Oracle Cloud Infrastructure 2025 Security Professional - 1z0-1104-25 FREE EXAM DUMPS QUESTIONS & ANSWERS
You're managing an Oracle Cloud Infrastructure (OCI) environment where a public website hosts downloadable assets stored in Object Storage buckets. These buckets need to be publicly accessible for website visitors, but Cloud Guard keeps flagging them as security risks.
How can Cloud Guard be configured to ignore problems specific to public buckets while still ensuring security checks are applied to other resources that require them?
How can Cloud Guard be configured to ignore problems specific to public buckets while still ensuring security checks are applied to other resources that require them?
Correct Answer: C
Vote an answer
Which Oracle Data Safe feature enables the Internal test, development, and analytics teams to operate effectively while minimizing their exposure to sensitive data?
Correct Answer: B
Vote an answer
Challenge 1 - Task 1
Integrate TLS Certificate Issued by the OCI Certificates Service with Load Balancer You are a cloud engineer at a tech company that is migrating its services to Oracle Cloud Infrastructure (OCI). You are required to set up secure communication for your web application using OCI's Certificate service. You need to create a Certificate Authority (CA), issue a TLS/SSL server certificate, and configure a load balancer to use this certificate to ensure encrypted traffic between clients and the backend servers.
Review the architecture diagram, which outlines the resources you'll need to address the requirement.
Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
OCI Vault to store the secret required by the program, which is created in the root compartment as PBI_Vault_SP Task 1: Create and Configure a Virtual Cloud Network (VCN) Create a Virtual Cloud Network (VCN) namedPBT-CERT-VCN-01with the following specifications:
* VCN with a CIDR block of 10.0.0.0/16
* Subnet 1 (Compute Instance):
* Name:Compute-Subnet-PBT-CERT
* CIDR Block:10.0.1.0/24
Subnet 2 (Load Balancer):
* Name:LB-Subnet-PBT-CERT-SNET-02
* CIDR Block:10.0.2.0/24
Internet Gatewayfor external connectivity
Route table and security lists:
* Security List namedPBT-CERT-CS-SL-01for Subnet 1 (Compute-Subnet-PBT-CERT) to allow SSH (port 22) traffic
* Security List namedPBT-CERT-LB-SL-01for Subnet 2 (LB-Subnet-PBT-CERT) to allow HTTPS (port 443) traffic
"Enter the OCID of the created VCN in the text box below.
Integrate TLS Certificate Issued by the OCI Certificates Service with Load Balancer You are a cloud engineer at a tech company that is migrating its services to Oracle Cloud Infrastructure (OCI). You are required to set up secure communication for your web application using OCI's Certificate service. You need to create a Certificate Authority (CA), issue a TLS/SSL server certificate, and configure a load balancer to use this certificate to ensure encrypted traffic between clients and the backend servers.
Review the architecture diagram, which outlines the resources you'll need to address the requirement.
Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
OCI Vault to store the secret required by the program, which is created in the root compartment as PBI_Vault_SP Task 1: Create and Configure a Virtual Cloud Network (VCN) Create a Virtual Cloud Network (VCN) namedPBT-CERT-VCN-01with the following specifications:
* VCN with a CIDR block of 10.0.0.0/16
* Subnet 1 (Compute Instance):
* Name:Compute-Subnet-PBT-CERT
* CIDR Block:10.0.1.0/24
Subnet 2 (Load Balancer):
* Name:LB-Subnet-PBT-CERT-SNET-02
* CIDR Block:10.0.2.0/24
Internet Gatewayfor external connectivity
Route table and security lists:
* Security List namedPBT-CERT-CS-SL-01for Subnet 1 (Compute-Subnet-PBT-CERT) to allow SSH (port 22) traffic
* Security List namedPBT-CERT-LB-SL-01for Subnet 2 (LB-Subnet-PBT-CERT) to allow HTTPS (port 443) traffic
"Enter the OCID of the created VCN in the text box below.
Correct Answer:
See the solution below in Explanation.
Explanation:
Challenge 1: Integrate TLS Certificate Issued by the OCI Certificates Service with Load Balancer Task 1: Create and Configure a Virtual Cloud Network (VCN) Step 1: Create the Virtual Cloud Network (VCN)
* Log in to the OCI Console.
* Navigate toNetworking>Virtual Cloud Networks.
* ClickCreate Virtual Cloud Network.
* SelectVCN with Internet Connectivity(to include an Internet Gateway by default).
* Enter the following details:
* Name: PBT-CERT-VCN-01
* Compartment: Select your assigned compartment.
* VCN CIDR Block: 10.0.0.0/16
* Leave other settings as default (e.g., create a new public subnet and route table).
* ClickCreate Virtual Cloud Network. Wait for the VCN to be created.
Step 2: Create Subnet 1 (Compute-Subnet-PBT-CERT)
* In the VCN details page for PBT-CERT-VCN-01, clickSubnetsunderResources.
* ClickCreate Subnet.
* Enter the following details:
* Name: Compute-Subnet-PBT-CERT
* Subnet Type: Regional
* CIDR Block: 10.0.1.0/24
* Route Table: Select the default route table created with the VCN.
* Subnet Access: Public Subnet (to allow internet access).
* DNS Resolution: Enabled.
* ClickCreate.
Step 3: Create Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)
* In the VCN details page, clickSubnetsunderResources.
* ClickCreate Subnet.
* Enter the following details:
* Name: LB-Subnet-PBT-CERT-SNET-02
* Subnet Type: Regional
* CIDR Block: 10.0.2.0/24
* Route Table: Select the default route table created with the VCN.
* Subnet Access: Public Subnet (to allow internet access for the load balancer).
* DNS Resolution: Enabled.
* ClickCreate.
Step 4: Verify Internet Gateway
* In the VCN details page, underResources, clickInternet Gateways.
* Ensure an Internet Gateway is listed and attached to PBT-CERT-VCN-01. If not created, clickCreate Internet Gateway, name it (e.g., PBT-CERT-IGW), and attach it.
Step 5: Configure Route Table
* In the VCN details page, underResources, clickRoute Tables.
* Select the default route table or create a new one named PBT-CERT-RT-01.
* ClickAdd Route Rule. 4 -Destination CIDR Block: 0.0.0.0/0
* Target Type: Internet Gateway
* Target: Select the Internet Gateway created (e.g., PBT-CERT-IGW).
* ClickAdd Route Ruleand save.
Step 6: Create Security List for Subnet 1 (Compute-Subnet-PBT-CERT)
* In the VCN details page, underResources, clickSecurity Lists.
* ClickCreate Security List.
* Enter the following:
* Name: PBT-CERT-CS-SL-01
* Compartment: Your assigned compartment.
* Add the following ingress rule:
* Source CIDR: 0.0.0.0/0 (allow from any source, adjust as per security needs)
* IP Protocol: TCP
* Source Port Range: All
* Destination Port Range: 22 (for SSH)
* Allows: Traffic
* ClickCreate.
Step 7: Create Security List for Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)
* In the VCN details page, underResources, clickSecurity Lists.
* ClickCreate Security List.
* Enter the following:
* Name: PBT-CERT-LB-SL-01
* Compartment: Your assigned compartment.
* Add the following ingress rule:
* Source CIDR: 0.0.0.0/0 (allow from any source, adjust as per security needs)
* IP Protocol: TCP
* Source Port Range: All
* Destination Port Range: 443 (for HTTPS)
* Allows: Traffic
* ClickCreate.
Step 8: Retrieve and Enter VCN OCID
* Go to the VCN details page for PBT-CERT-VCN-01.
* Copy theOCIDfrom the VCN information section.
* Enter the OCID in the provided text box.
Explanation:
Challenge 1: Integrate TLS Certificate Issued by the OCI Certificates Service with Load Balancer Task 1: Create and Configure a Virtual Cloud Network (VCN) Step 1: Create the Virtual Cloud Network (VCN)
* Log in to the OCI Console.
* Navigate toNetworking>Virtual Cloud Networks.
* ClickCreate Virtual Cloud Network.
* SelectVCN with Internet Connectivity(to include an Internet Gateway by default).
* Enter the following details:
* Name: PBT-CERT-VCN-01
* Compartment: Select your assigned compartment.
* VCN CIDR Block: 10.0.0.0/16
* Leave other settings as default (e.g., create a new public subnet and route table).
* ClickCreate Virtual Cloud Network. Wait for the VCN to be created.
Step 2: Create Subnet 1 (Compute-Subnet-PBT-CERT)
* In the VCN details page for PBT-CERT-VCN-01, clickSubnetsunderResources.
* ClickCreate Subnet.
* Enter the following details:
* Name: Compute-Subnet-PBT-CERT
* Subnet Type: Regional
* CIDR Block: 10.0.1.0/24
* Route Table: Select the default route table created with the VCN.
* Subnet Access: Public Subnet (to allow internet access).
* DNS Resolution: Enabled.
* ClickCreate.
Step 3: Create Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)
* In the VCN details page, clickSubnetsunderResources.
* ClickCreate Subnet.
* Enter the following details:
* Name: LB-Subnet-PBT-CERT-SNET-02
* Subnet Type: Regional
* CIDR Block: 10.0.2.0/24
* Route Table: Select the default route table created with the VCN.
* Subnet Access: Public Subnet (to allow internet access for the load balancer).
* DNS Resolution: Enabled.
* ClickCreate.
Step 4: Verify Internet Gateway
* In the VCN details page, underResources, clickInternet Gateways.
* Ensure an Internet Gateway is listed and attached to PBT-CERT-VCN-01. If not created, clickCreate Internet Gateway, name it (e.g., PBT-CERT-IGW), and attach it.
Step 5: Configure Route Table
* In the VCN details page, underResources, clickRoute Tables.
* Select the default route table or create a new one named PBT-CERT-RT-01.
* ClickAdd Route Rule. 4 -Destination CIDR Block: 0.0.0.0/0
* Target Type: Internet Gateway
* Target: Select the Internet Gateway created (e.g., PBT-CERT-IGW).
* ClickAdd Route Ruleand save.
Step 6: Create Security List for Subnet 1 (Compute-Subnet-PBT-CERT)
* In the VCN details page, underResources, clickSecurity Lists.
* ClickCreate Security List.
* Enter the following:
* Name: PBT-CERT-CS-SL-01
* Compartment: Your assigned compartment.
* Add the following ingress rule:
* Source CIDR: 0.0.0.0/0 (allow from any source, adjust as per security needs)
* IP Protocol: TCP
* Source Port Range: All
* Destination Port Range: 22 (for SSH)
* Allows: Traffic
* ClickCreate.
Step 7: Create Security List for Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)
* In the VCN details page, underResources, clickSecurity Lists.
* ClickCreate Security List.
* Enter the following:
* Name: PBT-CERT-LB-SL-01
* Compartment: Your assigned compartment.
* Add the following ingress rule:
* Source CIDR: 0.0.0.0/0 (allow from any source, adjust as per security needs)
* IP Protocol: TCP
* Source Port Range: All
* Destination Port Range: 443 (for HTTPS)
* Allows: Traffic
* ClickCreate.
Step 8: Retrieve and Enter VCN OCID
* Go to the VCN details page for PBT-CERT-VCN-01.
* Copy theOCIDfrom the VCN information section.
* Enter the OCID in the provided text box.
You are the first responder of a security incident for ABC Org. You have identified several IP addresses and URLs in the logs that you suspect may be related to the incident. However, you need more information to confidently determine whether they are indeed malicious or not.
Which OCI service can you use to obtain a more refined information and confidence score for these identified indicators?
Which OCI service can you use to obtain a more refined information and confidence score for these identified indicators?
Correct Answer: B
Vote an answer