• Home
  • Articles
  • [Q21-Q38] Free 1z0-1104-25 Exam Files Downloaded Instantly UPDATED [2026]

[Q21-Q38] Free 1z0-1104-25 Exam Files Downloaded Instantly UPDATED [2026]

Share

Free 1z0-1104-25 Exam Files Downloaded Instantly UPDATED [2026]

100% Pass Guaranteed Free 1z0-1104-25 Exam Dumps

NEW QUESTION # 21
Challenge 2 -Task 1
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task3: Create and configure a Virtual Cloud Network and Private Subnet
Createand configure virtual cloud Network (VCN) named IAD SP-PBT-VCN-01, with an internet Gateway and configure appropriate route rules to allow external connectivity.
Enter the OCID of the created VCN in the text box below.

Answer:

Explanation:
See the solution below in Explanation.
Explanation:
To create and configure a Virtual Cloud Network (VCN) named IAD-SP-PBT-VCN-01 with an Internet Gateway and appropriate route rules for external connectivity, follow these steps based on the Oracle Cloud Infrastructure (OCI) Networking documentation.
Step-by-Step Solution for Task 3: Create and Configure a VCN and Private Subnet
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Virtual Cloud Networks:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderNetworking, selectVirtual Cloud Networks.
* Create a New VCN:
* ClickStart VCN Wizardand selectCreate VCN with Internet Connectivity.
* VCN Name:Enter IAD-SP-PBT-VCN-01.
* Compartment:Select the assigned compartment.
* VCN CIDR Block:Enter 10.0.0.0/16 (matches the diagram's VCN CIDR).
* Public Subnet CIDR Block:Enter 10.0.10.0/24 (matches the diagram's public subnet).
* Accept the default settingsfor the public subnet and Internet Gateway creation.
* ClickCreateto provision the VCN, Internet Gateway, and public subnet.
* Verify the Internet Gateway:
* After creation, go to the VCN details page for IAD-SP-PBT-VCN-01.
* UnderResources, selectInternet Gateways.
* Ensure the Internet Gateway is attached and enabled.
* Configure Route Rules:
* In the VCN details page, underResources, selectRoute Tables.
* Select the default route table associated with the public subnet (10.0.10.0/24).
* ClickAdd Route Rules.
* Target Type:SelectInternet Gateway.
* Destination CIDR Block:Enter 0.0.0.0/0.
* Target Internet Gateway:Select the Internet Gateway created with the VCN.
* ClickAdd Route Ruleto save.
* Update Security List (if needed):
* UnderResources, selectSecurity Lists.
* Edit the default security list for the public subnet.
* Add an ingress rule:
* Source CIDR:0.0.0.0/0
* IP Protocol:TCP
* Source Port Range:All
* Destination Port Range:22 (for SSH) or as required by your application.
* Add an egress rule:
* Destination CIDR:0.0.0.0/0
* IP Protocol:All
* Save the changes.
* Note the VCN OCID:
* Return to the VCN details page for IAD-SP-PBT-VCN-01.
* Copy theOCIDdisplayed (e.g., ocid1.vcn.oc1..<unique_string>).
OCID of the Created VCN
* Enter the OCID of the created VCN (IAD-SP-PBT-VCN-01) into the text box. The exact OCID will be available after Step 3 (e.g., ocid1.vcn.oc1..<unique_string>).


NEW QUESTION # 22
When trying to encrypt plaintext using Command Line Interface (CLI), the developer gets a Service Error.
This is the command the developer tried to run:

What is the reason for this error?

  • A. The plaintext needs to be in JSON form.
  • B. The developer has the wrong endpoint.
  • C. The developer forgot to specify the region.
  • D. The user should pass the key version OCID instead of the key OCID.

Answer: D


NEW QUESTION # 23
Within OCI IAM identity domains, the AD Bridge component serves a critical role. How does the AD Bridge functionality specifically enhance Identity and Access Management (IAM) practices?

  • A. It facilitates delegated administration, allowing authorized AD users to manage specific resources within the OCI identity domain.
  • B. It directly integrates with OCI MFA providers, allowing for seamless enforcement of MFA for users authenticated through AD credentials.
  • C. It simplifies user provisioning by enabling automated synchronization of user accounts and group memberships from an existing Microsoft Active Directory (AD) environment.
  • D. It strengthens access security by providing an additional layer of authentication through AD integration.

Answer: C


NEW QUESTION # 24
Task 7: Verify the OCI Certificate with Load Balancer
Verify HTTPS connection to the load balancer by running the following command in Cloud Shell curl -k https://<Public IP of PBT-CERT-LB-01> Enter the following URL in the web browser:
https://<Public IP of PBT-CERT-LB-01>
If prompted with a certificate error, accept the risk and continue.
Verify web page content by ensuring the text, "You are visiting Web Server 1" from the index.html file is displayed in the browser See the solution below in Explanation.

Answer:

Explanation:
Task 7: Verify the OCI Certificate with Load Balancer
Step 1: Obtain the Public IP of the Load Balancer
* Log in to the OCI Console.
* Navigate toNetworking>Load Balancers.
* Click on PBT-CERT-LB-01.
* Note thePublic IP Addressfrom the load balancer details page.
Step 2: Verify HTTPS Connection Using Cloud Shell
* Open the OCI Cloud Shell from the top-right corner of the OCI Console.
* Run the following command, replacing <Public IP of PBT-CERT-LB-01> with the public IP you noted:
curl -k https://<Public IP of PBT-CERT-LB-01>
* Expected output: You should see the text "You are visiting Web Server 1" if the connection is successful. The -k flag ignores certificate validation errors (common during initial testing with self- signed or newly issued certificates).
* If you encounter an error, ensure the load balancer is active, the listener is configured correctly, and the backend server (PBT-CERT-VM-01) is reachable.
Step 3: Verify in a Web Browser
* Open a web browser.
* Enter the following URL, replacing <Public IP of PBT-CERT-LB-01> with the public IP you noted:
https://<Public IP of PBT-CERT-LB-01>
* If prompted with a certificate warning (e.g., due to a self-signed certificate or untrusted CA), accept the risk and proceed (click "Advanced" and "Proceed" or similar, depending on your browser).
* Verify that the web page displays the text "You are visiting Web Server 1" from the index.html file created on PBT-CERT-VM-01.
Step 4: Troubleshoot (if needed)
* If the text is not displayed:
* Check the load balancer health status underBackend Sets>Healthin the OCI Console.
* Ensure the security list PBT-CERT-LB-SL-01 allows port 443 and the compute instance security list allows port 80.
* Verify the Apache service is running on PBT-CERT-VM-01 by SSHing in and running sudo systemctl status httpd.


NEW QUESTION # 25
During your investigation of a load balancer issue, you discovered that all back-end servers associated with one of the affected listeners were reported as unhealthy. However, when you checked the back-end servers, they seemed to be working just fine.
What might be causing this issue?

  • A. Misconfigured security rule
  • B. Overloaded back-end servers
  • C. Incorrect subnet configuration
  • D. Incorrect DNS configuration
  • E. Misconfigured health check

Answer: E


NEW QUESTION # 26
An E-commerce company running on Oracle Cloud Infrastructure (OCI) wants to prevent accidental misconfigurations that could expose sensitive data. They need an OCI service that can enforce predefined security rules when creating or modifying cloud resources.
Which OCI service should they use?

  • A. OCI Certificates
  • B. OCI Security Zone
  • C. OCI Web Application Firewall (WAF)
  • D. OCI Identity and Access Management (IAM)

Answer: B


NEW QUESTION # 27
A company is securing its compute instances (VMs and Bare Metal Machines) in Oracle Cloud infrastructure (OCI) using a network firewall. As shown in the diagram, traffic flows from the internet Gateway (IGW) to the firewall in the Public DMZ Subnet, and then to the compute instances in the Public Subnet.

When configuring security lists and network security groups (NSGs) in this setup, what should they consider?

  • A. If the policy used with the firewall has no rules specified, the firewall allows all traffic.
  • B. Add stateful rules to the security list attached to the firewall subnet or include the firewall in an NSG containing stateful rules for better performance.
  • C. Ensure that any security list or NSG rules allow the traffic to enter the firewall for appropriate evaluation.
  • D. Security list and NSG rules associated with the firewall subnet and VNICs are evaluated after the firewall.

Answer: C


NEW QUESTION # 28
Based on the provided diagram, you have a group of critical compute instances in a private subnet that require vulnerability using the Oracle Cloud Infrastructure(OCI) Vulnerability Scanning Service (VSS).

"What additional configuration is required to enable VSS to scan instances in the private subnet

  • A. VSS cannot scan private instances. You need to move them to a public subnet for vulnerability scanning.
  • B. Use an OCI Bastion session to establish connectivity and forward scan results from the private instances."
  • C. Configure a service gateway in the VCN and a route rule to direct traffic for the VSS service through the gateway.
  • D. No additional configuration is needed. VSS can access private instances by default.

Answer: C


NEW QUESTION # 29
According to the Oracle Cloud Infrastructure (OCI) Shared Responsibility Model, which statement accurately reflects OCI's responsibility for security?

  • A. OCI has no security responsibilities; customers need to secure their resources.
  • B. OCI provides security only for free-tier services; customers secure everything else.
  • C. OCI is responsible for securing the underlying infrastructure but not customer data.
  • D. Customers are responsible for securing both infrastructure and data.

Answer: C


NEW QUESTION # 30
An OCI administrator notices that a compute instance running in the production compartment is unable to create Object Storage buckets using the OCI CLI command:
oci os bucket create --name mybucket --compartment-id <compartment_OCID> --auth instance_principal The error message returned states:
"NotAuthorizedOrNotFound: You are not authorized to perform this action." The administrator verifies that the instance has Internet access and can reach OCI endpoints.
What then could be causing the issue?

  • A. The instance is not part of any Dynamic Group or the matching rule is incorrect.
  • B. The policy is written at the root compartment instead of the production compartment.
  • C. The instance is using the wrong OCI CLI authentication method.
  • D. The bucket name is already in use, causing a conflict.

Answer: A


NEW QUESTION # 31
You have created a compartment TEST in your subscribed tenancy. Then, you created two groups, test1 and test2, and want the users in these groups to be able to manage all the resources in the TEST compartment.
Which policy would you use to achieve this?

  • A. Allow group/test*/to manage all resources in compartment test.
  • B. Allow any-user to manage all resources in compartment test where any {request.groups.test1, test2}
  • C. Allow group test1, test2 to manage all resources in compartment test.
  • D. Allow any-user to manage all resources in compartment test where request.group='test*'

Answer: C


NEW QUESTION # 32
"A programmer is developing a Node.js application which will run on a Linux server on their on-premises data center. This application will access various Oracle Cloud Infrastructure (OCI) services using OCI SDKs.
What is the secure way to access OCI services with OCI Identity and Access Management (IAM)?

  • A. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, generate the keypair used for signing API requests and upload the public key to the IAM user.
  • B. Create an OCI IAM policy with appropriate permissions to access the required OCI services and assign the policy to the on-premises Linux server."
  • C. Create a new OCI IAM user associated with a dynamic group and a policy that grants the desired permissions to OCI services. Add the on-premises Linux server in the dynamic group.
  • D. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, add the user name and password to a file used by Node.js authentication.

Answer: A


NEW QUESTION # 33
Challenge 2
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task 5: Provision a Compute Instance
Provision a compute instance in the IAD-SP-PBT-PUBSNET-01 public subnet, where:
Name IAD-SP-PBT-1-VM-01
image: Oracle Linux 8
Shape VM: Standard, A1, Flex
Enter the OCID of the created compute instance in the text box below.

Answer:

Explanation:
See the solution below in Explanation.
Explanation:
To provision a compute instance named IAD-SP-PBT-1-VM-01 in the IAD-SP-PBT-PUBSNET-01 public subnet with the specified configuration (Oracle Linux 8 image, VM Standard A1 Flex shape), follow these steps based on the Oracle Cloud Infrastructure (OCI) Compute documentation.
Step-by-Step Solution for Task 5: Provision a Compute Instance
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Compute Instances:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderCompute, selectInstances.
* Create a New Compute Instance:
* Click theCreate Instancebutton.
* Configure the Instance Details:
* Name:Enter IAD-SP-PBT-1-VM-01.
* Compartment:Select the assigned compartment.
* Placement:Choose the availability domain (e.g., AD-1) based on your region's availability.
* Select the Image:
* UnderImage and Shape, clickChange Image.
* SelectOracle Linux 8from the platform images list.
* ClickSelect Image.
* Choose the Shape:
* ClickChange Shape.
* SelectVM Standardcategory.
* ChooseA1 Flexfrom the shape options.
* Configure the OCPUs (e.g., 1 OCPU) and memory (e.g., 6 GB) as needed for A1 Flex, then click Select Shape.
* Configure Networking:
* UnderNetworking, ensure theVirtual Cloud Networkis set to IAD-SP-PBT-VCN-01.
* Set theSubnetto IAD-SP-PBT-PUBSNET-01 (public subnet with CIDR 10.0.1.0/24).
* EnableAssign a public IPv4 addressto allow external connectivity.
* Leave the default security list or assign a custom one if configured previously.
* Set Up SSH Access:
* UnderAdd SSH Keys, either:
* Upload your public SSH key file, or
* Paste your public SSH key manually.
* This ensures you can access the instance via SSH.
* Launch the Instance:
* ClickCreateto provision the compute instance.
* Wait for the instance to reach theRunningstate (this may take a few minutes).
* Note the Instance OCID:
* Once the instance is running, go to the instance details page for IAD-SP-PBT-1-VM-01.
* Copy theOCIDdisplayed (e.g., ocid1.instance.oc1..<unique_string>).
OCID of the Created Compute Instance
* Enter the OCID of the created compute instance (IAD-SP-PBT-1-VM-01) into the text box. The exact OCID will be available after Step 9 (e.g., ocid1.instance.oc1..<unique_string>).
Notes
* Ensure the security zone IAD_SAP-PBT-CSZ-01 and its associated recipe IAD-SP-PBT-CSP-01 allow compute instance creation in the public subnet (10.0.1.0/24).
* Verify network connectivity by testing SSH access using the public IP assigned to the instance.


NEW QUESTION # 34
Your organization needs to implement strong password policies for users in OCI.
Which of the following statements is TRUE about password policies in OCI IAM?

  • A. Custom password policies allow for granular control over password complexity.
  • B. Simple password policies are suitable for production environments.
  • C. Only one password policy can be applied to all users in a domain.
  • D. The default password policy cannot be modified.

Answer: A


NEW QUESTION # 35
Which are the essential components to create a rule for the Oracle Cloud Infrastructure (OCI) Events Service?

  • A. Install Key and Service Connector
  • B. Rule Conditions and Actions
  • C. Rule Conditions and Management Agent Cloud Service
  • D. Install Key and Actions

Answer: B


NEW QUESTION # 36
......

Latest 1z0-1104-25 dumps - Instant Download PDF: https://certkingdom.practicedump.com/1z0-1104-25-practice-dumps.html

Related Articles

more
Oracle 1z0-1104-25 Certification Practice Exam

Copyright © 2026 PracticeDump NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy