Oracle 1z0-1104-25 Practice Exam Dumps 2025

Oracle Related Exams

Oracle 1z0-435

Oracle Business Process Management Suite 12c Essentials

View Detail

Oracle 1z0-532

Oracle Hyperion Financial Management 11 Essentials

View Detail

Oracle 1z0-434

Oracle SOA Suite 12c Essentials

View Detail

Oracle 1z0-599

Oracle WebLogic Server 12c Essentials

View Detail

Oracle 1z0-809

Java SE 8 Programmer II

View Detail

Oracle 1z0-591

Oracle Business Intelligence Foundation Suite 11g Essentials

Siebel 8 Consultant

Oracle WebLogic Server 12c: Administration I

View Detail

Oracle 1z0-590

Oracle VM 3 for x86 Essentials

View Detail

Oracle 1z0-497

Oracle Database 12c Essentials

View Detail

Last Week Results

32 Customers Passed Oracle
1z0-1104-25 Exam

Average Score In Real Exam

86.7%

Questions came word for word from this dump

88.6%

Oracle Bundle Exams

Duration: 3 to 12 Months

96 Certifications

547 Exams

Oracle Updated Exams

Most authenticate information

Prepare within Days

Time-Saving Study Content

90 to 365 days Free Update

$300*

View Detail

Free 1z0-1104-25 Exam Dumps

Oracle Cloud Infrastructure 2025 Security Professional Questions and Answers

Question 1

A company has deployed OCI Zero Trust Packet Routing (ZPR) to secure its network. They have two compute instances, VM1-01 and VM-02, in a public subnet. VM-01 is tagged with the security attribute app:vm01, and VM-02 is tagged with app:vm02. The VCN is labeled with network:vcn01, The ZPR policy states:

"What is the expected outcome of this policy?

Options:

VM-02 can SSH into VM-01, but VM-01 cannot SSH into VM-02.

VM-01 can SSH into VM-02, but VM-02 cannot SSH into VM-01.

Both VM-01 and VM-02 can SSH into each other.

Neither VM-01 nor VM-02 can SSH into each other."

Buy Now

Question 2

"Your company is building a highly available and secure web application on OCI. Because of increasing malicious web-based attacks, the security team has mandated that web servers should not be exposed directly to the Internet.

How should you architect the solution while ensuring fault tolerance and security?

Options:

Deploy at least three web servers in different fault domains within a public subnet, each with a public IP address. Deploy Web Application Firewall (WAF), and configure an origin for each public IP.

Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet, but skip WAF configuration.

Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet and configure a back-end set for all web servers. Deploy Web Application Firewall (WAF) and set the load balancer public IP address as the origin.

Deploy at least three web servers in different fault domains within a public subnet. Use OCI Traffic Management service for DNS-based load balancing."

Question 3

Challenge 2 -Task 1

In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.

As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.

Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

Task 1: Create a Custom Security Zone Recipe

Create a Custom Security Zone Recipe named IAD-SP-PBT-CSP-01 that allows the provisioning of compute instances in the public subnet.

Enter the OCID of the created custom security zone recipe in the text box below.

Options:

Answer:

See the solution below in Explanation.

Explanation:

To create a Custom Security Zone Recipe named IAD-SP-PBT-CSP-01 that allows the provisioning of compute instances in a public subnet, we will follow the steps outlined in the Oracle Cloud Infrastructure (OCI) Security Zones documentation. These steps are based on verified procedures from the OCI Security Zone Guide and related resources.

Step-by-Step Solution for Task 1: Create a Custom Security Zone Recipe

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console ( ).

Ensure you have access to the assigned compartment provided in the tenancy.

Navigate to Security Zones:

From the OCI Console, go to the navigation menu (hamburger icon) on the top left.

UnderGovernance and Administration, selectSecurity Zones.

Create a New Security Zone Recipe:

In the Security Zones dashboard, click on theRecipestab.

Click theCreate Recipebutton.

Configure the Recipe Details:

Name:Enter IAD-SP-PBT-CSP-01.

Description:(Optional) Add a description, e.g., "Custom recipe to allow compute instances in public subnet."

Leave theCompartmentas the assigned compartment provided.

Define the Security Zone Policy:

In the policy editor, start with a base policy. Since the Maximum Security Zone recipe restricts public subnet usage, you need to customize it.

Add the following policy statement to allow compute instances in a public subnet:

Allow service compute to use virtual-network-family in compartment where ALL {

target.resource.type = 'Instance',

target.vcn.cidr_block = '10.0.0.0/16',

target.subnet.cidr_block = '10.0.10.0/24'

}

Replace with the name of your assigned compartment.

This policy allows the Compute service to provision instances in the public subnet (10.0.10.0/24) within the VCN (10.0.0.0/16).

Adjust Restrictions:

Ensure the recipe does not inherit the Maximum Security Zone recipe's default restrictions that block public subnet usage. Explicitly allow the public subnet by including the subnet CIDR block (10.0.10.0/24) in the policy.

Remove or modify any conflicting default rules that prohibit public subnet usage (e.g., rules blocking internet access or public IP assignment).

Save the Recipe:

ClickCreateto save the custom security zone recipe.

Once created, note theOCIDof the recipe from the recipe details page. The OCID will be a unique identifier starting with ocid1.securityzonerecipe.

Verify the Recipe:

Go to theRecipestab and locate IAD-SP-PBT-CSP-01.

Ensure the policy reflects the allowance for compute instances in the public subnet by reviewing the policy statement.

OCID of the Created Custom Security Zone Recipe

The exact OCID will be generated upon creation (e.g., ocid1.securityzonerecipe.oc1..unique_string). Please enter the OCID displayed in the OCI Console after completing Step 7.

Notes

Ensure IAM policies are correctly configured to grant you permissions to create and manage security zone recipes in the compartment.

The policy assumes the public subnet CIDR (10.0.10.0/24) matches the diagram. Adjust if the actual subnet CIDR differs.

Test the recipe by associating it with a security zone and attempting to launch a compute instance to confirm compliance.

Weekend Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

1z0-1104-25 Exam Dumps : Oracle Cloud Infrastructure 2025 Security Professional

Oracle Related Exams

Verified By IT Certified Experts

CertsTopics.com Certified Safe Files

Up-To-Date Exam Study Material

99.5% High Success Pass Rate

100% Accurate Answers

Instant Downloads

Exam Questions And Answers PDF

Try Demo Before You Buy

Oracle Cloud Infrastructure 2025 Security Professional Questions and Answers

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce