Get 1z0-1104-25 Actual Free Exam Q&As to Prepare for Your Oracle Certification
Oracle Actual Free Exam Questions And Answers
NEW QUESTION # 10
You are a security architect at your organization and have noticed an increase in cyberattacks on your applications, including Cross-Site Scripting (XSS) and SQL Injection. To mitigate these threats, you decide to use OCI Web Application Firewall (WAF).
Which type of OCI WAF rule should you configure to protect against these attacks?
- A. Protection rule
- B. Encryption rule
- C. Rate Limiting rule
- D. Access control rule
Answer: A
NEW QUESTION # 11
Based on the provided diagram, you have a group of critical compute instances in a private subnet that require vulnerability using the Oracle Cloud Infrastructure(OCI) Vulnerability Scanning Service (VSS).
"What additional configuration is required to enable VSS to scan instances in the private subnet
- A. Configure a service gateway in the VCN and a route rule to direct traffic for the VSS service through the gateway.
- B. Use an OCI Bastion session to establish connectivity and forward scan results from the private instances."
- C. VSS cannot scan private instances. You need to move them to a public subnet for vulnerability scanning.
- D. No additional configuration is needed. VSS can access private instances by default.
Answer: A
NEW QUESTION # 12
Task 3: Create a Master Encryption Key
Note: OCI Vault to store the key required by this task is created in the root compartment as PBI_Vault_SP Create an RSA Master Encryption Key (MEK), where:
Key name: PBT-CERT-MEK-01-<username>
For example, if your username is 99008677-lab.user01, then the MEK name should be PBT-CERT-MEK-
01990086771abuser01
Ensure you eliminate special characters from the user name.
Key shape: 4096 bits
Enter the OCID of the Master Encryption Key created in the provided text box:
Answer:
Explanation:
See the solution below in Explanation.
Explanation:
Task 3: Create a Master Encryption Key
Step 1: Access the OCI Vault
* Log in to the OCI Console.
* Navigate toIdentity & Security>Vault.
* Select the root compartment.
* Locate and click on the vault named PBI_Vault_SP.
Step 2: Create the Master Encryption Key
* In the PBI_Vault_SP vault details page, underResources, clickKeys.
* ClickCreate Key.
* Enter the following details:
* Name: Replace <username> with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-MEK-
0199008677labuser01).
* Key Shape: SelectRSAwith4096 bits.
* Protection Mode: SelectHSM(Hardware Security Module) if available, orSoftwareif HSM is not required (based on vault capabilities).
* Compartment: Ensure it's set to the root compartment (where PBI_Vault_SP resides).
* Leave other settings (e.g., key usage) as default unless specified.
* ClickCreate Keyand wait for the key to be generated.
Step 3: Retrieve and Enter the OCID
* After the key is created, go to theKeyssection under PBI_Vault_SP.
* Click on the key named PBT-CERT-MEK-01<username> (e.g., PBT-CERT-MEK-
0199008677labuser01).
* Copy theOCID(a long string starting with ocid1.key., unique to your tenancy) from the key details page.
* Enter the copied OCID exactly as it appears into the provided text box.
NEW QUESTION # 13
Task 5: Create a Certificate
Create a certificate, where:
Certificate name: PBT-CERT-01-<username>
For example, if your username is 99008677-lab.user01, then the certificate name should be PBT-CERT-
01990086771abuser01
Ensure you eliminate special characters from the user name.
Common name: PBT-CERT-OCICERT-01
Certificate Authority: PBT-CERT-CA-01 (created in the previous task)
Answer:
Explanation:
See the solution below in Explanation.
Explanation:
Since I can't create resources or retrieve OCIDs directly in your OCI environment, I'll provide a step-by-step solution based on verified OCI documentation and best practices as of 02:30 PM BST on Thursday, June 12,
2025. Follow these instructions precisely in the OCI Console or CLI, using the preconfigured PBI_Vault_SP vault and the PBT-CERT-CA-01<username> Certificate Authority created in the previous task. Replace
<username> with your actual username (e.g., 99008677-lab.user01), ensuring special characters are removed.
Task 5: Create a Certificate
Step 1: Access the OCI Vault
* Log in to the OCI Console.
* Navigate toIdentity & Security>Vault.
* Select the root compartment.
* Locate and click on the vault named PBI_Vault_SP.
Step 2: Create the Certificate
* In the PBI_Vault_SP vault details page, underResources, clickCertificates.
* ClickCreate Certificate.
* Enter the following details:
* Name: Replace <username> with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-
0199008677labuser01).
* Common Name: Enter PBT-CERT-OCICERT-01.
* Certificate Authority: Select the PBT-CERT-CA-01<username> CA created in Task 4 (e.g., PBT-CERT-CA-0199008677labuser01).
* Subject: Leave as default or adjust (e.g., Organization, Country) if required.
* Validity Period: Set as needed (e.g., 1 year), or use the default.
* Compartment: Ensure it's set to the root compartment.
* ClickCreate Certificateand wait for the certificate to be issued.
Step 3: Verify the Certificate
* After creation, go to theCertificatessection under PBI_Vault_SP.
* Confirm the certificate PBT-CERT-01<username> (e.g., PBT-CERT-0199008677labuser01) is listed and its status is active.
NEW QUESTION # 14
A company has implemented OCI IAM policies with multiple levels of compartments. A policy attached to a parent compartment grants "manage virtual-network-family" permissions. A policy attached to a child compartment grants "use virtual-network-family" permissions.
According to OCI IAM policy inheritance, how does the OCI IAM policy engine resolve the permissions for a user attempting to perform an operation that requires 'manage' permissions in the child compartment?
- A. The operation is denied due to conflicting policies.
- B. The policy in the parent compartment takes precedence, and the user is granted "manage" permissions.
- C. The policy in the child compartment takes precedence, and the user is granted "use" permissions only.
Answer: B
NEW QUESTION # 15
Which Oracle Data Safe feature enables the Internal test, development, and analytics teams to operate effectively while minimizing their exposure to sensitive data?
- A. Security assessment
- B. Data auditing
- C. Data encryption
- D. Sensitive data discovery
Answer: D
NEW QUESTION # 16
"Your company is in the process of migrating its sensitive data to Oracle Cloud Infrastructure (OCI) and is prioritizing the strongest possible security measures. Encryption is a key part of this strategy, but you are particularly concerned about the physical security of the hardware where your encryption keys will be stored.
Which characteristic of OCI Key Management Service (KMS) helps ensure the physical security of your encryption keys?
- A. Centralized key management for simplified administration
- B. Utilization of FIPS 140-2 validated Hardware Security Modules (HSMs)"
- C. Seamless integration with other OCI services for streamlined workflows
- D. Granular customer control over key access permissions
Answer: B
NEW QUESTION # 17
A company is securing its compute instances (VMs and Bare Metal Machines) in Oracle Cloud infrastructure (OCI) using a network firewall. As shown in the diagram, traffic flows from the internet Gateway (IGW) to the firewall in the Public DMZ Subnet, and then to the compute instances in the Public Subnet.
When configuring security lists and network security groups (NSGs) in this setup, what should they consider?
- A. Ensure that any security list or NSG rules allow the traffic to enter the firewall for appropriate evaluation.
- B. Security list and NSG rules associated with the firewall subnet and VNICs are evaluated after the firewall.
- C. Add stateful rules to the security list attached to the firewall subnet or include the firewall in an NSG containing stateful rules for better performance.
- D. If the policy used with the firewall has no rules specified, the firewall allows all traffic.
Answer: A
NEW QUESTION # 18
"You are part of the security operations of an organization with thousands of users accessing Oracle Cloud Infrastructure (OCI). It is reported that an unknown user action was executed resulting in configuration errors.
You are tasked with identifying the details of all users who were active in the last six hours along with any REST API calls that were executed.
Which OCI feature should you use?
- A. Management Agent Log Ingestion
- B. Object Collection Rule
- C. Audit Analysis Dashboard
- D. Service Connector Hub"
Answer: C
NEW QUESTION # 19
"A company, ABC, is planning to launch a new web application on OCI. Based on past experiences, they expect a significant surge in traffic after the launch. You are responsible for ensuring that the application is highly available.
Which step would you perform to achieve this goal?
- A. Configure Cloud Guard to prevent large amounts of traffic from reaching the web application.
- B. Use a Virtual Cloud Network (VCN) with subnets, security lists, and routing rules to isolate the web application from the Internet and other resources.
- C. Implement security controls, such as web application firewalls, to protect against common attack vectors.
- D. Use a load balancer to distribute incoming traffic evenly across multiple instances of the web application."
Answer: D
NEW QUESTION # 20
Task 4: Create a Certificate Authority (CA)
Create a certificate authority, where:
CA name: PBT-CERT-CA-01-<username>
For example, if your username is 99008677-lab.user01, then the certificate authority name should be PBT- CERT-CA-01990086771abuser01 Ensure you eliminate special characters from the user name.
Common name: PBT-CERT-OCICA-01
Master Encryption Key: PBT-CERT-MEK-01 (created in the previous task)
Answer:
Explanation:
See the solution below in Explanation.
Task 4: Create a Certificate Authority (CA)
Step 1: Access the OCI Vault
* Log in to the OCI Console.
* Navigate toIdentity & Security>Vault.
* Select the root compartment.
* Locate and click on the vault named PBI_Vault_SP.
Step 2: Create the Certificate Authority
* In the PBI_Vault_SP vault details page, underResources, clickCertificate Authorities.
* ClickCreate Certificate Authority.
* Enter the following details:
* Name: Replace <username> with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-CA-
0199008677labuser01).
* Common Name: Enter PBT-CERT-OCICA-01.
* Master Encryption Key: Select the PBT-CERT-MEK-01<username> key created in Task 3 (e.
g., PBT-CERT-MEK-0199008677labuser01).
* Subject: Leave as default or adjust (e.g., Organization, Country) if required by your setup.
* Validity Period: Set as needed (e.g., 10 years), or use the default.
* Compartment: Ensure it's set to the root compartment.
* ClickCreate Certificate Authorityand wait for the CA to be provisioned.
Step 3: Verify the Certificate Authority
* After creation, go to theCertificate Authoritiessection under PBI_Vault_SP.
* Confirm the CA PBT-CERT-CA-01<username> (e.g., PBT-CERT-CA-0199008677labuser01) is listed and its status is active.
NEW QUESTION # 21
"A business has a hybrid cloud infrastructure with Oracle Linux instances running in OCI and on-premises.
They want to reduce the amount of bandwidth used when patching systems.
Which component of OS Management Hub can help to reduce the bandwidth usage for patching?
- A. Management agents
- B. Profiles"
- C. Dynamic groups
- D. Management stations
Answer: B
NEW QUESTION # 22
"Your company is building a highly available and secure web application on OCI. Because of increasing malicious web-based attacks, the security team has mandated that web servers should not be exposed directly to the Internet.
How should you architect the solution while ensuring fault tolerance and security?
- A. Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet, but skip WAF configuration.
- B. Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet and configure a back-end set for all web servers. Deploy Web Application Firewall (WAF) and set the load balancer public IP address as the origin.
- C. Deploy at least three web servers in different fault domains within a public subnet, each with a public IP address. Deploy Web Application Firewall (WAF), and configure an origin for each public IP.
- D. Deploy at least three web servers in different fault domains within a public subnet. Use OCI Traffic Management service for DNS-based load balancing."
Answer: B
NEW QUESTION # 23
"You are designing a secure access strategy for compute instances deployed within a private subnet of an OCI Virtual Cloud Network (VCN). Your security policy requires that no compute instances in the private subnet should have direct Internet access, and administrative access should be controlled.
Which statement best describes the role of an OCI Bastion in securing access to these private compute instances?
- A. It provides a direct public endpoint for the compute instance, enabling remote access.
- B. It serves as a secondary authentication point, verifying user credentials before granting access to the compute instance.
- C. It acts as a firewall, blocking any external access to the private compute instance.
- D. It creates a secure, publicly accessible entry point to access target resources in a private subnet."
Answer: D
NEW QUESTION # 24
You're managing an Oracle Cloud Infrastructure (OCI) environment where a public website hosts downloadable assets stored in Object Storage buckets. These buckets need to be publicly accessible for website visitors, but Cloud Guard keeps flagging them as security risks.
How can Cloud Guard be configured to ignore problems specific to public buckets while still ensuring security checks are applied to other resources that require them?
- A. A public bucket is a security risk, so Cloud Guard will keep detecting it.
- B. Resolve or remediate the problems by making the buckets private.
- C. Fix the baseline by configuring the Conditional groups for the detector.
- D. Dismiss problems associated with those resources.
Answer: C
NEW QUESTION # 25
......
Oracle 1z0-1104-25 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
1z0-1104-25 Questions Truly Valid For Your Oracle Exam: https://www.testpassking.com/1z0-1104-25-exam-testking-pass.html
1z0-1104-25 Actual Questions - Instant Download Tests Free Updated Today!: https://drive.google.com/open?id=14L2-c1MLePetQQOuBVEWff7XgEvjt1Lx