Oracle Cloud Infrastructure 2025 Security Professional 1z0-1104-25 Exam Questions with Experts Answers Updated Recently

Task 7: Verify the OCI Certificate with Load Balancer

Step 1: Obtain the Public IP of the Load Balancer

Log in to the OCI Console.

Navigate toNetworking>Load Balancers.

Click on PBT-CERT-LB-01.

Note thePublic IP Addressfrom the load balancer details page.

Step 2: Verify HTTPS Connection Using Cloud Shell

Open the OCI Cloud Shell from the top-right corner of the OCI Console.

Run the following command, replacing with the public IP you noted:

curl -k https://

Expected output: You should see the text "You are visiting Web Server 1" if the connection is successful. The -k flag ignores certificate validation errors (common during initial testing with self-signed or newly issued certificates).

If you encounter an error, ensure the load balancer is active, the listener is configured correctly, and the backend server (PBT-CERT-VM-01) is reachable.

Step 3: Verify in a Web Browser

Open a web browser.

Enter the following URL, replacing with the public IP you noted:

https://

If prompted with a certificate warning (e.g., due to a self-signed certificate or untrusted CA), accept the risk and proceed (click "Advanced" and "Proceed" or similar, depending on your browser).

Verify that the web page displays the text "You are visiting Web Server 1" from the index.html file created on PBT-CERT-VM-01.

Step 4: Troubleshoot (if needed)

If the text is not displayed:

Check the load balancer health status underBackend Sets>Healthin the OCI Console.

Ensure the security list PBT-CERT-LB-SL-01 allows port 443 and the compute instance security list allows port 80.

Verify the Apache service is running on PBT-CERT-VM-01 by SSHing in and running sudo systemctl status httpd.

To create a Security Zone named IAD_SAP-PBT-CSZ-01 in your assigned compartment and associate it with the Custom Security Zone Recipe IAD-SP-PBT-CSP-01 created in the previous task, follow these steps based on the Oracle Cloud Infrastructure (OCI) Security Zones documentation.

Step-by-Step Solution for Task 2: Create a Security Zone

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.com ).

Ensure you have access to the assigned compartment.

Navigate to Security Zones:

From the OCI Console, click the navigation menu (hamburger icon) on the top left.

UnderGovernance and Administration, selectSecurity Zones.

Create a New Security Zone:

In the Security Zones dashboard, click theCreate Security Zonebutton.

Configure the Security Zone Details:

Name:Enter IAD_SAP-PBT-CSZ-01.

Compartment:Select the assigned compartment provided.

Description:(Optional) Add a description, e.g., "Security Zone for public subnet compute instances."

Associate the Custom Security Zone Recipe:

In theRecipesection, select the custom recipe IAD-SP-PBT-CSP-01 created in Task 1 from the dropdown list.

Ensure the recipe is correctly associated to enforce the policy allowing compute instances in the public subnet.

Define the Security Zone Scope:

UnderResources to Protect, select the compartment or specific resources (e.g., the VCN with CIDR 10.0.0.0/16 and public subnet 10.0.10.0/24) to apply the security zone.

Check the box to include all resources in the selected compartment if applicable.

Create the Security Zone:

ClickCreateto finalize the security zone creation.

Once created, note theOCIDof the security zone from the security zone details page. The OCID will be a unique identifier starting with ocid1.securityzone.

Verify the Security Zone:

Go to theSecurity Zonestab and locate IAD_SAP-PBT-CSZ-01.

Confirm the associated recipe (IAD-SP-PBT-CSP-01) and the applied policies.

OCID of the Created Security Zone

The exact OCID will be generated upon creation (e.g., ocid1.securityzone.oc1..). Please enter the OCID displayed in the OCI Console after completing Step 7.

To provision a compute instance named IAD-SP-PBT-1-VM-01 in the IAD-SP-PBT-PUBSNET-01 public subnet with the specified configuration (Oracle Linux 8 image, VM Standard A1 Flex shape), follow these steps based on the Oracle Cloud Infrastructure (OCI) Compute documentation.

Step-by-Step Solution for Task 5: Provision a Compute Instance

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.com ).

Ensure you have access to the assigned compartment.

Navigate to Compute Instances:

From the OCI Console, click the navigation menu (hamburger icon) on the top left.

UnderCompute, selectInstances.

Create a New Compute Instance:

Click theCreate Instancebutton.

Configure the Instance Details:

Name:Enter IAD-SP-PBT-1-VM-01.

Compartment:Select the assigned compartment.

Placement:Choose the availability domain (e.g., AD-1) based on your region’s availability.

Select the Image:

UnderImage and Shape, clickChange Image.

SelectOracle Linux 8from the platform images list.

ClickSelect Image.

Choose the Shape:

ClickChange Shape.

SelectVM Standardcategory.

ChooseA1 Flexfrom the shape options.

Configure the OCPUs (e.g., 1 OCPU) and memory (e.g., 6 GB) as needed for A1 Flex, then clickSelect Shape.

Configure Networking:

UnderNetworking, ensure theVirtual Cloud Networkis set to IAD-SP-PBT-VCN-01.

Set theSubnetto IAD-SP-PBT-PUBSNET-01 (public subnet with CIDR 10.0.1.0/24).

EnableAssign a public IPv4 addressto allow external connectivity.

Leave the default security list or assign a custom one if configured previously.

Set Up SSH Access:

UnderAdd SSH Keys, either:

Upload your public SSH key file, or

Paste your public SSH key manually.

This ensures you can access the instance via SSH.

Launch the Instance:

ClickCreateto provision the compute instance.

Wait for the instance to reach theRunningstate (this may take a few minutes).

Note the Instance OCID:

Once the instance is running, go to the instance details page for IAD-SP-PBT-1-VM-01.

Copy theOCIDdisplayed (e.g., ocid1.instance.oc1..).

OCID of the Created Compute Instance

Enter the OCID of the created compute instance (IAD-SP-PBT-1-VM-01) into the text box. The exact OCID will be available after Step 9 (e.g., ocid1.instance.oc1..).

Notes

Ensure the security zone IAD_SAP-PBT-CSZ-01 and its associated recipe IAD-SP-PBT-CSP-01 allow compute instance creation in the public subnet (10.0.1.0/24).

Verify network connectivity by testing SSH access using the public IP assigned to the instance.

Challenge 1: Integrate TLS Certificate Issued by the OCI Certificates Service with Load Balancer

Task 1: Create and Configure a Virtual Cloud Network (VCN)

Step 1: Create the Virtual Cloud Network (VCN)

Log in to the OCI Console.

Navigate toNetworking>Virtual Cloud Networks.

ClickCreate Virtual Cloud Network.

SelectVCN with Internet Connectivity(to include an Internet Gateway by default).

Enter the following details:

Name: PBT-CERT-VCN-01

Compartment: Select your assigned compartment.

VCN CIDR Block: 10.0.0.0/16

Leave other settings as default (e.g., create a new public subnet and route table).

ClickCreate Virtual Cloud Network. Wait for the VCN to be created.

Step 2: Create Subnet 1 (Compute-Subnet-PBT-CERT)

In the VCN details page for PBT-CERT-VCN-01, clickSubnetsunderResources.

ClickCreate Subnet.

Enter the following details:

Name: Compute-Subnet-PBT-CERT

Subnet Type: Regional

CIDR Block: 10.0.1.0/24

Route Table: Select the default route table created with the VCN.

Subnet Access: Public Subnet (to allow internet access).

DNS Resolution: Enabled.

ClickCreate.

Step 3: Create Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)

In the VCN details page, clickSubnetsunderResources.

ClickCreate Subnet.

Enter the following details:

Name: LB-Subnet-PBT-CERT-SNET-02

Subnet Type: Regional

CIDR Block: 10.0.2.0/24

Route Table: Select the default route table created with the VCN.

Subnet Access: Public Subnet (to allow internet access for the load balancer).

DNS Resolution: Enabled.

ClickCreate.

Step 4: Verify Internet Gateway

In the VCN details page, underResources, clickInternet Gateways.

Ensure an Internet Gateway is listed and attached to PBT-CERT-VCN-01. If not created, clickCreate Internet Gateway, name it (e.g., PBT-CERT-IGW), and attach it.

Step 5: Configure Route Table

In the VCN details page, underResources, clickRoute Tables.

Select the default route table or create a new one named PBT-CERT-RT-01.

ClickAdd Route Rule. 4 -Destination CIDR Block: 0.0.0.0/0

Target Type: Internet Gateway

Target: Select the Internet Gateway created (e.g., PBT-CERT-IGW).

ClickAdd Route Ruleand save.

Step 6: Create Security List for Subnet 1 (Compute-Subnet-PBT-CERT)

In the VCN details page, underResources, clickSecurity Lists.

ClickCreate Security List.

Enter the following:

Name: PBT-CERT-CS-SL-01

Compartment: Your assigned compartment.

Add the following ingress rule:

Source CIDR: 0.0.0.0/0 (allow from any source, adjust as per security needs)

IP Protocol: TCP

Source Port Range: All

Destination Port Range: 22 (for SSH)

Allows: Traffic

ClickCreate.

Step 7: Create Security List for Subnet 2 (LB-Subnet-PBT-CERT-SNET-02)

In the VCN details page, underResources, clickSecurity Lists.

ClickCreate Security List.

Enter the following:

Name: PBT-CERT-LB-SL-01

Compartment: Your assigned compartment.

Add the following ingress rule:

Source CIDR: 0.0.0.0/0 (allow from any source, adjust as per security needs)

IP Protocol: TCP

Source Port Range: All

Destination Port Range: 443 (for HTTPS)

Allows: Traffic

ClickCreate.

Step 8: Retrieve and Enter VCN OCID

Go to the VCN details page for PBT-CERT-VCN-01.

Copy theOCIDfrom the VCN information section.

Enter the OCID in the provided text box.