Oracle Cloud Infrastructure 1z0-1104-25 Release Date

Oracle Cloud Infrastructure 2025 Security Professional Questions and Answers

Question 5

Challenge 2 -Task 1

In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.

As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.

Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

Task3: Create and configure a Virtual Cloud Network and Private Subnet

Createand configure virtual cloud Network (VCN) named IAD SP-PBT-VCN-01, with an internet Gateway and configure appropriate route rules to allow external connectivity.

Enter the OCID of the created VCN in the text box below.

Options:

Answer:

See the solution below in Explanation.

Explanation:

To create and configure a Virtual Cloud Network (VCN) named IAD-SP-PBT-VCN-01 with an Internet Gateway and appropriate route rules for external connectivity, follow these steps based on the Oracle Cloud Infrastructure (OCI) Networking documentation.

Step-by-Step Solution for Task 3: Create and Configure a VCN and Private Subnet

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console ( ).

Ensure you have access to the assigned compartment.

Navigate to Virtual Cloud Networks:

From the OCI Console, click the navigation menu (hamburger icon) on the top left.

UnderNetworking, selectVirtual Cloud Networks.

Create a New VCN:

ClickStart VCN Wizardand selectCreate VCN with Internet Connectivity.

VCN Name:Enter IAD-SP-PBT-VCN-01.

Compartment:Select the assigned compartment.

VCN CIDR Block:Enter 10.0.0.0/16 (matches the diagram's VCN CIDR).

Public Subnet CIDR Block:Enter 10.0.10.0/24 (matches the diagram's public subnet).

Accept the default settingsfor the public subnet and Internet Gateway creation.

ClickCreateto provision the VCN, Internet Gateway, and public subnet.

Verify the Internet Gateway:

After creation, go to the VCN details page for IAD-SP-PBT-VCN-01.

UnderResources, selectInternet Gateways.

Ensure the Internet Gateway is attached and enabled.

Configure Route Rules:

In the VCN details page, underResources, selectRoute Tables.

Select the default route table associated with the public subnet (10.0.10.0/24).

ClickAdd Route Rules.

Target Type:SelectInternet Gateway.

Destination CIDR Block:Enter 0.0.0.0/0.

Target Internet Gateway:Select the Internet Gateway created with the VCN.

ClickAdd Route Ruleto save.

Update Security List (if needed):

UnderResources, selectSecurity Lists.

Edit the default security list for the public subnet.

Add an ingress rule:

Source CIDR:0.0.0.0/0

IP Protocol:TCP

Source Port Range:All

Destination Port Range:22 (for SSH) or as required by your application.

Add an egress rule:

Destination CIDR:0.0.0.0/0

IP Protocol:All

Save the changes.

Note the VCN OCID:

Return to the VCN details page for IAD-SP-PBT-VCN-01.

Copy theOCIDdisplayed (e.g., ocid1.vcn.oc1..).

OCID of the Created VCN

Enter the OCID of the created VCN (IAD-SP-PBT-VCN-01) into the text box. The exact OCID will be available after Step 3 (e.g., ocid1.vcn.oc1..).

Question 6

"Your company is building a highly available and secure web application on OCI. Because of increasing malicious web-based attacks, the security team has mandated that web servers should not be exposed directly to the Internet.

How should you architect the solution while ensuring fault tolerance and security?

Options:

Deploy at least three web servers in different fault domains within a public subnet, each with a public IP address. Deploy Web Application Firewall (WAF), and configure an origin for each public IP.

Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet, but skip WAF configuration.

Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet and configure a back-end set for all web servers. Deploy Web Application Firewall (WAF) and set the load balancer public IP address as the origin.

Deploy at least three web servers in different fault domains within a public subnet. Use OCI Traffic Management service for DNS-based load balancing."

Question 7

You're managing an Oracle Cloud Infrastructure (OCI) environment where a public website hosts downloadable assets stored in Object Storage buckets. These buckets need to be publicly accessible for website visitors, but Cloud Guard keeps flagging them as security risks.

How can Cloud Guard be configured to ignore problems specific to public buckets while still ensuring security checks are applied to other resources that require them?

Options:

A public bucket is a security risk, so Cloud Guard will keep detecting it.

Resolve or remediate the problems by making the buckets private.

Dismiss problems associated with those resources.

Fix the baseline by configuring the Conditional groups for the detector.

Question 8

You are a security architect at your organization and have noticed an increase in cyberattacks on your applications, including Cross-Site Scripting (XSS) and SQL Injection. To mitigate these threats, you decide to use OCI Web Application Firewall (WAF).

Which type of OCI WAF rule should you configure to protect against these attacks?

Options:

Access control rule

Protection rule

Rate Limiting rule

Encryption rule

Weekend Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Oracle Cloud Infrastructure 1z0-1104-25 Release Date

Oracle Cloud Infrastructure 2025 Security Professional Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

CompTIA

Fortinet

Microsoft

Salesforce