01. You want to restrict network traffic between instances in the same subnet. Which OCI Networking service would you configure?
a) Security Lists
b) Virtual Cloud Network (VCN) Peering
c) Network Security Groups (NSGs)
d) VCN Route Tables
02. In which two ways can you improve data durability in Oracle Cloud Infrastructure (OCI) Object Storage?
a) Enable versioning
b) Setup volumes in a RAID1 configuration
c) Enable client-side encryption
d) Limit delete permissions
e) Enable server-side encryption
03. Why is it a good practice to use OCI Secrets management service?
a) In a zero-trust framework, users need to access infrastructure from any device, anwhere.
b) Having multiple factors of authentication make it harder for a hacker to brute force a system.
c) Humans tend to take insecure shortcuts, like hardcoding credentials in configuration and source code.
d) Using Secrets service is an anti-pattern. It is better to encrypt credentials in the source code.
04. To comply with regulatory standards, you need to log and monitor all access to your Oracle Cloud services, particularly API calls and instance activities. Additionally, unauthorized access attempts should trigger an alert.
Which pair of services would you configure to fulfill this requirement?
a) OCI Audit and Cloud Guard
b) OCI Logging and Cloud Guard
c) OCI Monitoring and Identity and Access Management (IAM)
d) OCI Audit and Network Security Groups (NSGs)
05. When registering Oracle Linux compute instances with OS Management Hub, which component standardizes the configuration settings applied to the instances during registration?
a) Dynamic Groups
b) Security Zones
c) Resource Tags
d) Profiles
06. A company wants developers to manage compute instances only in the "Development" compartment, while denying access to the "Production" compartment. Which approach ensures least-privilege access?
a) Apply a security list to restrict network traffic.
b) Use tags to label resources and enforce automation.
c) Enable audit logging for the Production compartment.
d) Create separate compartments and assign IAM policies to user groups.
07. What does Data Safe require for you to report on security configuration drift?
a) Establish an initial security assessment baseline.
b) Identify the policies you want to track.
c) Execute sensitive data discovery.
d) Provision audit policies and create an audit trail.
08. How can you increase the expiration of a pre-authenticated request (PAR) associated with a bucket?
a) Edit the PAR and define the desired expiration.
b) You cannot edit a PAR. Delete the PAR and recreate with the desired expiration.
c) Find the Identity and Access Management (IAM) policy associated with the PAR. Define the desired expiration in the policy.
d) Edit the bucket metadata and change the expiration date.
09. Which are the three rules of engagement that apply to cloud penetration and vulnerability testing in Oracle Cloud Infrastructure (OCI)?
a) You cannot conduct a test that exceeds the bandwidth quota of your subscription.
b) You can attempt to access another customer’s environment or data.
c) You can perform port scanning in a non-aggressive mode.
d) You are allowed to use tools or services that perform denial-of-service (DoS) attacks against your cloud assets.
10. In an OCI Identity and Access Management (IAM) environment, the AD Bridge component plays an important role in integrating existing identity systems.
How does the AD Bridge enhance IAM practices in OCI?
a) It automates the process of syncing users and groups between OCI and an on-premises Microsoft Active Directory (AD) system.
b) It improves security by introducing an additional authentication method for users through integration with AD.
c) It integrates with OCI MFA services, enabling automatic enforcement of multifactor authentication for users authenticated via AD.
d) It allows AD users to delegate administrative privileges and manage specific resources within OCI.
The Oracle Cloud Infrastructure Security Professional (1Z0-1104-25) Sample Question Set is designed to help you prepare for the Oracle Cloud Infrastructure 2025 Certified Security Professional certification exam. To become familiar with the actual Oracle Certification exam environment, we suggest you try our Sample Oracle 1Z0-1104-25 Certification Practice Exam.