Oracle 1z0-1104-25 today updated questions - Verified by Oracle Experts

Oracle Cloud Infrastructure 2025 Security Professional Questions and Answers

Question 1

Task 2: Create a Compute Instance and Install the Web Server

Create a compute instance, where:

Name: PBT-CERT-VM-01

Image: Oracle Linux 8

Shape: VM.Standard.A1.Flex

Subnet: Compute-Subnet-PBT-CERT

Install and configure Apache web server:

Install Apache

sudo yum -y install httpd

Enable and start Apache

sudo systemctl enable httpd

sudo systemctl restart httpd

2. Install and configure Apache web server:

a. Install Apache

sudo yum -y install httpd

b. Enable and start Apache

sudo systemctl enable httpd

sudo systemctl restart httpd

c. Configure firewall to allow HTTP traffic (port 80)

sudo firewall-cmd --permanent --add-port=80/tcp

sudo firewall-cmd --reload

d. Create an index.html file

sudo bash -c 'echo You are visiting Web Server 1 >> /var/www/html/index.html'

Enter the OCID of the created compute instance PBT-CERT-VM-01 in the text box below.

Options:

Answer:

See the solution below in Explanation.

Explanation:

Task 2: Create a Compute Instance and Install the Web Server

Step 1: Create the Compute Instance

Navigate toCompute>Instances.

ClickCreate Instance.

Enter the following details:

Name: PBT-CERT-VM-01

Compartment: Select your assigned compartment.

Placement: Leave as default or select an availability domain (e.g., Availability Domain 1).

Image: ClickChange Image, selectOracle Linux 8, and confirm.

Shape: ClickChange Shape, selectVM.Standard.A1.Flex, and configure:

OCPUs: 1 (or adjust as needed)

Memory: 6 GB (or adjust as needed)

Networking:

Virtual Cloud Network: Select PBT-CERT-VCN-01.

Subnet: Select Compute-Subnet-PBT-CERT.

Leave public IP assignment enabled for internet access.

SSH Key: Provide your public SSH key (upload or paste) for secure access.

ClickCreateand wait for the instance to be provisioned.

Step 2: Connect to the Compute Instance

Once the instance is created, note thePublic IP Addressfrom the instance details page.

Use an SSH client to connect:

Command: ssh -i opc@

Replace with your private key path and with the instance’s public IP.

Step 3: Install and Configure Apache Web Server

Install Apache:

Run: sudo yum -y install httpd

Enable and Start Apache:

Run: sudo systemctl enable httpd

Run: sudo systemctl restart httpd

Configure Firewall to Allow HTTP Traffic (Port 80):

Run: sudo firewall-cmd --permanent --add-port=80/tcp

Run: sudo firewall-cmd --reload

Create an index.html File:

Run: sudo bash -c 'echo "You are visiting Web Server 1" >> /var/www/html/index.html'

Step 4: Verify the Configuration

Open a web browser and enter http:// to ensure the page displays "You are visiting Web Server 1".

If needed, troubleshoot by checking Apache status: sudo systemctl status httpd.

Step 5: Retrieve and Enter the OCID

Go to the instance details page for PBT-CERT-VM-01 underCompute>Instances.

Copy theOCID(a long string starting with ocid1.instance., unique to your tenancy).

Enter the copied OCID exactly as it appears into the text box provided.

Notes

These steps are based on OCI Compute documentation and Oracle Linux 8 setup guides.

Ensure the security list PBT-CERT-CS-SL-01 allows inbound traffic on port 22 (SSH) and port 80 (HTTP) if not already configured.

The OCID will be unique to your instance; obtain it from the OCI Console after creation

Question 2

Challenge 2 -Task 1

In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.

As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.

Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

Task 1: Create a Custom Security Zone Recipe

Create a Custom Security Zone Recipe named IAD-SP-PBT-CSP-01 that allows the provisioning of compute instances in the public subnet.

Enter the OCID of the created custom security zone recipe in the text box below.

Options:

Answer:

See the solution below in Explanation.

Explanation:

To create a Custom Security Zone Recipe named IAD-SP-PBT-CSP-01 that allows the provisioning of compute instances in a public subnet, we will follow the steps outlined in the Oracle Cloud Infrastructure (OCI) Security Zones documentation. These steps are based on verified procedures from the OCI Security Zone Guide and related resources.

Step-by-Step Solution for Task 1: Create a Custom Security Zone Recipe

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.com ).

Ensure you have access to the assigned compartment provided in the tenancy.

Navigate to Security Zones:

From the OCI Console, go to the navigation menu (hamburger icon) on the top left.

UnderGovernance and Administration, selectSecurity Zones.

Create a New Security Zone Recipe:

In the Security Zones dashboard, click on theRecipestab.

Click theCreate Recipebutton.

Configure the Recipe Details:

Name:Enter IAD-SP-PBT-CSP-01.

Description:(Optional) Add a description, e.g., "Custom recipe to allow compute instances in public subnet."

Leave theCompartmentas the assigned compartment provided.

Define the Security Zone Policy:

In the policy editor, start with a base policy. Since the Maximum Security Zone recipe restricts public subnet usage, you need to customize it.

Add the following policy statement to allow compute instances in a public subnet:

Allow service compute to use virtual-network-family in compartment where ALL {

target.resource.type = 'Instance',

target.vcn.cidr_block = '10.0.0.0/16',

target.subnet.cidr_block = '10.0.10.0/24'

}

Replace with the name of your assigned compartment.

This policy allows the Compute service to provision instances in the public subnet (10.0.10.0/24) within the VCN (10.0.0.0/16).

Adjust Restrictions:

Ensure the recipe does not inherit the Maximum Security Zone recipe's default restrictions that block public subnet usage. Explicitly allow the public subnet by including the subnet CIDR block (10.0.10.0/24) in the policy.

Remove or modify any conflicting default rules that prohibit public subnet usage (e.g., rules blocking internet access or public IP assignment).

Save the Recipe:

ClickCreateto save the custom security zone recipe.

Once created, note theOCIDof the recipe from the recipe details page. The OCID will be a unique identifier starting with ocid1.securityzonerecipe.

Verify the Recipe:

Go to theRecipestab and locate IAD-SP-PBT-CSP-01.

Ensure the policy reflects the allowance for compute instances in the public subnet by reviewing the policy statement.

OCID of the Created Custom Security Zone Recipe

The exact OCID will be generated upon creation (e.g., ocid1.securityzonerecipe.oc1..unique_string). Please enter the OCID displayed in the OCI Console after completing Step 7.

Notes

Ensure IAM policies are correctly configured to grant you permissions to create and manage security zone recipes in the compartment.

The policy assumes the public subnet CIDR (10.0.10.0/24) matches the diagram. Adjust if the actual subnet CIDR differs.

Test the recipe by associating it with a security zone and attempting to launch a compute instance to confirm compliance.

Question 3

Task 3: Create a Master Encryption Key

Note: OCI Vault to store the key required by this task is created in the root compartment as PBI_Vault_SP

Create an RSA Master Encryption Key (MEK), where:

Key name: PBT-CERT-MEK-01-

For example, if your username is 99008677-lab.user01, then the MEK name should be PBT-CERT-MEK-01990086771abuser01

Ensure you eliminate special characters from the user name.

Key shape: 4096 bits

Enter the OCID of the Master Encryption Key created in the provided text box:

Options:

Answer:

See the solution below in Explanation.

Explanation:

Task 3: Create a Master Encryption Key

Step 1: Access the OCI Vault

Navigate toIdentity & Security>Vault.

Select the root compartment.

Locate and click on the vault named PBI_Vault_SP.

Step 2: Create the Master Encryption Key

In the PBI_Vault_SP vault details page, underResources, clickKeys.

ClickCreate Key.

Enter the following details:

Name: Replace with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-MEK-0199008677labuser01).

Key Shape: SelectRSAwith4096 bits.

Protection Mode: SelectHSM(Hardware Security Module) if available, orSoftwareif HSM is not required (based on vault capabilities).

Compartment: Ensure it’s set to the root compartment (where PBI_Vault_SP resides).

Leave other settings (e.g., key usage) as default unless specified.

ClickCreate Keyand wait for the key to be generated.

Step 3: Retrieve and Enter the OCID

After the key is created, go to theKeyssection under PBI_Vault_SP.

Click on the key named PBT-CERT-MEK-01 (e.g., PBT-CERT-MEK-0199008677labuser01).

Copy theOCID(a long string starting with ocid1.key., unique to your tenancy) from the key details page.

Enter the copied OCID exactly as it appears into the provided text box.

Task 4: Create a Certificate Authority (CA)

Create a certificate authority, where:

CA name: PBT-CERT-CA-01-

For example, if your username is 99008677-lab.user01, then the certificate authority name should be PBT-CERT-CA-01990086771abuser01

Ensure you eliminate special characters from the user name.

Common name: PBT-CERT-OCICA-01

Master Encryption Key: PBT-CERT-MEK-01 (created in the previous task)

Answer: See the solution below in Explanation.

Task 4: Create a Certificate Authority (CA)

Step 1: Access the OCI Vault

Navigate toIdentity & Security>Vault.

Select the root compartment.

Locate and click on the vault named PBI_Vault_SP.

Step 2: Create the Certificate Authority

In the PBI_Vault_SP vault details page, underResources, clickCertificate Authorities.

ClickCreate Certificate Authority.

Enter the following details:

Name: Replace with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-CA-0199008677labuser01).

Common Name: Enter PBT-CERT-OCICA-01.

Master Encryption Key: Select the PBT-CERT-MEK-01 key created in Task 3 (e.g., PBT-CERT-MEK-0199008677labuser01).

Subject: Leave as default or adjust (e.g., Organization, Country) if required by your setup.

Validity Period: Set as needed (e.g., 10 years), or use the default.

Compartment: Ensure it’s set to the root compartment.

ClickCreate Certificate Authorityand wait for the CA to be provisioned.

Step 3: Verify the Certificate Authority

After creation, go to theCertificate Authoritiessection under PBI_Vault_SP.

Confirm the CA PBT-CERT-CA-01 (e.g., PBT-CERT-CA-0199008677labuser01) is listed and its status is active.

Question 4

Challenge 1 - Task 1

Integrate TLS Certificate Issued by the OCI Certificates Service with Load Balancer

You are a cloud engineer at a tech company that is migrating its services to Oracle Cloud Infrastructure (OCI). You are required to set up secure communication for your web application using OCI's Certificate service. You need to create a Certificate Authority (CA), issue a TLS/SSL server certificate, and configure a load balancer to use this certificate to ensure encrypted traffic between clients and the backend servers.

Review the architecture diagram, which outlines the resources you'll need to address the requirement.

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

OCI Vault to store the secret required by the program, which is created in the root compartment as PBI_Vault_SP

Task 1: Create and Configure a Virtual Cloud Network (VCN)

Create a Virtual Cloud Network (VCN) namedPBT-CERT-VCN-01with the following specifications:

VCN with a CIDR block of 10.0.0.0/16

Subnet 1 (Compute Instance):

Name:Compute-Subnet-PBT-CERT

CIDR Block:10.0.1.0/24

Subnet 2 (Load Balancer):

Name:LB-Subnet-PBT-CERT-SNET-02

CIDR Block:10.0.2.0/24

Internet Gatewayfor external connectivity

Route table and security lists:

Security List namedPBT-CERT-CS-SL-01for Subnet 1 (Compute-Subnet-PBT-CERT) to allow SSH (port 22) traffic

Security List namedPBT-CERT-LB-SL-01for Subnet 2 (LB-Subnet-PBT-CERT) to allow HTTPS (port 443) traffic

"Enter the OCID of the created VCN in the text box below.

Options:

Answer:

See the solution below in Explanation.

Explanation:

Challenge 1: Integrate TLS Certificate Issued by the OCI Certificates Service with Load Balancer

Task 1: Create and Configure a Virtual Cloud Network (VCN)

Step 1: Create the Virtual Cloud Network (VCN)

Navigate toNetworking>Virtual Cloud Networks.

ClickCreate Virtual Cloud Network.

SelectVCN with Internet Connectivity(to include an Internet Gateway by default).

Enter the following details:

Name: PBT-CERT-VCN-01

Compartment: Select your assigned compartment.

VCN CIDR Block: 10.0.0.0/16

Leave other settings as default (e.g., create a new public subnet and route table).

ClickCreate Virtual Cloud Network. Wait for the VCN to be created.

Step 2: Create Subnet 1 (Compute-Subnet-PBT-CERT)

In the VCN details page for PBT-CERT-VCN-01, clickSubnetsunderResources.

ClickCreate Subnet.

Enter the following details:

Name: Compute-Subnet-PBT-CERT

Subnet Type: Regional

CIDR Block: 10.0.1.0/24

Route Table: Select the default route table created with the VCN.

Subnet Access: Public Subnet (to allow internet access).

DNS Resolution: Enabled.

ClickCreate.

Step 3: Create Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)

In the VCN details page, clickSubnetsunderResources.

ClickCreate Subnet.

Enter the following details:

Name: LB-Subnet-PBT-CERT-SNET-02

Subnet Type: Regional

CIDR Block: 10.0.2.0/24

Route Table: Select the default route table created with the VCN.

Subnet Access: Public Subnet (to allow internet access for the load balancer).

DNS Resolution: Enabled.

ClickCreate.

Step 4: Verify Internet Gateway

In the VCN details page, underResources, clickInternet Gateways.

Ensure an Internet Gateway is listed and attached to PBT-CERT-VCN-01. If not created, clickCreate Internet Gateway, name it (e.g., PBT-CERT-IGW), and attach it.

Step 5: Configure Route Table

In the VCN details page, underResources, clickRoute Tables.

Select the default route table or create a new one named PBT-CERT-RT-01.

ClickAdd Route Rule. 4 -Destination CIDR Block: 0.0.0.0/0

Target Type: Internet Gateway

Target: Select the Internet Gateway created (e.g., PBT-CERT-IGW).

ClickAdd Route Ruleand save.

Step 6: Create Security List for Subnet 1 (Compute-Subnet-PBT-CERT)

In the VCN details page, underResources, clickSecurity Lists.

ClickCreate Security List.

Enter the following:

Name: PBT-CERT-CS-SL-01

Compartment: Your assigned compartment.

Add the following ingress rule:

Source CIDR: 0.0.0.0/0 (allow from any source, adjust as per security needs)

IP Protocol: TCP

Source Port Range: All

Destination Port Range: 22 (for SSH)

Allows: Traffic

ClickCreate.

Step 7: Create Security List for Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)

In the VCN details page, underResources, clickSecurity Lists.

ClickCreate Security List.

Enter the following:

Name: PBT-CERT-LB-SL-01

Compartment: Your assigned compartment.

Add the following ingress rule:

Source CIDR: 0.0.0.0/0 (allow from any source, adjust as per security needs)

IP Protocol: TCP

Source Port Range: All

Destination Port Range: 443 (for HTTPS)

Allows: Traffic

ClickCreate.

Step 8: Retrieve and Enter VCN OCID

Go to the VCN details page for PBT-CERT-VCN-01.

Copy theOCIDfrom the VCN information section.

Enter the OCID in the provided text box.

Question 5

Challenge 2 -Task 1

Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

Task 2: Create a Security Zone

Create a security Zone named IAD_SAP-PBT-CSZ-01 in your assigned compartement and associate it with the Custom Security Zone Recipe (IAD-SAP-PBT-CSP-01) created in the previous task.

Enter the OCID of the created Security zone in the box below.

Options:

Answer:

See the solution below in Explanation.

Explanation:

To create a Security Zone named IAD_SAP-PBT-CSZ-01 in your assigned compartment and associate it with the Custom Security Zone Recipe IAD-SP-PBT-CSP-01 created in the previous task, follow these steps based on the Oracle Cloud Infrastructure (OCI) Security Zones documentation.

Step-by-Step Solution for Task 2: Create a Security Zone

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.com ).

Ensure you have access to the assigned compartment.

Navigate to Security Zones:

From the OCI Console, click the navigation menu (hamburger icon) on the top left.

UnderGovernance and Administration, selectSecurity Zones.

Create a New Security Zone:

In the Security Zones dashboard, click theCreate Security Zonebutton.

Configure the Security Zone Details:

Name:Enter IAD_SAP-PBT-CSZ-01.

Compartment:Select the assigned compartment provided.

Description:(Optional) Add a description, e.g., "Security Zone for public subnet compute instances."

Associate the Custom Security Zone Recipe:

In theRecipesection, select the custom recipe IAD-SP-PBT-CSP-01 created in Task 1 from the dropdown list.

Ensure the recipe is correctly associated to enforce the policy allowing compute instances in the public subnet.

Define the Security Zone Scope:

UnderResources to Protect, select the compartment or specific resources (e.g., the VCN with CIDR 10.0.0.0/16 and public subnet 10.0.10.0/24) to apply the security zone.

Check the box to include all resources in the selected compartment if applicable.

Create the Security Zone:

ClickCreateto finalize the security zone creation.

Once created, note theOCIDof the security zone from the security zone details page. The OCID will be a unique identifier starting with ocid1.securityzone.

Verify the Security Zone:

Go to theSecurity Zonestab and locate IAD_SAP-PBT-CSZ-01.

Confirm the associated recipe (IAD-SP-PBT-CSP-01) and the applied policies.

OCID of the Created Security Zone

The exact OCID will be generated upon creation (e.g., ocid1.securityzone.oc1..). Please enter the OCID displayed in the OCI Console after completing Step 7.

Question 6

You have created a compartment TEST in your subscribed tenancy. Then, you created two groups, test1 and test2, and want the users in these groups to be able to manage all the resources in the TEST compartment.

Which policy would you use to achieve this?

Options:

Allow group/test*/to manage all resources in compartment test.

Allow group test1, test2 to manage all resources in compartment test.

Allow any-user to manage all resources in compartment test where any {request.groups.test1, test2}

Allow any-user to manage all resources in compartment test where request.group='test*'

Question 7

When trying to encrypt plaintext using Command Line Interface (CLI), the developer gets a Service Error. This is the command the developer tried to run:

What is the reason for this error?

Options:

The developer forgot to specify the region.

The user should pass the key version OCID instead of the key OCID.

The developer has the wrong endpoint.

The plaintext needs to be in JSON form.

Question 8

You are a security architect at your organization and have noticed an increase in cyberattacks on your applications, including Cross-Site Scripting (XSS) and SQL Injection. To mitigate these threats, you decide to use OCI Web Application Firewall (WAF).

Which type of OCI WAF rule should you configure to protect against these attacks?

Options:

Access control rule

Protection rule

Rate Limiting rule

Encryption rule

Question 9

"A company, ABC, is planning to launch a new web application on OCI. Based on past experiences, they expect a significant surge in traffic after the launch. You are responsible for ensuring that the application is highly available.

Which step would you perform to achieve this goal?

Options:

Use a Virtual Cloud Network (VCN) with subnets, security lists, and routing rules to isolate the web application from the Internet and other resources.

Implement security controls, such as web application firewalls, to protect against common attack vectors.

Configure Cloud Guard to prevent large amounts of traffic from reaching the web application.

Use a load balancer to distribute incoming traffic evenly across multiple instances of the web application."

Question 10

"You are part of the security operations of an organization with thousands of users accessing Oracle Cloud Infrastructure (OCI). It is reported that an unknown user action was executed resulting in configuration errors. You are tasked with identifying the details of all users who were active in the last six hours along with any REST API calls that were executed.

Which OCI feature should you use?

Options:

Audit Analysis Dashboard

Management Agent Log Ingestion

Object Collection Rule

Service Connector Hub"

Load More 1z0-1104-25 Questions

Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Oracle 1z0-1104-25 Oracle Cloud Infrastructure 2025 Security Professional Exam Practice Test

Oracle Cloud Infrastructure 2025 Security Professional Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer: