OCI 1Z0-1104-25 Glossary: Key Terms

Use this glossary to clean up high-confusion OCI security terms, then route misses back to the right support page.

High-value terms

• Blast radius: The scope of damage a compromised identity or resource can cause.
• Cloud Guard: OCI’s posture and threat-detection layer for identifying risky or suspicious conditions.
• Compartment: A logical OCI isolation and governance boundary.
• KMS: Key management service for managing cryptographic keys and related operations.
• Least privilege: Granting only the minimum permissions required.
• NSG: Network security group applied at the resource level.
• Policy verb: The action wording used in OCI IAM policy statements.
• Security list: A subnet-level virtual firewall rule set.
• Vault: OCI’s secrets and key-management service boundary.
• Visibility: The security operations ability to observe events, posture, and changes.

Common confusion pairs

• IAM control vs network control: IAM decides who can act. Network controls decide which traffic can pass.
• Security list vs NSG: Security lists apply at subnet scope. NSGs apply closer to resources.
• Vault vs secret in config: Vault stores and protects secrets. Plain config does not offer the same control path.
• Audit vs logging: Audit records control-plane activity. Logging captures broader service logs and operational telemetry.
• Prevention vs detection: Prevention tries to stop bad actions. Detection helps find and respond when prevention is incomplete.

Where to review next

• Weekly sequence and weak-spot planning: Study Plan
• IAM, network, and logging traps: Cheat Sheet
• Last-week questions: FAQ
• Canonical Oracle and OCI references: Resources