Oracle Cloud Infrastructure 2025 Security Professional - 1z0-1104-25 Exam Practice Test
Challenge 2
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:
Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task 5: Provision a Compute Instance
Provision a compute instance in the IAD-SP-PBT-PUBSNET-01 public subnet, where:
Name IAD-SP-PBT-1-VM-01
image: Oracle Linux 8
Shape VM: Standard, A1, Flex
Enter the OCID of the created compute instance in the text box below.
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:
Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task 5: Provision a Compute Instance
Provision a compute instance in the IAD-SP-PBT-PUBSNET-01 public subnet, where:
Name IAD-SP-PBT-1-VM-01
image: Oracle Linux 8
Shape VM: Standard, A1, Flex
Enter the OCID of the created compute instance in the text box below.
Correct Answer:
See the solution below in Explanation.
Explanation:
To provision a compute instance named IAD-SP-PBT-1-VM-01 in the IAD-SP-PBT-PUBSNET-01 public subnet with the specified configuration (Oracle Linux 8 image, VM Standard A1 Flex shape), follow these steps based on the Oracle Cloud Infrastructure (OCI) Compute documentation.
Step-by-Step Solution for Task 5: Provision a Compute Instance
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Compute Instances:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderCompute, selectInstances.
* Create a New Compute Instance:
* Click theCreate Instancebutton.
* Configure the Instance Details:
* Name:Enter IAD-SP-PBT-1-VM-01.
* Compartment:Select the assigned compartment.
* Placement:Choose the availability domain (e.g., AD-1) based on your region's availability.
* Select the Image:
* UnderImage and Shape, clickChange Image.
* SelectOracle Linux 8from the platform images list.
* ClickSelect Image.
* Choose the Shape:
* ClickChange Shape.
* SelectVM Standardcategory.
* ChooseA1 Flexfrom the shape options.
* Configure the OCPUs (e.g., 1 OCPU) and memory (e.g., 6 GB) as needed for A1 Flex, then click Select Shape.
* Configure Networking:
* UnderNetworking, ensure theVirtual Cloud Networkis set to IAD-SP-PBT-VCN-01.
* Set theSubnetto IAD-SP-PBT-PUBSNET-01 (public subnet with CIDR 10.0.1.0/24).
* EnableAssign a public IPv4 addressto allow external connectivity.
* Leave the default security list or assign a custom one if configured previously.
* Set Up SSH Access:
* UnderAdd SSH Keys, either:
* Upload your public SSH key file, or
* Paste your public SSH key manually.
* This ensures you can access the instance via SSH.
* Launch the Instance:
* ClickCreateto provision the compute instance.
* Wait for the instance to reach theRunningstate (this may take a few minutes).
* Note the Instance OCID:
* Once the instance is running, go to the instance details page for IAD-SP-PBT-1-VM-01.
* Copy theOCIDdisplayed (e.g., ocid1.instance.oc1..<unique_string>).
OCID of the Created Compute Instance
* Enter the OCID of the created compute instance (IAD-SP-PBT-1-VM-01) into the text box. The exact OCID will be available after Step 9 (e.g., ocid1.instance.oc1..<unique_string>).
Notes
* Ensure the security zone IAD_SAP-PBT-CSZ-01 and its associated recipe IAD-SP-PBT-CSP-01 allow compute instance creation in the public subnet (10.0.1.0/24).
* Verify network connectivity by testing SSH access using the public IP assigned to the instance.
Explanation:
To provision a compute instance named IAD-SP-PBT-1-VM-01 in the IAD-SP-PBT-PUBSNET-01 public subnet with the specified configuration (Oracle Linux 8 image, VM Standard A1 Flex shape), follow these steps based on the Oracle Cloud Infrastructure (OCI) Compute documentation.
Step-by-Step Solution for Task 5: Provision a Compute Instance
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Compute Instances:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderCompute, selectInstances.
* Create a New Compute Instance:
* Click theCreate Instancebutton.
* Configure the Instance Details:
* Name:Enter IAD-SP-PBT-1-VM-01.
* Compartment:Select the assigned compartment.
* Placement:Choose the availability domain (e.g., AD-1) based on your region's availability.
* Select the Image:
* UnderImage and Shape, clickChange Image.
* SelectOracle Linux 8from the platform images list.
* ClickSelect Image.
* Choose the Shape:
* ClickChange Shape.
* SelectVM Standardcategory.
* ChooseA1 Flexfrom the shape options.
* Configure the OCPUs (e.g., 1 OCPU) and memory (e.g., 6 GB) as needed for A1 Flex, then click Select Shape.
* Configure Networking:
* UnderNetworking, ensure theVirtual Cloud Networkis set to IAD-SP-PBT-VCN-01.
* Set theSubnetto IAD-SP-PBT-PUBSNET-01 (public subnet with CIDR 10.0.1.0/24).
* EnableAssign a public IPv4 addressto allow external connectivity.
* Leave the default security list or assign a custom one if configured previously.
* Set Up SSH Access:
* UnderAdd SSH Keys, either:
* Upload your public SSH key file, or
* Paste your public SSH key manually.
* This ensures you can access the instance via SSH.
* Launch the Instance:
* ClickCreateto provision the compute instance.
* Wait for the instance to reach theRunningstate (this may take a few minutes).
* Note the Instance OCID:
* Once the instance is running, go to the instance details page for IAD-SP-PBT-1-VM-01.
* Copy theOCIDdisplayed (e.g., ocid1.instance.oc1..<unique_string>).
OCID of the Created Compute Instance
* Enter the OCID of the created compute instance (IAD-SP-PBT-1-VM-01) into the text box. The exact OCID will be available after Step 9 (e.g., ocid1.instance.oc1..<unique_string>).
Notes
* Ensure the security zone IAD_SAP-PBT-CSZ-01 and its associated recipe IAD-SP-PBT-CSP-01 allow compute instance creation in the public subnet (10.0.1.0/24).
* Verify network connectivity by testing SSH access using the public IP assigned to the instance.
According to the Oracle Cloud Infrastructure (OCI) Shared Responsibility Model, which statement accurately reflects OCI's responsibility for security?
Correct Answer: A
Vote an answer
Task 2: Create a Compute Instance and Install the Web Server
Create a compute instance, where:
Name: PBT-CERT-VM-01
Image: Oracle Linux 8
Shape: VM.Standard.A1.Flex
Subnet: Compute-Subnet-PBT-CERT
Install and configure Apache web server:
a.
Install Apache
sudo yum -y install httpd
b.
Enable and start Apache
sudo systemctl enable httpd
sudo systemctl restart httpd
2. Install and configure Apache web server:
a. Install Apache
sudo yum -y install httpd
b. Enable and start Apache
sudo systemctl enable httpd
sudo systemctl restart httpd
c. Configure firewall to allow HTTP traffic (port 80)
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --reload
d. Create an index.html file
sudo bash -c 'echo You are visiting Web Server 1 >> /var/www/html/index.html' Enter the OCID of the created compute instance PBT-CERT-VM-01 in the text box below.
Create a compute instance, where:
Name: PBT-CERT-VM-01
Image: Oracle Linux 8
Shape: VM.Standard.A1.Flex
Subnet: Compute-Subnet-PBT-CERT
Install and configure Apache web server:
a.
Install Apache
sudo yum -y install httpd
b.
Enable and start Apache
sudo systemctl enable httpd
sudo systemctl restart httpd
2. Install and configure Apache web server:
a. Install Apache
sudo yum -y install httpd
b. Enable and start Apache
sudo systemctl enable httpd
sudo systemctl restart httpd
c. Configure firewall to allow HTTP traffic (port 80)
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --reload
d. Create an index.html file
sudo bash -c 'echo You are visiting Web Server 1 >> /var/www/html/index.html' Enter the OCID of the created compute instance PBT-CERT-VM-01 in the text box below.
Correct Answer:
See the solution below in Explanation.
Explanation:
Task 2: Create a Compute Instance and Install the Web Server
Step 1: Create the Compute Instance
* Log in to the OCI Console.
* Navigate toCompute>Instances.
* ClickCreate Instance.
* Enter the following details:
* Name: PBT-CERT-VM-01
* Compartment: Select your assigned compartment.
* Placement: Leave as default or select an availability domain (e.g., Availability Domain 1).
* Image: ClickChange Image, selectOracle Linux 8, and confirm.
* Shape: ClickChange Shape, selectVM.Standard.A1.Flex, and configure:
* OCPUs: 1 (or adjust as needed)
* Memory: 6 GB (or adjust as needed)
* Networking:
* Virtual Cloud Network: Select PBT-CERT-VCN-01.
* Subnet: Select Compute-Subnet-PBT-CERT.
* Leave public IP assignment enabled for internet access.
* SSH Key: Provide your public SSH key (upload or paste) for secure access.
* ClickCreateand wait for the instance to be provisioned.
Step 2: Connect to the Compute Instance
* Once the instance is created, note thePublic IP Addressfrom the instance details page.
* Use an SSH client to connect:
* Command: ssh -i <private-key-file> opc@<public-ip-address>
* Replace <private-key-file> with your private key path and <public-ip-address> with the instance' s public IP.
Step 3: Install and Configure Apache Web Server
* Install Apache:
* Run: sudo yum -y install httpd
* Enable and Start Apache:
* Run: sudo systemctl enable httpd
* Run: sudo systemctl restart httpd
* Configure Firewall to Allow HTTP Traffic (Port 80):
* Run: sudo firewall-cmd --permanent --add-port=80/tcp
* Run: sudo firewall-cmd --reload
* Create an index.html File:
* Run: sudo bash -c 'echo "You are visiting Web Server 1" >> /var/www/html/index.html' Step 4: Verify the Configuration
* Open
a web browser and enter http://
<public-ip-address> to ensure the page displays "You are visiting Web Server 1".
* If needed, troubleshoot by checking Apache status: sudo systemctl status httpd.
Step 5: Retrieve and Enter the OCID
* Go to the instance details page for PBT-CERT-VM-01 underCompute>Instances.
* Copy theOCID(a long string starting with ocid1.instance., unique to your tenancy).
* Enter the copied OCID exactly as it appears into the text box provided.
Notes
* These steps are based on OCI Compute documentation and Oracle Linux 8 setup guides.
* Ensure the security list PBT-CERT-CS-SL-01 allows inbound traffic on port 22 (SSH) and port 80 (HTTP) if not already configured.
* The OCID will be unique to your instance; obtain it from the OCI Console after creation
Explanation:
Task 2: Create a Compute Instance and Install the Web Server
Step 1: Create the Compute Instance
* Log in to the OCI Console.
* Navigate toCompute>Instances.
* ClickCreate Instance.
* Enter the following details:
* Name: PBT-CERT-VM-01
* Compartment: Select your assigned compartment.
* Placement: Leave as default or select an availability domain (e.g., Availability Domain 1).
* Image: ClickChange Image, selectOracle Linux 8, and confirm.
* Shape: ClickChange Shape, selectVM.Standard.A1.Flex, and configure:
* OCPUs: 1 (or adjust as needed)
* Memory: 6 GB (or adjust as needed)
* Networking:
* Virtual Cloud Network: Select PBT-CERT-VCN-01.
* Subnet: Select Compute-Subnet-PBT-CERT.
* Leave public IP assignment enabled for internet access.
* SSH Key: Provide your public SSH key (upload or paste) for secure access.
* ClickCreateand wait for the instance to be provisioned.
Step 2: Connect to the Compute Instance
* Once the instance is created, note thePublic IP Addressfrom the instance details page.
* Use an SSH client to connect:
* Command: ssh -i <private-key-file> opc@<public-ip-address>
* Replace <private-key-file> with your private key path and <public-ip-address> with the instance' s public IP.
Step 3: Install and Configure Apache Web Server
* Install Apache:
* Run: sudo yum -y install httpd
* Enable and Start Apache:
* Run: sudo systemctl enable httpd
* Run: sudo systemctl restart httpd
* Configure Firewall to Allow HTTP Traffic (Port 80):
* Run: sudo firewall-cmd --permanent --add-port=80/tcp
* Run: sudo firewall-cmd --reload
* Create an index.html File:
* Run: sudo bash -c 'echo "You are visiting Web Server 1" >> /var/www/html/index.html' Step 4: Verify the Configuration
* Open
a web browser and enter http://
<public-ip-address> to ensure the page displays "You are visiting Web Server 1".
* If needed, troubleshoot by checking Apache status: sudo systemctl status httpd.
Step 5: Retrieve and Enter the OCID
* Go to the instance details page for PBT-CERT-VM-01 underCompute>Instances.
* Copy theOCID(a long string starting with ocid1.instance., unique to your tenancy).
* Enter the copied OCID exactly as it appears into the text box provided.
Notes
* These steps are based on OCI Compute documentation and Oracle Linux 8 setup guides.
* Ensure the security list PBT-CERT-CS-SL-01 allows inbound traffic on port 22 (SSH) and port 80 (HTTP) if not already configured.
* The OCID will be unique to your instance; obtain it from the OCI Console after creation
Challenge 2 -Task 1
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:
Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task 4: Create a Public Subnet
Create a public subnet named IAD-SP-PBT-PUBSNET-01, within the VCN IAD-SP-PBT-VCN-01 use a CIDR block of 10.0.1.0/24 and configure the subnet to use the internet Gateway See the solution below in Explanation.
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:
Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task 4: Create a Public Subnet
Create a public subnet named IAD-SP-PBT-PUBSNET-01, within the VCN IAD-SP-PBT-VCN-01 use a CIDR block of 10.0.1.0/24 and configure the subnet to use the internet Gateway See the solution below in Explanation.
Correct Answer:
To create a public subnet named IAD-SP-PBT-PUBSNET-01 within the VCN IAD-SP-PBT-VCN-01 using a CIDR block of 10.0.1.0/24 and configure it to use the Internet Gateway, follow these steps based on the Oracle Cloud Infrastructure (OCI) Networking documentation.
Step-by-Step Solution for Task 4: Create a Public Subnet
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Virtual Cloud Networks:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderNetworking, selectVirtual Cloud Networks.
* Select the VCN:
* Locate and click on the VCN named IAD-SP-PBT-VCN-01 created in Task 3.
* UnderResources, selectSubnets.
* Create a New Subnet:
* Click theCreate Subnetbutton.
* Configure the Subnet Details:
* Name:Enter IAD-SP-PBT-PUBSNET-01.
* Compartment:Ensure it is set to the assigned compartment.
* Subnet Type:SelectPublic Subnet.
* CIDR Block:Enter 10.0.1.0/24.
* Route Table:Select the default route table associated with the VCN (ensure it includes a route to the Internet Gateway with destination 0.0.0.0/0).
* Subnet Access:SelectPublic Subnetand ensure the Internet Gateway is associated.
* DHCP Options:Leave as default or customize if required.
* Security List:Use the default security list or create a new one with appropriate ingress/egress rules (e.g., allow TCP port 22 for SSH and all egress traffic).
* Associate the Internet Gateway:
* Verify that the subnet is configured to route traffic through the Internet Gateway. This is automatically handled if you selected the public subnet option and the VCN's route table is correctly set (as configured in Task 3).
* If needed, edit the route table for the subnet to ensure a rule exists:
* Destination CIDR Block:0.0.0.0/0
* Target Type:Internet Gateway
* Target:Select the Internet Gateway associated with IAD-SP-PBT-VCN-01.
* Create the Subnet:
* ClickCreateto provision the subnet.
* Once created, the subnet will be listed under the VCN's subnets.
* Verify the Configuration:
* Go to the subnet details page for IAD-SP-PBT-PUBSNET-01.
* Confirm the CIDR block is 10.0.1.0/24 and that it is a public subnet with Internet Gateway access.
Notes
* Ensure the CIDR block 10.0.1.0/24 does not overlap with existing subnets in the VCN (10.0.0.0/16, including 10.0.10.0/24 from Task 3).
* The Internet Gateway association relies on the route table configuration from Task 3. If it's missing, update the route table as described in Step 6.
Step-by-Step Solution for Task 4: Create a Public Subnet
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Virtual Cloud Networks:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderNetworking, selectVirtual Cloud Networks.
* Select the VCN:
* Locate and click on the VCN named IAD-SP-PBT-VCN-01 created in Task 3.
* UnderResources, selectSubnets.
* Create a New Subnet:
* Click theCreate Subnetbutton.
* Configure the Subnet Details:
* Name:Enter IAD-SP-PBT-PUBSNET-01.
* Compartment:Ensure it is set to the assigned compartment.
* Subnet Type:SelectPublic Subnet.
* CIDR Block:Enter 10.0.1.0/24.
* Route Table:Select the default route table associated with the VCN (ensure it includes a route to the Internet Gateway with destination 0.0.0.0/0).
* Subnet Access:SelectPublic Subnetand ensure the Internet Gateway is associated.
* DHCP Options:Leave as default or customize if required.
* Security List:Use the default security list or create a new one with appropriate ingress/egress rules (e.g., allow TCP port 22 for SSH and all egress traffic).
* Associate the Internet Gateway:
* Verify that the subnet is configured to route traffic through the Internet Gateway. This is automatically handled if you selected the public subnet option and the VCN's route table is correctly set (as configured in Task 3).
* If needed, edit the route table for the subnet to ensure a rule exists:
* Destination CIDR Block:0.0.0.0/0
* Target Type:Internet Gateway
* Target:Select the Internet Gateway associated with IAD-SP-PBT-VCN-01.
* Create the Subnet:
* ClickCreateto provision the subnet.
* Once created, the subnet will be listed under the VCN's subnets.
* Verify the Configuration:
* Go to the subnet details page for IAD-SP-PBT-PUBSNET-01.
* Confirm the CIDR block is 10.0.1.0/24 and that it is a public subnet with Internet Gateway access.
Notes
* Ensure the CIDR block 10.0.1.0/24 does not overlap with existing subnets in the VCN (10.0.0.0/16, including 10.0.10.0/24 from Task 3).
* The Internet Gateway association relies on the route table configuration from Task 3. If it's missing, update the route table as described in Step 6.