1z0-1104-25 Oracle Cloud Infrastructure 2025 Security Professional exact Exam Questions

Oracle Cloud Infrastructure 2025 Security Professional

Last Update 3 hours ago Total Questions : 36

The Oracle Cloud Infrastructure 2025 Security Professional content is now fully updated, with all current exam questions added 3 hours ago. Deciding to include 1z0-1104-25 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our 1z0-1104-25 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these 1z0-1104-25 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Oracle Cloud Infrastructure 2025 Security Professional practice test comfortably within the allotted time.

Question # 1

"A business has a hybrid cloud infrastructure with Oracle Linux instances running in OCI and on-premises. They want to reduce the amount of bandwidth used when patching systems.

Which component of OS Management Hub can help to reduce the bandwidth usage for patching?

Management stations

Management agents

Dynamic groups

Profiles"

Question # 2

An E-commerce company running on Oracle Cloud Infrastructure (OCI) wants to prevent accidental misconfigurations that could expose sensitive data. They need an OCI service that can enforce predefined security rules when creating or modifying cloud resources.

Which OCI service should they use?

OCI Web Application Firewall (WAF)

OCI Identity and Access Management (IAM)

OCI Security Zone

OCI Certificates

Question # 3

A company is securing its compute instances (VMs and Bare Metal Machines) in Oracle Cloud infrastructure (OCI) using a network firewall. As shown in the diagram, traffic flows from the internet Gateway (IGW) to the firewall in the Public DMZ Subnet, and then to the compute instances in the Public Subnet.

When configuring security lists and network security groups (NSGs) in this setup, what should they consider?

If the policy used with the firewall has no rules specified, the firewall allows all traffic.

Ensure that any security list or NSG rules allow the traffic to enter the firewall for appropriate evaluation.

Add stateful rules to the security list attached to the firewall subnet or include the firewall in an NSG containing stateful rules for better performance.

Security list and NSG rules associated with the firewall subnet and VNICs are evaluated after the firewall.

Question # 4

During your investigation of a load balancer issue, you discovered that all back-end servers associated with one of the affected listeners were reported as unhealthy. However, when you checked the back-end servers, they seemed to be working just fine.

What might be causing this issue?

Incorrect subnet configuration

Misconfigured security rule

Incorrect DNS configuration

Overloaded back-end servers

Misconfigured health check

Question # 5

"A programmer is developing a Node.js application which will run on a Linux server on their on-premises data center. This application will access various Oracle Cloud Infrastructure (OCI) services using OCI SDKs.

What is the secure way to access OCI services with OCI Identity and Access Management (IAM)?

Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, add the user name and password to a file used by Node.js authentication.

Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, generate the keypair used for signing API requests and upload the public key to the IAM user.

Create a new OCI IAM user associated with a dynamic group and a policy that grants the desired permissions to OCI services. Add the on-premises Linux server in the dynamic group.

Create an OCI IAM policy with appropriate permissions to access the required OCI services and assign the policy to the on-premises Linux server."

Question # 6

Task 6: Create Load Balancer and Attach Certificate

Create a Load Balancer with the name PBT-CERT-LB-01 in subnet LB-Subnet-PBT-CERT-SNET-02

Create a Listener for the load balancer, where:

Name: PBT-CERT-LB_LTSN_01

Protocol: HTTPS

Port: 443

Attach the certificate PBT-CERT-01- < username > to the load balancer

Attach the security list PBT-CERT-LB-SL-01 to subnet LB-Subnet-PBT-CERT-SNET-02

Answer:

See the solution below in Explanation.

Explanation:

Task 6: Create Load Balancer and Attach Certificate

Step 1: Create the Load Balancer

Navigate to Networking > Load Balancers .

Click Create Load Balancer .

Enter the following details:

Name : PBT-CERT-LB-01

Compartment : Select your assigned compartment.

Load Balancer Type : Select Public .

Virtual Cloud Network : Select PBT-CERT-VCN-01.

Subnet : Select LB-Subnet-PBT-CERT-SNET-02.

Shape : Choose a shape (e.g., 10 Mbps, adjust based on needs).

Click Next .

Leave backend sets and listeners as default for now (we’ll configure the listener next).

Click Create Load Balancer and wait for it to be provisioned.

Step 2: Create a Listener

Once the load balancer is created, go to the Load Balancers page and click on PBT-CERT-LB-01.

Under Resources , click Listeners .

Click Create Listener .

Enter the following details:

Name : PBT-CERT-LB_LTSN_01

Protocol : Select HTTPS .

Port : Enter 443.

Certificate : Click Add Certificate , then select the PBT-CERT-01 < username > certificate (e.g., PBT-CERT-0199008677labuser01) created in Task 5.

Leave other settings (e.g., SSL handling) as default unless specified.

Click Create .

Step 3: Configure the Backend Set

In the PBT-CERT-LB-01 details page, under Resources , click Backend Sets .

Click Create Backend Set (if not already created).

Enter basic details (e.g., name like PBT-CERT-BS-01).

Add a backend server:

IP Address : Use the private IP of PBT-CERT-VM-01 (find this in the instance details under Compute > Instances ).

Port : 80 (HTTP, as configured on the web server).

Protocol : HTTP.

Click Create .

Step 4: Attach the Security List to the Subnet

Navigate to Networking > Virtual Cloud Networks .

Select PBT-CERT-VCN-01 and click Subnets .

Click on LB-Subnet-PBT-CERT-SNET-02.

Under Security Lists , ensure PBT-CERT-LB-SL-01 is attached. If not:

Click Edit .

Remove the default security list and add PBT-CERT-LB-SL-01.

Click Save Changes .

Step 5: Verify the Configuration

Ensure the load balancer health status is OK (check under Backend Sets > Health ).

Test by accessing https:// < load-balancer-public-ip > in a browser (replace with the public IP from the load balancer details).

Question # 7

Challenge 1 - Task 1

Integrate TLS Certificate Issued by the OCI Certificates Service with Load Balancer

You are a cloud engineer at a tech company that is migrating its services to Oracle Cloud Infrastructure (OCI). You are required to set up secure communication for your web application using OCI's Certificate service. You need to create a Certificate Authority (CA), issue a TLS/SSL server certificate, and configure a load balancer to use this certificate to ensure encrypted traffic between clients and the backend servers.

Review the architecture diagram, which outlines the resources you'll need to address the requirement.

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

OCI Vault to store the secret required by the program, which is created in the root compartment as PBI_Vault_SP

Task 1: Create and Configure a Virtual Cloud Network (VCN)

Create a Virtual Cloud Network (VCN) named PBT-CERT-VCN-01 with the following specifications:

VCN with a CIDR block of 10.0.0.0/16

Subnet 1 (Compute Instance):

Name: Compute-Subnet-PBT-CERT

CIDR Block: 10.0.1.0/24

Subnet 2 (Load Balancer):

Name: LB-Subnet-PBT-CERT-SNET-02

CIDR Block: 10.0.2.0/24

Internet Gateway for external connectivity

Route table and security lists:

Security List named PBT-CERT-CS-SL-01 for Subnet 1 ( Compute-Subnet-PBT-CERT ) to allow SSH (port 22) traffic

Security List named PBT-CERT-LB-SL-01 for Subnet 2 ( LB-Subnet-PBT-CERT ) to allow HTTPS (port 443) traffic

"Enter the OCID of the created VCN in the text box below.

Answer:

See the solution below in Explanation.

Explanation:

Challenge 1: Integrate TLS Certificate Issued by the OCI Certificates Service with Load Balancer

Task 1: Create and Configure a Virtual Cloud Network (VCN)

Step 1: Create the Virtual Cloud Network (VCN)

Navigate to Networking > Virtual Cloud Networks .

Click Create Virtual Cloud Network .

Select VCN with Internet Connectivity (to include an Internet Gateway by default).

Enter the following details:

Name : PBT-CERT-VCN-01

Compartment : Select your assigned compartment.

VCN CIDR Block : 10.0.0.0/16

Leave other settings as default (e.g., create a new public subnet and route table).

Click Create Virtual Cloud Network . Wait for the VCN to be created.

Step 2: Create Subnet 1 (Compute-Subnet-PBT-CERT)

In the VCN details page for PBT-CERT-VCN-01, click Subnets under Resources .

Click Create Subnet .

Enter the following details:

Name : Compute-Subnet-PBT-CERT

Subnet Type : Regional

CIDR Block : 10.0.1.0/24

Route Table : Select the default route table created with the VCN.

Subnet Access : Public Subnet (to allow internet access).

DNS Resolution : Enabled.

Click Create .

Step 3: Create Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)

In the VCN details page, click Subnets under Resources .

Click Create Subnet .

Enter the following details:

Name : LB-Subnet-PBT-CERT-SNET-02

Subnet Type : Regional

CIDR Block : 10.0.2.0/24

Route Table : Select the default route table created with the VCN.

Subnet Access : Public Subnet (to allow internet access for the load balancer).

DNS Resolution : Enabled.

Click Create .

Step 4: Verify Internet Gateway

In the VCN details page, under Resources , click Internet Gateways .

Ensure an Internet Gateway is listed and attached to PBT-CERT-VCN-01. If not created, click Create Internet Gateway , name it (e.g., PBT-CERT-IGW), and attach it.

Step 5: Configure Route Table

In the VCN details page, under Resources , click Route Tables .

Select the default route table or create a new one named PBT-CERT-RT-01.

Click Add Route Rule . 4 - Destination CIDR Block : 0.0.0.0/0

Target Type : Internet Gateway

Target : Select the Internet Gateway created (e.g., PBT-CERT-IGW).

Click Add Route Rule and save.

Step 6: Create Security List for Subnet 1 (Compute-Subnet-PBT-CERT)

In the VCN details page, under Resources , click Security Lists .

Click Create Security List .

Enter the following:

Name : PBT-CERT-CS-SL-01

Compartment : Your assigned compartment.

Add the following ingress rule:

Source CIDR : 0.0.0.0/0 (allow from any source, adjust as per security needs)

IP Protocol : TCP

Source Port Range : All

Destination Port Range : 22 (for SSH)

Allows : Traffic

Click Create .

Step 7: Create Security List for Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)

In the VCN details page, under Resources , click Security Lists .

Click Create Security List .

Enter the following:

Name : PBT-CERT-LB-SL-01

Compartment : Your assigned compartment.

Add the following ingress rule:

Source CIDR : 0.0.0.0/0 (allow from any source, adjust as per security needs)

IP Protocol : TCP

Source Port Range : All

Destination Port Range : 443 (for HTTPS)

Allows : Traffic

Click Create .

Step 8: Retrieve and Enter VCN OCID

Go to the VCN details page for PBT-CERT-VCN-01.

Copy the OCID from the VCN information section.

Enter the OCID in the provided text box.

Question # 8

Task 7: Verify the OCI Certificate with Load Balancer

Verify HTTPS connection to the load balancer by running the following command in Cloud Shell

curl -k https:// < Public IP of PBT-CERT-LB-01 >

Enter the following URL in the web browser:

https:// < Public IP of PBT-CERT-LB-01 >

If prompted with a certificate error, accept the risk and continue.

Verify web page content by ensuring the text, "You are visiting Web Server 1" from the index.html file is displayed in the browser

Question # 9

Challenge 2 -Task 1

In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.

As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.

Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

Task 4: Create a Public Subnet

Create a public subnet named IAD-SP-PBT-PUBSNET-01, within the VCN IAD-SP-PBT-VCN-01

use a CIDR block of 10.0.1.0/24 and configure the subnet to use the internet Gateway

Answer:

See the solution below in Explanation.

Explanation:

To create a public subnet named IAD-SP-PBT-PUBSNET-01 within the VCN IAD-SP-PBT-VCN-01 using a CIDR block of 10.0.1.0/24 and configure it to use the Internet Gateway, follow these steps based on the Oracle Cloud Infrastructure (OCI) Networking documentation.

Step-by-Step Solution for Task 4: Create a Public Subnet

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console ( https://console.us-ashburn-1.oraclecloud.com ).

Ensure you have access to the assigned compartment.

Navigate to Virtual Cloud Networks:

From the OCI Console, click the navigation menu (hamburger icon) on the top left.

Under Networking , select Virtual Cloud Networks .

Select the VCN:

Locate and click on the VCN named IAD-SP-PBT-VCN-01 created in Task 3.

Under Resources , select Subnets .

Create a New Subnet:

Click the Create Subnet button.

Configure the Subnet Details:

Name: Enter IAD-SP-PBT-PUBSNET-01.

Compartment: Ensure it is set to the assigned compartment.

Subnet Type: Select Public Subnet .

CIDR Block: Enter 10.0.1.0/24.

Route Table: Select the default route table associated with the VCN (ensure it includes a route to the Internet Gateway with destination 0.0.0.0/0).

Subnet Access: Select Public Subnet and ensure the Internet Gateway is associated.

DHCP Options: Leave as default or customize if required.

Security List: Use the default security list or create a new one with appropriate ingress/egress rules (e.g., allow TCP port 22 for SSH and all egress traffic).

Associate the Internet Gateway:

Verify that the subnet is configured to route traffic through the Internet Gateway. This is automatically handled if you selected the public subnet option and the VCN’s route table is correctly set (as configured in Task 3).

If needed, edit the route table for the subnet to ensure a rule exists:

Destination CIDR Block: 0.0.0.0/0

Target Type: Internet Gateway

Target: Select the Internet Gateway associated with IAD-SP-PBT-VCN-01.

Create the Subnet:

Click Create to provision the subnet.

Once created, the subnet will be listed under the VCN’s subnets.

Verify the Configuration:

Go to the subnet details page for IAD-SP-PBT-PUBSNET-01.

Confirm the CIDR block is 10.0.1.0/24 and that it is a public subnet with Internet Gateway access.

Notes

Ensure the CIDR block 10.0.1.0/24 does not overlap with existing subnets in the VCN (10.0.0.0/16, including 10.0.10.0/24 from Task 3).

The Internet Gateway association relies on the route table configuration from Task 3. If it’s missing, update the route table as described in Step 6.

Question # 10

Task 3: Create a Master Encryption Key

Note: OCI Vault to store the key required by this task is created in the root compartment as PBI_Vault_SP

Create an RSA Master Encryption Key (MEK), where:

Key name: PBT-CERT-MEK-01- < username >

For example, if your username is 99008677-lab.user01, then the MEK name should be PBT-CERT-MEK-01990086771abuser01

Ensure you eliminate special characters from the user name.

Key shape: 4096 bits

Enter the OCID of the Master Encryption Key created in the provided text box:

Answer:

See the solution below in Explanation.

Explanation:

Task 3: Create a Master Encryption Key

Step 1: Access the OCI Vault

Navigate to Identity & Security > Vault .

Select the root compartment.

Locate and click on the vault named PBI_Vault_SP.

Step 2: Create the Master Encryption Key

In the PBI_Vault_SP vault details page, under Resources , click Keys .

Click Create Key .

Enter the following details:

Name : Replace < username > with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-MEK-0199008677labuser01).

Key Shape : Select RSA with 4096 bits .

Protection Mode : Select HSM (Hardware Security Module) if available, or Software if HSM is not required (based on vault capabilities).

Compartment : Ensure it’s set to the root compartment (where PBI_Vault_SP resides).

Leave other settings (e.g., key usage) as default unless specified.

Click Create Key and wait for the key to be generated.

Step 3: Retrieve and Enter the OCID

After the key is created, go to the Keys section under PBI_Vault_SP.

Click on the key named PBT-CERT-MEK-01 < username > (e.g., PBT-CERT-MEK-0199008677labuser01).

Copy the OCID (a long string starting with ocid1.key., unique to your tenancy) from the key details page.

Enter the copied OCID exactly as it appears into the provided text box.

Task 4: Create a Certificate Authority (CA)

Create a certificate authority, where:

CA name: PBT-CERT-CA-01- < username >

For example, if your username is 99008677-lab.user01, then the certificate authority name should be PBT-CERT-CA-01990086771abuser01

Ensure you eliminate special characters from the user name.

Common name: PBT-CERT-OCICA-01

Master Encryption Key: PBT-CERT-MEK-01 (created in the previous task)

Answer: See the solution below in Explanation.

Task 4: Create a Certificate Authority (CA)

Step 1: Access the OCI Vault

Navigate to Identity & Security > Vault .

Select the root compartment.

Locate and click on the vault named PBI_Vault_SP.

Step 2: Create the Certificate Authority

In the PBI_Vault_SP vault details page, under Resources , click Certificate Authorities .

Click Create Certificate Authority .

Enter the following details:

Common Name : Enter PBT-CERT-OCICA-01.

Master Encryption Key : Select the PBT-CERT-MEK-01 < username > key created in Task 3 (e.g., PBT-CERT-MEK-0199008677labuser01).

Subject : Leave as default or adjust (e.g., Organization, Country) if required by your setup.

Validity Period : Set as needed (e.g., 10 years), or use the default.

Compartment : Ensure it’s set to the root compartment.

Click Create Certificate Authority and wait for the CA to be provisioned.

Step 3: Verify the Certificate Authority

After creation, go to the Certificate Authorities section under PBI_Vault_SP.

Confirm the CA PBT-CERT-CA-01 < username > (e.g., PBT-CERT-CA-0199008677labuser01) is listed and its status is active.

1z0-1104-25 PDF + Testing Engine

~~$149.97~~
$44.99

Last Update: May 26, 2026
36 Questions and Answers
Single Choice: 25 Q&A's
Simulation: 11 Q&A's

View Packages

Related Oracle Certification Exams

Oracle 1z0-1161-1

Oracle 1z0-1145-1

Oracle 1z0-1160-1

Oracle 1z0-1163-1

Oracle 1z0-1108-2

Oracle 1z0-1041-25

Oracle 1z0-931-25

Oracle 1z0-1093-25

Oracle 1z0-1042-25

Oracle 1z0-1072-25

Oracle 1z0-1110-25

Oracle 1z0-771

New Release

Copado-Extension-Builder Exam Questions

Category-Manager Exam Questions

Drupal-Site-Builder Exam Questions

NCP-OUSD Exam Questions

IdentityIQ-Associate Exam Questions

M92 Exam Questions

ISO-IEC-27002-Foundation Exam Questions

NCP-AAI Exam Questions

VNX301 Exam Questions

AI-901 Exam Questions

Als-Con-201 Exam Questions

App-Development-with-Swift-Certified-User Exam Questions

CAIPM Exam Questions

CPCM Exam Questions

RCA Exam Questions

Spring Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Exact2Pass

Oracle Cloud Infrastructure 2025 Security Professional

Answer:

Answer:

Answer:

Answer:

Answer:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

Answer:

Explanation:

1z0-1104-25 PDF + Testing Engine

Related Oracle Certification Exams

New Release

SubFooter