Last-mile 1Z0-1104-25 review: IAM/policy patterns, compartment scope, Vault/KMS decision rules, network security controls, Cloud Guard posture and response, and audit/logging essentials.
Use this for last‑mile review. Pair it with the Syllabus.
| Layer | Controls to remember |
|---|---|
| Identity | compartments, policies, dynamic groups, federation (concept-level) |
| Network | NSGs/security lists, routing, gateways, segmentation |
| Data | encryption at rest/in transit, Vault/KMS keys, rotation |
| Detection | Cloud Guard, logging/audit, alerts |
| Response | responders, notifications, runbooks, rollback |
1Allow group <group-name> to <verb> <resource-family> in compartment <compartment-name>
Exam cues
read < use < manage.| Requirement | Prefer |
|---|---|
| Manage encryption keys, rotate keys | Vault |
| Keep secrets out of source code | Vault secrets |
| Compliance requires customer-managed keys | Vault + CMEK pattern |
flowchart LR
LOG["Audit + Logging"] --> CG["Cloud Guard"]
CG --> DET["Detectors"]
DET --> PROB["Problems"]
PROB --> RESP["Responders"]
RESP --> NOTIF["Notifications"]
Rule: security posture is incomplete without logging/audit and an alert path.