Ace 1z0-1104-25 Certification with 39 Actual Questions
PASS Oracle 1z0-1104-25 EXAM WITH UPDATED DUMPS
Oracle 1z0-1104-25 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
NEW QUESTION # 20
"A business has a hybrid cloud infrastructure with Oracle Linux instances running in OCI and on-premises.
They want to reduce the amount of bandwidth used when patching systems.
Which component of OS Management Hub can help to reduce the bandwidth usage for patching?
- A. Profiles"
- B. Dynamic groups
- C. Management agents
- D. Management stations
Answer: A
NEW QUESTION # 21
Your organization needs to implement strong password policies for users in OCI.
Which of the following statements is TRUE about password policies in OCI IAM?
- A. The default password policy cannot be modified.
- B. Only one password policy can be applied to all users in a domain.
- C. Custom password policies allow for granular control over password complexity.
- D. Simple password policies are suitable for production environments.
Answer: C
NEW QUESTION # 22
A company has implemented OCI IAM policies with multiple levels of compartments. A policy attached to a parent compartment grants "manage virtual-network-family" permissions. A policy attached to a child compartment grants "use virtual-network-family" permissions.
According to OCI IAM policy inheritance, how does the OCI IAM policy engine resolve the permissions for a user attempting to perform an operation that requires 'manage' permissions in the child compartment?
- A. The policy in the parent compartment takes precedence, and the user is granted "manage" permissions.
- B. The operation is denied due to conflicting policies.
- C. The policy in the child compartment takes precedence, and the user is granted "use" permissions only.
Answer: A
NEW QUESTION # 23
A company has deployed OCI Zero Trust Packet Routing (ZPR) to secure its network. They have two compute instances, VM1-01 and VM-02, in a public subnet. VM-01 is tagged with the security attribute app:
vm01, and VM-02 is tagged with app:vm02. The VCN is labeled with network:vcn01, The ZPR policy states:
"What is the expected outcome of this policy?
- A. Neither VM-01 nor VM-02 can SSH into each other."
- B. VM-01 can SSH into VM-02, but VM-02 cannot SSH into VM-01.
- C. VM-02 can SSH into VM-01, but VM-01 cannot SSH into VM-02.
- D. Both VM-01 and VM-02 can SSH into each other.
Answer: B
NEW QUESTION # 24
Task 7: Verify the OCI Certificate with Load Balancer
Verify HTTPS connection to the load balancer by running the following command in Cloud Shell curl -k https://<Public IP of PBT-CERT-LB-01> Enter the following URL in the web browser:
https://<Public IP of PBT-CERT-LB-01>
If prompted with a certificate error, accept the risk and continue.
Verify web page content by ensuring the text, "You are visiting Web Server 1" from the index.html file is displayed in the browser See the solution below in Explanation.
Answer:
Explanation:
Task 7: Verify the OCI Certificate with Load Balancer
Step 1: Obtain the Public IP of the Load Balancer
* Log in to the OCI Console.
* Navigate toNetworking>Load Balancers.
* Click on PBT-CERT-LB-01.
* Note thePublic IP Addressfrom the load balancer details page.
Step 2: Verify HTTPS Connection Using Cloud Shell
* Open the OCI Cloud Shell from the top-right corner of the OCI Console.
* Run the following command, replacing <Public IP of PBT-CERT-LB-01> with the public IP you noted:
curl -k https://<Public IP of PBT-CERT-LB-01>
* Expected output: You should see the text "You are visiting Web Server 1" if the connection is successful. The -k flag ignores certificate validation errors (common during initial testing with self- signed or newly issued certificates).
* If you encounter an error, ensure the load balancer is active, the listener is configured correctly, and the backend server (PBT-CERT-VM-01) is reachable.
Step 3: Verify in a Web Browser
* Open a web browser.
* Enter the following URL, replacing <Public IP of PBT-CERT-LB-01> with the public IP you noted:
https://<Public IP of PBT-CERT-LB-01>
* If prompted with a certificate warning (e.g., due to a self-signed certificate or untrusted CA), accept the risk and proceed (click "Advanced" and "Proceed" or similar, depending on your browser).
* Verify that the web page displays the text "You are visiting Web Server 1" from the index.html file created on PBT-CERT-VM-01.
Step 4: Troubleshoot (if needed)
* If the text is not displayed:
* Check the load balancer health status underBackend Sets>Healthin the OCI Console.
* Ensure the security list PBT-CERT-LB-SL-01 allows port 443 and the compute instance security list allows port 80.
* Verify the Apache service is running on PBT-CERT-VM-01 by SSHing in and running sudo systemctl status httpd.
NEW QUESTION # 25
Task 4: Create a Certificate Authority (CA)
Create a certificate authority, where:
CA name: PBT-CERT-CA-01-<username>
For example, if your username is 99008677-lab.user01, then the certificate authority name should be PBT- CERT-CA-01990086771abuser01 Ensure you eliminate special characters from the user name.
Common name: PBT-CERT-OCICA-01
Master Encryption Key: PBT-CERT-MEK-01 (created in the previous task)
Answer:
Explanation:
See the solution below in Explanation.
Task 4: Create a Certificate Authority (CA)
Step 1: Access the OCI Vault
* Log in to the OCI Console.
* Navigate toIdentity & Security>Vault.
* Select the root compartment.
* Locate and click on the vault named PBI_Vault_SP.
Step 2: Create the Certificate Authority
* In the PBI_Vault_SP vault details page, underResources, clickCertificate Authorities.
* ClickCreate Certificate Authority.
* Enter the following details:
* Name: Replace <username> with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-CA-
0199008677labuser01).
* Common Name: Enter PBT-CERT-OCICA-01.
* Master Encryption Key: Select the PBT-CERT-MEK-01<username> key created in Task 3 (e.
g., PBT-CERT-MEK-0199008677labuser01).
* Subject: Leave as default or adjust (e.g., Organization, Country) if required by your setup.
* Validity Period: Set as needed (e.g., 10 years), or use the default.
* Compartment: Ensure it's set to the root compartment.
* ClickCreate Certificate Authorityand wait for the CA to be provisioned.
Step 3: Verify the Certificate Authority
* After creation, go to theCertificate Authoritiessection under PBI_Vault_SP.
* Confirm the CA PBT-CERT-CA-01<username> (e.g., PBT-CERT-CA-0199008677labuser01) is listed and its status is active.
NEW QUESTION # 26
An E-commerce company running on Oracle Cloud Infrastructure (OCI) wants to prevent accidental misconfigurations that could expose sensitive data. They need an OCI service that can enforce predefined security rules when creating or modifying cloud resources.
Which OCI service should they use?
- A. OCI Security Zone
- B. OCI Certificates
- C. OCI Web Application Firewall (WAF)
- D. OCI Identity and Access Management (IAM)
Answer: A
NEW QUESTION # 27
A company is securing its compute instances (VMs and Bare Metal Machines) in Oracle Cloud infrastructure (OCI) using a network firewall. As shown in the diagram, traffic flows from the internet Gateway (IGW) to the firewall in the Public DMZ Subnet, and then to the compute instances in the Public Subnet.
When configuring security lists and network security groups (NSGs) in this setup, what should they consider?
- A. Security list and NSG rules associated with the firewall subnet and VNICs are evaluated after the firewall.
- B. Ensure that any security list or NSG rules allow the traffic to enter the firewall for appropriate evaluation.
- C. Add stateful rules to the security list attached to the firewall subnet or include the firewall in an NSG containing stateful rules for better performance.
- D. If the policy used with the firewall has no rules specified, the firewall allows all traffic.
Answer: B
NEW QUESTION # 28
According to the Oracle Cloud Infrastructure (OCI) Shared Responsibility Model, which statement accurately reflects OCI's responsibility for security?
- A. OCI provides security only for free-tier services; customers secure everything else.
- B. OCI has no security responsibilities; customers need to secure their resources.
- C. OCI is responsible for securing the underlying infrastructure but not customer data.
- D. Customers are responsible for securing both infrastructure and data.
Answer: C
NEW QUESTION # 29
"A company, ABC, is planning to launch a new web application on OCI. Based on past experiences, they expect a significant surge in traffic after the launch. You are responsible for ensuring that the application is highly available.
Which step would you perform to achieve this goal?
- A. Implement security controls, such as web application firewalls, to protect against common attack vectors.
- B. Use a load balancer to distribute incoming traffic evenly across multiple instances of the web application."
- C. Use a Virtual Cloud Network (VCN) with subnets, security lists, and routing rules to isolate the web application from the Internet and other resources.
- D. Configure Cloud Guard to prevent large amounts of traffic from reaching the web application.
Answer: B
NEW QUESTION # 30
Challenge 2 -Task 1
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:
Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task3: Create and configure a Virtual Cloud Network and Private Subnet
Createand configure virtual cloud Network (VCN) named IAD SP-PBT-VCN-01, with an internet Gateway and configure appropriate route rules to allow external connectivity.
Enter the OCID of the created VCN in the text box below.
Answer:
Explanation:
See the solution below in Explanation.
Explanation:
To create and configure a Virtual Cloud Network (VCN) named IAD-SP-PBT-VCN-01 with an Internet Gateway and appropriate route rules for external connectivity, follow these steps based on the Oracle Cloud Infrastructure (OCI) Networking documentation.
Step-by-Step Solution for Task 3: Create and Configure a VCN and Private Subnet
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Virtual Cloud Networks:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderNetworking, selectVirtual Cloud Networks.
* Create a New VCN:
* ClickStart VCN Wizardand selectCreate VCN with Internet Connectivity.
* VCN Name:Enter IAD-SP-PBT-VCN-01.
* Compartment:Select the assigned compartment.
* VCN CIDR Block:Enter 10.0.0.0/16 (matches the diagram's VCN CIDR).
* Public Subnet CIDR Block:Enter 10.0.10.0/24 (matches the diagram's public subnet).
* Accept the default settingsfor the public subnet and Internet Gateway creation.
* ClickCreateto provision the VCN, Internet Gateway, and public subnet.
* Verify the Internet Gateway:
* After creation, go to the VCN details page for IAD-SP-PBT-VCN-01.
* UnderResources, selectInternet Gateways.
* Ensure the Internet Gateway is attached and enabled.
* Configure Route Rules:
* In the VCN details page, underResources, selectRoute Tables.
* Select the default route table associated with the public subnet (10.0.10.0/24).
* ClickAdd Route Rules.
* Target Type:SelectInternet Gateway.
* Destination CIDR Block:Enter 0.0.0.0/0.
* Target Internet Gateway:Select the Internet Gateway created with the VCN.
* ClickAdd Route Ruleto save.
* Update Security List (if needed):
* UnderResources, selectSecurity Lists.
* Edit the default security list for the public subnet.
* Add an ingress rule:
* Source CIDR:0.0.0.0/0
* IP Protocol:TCP
* Source Port Range:All
* Destination Port Range:22 (for SSH) or as required by your application.
* Add an egress rule:
* Destination CIDR:0.0.0.0/0
* IP Protocol:All
* Save the changes.
* Note the VCN OCID:
* Return to the VCN details page for IAD-SP-PBT-VCN-01.
* Copy theOCIDdisplayed (e.g., ocid1.vcn.oc1..<unique_string>).
OCID of the Created VCN
* Enter the OCID of the created VCN (IAD-SP-PBT-VCN-01) into the text box. The exact OCID will be available after Step 3 (e.g., ocid1.vcn.oc1..<unique_string>).
NEW QUESTION # 31
"You are part of the security operations of an organization with thousands of users accessing Oracle Cloud Infrastructure (OCI). It is reported that an unknown user action was executed resulting in configuration errors.
You are tasked with identifying the details of all users who were active in the last six hours along with any REST API calls that were executed.
Which OCI feature should you use?
- A. Management Agent Log Ingestion
- B. Object Collection Rule
- C. Service Connector Hub"
- D. Audit Analysis Dashboard
Answer: D
NEW QUESTION # 32
Challenge 2 -Task 1
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:
Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task 1: Create a Custom Security Zone Recipe
Create a Custom Security Zone Recipe named IAD-SP-PBT-CSP-01 that allows the provisioning of compute instances in the public subnet.
Enter the OCID of the created custom security zone recipe in the text box below.
Answer:
Explanation:
See the solution below in Explanation.
Explanation:
To create a Custom Security Zone Recipe named IAD-SP-PBT-CSP-01 that allows the provisioning of compute instances in a public subnet, we will follow the steps outlined in the Oracle Cloud Infrastructure (OCI) Security Zones documentation. These steps are based on verified procedures from the OCI Security Zone Guide and related resources.
Step-by-Step Solution for Task 1: Create a Custom Security Zone Recipe
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment provided in the tenancy.
* Navigate to Security Zones:
* From the OCI Console, go to the navigation menu (hamburger icon) on the top left.
* UnderGovernance and Administration, selectSecurity Zones.
* Create a New Security Zone Recipe:
* In the Security Zones dashboard, click on theRecipestab.
* Click theCreate Recipebutton.
* Configure the Recipe Details:
* Name:Enter IAD-SP-PBT-CSP-01.
* Description:(Optional) Add a description, e.g., "Custom recipe to allow compute instances in public subnet."
* Leave theCompartmentas the assigned compartment provided.
* Define the Security Zone Policy:
* In the policy editor, start with a base policy. Since the Maximum Security Zone recipe restricts public subnet usage, you need to customize it.
* Add the following policy statement to allow compute instances in a public subnet:
Allow service compute to use virtual-network-family in compartment <compartment-name> where ALL { target.resource.type = 'Instance', target.vcn.cidr_block = '10.0.0.0/16', target.subnet.cidr_block = '10.0.10.0/24'
}
* Replace <compartment-name> with the name of your assigned compartment.
* This policy allows the Compute service to provision instances in the public subnet (10.0.10.0/24) within the VCN (10.0.0.0/16).
* Adjust Restrictions:
* Ensure the recipe does not inherit the Maximum Security Zone recipe's default restrictions that block public subnet usage. Explicitly allow the public subnet by including the subnet CIDR block (10.0.10.0/24) in the policy.
* Remove or modify any conflicting default rules that prohibit public subnet usage (e.g., rules blocking internet access or public IP assignment).
* Save the Recipe:
* ClickCreateto save the custom security zone recipe.
* Once created, note theOCIDof the recipe from the recipe details page. The OCID will be a unique identifier starting with ocid1.securityzonerecipe.
* Verify the Recipe:
* Go to theRecipestab and locate IAD-SP-PBT-CSP-01.
* Ensure the policy reflects the allowance for compute instances in the public subnet by reviewing the policy statement.
OCID of the Created Custom Security Zone Recipe
* The exact OCID will be generated upon creation (e.g., ocid1.securityzonerecipe.oc1..unique_string).
Please enter the OCID displayed in the OCI Console after completing Step 7.
Notes
* Ensure IAM policies are correctly configured to grant you permissions to create and manage security zone recipes in the compartment.
* The policy assumes the public subnet CIDR (10.0.10.0/24) matches the diagram. Adjust if the actual subnet CIDR differs.
* Test the recipe by associating it with a security zone and attempting to launch a compute instance to confirm compliance.
NEW QUESTION # 33
Task 3: Create a Master Encryption Key
Note: OCI Vault to store the key required by this task is created in the root compartment as PBI_Vault_SP Create an RSA Master Encryption Key (MEK), where:
Key name: PBT-CERT-MEK-01-<username>
For example, if your username is 99008677-lab.user01, then the MEK name should be PBT-CERT-MEK-
01990086771abuser01
Ensure you eliminate special characters from the user name.
Key shape: 4096 bits
Enter the OCID of the Master Encryption Key created in the provided text box:
Answer:
Explanation:
See the solution below in Explanation.
Explanation:
Task 3: Create a Master Encryption Key
Step 1: Access the OCI Vault
* Log in to the OCI Console.
* Navigate toIdentity & Security>Vault.
* Select the root compartment.
* Locate and click on the vault named PBI_Vault_SP.
Step 2: Create the Master Encryption Key
* In the PBI_Vault_SP vault details page, underResources, clickKeys.
* ClickCreate Key.
* Enter the following details:
* Name: Replace <username> with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-MEK-
0199008677labuser01).
* Key Shape: SelectRSAwith4096 bits.
* Protection Mode: SelectHSM(Hardware Security Module) if available, orSoftwareif HSM is not required (based on vault capabilities).
* Compartment: Ensure it's set to the root compartment (where PBI_Vault_SP resides).
* Leave other settings (e.g., key usage) as default unless specified.
* ClickCreate Keyand wait for the key to be generated.
Step 3: Retrieve and Enter the OCID
* After the key is created, go to theKeyssection under PBI_Vault_SP.
* Click on the key named PBT-CERT-MEK-01<username> (e.g., PBT-CERT-MEK-
0199008677labuser01).
* Copy theOCID(a long string starting with ocid1.key., unique to your tenancy) from the key details page.
* Enter the copied OCID exactly as it appears into the provided text box.
NEW QUESTION # 34
Challenge 2 -Task 1
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:
Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task 2: Create a Security Zone
Create a security Zone named IAD_SAP-PBT-CSZ-01 in your assigned compartement and associate it with the Custom Security Zone Recipe (IAD-SAP-PBT-CSP-01) created in the previous task.
Enter the OCID of the created Security zone in the box below.
Answer:
Explanation:
See the solution below in Explanation.
Explanation:
To create a Security Zone named IAD_SAP-PBT-CSZ-01 in your assigned compartment and associate it with the Custom Security Zone Recipe IAD-SP-PBT-CSP-01 created in the previous task, follow these steps based on the Oracle Cloud Infrastructure (OCI) Security Zones documentation.
Step-by-Step Solution for Task 2: Create a Security Zone
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Security Zones:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderGovernance and Administration, selectSecurity Zones.
* Create a New Security Zone:
* In the Security Zones dashboard, click theCreate Security Zonebutton.
* Configure the Security Zone Details:
* Name:Enter IAD_SAP-PBT-CSZ-01.
* Compartment:Select the assigned compartment provided.
* Description:(Optional) Add a description, e.g., "Security Zone for public subnet compute instances."
* Associate the Custom Security Zone Recipe:
* In theRecipesection, select the custom recipe IAD-SP-PBT-CSP-01 created in Task 1 from the dropdown list.
* Ensure the recipe is correctly associated to enforce the policy allowing compute instances in the public subnet.
* Define the Security Zone Scope:
* UnderResources to Protect, select the compartment or specific resources (e.g., the VCN with CIDR 10.0.0.0/16 and public subnet 10.0.10.0/24) to apply the security zone.
* Check the box to include all resources in the selected compartment if applicable.
* Create the Security Zone:
* ClickCreateto finalize the security zone creation.
* Once created, note theOCIDof the security zone from the security zone details page. The OCID will be a unique identifier starting with ocid1.securityzone.
* Verify the Security Zone:
* Go to theSecurity Zonestab and locate IAD_SAP-PBT-CSZ-01.
* Confirm the associated recipe (IAD-SP-PBT-CSP-01) and the applied policies.
OCID of the Created Security Zone
* The exact OCID will be generated upon creation (e.g., ocid1.securityzone.oc1..<unique_string>).
Please enter the OCID displayed in the OCI Console after completing Step 7.
NEW QUESTION # 35
......
1z0-1104-25 Questions PDF [2026] Use Valid New dump to Clear Exam: https://certkingdom.practicedump.com/1z0-1104-25-practice-dumps.html