1z0-1104-25 Oracle Cloud Infrastructure 2025 Security Professional exact Exam Questions

Question # 4

Challenge 2

In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.

As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.

Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

Task 5: Provision a Compute Instance

Provision a compute instance in the IAD-SP-PBT-PUBSNET-01 public subnet, where:

Name IAD-SP-PBT-1-VM-01

image: Oracle Linux 8

Shape VM: Standard, A1, Flex

Enter the OCID of the created compute instance in the text box below.

Full Access

Answer:

See the solution below in Explanation.

Explanation:

To provision a compute instance named IAD-SP-PBT-1-VM-01 in the IAD-SP-PBT-PUBSNET-01 public subnet with the specified configuration (Oracle Linux 8 image, VM Standard A1 Flex shape), follow these steps based on the Oracle Cloud Infrastructure (OCI) Compute documentation.

Step-by-Step Solution for Task 5: Provision a Compute Instance

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.com ).

Ensure you have access to the assigned compartment.

Navigate to Compute Instances:

From the OCI Console, click the navigation menu (hamburger icon) on the top left.

UnderCompute, selectInstances.

Create a New Compute Instance:

Click theCreate Instancebutton.

Configure the Instance Details:

Name:Enter IAD-SP-PBT-1-VM-01.

Compartment:Select the assigned compartment.

Placement:Choose the availability domain (e.g., AD-1) based on your region’s availability.

Select the Image:

UnderImage and Shape, clickChange Image.

SelectOracle Linux 8from the platform images list.

ClickSelect Image.

Choose the Shape:

ClickChange Shape.

SelectVM Standardcategory.

ChooseA1 Flexfrom the shape options.

Configure the OCPUs (e.g., 1 OCPU) and memory (e.g., 6 GB) as needed for A1 Flex, then clickSelect Shape.

Configure Networking:

UnderNetworking, ensure theVirtual Cloud Networkis set to IAD-SP-PBT-VCN-01.

Set theSubnetto IAD-SP-PBT-PUBSNET-01 (public subnet with CIDR 10.0.1.0/24).

EnableAssign a public IPv4 addressto allow external connectivity.

Leave the default security list or assign a custom one if configured previously.

Set Up SSH Access:

UnderAdd SSH Keys, either:

Upload your public SSH key file, or

Paste your public SSH key manually.

This ensures you can access the instance via SSH.

Launch the Instance:

ClickCreateto provision the compute instance.

Wait for the instance to reach theRunningstate (this may take a few minutes).

Note the Instance OCID:

Once the instance is running, go to the instance details page for IAD-SP-PBT-1-VM-01.

Copy theOCIDdisplayed (e.g., ocid1.instance.oc1..).

OCID of the Created Compute Instance

Enter the OCID of the created compute instance (IAD-SP-PBT-1-VM-01) into the text box. The exact OCID will be available after Step 9 (e.g., ocid1.instance.oc1..).

Notes

Ensure the security zone IAD_SAP-PBT-CSZ-01 and its associated recipe IAD-SP-PBT-CSP-01 allow compute instance creation in the public subnet (10.0.1.0/24).

Verify network connectivity by testing SSH access using the public IP assigned to the instance.

Question # 5

Challenge 2 -Task 1

Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

Task3: Create and configure a Virtual Cloud Network and Private Subnet

Createand configure virtual cloud Network (VCN) named IAD SP-PBT-VCN-01, with an internet Gateway and configure appropriate route rules to allow external connectivity.

Enter the OCID of the created VCN in the text box below.

Full Access

Answer:

See the solution below in Explanation.

Explanation:

To create and configure a Virtual Cloud Network (VCN) named IAD-SP-PBT-VCN-01 with an Internet Gateway and appropriate route rules for external connectivity, follow these steps based on the Oracle Cloud Infrastructure (OCI) Networking documentation.

Step-by-Step Solution for Task 3: Create and Configure a VCN and Private Subnet

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.com ).

Ensure you have access to the assigned compartment.

Navigate to Virtual Cloud Networks:

From the OCI Console, click the navigation menu (hamburger icon) on the top left.

UnderNetworking, selectVirtual Cloud Networks.

Create a New VCN:

ClickStart VCN Wizardand selectCreate VCN with Internet Connectivity.

VCN Name:Enter IAD-SP-PBT-VCN-01.

Compartment:Select the assigned compartment.

VCN CIDR Block:Enter 10.0.0.0/16 (matches the diagram's VCN CIDR).

Public Subnet CIDR Block:Enter 10.0.10.0/24 (matches the diagram's public subnet).

Accept the default settingsfor the public subnet and Internet Gateway creation.

ClickCreateto provision the VCN, Internet Gateway, and public subnet.

Verify the Internet Gateway:

After creation, go to the VCN details page for IAD-SP-PBT-VCN-01.

UnderResources, selectInternet Gateways.

Ensure the Internet Gateway is attached and enabled.

Configure Route Rules:

In the VCN details page, underResources, selectRoute Tables.

Select the default route table associated with the public subnet (10.0.10.0/24).

ClickAdd Route Rules.

Target Type:SelectInternet Gateway.

Destination CIDR Block:Enter 0.0.0.0/0.

Target Internet Gateway:Select the Internet Gateway created with the VCN.

ClickAdd Route Ruleto save.

Update Security List (if needed):

UnderResources, selectSecurity Lists.

Edit the default security list for the public subnet.

Add an ingress rule:

Source CIDR:0.0.0.0/0

IP Protocol:TCP

Source Port Range:All

Destination Port Range:22 (for SSH) or as required by your application.

Add an egress rule:

Destination CIDR:0.0.0.0/0

IP Protocol:All

Save the changes.

Note the VCN OCID:

Return to the VCN details page for IAD-SP-PBT-VCN-01.

Copy theOCIDdisplayed (e.g., ocid1.vcn.oc1..).

OCID of the Created VCN

Enter the OCID of the created VCN (IAD-SP-PBT-VCN-01) into the text box. The exact OCID will be available after Step 3 (e.g., ocid1.vcn.oc1..).

Question # 6

Based on the provided diagram, you have a group of critical compute instances in a private subnet that require vulnerability using the Oracle Cloud Infrastructure(OCI) Vulnerability Scanning Service (VSS).

"What additional configuration is required to enable VSS to scan instances in the private subnet

VSS cannot scan private instances. You need to move them to a public subnet for vulnerability scanning.

Configure a service gateway in the VCN and a route rule to direct traffic for the VSS service through the gateway.

No additional configuration is needed. VSS can access private instances by default.

Use an OCI Bastion session to establish connectivity and forward scan results from the private instances."

Full Access

Question # 7

"You are part of the security operations of an organization with thousands of users accessing Oracle Cloud Infrastructure (OCI). It is reported that an unknown user action was executed resulting in configuration errors. You are tasked with identifying the details of all users who were active in the last six hours along with any REST API calls that were executed.

Which OCI feature should you use?

Audit Analysis Dashboard

Management Agent Log Ingestion

Object Collection Rule

Service Connector Hub"

Full Access

Question # 8

A company has implemented OCI IAM policies with multiple levels of compartments. A policy attached to a parent compartment grants "manage virtual-network-family" permissions. A policy attached to a child compartment grants "use virtual-network-family" permissions.

According to OCI IAM policy inheritance, how does the OCI IAM policy engine resolve the permissions for a user attempting to perform an operation that requires 'manage' permissions in the child compartment?

The operation is denied due to conflicting policies.

The policy in the parent compartment takes precedence, and the user is granted "manage" permissions.

The policy in the child compartment takes precedence, and the user is granted "use" permissions only.

Full Access

Question # 9

A company is securing its compute instances (VMs and Bare Metal Machines) in Oracle Cloud infrastructure (OCI) using a network firewall. As shown in the diagram, traffic flows from the internet Gateway (IGW) to the firewall in the Public DMZ Subnet, and then to the compute instances in the Public Subnet.

When configuring security lists and network security groups (NSGs) in this setup, what should they consider?

If the policy used with the firewall has no rules specified, the firewall allows all traffic.

Ensure that any security list or NSG rules allow the traffic to enter the firewall for appropriate evaluation.

Add stateful rules to the security list attached to the firewall subnet or include the firewall in an NSG containing stateful rules for better performance.

Security list and NSG rules associated with the firewall subnet and VNICs are evaluated after the firewall.

Full Access

Question # 10

"A programmer is developing a Node.js application which will run on a Linux server on their on-premises data center. This application will access various Oracle Cloud Infrastructure (OCI) services using OCI SDKs.

What is the secure way to access OCI services with OCI Identity and Access Management (IAM)?

Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, add the user name and password to a file used by Node.js authentication.

Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, generate the keypair used for signing API requests and upload the public key to the IAM user.

Create a new OCI IAM user associated with a dynamic group and a policy that grants the desired permissions to OCI services. Add the on-premises Linux server in the dynamic group.

Create an OCI IAM policy with appropriate permissions to access the required OCI services and assign the policy to the on-premises Linux server."

Full Access

Summer Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ex2p65

Exact2Pass Menu

Exact2Pass

Answer:

Explanation:

Answer:

Explanation:

Answer:

Answer:

Answer:

Answer:

Answer:

SubFooter