Free Oracle 1Z0-1104-25 Exam Actual Questions & Explanations

Last updated on: Jun 19, 2026
Author: Ines Edwards (Oracle Cloud Security Certification Specialist)

The Oracle Cloud Infrastructure 2025 Security Professional exam (1Z0-1104-25) validates your ability to design, implement, and manage security controls across Oracle Cloud Infrastructure environments. This certification is ideal for cloud architects, security engineers, and infrastructure professionals who need to demonstrate expertise in OCI security practices. This landing page provides a structured study roadmap, practical exam insights, and access to quality preparation materials to help you pass with confidence.

1Z0-1104-25 Exam Syllabus & Core Topics

Use this topic map to guide your study for Oracle 1Z0-1104-25 (Oracle Cloud Infrastructure 2025 Security Professional) within the Oracle Cloud and Oracle Cloud Infrastructure certification path.

  • OCI Security Introduction: Understand the Oracle Cloud Infrastructure security model, shared responsibility framework, and how security domains integrate across the platform.
  • Implementing Identity and Access Management (IAM): Configure users, groups, compartments, and policies; apply least-privilege principles and manage federated access for enterprise environments.
  • Protecting Infrastructure - Network and Applications: Design network security using Virtual Cloud Networks, security lists, Network Security Groups, and Web Application Firewalls to defend against unauthorized access.
  • Implementing OS and Workload Protection: Secure compute instances through OS hardening, vulnerability management, and agent-based monitoring to reduce attack surface.
  • Protecting Data: Implement encryption at rest and in transit, manage keys using OCI Key Management Service, and apply data classification strategies.
  • Detecting, Remediating, and Monitoring OCI Resources: Use Cloud Guard, Security Advisor, and audit logs to detect threats, respond to incidents, and maintain continuous compliance visibility.

Question Formats & What They Test

The 1Z0-1104-25 exam combines knowledge-based and scenario-driven questions to assess both theoretical understanding and practical decision-making in real-world OCI security situations.

  • Multiple choice: Test recall of security concepts, feature capabilities, OCI service behaviors, and key terminology across all six domains.
  • Scenario-based items: Present realistic security challenges (e.g., "Your organization requires encryption for all data at rest; which OCI services and configurations meet this requirement?") and ask you to select the best architectural or operational decision.
  • Configuration reasoning: Evaluate policy statements, network rules, or IAM settings and determine their security impact or identify gaps in protection.

Questions progress in difficulty and emphasize practical application, so studying with real-world examples and hands-on labs strengthens both retention and exam performance.

Preparation Guidance

An effective study plan aligns each exam domain to focused weekly goals, reinforces connections between topics, and includes regular practice and review cycles. Dedicate 4-6 weeks to preparation, with time for both conceptual learning and scenario practice.

  • Map the six domains (OCI Security Introduction, IAM, Network and Application Protection, OS and Workload Protection, Data Protection, and Detection/Remediation/Monitoring) to weekly study blocks; track progress and revisit weaker areas.
  • Work through practice question sets regularly; read explanations carefully to understand not just the correct answer but why alternatives are incorrect.
  • Connect concepts across workflows: for example, how IAM policies enforce data access controls, or how Cloud Guard detects and remediates misconfigurations in network settings.
  • Complete a timed mini mock exam (30-40 questions) in week 5 to build pacing confidence and identify remaining knowledge gaps.
  • In the final week, review high-weight topics (IAM and data protection typically carry more exam weight) and do a final timed practice test under exam conditions.

Explore other Oracle certifications: view all Oracle exams.

Get the PDF & Practice Test

Strengthen your preparation with up-to-date resources from validexamdumps.com. These materials align to 1Z0-1104-25 and cover practical scenarios with clear explanations.

  • Q&A PDF with explanations: Topic-mapped questions that clarify why correct options are right and others aren't.
  • Practice Test: Realistic items, timed and untimed modes, progress tracking, and detailed review feedback.
  • Focused coverage: Aligned to OCI Security Introduction, IAM, Network and Application Protection, OS and Workload Protection, Data Protection, and Detection/Remediation/Monitoring, so you study what matters most.
  • Regular updates: Content refreshes that reflect syllabus and Oracle Cloud Infrastructure product changes.

Visit the exam page to download the PDF, Online Practice Test, or get a Bundle Discount offer for both formats: Oracle Cloud Infrastructure 2025 Security Professional.

Frequently Asked Questions

Which exam domains should I prioritize for 1Z0-1104-25?

Identity and Access Management (IAM) and Protecting Data typically carry the highest weight on the exam. However, all six domains are essential; focus first on IAM and data protection, then ensure solid coverage of network security and detection/monitoring. Neglecting any domain risks missing critical questions in the exam.

How do the six topics connect in a real OCI security project?

Security domains work together as layers: IAM establishes who can access what, network protection controls traffic flow, OS and workload protection hardens compute resources, data protection encrypts sensitive information, and detection/monitoring catches anomalies and enforces compliance. Understanding these connections helps you answer scenario questions that span multiple domains and design comprehensive security architectures.

How much hands-on OCI experience do I need before attempting this exam?

Ideally, you should have 6-12 months of practical OCI experience. Prioritize labs that cover IAM policy creation, network security list configuration, encryption key management, and Cloud Guard policy setup. If you lack hands-on experience, supplement study with free OCI trial accounts and guided labs to build confidence in real-world scenarios.

What are common mistakes that cost exam points?

Candidates often confuse IAM compartment boundaries with network isolation, overlook the shared responsibility model (what Oracle manages vs. what you manage), misunderstand encryption scope (at-rest vs. in-transit), or rush through scenario questions without fully reading all options. Read questions carefully, eliminate obviously wrong answers first, and verify your choice aligns with OCI best practices.

How should I structure my final week before the exam?

Dedicate 3-4 days to reviewing high-weight topics (IAM and data protection) using your notes and practice questions. Spend 2 days on a full-length timed practice test under exam conditions, then review every missed question. Use the last 1-2 days for light review of weak areas and mental preparation; avoid cramming new material. Ensure you are well-rested the night before the exam.

Get All 36 Questions
Question No. 1

SIMULATION

Task 5: Create a Certificate

Create a certificate, where:

Certificate name: PBT-CERT-01-

For example, if your username is 99008677-lab.user01, then the certificate name should be PBT-CERT-01990086771abuser01

Ensure you eliminate special characters from the user name.

Common name: PBT-CERT-OCICERT-01

Certificate Authority: PBT-CERT-CA-01 (created in the previous task)

Show Answer Hide Answer
Correct Answer: A

Since I can't create resources or retrieve OCIDs directly in your OCI environment, I'll provide a step-by-step solution based on verified OCI documentation and best practices as of 02:30 PM BST on Thursday, June 12, 2025. Follow these instructions precisely in the OCI Console or CLI, using the preconfigured PBI_Vault_SP vault and the PBT-CERT-CA-01<username> Certificate Authority created in the previous task. Replace <username> with your actual username (e.g., 99008677-lab.user01), ensuring special characters are removed.

Task 5: Create a Certificate

Step 1: Access the OCI Vault

Log in to the OCI Console.

Navigate to Identity & Security > Vault.

Select the root compartment.

Locate and click on the vault named PBI_Vault_SP.

Step 2: Create the Certificate

In the PBI_Vault_SP vault details page, under Resources, click Certificates.

Click Create Certificate.

Enter the following details:

Name: Replace <username> with your username (e.g., if your username is 99008677-lab.user01, remove special characters like - and . to get 99008677labuser01, then use PBT-CERT-0199008677labuser01).

Common Name: Enter PBT-CERT-OCICERT-01.

Certificate Authority: Select the PBT-CERT-CA-01<username> CA created in Task 4 (e.g., PBT-CERT-CA-0199008677labuser01).

Subject: Leave as default or adjust (e.g., Organization, Country) if required.

Validity Period: Set as needed (e.g., 1 year), or use the default.

Compartment: Ensure it's set to the root compartment.

Click Create Certificate and wait for the certificate to be issued.

Step 3: Verify the Certificate

After creation, go to the Certificates section under PBI_Vault_SP.

Confirm the certificate PBT-CERT-01<username> (e.g., PBT-CERT-0199008677labuser01) is listed and its status is active.


Question No. 2

You are the first responder of a security incident for ABC Org. You have identified several IP addresses and URLs in the logs that you suspect may be related to the incident. However, you need more information to confidently determine whether they are indeed malicious or not.

Which OCI service can you use to obtain a more refined information and confidence score for these identified indicators?

Show Answer Hide Answer
Correct Answer: B

Question No. 3

"Your company is in the process of migrating its sensitive data to Oracle Cloud Infrastructure (OCI) and is prioritizing the strongest possible security measures. Encryption is a key part of this strategy, but you are particularly concerned about the physical security of the hardware where your encryption keys will be stored.

Which characteristic of OCI Key Management Service (KMS) helps ensure the physical security of your encryption keys?

Show Answer Hide Answer
Correct Answer: D

Question No. 4

SIMULATION

Challenge 1 - Task 1

Integrate TLS Certificate Issued by the OCI Certificates Service with Load Balancer

You are a cloud engineer at a tech company that is migrating its services to Oracle Cloud Infrastructure (OCI). You are required to set up secure communication for your web application using OCI's Certificate service. You need to create a Certificate Authority (CA), issue a TLS/SSL server certificate, and configure a load balancer to use this certificate to ensure encrypted traffic between clients and the backend servers.

Review the architecture diagram, which outlines the resources you'll need to address the requirement.

Preconfigured

To complete this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

Required IAM policies

OCI Vault to store the secret required by the program, which is created in the root compartment as PBI_Vault_SP

Task 1: Create and Configure a Virtual Cloud Network (VCN)

Create a Virtual Cloud Network (VCN) named PBT-CERT-VCN-01 with the following specifications:

VCN with a CIDR block of 10.0.0.0/16

Subnet 1 (Compute Instance):

Name: Compute-Subnet-PBT-CERT

CIDR Block: 10.0.1.0/24

Subnet 2 (Load Balancer):

Name: LB-Subnet-PBT-CERT-SNET-02

CIDR Block: 10.0.2.0/24

Internet Gateway for external connectivity

Route table and security lists:

Security List named PBT-CERT-CS-SL-01 for Subnet 1 (Compute-Subnet-PBT-CERT) to allow SSH (port 22) traffic

Security List named PBT-CERT-LB-SL-01 for Subnet 2 (LB-Subnet-PBT-CERT) to allow HTTPS (port 443) traffic

"Enter the OCID of the created VCN in the text box below.

Show Answer Hide Answer
Correct Answer: A

Challenge 1: Integrate TLS Certificate Issued by the OCI Certificates Service with Load Balancer

Task 1: Create and Configure a Virtual Cloud Network (VCN)

Step 1: Create the Virtual Cloud Network (VCN)

Log in to the OCI Console.

Navigate to Networking > Virtual Cloud Networks.

Click Create Virtual Cloud Network.

Select VCN with Internet Connectivity (to include an Internet Gateway by default).

Enter the following details:

Name: PBT-CERT-VCN-01

Compartment: Select your assigned compartment.

VCN CIDR Block: 10.0.0.0/16

Leave other settings as default (e.g., create a new public subnet and route table).

Click Create Virtual Cloud Network. Wait for the VCN to be created.

Step 2: Create Subnet 1 (Compute-Subnet-PBT-CERT)

In the VCN details page for PBT-CERT-VCN-01, click Subnets under Resources.

Click Create Subnet.

Enter the following details:

Name: Compute-Subnet-PBT-CERT

Subnet Type: Regional

CIDR Block: 10.0.1.0/24

Route Table: Select the default route table created with the VCN.

Subnet Access: Public Subnet (to allow internet access).

DNS Resolution: Enabled.

Click Create.

Step 3: Create Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)

In the VCN details page, click Subnets under Resources.

Click Create Subnet.

Enter the following details:

Name: LB-Subnet-PBT-CERT-SNET-02

Subnet Type: Regional

CIDR Block: 10.0.2.0/24

Route Table: Select the default route table created with the VCN.

Subnet Access: Public Subnet (to allow internet access for the load balancer).

DNS Resolution: Enabled.

Click Create.

Step 4: Verify Internet Gateway

In the VCN details page, under Resources, click Internet Gateways.

Ensure an Internet Gateway is listed and attached to PBT-CERT-VCN-01. If not created, click Create Internet Gateway, name it (e.g., PBT-CERT-IGW), and attach it.

Step 5: Configure Route Table

In the VCN details page, under Resources, click Route Tables.

Select the default route table or create a new one named PBT-CERT-RT-01.

Click Add Route Rule. 4 - Destination CIDR Block: 0.0.0.0/0

Target Type: Internet Gateway

Target: Select the Internet Gateway created (e.g., PBT-CERT-IGW).

Click Add Route Rule and save.

Step 6: Create Security List for Subnet 1 (Compute-Subnet-PBT-CERT)

In the VCN details page, under Resources, click Security Lists.

Click Create Security List.

Enter the following:

Name: PBT-CERT-CS-SL-01

Compartment: Your assigned compartment.

Add the following ingress rule:

Source CIDR: 0.0.0.0/0 (allow from any source, adjust as per security needs)

IP Protocol: TCP

Source Port Range: All

Destination Port Range: 22 (for SSH)

Allows: Traffic

Click Create.

Step 7: Create Security List for Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)

In the VCN details page, under Resources, click Security Lists.

Click Create Security List.

Enter the following:

Name: PBT-CERT-LB-SL-01

Compartment: Your assigned compartment.

Add the following ingress rule:

Source CIDR: 0.0.0.0/0 (allow from any source, adjust as per security needs)

IP Protocol: TCP

Source Port Range: All

Destination Port Range: 443 (for HTTPS)

Allows: Traffic

Click Create.

Step 8: Retrieve and Enter VCN OCID

Go to the VCN details page for PBT-CERT-VCN-01.

Copy the OCID from the VCN information section.

Enter the OCID in the provided text box.


Question No. 5

During your investigation of a load balancer issue, you discovered that all back-end servers associated with one of the affected listeners were reported as unhealthy. However, when you checked the back-end servers, they seemed to be working just fine.

What might be causing this issue?

Show Answer Hide Answer
Correct Answer: E

Get All 36 Questions Explore Other Oracle Exams