Oracle 1Z0-1104-25 Exam Questions - Navigate Your Path to Success

The Oracle Cloud Infrastructure 2025 Security Professional (1Z0-1104-25) exam is a good choice for Oracle Cloud Engineers Oracle Cloud Security Professionals and if the candidate manages to pass Oracle Cloud Infrastructure 2025 Security Professional exam, he/she will earn Oracle Cloud , Oracle Cloud Infrastructure Certifications. Below are some essential facts for Oracle 1Z0-1104-25 exam candidates:

TrendyCerts offers 36 Questions that are based on actual Oracle 1Z0-1104-25 syllabus.
Our Oracle 1Z0-1104-25 Exam Practice Questions were last updated on: Sep 16, 2025

Sample Questions for Oracle 1Z0-1104-25 Exam Preparation

Question 1

A company has implemented OCI IAM policies with multiple levels of compartments. A policy attached to a parent compartment grants "manage virtual-network-family" permissions. A policy attached to a child compartment grants "use virtual-network-family" permissions.

1Z0-1104-25 Exam Question 1 Exhibit 1

According to OCI IAM policy inheritance, how does the OCI IAM policy engine resolve the permissions for a user attempting to perform an operation that requires 'manage' permissions in the child compartment?

AThe operation is denied due to conflicting policies.

BThe policy in the parent compartment takes precedence, and the user is granted 'manage' permissions.

CThe policy in the child compartment takes precedence, and the user is granted 'use' permissions only.

Correct : B

Options Selected by Other Users:

Question 2

SIMULATION

Challenge 2 -Task 1

In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.

As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.

Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

1Z0-1104-25 Exam Question 2 Exhibit 1

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

Task 2: Create a Security Zone

Create a security Zone named IAD_SAP-PBT-CSZ-01 in your assigned compartement and associate it with the Custom Security Zone Recipe (IAD-SAP-PBT-CSP-01) created in the previous task.

Enter the OCID of the created Security zone in the box below.

1Z0-1104-25 Exam Question 2 Exhibit 2

ASee the solution below in Explanation

Correct : A

To create a Security Zone named IAD_SAP-PBT-CSZ-01 in your assigned compartment and associate it with the Custom Security Zone Recipe IAD-SP-PBT-CSP-01 created in the previous task, follow these steps based on the Oracle Cloud Infrastructure (OCI) Security Zones documentation.

Step-by-Step Solution for Task 2: Create a Security Zone

Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.com).

Ensure you have access to the assigned compartment.

Navigate to Security Zones:

From the OCI Console, click the navigation menu (hamburger icon) on the top left.

Under Governance and Administration, select Security Zones.

Create a New Security Zone:

In the Security Zones dashboard, click the Create Security Zone button.

Configure the Security Zone Details:

Name: Enter IAD_SAP-PBT-CSZ-01.

Compartment: Select the assigned compartment provided.

Description: (Optional) Add a description, e.g., 'Security Zone for public subnet compute instances.'

Associate the Custom Security Zone Recipe:

In the Recipe section, select the custom recipe IAD-SP-PBT-CSP-01 created in Task 1 from the dropdown list.

Ensure the recipe is correctly associated to enforce the policy allowing compute instances in the public subnet.

Define the Security Zone Scope:

Under Resources to Protect, select the compartment or specific resources (e.g., the VCN with CIDR 10.0.0.0/16 and public subnet 10.0.10.0/24) to apply the security zone.

Check the box to include all resources in the selected compartment if applicable.

Create the Security Zone:

Click Create to finalize the security zone creation.

Once created, note the OCID of the security zone from the security zone details page. The OCID will be a unique identifier starting with ocid1.securityzone.

Verify the Security Zone:

Go to the Security Zones tab and locate IAD_SAP-PBT-CSZ-01.

Confirm the associated recipe (IAD-SP-PBT-CSP-01) and the applied policies.

OCID of the Created Security Zone

The exact OCID will be generated upon creation (e.g., ocid1.securityzone.oc1..<unique_string>). Please enter the OCID displayed in the OCI Console after completing Step 7.