- 36 Actual Exam Questions
- Compatible with all Devices
- Printable Format
- No Download Limits
- 90 Days Free Updates
Get All Oracle Cloud Infrastructure 2025 Security Professional Exam Questions with Validated Answers
| Vendor: | Oracle |
|---|---|
| Exam Code: | 1Z0-1104-25 |
| Exam Name: | Oracle Cloud Infrastructure 2025 Security Professional |
| Exam Questions: | 36 |
| Last Updated: | July 12, 2026 |
| Related Certifications: | Oracle Cloud , Oracle Cloud Infrastructure |
| Exam Tags: | Expert or Advanced Level Oracle Cloud EngineersOracle Cloud Security Professionals |
Looking for a hassle-free way to pass the Oracle Cloud Infrastructure 2025 Security Professional exam? DumpsProvider provides the most reliable Dumps Questions and Answers, designed by Oracle certified experts to help you succeed in record time. Available in both PDF and Online Practice Test formats, our study materials cover every major exam topic, making it possible for you to pass potentially within just one day!
DumpsProvider is a leading provider of high-quality exam dumps, trusted by professionals worldwide. Our Oracle 1Z0-1104-25 exam questions give you the knowledge and confidence needed to succeed on the first attempt.
Train with our Oracle 1Z0-1104-25 exam practice tests, which simulate the actual exam environment. This real-test experience helps you get familiar with the format and timing of the exam, ensuring you're 100% prepared for exam day.
Your success is our commitment! That's why DumpsProvider offers a 100% money-back guarantee. If you don’t pass the Oracle 1Z0-1104-25 exam, we’ll refund your payment within 24 hours no questions asked.
Don’t waste time with unreliable exam prep resources. Get started with DumpsProvider’s Oracle 1Z0-1104-25 exam dumps today and achieve your certification effortlessly!
SIMULATION
Challenge 2 -Task 1
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task 2: Create a Security Zone
Create a security Zone named IAD_SAP-PBT-CSZ-01 in your assigned compartement and associate it with the Custom Security Zone Recipe (IAD-SAP-PBT-CSP-01) created in the previous task.
Enter the OCID of the created Security zone in the box below.

To create a Security Zone named IAD_SAP-PBT-CSZ-01 in your assigned compartment and associate it with the Custom Security Zone Recipe IAD-SP-PBT-CSP-01 created in the previous task, follow these steps based on the Oracle Cloud Infrastructure (OCI) Security Zones documentation.
Step-by-Step Solution for Task 2: Create a Security Zone
Log in to the OCI Console:
Ensure you have access to the assigned compartment.
Navigate to Security Zones:
From the OCI Console, click the navigation menu (hamburger icon) on the top left.
Under Governance and Administration, select Security Zones.
Create a New Security Zone:
In the Security Zones dashboard, click the Create Security Zone button.
Configure the Security Zone Details:
Name: Enter IAD_SAP-PBT-CSZ-01.
Compartment: Select the assigned compartment provided.
Description: (Optional) Add a description, e.g., 'Security Zone for public subnet compute instances.'
Associate the Custom Security Zone Recipe:
In the Recipe section, select the custom recipe IAD-SP-PBT-CSP-01 created in Task 1 from the dropdown list.
Ensure the recipe is correctly associated to enforce the policy allowing compute instances in the public subnet.
Define the Security Zone Scope:
Under Resources to Protect, select the compartment or specific resources (e.g., the VCN with CIDR 10.0.0.0/16 and public subnet 10.0.10.0/24) to apply the security zone.
Check the box to include all resources in the selected compartment if applicable.
Create the Security Zone:
Click Create to finalize the security zone creation.
Once created, note the OCID of the security zone from the security zone details page. The OCID will be a unique identifier starting with ocid1.securityzone.
Verify the Security Zone:
Go to the Security Zones tab and locate IAD_SAP-PBT-CSZ-01.
Confirm the associated recipe (IAD-SP-PBT-CSP-01) and the applied policies.
OCID of the Created Security Zone
The exact OCID will be generated upon creation (e.g., ocid1.securityzone.oc1..<unique_string>). Please enter the OCID displayed in the OCI Console after completing Step 7.
SIMULATION
Task 3: Create a Master Encryption Key
Note: OCI Vault to store the key required by this task is created in the root compartment as PBI_Vault_SP
Create an RSA Master Encryption Key (MEK), where:
Key name: PBT-CERT-MEK-01-
For example, if your username is 99008677-lab.user01, then the MEK name should be PBT-CERT-MEK-01990086771abuser01
Ensure you eliminate special characters from the user name.
Key shape: 4096 bits
Enter the OCID of the Master Encryption Key created in the provided text box:
Task 3: Create a Master Encryption Key
Step 1: Access the OCI Vault
Log in to the OCI Console.
Navigate to Identity & Security > Vault.
Select the root compartment.
Locate and click on the vault named PBI_Vault_SP.
Step 2: Create the Master Encryption Key
In the PBI_Vault_SP vault details page, under Resources, click Keys.
Click Create Key.
Enter the following details:
Name: Replace <username> with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-MEK-0199008677labuser01).
Key Shape: Select RSA with 4096 bits.
Protection Mode: Select HSM (Hardware Security Module) if available, or Software if HSM is not required (based on vault capabilities).
Compartment: Ensure it's set to the root compartment (where PBI_Vault_SP resides).
Leave other settings (e.g., key usage) as default unless specified.
Click Create Key and wait for the key to be generated.
Step 3: Retrieve and Enter the OCID
After the key is created, go to the Keys section under PBI_Vault_SP.
Click on the key named PBT-CERT-MEK-01<username> (e.g., PBT-CERT-MEK-0199008677labuser01).
Copy the OCID (a long string starting with ocid1.key., unique to your tenancy) from the key details page.
Enter the copied OCID exactly as it appears into the provided text box.
Task 4: Create a Certificate Authority (CA)
Create a certificate authority, where:
CA name: PBT-CERT-CA-01-<username>
For example, if your username is 99008677-lab.user01, then the certificate authority name should be PBT-CERT-CA-01990086771abuser01
Ensure you eliminate special characters from the user name.
Common name: PBT-CERT-OCICA-01
Master Encryption Key: PBT-CERT-MEK-01 (created in the previous task)
Task 4: Create a Certificate Authority (CA)
Step 1: Access the OCI Vault
Log in to the OCI Console.
Navigate to Identity & Security > Vault.
Select the root compartment.
Locate and click on the vault named PBI_Vault_SP.
Step 2: Create the Certificate Authority
In the PBI_Vault_SP vault details page, under Resources, click Certificate Authorities.
Click Create Certificate Authority.
Enter the following details:
Name: Replace <username> with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-CA-0199008677labuser01).
Common Name: Enter PBT-CERT-OCICA-01.
Master Encryption Key: Select the PBT-CERT-MEK-01<username> key created in Task 3 (e.g., PBT-CERT-MEK-0199008677labuser01).
Subject: Leave as default or adjust (e.g., Organization, Country) if required by your setup.
Validity Period: Set as needed (e.g., 10 years), or use the default.
Compartment: Ensure it's set to the root compartment.
Click Create Certificate Authority and wait for the CA to be provisioned.
Step 3: Verify the Certificate Authority
After creation, go to the Certificate Authorities section under PBI_Vault_SP.
Confirm the CA PBT-CERT-CA-01<username> (e.g., PBT-CERT-CA-0199008677labuser01) is listed and its status is active.
A company has deployed OCI Zero Trust Packet Routing (ZPR) to secure its network. They have two compute instances, VM1-01 and VM-02, in a public subnet. VM-01 is tagged with the security attribute app:vm01, and VM-02 is tagged with app:vm02. The VCN is labeled with network:vcn01, The ZPR policy states:


"What is the expected outcome of this policy?
A company has implemented OCI IAM policies with multiple levels of compartments. A policy attached to a parent compartment grants "manage virtual-network-family" permissions. A policy attached to a child compartment grants "use virtual-network-family" permissions.

According to OCI IAM policy inheritance, how does the OCI IAM policy engine resolve the permissions for a user attempting to perform an operation that requires 'manage' permissions in the child compartment?
Within OCI IAM identity domains, the AD Bridge component serves a critical role. How does the AD Bridge functionality specifically enhance Identity and Access Management (IAM) practices?
Security & Privacy
Satisfied Customers
Committed Service
Money Back Guranteed