1z0-1104-25 Oracle Cloud Infrastructure 2025 Security Professional Questions and Answers

Questions 4

Task 7: Verify the OCI Certificate with Load Balancer

Verify HTTPS connection to the load balancer by running the following command in Cloud Shell

curl -k https://

Enter the following URL in the web browser:

https://

If prompted with a certificate error, accept the risk and continue.

Verify web page content by ensuring the text, "You are visiting Web Server 1" from the index.html file is displayed in the browser

Options:

Buy Now

Questions 5

A company has deployed OCI Zero Trust Packet Routing (ZPR) to secure its network. They have two compute instances, VM1-01 and VM-02, in a public subnet. VM-01 is tagged with the security attribute app:vm01, and VM-02 is tagged with app:vm02. The VCN is labeled with network:vcn01, The ZPR policy states:

"What is the expected outcome of this policy?

Options:

VM-02 can SSH into VM-01, but VM-01 cannot SSH into VM-02.

VM-01 can SSH into VM-02, but VM-02 cannot SSH into VM-01.

Both VM-01 and VM-02 can SSH into each other.

Neither VM-01 nor VM-02 can SSH into each other."

Buy Now

Questions 6

Based on the provided diagram, you have a group of critical compute instances in a private subnet that require vulnerability using the Oracle Cloud Infrastructure(OCI) Vulnerability Scanning Service (VSS).

"What additional configuration is required to enable VSS to scan instances in the private subnet

Options:

VSS cannot scan private instances. You need to move them to a public subnet for vulnerability scanning.

Configure a service gateway in the VCN and a route rule to direct traffic for the VSS service through the gateway.

No additional configuration is needed. VSS can access private instances by default.

Use an OCI Bastion session to establish connectivity and forward scan results from the private instances."

Buy Now

Questions 7

Within OCI IAM identity domains, the AD Bridge component serves a critical role. How does the AD Bridge functionality specifically enhance Identity and Access Management (IAM) practices?

Options:

It simplifies user provisioning by enabling automated synchronization of user accounts and group memberships from an existing Microsoft Active Directory (AD) environment.

It facilitates delegated administration, allowing authorized AD users to manage specific resources within the OCI identity domain.

It strengthens access security by providing an additional layer of authentication through AD integration.

It directly integrates with OCI MFA providers, allowing for seamless enforcement of MFA for users authenticated through AD credentials.

Buy Now

Questions 8

"Your company is building a highly available and secure web application on OCI. Because of increasing malicious web-based attacks, the security team has mandated that web servers should not be exposed directly to the Internet.

How should you architect the solution while ensuring fault tolerance and security?

Options:

Deploy at least three web servers in different fault domains within a public subnet, each with a public IP address. Deploy Web Application Firewall (WAF), and configure an origin for each public IP.

Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet, but skip WAF configuration.

Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet and configure a back-end set for all web servers. Deploy Web Application Firewall (WAF) and set the load balancer public IP address as the origin.

Deploy at least three web servers in different fault domains within a public subnet. Use OCI Traffic Management service for DNS-based load balancing."

Buy Now

Questions 9

Challenge 2 -Task 1

In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.

As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.

Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

Task 4: Create a Public Subnet

Create a public subnet named IAD-SP-PBT-PUBSNET-01, within the VCN IAD-SP-PBT-VCN-01

use a CIDR block of 10.0.1.0/24 and configure the subnet to use the internet Gateway

Options:

Buy Now

Answer:

See the solution below in Explanation.

Explanation:

To create a public subnet named IAD-SP-PBT-PUBSNET-01 within the VCN IAD-SP-PBT-VCN-01 using a CIDR block of 10.0.1.0/24 and configure it to use the Internet Gateway, follow these steps based on the Oracle Cloud Infrastructure (OCI) Networking documentation.

Step-by-Step Solution for Task 4: Create a Public Subnet

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.com ).

Ensure you have access to the assigned compartment.

Navigate to Virtual Cloud Networks:

From the OCI Console, click the navigation menu (hamburger icon) on the top left.

UnderNetworking, selectVirtual Cloud Networks.

Select the VCN:

Locate and click on the VCN named IAD-SP-PBT-VCN-01 created in Task 3.

UnderResources, selectSubnets.

Create a New Subnet:

Click theCreate Subnetbutton.

Configure the Subnet Details:

Name:Enter IAD-SP-PBT-PUBSNET-01.

Compartment:Ensure it is set to the assigned compartment.

Subnet Type:SelectPublic Subnet.

CIDR Block:Enter 10.0.1.0/24.

Route Table:Select the default route table associated with the VCN (ensure it includes a route to the Internet Gateway with destination 0.0.0.0/0).

Subnet Access:SelectPublic Subnetand ensure the Internet Gateway is associated.

DHCP Options:Leave as default or customize if required.

Security List:Use the default security list or create a new one with appropriate ingress/egress rules (e.g., allow TCP port 22 for SSH and all egress traffic).

Associate the Internet Gateway:

Verify that the subnet is configured to route traffic through the Internet Gateway. This is automatically handled if you selected the public subnet option and the VCN’s route table is correctly set (as configured in Task 3).

If needed, edit the route table for the subnet to ensure a rule exists:

Destination CIDR Block:0.0.0.0/0

Target Type:Internet Gateway

Target:Select the Internet Gateway associated with IAD-SP-PBT-VCN-01.

Create the Subnet:

ClickCreateto provision the subnet.

Once created, the subnet will be listed under the VCN’s subnets.

Verify the Configuration:

Go to the subnet details page for IAD-SP-PBT-PUBSNET-01.

Confirm the CIDR block is 10.0.1.0/24 and that it is a public subnet with Internet Gateway access.

Notes

Ensure the CIDR block 10.0.1.0/24 does not overlap with existing subnets in the VCN (10.0.0.0/16, including 10.0.10.0/24 from Task 3).

The Internet Gateway association relies on the route table configuration from Task 3. If it’s missing, update the route table as described in Step 6.

Questions 10

Task 3: Create a Master Encryption Key

Note: OCI Vault to store the key required by this task is created in the root compartment as PBI_Vault_SP

Create an RSA Master Encryption Key (MEK), where:

Key name: PBT-CERT-MEK-01-

For example, if your username is 99008677-lab.user01, then the MEK name should be PBT-CERT-MEK-01990086771abuser01

Ensure you eliminate special characters from the user name.

Key shape: 4096 bits

Enter the OCID of the Master Encryption Key created in the provided text box:

Options:

Buy Now

Answer:

See the solution below in Explanation.

Explanation:

Task 3: Create a Master Encryption Key

Step 1: Access the OCI Vault

Navigate toIdentity & Security>Vault.

Select the root compartment.

Locate and click on the vault named PBI_Vault_SP.

Step 2: Create the Master Encryption Key

In the PBI_Vault_SP vault details page, underResources, clickKeys.

ClickCreate Key.

Enter the following details:

Name: Replace with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-MEK-0199008677labuser01).

Key Shape: SelectRSAwith4096 bits.

Protection Mode: SelectHSM(Hardware Security Module) if available, orSoftwareif HSM is not required (based on vault capabilities).

Compartment: Ensure it’s set to the root compartment (where PBI_Vault_SP resides).

Leave other settings (e.g., key usage) as default unless specified.

ClickCreate Keyand wait for the key to be generated.

Step 3: Retrieve and Enter the OCID

After the key is created, go to theKeyssection under PBI_Vault_SP.

Click on the key named PBT-CERT-MEK-01 (e.g., PBT-CERT-MEK-0199008677labuser01).

Copy theOCID(a long string starting with ocid1.key., unique to your tenancy) from the key details page.

Enter the copied OCID exactly as it appears into the provided text box.

Task 4: Create a Certificate Authority (CA)

Create a certificate authority, where:

CA name: PBT-CERT-CA-01-

For example, if your username is 99008677-lab.user01, then the certificate authority name should be PBT-CERT-CA-01990086771abuser01

Ensure you eliminate special characters from the user name.

Common name: PBT-CERT-OCICA-01

Master Encryption Key: PBT-CERT-MEK-01 (created in the previous task)

Answer: See the solution below in Explanation.

Task 4: Create a Certificate Authority (CA)

Step 1: Access the OCI Vault

Navigate toIdentity & Security>Vault.

Select the root compartment.

Locate and click on the vault named PBI_Vault_SP.

Step 2: Create the Certificate Authority

In the PBI_Vault_SP vault details page, underResources, clickCertificate Authorities.

ClickCreate Certificate Authority.

Enter the following details:

Name: Replace with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-CA-0199008677labuser01).

Common Name: Enter PBT-CERT-OCICA-01.

Master Encryption Key: Select the PBT-CERT-MEK-01 key created in Task 3 (e.g., PBT-CERT-MEK-0199008677labuser01).

Subject: Leave as default or adjust (e.g., Organization, Country) if required by your setup.

Validity Period: Set as needed (e.g., 10 years), or use the default.

Compartment: Ensure it’s set to the root compartment.

ClickCreate Certificate Authorityand wait for the CA to be provisioned.

Step 3: Verify the Certificate Authority

After creation, go to theCertificate Authoritiessection under PBI_Vault_SP.

Confirm the CA PBT-CERT-CA-01 (e.g., PBT-CERT-CA-0199008677labuser01) is listed and its status is active.

Oracle Cloud Infrastructure |

Exam Code: 1z0-1104-25

Exam Name: Oracle Cloud Infrastructure 2025 Security Professional

Last Update: Jun 15, 2025

Questions: 36

1z0-1104-25 PDF

$29.75 ~~$84.99~~

Add to Cart

1z0-1104-25 Testing Engine

$35 ~~$99.99~~

Add to Cart

1z0-1104-25 PDF + Testing Engine

$47.25 ~~$134.99~~

Add to Cart

Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtreat

cramtick logo

Navigation:

Hot Vendors:

1z0-1104-25 Oracle Cloud Infrastructure 2025 Security Professional Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

1z0-1104-25 PDF

1z0-1104-25 Testing Engine

1z0-1104-25 PDF + Testing Engine

Quick Links

Recently New Released Certification Exams

Site Secure