Questions and Answers PDF
1/31
om
Thank You for your purchase
ht
tp
s:
//
w
w
w
.v
al
id
ex
am
du
m
ps
.c
Oracle 1Z0-1072-23 Exam Question & Answers
Oracle Cloud Infrastructure 2023 Architect Associate
Exam
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
2/31
Product Questions: 55
Version: 4.1
om
Question: 1
m
ps
.c
Oracle Cloud Agent is a lightweight process that manages plugins running on compute instances.
Which is NOT a valid Oracle Cloud Agent plugin name?
am
du
A. Live Migration Agent
B. OS Management Service Agent
C. Compute Instance Run Command
D. Bastion
al
id
ex
Explanation:
Answer: A
w
w
.v
Bastion is not a valid Oracle Cloud Agent plugin name. Bastion is a service that enables secure and
controlled access to compute instances in OCI. The other options are valid plugin names that provide
different functionalities for the instances. Reference: [Bastion], [Cloud Agent Plugins]
Question: 2
ht
tp
s:
//
w
You are part of a team that manages a set of workload instances running in an on-premises
environment. The Architect team is tasked with designing and configuring Oracle Cloud
Infrastructure (OCI) Logging service to collect logs from these instances. There is a requirement to
archive Info-level logging data of these instances into the OCI Object Storage.
Which TWO features of OCI can help you achieve this?
A. Cloud Agent Plugin
B. Grouping Function
C. Service Connectors
D. Agent Configuration
E. ObjectCollectionRule
Answer: A, C
Explanation:
Cloud Agent Plugin and Service Connectors are two features of OCI that can help collect logs from
on-premises instances and archive them into OCI Object Storage. Cloud Agent Plugin is a component
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
3/31
of the OCI Logging service that can be installed on any Linux or Windows instance to collect logs and
send them to OCI. Service Connectors are components of the OCI Service Connector Hub that can
transfer data between different OCI services, such as Logging and Object Storage. The other options
are not relevant for this requirement. Reference: [Cloud Agent Plugin], [Service Connectors]
Question: 3
om
You create a file system and then add a 2 GB file. You then take a snapshot of the file system.
What would be the total meteredBytes shown by the File Storage service after the hourly update
cycle is
complete?
du
m
ps
.c
A. 3 GB
B. 2.5 GB
C. 4 GB
D. 2 GB
am
Explanation:
Answer: D
w
w
.v
Question: 4
al
id
ex
The total meteredBytes shown by the File Storage service after the hourly update cycle is complete
would be 2 GB. This is because snapshots do not consume any additional storage space unless there
are changes made to the file system after taking the snapshot. Since no changes were made in this
scenario, the snapshot would not add any extra storage cost. Reference: [Snapshots and
MeteredBytes]
tp
s:
//
w
You are part of an organization with thousands of users accessing Oracle Cloud Infrastructure (OCI).
An unknown user action was executed resulting in configuration errors. You are tasked to quickly
identify the details of all users who were active in the last six hours along with any REST API calls that
were executed.
Which OCI service would you use?
ht
A. Notifications
B. Service Connectors
C. Notifications
D. Logging
E. Audit
Answer: E
Explanation:
Audit is the OCI service that would help identify the details of all users who were active in the last six
hours along with any REST API calls that were executed. Audit is a service that records all API calls
and other actions taken by or on behalf of users in OCI. It can be used to track user activity, monitor
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
4/31
compliance, and troubleshoot issues. The other options are not suitable for this task. Reference:
[Audit]
Question: 5
om
You have an instance running in Oracle Cloud Infrastructure (OCI) that cannot be live-migrated during
an
infrastructure maintenance event. OCI schedules a maintenance due date within 14 to 16 days and
sends you a notification.
What would happen if you choose not to proactively reboot the instance before the scheduled
maintenance due date?
du
m
ps
.c
A. The instance will get terminated.
B. The instance is either reboot-migrated or rebuilt in place for you.
C. You will receive another notification to reboot within the next 14 days.
D. You will receive another notification to reboot within the next 7 days.
am
Explanation:
Answer: B
Question: 6
w
w
.v
al
id
ex
If you choose not to proactively reboot the instance before the scheduled maintenance due date, the
instance is either reboot-migrated or rebuilt in place for you. Reboot-migration is a process where
OCI migrates your instance to a new physical host without changing its configuration or public IP
address. Rebuild in place is a process where OCI shuts down your instance, performs maintenance on
the physical host, and restarts your instance with the same configuration and public IP address. The
other options are not correct. Reference: [Reboot-Migration], [Rebuild in Place]
tp
s:
//
w
Which TWO components are optional while creating the Monitoring Query Language (MQL)
expressions in the Oracle Cloud Infrastructure (OCI) Monitoring service?
ht
A. Interval
B. Statistic
C. Dimensions
D. Grouping Function
E. Metric
Answer: C, D
Explanation:
Dimensions and Grouping Function are two optional components while creating the Monitoring
Query Language (MQL) expressions in the OCI Monitoring service. Dimensions are key-value pairs
that provide additional information about a metric, such as region, compartment, or resource type.
Grouping Function is a function that aggregates metric data across one or more dimensions, such as
sum, count, or average. The other options are required components for MQL expressions. Reference:
[Dimensions], [Grouping Function]
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
5/31
Question: 7
Which statement is NOT correct regarding the Oracle Cloud Infrastructure (OI) File System snapshots?
om
A. Even if nothing has changed within the file system since the last snapshot was taken, a new
snapshot
consumes more storage.
B. Snapshots are accessible under the root directory of the file system at .snapshot/name.
C. Before you can clone a file system, at least one snapshot must exist for the file system.
D. Snapshots are a consistent, point-in-time view of your file systems.
m
ps
.c
Answer: A
Explanation:
am
du
Even if nothing has changed within the file system since the last snapshot was taken, a new snapshot
does not consume more storage. This is because snapshots are incremental and only store the
changes made to the file system since the previous snapshot. The other statements are correct
regarding the OCI File System snapshots. Reference: [Snapshots and Storage Consumption]
al
id
ex
Question: 8
tp
s:
//
w
w
w
.v
You are using the Oracle Cloud Infrastructure (OCI) Vault service to create and manage Secrets. For
your database password, you have created a secret and rotated the secret one time. The secret
versions are as follows:
Version Number | Status
----------------------------------------2 (latest) | Current
1 | Previous
You later realize that you have made a mistake in updating the secret content for version 2 and want
to rollback
to version 1.
What should you do to rollback to version 1?
ht
A. Deprecate version 2 (latest). Create new Secret version 3. Create soft link from version 3 to version
1.
B. Create a new secret version 3 and set to Pending. Copy the content of version 1 into version 3.
C. From the version 2 (latest) menu, select "Rollback" and select version 1 when given the option.
D. From the version 1 menu on the OCI console, select "Promote to Current".
Answer: D
Explanation:
From the version 1 menu on the OCI console, select “Promote to Current”. The explanation is that
when you promote a secret version to current, it becomes the latest version of the secret and is used
by default when you access the secret. This way, you can rollback to a previous version of the secret
without creating a new version.
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
6/31
Question: 9
Which THREE protocols are supported by the Oracle Cloud Infrastructure (OCI) Network Load
Balancer?
om
A. HTTP
B. UDP
C. BGP
D. TCP
E. ICMP
F. iSCSI
m
ps
.c
Answer: B, D, E
Explanation:
am
du
The explanation is that the OCI Network Load Balancer supports three protocols: UDP, TCP, and ICMP.
These protocols are used to distribute traffic across multiple backend servers based on different
criteria, such as source and destination IP addresses, ports, and ICMP types and codes.
al
id
ex
Question: 10
In which TWO ways does Cloud Guard help improve the overall security posture for your tenancy?
tp
s:
//
w
w
w
.v
A. Monitors unauthorized or suspicious user activity.
B. Allows you to centrally manage encryption keys.
C. Prevents you from creating misconfigurations on your resources in Oracle Cloud Infrastructure
(OCI).
D. Masks sensitive data and monitors security controls on your Oracle databases.
E. Helps detect misconfigured resources, such as publicly accessible Object Storage buckets,
instances, and restricted ports on security lists.
Answer: A,E
ht
Explanation:
Monitors unauthorized or suspicious user activity, prevents you from creating misconfigurations on
your resources in OCI, and helps detect misconfigured resources, such as publicly accessible Object
Storage buckets, instances, and restricted ports on security lists. The explanation is that Cloud Guard
is a service that helps you improve the security posture of your tenancy by providing visibility into
your cloud resources, identifying security misconfigurations and threats, and taking corrective
actions to remediate them. Cloud Guard monitors user activity and resource configurations using
data collectors and detectors, evaluates them against predefined or custom rules, generates
problems and recommendations based on severity levels, and executes responders to fix the issues
automatically or manually.
Question: 11
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
7/31
You are a security administrator for your company's Oracle Cloud Infrastructure (OCI) tenancy. Your
storage administrator informs you that she cannot associate an encryption key from an existing Vault
to a new Object Storage bucket.
What could be a possible reason for this behavior?
om
A. The Object Storage bucket policy lacks the necessary Access Control List (ACL).
B. The storage administrator forgot to select "Encrypt using Oracle managed keys" while creating the
bucket.
C. There is no Identity and Access Management (IAM) policy that allows the Object Storage service to
use the key.
D. The secret for the key was not created beforehand
Answer: C
m
ps
.c
Explanation:
al
id
ex
am
du
There is no Identity and Access Management (IAM) policy that allows the Object Storage service to
use the key. The explanation is that when you create an Object Storage bucket with encryption using
a customer-managed key from Vault, you need to have an IAM policy that allows the Object Storage
service to use the key on your behalf. The policy should look like this:
allow service objectstorage-<region> to use key in compartment <compartment-name>
where <region> is the region where your bucket resides and <compartment-name> is the
compartment where your key resides.
Question: 12
w
w
.v
You plan to launch a VM instance with the VM.Standard2.24 shape and Oracle Linux 8 platform
image. You want to protect your VM instance from low-level threats, such as rootkits and bootkits
that can infect the firmware and operating system and are difficult to detect.
What should you do?
ht
tp
s:
//
w
A. Use in-transit encryption.
B. Use Vulnerability Scanning Service.
C. Create a burstable instance.
D. Create a shielded instance.
Answer: D
Explanation:
The explanation is that shielded instances are VM instances that have additional security features to
protect them from low-level threats, such as rootkits and bootkits that can infect the firmware and
operating system and are difficult to detect. Shielded instances use verified boot, which ensures that
only trusted software components are executed during the boot process. Shielded instances also use
virtual trusted platform module (vTPM), which provides a secure storage for encryption keys and
certificates. Shielded instances are available for Oracle Linux 8 platform images with VM.Standard2.*
shapes.
Question: 13
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
8/31
Which TWO statements are NOTcorrect regarding the Oracle Cloud Infrastructure (OCI) burstable
instances?
om
A. If the instance's average CPU utilization over the past 24 hours is below the baseline, the system
allows it to burst above the baseline.
B. Baseline utilization is a fraction of each CPU core, either 25% or 75%.
C. Burstable instances cost less than regular instances with the same total OCPU count.
D. Burstable instances are designed for scenarios where an instance is not typically idle and has high
CPU utilization.
E. Burstable instances are charged according to the baseline OCPU.
Answer: B, D
m
ps
.c
Explanation:
am
du
The explanation is that burstable instances are VM instances that have a baseline utilization of either
12% or 50% of each CPU core, not 25% or 75%. Burstable instances are designed for scenarios where
an instance is typically idle or has low CPU utilization but occasionally needs to burst above the
baseline to handle spikes in demand. Burstable instances cost less than regular instances with the
same total OCPU count but charge extra for bursting above the baseline OCPU.
al
id
ex
Question: 14
w
w
.v
You plan to upload a large file (3 TiB) to Oracle Cloud Infrastructure (OCI) Object Storage. You would
like to minimize the impact of network failures while uploading, and therefore you decide to use the
multipart upload capability.
Which TWO statements are true about performing a multipart upload using the Multipart Upload
API?
ht
tp
s:
//
w
A. You do not need to split the object into parts. Object Storage splits the object into parts and
uploads all of the parts automatically.
B. While a multipart upload is still active, you can keep adding parts as long as the total number is
less than 10,000.
C. You do not have to commit the upload after you have uploaded all the object parts.
D. When you split the object into individual parts, each part can be as large as 50 GiB.
Answer: B, D
Explanation:
While a multipart upload is still active, you can keep adding parts as long as the total number is less
than 10,000. When you split the object into individual parts, each part can be as large as 50 GiB. The
explanation is that a multipart upload allows you to upload a large object in parts, which can improve
performance and reliability. You need to split the object into parts yourself and upload each part
separately using the Multipart Upload API. You can add parts to an active multipart upload until you
reach the maximum number of 10,000 parts per upload. Each part can range from 10 MiB to 50 GiB
in size, except for the last part, which can be any size.
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
9/31
Question: 15
You have a block volume created in the US West (Phoenix) region. You enabled Cross Region
Replication for the volume and selected US West (San Jose) as the destination region. Now, you
would like to create a new volume from the volume replica in the US West (San Jose) region.
What should you do?
om
A. Activate the replica.
B. Trigger the replica.
C. No action required. By default, the replica is available as a block volume.
D. Initiate the replica.
m
ps
.c
Answer: A
Explanation:
am
du
The explanation is that when you enable Cross Region Replication for a block volume, Object Storage
creates a replica of the volume in another region of your choice. The replica is not available as a block
volume until you activate it. To activate a replica, you need to select the replica from the Block
Storage console and click Activate Replica. This will create a new block volume from the replica in the
destination region.
al
id
ex
Question: 16
w
w
.v
You are responsible for creating and maintaining an enterprise application that consists of multiple
storage volumes across multiple compute instances in Oracle Cloud Infrastructure (OCI).
The storage volumes include boot volumes and block volumes for your data storage. You need to
create a backup for the boot volumes that will be done daily and a backup for the block volumes that
will be done every six hours.
How can you meet this requirement?
ht
tp
s:
//
w
A. Create clones of all boot volumes and block volumes one at a time.
B. Group the boot volumes into a volume group and create a custom backup policy. Group the block
volumes and create a custom backup policy.
C. Create on-demand full backups of block volumes, and create custom images from the boot
volumes. Use a function to run at a specific time to start the backup process.
D. Group multiple storage volumes in a volume group and create volume group backups.
Answer: B
Explanation:
Group the boot volumes into a volume group and create a custom backup policy. Group the block
volumes and create a custom backup policy. The explanation is that volume groups are logical
collections of block volumes and boot volumes that can be backed up together as a consistent pointin-time snapshot. You can create a custom backup policy for each volume group and specify the
frequency and retention period of the backups. This way, you can meet different backup
requirements for different types of volumes.
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
10/31
Question: 17
Which TWO statements about the Oracle Cloud Infrastructure (OCI) File Storage Service are
accurate?
om
A. Communication with file systems in a mount target is encrypted via HTTPS.
B. File systems use Oracle-managed keys by default.
C. Customer can encrypt data in their file system using their own Vault encryption key.
D. Mount targets use Oracle-managed keys by default.
E. Customer can encrypt the communication to a mount target via export options.
Answer: B, C
m
ps
.c
Explanation:
am
du
File systems use Oracle-managed keys by default. Customer can encrypt data in their file system
using their own Vault encryption key. The explanation is that File Storage Service encrypts all data at
rest using AES-256 encryption algorithm. By default, File Storage Service uses Oracle-managed keys
to encrypt and decrypt data. However, you can also use your own Vault encryption key to encrypt
data in your file system. To do so, you need to create a key in Vault and associate it with your file
system when you create or update it.
al
id
ex
Question: 18
Which TWO are key benefits of setting up Site-to-Site VPN on Oracle Cloud Infrastructure (OCI)?
tp
s:
//
w
w
w
.v
A. When setting up Site-to-Site VPN, it creates a private connection that provides consistent network
experience.
B. When setting up Site-to-Site VPN, customers can configure it to use static or dynamic routing
(BGP).
C. When setting up Site-to-Site VPN, OCI provisions redundant VPN tunnels.
D. When setting up Site-to-Site VPN, customers can expect bandwidth above 2 Gbps.
Answer: B, C
ht
Explanation:
When setting up Site-to-Site VPN, customers can configure it to use static or dynamic routing (BGP).
When setting up Site-to-Site VPN, OCI provisions redundant VPN tunnels. The explanation is that
Site-to-Site VPN is a secure and encrypted connection between your on-premises network and your
Virtual Cloud Network (VCN) in OCI over the public internet. When setting up Site-to-Site VPN, you
can choose to use static routing or dynamic routing (Border Gateway Protocol or BGP) to exchange
routes between your network and OCI. OCI also provisions two redundant VPN tunnels for each Siteto-Site VPN connection to provide high availability and failover.
Question: 19
As a network architect you have been tasked with creating a fully redundant connection from your
on-premises data center to your Virtual Cloud Network (VCN) in the us-ashburn-1 region.Which TWO
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
11/31
options will accomplish this requirement?
A. Configure two FastConnect virtual circuits to the us-ashburn-1 region and terminate them in
diverse
hardware on-premises.
B. Configure a Site-to-Site VPN from a single on-premises CPE.
C. Configure one FastConnect virtual circuit to the us-ashburn-1 region and the second FastConnect
virtual circuit to the us-phoenix-1 region.
D. Configure one FastConnect virtual circuit to the us-ashburn-1 region and a Site-to-Site VPN to the
usashburn-1 region.
om
Answer: A, D
m
ps
.c
Explanation:
al
id
ex
am
du
Configure two FastConnect virtual circuits to the us-ashburn-1 region and terminate them in diverse
hardware on-premises. Configure one FastConnect virtual circuit to the us-ashburn-1 region and a
Site-to-Site VPN to the us-ashburn-1 region. The explanation is that FastConnect is a service that
provides a private and dedicated connection between your on-premises network and your VCN in
OCI. FastConnect offers higher bandwidth, lower latency, and more consistent network performance
than public internet connections. To create a fully redundant connection from your on-premises data
center to your VCN in the us-ashburn-1 region, you can either configure two FastConnect virtual
circuits to the same region and terminate them in diverse hardware on-premises, or configure one
FastConnect virtual circuit to the region and a Site-to-Site VPN to the same region as a backup option.
Question: 20
tp
s:
//
w
w
w
.v
You are responsible for deploying an application on Oracle Cloud Infrastructure (OCI). The application
is memory intensive and performs poorly if enough memory is not available. You have created an
instance pool of Linux compute instances in OCI to host the application and defined Autoscaling
Configuration for the instance pool.
What should you do to ensure that the instance pool autoscales to prevent poor application
performance?
ht
A. Install OCI SDK on all compute instances and create a script that triggers the autoscaling event if
there is high memory usage.
B. Configure the autoscaling policy to monitor memory usage and scale up the number of instances
when it meets the threshold.
C. Install the monitoring agent on all compute instances, which triggers the autoscaling group.
D. Configure the autoscaling policy to monitor CPU usage and scale up the number of instances when
it
meets the threshold
Answer: B
Explanation:
Question: 21
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
12/31
You are backing up your on-premises data to the Oracle Cloud Infrastructure (OCI) Object Storage
Service.
Your requirements are:
1. Backups need to be retained for at least full 31 days.
2. Data should be accessible immediately if and when needed after the backup.
Which OCI Object Storage tier is suitable for storing the backup to minimize cost?
om
A. Infrequent Access tier
B. Archive tier
C. Standard tier
D. Auto-Tiering tier
m
ps
.c
Answer: A
Explanation:
am
du
The explanation is that the Infrequent Access tier is suitable for storing data that is accessed less
frequently but requires immediate access when needed. The Infrequent Access tier has lower
storage costs than the Standard tier, but higher retrieval costs. The Infrequent Access tier also has a
minimum storage duration of 30 days, which means that you will be charged for at least 30 days of
storage even if you delete or move the data before that period.
al
id
ex
Question: 22
Which TWO statements are TRUE about Private IP addresses in Oracle Cloud Infrastructure (OCI)?
tp
s:
//
w
w
w
.v
A. Each VNIC can only have one private IP address.
B. By default, the primary VNIC of an instance in a subnet has one primary private IP address.
C. By default, the primary VNIC of an instance in a subnet has one primary private IP address and one
secondary private IP address.
D. A private IP can have an optional public IP assigned to it if it resides in a public subnet.
Answer: B, D
Explanation:
ht
By default, the primary VNIC of an instance in a subnet has one primary private IP address. A private
IP can have an optional public IP assigned to it if it resides in a public subnet. The explanation is that
a private IP address is an IPv4 address that is assigned to a VNIC and belongs to the CIDR block of the
VCN or subnet. By default, the primary VNIC of an instance in a subnet has one primary private IP
address, which is automatically assigned by OCI and cannot be changed. However, you can also
assign secondary private IP addresses to a VNIC, either manually or automatically, up to a maximum
of 31 per VNIC. A private IP address can have an optional public IP address assigned to it, which
allows the instance to communicate with the internet. A public IP address can be either ephemeral
or reserved, depending on whether you want to keep it after stopping or terminating the instance. A
private IP address can only have a public IP address assigned to it if it resides in a public subnet,
which means that the subnet’s route table has a route rule that directs traffic to the internet
gateway.
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
13/31
Question: 23
du
m
ps
.c
om
A financial firm is designing an application architecture for its online trading platform that should
have high availability and fault tolerance.
Their solutions architects configured the application to use an Oracle Cloud Infrastructure (OCI)
Object Storage bucket located in the US West (us-phoenix-1) region to store large amounts of
financial dat
a. The stored financial data in the bucket should not be impacted even if there is an outage in one of
the Availability Domains or a complete region.
What should the architect do to avoid any costly service disruptions and ensure data durability?
A. Create a replication policy to send data to a different bucket in another OCI region.
B. Copy the Object Storage bucket to a block volume.
C. Create a lifecycle policy to regularly send data from the Standard to Archive storage.
D. Create a new Object Storage bucket in another region and configure lifecycle policy to move data
every 5 days.
am
Explanation:
Answer: A
w
Question: 24
w
w
.v
al
id
ex
Create a replication policy to send data to a different bucket in another OCI region. The explanation is
that replication is a feature of Object Storage that allows you to automatically copy objects from one
bucket to another bucket, either in the same region or in a different region. Replication can help you
improve data availability and durability, as well as meet compliance and disaster recovery
requirements. To enable replication, you need to create a replication policy that specifies the source
and destination buckets, the replication frequency, and the replication filters. Replication policies are
evaluated every five minutes and copy any new or updated objects from the source bucket to the
destination bucket.
tp
s:
//
Which is NOT a valid Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) approach?
ht
A. Ensure VCN CIDR prefix overlaps with other VCNs in your tenancy or with your organizations
private IP network ranges.
B. Ensure not all IP addresses are allocated at once within a VCN or subnet; instead reserve some IP
addresses for future use.
C. Private subnets should ideally have individual route tables to control the flow of traffic within and
outside of VCN.
D. Use OCI tags to tag VCN resources so that all resources follow organizational tagging/naming
conventions.
Answer: A
Explanation:
Ensure VCN CIDR prefix overlaps with other VCNs in your tenancy or with your organizations private
IP network ranges. The explanation is that a VCN CIDR prefix is the range of IPv4 addresses that can
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
14/31
be used within the VCN and its subnets. The VCN CIDR prefix should not overlap with other VCNs in
your tenancy or with your organization’s private IP network ranges, as this can cause routing conflicts
and connectivity issues. You should choose a VCN CIDR prefix that is large enough to accommodate
your current and future needs, but not too large to waste IP addresses. You can use any of the private
IPv4 address ranges specified in RFC 1918 for your VCN CIDR prefix.
Question: 25
m
ps
.c
om
company sells services to photographers where patrons can preview the photos that they want prints
for.
To avoid unauthorized copies, the sample photos have lower resolution and are watermarked. The
photos are processed after they are uploaded. The process is fast but not immediate. It creates
samples and sends them to storage outside of the instances. Which type of instance is ideal for a
process like this; short lived and one that keeps the cost low?
am
du
A. Preemptible instances
B. Spot instances
C. On-demand instances
D. Burstable instances
al
id
ex
Explanation:
Answer: A
w
Question: 26
w
w
.v
The explanation is that preemptible instances are VM instances that offer lower costs than regular
instances but can be reclaimed by OCI at any time due to capacity constraints or after running for a
maximum of 24 hours. Preemptible instances are ideal for short-lived and stateless workloads that
can tolerate interruptions and do not require guaranteed availability or performance. Preemptible
instances are billed by the second at a fixed rate that is lower than regular instances.
tp
s:
//
Which of the following statements is true about cloning a volume in the Oracle Cloud Infrastructure
(OCI) Block Volume service?
ht
A. You need to detach a volume before cloning it.
B. Creating a clone takes longer than creating a backup of a volume.
C. You can clone a volume to another region.
D. You can change the block volume size when cloning a volume.
Answer: D
Explanation:
You can change the block volume size when cloning a volume. The explanation is that cloning a
volume is a way of creating an exact copy of an existing volume without creating a backup first.
Cloning a volume is faster and cheaper than creating a backup and restoring it to a new volume.
When you clone a volume, you can change the block volume size, performance, encryption settings,
and tags of the new volume. You do not need to detach a volume before cloning it, as cloning does
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
15/31
not affect the source volume or its attachments. You cannot clone a volume to another region, as
cloning only works within the same region and availability domain. Creating a clone usually takes less
time than creating a backup of a volume, as cloning does not involve transferring data to Object
Storage.
Question: 27
du
m
ps
.c
A. Bring your own image and use it as a template for the new instances.
B. Select an image from the OCI Marketplace.
C. Use Oracle-provided images and customize the installation using a third-party tool.
D. Create a custom image and use it as a template for the new instances.
om
You just got a last minute request to create a set of instances in Oracle Cloud Infrastructure (OCI). The
configuration and installed software are identical for every instance, and you already have a running
instance in your OCI tenancy. Which image option allows you to achieve this task with the least
amount of effort?
am
Explanation:
Answer: D
w
w
.v
Question: 28
al
id
ex
Creating a custom image and using it as a template for the new instances is the option that allows
you to achieve this task with the least amount of effort. A custom image is a copy of an existing
instance that you can use to launch other instances with the same configuration and installed
software. The other options are not suitable for this scenario, as they would require more time and
effort to create and customize the instances. Reference: [Custom Images]
Which is NOT a valid action within the Oracle Cloud Infrastructure (OCI) Block Volume service?
ht
tp
s:
//
w
A. Expanding an existing volume in place with offline resizing.
B. Restoring from a volume backup to a larger volume.
C. Attaching a block volume to an instance in a different availability domain.
D. Cloning an existing volume to a new, larger volume.
Answer: C
Explanation:
Attaching a block volume to an instance in a different availability domain is not a valid action within
the OCI Block Volume service. A block volume can only be attached to an instance in the same
availability domain. The other options are valid actions that can be performed with the Block Volume
service. Reference: [Block Volume Actions]
Question: 29
When creating an Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) with the VCN
wizard, which THREE gateways are created automatically?
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
16/31
A. Internet Gateway
B. Local Peering Gateway
C. Dynamic Routing Gateway
D. NAT Gateway
E. Storage Gateway
F. Bastion Host
G. Service Gateway
Answer: A, D, G
om
Explanation:
am
du
m
ps
.c
Internet Gateway, NAT Gateway, and Service Gateway are three gateways that are created
automatically when creating a VCN with the VCN wizard. An Internet Gateway allows public traffic
between the VCN and the internet. A NAT Gateway allows private traffic from the VCN to access the
internet without exposing the VCN resources to incoming internet connections. A Service Gateway
allows private traffic from the VCN to access OCI services such as Object Storage, Email Delivery, and
Notifications. The other options are not created automatically by the VCN wizard, but can be added
manually later if needed. Reference: [VCN Wizard], [Gateways]
al
id
ex
Question: 30
Which THREE capabilities are available with the Oracle Cloud Infrastructure (OCI) DNS service?
tp
s:
//
w
w
w
.v
A. Creating and managing records
B. Creating and managing WAF rules
C. Creating and managing Identity Access Management (IAM) policies
D. Creating and managing zones
E. Viewing all zones
F. Creating and managing security lists
Answer: A, D, E
Explanation:
ht
Creating and managing records, creating and managing zones, and viewing all zones are three
capabilities that are available with the OCI DNS service. Records are data elements that map domain
names to IP addresses or other information. Zones are collections of records that correspond to a
domain name or a subdomain name. The OCI DNS service allows users to create and manage records
and zones for their domains or subdomains, as well as view all zones in their tenancy. The other
options are not capabilities of the OCI DNS service, but of other OCI services such as WAF, IAM, and
Networking. Reference: [DNS Service], [Records], [Zones]
Question: 31
Which Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) policy is invalid?
A. Allow dynamic-group FrontEnd to manage instance-family in compartment Project-A
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
17/31
B. Allow any-user to inspect users in tenancy
C. Allow group A-Developers to create volumes in compartment Project-A
D. Allow group A-Admins to manage all-resources in compartment Project-A
Answer: C
Explanation:
om
Allow group A-Developers to create volumes in compartment Project-A is an invalid IAM policy. This
is because create is not a valid verb for volumes. The correct verb for creating volumes is attach. The
other options are valid IAM policies that use correct verbs and syntax. Reference: [IAM Policies],
[Verbs]
m
ps
.c
Question: 32
du
As a solution architect, you are showcasing the Oracle Cloud Infrastructure (OCI) Object Storage
feature about Object Versioning to a customer.
Which statement is true regarding OCI Object Storage Versioning?
Explanation:
w
w
.v
al
id
ex
am
A. Objects are physically deleted from a bucket when versioning is enabled.
B. Object Versioning is disabled on a bucket by default.
C. A bucket that is versioning-enabled can and will always have the latest version of the object in the
bucket.
D. Object Versioning does not provide data protection against accidental or malicious object update,
overwrite, or deletion.
Answer: B
tp
s:
//
w
Object Versioning is disabled on a bucket by default is a true statement regarding OCI Object Storage
Versioning. Object Versioning is a feature that allows users to preserve, retrieve, and restore every
version of every object stored in a bucket. Object Versioning is disabled on a bucket by default, but
can be enabled or suspended by the user at any time. The other statements are false regarding OCI
Object Storage Versioning. Reference: [Object Versioning]
ht
Question: 33
You have three compartments: ProjectA, ProjectB, and ProjectC. For each compartment, there is an
admin group set up: A-Admins, B-Admins, and C-Admins.
Each admin group has full access over their respective compartments as shown in the graphic below.
Your organization has set up a tag namespace, EmployeeGroup.Role and all your admin groups are
tagged with a value of 'Admin'.
https://www.validexamdumps.com/1Z0-1072-23.html
18/31
m
ps
.c
om
Questions and Answers PDF
am
du
You want to set up a Test compartment for members of the three projects to share. You also need to
provide admin access to all three of your existing admin groups.
Which policy would you write to accomplish this task?
Answer: D
tp
s:
//
Explanation:
w
w
w
.v
al
id
ex
A. Allow all-group to manage all-resources in compartment Test where
request.principal.group.tag.EmployeeGroup.Role='Admin'
B. Allow dynamic-group to manage all-resources in compartment Test where
request.principal.group.tag.EmployeeGroup.Role='Admin'
C. Allow group any-group to manage all-resources in compartment Test where
request.principal.group.tag.EmployeeGroup.Role='Admin'
D. Allow any-user to manage all-resources in compartment Test where
request.principal.group.tag.EmployeeGroup.Role='Admin'
ht
Allow
all-group
to
manage
all-resources
in
compartment
Test
where
request.principal.group.tag.EmployeeGroup.Role=‘Admin’ is the policy that would accomplish this
task. This policy grants admin access to all groups that have the tag EmployeeGroup.Role=‘Admin’ in
the compartment Test. The other options are not correct, as they use incorrect terms such as
dynamic-group, any-group, or any-user. Reference: [Tag-Based Authorization]
Question: 34
As your company’s cloud architect, you have been invited by the CEO to join his staff meeting. They
want your input on interconnecting Oracle Cloud Infrastructure (OCI) to another cloud provider in
London, with some specific requirements:
• They want resources in the other cloud provider to leverage OCI Autonomous Data Warehouse ML
capabilities.
• The connection between OCI and the other cloud provider should be provisioned as quickly as
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
19/31
possible.
• The connection should offer high bandwidth and predictable performance.
Which other cloud provider should you recommend to interconnect with OCI and meet the above
requirements?
om
A. IBM Cloud
B. Google Cloud
C. OCI
D. Microsoft Azure
E. Digital Ocean
F. Amazon Web Services
G. Alibaba Cloud
m
ps
.c
Answer: D
Explanation:
al
id
ex
am
du
The explanation is that Microsoft Azure is one of the cloud providers that has an interconnect
location with OCI in London. This means that you can use OCI FastConnect to establish a private and
dedicated connection between OCI and Azure in London, with high bandwidth and predictable
performance. This connection can also enable you to leverage OCI Autonomous Data Warehouse ML
capabilities from Azure resources, as you can access OCI services across regions using private IP
addresses. The interconnect location can be provisioned quickly using the OCI and Azure consoles or
APIs.
Question: 35
ht
tp
s:
//
w
w
w
.v
You want to create a policy to allow the NetworkAdmins group to manage Virtual Cloud Network
(VCN) in compartment C. You want to attach this policy to the tenancy. The compartment hierarchy is
shown below.
Which policy statement can be used to accomplish this task?
A. Allow group NetworkAdmins to manage virtual-network-family in compartment B:C
B. Allow group NetworkAdmins to manage virtual-network-family in compartment C
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
20/31
C. Allow group NetworkAdmins to manage virtual-network-family in tenancy
D. Allow group NetworkAdmins to manage virtual-network-family in compartment A:B:C
Answer: D
Explanation:
m
ps
.c
om
Allow group NetworkAdmins to manage virtual-network-family in compartment A:B:C. The
explanation is that when you attach a policy to the tenancy, you need to specify the full path of the
compartment where you want to grant permissions. In this case, the compartment C is a subcompartment of compartment B, which is a sub-compartment of compartment A, which is a subcompartment of the root compartment (tenancy). Therefore, the full path of compartment C is A:B:C.
The virtual-network-family resource type includes all the resources related to VCN, such as subnets,
route tables, security lists, gateways, etc.
Question: 36
al
id
ex
am
du
You are in the process of migrating several legacy applications from on-premises to Oracle Cloud
Infrastructure
(OCI). The current servers are already virtualized. However, you notice that the version of CentOS
currently running does not align with any of the Oracle-provided compute images.How would you
migrate your existing virtual server images to OCI?
tp
s:
//
w
w
w
.v
A. Export your current image in the VMDK format and copy to an Object Storage bucket. Import it as
a
custom image. Select native mode to ensure the best possible performance.
B. Export your current image in the VDI format and copy to an Object Storage bucket. Import it as a
custom image. Select native modeto ensure the best possible performance.
C. Export your current image in the QED format and copy to an Object Storage bucket. Import it as a
custom image. Select emulated modeto ensure compatibility with legacy drivers.
D. Export your current image in the QCOW2 format and copy to an Object Storage bucket. Import it
as a
custom image. Select emulated mode to ensure compatibility with legacy drivers
Answer: D
ht
Explanation:
Export your current image in the QCOW2 format and copy to an Object Storage bucket. Import it as a
custom image. Select emulated mode to ensure compatibility with legacy drivers. The explanation is
that QCOW2 is one of the supported formats for importing custom images to OCI. Custom images
are images that you can create from your own on-premises or cloud servers and use them to launch
instances in OCI. To import a custom image, you need to export your current image in a supported
format, copy it to an Object Storage bucket, and then import it as a custom image using the OCI
console or API. When you import a custom image, you can choose between native mode or
emulated mode. Native mode offers better performance but requires compatible drivers and
firmware. Emulated mode offers better compatibility but lower performance.
Question: 37
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
21/31
Your DevOps team needs to interconnect the on-premises network to the Oracle Cloud Infrastructure
(OCI) resources, such as a managed database that resides in a private subnet. They indicate that they
have a low budget and their bandwidth requirements are minimal, so you decide that a site-to-site
VPN is the best option.
They provide you with their router public IP address. You need to create an object in OCI that
represents this router. Which object would you create?
m
ps
.c
om
A. Internet Gateway
B. Dynamic Routing Gateway (DRG)
C. Customer Premises Equipment (CPE)
D. Virtual Network Interface Card (vNIC)
E. IPSec Tunnel
F. Bastion Host
Answer: C
du
Explanation:
Question: 38
w
w
.v
al
id
ex
am
Customer Premises Equipment (CPE). The explanation is that CPE is an object in OCI that represents
your on-premises router or VPN device that connects to your VCN via a site-to-site VPN. A site-to-site
VPN is a secure and encrypted connection between your on-premises network and your VCN over
the public internet. To set up a site-to-site VPN, you need to create a CPE object with your router’s
public IP address and other information, such as vendor and platform. You also need to create a
Dynamic Routing Gateway (DRG) object in your VCN and attach it to your VCN. Then, you need to
create an IPSec connection between your CPE and DRG, which will create two redundant VPN
tunnels for high availability.
tp
s:
//
w
Which statement is TRUE about delegating an existing domain to the Oracle Cloud Infrastructure
(OCI) DNS service?
ht
A. Domains can be delegated to OCI DNS via FastConnect partners.
B. Domains can be delegated to OCI DNS from the OCI Marketplace.
C. Domains can be self-delegated to OCI DNS from its own service portal.
D. Domains can be delegated to OCI DNS from the Domain Registrar’s self-service portal.
E. All domains can be retrieved to OCI DNS via DYN.
Answer: D
Explanation:
Domains can be delegated to OCI DNS from the Domain Registrar’s self-service portal. The
explanation is that delegating a domain to OCI DNS means that you are transferring the authority to
resolve DNS queries for your domain from your current DNS provider to OCI DNS. To delegate a
domain to OCI DNS, you need to create a zone in OCI DNS that matches your domain name and add
any records that you want to serve from OCI DNS. Then, you need to update the name servers for
your domain at your Domain Registrar’s self-service portal with the name servers provided by OCI
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
22/31
DNS. This will point your domain to OCI DNS and allow it to resolve DNS queries for your domain.
Question: 39
As a network architect you have deployed a public subnet on your Virtual Cloud Network (VCN) with
this security list:
m
ps
.c
om
You have also created a network security group (NSG) as shown in the table here, and assigned it to
your bastion host:
am
du
You have confirmed that routing is correct but when you SSH to the VM from your home over the
Internet you are unable to connect.
What could be the problem?
Explanation:
w
w
.v
al
id
ex
A. User will be able to SSH to the VM from the Internet as SSH is open on the NSG.
B. Public subnet does not have a route rule to the Internet Gateway.
C. Internet traffic should be allowed only on the NSG.
D. SSH traffic is not allowed in the security list nor on the NSG from the Internet.
Answer: D
ht
tp
s:
//
w
SSH traffic is not allowed in the security list nor on the NSG from the Internet is the correct answer.
This is because the security list only allows ingress traffic from 10.0.0.24 on port 22, and the NSG only
allows ingress traffic from 10.0.0.0/16 on port 22. Neither of them allows ingress traffic from
0.0.0.0/0 (the Internet) on port 22, which is required for SSH access. The other options are not
correct, as they do not explain why SSH access is not possible. Reference: [Security Lists], [Network
Security Groups]
Question: 40
Which statement is true about File System Replication in Oracle Cloud Infrastructure (OCI)?
A. You can replicate the data in one file system to another file system only in the same region.
B. You can replicate the data in one file system to another file system in the same region or a
different
region.
C. Only a file system that has been exported can be used as a target file system.
D. You cannot specify a replication interval when you create the replication resource.
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
23/31
Answer: B
Explanation:
You can replicate the data in one file system to another file system in the same region or a different
region is a true statement about File System Replication in OCI. File System Replication is a feature
that allows users to create a copy of a file system in another file system, either within the same
region or across regions. This can be useful for disaster recovery, data migration, or data distribution
purposes. The other statements are false about File System Replication in OCI. Reference: [File
System Replication]
om
Question: 41
al
id
ex
du
am
A. OCI Streaming service
B. OS Management service
C. OCI Registry
D. OCI Security Zones to achieve automatic security updates
E. OCI Cloud Guard to monitor and install the security updates
m
ps
.c
You are a system administrator of your company and you are managing a complex environment
consisting of compute instances running Oracle Linux on Oracle Cloud Infrastructure (OCI). It's your
task to apply all the latest kernel security updates to all instances.
Which OCI service will allow you to complete this task?
Explanation:
Answer: B
tp
s:
//
w
w
w
.v
OS Management service is the OCI service that will allow you to complete this task. OS Management
service is a service that helps users automate patching and package management for Oracle Linux
and Windows instances in OCI. It can also help users monitor and manage system configuration and
compliance across their instances. The other options are not suitable for this task, as they do not
provide the functionality of OS Management service. Reference: [OS Management Service]
Question: 42
ht
Which tool provides a diagram of the implemented topology of all Virtual Cloud Networks (VCNs) in
a selected region and tenancy?
A. Network Watcher
B. Traffic Analytics
C. VCN Flow Logs
D. Network Visualizer
Answer: D
Explanation:
Network Visualizer is the tool that provides a diagram of the implemented topology of all VCNs in a
selected region and tenancy. Network Visualizer is a feature of the OCI Networking service that
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
24/31
allows users to view and manage their network resources in a graphical interface. It can help users
understand their network topology, troubleshoot issues, and optimize performance. The other
options are not tools that provide a diagram of the VCN topology, but rather other features or
services of OCI Networking. Reference: [Network Visualizer]
Question: 43
om
You have objects stored in an OCI Object Storage bucket that you want to share with a partner
company. You decide to use pre-authenticated requests to grant access to the objects. Which
statement is true about preauthenticated requests?
du
m
ps
.c
A. You cannot edit a pre-authenticated request.
B. Deleting a pre-authenticated request does not revoke user access to the associated bucket or
object.
C. You need to provide your OCI credentials to the partner company.
D. Pre-authenticated requests can be used to delete buckets or objects.
am
Explanation:
Answer: A
w
w
.v
al
id
ex
You cannot edit a pre-authenticated request is a true statement about pre-authenticated requests.
Pre-authenticated requests are URLs that allow users to access objects or buckets in OCI Object
Storage without requiring additional authentication or authorization. Pre-authenticated requests can
be created with an expiration date and time, and can be used for read or write operations. However,
once created, pre-authenticated requests cannot be edited, but can only be deleted or extended. The
other statements are false about pre-authenticated requests. Reference: [Pre-Authenticated
Requests]
Question: 44
tp
s:
//
w
You want a full-featured Identity-as-a-Service (IDaaS) solution that helps you manage workforce
authentication and access to all of your Oracle and non-Oracle applications, whether they are SaaS
apps, on-premises enterprise apps, or apps that are hosted in the cloud. Which IAM Identity Domain
type should you create?
ht
A. Free
B. Oracle Apps Premium
C. Premium
D. External User
Answer: C
Explanation:
Premium is the IAM Identity Domain type that you should create if you want a full-featured IDaaS
solution that helps you manage workforce authentication and access to all of your Oracle and nonOracle applications. Premium Identity Domain provides users with access to Oracle Identity Cloud
Service, which is an IDaaS solution that offers identity management, single sign-on, multifactor
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
25/31
authentication, identity governance, and integration with third-party applications. The other options
are not IAM Identity Domain types that provide a full-featured IDaaS solution. Reference: [Identity
Domains], [Oracle Identity Cloud Service]
Question: 45
Which statement accurately describes the key features and benefits of OCI Confidential Computing?
du
m
ps
.c
om
A. It encrypts and isolates in-use data and the applications processing that data, thereby preventing
unauthorized access or modification.
B. It optimizes network performance and reduces latency through advanced routing algorithms and
caching mechanisms.
C. It enables users to securely store and retrieve data by using distributed file systems, ensuring high
availability and fault tolerance.
D. It provides automatic scalability and load balancing capabilities, which allow seamless integration
with other cloud providers.
am
Explanation:
Answer: A
w
Question: 46
w
w
.v
al
id
ex
It encrypts and isolates in-use data and the applications processing that data, thereby preventing
unauthorized access or modification is an accurate description of the key features and benefits of OCI
Confidential Computing. Confidential Computing is a feature that leverages hardware-based Trusted
Execution Environments (TEEs) to protect data and applications from unauthorized access or
modification while they are in use by the CPU or memory. This adds an extra layer of security to
cloud computing, as it protects data not only at rest and in transit, but also in use. The other options
are not accurate descriptions of the key features and benefits of OCI Confidential Computing.
Reference: [Confidential Computing]
ht
tp
s:
//
You created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain
application servers and the third subnet contains a DB System. The application requires a shared file
system, therefore you have provisioned one using the file storage service (FSS).
You have also created the corresponding mount target in one of the application subnets. The VCN
security lists are properly configured so that the application servers can access FSS. The security team
changed the settings for the DB System to have read-only access to the file system. However when
they test it, they are unable to access FSS.
How would you allow access to FSS?
A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of
the DB System subnet.
B. Create an instance principal for the DB System. Write an Identity and Access Management (IAM)
policy that allows the instance principal read-only access to the file storage service.
C. Modify the security list associated with the subnet where the mount target resides. Change the
ingress rules corresponding to the DB System subnet to be stateless.
D. Modify the security list associated with the subnet where the mount target resides.
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
26/31
E. Change the ingress rules corresponding to the DB System subnet to be stateful.
Answer: A
Explanation:
om
Creating an NFS export option that allows READ_ONLY access where the source is the CIDR range of
the DB System subnet is the correct answer. This is because NFS export options are used to control
the level of access that clients have to file systems. By creating an NFS export option with
READ_ONLY access for the DB System subnet, you can allow the DB System to read data from the file
system, but not write or modify it. The other options are not correct, as they do not address the
requirement of read-only access for the DB System. Reference: [NFS Export Options]
m
ps
.c
Question: 47
am
du
You need to set up instance principals so that an application running on an instance can call Oracle
Cloud Infrastructure (OCI) public services, without the need to configure user credentials.
A developer in your team has already configured the application built using an OCI SDK to
authenticate using the instance principals provider.
Which is NOTa necessary step to complete this set up?
Answer: B
w
Explanation:
w
w
.v
al
id
ex
A. Create a dynamic group with matching rules to specify which instances can make API calls against
services.
B. Generate Auth Tokens to enable instances in the dynamic group to authenticate with APIs.
C. Create a policy granting permissions to the dynamic group to access services in your compartment
or
tenancy.
D. Deploy the application and the SDK to all the instances that belong to the dynamic group.
ht
tp
s:
//
Generating Auth Tokens to enable instances in the dynamic group to authenticate with APIs is not a
necessary step to complete this set up. This is because Auth Tokens are used to authenticate users,
not instances, when making API calls to OCI services. Instance principals are a feature that allows
instances to authenticate themselves using certificates, without requiring user credentials or Auth
Tokens. The other options are necessary steps to complete this set up, as they enable instances in the
dynamic group to make API calls against services using instance principals and IAM policies.
Reference: [Instance Principals], [Auth Tokens]
Question: 48
When defining a query for metric data in Monitoring, which field provides the time window for
aggregating metric data points plotted on the metric chart?
A. Dimension
B. Namespace
C. Statistic
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
27/31
D. Interval
Answer: D
Explanation:
om
Interval is the field that provides the time window for aggregating metric data points plotted on the
metric chart. Interval is a parameter that specifies how often metric data points are collected and
aggregated by the Monitoring service. For example, an interval of 5 minutes means that metric data
points are aggregated every 5 minutes and displayed on the chart. The other options are not fields
that provide the time window for aggregating metric data points, but rather other parameters that
define the metric query. Reference: [Interval]
m
ps
.c
Question: 49
al
id
ex
Explanation:
Answer: A
w
w
.v
A. Auth Tokens
B. OCI Username and Password
C. API Signing Key
D. SSH Key Pair with 2048-bit algorithm
am
du
You are using a custom application with third-party APIs to manage the application and data hosted
in an Oracle Cloud Infrastructure (OCI) tenancy. Although your third-party APIs do not support OCI’s
signature-based
authentication, you want them to communicate with OCI resources. Which authentication option
should you use to ensure this?
tp
s:
//
w
Auth Tokens is the authentication option that you should use to ensure that your custom application
with third-party APIs can communicate with OCI resources. Auth Tokens are tokens that can be used
as an alternative to passwords when making API calls to OCI services. Auth Tokens can be generated
and revoked by users in the OCI Console or CLI, and can be used with any API client that supports
basic authentication. The other options are not suitable for this scenario, as they either require OCI’s
signature-based authentication or are not applicable for API calls. Reference: [Auth Tokens]
ht
Question: 50
Company XYZ is spending $300,000.00 USD per month in egress fees for 7 Petabytes that they
consume for Outbound Data Transfer in North America with their current cloud provider. The
company is seeking to lower that expense considerably without reducing consumption. You propose
migration to OCI because the Gigabyte Outbound Data Transfer in North America costs just $0.0085
USD per month. With OCI, how much will they spend per month for 7 Petabytes of Outbound Data
Transfer? (1 Petabyte = 1000 Terabytes)
A. $59,500.00
B. $150,000.00
C. $59,415.00
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
28/31
D. $0.00 (free with OCI)
Answer: A
Explanation:
om
$59,415.00 is the amount that Company XYZ will spend per month for 7 Petabytes of Outbound Data
Transfer in North America with OCI. This is calculated by multiplying 7 Petabytes by 1000 Terabytes
(to convert Petabytes to Terabytes), then multiplying by $0.0085 USD (the cost per Gigabyte
Outbound Data Transfer in North America), then dividing by 1000 (to convert Gigabytes to
Terabytes). The formula is:
(7 * 1000 * 0.0085) / 1000 = $59,415.00
m
ps
.c
Question: 51
al
id
ex
am
du
You have a high-demand web application running on Oracle Cloud Infrastructure (OCI). Your tenancy
administrator has set up a schedule-based autoscaling policy on instance pool with an initial size of 5
instances for the application.
Policy 1:
Target pool size:10 instances
Execution time:8:30 a.m. on every Monday through Friday, in every month, in every year
Cron expression:0 30 8 ? * MON-FRI *
Which statement accurately explains the goal of this policy?
tp
s:
//
w
w
w
.v
A. Goal: A one-time schedule with only one scaling out event. At 8:30 a.m., on December 31, 2021,
scale the instance pool to 10 instances from 5.
B. Goal: A recurring monthly schedule. On all days of the month, set the initial pool size to 5
instances. At
8.30 a.m., on every day of the month, scale out to 10 instances.
C. Goal: A recurring daily schedule. On weekday mornings at 8.30 a.m., scale out to 10 instances.
D. Goal: A recurring weekly schedule. On all days of the week at 8.30 a.m., scale out the pool to 10
instances from the initial size of 5
Answer: C
Explanation:
ht
The explanation is that a schedule-based autoscaling policy allows you to adjust the size of your
instance pool based on a cron expression that specifies the date and time of the scaling action. The
cron expression consists of six fields: seconds, minutes, hours, day of month, month, and day of
week. In this case, the cron expression is 0 30 8 ? * MON-FRI *, which means that the scaling action
will occur at 8:30 a.m. on every Monday through Friday, regardless of the day of month or month.
Therefore, the goal of this policy is to scale out the instance pool to 10 instances on weekday
mornings at 8:30 a.m.
Question: 52
In which two ways can Oracle Security Zones assist with the cloud security shared responsibility
model?
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
29/31
A. Encrypt storage resources with a customer-managed key.
B. Allow access to an unsecured compartment, which is moved from a standard compartment.
C. Deny public access to Oracle Cloud Infrastructure resources, such as databases and object storage
buckets.
D. Add or move a standard compartment to a highly secured security zone compartment.
Answer: A, C
Explanation:
am
du
m
ps
.c
om
Oracle Security Zones is a service that helps you enforce best practices and prevent misconfigurations
on your OCI resources by applying predefined policies and controls. Some of the benefits of using
Security Zones are:
Encrypt storage resources with a customer-managed key: Security Zones require that all storage
resources, such as block volumes, boot volumes, file systems, and object storage buckets, are
encrypted with a customer-managed key from Vault. This ensures that you have full control over the
encryption and decryption of your data at rest.
Deny public access to OCI resources, such as databases and object storage buckets: Security Zones
prevent you from creating or updating OCI resources that have public access enabled, such as
databases and object storage buckets that are accessible from the internet. This reduces the risk of
unauthorized access or data leakage.
al
id
ex
Question: 53
w
tp
s:
//
A. IP Prefix
B. Load Balancer
C. Geolocation
D. Failover
w
w
.v
You want to distribute DNS traffic to different endpoints based on the location of the end user. Which
Traffic Management Steering Policy would you use?
Answer: C
Explanation:
ht
The explanation is that geolocation is a type of Traffic Management Steering Policy that allows you to
distribute DNS traffic to different endpoints based on the location of the end user. Geolocation
steering policies use geolocation data from third-party providers to map end user IP addresses to
geographic regions. You can create rules that specify which endpoints to serve for each region or
country, or use a default endpoint for unspecified regions.
Question: 54
What should be created before provisioning an Oracle Cloud Infrastructure (OCI) DB System?
A. Bucket in Object Storage
B. Virtual Cloud Network
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
30/31
C. Compute Instance
D. Compartment
Answer: B
Explanation:
om
The explanation is that a Virtual Cloud Network (VCN) is a software-defined network that you set up
in OCI to connect your cloud resources, such as compute instances and databases. A VCN provides
you with complete control over your network environment, including selecting your own IP address
range, creating subnets, route tables, gateways, security lists, etc. You need to create a VCN before
provisioning an OCI DB System, as you need to specify which subnet in your VCN you want to launch
your DB System in.
m
ps
.c
Question: 55
Which is NOT a valid option for an Oracle Cloud Infrastructure (OCI) compute shape?
al
id
ex
am
du
A. Bare Metal
B. Dedicated Virtual Machine Host
C. Virtual Machine
D. Exadata Virtual Machine
Explanation:
Answer: D
ht
tp
s:
//
w
w
w
.v
Exadata Virtual Machine is not a valid option for an OCI compute shape. Exadata Virtual Machine is a
deployment option for Exadata Cloud Service or Exadata Cloud@Customer, which are services that
provide dedicated Exadata infrastructure for running Oracle databases in OCI. Exadata Virtual
Machine allows you to create multiple virtual machines on each Exadata compute node and isolate
them from each other using Oracle VM technology. The valid options for OCI compute shapes are:
Bare Metal: A bare metal instance is a physical server that gives you direct access to the underlying
hardware and full isolation from other tenants.
Dedicated Virtual Machine Host: A dedicated virtual machine host is a physical server that hosts only
your virtual machine instances and no other tenant’s instances.
Virtual Machine: A virtual machine instance is a virtual server that runs on a shared physical server
with other tenants’ instances.
Burstable: A burstable instance is a virtual machine instance that has a baseline utilization of either
12% or 50% of each CPU core and can burst above the baseline when needed.
https://www.validexamdumps.com/1Z0-1072-23.html
Questions and Answers PDF
31/31
Thank you for your visit.
ht
tp
s:
//
w
w
w
.v
al
id
ex
am
du
m
ps
.c
om
To try more exams, please visit below link
https://www.validexamdumps.com/1Z0-1072-23.html
https://www.validexamdumps.com/1Z0-1072-23.html