1z0-1104-25 Oracle Cloud Infrastructure 2025 Security Professional Questions and Answers

To create and configure a Virtual Cloud Network (VCN) named IAD-SP-PBT-VCN-01 with an Internet Gateway and appropriate route rules for external connectivity, follow these steps based on the Oracle Cloud Infrastructure (OCI) Networking documentation.

Step-by-Step Solution for Task 3: Create and Configure a VCN and Private Subnet

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.com ).

Ensure you have access to the assigned compartment.

Navigate to Virtual Cloud Networks:

From the OCI Console, click the navigation menu (hamburger icon) on the top left.

UnderNetworking, selectVirtual Cloud Networks.

Create a New VCN:

ClickStart VCN Wizardand selectCreate VCN with Internet Connectivity.

VCN Name:Enter IAD-SP-PBT-VCN-01.

Compartment:Select the assigned compartment.

VCN CIDR Block:Enter 10.0.0.0/16 (matches the diagram's VCN CIDR).

Public Subnet CIDR Block:Enter 10.0.10.0/24 (matches the diagram's public subnet).

Accept the default settingsfor the public subnet and Internet Gateway creation.

ClickCreateto provision the VCN, Internet Gateway, and public subnet.

Verify the Internet Gateway:

After creation, go to the VCN details page for IAD-SP-PBT-VCN-01.

UnderResources, selectInternet Gateways.

Ensure the Internet Gateway is attached and enabled.

Configure Route Rules:

In the VCN details page, underResources, selectRoute Tables.

Select the default route table associated with the public subnet (10.0.10.0/24).

ClickAdd Route Rules.

Target Type:SelectInternet Gateway.

Destination CIDR Block:Enter 0.0.0.0/0.

Target Internet Gateway:Select the Internet Gateway created with the VCN.

ClickAdd Route Ruleto save.

Update Security List (if needed):

UnderResources, selectSecurity Lists.

Edit the default security list for the public subnet.

Add an ingress rule:

Source CIDR:0.0.0.0/0

IP Protocol:TCP

Source Port Range:All

Destination Port Range:22 (for SSH) or as required by your application.

Add an egress rule:

Destination CIDR:0.0.0.0/0

IP Protocol:All

Save the changes.

Note the VCN OCID:

Return to the VCN details page for IAD-SP-PBT-VCN-01.

Copy theOCIDdisplayed (e.g., ocid1.vcn.oc1..).

OCID of the Created VCN

Enter the OCID of the created VCN (IAD-SP-PBT-VCN-01) into the text box. The exact OCID will be available after Step 3 (e.g., ocid1.vcn.oc1..).

Task 2: Create a Compute Instance and Install the Web Server

Step 1: Create the Compute Instance

Log in to the OCI Console.

Navigate toCompute>Instances.

ClickCreate Instance.

Enter the following details:

Name: PBT-CERT-VM-01

Compartment: Select your assigned compartment.

Placement: Leave as default or select an availability domain (e.g., Availability Domain 1).

Image: ClickChange Image, selectOracle Linux 8, and confirm.

Shape: ClickChange Shape, selectVM.Standard.A1.Flex, and configure:

OCPUs: 1 (or adjust as needed)

Memory: 6 GB (or adjust as needed)

Networking:

Virtual Cloud Network: Select PBT-CERT-VCN-01.

Subnet: Select Compute-Subnet-PBT-CERT.

Leave public IP assignment enabled for internet access.

SSH Key: Provide your public SSH key (upload or paste) for secure access.

ClickCreateand wait for the instance to be provisioned.

Step 2: Connect to the Compute Instance

Once the instance is created, note thePublic IP Addressfrom the instance details page.

Use an SSH client to connect:

Command: ssh -i opc@

Replace with your private key path and with the instance’s public IP.

Step 3: Install and Configure Apache Web Server

Install Apache:

Run: sudo yum -y install httpd

Enable and Start Apache:

Run: sudo systemctl enable httpd

Run: sudo systemctl restart httpd

Configure Firewall to Allow HTTP Traffic (Port 80):

Run: sudo firewall-cmd --permanent --add-port=80/tcp

Run: sudo firewall-cmd --reload

Create an index.html File:

Run: sudo bash -c 'echo "You are visiting Web Server 1" >> /var/www/html/index.html'

Step 4: Verify the Configuration

Open a web browser and enter http:// to ensure the page displays "You are visiting Web Server 1".

If needed, troubleshoot by checking Apache status: sudo systemctl status httpd.

Step 5: Retrieve and Enter the OCID

Go to the instance details page for PBT-CERT-VM-01 underCompute>Instances.

Copy theOCID(a long string starting with ocid1.instance., unique to your tenancy).

Enter the copied OCID exactly as it appears into the text box provided.

Notes

These steps are based on OCI Compute documentation and Oracle Linux 8 setup guides.

Ensure the security list PBT-CERT-CS-SL-01 allows inbound traffic on port 22 (SSH) and port 80 (HTTP) if not already configured.

The OCID will be unique to your instance; obtain it from the OCI Console after creation

To create a Security Zone named IAD_SAP-PBT-CSZ-01 in your assigned compartment and associate it with the Custom Security Zone Recipe IAD-SP-PBT-CSP-01 created in the previous task, follow these steps based on the Oracle Cloud Infrastructure (OCI) Security Zones documentation.

Step-by-Step Solution for Task 2: Create a Security Zone

Log in to the OCI Console:

Use your OCI credentials to log in to the OCI Console (https://console.us-ashburn-1.oraclecloud.com ).

Ensure you have access to the assigned compartment.

Navigate to Security Zones:

From the OCI Console, click the navigation menu (hamburger icon) on the top left.

UnderGovernance and Administration, selectSecurity Zones.

Create a New Security Zone:

In the Security Zones dashboard, click theCreate Security Zonebutton.

Configure the Security Zone Details:

Name:Enter IAD_SAP-PBT-CSZ-01.

Compartment:Select the assigned compartment provided.

Description:(Optional) Add a description, e.g., "Security Zone for public subnet compute instances."

Associate the Custom Security Zone Recipe:

In theRecipesection, select the custom recipe IAD-SP-PBT-CSP-01 created in Task 1 from the dropdown list.

Ensure the recipe is correctly associated to enforce the policy allowing compute instances in the public subnet.

Define the Security Zone Scope:

UnderResources to Protect, select the compartment or specific resources (e.g., the VCN with CIDR 10.0.0.0/16 and public subnet 10.0.10.0/24) to apply the security zone.

Check the box to include all resources in the selected compartment if applicable.

Create the Security Zone:

ClickCreateto finalize the security zone creation.

Once created, note theOCIDof the security zone from the security zone details page. The OCID will be a unique identifier starting with ocid1.securityzone.

Verify the Security Zone:

Go to theSecurity Zonestab and locate IAD_SAP-PBT-CSZ-01.

Confirm the associated recipe (IAD-SP-PBT-CSP-01) and the applied policies.

OCID of the Created Security Zone

The exact OCID will be generated upon creation (e.g., ocid1.securityzone.oc1..). Please enter the OCID displayed in the OCI Console after completing Step 7.