Oracle Cloud Infrastructure 2025 Security Professional Intermediate Practice Exam: Medium Difficulty 2025

Your organization is implementing a multi-tenant application in OCI where different customer workloads must be strictly isolated. You need to ensure that users from CustomerA's tenancy can access resources in a shared services compartment in your tenancy, but cannot access resources belonging to CustomerB. Which IAM configuration provides the most secure and scalable solution?

A financial services company needs to implement least privilege access for their database administrators. The DBAs need to perform emergency maintenance tasks but should not have standing access to production databases. Which combination of IAM features best addresses this requirement?

Your company is deploying a three-tier application in OCI with web, application, and database tiers. The security team requires that the database tier accepts connections only from the application tier, the application tier only from the web tier, and the web tier only from a corporate network (203.0.113.0/24) via FastConnect. Which network security implementation is most appropriate?

An organization wants to implement Zero Trust network security for their OCI environment. They have applications running in private subnets that need to access OCI Object Storage and Autonomous Database services without traversing the public internet. Which network architecture should they implement?

Your security team needs to protect a web application from DDoS attacks and implement WAF rules while maintaining session persistence. The application runs on multiple compute instances behind a load balancer. Traffic inspection reveals legitimate traffic patterns but also SQL injection attempts and high-volume bot traffic. What is the most comprehensive OCI security solution?

A healthcare organization needs to encrypt patient data at rest in Object Storage while maintaining the ability to rotate encryption keys quarterly for compliance. The security team requires that encryption keys never leave their control and that all key operations are audited. Which OCI encryption solution meets these requirements?

Your organization stores sensitive financial data in Block Volumes attached to compute instances. A new compliance requirement mandates encryption key rotation every 90 days with the ability to prove that specific data versions were encrypted with specific key versions. How should you implement this requirement?

A company operates a multi-region OCI deployment and needs to implement a data protection strategy where backups are encrypted with different keys in each region, and cross-region backup copies are automatically created for disaster recovery. Which approach provides the best security and operational efficiency?

Your security operations team needs to detect and respond to potential security threats in near real-time across multiple OCI compartments. They specifically need to identify misconfigured resources, detect unusual API activity patterns, and respond automatically to critical security events. Which combination of OCI services provides the most comprehensive solution?

A regulated industry company must demonstrate continuous compliance with security benchmarks and maintain evidence that all compute instances are hardened according to CIS benchmarks. They also need automated remediation when instances drift from compliance. Which OCI implementation strategy best addresses these requirements?