OCI 1Z0-1104-25 Sample Questions with Explanations

These original sample questions are designed to help you check how the exam topics appear in decision-style prompts. They are not taken from the live exam.

Use these sample questions as a guided self-assessment for OCI Security Professional (1Z0-1104-25) topics such as IAM policy scope, network exposure, Vault and key management, audit evidence, Cloud Guard-style posture detection, secret handling, data protection, and incident response. The prompts focus on placing the right security control at the right layer.

Where these questions fit in the 1Z0-1104-25 guide

The sample set below is part of the Oracle OCI 1Z0-1104-25 guide path:

• Oracle certification hub
• OCI guides
• 1Z0-1104-25 exam guide
• 1Z0-1104-25 cheat sheet
• 1Z0-1104-25 study plan
• 1Z0-1104-25 FAQ
• 1Z0-1104-25 resources
• 1Z0-1104-25 glossary

1Z0-1104-25 OCI Security Professional sample questions

Work through each prompt before opening the explanation. Security questions usually test layered control placement: identity, network path, encryption, monitoring, evidence, and recovery.

---

Question 1

Topic: Least-privilege IAM

A security operations team needs to inspect audit events and security findings in a production compartment. The team should not be able to modify production compute or network resources. Which access model is strongest?

• A. Grant the team tenancy administrator permissions so they can investigate anything.
• B. Use an IAM group with read or inspect permissions scoped to the required security and audit resources in the production compartment.
• C. Share a production administrator account and record who says they used it.
• D. Disable compartment boundaries during investigations.

Best answer: B

Explanation: Investigation access should be scoped to the resources and verbs required. Read or inspect access to audit and security resources supports investigation without allowing broad production modification.

Why the other choices are weaker:

• A grants excessive power.
• C removes individual accountability and creates shared credential risk.
• D weakens the control boundary exactly when evidence matters.

What this tests: IAM verbs, compartment scope, least privilege, and security-operations access.

Related topics: IAM; Audit; Compartments; Least privilege; Security operations

---

Question 2

Topic: Reducing public exposure

A database is reachable from the internet because it was placed in a public subnet with permissive network rules. The application only needs private access from an application tier. What is the strongest remediation?

• A. Rename the database host so attackers cannot guess it.
• B. Move or redesign the database tier for private access only, tighten route and security rules, and allow traffic only from the required application path.
• C. Leave the database public but increase the administrator password length.
• D. Add more CPU to the database so it can handle scanning traffic.

Best answer: B

Explanation: The main issue is unnecessary network exposure. The stronger design puts the database behind private routing and restrictive security controls so only the intended application path can reach it.

Why the other choices are weaker:

• A relies on obscurity.
• C improves one credential factor but leaves the network exposure in place.
• D treats hostile traffic as a capacity issue, not a control failure.

What this tests: Network exposure reduction, private subnet design, route control, and tier-based access.

Related topics: Private subnets; Security lists; NSGs; Routing; Database security

---

Question 3

Topic: Key management and separation of duties

A regulated workload requires customer-managed encryption keys and separation between application operators and key administrators. Which design is strongest?

• A. Store encryption keys in application source code so deployments stay portable.
• B. Use one shared administrator account for both application operations and key management.
• C. Use a managed key service with customer-managed keys, scoped permissions for key administrators, and separate application permissions for key use where required.
• D. Disable encryption so access control is easier to audit.

Best answer: C

Explanation: Customer-managed keys and scoped permissions support separation of duties. Key administrators manage key lifecycle, while applications or operators receive only the access needed to use protected resources.

Why the other choices are weaker:

• A exposes keys and makes rotation difficult.
• B collapses separation of duties.
• D removes a required protection.

What this tests: Key management, separation of duties, scoped permissions, and data protection.

Related topics: Vault; Customer-managed keys; Encryption; IAM; Separation of duties

---

Question 4

Topic: Security finding response

A posture-detection tool reports that an object bucket is publicly accessible. The bucket may contain sensitive exports. What should the team do first?

• A. Ignore the finding until the next monthly review because the bucket name is not obvious.
• B. Delete all logs to reduce the number of alerts.
• C. Confirm exposure scope, preserve relevant evidence, restrict public access, rotate or invalidate affected credentials where needed, and review whether data was accessed.
• D. Make every bucket public so access rules are consistent.

Best answer: C

Explanation: A public bucket finding is a potential exposure. The team should validate the finding, preserve evidence, contain the issue by restricting access, handle credentials or links that may be affected, and assess access history.

Why the other choices are weaker:

• A delays containment.
• B destroys evidence and weakens investigation.
• D expands the exposure.

What this tests: Incident response order, evidence preservation, containment, access review, and storage security.

Related topics: Cloud posture; Object Storage; Public access; Audit; Incident response

Independent study note

Tech Exam Lexicon and IT Mastery are independent study tools. They are not affiliated with, endorsed by, or sponsored by Oracle or any certification body.