Career upgrade: Learn practical AI skills for better jobs and higher pay.
Level up
PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free OCI Security Professional Practice Questions

Pass your Oracle Cloud Infrastructure 2025 Security Professional (1Z0-1104-25) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

An auditor requires that no managed SSH session to a private database host lasts longer than three hours. How do you enforce this with OCI Bastion?

A
B
C
D
to track
Same family resources

Explore More Oracle Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

Oracle SQL

Practice Questions1 blog

OCI AI Foundations

Practice Questions

OCI Architect

Practice Questions

OCI Foundations

Practice Questions

Oracle DBA

Practice Questions

OCI 2025 Data Science Professional (1Z0-1110-25)

Practice Questions

More From This Family

Videos and articles for deeper review.

ArticleOracle SQL 1Z0-071 Exam Guide 2026: Official Facts, Topic Traps, and Practice Plan12 min read
2026 Statistics

Key Facts: OCI Security Professional Exam

55

Exam Questions

Oracle University

90 min

Exam Duration

Oracle University

68%

Passing Score

Oracle University

$245

Exam Fee

Oracle University

1Z0-1104-25

Exam Code

Oracle University

24 months

Credential Validity

Oracle certification guidelines

As of May 24, 2026, Oracle University lists the Oracle Cloud Infrastructure 2025 Security Professional exam 1Z0-1104-25 as a 55-question exam with a 90-minute time limit, a 68% passing score, and a $245 fee. The exam combines multiple-choice questions with hands-on performance-based challenges. Coverage spans IAM, network and application security, OS and workload protection, data protection, and detection and monitoring with Cloud Guard, Security Zones, Vault, and Data Safe.

Sample OCI Security Professional Practice Questions

Try these sample questions to test your OCI Security Professional exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1Under the OCI shared security responsibility model, which task is always the customer's responsibility?
A.Physical security of Oracle's data centers
B.Patching the hypervisor running on OCI hosts
C.Configuring IAM policies and securing customer data and access
D.Maintaining the OCI region's underlying network fabric
Explanation: In the OCI shared responsibility model, Oracle secures the cloud infrastructure (physical facilities, hypervisor, host hardware, network fabric), while the customer is responsible for securing what they put in the cloud, including IAM configuration, data, identities, and access controls. Configuring policies and protecting data always belongs to the customer.
2Which OCI security principle recommends granting users only the permissions they need to perform their tasks?
A.Defense in depth
B.Least privilege
C.Separation of duties
D.Security by obscurity
Explanation: Least privilege means granting only the minimum permissions required for a task. In OCI this is implemented through narrowly scoped IAM policies, compartments, and conditions. It limits the blast radius if credentials are compromised.
3Which statement correctly describes the relationship between an OCI tenancy and a compartment?
A.A compartment is a separate cloud account that has its own billing
B.A tenancy is the root compartment, and compartments are logical containers within it for organizing and isolating resources
C.Compartments and tenancies are interchangeable terms in OCI
D.A tenancy can only contain one compartment
Explanation: The tenancy is the root compartment created when you sign up for OCI. Within it you create compartments as logical containers to organize, isolate, and control access to resources. Compartments can be nested and are central to IAM access control and cost tracking.
4What is the correct syntax structure for an OCI IAM policy statement?
A.Allow <subject> to <verb> <resource-type> in <location> where <conditions>
B.Grant <resource-type> access to <group> always
C.Permit <user> all actions on <compartment>
D.Assign <role> to <group> for <resource>
Explanation: OCI IAM policy statements follow the pattern: Allow group <name> to <verb> <resource-type> in <location> where <conditions>. The verb can be inspect, read, use, or manage, and the location is a compartment or tenancy. Conditions are optional and add fine-grained control.
5Which IAM policy verb grants the broadest set of permissions, including create, update, and delete?
A.inspect
B.read
C.use
D.manage
Explanation: OCI policy verbs are cumulative from least to most permissive: inspect, read, use, manage. The 'manage' verb includes all permissions of the lower verbs plus the ability to create, update, and delete resources. Grant 'manage' carefully to honor least privilege.
6A team needs compute instances to call the OCI Object Storage API without storing user credentials on the instances. Which IAM feature should you use?
A.A dynamic group with a matching rule plus a policy granting it access
B.A shared IAM user with stored API keys on each instance
C.A network source restricting access by IP
D.A federation trust to an external identity provider
Explanation: Dynamic groups let you group OCI resources such as compute instances based on matching rules (for example, instances in a compartment). You then write a policy granting the dynamic group access, and the instances use instance principals to call APIs without stored credentials. This is the recommended pattern for instance-to-service access.
7In OCI IAM, what is the purpose of an identity domain?
A.It is a VCN-level firewall that filters traffic
B.It is a container for managing users, groups, applications, and security settings such as authentication and MFA
C.It is a billing boundary for cost tracking
D.It is a storage bucket policy for object access
Explanation: An identity domain is a self-contained identity and access management environment within a tenancy. It manages users, groups, dynamic groups, applications, and security settings including authentication, MFA, and sign-on policies. Identity domains replaced the older standalone IAM in OCI.
8Which OCI IAM feature restricts access to resources based on the source IP address or VCN of the request?
A.Dynamic groups
B.Network sources
C.Tag namespaces
D.Compartment quotas
Explanation: Network sources define a set of IP addresses or VCNs that can be referenced in IAM policy conditions to restrict access based on request origin. For example, you can require that Console access only come from a corporate IP range. This adds a network-based control on top of identity.
9What does tag-based access control (defined tags) allow you to do in OCI policies?
A.Encrypt resources automatically based on their tags
B.Grant or deny access based on tags applied to resources or requesting principals
C.Bill resources to a separate Oracle account by tag
D.Replicate tagged resources to another region
Explanation: Tag-based access control uses defined tags in IAM policy conditions to grant or restrict access. For example, you can allow a group to manage only instances tagged with a specific cost center. It enables fine-grained, attribute-based authorization across compartments.
10Which OCI IAM capability adds a second verification factor when users sign in to the Console?
A.Multi-factor authentication (MFA)
B.Network security groups
C.Service gateways
D.Cross-region replication
Explanation: Multi-factor authentication (MFA) requires users to provide a second factor, such as a mobile authenticator app code or passkey, in addition to their password. In identity domains, MFA is enforced through sign-on policies. It significantly reduces the risk of compromised credentials.

About the OCI Security Professional Exam

Oracle's OCI Security Professional exam validates the ability to secure Oracle Cloud Infrastructure deployments. The blueprint centers on Identity and Access Management, network and application protection, OS and workload protection, data protection, and detection, remediation, and monitoring with services such as Cloud Guard, Security Zones, Vault, Data Safe, and the OCI Vulnerability Scanning Service for Oracle Cloud Infrastructure 2025.

Questions

55 scored questions

Time Limit

90 minutes

Passing Score

68%

Exam Fee

$245 (Oracle University)

OCI Security Professional Exam Content Outline

20%

Identity and Access Management (IAM)

Master identity domains, users, groups, and compartments, write IAM policies with the correct verbs and conditions, and configure dynamic groups, network sources, tag-based access control, MFA, and sign-on policies.

20%

Protecting Infrastructure - Network and Applications

Secure VCNs with security lists and network security groups, deploy OCI Network Firewall, use load balancers and the Certificates service, and configure the Web Application Firewall to protect web applications.

18%

OS and Workload Protection

Provide time-limited access with OCI Bastion, scan hosts and container images with the Vulnerability Scanning Service, and automate patching with OS Management Hub.

15%

Protecting Data

Manage encryption keys and secrets with OCI Vault / KMS, understand customer-managed versus Oracle-managed keys, and use OCI Data Safe for database assessment, masking, and activity auditing.

22%

Detecting, Remediating, and Monitoring OCI Resources

Use Cloud Guard detector and responder recipes, enforce policy with Security Zones and Security Advisor, identify threats with Threat Intelligence, and monitor with Logging, Events, Monitoring, and Service Connector Hub.

5%

OCI Security Fundamentals

Apply the shared security responsibility model and design principles such as least privilege and defense in depth using core OCI security services.

How to Pass the OCI Security Professional Exam

What You Need to Know

  • Passing score: 68%
  • Exam length: 55 questions
  • Time limit: 90 minutes
  • Exam fee: $245

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

OCI Security Professional Study Tips from Top Performers

1Spend the most time on detection and monitoring (about 22%) plus IAM and network security (about 20% each), since together they make up roughly two-thirds of the exam.
2Know IAM policy syntax cold: the verbs inspect, read, use, and manage, the location clause, conditions, and how policies are inherited by nested compartments.
3Be able to distinguish security lists (subnet level) from network security groups (VNIC level) and know that OCI rules are stateful by default.
4Understand the prevention-versus-detection split: Security Zones block non-compliant actions at creation while Cloud Guard detects and remediates problems afterward.
5Practice Vault concepts including customer-managed versus Oracle-managed keys, virtual private vaults, key rotation, and storing secrets instead of hardcoding credentials.
6Because the exam has hands-on performance challenges, rehearse real tasks in a free-tier or trial OCI tenancy, especially Bastion sessions, NSGs, Cloud Guard targets, and Data Safe assessments.

Frequently Asked Questions

What are the current official exam facts for OCI Security Professional?

Oracle University lists 1Z0-1104-25 as a 55-question exam with a 90-minute time limit and a 68% passing score. The exam fee is $245 and the format combines multiple-choice questions with hands-on performance-based challenges.

Does OCI Security Professional require prior experience?

Oracle recommends candidates have 2+ years of experience designing and implementing security solutions plus 6+ months of hands-on experience securing workloads on OCI. There are no formal prerequisites, but the exam is positioned as a professional-level credential.

Which topics are weighted most heavily on the exam?

Detecting, remediating, and monitoring OCI resources is one of the heaviest areas at about 22%, followed by IAM and network/application security at roughly 20% each, OS and workload protection near 18%, and data protection around 15%.

What OCI services does the exam focus on?

Key services include IAM identity domains and policies, network security groups and security lists, Network Firewall, WAF, Bastion, the Vulnerability Scanning Service, OS Management Hub, Vault/KMS, Data Safe, Cloud Guard, Security Zones, and Logging.

How long is the OCI Security Professional credential valid?

Oracle's certification program guidelines state that Oracle Cloud Infrastructure certifications are valid for 24 months from the date the credential is earned.

What is the best way to prepare for OCI Security Professional?

Combine Oracle's learning path with hands-on practice in a tenancy, then drill mixed practice questions across IAM, network security, Cloud Guard, Vault, and Data Safe. Because the exam includes hands-on challenges, practical experience in the Console and CLI is essential.