Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Pass the Oracle Cloud Infrastructure 1z0-1104-25 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam 1z0-1104-25 Premium Access

View all detail and faqs for the 1z0-1104-25 exam

Go to Exam

483 Students Passed

84% Average Score

94% Same Questions

Viewing page 1 out of 1 pages

Viewing questions 1-10 out of questions

Questions # 1:

Task 2: Create a Compute Instance and Install the Web Server

Create a compute instance, where:

Name: PBT-CERT-VM-01

Image: Oracle Linux 8

Shape: VM.Standard.A1.Flex

Subnet: Compute-Subnet-PBT-CERT

Install and configure Apache web server:

Install Apache

sudo yum -y install httpd

Enable and start Apache

sudo systemctl enable httpd

sudo systemctl restart httpd

2. Install and configure Apache web server:

a. Install Apache

sudo yum -y install httpd

b. Enable and start Apache

sudo systemctl enable httpd

sudo systemctl restart httpd

c. Configure firewall to allow HTTP traffic (port 80)

sudo firewall-cmd --permanent --add-port=80/tcp

sudo firewall-cmd --reload

d. Create an index.html file

sudo bash -c 'echo You are visiting Web Server 1 >> /var/www/html/index.html'

Enter the OCID of the created compute instance PBT-CERT-VM-01 in the text box below.

Options:

Answer

Answer:

See the solution below in Explanation.

Explanation

Task 2: Create a Compute Instance and Install the Web Server

Step 1: Create the Compute Instance

Navigate toCompute>Instances.

ClickCreate Instance.

Enter the following details:

Name: PBT-CERT-VM-01

Compartment: Select your assigned compartment.

Placement: Leave as default or select an availability domain (e.g., Availability Domain 1).

Image: ClickChange Image, selectOracle Linux 8, and confirm.

Shape: ClickChange Shape, selectVM.Standard.A1.Flex, and configure:

OCPUs: 1 (or adjust as needed)

Memory: 6 GB (or adjust as needed)

Networking:

Virtual Cloud Network: Select PBT-CERT-VCN-01.

Subnet: Select Compute-Subnet-PBT-CERT.

Leave public IP assignment enabled for internet access.

SSH Key: Provide your public SSH key (upload or paste) for secure access.

ClickCreateand wait for the instance to be provisioned.

Step 2: Connect to the Compute Instance

Once the instance is created, note thePublic IP Addressfrom the instance details page.

Use an SSH client to connect:

Command: ssh -i opc@

Replace with your private key path and with the instance’s public IP.

Step 3: Install and Configure Apache Web Server

Install Apache:

Run: sudo yum -y install httpd

Enable and Start Apache:

Run: sudo systemctl enable httpd

Run: sudo systemctl restart httpd

Configure Firewall to Allow HTTP Traffic (Port 80):

Run: sudo firewall-cmd --permanent --add-port=80/tcp

Run: sudo firewall-cmd --reload

Create an index.html File:

Run: sudo bash -c 'echo "You are visiting Web Server 1" >> /var/www/html/index.html'

Step 4: Verify the Configuration

Open a web browser and enter http:// to ensure the page displays "You are visiting Web Server 1".

If needed, troubleshoot by checking Apache status: sudo systemctl status httpd.

Step 5: Retrieve and Enter the OCID

Go to the instance details page for PBT-CERT-VM-01 underCompute>Instances.

Copy theOCID(a long string starting with ocid1.instance., unique to your tenancy).

Enter the copied OCID exactly as it appears into the text box provided.

Notes

These steps are based on OCI Compute documentation and Oracle Linux 8 setup guides.

Ensure the security list PBT-CERT-CS-SL-01 allows inbound traffic on port 22 (SSH) and port 80 (HTTP) if not already configured.

The OCID will be unique to your instance; obtain it from the OCI Console after creation

Questions # 2:

Task 6: Create Load Balancer and Attach Certificate

Create a Load Balancer with the name PBT-CERT-LB-01 in subnet LB-Subnet-PBT-CERT-SNET-02

Create a Listener for the load balancer, where:

Name: PBT-CERT-LB_LTSN_01

Protocol: HTTPS

Port: 443

Attach the certificate PBT-CERT-01- to the load balancer

Attach the security list PBT-CERT-LB-SL-01 to subnet LB-Subnet-PBT-CERT-SNET-02

Options:

Answer

Answer:

See the solution below in Explanation.

Explanation

Task 6: Create Load Balancer and Attach Certificate

Step 1: Create the Load Balancer

Navigate toNetworking>Load Balancers.

ClickCreate Load Balancer.

Enter the following details:

Name: PBT-CERT-LB-01

Compartment: Select your assigned compartment.

Load Balancer Type: SelectPublic.

Virtual Cloud Network: Select PBT-CERT-VCN-01.

Subnet: Select LB-Subnet-PBT-CERT-SNET-02.

Shape: Choose a shape (e.g., 10 Mbps, adjust based on needs).

ClickNext.

Leave backend sets and listeners as default for now (we’ll configure the listener next).

ClickCreate Load Balancerand wait for it to be provisioned.

Step 2: Create a Listener

Once the load balancer is created, go to theLoad Balancerspage and click on PBT-CERT-LB-01.

UnderResources, clickListeners.

ClickCreate Listener.

Enter the following details:

Name: PBT-CERT-LB_LTSN_01

Protocol: SelectHTTPS.

Port: Enter 443.

Certificate: ClickAdd Certificate, then select the PBT-CERT-01 certificate (e.g., PBT-CERT-0199008677labuser01) created in Task 5.

Leave other settings (e.g., SSL handling) as default unless specified.

ClickCreate.

Step 3: Configure the Backend Set

In the PBT-CERT-LB-01 details page, underResources, clickBackend Sets.

ClickCreate Backend Set(if not already created).

Enter basic details (e.g., name like PBT-CERT-BS-01).

Add a backend server:

IP Address: Use the private IP of PBT-CERT-VM-01 (find this in the instance details underCompute>Instances).

Port: 80 (HTTP, as configured on the web server).

Protocol: HTTP.

ClickCreate.

Step 4: Attach the Security List to the Subnet

Navigate toNetworking>Virtual Cloud Networks.

Select PBT-CERT-VCN-01 and clickSubnets.

Click on LB-Subnet-PBT-CERT-SNET-02.

UnderSecurity Lists, ensure PBT-CERT-LB-SL-01 is attached. If not:

ClickEdit.

Remove the default security list and add PBT-CERT-LB-SL-01.

ClickSave Changes.

Step 5: Verify the Configuration

Ensure the load balancer health status is OK (check underBackend Sets>Health).

Test by accessing https:// in a browser (replace with the public IP from the load balancer details).

Questions # 3:

Challenge 2 -Task 1

In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.

As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.

Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Question # 3

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

Task 4: Create a Public Subnet

Create a public subnet named IAD-SP-PBT-PUBSNET-01, within the VCN IAD-SP-PBT-VCN-01

use a CIDR block of 10.0.1.0/24 and configure the subnet to use the internet Gateway

Options:

Answer

Answer:

See the solution below in Explanation.

Explanation

To create a public subnet named IAD-SP-PBT-PUBSNET-01 within the VCN IAD-SP-PBT-VCN-01 using a CIDR block of 10.0.1.0/24 and configure it to use the Internet Gateway, follow these steps based on the Oracle Cloud Infrastructure (OCI) Networking documentation.

Step-by-Step Solution for Task 4: Create a Public Subnet

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.com ).

Ensure you have access to the assigned compartment.

Navigate to Virtual Cloud Networks:

From the OCI Console, click the navigation menu (hamburger icon) on the top left.

UnderNetworking, selectVirtual Cloud Networks.

Select the VCN:

Locate and click on the VCN named IAD-SP-PBT-VCN-01 created in Task 3.

UnderResources, selectSubnets.

Create a New Subnet:

Click theCreate Subnetbutton.

Configure the Subnet Details:

Name:Enter IAD-SP-PBT-PUBSNET-01.

Compartment:Ensure it is set to the assigned compartment.

Subnet Type:SelectPublic Subnet.

CIDR Block:Enter 10.0.1.0/24.

Route Table:Select the default route table associated with the VCN (ensure it includes a route to the Internet Gateway with destination 0.0.0.0/0).

Subnet Access:SelectPublic Subnetand ensure the Internet Gateway is associated.

DHCP Options:Leave as default or customize if required.

Security List:Use the default security list or create a new one with appropriate ingress/egress rules (e.g., allow TCP port 22 for SSH and all egress traffic).

Associate the Internet Gateway:

Verify that the subnet is configured to route traffic through the Internet Gateway. This is automatically handled if you selected the public subnet option and the VCN’s route table is correctly set (as configured in Task 3).

If needed, edit the route table for the subnet to ensure a rule exists:

Destination CIDR Block:0.0.0.0/0

Target Type:Internet Gateway

Target:Select the Internet Gateway associated with IAD-SP-PBT-VCN-01.

Create the Subnet:

ClickCreateto provision the subnet.

Once created, the subnet will be listed under the VCN’s subnets.

Verify the Configuration:

Go to the subnet details page for IAD-SP-PBT-PUBSNET-01.

Confirm the CIDR block is 10.0.1.0/24 and that it is a public subnet with Internet Gateway access.

Notes

Ensure the CIDR block 10.0.1.0/24 does not overlap with existing subnets in the VCN (10.0.0.0/16, including 10.0.10.0/24 from Task 3).

The Internet Gateway association relies on the route table configuration from Task 3. If it’s missing, update the route table as described in Step 6.

Questions # 4:

Challenge 2 -Task 1

Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Question # 4

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

Task 2: Create a Security Zone

Create a security Zone named IAD_SAP-PBT-CSZ-01 in your assigned compartement and associate it with the Custom Security Zone Recipe (IAD-SAP-PBT-CSP-01) created in the previous task.

Enter the OCID of the created Security zone in the box below.

Question # 4

Options:

Answer

Answer:

See the solution below in Explanation.

Explanation

To create a Security Zone named IAD_SAP-PBT-CSZ-01 in your assigned compartment and associate it with the Custom Security Zone Recipe IAD-SP-PBT-CSP-01 created in the previous task, follow these steps based on the Oracle Cloud Infrastructure (OCI) Security Zones documentation.

Step-by-Step Solution for Task 2: Create a Security Zone

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.com ).

Ensure you have access to the assigned compartment.

Navigate to Security Zones:

From the OCI Console, click the navigation menu (hamburger icon) on the top left.

UnderGovernance and Administration, selectSecurity Zones.

Create a New Security Zone:

In the Security Zones dashboard, click theCreate Security Zonebutton.

Configure the Security Zone Details:

Name:Enter IAD_SAP-PBT-CSZ-01.

Compartment:Select the assigned compartment provided.

Description:(Optional) Add a description, e.g., "Security Zone for public subnet compute instances."

Associate the Custom Security Zone Recipe:

In theRecipesection, select the custom recipe IAD-SP-PBT-CSP-01 created in Task 1 from the dropdown list.

Ensure the recipe is correctly associated to enforce the policy allowing compute instances in the public subnet.

Define the Security Zone Scope:

UnderResources to Protect, select the compartment or specific resources (e.g., the VCN with CIDR 10.0.0.0/16 and public subnet 10.0.10.0/24) to apply the security zone.

Check the box to include all resources in the selected compartment if applicable.

Create the Security Zone:

ClickCreateto finalize the security zone creation.

Once created, note theOCIDof the security zone from the security zone details page. The OCID will be a unique identifier starting with ocid1.securityzone.

Verify the Security Zone:

Go to theSecurity Zonestab and locate IAD_SAP-PBT-CSZ-01.

Confirm the associated recipe (IAD-SP-PBT-CSP-01) and the applied policies.

OCID of the Created Security Zone

The exact OCID will be generated upon creation (e.g., ocid1.securityzone.oc1..). Please enter the OCID displayed in the OCI Console after completing Step 7.

Questions # 5:

Challenge 1 - Task 1

Integrate TLS Certificate Issued by the OCI Certificates Service with Load Balancer

You are a cloud engineer at a tech company that is migrating its services to Oracle Cloud Infrastructure (OCI). You are required to set up secure communication for your web application using OCI's Certificate service. You need to create a Certificate Authority (CA), issue a TLS/SSL server certificate, and configure a load balancer to use this certificate to ensure encrypted traffic between clients and the backend servers.

Review the architecture diagram, which outlines the resources you'll need to address the requirement.

Question # 5

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

OCI Vault to store the secret required by the program, which is created in the root compartment as PBI_Vault_SP

Task 1: Create and Configure a Virtual Cloud Network (VCN)

Create a Virtual Cloud Network (VCN) namedPBT-CERT-VCN-01with the following specifications:

VCN with a CIDR block of 10.0.0.0/16

Subnet 1 (Compute Instance):

Name:Compute-Subnet-PBT-CERT

CIDR Block:10.0.1.0/24

Subnet 2 (Load Balancer):

Name:LB-Subnet-PBT-CERT-SNET-02

CIDR Block:10.0.2.0/24

Internet Gatewayfor external connectivity

Route table and security lists:

Security List namedPBT-CERT-CS-SL-01for Subnet 1 (Compute-Subnet-PBT-CERT) to allow SSH (port 22) traffic

Security List namedPBT-CERT-LB-SL-01for Subnet 2 (LB-Subnet-PBT-CERT) to allow HTTPS (port 443) traffic

"Enter the OCID of the created VCN in the text box below.

Options:

Answer

Answer:

See the solution below in Explanation.

Explanation

Challenge 1: Integrate TLS Certificate Issued by the OCI Certificates Service with Load Balancer

Task 1: Create and Configure a Virtual Cloud Network (VCN)

Step 1: Create the Virtual Cloud Network (VCN)

Navigate toNetworking>Virtual Cloud Networks.

ClickCreate Virtual Cloud Network.

SelectVCN with Internet Connectivity(to include an Internet Gateway by default).

Enter the following details:

Name: PBT-CERT-VCN-01

Compartment: Select your assigned compartment.

VCN CIDR Block: 10.0.0.0/16

Leave other settings as default (e.g., create a new public subnet and route table).

ClickCreate Virtual Cloud Network. Wait for the VCN to be created.

Step 2: Create Subnet 1 (Compute-Subnet-PBT-CERT)

In the VCN details page for PBT-CERT-VCN-01, clickSubnetsunderResources.

ClickCreate Subnet.

Enter the following details:

Name: Compute-Subnet-PBT-CERT

Subnet Type: Regional

CIDR Block: 10.0.1.0/24

Route Table: Select the default route table created with the VCN.

Subnet Access: Public Subnet (to allow internet access).

DNS Resolution: Enabled.

ClickCreate.

Step 3: Create Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)

In the VCN details page, clickSubnetsunderResources.

ClickCreate Subnet.

Enter the following details:

Name: LB-Subnet-PBT-CERT-SNET-02

Subnet Type: Regional

CIDR Block: 10.0.2.0/24

Route Table: Select the default route table created with the VCN.

Subnet Access: Public Subnet (to allow internet access for the load balancer).

DNS Resolution: Enabled.

ClickCreate.

Step 4: Verify Internet Gateway

In the VCN details page, underResources, clickInternet Gateways.

Ensure an Internet Gateway is listed and attached to PBT-CERT-VCN-01. If not created, clickCreate Internet Gateway, name it (e.g., PBT-CERT-IGW), and attach it.

Step 5: Configure Route Table

In the VCN details page, underResources, clickRoute Tables.

Select the default route table or create a new one named PBT-CERT-RT-01.

ClickAdd Route Rule. 4 -Destination CIDR Block: 0.0.0.0/0

Target Type: Internet Gateway

Target: Select the Internet Gateway created (e.g., PBT-CERT-IGW).

ClickAdd Route Ruleand save.

Step 6: Create Security List for Subnet 1 (Compute-Subnet-PBT-CERT)

In the VCN details page, underResources, clickSecurity Lists.

ClickCreate Security List.

Enter the following:

Name: PBT-CERT-CS-SL-01

Compartment: Your assigned compartment.

Add the following ingress rule:

Source CIDR: 0.0.0.0/0 (allow from any source, adjust as per security needs)

IP Protocol: TCP

Source Port Range: All

Destination Port Range: 22 (for SSH)

Allows: Traffic

ClickCreate.

Step 7: Create Security List for Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)

In the VCN details page, underResources, clickSecurity Lists.

ClickCreate Security List.

Enter the following:

Name: PBT-CERT-LB-SL-01

Compartment: Your assigned compartment.

Add the following ingress rule:

Source CIDR: 0.0.0.0/0 (allow from any source, adjust as per security needs)

IP Protocol: TCP

Source Port Range: All

Destination Port Range: 443 (for HTTPS)

Allows: Traffic

ClickCreate.

Step 8: Retrieve and Enter VCN OCID

Go to the VCN details page for PBT-CERT-VCN-01.

Copy theOCIDfrom the VCN information section.

Enter the OCID in the provided text box.

Questions # 6:

"A business has a hybrid cloud infrastructure with Oracle Linux instances running in OCI and on-premises. They want to reduce the amount of bandwidth used when patching systems.

Which component of OS Management Hub can help to reduce the bandwidth usage for patching?

Options:

Management stations

Management agents

Dynamic groups

Profiles"

Questions # 7:

Which Oracle Data Safe feature enables the Internal test, development, and analytics teams to operate effectively while minimizing their exposure to sensitive data?

Options:

Security assessment

Data encryption

Data auditing

Sensitive data discovery

Questions # 8:

A company has implemented OCI IAM policies with multiple levels of compartments. A policy attached to a parent compartment grants "manage virtual-network-family" permissions. A policy attached to a child compartment grants "use virtual-network-family" permissions.

Question # 8

According to OCI IAM policy inheritance, how does the OCI IAM policy engine resolve the permissions for a user attempting to perform an operation that requires 'manage' permissions in the child compartment?

Options:

The operation is denied due to conflicting policies.

The policy in the parent compartment takes precedence, and the user is granted "manage" permissions.

The policy in the child compartment takes precedence, and the user is granted "use" permissions only.

Questions # 9:

Which are the essential components to create a rule for the Oracle Cloud Infrastructure (OCI) Events Service?

Options:

Install Key and Service Connector

Rule Conditions and Management Agent Cloud Service

Rule Conditions and Actions

Install Key and Actions

Questions # 10:

You are the first responder of a security incident for ABC Org. You have identified several IP addresses and URLs in the logs that you suspect may be related to the incident. However, you need more information to confidently determine whether they are indeed malicious or not.

Which OCI service can you use to obtain a more refined information and confidence score for these identified indicators?