Free 1z0-1104-25 Sample Questions and 100% Cover Real Exam Questions (Updated 39 Questions) [Q16-Q34]

Share

Free 1z0-1104-25 Sample Questions and 100% Cover Real Exam Questions (Updated 39 Questions)

Download Real Oracle 1z0-1104-25 Exam Dumps Test Engine Exam Questions

NEW QUESTION # 16
"Your company is in the process of migrating its sensitive data to Oracle Cloud Infrastructure (OCI) and is prioritizing the strongest possible security measures. Encryption is a key part of this strategy, but you are particularly concerned about the physical security of the hardware where your encryption keys will be stored.
Which characteristic of OCI Key Management Service (KMS) helps ensure the physical security of your encryption keys?

  • A. Seamless integration with other OCI services for streamlined workflows
  • B. Utilization of FIPS 140-2 validated Hardware Security Modules (HSMs)"
  • C. Granular customer control over key access permissions
  • D. Centralized key management for simplified administration

Answer: B


NEW QUESTION # 17
Challenge 2 -Task 1
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task3: Create and configure a Virtual Cloud Network and Private Subnet
Createand configure virtual cloud Network (VCN) named IAD SP-PBT-VCN-01, with an internet Gateway and configure appropriate route rules to allow external connectivity.
Enter the OCID of the created VCN in the text box below.

Answer:

Explanation:
See the solution below in Explanation.
Explanation:
To create and configure a Virtual Cloud Network (VCN) named IAD-SP-PBT-VCN-01 with an Internet Gateway and appropriate route rules for external connectivity, follow these steps based on the Oracle Cloud Infrastructure (OCI) Networking documentation.
Step-by-Step Solution for Task 3: Create and Configure a VCN and Private Subnet
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Virtual Cloud Networks:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderNetworking, selectVirtual Cloud Networks.
* Create a New VCN:
* ClickStart VCN Wizardand selectCreate VCN with Internet Connectivity.
* VCN Name:Enter IAD-SP-PBT-VCN-01.
* Compartment:Select the assigned compartment.
* VCN CIDR Block:Enter 10.0.0.0/16 (matches the diagram's VCN CIDR).
* Public Subnet CIDR Block:Enter 10.0.10.0/24 (matches the diagram's public subnet).
* Accept the default settingsfor the public subnet and Internet Gateway creation.
* ClickCreateto provision the VCN, Internet Gateway, and public subnet.
* Verify the Internet Gateway:
* After creation, go to the VCN details page for IAD-SP-PBT-VCN-01.
* UnderResources, selectInternet Gateways.
* Ensure the Internet Gateway is attached and enabled.
* Configure Route Rules:
* In the VCN details page, underResources, selectRoute Tables.
* Select the default route table associated with the public subnet (10.0.10.0/24).
* ClickAdd Route Rules.
* Target Type:SelectInternet Gateway.
* Destination CIDR Block:Enter 0.0.0.0/0.
* Target Internet Gateway:Select the Internet Gateway created with the VCN.
* ClickAdd Route Ruleto save.
* Update Security List (if needed):
* UnderResources, selectSecurity Lists.
* Edit the default security list for the public subnet.
* Add an ingress rule:
* Source CIDR:0.0.0.0/0
* IP Protocol:TCP
* Source Port Range:All
* Destination Port Range:22 (for SSH) or as required by your application.
* Add an egress rule:
* Destination CIDR:0.0.0.0/0
* IP Protocol:All
* Save the changes.
* Note the VCN OCID:
* Return to the VCN details page for IAD-SP-PBT-VCN-01.
* Copy theOCIDdisplayed (e.g., ocid1.vcn.oc1..<unique_string>).
OCID of the Created VCN
* Enter the OCID of the created VCN (IAD-SP-PBT-VCN-01) into the text box. The exact OCID will be available after Step 3 (e.g., ocid1.vcn.oc1..<unique_string>).


NEW QUESTION # 18
Challenge 2 -Task 1
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task 4: Create a Public Subnet
Create a public subnet named IAD-SP-PBT-PUBSNET-01, within the VCN IAD-SP-PBT-VCN-01 use a CIDR block of 10.0.1.0/24 and configure the subnet to use the internet Gateway See the solution below in Explanation.

Answer:

Explanation:
To create a public subnet named IAD-SP-PBT-PUBSNET-01 within the VCN IAD-SP-PBT-VCN-01 using a CIDR block of 10.0.1.0/24 and configure it to use the Internet Gateway, follow these steps based on the Oracle Cloud Infrastructure (OCI) Networking documentation.
Step-by-Step Solution for Task 4: Create a Public Subnet
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Virtual Cloud Networks:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderNetworking, selectVirtual Cloud Networks.
* Select the VCN:
* Locate and click on the VCN named IAD-SP-PBT-VCN-01 created in Task 3.
* UnderResources, selectSubnets.
* Create a New Subnet:
* Click theCreate Subnetbutton.
* Configure the Subnet Details:
* Name:Enter IAD-SP-PBT-PUBSNET-01.
* Compartment:Ensure it is set to the assigned compartment.
* Subnet Type:SelectPublic Subnet.
* CIDR Block:Enter 10.0.1.0/24.
* Route Table:Select the default route table associated with the VCN (ensure it includes a route to the Internet Gateway with destination 0.0.0.0/0).
* Subnet Access:SelectPublic Subnetand ensure the Internet Gateway is associated.
* DHCP Options:Leave as default or customize if required.
* Security List:Use the default security list or create a new one with appropriate ingress/egress rules (e.g., allow TCP port 22 for SSH and all egress traffic).
* Associate the Internet Gateway:
* Verify that the subnet is configured to route traffic through the Internet Gateway. This is automatically handled if you selected the public subnet option and the VCN's route table is correctly set (as configured in Task 3).
* If needed, edit the route table for the subnet to ensure a rule exists:
* Destination CIDR Block:0.0.0.0/0
* Target Type:Internet Gateway
* Target:Select the Internet Gateway associated with IAD-SP-PBT-VCN-01.
* Create the Subnet:
* ClickCreateto provision the subnet.
* Once created, the subnet will be listed under the VCN's subnets.
* Verify the Configuration:
* Go to the subnet details page for IAD-SP-PBT-PUBSNET-01.
* Confirm the CIDR block is 10.0.1.0/24 and that it is a public subnet with Internet Gateway access.
Notes
* Ensure the CIDR block 10.0.1.0/24 does not overlap with existing subnets in the VCN (10.0.0.0/16, including 10.0.10.0/24 from Task 3).
* The Internet Gateway association relies on the route table configuration from Task 3. If it's missing, update the route table as described in Step 6.


NEW QUESTION # 19
Based on the provided diagram, you have a group of critical compute instances in a private subnet that require vulnerability using the Oracle Cloud Infrastructure(OCI) Vulnerability Scanning Service (VSS).

"What additional configuration is required to enable VSS to scan instances in the private subnet

  • A. Configure a service gateway in the VCN and a route rule to direct traffic for the VSS service through the gateway.
  • B. VSS cannot scan private instances. You need to move them to a public subnet for vulnerability scanning.
  • C. Use an OCI Bastion session to establish connectivity and forward scan results from the private instances."
  • D. No additional configuration is needed. VSS can access private instances by default.

Answer: A


NEW QUESTION # 20
You are a security architect at your organization and have noticed an increase in cyberattacks on your applications, including Cross-Site Scripting (XSS) and SQL Injection. To mitigate these threats, you decide to use OCI Web Application Firewall (WAF).
Which type of OCI WAF rule should you configure to protect against these attacks?

  • A. Encryption rule
  • B. Rate Limiting rule
  • C. Access control rule
  • D. Protection rule

Answer: D


NEW QUESTION # 21
During your investigation of a load balancer issue, you discovered that all back-end servers associated with one of the affected listeners were reported as unhealthy. However, when you checked the back-end servers, they seemed to be working just fine.
What might be causing this issue?

  • A. Incorrect subnet configuration
  • B. Misconfigured health check
  • C. Overloaded back-end servers
  • D. Misconfigured security rule
  • E. Incorrect DNS configuration

Answer: B


NEW QUESTION # 22
In Oracle Cloud Infrastructure (OCI), bare metal instances provide customers with direct access to the underlying hardware. To mitigate security risks when a customer terminates a bare metal instance, OCI utilizes Root-of-Trust hardware.
What is the primary function of the Root-of-Trust hardware in this context?

  • A. It automatically encrypts data at rest on the bare metal instance.
  • B. It ensures all non-volatile memory on the terminated instance is securely wiped before reuse.
  • C. It guarantees complete isolation between customer workloads on different instances.
  • D. It eliminates the need for hypervisors, reducing the potential attack surface.

Answer: B


NEW QUESTION # 23
You're managing an Oracle Cloud Infrastructure (OCI) environment where a public website hosts downloadable assets stored in Object Storage buckets. These buckets need to be publicly accessible for website visitors, but Cloud Guard keeps flagging them as security risks.
How can Cloud Guard be configured to ignore problems specific to public buckets while still ensuring security checks are applied to other resources that require them?

  • A. Fix the baseline by configuring the Conditional groups for the detector.
  • B. Resolve or remediate the problems by making the buckets private.
  • C. A public bucket is a security risk, so Cloud Guard will keep detecting it.
  • D. Dismiss problems associated with those resources.

Answer: A


NEW QUESTION # 24
Which are the essential components to create a rule for the Oracle Cloud Infrastructure (OCI) Events Service?

  • A. Rule Conditions and Actions
  • B. Install Key and Service Connector
  • C. Rule Conditions and Management Agent Cloud Service
  • D. Install Key and Actions

Answer: A


NEW QUESTION # 25
An E-commerce company running on Oracle Cloud Infrastructure (OCI) wants to prevent accidental misconfigurations that could expose sensitive data. They need an OCI service that can enforce predefined security rules when creating or modifying cloud resources.
Which OCI service should they use?

  • A. OCI Web Application Firewall (WAF)
  • B. OCI Security Zone
  • C. OCI Certificates
  • D. OCI Identity and Access Management (IAM)

Answer: B


NEW QUESTION # 26
Task 2: Create a Compute Instance and Install the Web Server
Create a compute instance, where:
Name: PBT-CERT-VM-01
Image: Oracle Linux 8
Shape: VM.Standard.A1.Flex
Subnet: Compute-Subnet-PBT-CERT
Install and configure Apache web server:
a.
Install Apache
sudo yum -y install httpd
b.
Enable and start Apache
sudo systemctl enable httpd
sudo systemctl restart httpd
2. Install and configure Apache web server:
a. Install Apache
sudo yum -y install httpd
b. Enable and start Apache
sudo systemctl enable httpd
sudo systemctl restart httpd
c. Configure firewall to allow HTTP traffic (port 80)
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --reload
d. Create an index.html file
sudo bash -c 'echo You are visiting Web Server 1 >> /var/www/html/index.html' Enter the OCID of the created compute instance PBT-CERT-VM-01 in the text box below.

Answer:

Explanation:
See the solution below in Explanation.
Explanation:
Task 2: Create a Compute Instance and Install the Web Server
Step 1: Create the Compute Instance
* Log in to the OCI Console.
* Navigate toCompute>Instances.
* ClickCreate Instance.
* Enter the following details:
* Name: PBT-CERT-VM-01
* Compartment: Select your assigned compartment.
* Placement: Leave as default or select an availability domain (e.g., Availability Domain 1).
* Image: ClickChange Image, selectOracle Linux 8, and confirm.
* Shape: ClickChange Shape, selectVM.Standard.A1.Flex, and configure:
* OCPUs: 1 (or adjust as needed)
* Memory: 6 GB (or adjust as needed)
* Networking:
* Virtual Cloud Network: Select PBT-CERT-VCN-01.
* Subnet: Select Compute-Subnet-PBT-CERT.
* Leave public IP assignment enabled for internet access.
* SSH Key: Provide your public SSH key (upload or paste) for secure access.
* ClickCreateand wait for the instance to be provisioned.
Step 2: Connect to the Compute Instance
* Once the instance is created, note thePublic IP Addressfrom the instance details page.
* Use an SSH client to connect:
* Command: ssh -i <private-key-file> opc@<public-ip-address>
* Replace <private-key-file> with your private key path and <public-ip-address> with the instance' s public IP.
Step 3: Install and Configure Apache Web Server
* Install Apache:
* Run: sudo yum -y install httpd
* Enable and Start Apache:
* Run: sudo systemctl enable httpd
* Run: sudo systemctl restart httpd
* Configure Firewall to Allow HTTP Traffic (Port 80):
* Run: sudo firewall-cmd --permanent --add-port=80/tcp
* Run: sudo firewall-cmd --reload
* Create an index.html File:
* Run: sudo bash -c 'echo "You are visiting Web Server 1" >> /var/www/html/index.html' Step 4: Verify the Configuration
* Open
a web browser and enter http://
<public-ip-address> to ensure the page displays "You are visiting Web Server 1".
* If needed, troubleshoot by checking Apache status: sudo systemctl status httpd.
Step 5: Retrieve and Enter the OCID
* Go to the instance details page for PBT-CERT-VM-01 underCompute>Instances.
* Copy theOCID(a long string starting with ocid1.instance., unique to your tenancy).
* Enter the copied OCID exactly as it appears into the text box provided.
Notes
* These steps are based on OCI Compute documentation and Oracle Linux 8 setup guides.
* Ensure the security list PBT-CERT-CS-SL-01 allows inbound traffic on port 22 (SSH) and port 80 (HTTP) if not already configured.
* The OCID will be unique to your instance; obtain it from the OCI Console after creation


NEW QUESTION # 27
A company is securing its compute instances (VMs and Bare Metal Machines) in Oracle Cloud infrastructure (OCI) using a network firewall. As shown in the diagram, traffic flows from the internet Gateway (IGW) to the firewall in the Public DMZ Subnet, and then to the compute instances in the Public Subnet.

When configuring security lists and network security groups (NSGs) in this setup, what should they consider?

  • A. If the policy used with the firewall has no rules specified, the firewall allows all traffic.
  • B. Ensure that any security list or NSG rules allow the traffic to enter the firewall for appropriate evaluation.
  • C. Security list and NSG rules associated with the firewall subnet and VNICs are evaluated after the firewall.
  • D. Add stateful rules to the security list attached to the firewall subnet or include the firewall in an NSG containing stateful rules for better performance.

Answer: B


NEW QUESTION # 28
An OCI administrator notices that a compute instance running in the production compartment is unable to create Object Storage buckets using the OCI CLI command:
oci os bucket create --name mybucket --compartment-id <compartment_OCID> --auth instance_principal The error message returned states:
"NotAuthorizedOrNotFound: You are not authorized to perform this action." The administrator verifies that the instance has Internet access and can reach OCI endpoints.
What then could be causing the issue?

  • A. The instance is not part of any Dynamic Group or the matching rule is incorrect.
  • B. The instance is using the wrong OCI CLI authentication method.
  • C. The bucket name is already in use, causing a conflict.
  • D. The policy is written at the root compartment instead of the production compartment.

Answer: A


NEW QUESTION # 29
"Your company is building a highly available and secure web application on OCI. Because of increasing malicious web-based attacks, the security team has mandated that web servers should not be exposed directly to the Internet.
How should you architect the solution while ensuring fault tolerance and security?

  • A. Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet and configure a back-end set for all web servers. Deploy Web Application Firewall (WAF) and set the load balancer public IP address as the origin.
  • B. Deploy at least three web servers in different fault domains within a public subnet, each with a public IP address. Deploy Web Application Firewall (WAF), and configure an origin for each public IP.
  • C. Deploy at least three web servers in different fault domains within a public subnet. Use OCI Traffic Management service for DNS-based load balancing."
  • D. Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet, but skip WAF configuration.

Answer: A


NEW QUESTION # 30
Task 3: Create a Master Encryption Key
Note: OCI Vault to store the key required by this task is created in the root compartment as PBI_Vault_SP Create an RSA Master Encryption Key (MEK), where:
Key name: PBT-CERT-MEK-01-<username>
For example, if your username is 99008677-lab.user01, then the MEK name should be PBT-CERT-MEK-
01990086771abuser01
Ensure you eliminate special characters from the user name.
Key shape: 4096 bits
Enter the OCID of the Master Encryption Key created in the provided text box:

Answer:

Explanation:
See the solution below in Explanation.
Explanation:
Task 3: Create a Master Encryption Key
Step 1: Access the OCI Vault
* Log in to the OCI Console.
* Navigate toIdentity & Security>Vault.
* Select the root compartment.
* Locate and click on the vault named PBI_Vault_SP.
Step 2: Create the Master Encryption Key
* In the PBI_Vault_SP vault details page, underResources, clickKeys.
* ClickCreate Key.
* Enter the following details:
* Name: Replace <username> with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-MEK-
0199008677labuser01).
* Key Shape: SelectRSAwith4096 bits.
* Protection Mode: SelectHSM(Hardware Security Module) if available, orSoftwareif HSM is not required (based on vault capabilities).
* Compartment: Ensure it's set to the root compartment (where PBI_Vault_SP resides).
* Leave other settings (e.g., key usage) as default unless specified.
* ClickCreate Keyand wait for the key to be generated.
Step 3: Retrieve and Enter the OCID
* After the key is created, go to theKeyssection under PBI_Vault_SP.
* Click on the key named PBT-CERT-MEK-01<username> (e.g., PBT-CERT-MEK-
0199008677labuser01).
* Copy theOCID(a long string starting with ocid1.key., unique to your tenancy) from the key details page.
* Enter the copied OCID exactly as it appears into the provided text box.


NEW QUESTION # 31
......


Oracle 1z0-1104-25 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Implementing Identity and Access Management (IAM): This section of the exam measures skills of OCI Administrators and focuses on identity and access controls. It covers IAM domains, users, groups, and compartments, as well as the use of IAM policies to manage access to resources. Candidates are also tested on configuring dynamic groups, network sources, and tag-based access control, along with managing MFA, sign-on policies, and activity monitoring.
Topic 2
  • Protecting Infrastructure - Network and Applications: This section of the exam measures the skills of Cloud Security Professionals and covers methods for securing networks and applications on OCI. Topics include network security groups, firewalls, and security lists, while also focusing on the use of load balancers for availability. The section further addresses the configuration of OCI certificates and web application firewalls to strengthen infrastructure security.
Topic 3
  • Protecting Data: This section of the exam measures the skills of Cloud Security Professionals and highlights data security practices in OCI. It tests knowledge of using the Key Management Service for encryption keys, managing secrets in the OCI Vault, and applying features of OCI Data Safe to ensure sensitive data remains protected.
Topic 4
  • Detecting, Remediating, and Monitoring OCI Resources: This section of the exam measures the skills of OCI Administrators and emphasizes monitoring and maintaining security posture across cloud resources. It focuses on the use of Cloud Guard, security zones, and the Security Advisor. Candidates also need to understand how to identify rogue users with threat intelligence, as well as use monitoring, logging, and event services for continuous visibility into performance and security.

 

New 1z0-1104-25 exam dumps Use Updated Oracle Exam: https://www.fast2test.com/1z0-1104-25-premium-file.html

Verified 1z0-1104-25 Dumps Q&As - 1z0-1104-25 Test Engine with Correct Answers: https://drive.google.com/open?id=1LvhbmmiHnavZ8qpNpEsrNr4_Xb6TlPCa

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어