrastructure 2025 Security Professional

Last Update: Jun 13, 2025

Questions: 36

PDF + Testing Engine

$57.75 ~~$164.99~~

Testing Engine

$43.75 ~~$124.99~~

PDF (Q&A)

$36.75 ~~$104.99~~

Weekend Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

marks4sure logo

Navigation:

1z0-1104-25 Oracle Cloud Infrastructure 2025 Security Professional Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

PDF + Testing Engine

Testing Engine

PDF (Q&A)

Quick Links

Why Us

Unlimited Packages

Marks4sure

Site Secure