有効な1z0-1104-25テスト解答Oracle 1z0-1104-25試験PDF問題を試そう [Q12-Q27]

Share

有効な1z0-1104-25テスト解答Oracle 1z0-1104-25試験PDF問題を試そう

Oracle 1z0-1104-25認定リアル2026年最新の模擬試験合格させます


Oracle 1z0-1104-25 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • OCI Security Introduction: This section of the exam measures the skills of Cloud Security Professionals and covers the basics of security in Oracle Cloud Infrastructure. It introduces the shared security responsibility model, the core principles of security design, and the use of foundational security services to secure deployments on OCI.
トピック 2
  • Implementing OS and Workload Protection: This section of the exam measures the skills of OCI Administrators and looks at securing workloads and operating systems. It includes the use of OCI Bastion for time-limited access, vulnerability scanning of hosts and containers, and the use of OS management for automated updates. The goal is to ensure that workloads remain resilient and well-protected.
トピック 3
  • Detecting, Remediating, and Monitoring OCI Resources: This section of the exam measures the skills of OCI Administrators and emphasizes monitoring and maintaining security posture across cloud resources. It focuses on the use of Cloud Guard, security zones, and the Security Advisor. Candidates also need to understand how to identify rogue users with threat intelligence, as well as use monitoring, logging, and event services for continuous visibility into performance and security.
トピック 4
  • Protecting Data: This section of the exam measures the skills of Cloud Security Professionals and highlights data security practices in OCI. It tests knowledge of using the Key Management Service for encryption keys, managing secrets in the OCI Vault, and applying features of OCI Data Safe to ensure sensitive data remains protected.

 

質問 # 12
Task 5: Create a Certificate
Create a certificate, where:
Certificate name: PBT-CERT-01-<username>
For example, if your username is 99008677-lab.user01, then the certificate name should be PBT-CERT-
01990086771abuser01
Ensure you eliminate special characters from the user name.
Common name: PBT-CERT-OCICERT-01
Certificate Authority: PBT-CERT-CA-01 (created in the previous task)

正解:

解説:
See the solution below in Explanation.
Explanation:
Since I can't create resources or retrieve OCIDs directly in your OCI environment, I'll provide a step-by-step solution based on verified OCI documentation and best practices as of 02:30 PM BST on Thursday, June 12,
2025. Follow these instructions precisely in the OCI Console or CLI, using the preconfigured PBI_Vault_SP vault and the PBT-CERT-CA-01<username> Certificate Authority created in the previous task. Replace
<username> with your actual username (e.g., 99008677-lab.user01), ensuring special characters are removed.
Task 5: Create a Certificate
Step 1: Access the OCI Vault
* Log in to the OCI Console.
* Navigate toIdentity & Security>Vault.
* Select the root compartment.
* Locate and click on the vault named PBI_Vault_SP.
Step 2: Create the Certificate
* In the PBI_Vault_SP vault details page, underResources, clickCertificates.
* ClickCreate Certificate.
* Enter the following details:
* Name: Replace <username> with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-
0199008677labuser01).
* Common Name: Enter PBT-CERT-OCICERT-01.
* Certificate Authority: Select the PBT-CERT-CA-01<username> CA created in Task 4 (e.g., PBT-CERT-CA-0199008677labuser01).
* Subject: Leave as default or adjust (e.g., Organization, Country) if required.
* Validity Period: Set as needed (e.g., 1 year), or use the default.
* Compartment: Ensure it's set to the root compartment.
* ClickCreate Certificateand wait for the certificate to be issued.
Step 3: Verify the Certificate
* After creation, go to theCertificatessection under PBI_Vault_SP.
* Confirm the certificate PBT-CERT-01<username> (e.g., PBT-CERT-0199008677labuser01) is listed and its status is active.


質問 # 13
"Your company is building a highly available and secure web application on OCI. Because of increasing malicious web-based attacks, the security team has mandated that web servers should not be exposed directly to the Internet.
How should you architect the solution while ensuring fault tolerance and security?

  • A. Deploy at least three web servers in different fault domains within a public subnet. Use OCI Traffic Management service for DNS-based load balancing."
  • B. Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet and configure a back-end set for all web servers. Deploy Web Application Firewall (WAF) and set the load balancer public IP address as the origin.
  • C. Deploy at least three web servers in different fault domains within a private subnet. Place a public load balancer in a public subnet, but skip WAF configuration.
  • D. Deploy at least three web servers in different fault domains within a public subnet, each with a public IP address. Deploy Web Application Firewall (WAF), and configure an origin for each public IP.

正解:B


質問 # 14
Which are the essential components to create a rule for the Oracle Cloud Infrastructure (OCI) Events Service?

  • A. Rule Conditions and Management Agent Cloud Service
  • B. Install Key and Service Connector
  • C. Install Key and Actions
  • D. Rule Conditions and Actions

正解:D


質問 # 15
Challenge 2 -Task 1
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task 4: Create a Public Subnet
Create a public subnet named IAD-SP-PBT-PUBSNET-01, within the VCN IAD-SP-PBT-VCN-01 use a CIDR block of 10.0.1.0/24 and configure the subnet to use the internet Gateway See the solution below in Explanation.

正解:

解説:
To create a public subnet named IAD-SP-PBT-PUBSNET-01 within the VCN IAD-SP-PBT-VCN-01 using a CIDR block of 10.0.1.0/24 and configure it to use the Internet Gateway, follow these steps based on the Oracle Cloud Infrastructure (OCI) Networking documentation.
Step-by-Step Solution for Task 4: Create a Public Subnet
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Virtual Cloud Networks:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderNetworking, selectVirtual Cloud Networks.
* Select the VCN:
* Locate and click on the VCN named IAD-SP-PBT-VCN-01 created in Task 3.
* UnderResources, selectSubnets.
* Create a New Subnet:
* Click theCreate Subnetbutton.
* Configure the Subnet Details:
* Name:Enter IAD-SP-PBT-PUBSNET-01.
* Compartment:Ensure it is set to the assigned compartment.
* Subnet Type:SelectPublic Subnet.
* CIDR Block:Enter 10.0.1.0/24.
* Route Table:Select the default route table associated with the VCN (ensure it includes a route to the Internet Gateway with destination 0.0.0.0/0).
* Subnet Access:SelectPublic Subnetand ensure the Internet Gateway is associated.
* DHCP Options:Leave as default or customize if required.
* Security List:Use the default security list or create a new one with appropriate ingress/egress rules (e.g., allow TCP port 22 for SSH and all egress traffic).
* Associate the Internet Gateway:
* Verify that the subnet is configured to route traffic through the Internet Gateway. This is automatically handled if you selected the public subnet option and the VCN's route table is correctly set (as configured in Task 3).
* If needed, edit the route table for the subnet to ensure a rule exists:
* Destination CIDR Block:0.0.0.0/0
* Target Type:Internet Gateway
* Target:Select the Internet Gateway associated with IAD-SP-PBT-VCN-01.
* Create the Subnet:
* ClickCreateto provision the subnet.
* Once created, the subnet will be listed under the VCN's subnets.
* Verify the Configuration:
* Go to the subnet details page for IAD-SP-PBT-PUBSNET-01.
* Confirm the CIDR block is 10.0.1.0/24 and that it is a public subnet with Internet Gateway access.
Notes
* Ensure the CIDR block 10.0.1.0/24 does not overlap with existing subnets in the VCN (10.0.0.0/16, including 10.0.10.0/24 from Task 3).
* The Internet Gateway association relies on the route table configuration from Task 3. If it's missing, update the route table as described in Step 6.


質問 # 16
"A programmer is developing a Node.js application which will run on a Linux server on their on-premises data center. This application will access various Oracle Cloud Infrastructure (OCI) services using OCI SDKs.
What is the secure way to access OCI services with OCI Identity and Access Management (IAM)?

  • A. Create a new OCI IAM user associated with a dynamic group and a policy that grants the desired permissions to OCI services. Add the on-premises Linux server in the dynamic group.
  • B. Create an OCI IAM policy with appropriate permissions to access the required OCI services and assign the policy to the on-premises Linux server."
  • C. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, add the user name and password to a file used by Node.js authentication.
  • D. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, generate the keypair used for signing API requests and upload the public key to the IAM user.

正解:D


質問 # 17
Based on the provided diagram, you have a group of critical compute instances in a private subnet that require vulnerability using the Oracle Cloud Infrastructure(OCI) Vulnerability Scanning Service (VSS).

"What additional configuration is required to enable VSS to scan instances in the private subnet

  • A. Configure a service gateway in the VCN and a route rule to direct traffic for the VSS service through the gateway.
  • B. No additional configuration is needed. VSS can access private instances by default.
  • C. VSS cannot scan private instances. You need to move them to a public subnet for vulnerability scanning.
  • D. Use an OCI Bastion session to establish connectivity and forward scan results from the private instances."

正解:A


質問 # 18
Challenge 2 -Task 1
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task 1: Create a Custom Security Zone Recipe
Create a Custom Security Zone Recipe named IAD-SP-PBT-CSP-01 that allows the provisioning of compute instances in the public subnet.
Enter the OCID of the created custom security zone recipe in the text box below.

正解:

解説:
See the solution below in Explanation.
Explanation:
To create a Custom Security Zone Recipe named IAD-SP-PBT-CSP-01 that allows the provisioning of compute instances in a public subnet, we will follow the steps outlined in the Oracle Cloud Infrastructure (OCI) Security Zones documentation. These steps are based on verified procedures from the OCI Security Zone Guide and related resources.
Step-by-Step Solution for Task 1: Create a Custom Security Zone Recipe
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment provided in the tenancy.
* Navigate to Security Zones:
* From the OCI Console, go to the navigation menu (hamburger icon) on the top left.
* UnderGovernance and Administration, selectSecurity Zones.
* Create a New Security Zone Recipe:
* In the Security Zones dashboard, click on theRecipestab.
* Click theCreate Recipebutton.
* Configure the Recipe Details:
* Name:Enter IAD-SP-PBT-CSP-01.
* Description:(Optional) Add a description, e.g., "Custom recipe to allow compute instances in public subnet."
* Leave theCompartmentas the assigned compartment provided.
* Define the Security Zone Policy:
* In the policy editor, start with a base policy. Since the Maximum Security Zone recipe restricts public subnet usage, you need to customize it.
* Add the following policy statement to allow compute instances in a public subnet:
Allow service compute to use virtual-network-family in compartment <compartment-name> where ALL { target.resource.type = 'Instance', target.vcn.cidr_block = '10.0.0.0/16', target.subnet.cidr_block = '10.0.10.0/24'
}
* Replace <compartment-name> with the name of your assigned compartment.
* This policy allows the Compute service to provision instances in the public subnet (10.0.10.0/24) within the VCN (10.0.0.0/16).
* Adjust Restrictions:
* Ensure the recipe does not inherit the Maximum Security Zone recipe's default restrictions that block public subnet usage. Explicitly allow the public subnet by including the subnet CIDR block (10.0.10.0/24) in the policy.
* Remove or modify any conflicting default rules that prohibit public subnet usage (e.g., rules blocking internet access or public IP assignment).
* Save the Recipe:
* ClickCreateto save the custom security zone recipe.
* Once created, note theOCIDof the recipe from the recipe details page. The OCID will be a unique identifier starting with ocid1.securityzonerecipe.
* Verify the Recipe:
* Go to theRecipestab and locate IAD-SP-PBT-CSP-01.
* Ensure the policy reflects the allowance for compute instances in the public subnet by reviewing the policy statement.
OCID of the Created Custom Security Zone Recipe
* The exact OCID will be generated upon creation (e.g., ocid1.securityzonerecipe.oc1..unique_string).
Please enter the OCID displayed in the OCI Console after completing Step 7.
Notes
* Ensure IAM policies are correctly configured to grant you permissions to create and manage security zone recipes in the compartment.
* The policy assumes the public subnet CIDR (10.0.10.0/24) matches the diagram. Adjust if the actual subnet CIDR differs.
* Test the recipe by associating it with a security zone and attempting to launch a compute instance to confirm compliance.


質問 # 19
Challenge 2 -Task 1
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task 2: Create a Security Zone
Create a security Zone named IAD_SAP-PBT-CSZ-01 in your assigned compartement and associate it with the Custom Security Zone Recipe (IAD-SAP-PBT-CSP-01) created in the previous task.
Enter the OCID of the created Security zone in the box below.

正解:

解説:
See the solution below in Explanation.
Explanation:
To create a Security Zone named IAD_SAP-PBT-CSZ-01 in your assigned compartment and associate it with the Custom Security Zone Recipe IAD-SP-PBT-CSP-01 created in the previous task, follow these steps based on the Oracle Cloud Infrastructure (OCI) Security Zones documentation.
Step-by-Step Solution for Task 2: Create a Security Zone
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Security Zones:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderGovernance and Administration, selectSecurity Zones.
* Create a New Security Zone:
* In the Security Zones dashboard, click theCreate Security Zonebutton.
* Configure the Security Zone Details:
* Name:Enter IAD_SAP-PBT-CSZ-01.
* Compartment:Select the assigned compartment provided.
* Description:(Optional) Add a description, e.g., "Security Zone for public subnet compute instances."
* Associate the Custom Security Zone Recipe:
* In theRecipesection, select the custom recipe IAD-SP-PBT-CSP-01 created in Task 1 from the dropdown list.
* Ensure the recipe is correctly associated to enforce the policy allowing compute instances in the public subnet.
* Define the Security Zone Scope:
* UnderResources to Protect, select the compartment or specific resources (e.g., the VCN with CIDR 10.0.0.0/16 and public subnet 10.0.10.0/24) to apply the security zone.
* Check the box to include all resources in the selected compartment if applicable.
* Create the Security Zone:
* ClickCreateto finalize the security zone creation.
* Once created, note theOCIDof the security zone from the security zone details page. The OCID will be a unique identifier starting with ocid1.securityzone.
* Verify the Security Zone:
* Go to theSecurity Zonestab and locate IAD_SAP-PBT-CSZ-01.
* Confirm the associated recipe (IAD-SP-PBT-CSP-01) and the applied policies.
OCID of the Created Security Zone
* The exact OCID will be generated upon creation (e.g., ocid1.securityzone.oc1..<unique_string>).
Please enter the OCID displayed in the OCI Console after completing Step 7.


質問 # 20
Challenge 2
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task 5: Provision a Compute Instance
Provision a compute instance in the IAD-SP-PBT-PUBSNET-01 public subnet, where:
Name IAD-SP-PBT-1-VM-01
image: Oracle Linux 8
Shape VM: Standard, A1, Flex
Enter the OCID of the created compute instance in the text box below.

正解:

解説:
See the solution below in Explanation.
Explanation:
To provision a compute instance named IAD-SP-PBT-1-VM-01 in the IAD-SP-PBT-PUBSNET-01 public subnet with the specified configuration (Oracle Linux 8 image, VM Standard A1 Flex shape), follow these steps based on the Oracle Cloud Infrastructure (OCI) Compute documentation.
Step-by-Step Solution for Task 5: Provision a Compute Instance
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Compute Instances:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderCompute, selectInstances.
* Create a New Compute Instance:
* Click theCreate Instancebutton.
* Configure the Instance Details:
* Name:Enter IAD-SP-PBT-1-VM-01.
* Compartment:Select the assigned compartment.
* Placement:Choose the availability domain (e.g., AD-1) based on your region's availability.
* Select the Image:
* UnderImage and Shape, clickChange Image.
* SelectOracle Linux 8from the platform images list.
* ClickSelect Image.
* Choose the Shape:
* ClickChange Shape.
* SelectVM Standardcategory.
* ChooseA1 Flexfrom the shape options.
* Configure the OCPUs (e.g., 1 OCPU) and memory (e.g., 6 GB) as needed for A1 Flex, then click Select Shape.
* Configure Networking:
* UnderNetworking, ensure theVirtual Cloud Networkis set to IAD-SP-PBT-VCN-01.
* Set theSubnetto IAD-SP-PBT-PUBSNET-01 (public subnet with CIDR 10.0.1.0/24).
* EnableAssign a public IPv4 addressto allow external connectivity.
* Leave the default security list or assign a custom one if configured previously.
* Set Up SSH Access:
* UnderAdd SSH Keys, either:
* Upload your public SSH key file, or
* Paste your public SSH key manually.
* This ensures you can access the instance via SSH.
* Launch the Instance:
* ClickCreateto provision the compute instance.
* Wait for the instance to reach theRunningstate (this may take a few minutes).
* Note the Instance OCID:
* Once the instance is running, go to the instance details page for IAD-SP-PBT-1-VM-01.
* Copy theOCIDdisplayed (e.g., ocid1.instance.oc1..<unique_string>).
OCID of the Created Compute Instance
* Enter the OCID of the created compute instance (IAD-SP-PBT-1-VM-01) into the text box. The exact OCID will be available after Step 9 (e.g., ocid1.instance.oc1..<unique_string>).
Notes
* Ensure the security zone IAD_SAP-PBT-CSZ-01 and its associated recipe IAD-SP-PBT-CSP-01 allow compute instance creation in the public subnet (10.0.1.0/24).
* Verify network connectivity by testing SSH access using the public IP assigned to the instance.


質問 # 21
Task 6: Create Load Balancer and Attach Certificate
Create a Load Balancer with the name PBT-CERT-LB-01 in subnet LB-Subnet-PBT-CERT-SNET-02 Create a Listener for the load balancer, where:
Name: PBT-CERT-LB_LTSN_01
Protocol: HTTPS
Port: 443
Attach the certificate PBT-CERT-01-<username> to the load balancer
Attach the security list PBT-CERT-LB-SL-01 to subnet LB-Subnet-PBT-CERT-SNET-02 See the solution below in Explanation.

正解:

解説:
Task 6: Create Load Balancer and Attach Certificate
Step 1: Create the Load Balancer
* Log in to the OCI Console.
* Navigate toNetworking>Load Balancers.
* ClickCreate Load Balancer.
* Enter the following details:
* Name: PBT-CERT-LB-01
* Compartment: Select your assigned compartment.
* Load Balancer Type: SelectPublic.
* Virtual Cloud Network: Select PBT-CERT-VCN-01.
* Subnet: Select LB-Subnet-PBT-CERT-SNET-02.
* Shape: Choose a shape (e.g., 10 Mbps, adjust based on needs).
* ClickNext.
* Leave backend sets and listeners as default for now (we'll configure the listener next).
* ClickCreate Load Balancerand wait for it to be provisioned.
Step 2: Create a Listener
* Once the load balancer is created, go to theLoad Balancerspage and click on PBT-CERT-LB-01.
* UnderResources, clickListeners.
* ClickCreate Listener.
* Enter the following details:
* Name: PBT-CERT-LB_LTSN_01
* Protocol: SelectHTTPS.
* Port: Enter 443.
* Certificate: ClickAdd Certificate, then select the PBT-CERT-01<username> certificate (e.g., PBT-CERT-0199008677labuser01) created in Task 5.
* Leave other settings (e.g., SSL handling) as default unless specified.
* ClickCreate.
Step 3: Configure the Backend Set
* In the PBT-CERT-LB-01 details page, underResources, clickBackend Sets.
* ClickCreate Backend Set(if not already created).
* Enter basic details (e.g., name like PBT-CERT-BS-01).
* Add a backend server:
* IP Address: Use the private IP of PBT-CERT-VM-01 (find this in the instance details under Compute>Instances).
* Port: 80 (HTTP, as configured on the web server).
* Protocol: HTTP.
* ClickCreate.
Step 4: Attach the Security List to the Subnet
* Navigate toNetworking>Virtual Cloud Networks.
* Select PBT-CERT-VCN-01 and clickSubnets.
* Click on LB-Subnet-PBT-CERT-SNET-02.
* UnderSecurity Lists, ensure PBT-CERT-LB-SL-01 is attached. If not:
* ClickEdit.
* Remove the default security list and add PBT-CERT-LB-SL-01.
* ClickSave Changes.
Step 5: Verify the Configuration
* Ensure the load balancer health status is OK (check underBackend Sets>Health).
* Test by accessing https://<load-balancer-public-ip> in a browser (replace with the public IP from the load balancer details).


質問 # 22
Challenge 2 -Task 1
In deploying a new application, a cloud customer needs to reflect different security postures. If a security zone is enabled with the Maximum Security Zone recipe, the customer will be unable to create or update a resource in the security zone if the action violates the attached Maximum Security Zone policy.
As an application requirement, the customer requires a compute instance in the public subnet. You therefore, need to configure Custom Security Zones that allow the creation of compute instances in the public subnet.
Review the architecture diagram, which outlines the resoures you'll need to address the requirement:

Preconfigured
To complete this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
Required IAM policies
Task3: Create and configure a Virtual Cloud Network and Private Subnet
Createand configure virtual cloud Network (VCN) named IAD SP-PBT-VCN-01, with an internet Gateway and configure appropriate route rules to allow external connectivity.
Enter the OCID of the created VCN in the text box below.

正解:

解説:
See the solution below in Explanation.
Explanation:
To create and configure a Virtual Cloud Network (VCN) named IAD-SP-PBT-VCN-01 with an Internet Gateway and appropriate route rules for external connectivity, follow these steps based on the Oracle Cloud Infrastructure (OCI) Networking documentation.
Step-by-Step Solution for Task 3: Create and Configure a VCN and Private Subnet
* Log in to the OCI Console:
* Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.
com).
* Ensure you have access to the assigned compartment.
* Navigate to Virtual Cloud Networks:
* From the OCI Console, click the navigation menu (hamburger icon) on the top left.
* UnderNetworking, selectVirtual Cloud Networks.
* Create a New VCN:
* ClickStart VCN Wizardand selectCreate VCN with Internet Connectivity.
* VCN Name:Enter IAD-SP-PBT-VCN-01.
* Compartment:Select the assigned compartment.
* VCN CIDR Block:Enter 10.0.0.0/16 (matches the diagram's VCN CIDR).
* Public Subnet CIDR Block:Enter 10.0.10.0/24 (matches the diagram's public subnet).
* Accept the default settingsfor the public subnet and Internet Gateway creation.
* ClickCreateto provision the VCN, Internet Gateway, and public subnet.
* Verify the Internet Gateway:
* After creation, go to the VCN details page for IAD-SP-PBT-VCN-01.
* UnderResources, selectInternet Gateways.
* Ensure the Internet Gateway is attached and enabled.
* Configure Route Rules:
* In the VCN details page, underResources, selectRoute Tables.
* Select the default route table associated with the public subnet (10.0.10.0/24).
* ClickAdd Route Rules.
* Target Type:SelectInternet Gateway.
* Destination CIDR Block:Enter 0.0.0.0/0.
* Target Internet Gateway:Select the Internet Gateway created with the VCN.
* ClickAdd Route Ruleto save.
* Update Security List (if needed):
* UnderResources, selectSecurity Lists.
* Edit the default security list for the public subnet.
* Add an ingress rule:
* Source CIDR:0.0.0.0/0
* IP Protocol:TCP
* Source Port Range:All
* Destination Port Range:22 (for SSH) or as required by your application.
* Add an egress rule:
* Destination CIDR:0.0.0.0/0
* IP Protocol:All
* Save the changes.
* Note the VCN OCID:
* Return to the VCN details page for IAD-SP-PBT-VCN-01.
* Copy theOCIDdisplayed (e.g., ocid1.vcn.oc1..<unique_string>).
OCID of the Created VCN
* Enter the OCID of the created VCN (IAD-SP-PBT-VCN-01) into the text box. The exact OCID will be available after Step 3 (e.g., ocid1.vcn.oc1..<unique_string>).


質問 # 23
"A business has a hybrid cloud infrastructure with Oracle Linux instances running in OCI and on-premises.
They want to reduce the amount of bandwidth used when patching systems.
Which component of OS Management Hub can help to reduce the bandwidth usage for patching?

  • A. Dynamic groups
  • B. Management agents
  • C. Profiles"
  • D. Management stations

正解:C


質問 # 24
You're managing an Oracle Cloud Infrastructure (OCI) environment where a public website hosts downloadable assets stored in Object Storage buckets. These buckets need to be publicly accessible for website visitors, but Cloud Guard keeps flagging them as security risks.
How can Cloud Guard be configured to ignore problems specific to public buckets while still ensuring security checks are applied to other resources that require them?

  • A. Dismiss problems associated with those resources.
  • B. Resolve or remediate the problems by making the buckets private.
  • C. Fix the baseline by configuring the Conditional groups for the detector.
  • D. A public bucket is a security risk, so Cloud Guard will keep detecting it.

正解:C


質問 # 25
Which Oracle Data Safe feature enables the Internal test, development, and analytics teams to operate effectively while minimizing their exposure to sensitive data?

  • A. Data auditing
  • B. Security assessment
  • C. Sensitive data discovery
  • D. Data encryption

正解:C


質問 # 26
Task 4: Create a Certificate Authority (CA)
Create a certificate authority, where:
CA name: PBT-CERT-CA-01-<username>
For example, if your username is 99008677-lab.user01, then the certificate authority name should be PBT- CERT-CA-01990086771abuser01 Ensure you eliminate special characters from the user name.
Common name: PBT-CERT-OCICA-01
Master Encryption Key: PBT-CERT-MEK-01 (created in the previous task)

正解:

解説:
See the solution below in Explanation.
Task 4: Create a Certificate Authority (CA)
Step 1: Access the OCI Vault
* Log in to the OCI Console.
* Navigate toIdentity & Security>Vault.
* Select the root compartment.
* Locate and click on the vault named PBI_Vault_SP.
Step 2: Create the Certificate Authority
* In the PBI_Vault_SP vault details page, underResources, clickCertificate Authorities.
* ClickCreate Certificate Authority.
* Enter the following details:
* Name: Replace <username> with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-CA-
0199008677labuser01).
* Common Name: Enter PBT-CERT-OCICA-01.
* Master Encryption Key: Select the PBT-CERT-MEK-01<username> key created in Task 3 (e.
g., PBT-CERT-MEK-0199008677labuser01).
* Subject: Leave as default or adjust (e.g., Organization, Country) if required by your setup.
* Validity Period: Set as needed (e.g., 10 years), or use the default.
* Compartment: Ensure it's set to the root compartment.
* ClickCreate Certificate Authorityand wait for the CA to be provisioned.
Step 3: Verify the Certificate Authority
* After creation, go to theCertificate Authoritiessection under PBI_Vault_SP.
* Confirm the CA PBT-CERT-CA-01<username> (e.g., PBT-CERT-CA-0199008677labuser01) is listed and its status is active.


質問 # 27
......

1z0-1104-25試験問題と有効な1z0-1104-25問題集PDF:https://www.jpntest.com/shiken/1z0-1104-25-mondaishu

1z0-1104-25ブレーン問題集学習ガイドにはヒントとコツで試験合格を目指そう:https://drive.google.com/open?id=1EdvWMF4xhq-EAWQFerAx0gj92jTGLIfH

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡