[2025] Use Valid Exam 1z0-1104-25 by TestBraindump Books For Free Website
Free Oracle Cloud Infrastructure 1z0-1104-25 Official Cert Guide PDF Download
Oracle 1z0-1104-25 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
NEW QUESTION # 23
Challenge 1 - Task 1
Integrate TLS Certificate Issued by the OCI Certificates Service with Load Balancer You are a cloud engineer at a tech company that is migrating its services to Oracle Cloud Infrastructure (OCI). You are required to set up secure communication for your web application using OCI's Certificate service. You need to create a Certificate Authority (CA), issue a TLS/SSL server certificate, and configure a load balancer to use this certificate to ensure encrypted traffic between clients and the backend servers.
Review the architecture diagram, which outlines the resources you'll need to address the requirement.
Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
OCI Vault to store the secret required by the program, which is created in the root compartment as PBI_Vault_SP Task 1: Create and Configure a Virtual Cloud Network (VCN) Create a Virtual Cloud Network (VCN) namedPBT-CERT-VCN-01with the following specifications:
* VCN with a CIDR block of 10.0.0.0/16
* Subnet 1 (Compute Instance):
* Name:Compute-Subnet-PBT-CERT
* CIDR Block:10.0.1.0/24
Subnet 2 (Load Balancer):
* Name:LB-Subnet-PBT-CERT-SNET-02
* CIDR Block:10.0.2.0/24
Internet Gatewayfor external connectivity
Route table and security lists:
* Security List namedPBT-CERT-CS-SL-01for Subnet 1 (Compute-Subnet-PBT-CERT) to allow SSH (port 22) traffic
* Security List namedPBT-CERT-LB-SL-01for Subnet 2 (LB-Subnet-PBT-CERT) to allow HTTPS (port 443) traffic
"Enter the OCID of the created VCN in the text box below.
Answer:
Explanation:
See the solution below in Explanation.
Explanation:
Challenge 1: Integrate TLS Certificate Issued by the OCI Certificates Service with Load Balancer Task 1: Create and Configure a Virtual Cloud Network (VCN) Step 1: Create the Virtual Cloud Network (VCN)
* Log in to the OCI Console.
* Navigate toNetworking>Virtual Cloud Networks.
* ClickCreate Virtual Cloud Network.
* SelectVCN with Internet Connectivity(to include an Internet Gateway by default).
* Enter the following details:
* Name: PBT-CERT-VCN-01
* Compartment: Select your assigned compartment.
* VCN CIDR Block: 10.0.0.0/16
* Leave other settings as default (e.g., create a new public subnet and route table).
* ClickCreate Virtual Cloud Network. Wait for the VCN to be created.
Step 2: Create Subnet 1 (Compute-Subnet-PBT-CERT)
* In the VCN details page for PBT-CERT-VCN-01, clickSubnetsunderResources.
* ClickCreate Subnet.
* Enter the following details:
* Name: Compute-Subnet-PBT-CERT
* Subnet Type: Regional
* CIDR Block: 10.0.1.0/24
* Route Table: Select the default route table created with the VCN.
* Subnet Access: Public Subnet (to allow internet access).
* DNS Resolution: Enabled.
* ClickCreate.
Step 3: Create Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)
* In the VCN details page, clickSubnetsunderResources.
* ClickCreate Subnet.
* Enter the following details:
* Name: LB-Subnet-PBT-CERT-SNET-02
* Subnet Type: Regional
* CIDR Block: 10.0.2.0/24
* Route Table: Select the default route table created with the VCN.
* Subnet Access: Public Subnet (to allow internet access for the load balancer).
* DNS Resolution: Enabled.
* ClickCreate.
Step 4: Verify Internet Gateway
* In the VCN details page, underResources, clickInternet Gateways.
* Ensure an Internet Gateway is listed and attached to PBT-CERT-VCN-01. If not created, clickCreate Internet Gateway, name it (e.g., PBT-CERT-IGW), and attach it.
Step 5: Configure Route Table
* In the VCN details page, underResources, clickRoute Tables.
* Select the default route table or create a new one named PBT-CERT-RT-01.
* ClickAdd Route Rule. 4 -Destination CIDR Block: 0.0.0.0/0
* Target Type: Internet Gateway
* Target: Select the Internet Gateway created (e.g., PBT-CERT-IGW).
* ClickAdd Route Ruleand save.
Step 6: Create Security List for Subnet 1 (Compute-Subnet-PBT-CERT)
* In the VCN details page, underResources, clickSecurity Lists.
* ClickCreate Security List.
* Enter the following:
* Name: PBT-CERT-CS-SL-01
* Compartment: Your assigned compartment.
* Add the following ingress rule:
* Source CIDR: 0.0.0.0/0 (allow from any source, adjust as per security needs)
* IP Protocol: TCP
* Source Port Range: All
* Destination Port Range: 22 (for SSH)
* Allows: Traffic
* ClickCreate.
Step 7: Create Security List for Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)
* In the VCN details page, underResources, clickSecurity Lists.
* ClickCreate Security List.
* Enter the following:
* Name: PBT-CERT-LB-SL-01
* Compartment: Your assigned compartment.
* Add the following ingress rule:
* Source CIDR: 0.0.0.0/0 (allow from any source, adjust as per security needs)
* IP Protocol: TCP
* Source Port Range: All
* Destination Port Range: 443 (for HTTPS)
* Allows: Traffic
* ClickCreate.
Step 8: Retrieve and Enter VCN OCID
* Go to the VCN details page for PBT-CERT-VCN-01.
* Copy theOCIDfrom the VCN information section.
* Enter the OCID in the provided text box.
NEW QUESTION # 24
Task 2: Create a Compute Instance and Install the Web Server
Create a compute instance, where:
Name: PBT-CERT-VM-01
Image: Oracle Linux 8
Shape: VM.Standard.A1.Flex
Subnet: Compute-Subnet-PBT-CERT
Install and configure Apache web server:
a.
Install Apache
sudo yum -y install httpd
b.
Enable and start Apache
sudo systemctl enable httpd
sudo systemctl restart httpd
2. Install and configure Apache web server:
a. Install Apache
sudo yum -y install httpd
b. Enable and start Apache
sudo systemctl enable httpd
sudo systemctl restart httpd
c. Configure firewall to allow HTTP traffic (port 80)
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --reload
d. Create an index.html file
sudo bash -c 'echo You are visiting Web Server 1 >> /var/www/html/index.html' Enter the OCID of the created compute instance PBT-CERT-VM-01 in the text box below.
Answer:
Explanation:
See the solution below in Explanation.
Explanation:
Task 2: Create a Compute Instance and Install the Web Server
Step 1: Create the Compute Instance
* Log in to the OCI Console.
* Navigate toCompute>Instances.
* ClickCreate Instance.
* Enter the following details:
* Name: PBT-CERT-VM-01
* Compartment: Select your assigned compartment.
* Placement: Leave as default or select an availability domain (e.g., Availability Domain 1).
* Image: ClickChange Image, selectOracle Linux 8, and confirm.
* Shape: ClickChange Shape, selectVM.Standard.A1.Flex, and configure:
* OCPUs: 1 (or adjust as needed)
* Memory: 6 GB (or adjust as needed)
* Networking:
* Virtual Cloud Network: Select PBT-CERT-VCN-01.
* Subnet: Select Compute-Subnet-PBT-CERT.
* Leave public IP assignment enabled for internet access.
* SSH Key: Provide your public SSH key (upload or paste) for secure access.
* ClickCreateand wait for the instance to be provisioned.
Step 2: Connect to the Compute Instance
* Once the instance is created, note thePublic IP Addressfrom the instance details page.
* Use an SSH client to connect:
* Command: ssh -i <private-key-file> opc@<public-ip-address>
* Replace <private-key-file> with your private key path and <public-ip-address> with the instance' s public IP.
Step 3: Install and Configure Apache Web Server
* Install Apache:
* Run: sudo yum -y install httpd
* Enable and Start Apache:
* Run: sudo systemctl enable httpd
* Run: sudo systemctl restart httpd
* Configure Firewall to Allow HTTP Traffic (Port 80):
* Run: sudo firewall-cmd --permanent --add-port=80/tcp
* Run: sudo firewall-cmd --reload
* Create an index.html File:
* Run: sudo bash -c 'echo "You are visiting Web Server 1" >> /var/www/html/index.html' Step 4: Verify the Configuration
* Open
a web browser and enter http://
<public-ip-address> to ensure the page displays "You are visiting Web Server 1".
* If needed, troubleshoot by checking Apache status: sudo systemctl status httpd.
Step 5: Retrieve and Enter the OCID
* Go to the instance details page for PBT-CERT-VM-01 underCompute>Instances.
* Copy theOCID(a long string starting with ocid1.instance., unique to your tenancy).
* Enter the copied OCID exactly as it appears into the text box provided.
Notes
* These steps are based on OCI Compute documentation and Oracle Linux 8 setup guides.
* Ensure the security list PBT-CERT-CS-SL-01 allows inbound traffic on port 22 (SSH) and port 80 (HTTP) if not already configured.
* The OCID will be unique to your instance; obtain it from the OCI Console after creation
NEW QUESTION # 25
Challenge 2 -Task 1
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:
Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task3: Create and configure a Virtual Cloud Network and Private Subnet
Createand configure virtual cloud Network (VCN) named IAD SP-PBT-VCN-01, with an internet Gateway and configure appropriate route rules to allow external connectivity.
Enter the OCID of the created VCN in the text box below.
Answer:
Explanation:
See the solution below in Explanation.
Explanation:
To create and configure a Virtual Cloud Network (VCN) named IAD-SP-PBT-VCN-01 with an Internet Gateway and appropriate route rules for external connectivity, follow these steps based on the Oracle Cloud Infrastructure (OCI) Networking documentation.
Step-by-Step Solution for Task 3: Create and Configure a VCN and Private Subnet
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Virtual Cloud Networks:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderNetworking, selectVirtual Cloud Networks.
* Create a New VCN:
* ClickStart VCN Wizardand selectCreate VCN with Internet Connectivity.
* VCN Name:Enter IAD-SP-PBT-VCN-01.
* Compartment:Select the assigned compartment.
* VCN CIDR Block:Enter 10.0.0.0/16 (matches the diagram's VCN CIDR).
* Public Subnet CIDR Block:Enter 10.0.10.0/24 (matches the diagram's public subnet).
* Accept the default settingsfor the public subnet and Internet Gateway creation.
* ClickCreateto provision the VCN, Internet Gateway, and public subnet.
* Verify the Internet Gateway:
* After creation, go to the VCN details page for IAD-SP-PBT-VCN-01.
* UnderResources, selectInternet Gateways.
* Ensure the Internet Gateway is attached and enabled.
* Configure Route Rules:
* In the VCN details page, underResources, selectRoute Tables.
* Select the default route table associated with the public subnet (10.0.10.0/24).
* ClickAdd Route Rules.
* Target Type:SelectInternet Gateway.
* Destination CIDR Block:Enter 0.0.0.0/0.
* Target Internet Gateway:Select the Internet Gateway created with the VCN.
* ClickAdd Route Ruleto save.
* Update Security List (if needed):
* UnderResources, selectSecurity Lists.
* Edit the default security list for the public subnet.
* Add an ingress rule:
* Source CIDR:0.0.0.0/0
* IP Protocol:TCP
* Source Port Range:All
* Destination Port Range:22 (for SSH) or as required by your application.
* Add an egress rule:
* Destination CIDR:0.0.0.0/0
* IP Protocol:All
* Save the changes.
* Note the VCN OCID:
* Return to the VCN details page for IAD-SP-PBT-VCN-01.
* Copy theOCIDdisplayed (e.g., ocid1.vcn.oc1..<unique_string>).
OCID of the Created VCN
* Enter the OCID of the created VCN (IAD-SP-PBT-VCN-01) into the text box. The exact OCID will be available after Step 3 (e.g., ocid1.vcn.oc1..<unique_string>).
NEW QUESTION # 26
You have created a compartment TEST in your subscribed tenancy. Then, you created two groups, test1 and test2, and want the users in these groups to be able to manage all the resources in the TEST compartment.
Which policy would you use to achieve this?
- A. Allow group test1, test2 to manage all resources in compartment test.
- B. Allow any-user to manage all resources in compartment test where any {request.groups.test1, test2}
- C. Allow any-user to manage all resources in compartment test where request.group='test*'
- D. Allow group/test*/to manage all resources in compartment test.
Answer: A
NEW QUESTION # 27
"A business has a hybrid cloud infrastructure with Oracle Linux instances running in OCI and on-premises.
They want to reduce the amount of bandwidth used when patching systems.
Which component of OS Management Hub can help to reduce the bandwidth usage for patching?
- A. Management agents
- B. Profiles"
- C. Management stations
- D. Dynamic groups
Answer: B
NEW QUESTION # 28
An E-commerce company running on Oracle Cloud Infrastructure (OCI) wants to prevent accidental misconfigurations that could expose sensitive data. They need an OCI service that can enforce predefined security rules when creating or modifying cloud resources.
Which OCI service should they use?
- A. OCI Certificates
- B. OCI Security Zone
- C. OCI Web Application Firewall (WAF)
- D. OCI Identity and Access Management (IAM)
Answer: B
NEW QUESTION # 29
"A company, ABC, is planning to launch a new web application on OCI. Based on past experiences, they expect a significant surge in traffic after the launch. You are responsible for ensuring that the application is highly available.
Which step would you perform to achieve this goal?
- A. Configure Cloud Guard to prevent large amounts of traffic from reaching the web application.
- B. Implement security controls, such as web application firewalls, to protect against common attack vectors.
- C. Use a load balancer to distribute incoming traffic evenly across multiple instances of the web application."
- D. Use a Virtual Cloud Network (VCN) with subnets, security lists, and routing rules to isolate the web application from the Internet and other resources.
Answer: C
NEW QUESTION # 30
"You are part of the security operations of an organization with thousands of users accessing Oracle Cloud Infrastructure (OCI). It is reported that an unknown user action was executed resulting in configuration errors.
You are tasked with identifying the details of all users who were active in the last six hours along with any REST API calls that were executed.
Which OCI feature should you use?
- A. Management Agent Log Ingestion
- B. Object Collection Rule
- C. Audit Analysis Dashboard
- D. Service Connector Hub"
Answer: C
NEW QUESTION # 31
A company is securing its compute instances (VMs and Bare Metal Machines) in Oracle Cloud infrastructure (OCI) using a network firewall. As shown in the diagram, traffic flows from the internet Gateway (IGW) to the firewall in the Public DMZ Subnet, and then to the compute instances in the Public Subnet.
When configuring security lists and network security groups (NSGs) in this setup, what should they consider?
- A. If the policy used with the firewall has no rules specified, the firewall allows all traffic.
- B. Add stateful rules to the security list attached to the firewall subnet or include the firewall in an NSG containing stateful rules for better performance.
- C. Security list and NSG rules associated with the firewall subnet and VNICs are evaluated after the firewall.
- D. Ensure that any security list or NSG rules allow the traffic to enter the firewall for appropriate evaluation.
Answer: D
NEW QUESTION # 32
Your organization needs to implement strong password policies for users in OCI.
Which of the following statements is TRUE about password policies in OCI IAM?
- A. Only one password policy can be applied to all users in a domain.
- B. Custom password policies allow for granular control over password complexity.
- C. The default password policy cannot be modified.
- D. Simple password policies are suitable for production environments.
Answer: B
NEW QUESTION # 33
"A programmer is developing a Node.js application which will run on a Linux server on their on-premises data center. This application will access various Oracle Cloud Infrastructure (OCI) services using OCI SDKs.
What is the secure way to access OCI services with OCI Identity and Access Management (IAM)?
- A. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, generate the keypair used for signing API requests and upload the public key to the IAM user.
- B. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, add the user name and password to a file used by Node.js authentication.
- C. Create a new OCI IAM user associated with a dynamic group and a policy that grants the desired permissions to OCI services. Add the on-premises Linux server in the dynamic group.
- D. Create an OCI IAM policy with appropriate permissions to access the required OCI services and assign the policy to the on-premises Linux server."
Answer: A
NEW QUESTION # 34
An OCI administrator notices that a compute instance running in the production compartment is unable to create Object Storage buckets using the OCI CLI command:
oci os bucket create --name mybucket --compartment-id <compartment_OCID> --auth instance_principal The error message returned states:
"NotAuthorizedOrNotFound: You are not authorized to perform this action." The administrator verifies that the instance has Internet access and can reach OCI endpoints.
What then could be causing the issue?
- A. The instance is not part of any Dynamic Group or the matching rule is incorrect.
- B. The bucket name is already in use, causing a conflict.
- C. The policy is written at the root compartment instead of the production compartment.
- D. The instance is using the wrong OCI CLI authentication method.
Answer: A
NEW QUESTION # 35
"Your company is building a highly available and secure web application on OCI. Because of increasing malicious web-based attacks, the security team has mandated that web servers should not be exposed directly to the Internet.
How should you architect the solution while ensuring fault tolerance and security?
- A. Deploy at least three web servers in different fault domains within a public subnet. Use OCI Traffic Management service for DNS-based load balancing."
- B. Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet, but skip WAF configuration.
- C. Deploy at least three web servers in different fault domains within a public subnet, each with a public IP address. Deploy Web Application Firewall (WAF), and configure an origin for each public IP.
- D. Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet and configure a back-end set for all web servers. Deploy Web Application Firewall (WAF) and set the load balancer public IP address as the origin.
Answer: D
NEW QUESTION # 36
Which Oracle Data Safe feature enables the Internal test, development, and analytics teams to operate effectively while minimizing their exposure to sensitive data?
- A. Data encryption
- B. Sensitive data discovery
- C. Security assessment
- D. Data auditing
Answer: B
NEW QUESTION # 37
During your investigation of a load balancer issue, you discovered that all back-end servers associated with one of the affected listeners were reported as unhealthy. However, when you checked the back-end servers, they seemed to be working just fine.
What might be causing this issue?
- A. Misconfigured health check
- B. Incorrect DNS configuration
- C. Overloaded back-end servers
- D. Misconfigured security rule
- E. Incorrect subnet configuration
Answer: A
NEW QUESTION # 38
......
Oracle 1z0-1104-25 Official Cert Guide PDF: https://www.testbraindump.com/1z0-1104-25-exam-prep.html
Exam 1z0-1104-25: Oracle Cloud Infrastructure 2025 Security Professional - TestBraindump: https://drive.google.com/open?id=1BDHxYgeH0voGApfYVKe1XY0S5kbFrGXM
