Online Access Free 1z0-1104-23 Exam Questions

Exam Code:	1z0-1104-23
Exam Name:	Oracle Cloud Infrastructure 2023 Security Professional
Certification Provider:	Oracle
Free Question Number:	172
Posted:	Dec 16, 2025

Rating

100%

Page: 1 / 35
Total 172 questions

Question 1

An HTTP Web Server hosted on an Oracle Cloud Infrastructure (OCI) compute instance in a public subnet of the VCN1 Virtual Cloud Network has a: * Stateless security ingress rule for port 80 access through Internet Gateway * Stateful Network Security Group notification for port 80 How will the OCI VCN handle request/response traffic to the compute instance for a web page from the HTTP server with port 80? (Choose the best Answer.)

A.The union of both configurations would happen and allow both inbound and outbound traffic.
B.Due to the conflict in security configuration, inbound request traffic would not be al-lowed.
C.Because there is no egress rule defined in Security List, the response would not pass through Internet Gateway.
D.Network Security Group would supersede the Security List and allow both inbound and outbound traffic.

Question 2

What is the configuration to avoid publishing messages during the specified time range known as?

A.Trigger rule
B.Resource group
C.Statistic
D.Suppression

Question 3

A number of malicious requests for a web application is coming from a set of IP addresses originating from Antartica.
Which of the following statement will help to reduce these types of unauthorized requests ?

A.Change your home region in which your resources are currently deployed
B.List specific set of IP addresses then deny rules in Virtual Cloud Network Security Lists
C.Delete NAT Gateway from Virtual Cloud Network
D.Use WAF policy using Access Control Rules

Question 4

With regard to vulnerability and cloud penetration testing, which rules of engagement apply? Select TWO correct answers.

A.Physical penetration and vulnerability testing of Oraclefacilities is prohibited
B.You are responsible for any damages to Oracle Cloud customers that are caused by your testing activities
C.Any port scanning must be performed in an aggressive mode
D.Testing should target any other subscription or any other Oracle Cloud customer resources

Question 5

Challenge 2
Least-Privileged Model Enforcement Leveraging Custom Security Zones
Scenario
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the Security Zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You, therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
To complete this deployment, you have to perform the following tasks in the environment provisioned for you:
* Create a Custom Security Zone recipe to allow compute instances in the public subnet.
* Create a Security Zone using the Custom Security Zone recipe.
* Configure a Virtual Cloud Network (VCN) and Public Subnet.
* Provision a Compute Instance in the public subnet.

Note: You are provided with access to an OCI Tenancy, an assigned compartment, and OCI credentials. Throughout your exam, ensure to use the assigned Compartment 99234021-C01 and Region us-ashburn-1 Complete the following tasks in the provisioned OCI environment:
Create a Custom Recipe with the name
Create a Security Zone with the name
Create a VCN with the name IAD-SP-PBT-VCN-01
Create a Public Subnet with the name IAD-SP-PBT-PUBSNET-01
Create a Compute Instance with the name IAD-SP-PBT-1-VM-01, using the "Oracle Linux 8" image and "VM.Standard2.1" as shape

Correct Answer:

See the solution below in Explanation
Explanation:
SOLUTION:
Task 1: Create a Custom Security Zone recipe that permits the creation of a VCN with a public subnet, Internet Gateway, and a public bucket.
Sign into your Oracle Cloud Infrastructure (OCI) account.
From the navigation menu, click Identity & Security. Navigate to Security Zones and click Recipes.
In the left navigation pane, under Scope, select <your compartment> from the drop-down menu.
Click Create Recipe.
On Create Recipe page, enter the following values:
a. Recipe name: [Your Recipe Name] b. Description: My custom security zone recipe. c. Create for compartment: Select your compartment from the drop-down list. d. Click Next e. Policy type: All f. Resource type: VIRTUALNETWORK g. Uncheck deny public subnets deny internet gateway deny update route table h. Again, go to Resource type and select: OBJECTSTORAGE i. Uncheck deny public bucket deny buckets without vault key. j. On the Review page, review the number of policies that are enabled and disabled in this recipe.
Click create.
Task 2: Use the Custom Security Zone recipe created in Task 1 to create a Security Zone for your assigned compartment.
From the navigation menu, select Identity & Security. Navigate to Security Zones and click Overview.
In the left navigation pane, under Scope, select <your compartment> from the drop-down menu.
Click Create Security Zone.
On the Create Security Zone page, enter the following values: a. Security Zone Recipe: Select Customer-managed to use Custom Security Zone Recipe. b. Select Security Zone Recipe [Your Recipe Name] in the working compartment. c. Name: [Your Security Zone Name] d. Description: My Custom Security Zone. e. Create for compartment: Select the working compartment from the drop-down list.
Click Create Security Zone. The new security zone is in the Creating state. It can take several minutes to associate the working compartment with the security zone. When finished, the security zone is in the Active state.
On the Security Zone information tab, you can view the attached [Your Recipe Name] recipe.
Task 3: Use the VCN wizard to create a VCN and ensure that the Custom Security Zone recipe allows for the creation of a public subnet and Internet Gateway.
From the navigation menu, select Networking, then click Virtual Cloud Network.
In the left navigation pane, under List Scope, select <your compartment> from the drop-down menu.
Click Create VCN.
On the Configuration page, enter the following: a. Name: IAD-SP-PBT-VCN-01 b. IPv4 CIDR Blocks: 10.0.0.0/16 c. Note: Leave all the other options in their default setting.
Click Create VNC.
After Create VNC, click in Create Subnet
On the Configuration page, enter the following: a. Name: IAD-SP-PBT-PUBSNET-01 b. Subnet Type: Regional c. IPv4 CIDR Blocks: 10.0.1.0/24 d. Subnet Access: Public Subnet e. Leave all the other options in their default setting.
Click Create Subnet.
Task 4: Create a Computer Instance
From the navigation menu, select Compute and then click Instances.
Click Create Instance. In the Create Instance dialog box, provide the following details:
Name: IAD-SP-PBT-1-VM-01
Placement: Select AD2.
Image: Oracle Linux 8
Shape: Click Change shape, click on specialty and previous generation and select VM.Standard2.1.
Networking: Pick your IAD-SP-PBT-PUBSNET-01 and Public Subnet.
Public IP address: Assign a Public IPv4 address.
Click create.
Note: After a couple of minutes, you can see that the instance has been successfully created and the status Running.

Other Version: 594Oracle.1z0-1104-23.v2023-12-28.q40

Latest Upload: 137Salesforce.Analytics-DA-201.v2025-12-18.q77; 159Google.Associate-Cloud-Engineer.v2025-12-18.q130; 164Microsoft.SC-200.v2025-12-18.q155; 153IFPUG.I40-420.v2025-12-18.q105; 132NMLS.MLO.v2025-12-17.q109; 118SAP.C_HRHPC_2505.v2025-12-17.q41; 184ISACA.CISM-CN.v2025-12-17.q370; 231ISACA.CISA-CN.v2025-12-17.q626; 152PRINCE2.Prince2-Foundation.v2025-12-17.q204; 130SAP.C_THR89_2505.v2025-12-16.q58