Questions and Answers PDF 1/31 om Thank You for your purchase ht tp s: // w w w .v al id ex am du m ps .c Oracle 1Z0-1072-23 Exam Question & Answers Oracle Cloud Infrastructure 2023 Architect Associate Exam https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 2/31 Product Questions: 55 Version: 4.1 om Question: 1 m ps .c Oracle Cloud Agent is a lightweight process that manages plugins running on compute instances. Which is NOT a valid Oracle Cloud Agent plugin name? am du A. Live Migration Agent B. OS Management Service Agent C. Compute Instance Run Command D. Bastion al id ex Explanation: Answer: A w w .v Bastion is not a valid Oracle Cloud Agent plugin name. Bastion is a service that enables secure and controlled access to compute instances in OCI. The other options are valid plugin names that provide different functionalities for the instances. Reference: [Bastion], [Cloud Agent Plugins] Question: 2 ht tp s: // w You are part of a team that manages a set of workload instances running in an on-premises environment. The Architect team is tasked with designing and configuring Oracle Cloud Infrastructure (OCI) Logging service to collect logs from these instances. There is a requirement to archive Info-level logging data of these instances into the OCI Object Storage. Which TWO features of OCI can help you achieve this? A. Cloud Agent Plugin B. Grouping Function C. Service Connectors D. Agent Configuration E. ObjectCollectionRule Answer: A, C Explanation: Cloud Agent Plugin and Service Connectors are two features of OCI that can help collect logs from on-premises instances and archive them into OCI Object Storage. Cloud Agent Plugin is a component https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 3/31 of the OCI Logging service that can be installed on any Linux or Windows instance to collect logs and send them to OCI. Service Connectors are components of the OCI Service Connector Hub that can transfer data between different OCI services, such as Logging and Object Storage. The other options are not relevant for this requirement. Reference: [Cloud Agent Plugin], [Service Connectors] Question: 3 om You create a file system and then add a 2 GB file. You then take a snapshot of the file system. What would be the total meteredBytes shown by the File Storage service after the hourly update cycle is complete? du m ps .c A. 3 GB B. 2.5 GB C. 4 GB D. 2 GB am Explanation: Answer: D w w .v Question: 4 al id ex The total meteredBytes shown by the File Storage service after the hourly update cycle is complete would be 2 GB. This is because snapshots do not consume any additional storage space unless there are changes made to the file system after taking the snapshot. Since no changes were made in this scenario, the snapshot would not add any extra storage cost. Reference: [Snapshots and MeteredBytes] tp s: // w You are part of an organization with thousands of users accessing Oracle Cloud Infrastructure (OCI). An unknown user action was executed resulting in configuration errors. You are tasked to quickly identify the details of all users who were active in the last six hours along with any REST API calls that were executed. Which OCI service would you use? ht A. Notifications B. Service Connectors C. Notifications D. Logging E. Audit Answer: E Explanation: Audit is the OCI service that would help identify the details of all users who were active in the last six hours along with any REST API calls that were executed. Audit is a service that records all API calls and other actions taken by or on behalf of users in OCI. It can be used to track user activity, monitor https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 4/31 compliance, and troubleshoot issues. The other options are not suitable for this task. Reference: [Audit] Question: 5 om You have an instance running in Oracle Cloud Infrastructure (OCI) that cannot be live-migrated during an infrastructure maintenance event. OCI schedules a maintenance due date within 14 to 16 days and sends you a notification. What would happen if you choose not to proactively reboot the instance before the scheduled maintenance due date? du m ps .c A. The instance will get terminated. B. The instance is either reboot-migrated or rebuilt in place for you. C. You will receive another notification to reboot within the next 14 days. D. You will receive another notification to reboot within the next 7 days. am Explanation: Answer: B Question: 6 w w .v al id ex If you choose not to proactively reboot the instance before the scheduled maintenance due date, the instance is either reboot-migrated or rebuilt in place for you. Reboot-migration is a process where OCI migrates your instance to a new physical host without changing its configuration or public IP address. Rebuild in place is a process where OCI shuts down your instance, performs maintenance on the physical host, and restarts your instance with the same configuration and public IP address. The other options are not correct. Reference: [Reboot-Migration], [Rebuild in Place] tp s: // w Which TWO components are optional while creating the Monitoring Query Language (MQL) expressions in the Oracle Cloud Infrastructure (OCI) Monitoring service? ht A. Interval B. Statistic C. Dimensions D. Grouping Function E. Metric Answer: C, D Explanation: Dimensions and Grouping Function are two optional components while creating the Monitoring Query Language (MQL) expressions in the OCI Monitoring service. Dimensions are key-value pairs that provide additional information about a metric, such as region, compartment, or resource type. Grouping Function is a function that aggregates metric data across one or more dimensions, such as sum, count, or average. The other options are required components for MQL expressions. Reference: [Dimensions], [Grouping Function] https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 5/31 Question: 7 Which statement is NOT correct regarding the Oracle Cloud Infrastructure (OI) File System snapshots? om A. Even if nothing has changed within the file system since the last snapshot was taken, a new snapshot consumes more storage. B. Snapshots are accessible under the root directory of the file system at .snapshot/name. C. Before you can clone a file system, at least one snapshot must exist for the file system. D. Snapshots are a consistent, point-in-time view of your file systems. m ps .c Answer: A Explanation: am du Even if nothing has changed within the file system since the last snapshot was taken, a new snapshot does not consume more storage. This is because snapshots are incremental and only store the changes made to the file system since the previous snapshot. The other statements are correct regarding the OCI File System snapshots. Reference: [Snapshots and Storage Consumption] al id ex Question: 8 tp s: // w w w .v You are using the Oracle Cloud Infrastructure (OCI) Vault service to create and manage Secrets. For your database password, you have created a secret and rotated the secret one time. The secret versions are as follows: Version Number | Status ----------------------------------------2 (latest) | Current 1 | Previous You later realize that you have made a mistake in updating the secret content for version 2 and want to rollback to version 1. What should you do to rollback to version 1? ht A. Deprecate version 2 (latest). Create new Secret version 3. Create soft link from version 3 to version 1. B. Create a new secret version 3 and set to Pending. Copy the content of version 1 into version 3. C. From the version 2 (latest) menu, select "Rollback" and select version 1 when given the option. D. From the version 1 menu on the OCI console, select "Promote to Current". Answer: D Explanation: From the version 1 menu on the OCI console, select “Promote to Current”. The explanation is that when you promote a secret version to current, it becomes the latest version of the secret and is used by default when you access the secret. This way, you can rollback to a previous version of the secret without creating a new version. https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 6/31 Question: 9 Which THREE protocols are supported by the Oracle Cloud Infrastructure (OCI) Network Load Balancer? om A. HTTP B. UDP C. BGP D. TCP E. ICMP F. iSCSI m ps .c Answer: B, D, E Explanation: am du The explanation is that the OCI Network Load Balancer supports three protocols: UDP, TCP, and ICMP. These protocols are used to distribute traffic across multiple backend servers based on different criteria, such as source and destination IP addresses, ports, and ICMP types and codes. al id ex Question: 10 In which TWO ways does Cloud Guard help improve the overall security posture for your tenancy? tp s: // w w w .v A. Monitors unauthorized or suspicious user activity. B. Allows you to centrally manage encryption keys. C. Prevents you from creating misconfigurations on your resources in Oracle Cloud Infrastructure (OCI). D. Masks sensitive data and monitors security controls on your Oracle databases. E. Helps detect misconfigured resources, such as publicly accessible Object Storage buckets, instances, and restricted ports on security lists. Answer: A,E ht Explanation: Monitors unauthorized or suspicious user activity, prevents you from creating misconfigurations on your resources in OCI, and helps detect misconfigured resources, such as publicly accessible Object Storage buckets, instances, and restricted ports on security lists. The explanation is that Cloud Guard is a service that helps you improve the security posture of your tenancy by providing visibility into your cloud resources, identifying security misconfigurations and threats, and taking corrective actions to remediate them. Cloud Guard monitors user activity and resource configurations using data collectors and detectors, evaluates them against predefined or custom rules, generates problems and recommendations based on severity levels, and executes responders to fix the issues automatically or manually. Question: 11 https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 7/31 You are a security administrator for your company's Oracle Cloud Infrastructure (OCI) tenancy. Your storage administrator informs you that she cannot associate an encryption key from an existing Vault to a new Object Storage bucket. What could be a possible reason for this behavior? om A. The Object Storage bucket policy lacks the necessary Access Control List (ACL). B. The storage administrator forgot to select "Encrypt using Oracle managed keys" while creating the bucket. C. There is no Identity and Access Management (IAM) policy that allows the Object Storage service to use the key. D. The secret for the key was not created beforehand Answer: C m ps .c Explanation: al id ex am du There is no Identity and Access Management (IAM) policy that allows the Object Storage service to use the key. The explanation is that when you create an Object Storage bucket with encryption using a customer-managed key from Vault, you need to have an IAM policy that allows the Object Storage service to use the key on your behalf. The policy should look like this: allow service objectstorage-<region> to use key in compartment <compartment-name> where <region> is the region where your bucket resides and <compartment-name> is the compartment where your key resides. Question: 12 w w .v You plan to launch a VM instance with the VM.Standard2.24 shape and Oracle Linux 8 platform image. You want to protect your VM instance from low-level threats, such as rootkits and bootkits that can infect the firmware and operating system and are difficult to detect. What should you do? ht tp s: // w A. Use in-transit encryption. B. Use Vulnerability Scanning Service. C. Create a burstable instance. D. Create a shielded instance. Answer: D Explanation: The explanation is that shielded instances are VM instances that have additional security features to protect them from low-level threats, such as rootkits and bootkits that can infect the firmware and operating system and are difficult to detect. Shielded instances use verified boot, which ensures that only trusted software components are executed during the boot process. Shielded instances also use virtual trusted platform module (vTPM), which provides a secure storage for encryption keys and certificates. Shielded instances are available for Oracle Linux 8 platform images with VM.Standard2.* shapes. Question: 13 https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 8/31 Which TWO statements are NOTcorrect regarding the Oracle Cloud Infrastructure (OCI) burstable instances? om A. If the instance's average CPU utilization over the past 24 hours is below the baseline, the system allows it to burst above the baseline. B. Baseline utilization is a fraction of each CPU core, either 25% or 75%. C. Burstable instances cost less than regular instances with the same total OCPU count. D. Burstable instances are designed for scenarios where an instance is not typically idle and has high CPU utilization. E. Burstable instances are charged according to the baseline OCPU. Answer: B, D m ps .c Explanation: am du The explanation is that burstable instances are VM instances that have a baseline utilization of either 12% or 50% of each CPU core, not 25% or 75%. Burstable instances are designed for scenarios where an instance is typically idle or has low CPU utilization but occasionally needs to burst above the baseline to handle spikes in demand. Burstable instances cost less than regular instances with the same total OCPU count but charge extra for bursting above the baseline OCPU. al id ex Question: 14 w w .v You plan to upload a large file (3 TiB) to Oracle Cloud Infrastructure (OCI) Object Storage. You would like to minimize the impact of network failures while uploading, and therefore you decide to use the multipart upload capability. Which TWO statements are true about performing a multipart upload using the Multipart Upload API? ht tp s: // w A. You do not need to split the object into parts. Object Storage splits the object into parts and uploads all of the parts automatically. B. While a multipart upload is still active, you can keep adding parts as long as the total number is less than 10,000. C. You do not have to commit the upload after you have uploaded all the object parts. D. When you split the object into individual parts, each part can be as large as 50 GiB. Answer: B, D Explanation: While a multipart upload is still active, you can keep adding parts as long as the total number is less than 10,000. When you split the object into individual parts, each part can be as large as 50 GiB. The explanation is that a multipart upload allows you to upload a large object in parts, which can improve performance and reliability. You need to split the object into parts yourself and upload each part separately using the Multipart Upload API. You can add parts to an active multipart upload until you reach the maximum number of 10,000 parts per upload. Each part can range from 10 MiB to 50 GiB in size, except for the last part, which can be any size. https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 9/31 Question: 15 You have a block volume created in the US West (Phoenix) region. You enabled Cross Region Replication for the volume and selected US West (San Jose) as the destination region. Now, you would like to create a new volume from the volume replica in the US West (San Jose) region. What should you do? om A. Activate the replica. B. Trigger the replica. C. No action required. By default, the replica is available as a block volume. D. Initiate the replica. m ps .c Answer: A Explanation: am du The explanation is that when you enable Cross Region Replication for a block volume, Object Storage creates a replica of the volume in another region of your choice. The replica is not available as a block volume until you activate it. To activate a replica, you need to select the replica from the Block Storage console and click Activate Replica. This will create a new block volume from the replica in the destination region. al id ex Question: 16 w w .v You are responsible for creating and maintaining an enterprise application that consists of multiple storage volumes across multiple compute instances in Oracle Cloud Infrastructure (OCI). The storage volumes include boot volumes and block volumes for your data storage. You need to create a backup for the boot volumes that will be done daily and a backup for the block volumes that will be done every six hours. How can you meet this requirement? ht tp s: // w A. Create clones of all boot volumes and block volumes one at a time. B. Group the boot volumes into a volume group and create a custom backup policy. Group the block volumes and create a custom backup policy. C. Create on-demand full backups of block volumes, and create custom images from the boot volumes. Use a function to run at a specific time to start the backup process. D. Group multiple storage volumes in a volume group and create volume group backups. Answer: B Explanation: Group the boot volumes into a volume group and create a custom backup policy. Group the block volumes and create a custom backup policy. The explanation is that volume groups are logical collections of block volumes and boot volumes that can be backed up together as a consistent pointin-time snapshot. You can create a custom backup policy for each volume group and specify the frequency and retention period of the backups. This way, you can meet different backup requirements for different types of volumes. https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 10/31 Question: 17 Which TWO statements about the Oracle Cloud Infrastructure (OCI) File Storage Service are accurate? om A. Communication with file systems in a mount target is encrypted via HTTPS. B. File systems use Oracle-managed keys by default. C. Customer can encrypt data in their file system using their own Vault encryption key. D. Mount targets use Oracle-managed keys by default. E. Customer can encrypt the communication to a mount target via export options. Answer: B, C m ps .c Explanation: am du File systems use Oracle-managed keys by default. Customer can encrypt data in their file system using their own Vault encryption key. The explanation is that File Storage Service encrypts all data at rest using AES-256 encryption algorithm. By default, File Storage Service uses Oracle-managed keys to encrypt and decrypt data. However, you can also use your own Vault encryption key to encrypt data in your file system. To do so, you need to create a key in Vault and associate it with your file system when you create or update it. al id ex Question: 18 Which TWO are key benefits of setting up Site-to-Site VPN on Oracle Cloud Infrastructure (OCI)? tp s: // w w w .v A. When setting up Site-to-Site VPN, it creates a private connection that provides consistent network experience. B. When setting up Site-to-Site VPN, customers can configure it to use static or dynamic routing (BGP). C. When setting up Site-to-Site VPN, OCI provisions redundant VPN tunnels. D. When setting up Site-to-Site VPN, customers can expect bandwidth above 2 Gbps. Answer: B, C ht Explanation: When setting up Site-to-Site VPN, customers can configure it to use static or dynamic routing (BGP). When setting up Site-to-Site VPN, OCI provisions redundant VPN tunnels. The explanation is that Site-to-Site VPN is a secure and encrypted connection between your on-premises network and your Virtual Cloud Network (VCN) in OCI over the public internet. When setting up Site-to-Site VPN, you can choose to use static routing or dynamic routing (Border Gateway Protocol or BGP) to exchange routes between your network and OCI. OCI also provisions two redundant VPN tunnels for each Siteto-Site VPN connection to provide high availability and failover. Question: 19 As a network architect you have been tasked with creating a fully redundant connection from your on-premises data center to your Virtual Cloud Network (VCN) in the us-ashburn-1 region.Which TWO https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 11/31 options will accomplish this requirement? A. Configure two FastConnect virtual circuits to the us-ashburn-1 region and terminate them in diverse hardware on-premises. B. Configure a Site-to-Site VPN from a single on-premises CPE. C. Configure one FastConnect virtual circuit to the us-ashburn-1 region and the second FastConnect virtual circuit to the us-phoenix-1 region. D. Configure one FastConnect virtual circuit to the us-ashburn-1 region and a Site-to-Site VPN to the usashburn-1 region. om Answer: A, D m ps .c Explanation: al id ex am du Configure two FastConnect virtual circuits to the us-ashburn-1 region and terminate them in diverse hardware on-premises. Configure one FastConnect virtual circuit to the us-ashburn-1 region and a Site-to-Site VPN to the us-ashburn-1 region. The explanation is that FastConnect is a service that provides a private and dedicated connection between your on-premises network and your VCN in OCI. FastConnect offers higher bandwidth, lower latency, and more consistent network performance than public internet connections. To create a fully redundant connection from your on-premises data center to your VCN in the us-ashburn-1 region, you can either configure two FastConnect virtual circuits to the same region and terminate them in diverse hardware on-premises, or configure one FastConnect virtual circuit to the region and a Site-to-Site VPN to the same region as a backup option. Question: 20 tp s: // w w w .v You are responsible for deploying an application on Oracle Cloud Infrastructure (OCI). The application is memory intensive and performs poorly if enough memory is not available. You have created an instance pool of Linux compute instances in OCI to host the application and defined Autoscaling Configuration for the instance pool. What should you do to ensure that the instance pool autoscales to prevent poor application performance? ht A. Install OCI SDK on all compute instances and create a script that triggers the autoscaling event if there is high memory usage. B. Configure the autoscaling policy to monitor memory usage and scale up the number of instances when it meets the threshold. C. Install the monitoring agent on all compute instances, which triggers the autoscaling group. D. Configure the autoscaling policy to monitor CPU usage and scale up the number of instances when it meets the threshold Answer: B Explanation: Question: 21 https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 12/31 You are backing up your on-premises data to the Oracle Cloud Infrastructure (OCI) Object Storage Service. Your requirements are: 1. Backups need to be retained for at least full 31 days. 2. Data should be accessible immediately if and when needed after the backup. Which OCI Object Storage tier is suitable for storing the backup to minimize cost? om A. Infrequent Access tier B. Archive tier C. Standard tier D. Auto-Tiering tier m ps .c Answer: A Explanation: am du The explanation is that the Infrequent Access tier is suitable for storing data that is accessed less frequently but requires immediate access when needed. The Infrequent Access tier has lower storage costs than the Standard tier, but higher retrieval costs. The Infrequent Access tier also has a minimum storage duration of 30 days, which means that you will be charged for at least 30 days of storage even if you delete or move the data before that period. al id ex Question: 22 Which TWO statements are TRUE about Private IP addresses in Oracle Cloud Infrastructure (OCI)? tp s: // w w w .v A. Each VNIC can only have one private IP address. B. By default, the primary VNIC of an instance in a subnet has one primary private IP address. C. By default, the primary VNIC of an instance in a subnet has one primary private IP address and one secondary private IP address. D. A private IP can have an optional public IP assigned to it if it resides in a public subnet. Answer: B, D Explanation: ht By default, the primary VNIC of an instance in a subnet has one primary private IP address. A private IP can have an optional public IP assigned to it if it resides in a public subnet. The explanation is that a private IP address is an IPv4 address that is assigned to a VNIC and belongs to the CIDR block of the VCN or subnet. By default, the primary VNIC of an instance in a subnet has one primary private IP address, which is automatically assigned by OCI and cannot be changed. However, you can also assign secondary private IP addresses to a VNIC, either manually or automatically, up to a maximum of 31 per VNIC. A private IP address can have an optional public IP address assigned to it, which allows the instance to communicate with the internet. A public IP address can be either ephemeral or reserved, depending on whether you want to keep it after stopping or terminating the instance. A private IP address can only have a public IP address assigned to it if it resides in a public subnet, which means that the subnet’s route table has a route rule that directs traffic to the internet gateway. https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 13/31 Question: 23 du m ps .c om A financial firm is designing an application architecture for its online trading platform that should have high availability and fault tolerance. Their solutions architects configured the application to use an Oracle Cloud Infrastructure (OCI) Object Storage bucket located in the US West (us-phoenix-1) region to store large amounts of financial dat a. The stored financial data in the bucket should not be impacted even if there is an outage in one of the Availability Domains or a complete region. What should the architect do to avoid any costly service disruptions and ensure data durability? A. Create a replication policy to send data to a different bucket in another OCI region. B. Copy the Object Storage bucket to a block volume. C. Create a lifecycle policy to regularly send data from the Standard to Archive storage. D. Create a new Object Storage bucket in another region and configure lifecycle policy to move data every 5 days. am Explanation: Answer: A w Question: 24 w w .v al id ex Create a replication policy to send data to a different bucket in another OCI region. The explanation is that replication is a feature of Object Storage that allows you to automatically copy objects from one bucket to another bucket, either in the same region or in a different region. Replication can help you improve data availability and durability, as well as meet compliance and disaster recovery requirements. To enable replication, you need to create a replication policy that specifies the source and destination buckets, the replication frequency, and the replication filters. Replication policies are evaluated every five minutes and copy any new or updated objects from the source bucket to the destination bucket. tp s: // Which is NOT a valid Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) approach? ht A. Ensure VCN CIDR prefix overlaps with other VCNs in your tenancy or with your organizations private IP network ranges. B. Ensure not all IP addresses are allocated at once within a VCN or subnet; instead reserve some IP addresses for future use. C. Private subnets should ideally have individual route tables to control the flow of traffic within and outside of VCN. D. Use OCI tags to tag VCN resources so that all resources follow organizational tagging/naming conventions. Answer: A Explanation: Ensure VCN CIDR prefix overlaps with other VCNs in your tenancy or with your organizations private IP network ranges. The explanation is that a VCN CIDR prefix is the range of IPv4 addresses that can https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 14/31 be used within the VCN and its subnets. The VCN CIDR prefix should not overlap with other VCNs in your tenancy or with your organization’s private IP network ranges, as this can cause routing conflicts and connectivity issues. You should choose a VCN CIDR prefix that is large enough to accommodate your current and future needs, but not too large to waste IP addresses. You can use any of the private IPv4 address ranges specified in RFC 1918 for your VCN CIDR prefix. Question: 25 m ps .c om company sells services to photographers where patrons can preview the photos that they want prints for. To avoid unauthorized copies, the sample photos have lower resolution and are watermarked. The photos are processed after they are uploaded. The process is fast but not immediate. It creates samples and sends them to storage outside of the instances. Which type of instance is ideal for a process like this; short lived and one that keeps the cost low? am du A. Preemptible instances B. Spot instances C. On-demand instances D. Burstable instances al id ex Explanation: Answer: A w Question: 26 w w .v The explanation is that preemptible instances are VM instances that offer lower costs than regular instances but can be reclaimed by OCI at any time due to capacity constraints or after running for a maximum of 24 hours. Preemptible instances are ideal for short-lived and stateless workloads that can tolerate interruptions and do not require guaranteed availability or performance. Preemptible instances are billed by the second at a fixed rate that is lower than regular instances. tp s: // Which of the following statements is true about cloning a volume in the Oracle Cloud Infrastructure (OCI) Block Volume service? ht A. You need to detach a volume before cloning it. B. Creating a clone takes longer than creating a backup of a volume. C. You can clone a volume to another region. D. You can change the block volume size when cloning a volume. Answer: D Explanation: You can change the block volume size when cloning a volume. The explanation is that cloning a volume is a way of creating an exact copy of an existing volume without creating a backup first. Cloning a volume is faster and cheaper than creating a backup and restoring it to a new volume. When you clone a volume, you can change the block volume size, performance, encryption settings, and tags of the new volume. You do not need to detach a volume before cloning it, as cloning does https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 15/31 not affect the source volume or its attachments. You cannot clone a volume to another region, as cloning only works within the same region and availability domain. Creating a clone usually takes less time than creating a backup of a volume, as cloning does not involve transferring data to Object Storage. Question: 27 du m ps .c A. Bring your own image and use it as a template for the new instances. B. Select an image from the OCI Marketplace. C. Use Oracle-provided images and customize the installation using a third-party tool. D. Create a custom image and use it as a template for the new instances. om You just got a last minute request to create a set of instances in Oracle Cloud Infrastructure (OCI). The configuration and installed software are identical for every instance, and you already have a running instance in your OCI tenancy. Which image option allows you to achieve this task with the least amount of effort? am Explanation: Answer: D w w .v Question: 28 al id ex Creating a custom image and using it as a template for the new instances is the option that allows you to achieve this task with the least amount of effort. A custom image is a copy of an existing instance that you can use to launch other instances with the same configuration and installed software. The other options are not suitable for this scenario, as they would require more time and effort to create and customize the instances. Reference: [Custom Images] Which is NOT a valid action within the Oracle Cloud Infrastructure (OCI) Block Volume service? ht tp s: // w A. Expanding an existing volume in place with offline resizing. B. Restoring from a volume backup to a larger volume. C. Attaching a block volume to an instance in a different availability domain. D. Cloning an existing volume to a new, larger volume. Answer: C Explanation: Attaching a block volume to an instance in a different availability domain is not a valid action within the OCI Block Volume service. A block volume can only be attached to an instance in the same availability domain. The other options are valid actions that can be performed with the Block Volume service. Reference: [Block Volume Actions] Question: 29 When creating an Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) with the VCN wizard, which THREE gateways are created automatically? https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 16/31 A. Internet Gateway B. Local Peering Gateway C. Dynamic Routing Gateway D. NAT Gateway E. Storage Gateway F. Bastion Host G. Service Gateway Answer: A, D, G om Explanation: am du m ps .c Internet Gateway, NAT Gateway, and Service Gateway are three gateways that are created automatically when creating a VCN with the VCN wizard. An Internet Gateway allows public traffic between the VCN and the internet. A NAT Gateway allows private traffic from the VCN to access the internet without exposing the VCN resources to incoming internet connections. A Service Gateway allows private traffic from the VCN to access OCI services such as Object Storage, Email Delivery, and Notifications. The other options are not created automatically by the VCN wizard, but can be added manually later if needed. Reference: [VCN Wizard], [Gateways] al id ex Question: 30 Which THREE capabilities are available with the Oracle Cloud Infrastructure (OCI) DNS service? tp s: // w w w .v A. Creating and managing records B. Creating and managing WAF rules C. Creating and managing Identity Access Management (IAM) policies D. Creating and managing zones E. Viewing all zones F. Creating and managing security lists Answer: A, D, E Explanation: ht Creating and managing records, creating and managing zones, and viewing all zones are three capabilities that are available with the OCI DNS service. Records are data elements that map domain names to IP addresses or other information. Zones are collections of records that correspond to a domain name or a subdomain name. The OCI DNS service allows users to create and manage records and zones for their domains or subdomains, as well as view all zones in their tenancy. The other options are not capabilities of the OCI DNS service, but of other OCI services such as WAF, IAM, and Networking. Reference: [DNS Service], [Records], [Zones] Question: 31 Which Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) policy is invalid? A. Allow dynamic-group FrontEnd to manage instance-family in compartment Project-A https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 17/31 B. Allow any-user to inspect users in tenancy C. Allow group A-Developers to create volumes in compartment Project-A D. Allow group A-Admins to manage all-resources in compartment Project-A Answer: C Explanation: om Allow group A-Developers to create volumes in compartment Project-A is an invalid IAM policy. This is because create is not a valid verb for volumes. The correct verb for creating volumes is attach. The other options are valid IAM policies that use correct verbs and syntax. Reference: [IAM Policies], [Verbs] m ps .c Question: 32 du As a solution architect, you are showcasing the Oracle Cloud Infrastructure (OCI) Object Storage feature about Object Versioning to a customer. Which statement is true regarding OCI Object Storage Versioning? Explanation: w w .v al id ex am A. Objects are physically deleted from a bucket when versioning is enabled. B. Object Versioning is disabled on a bucket by default. C. A bucket that is versioning-enabled can and will always have the latest version of the object in the bucket. D. Object Versioning does not provide data protection against accidental or malicious object update, overwrite, or deletion. Answer: B tp s: // w Object Versioning is disabled on a bucket by default is a true statement regarding OCI Object Storage Versioning. Object Versioning is a feature that allows users to preserve, retrieve, and restore every version of every object stored in a bucket. Object Versioning is disabled on a bucket by default, but can be enabled or suspended by the user at any time. The other statements are false regarding OCI Object Storage Versioning. Reference: [Object Versioning] ht Question: 33 You have three compartments: ProjectA, ProjectB, and ProjectC. For each compartment, there is an admin group set up: A-Admins, B-Admins, and C-Admins. Each admin group has full access over their respective compartments as shown in the graphic below. Your organization has set up a tag namespace, EmployeeGroup.Role and all your admin groups are tagged with a value of 'Admin'. https://www.validexamdumps.com/1Z0-1072-23.html 18/31 m ps .c om Questions and Answers PDF am du You want to set up a Test compartment for members of the three projects to share. You also need to provide admin access to all three of your existing admin groups. Which policy would you write to accomplish this task? Answer: D tp s: // Explanation: w w w .v al id ex A. Allow all-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin' B. Allow dynamic-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin' C. Allow group any-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin' D. Allow any-user to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin' ht Allow all-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role=‘Admin’ is the policy that would accomplish this task. This policy grants admin access to all groups that have the tag EmployeeGroup.Role=‘Admin’ in the compartment Test. The other options are not correct, as they use incorrect terms such as dynamic-group, any-group, or any-user. Reference: [Tag-Based Authorization] Question: 34 As your company’s cloud architect, you have been invited by the CEO to join his staff meeting. They want your input on interconnecting Oracle Cloud Infrastructure (OCI) to another cloud provider in London, with some specific requirements: • They want resources in the other cloud provider to leverage OCI Autonomous Data Warehouse ML capabilities. • The connection between OCI and the other cloud provider should be provisioned as quickly as https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 19/31 possible. • The connection should offer high bandwidth and predictable performance. Which other cloud provider should you recommend to interconnect with OCI and meet the above requirements? om A. IBM Cloud B. Google Cloud C. OCI D. Microsoft Azure E. Digital Ocean F. Amazon Web Services G. Alibaba Cloud m ps .c Answer: D Explanation: al id ex am du The explanation is that Microsoft Azure is one of the cloud providers that has an interconnect location with OCI in London. This means that you can use OCI FastConnect to establish a private and dedicated connection between OCI and Azure in London, with high bandwidth and predictable performance. This connection can also enable you to leverage OCI Autonomous Data Warehouse ML capabilities from Azure resources, as you can access OCI services across regions using private IP addresses. The interconnect location can be provisioned quickly using the OCI and Azure consoles or APIs. Question: 35 ht tp s: // w w w .v You want to create a policy to allow the NetworkAdmins group to manage Virtual Cloud Network (VCN) in compartment C. You want to attach this policy to the tenancy. The compartment hierarchy is shown below. Which policy statement can be used to accomplish this task? A. Allow group NetworkAdmins to manage virtual-network-family in compartment B:C B. Allow group NetworkAdmins to manage virtual-network-family in compartment C https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 20/31 C. Allow group NetworkAdmins to manage virtual-network-family in tenancy D. Allow group NetworkAdmins to manage virtual-network-family in compartment A:B:C Answer: D Explanation: m ps .c om Allow group NetworkAdmins to manage virtual-network-family in compartment A:B:C. The explanation is that when you attach a policy to the tenancy, you need to specify the full path of the compartment where you want to grant permissions. In this case, the compartment C is a subcompartment of compartment B, which is a sub-compartment of compartment A, which is a subcompartment of the root compartment (tenancy). Therefore, the full path of compartment C is A:B:C. The virtual-network-family resource type includes all the resources related to VCN, such as subnets, route tables, security lists, gateways, etc. Question: 36 al id ex am du You are in the process of migrating several legacy applications from on-premises to Oracle Cloud Infrastructure (OCI). The current servers are already virtualized. However, you notice that the version of CentOS currently running does not align with any of the Oracle-provided compute images.How would you migrate your existing virtual server images to OCI? tp s: // w w w .v A. Export your current image in the VMDK format and copy to an Object Storage bucket. Import it as a custom image. Select native mode to ensure the best possible performance. B. Export your current image in the VDI format and copy to an Object Storage bucket. Import it as a custom image. Select native modeto ensure the best possible performance. C. Export your current image in the QED format and copy to an Object Storage bucket. Import it as a custom image. Select emulated modeto ensure compatibility with legacy drivers. D. Export your current image in the QCOW2 format and copy to an Object Storage bucket. Import it as a custom image. Select emulated mode to ensure compatibility with legacy drivers Answer: D ht Explanation: Export your current image in the QCOW2 format and copy to an Object Storage bucket. Import it as a custom image. Select emulated mode to ensure compatibility with legacy drivers. The explanation is that QCOW2 is one of the supported formats for importing custom images to OCI. Custom images are images that you can create from your own on-premises or cloud servers and use them to launch instances in OCI. To import a custom image, you need to export your current image in a supported format, copy it to an Object Storage bucket, and then import it as a custom image using the OCI console or API. When you import a custom image, you can choose between native mode or emulated mode. Native mode offers better performance but requires compatible drivers and firmware. Emulated mode offers better compatibility but lower performance. Question: 37 https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 21/31 Your DevOps team needs to interconnect the on-premises network to the Oracle Cloud Infrastructure (OCI) resources, such as a managed database that resides in a private subnet. They indicate that they have a low budget and their bandwidth requirements are minimal, so you decide that a site-to-site VPN is the best option. They provide you with their router public IP address. You need to create an object in OCI that represents this router. Which object would you create? m ps .c om A. Internet Gateway B. Dynamic Routing Gateway (DRG) C. Customer Premises Equipment (CPE) D. Virtual Network Interface Card (vNIC) E. IPSec Tunnel F. Bastion Host Answer: C du Explanation: Question: 38 w w .v al id ex am Customer Premises Equipment (CPE). The explanation is that CPE is an object in OCI that represents your on-premises router or VPN device that connects to your VCN via a site-to-site VPN. A site-to-site VPN is a secure and encrypted connection between your on-premises network and your VCN over the public internet. To set up a site-to-site VPN, you need to create a CPE object with your router’s public IP address and other information, such as vendor and platform. You also need to create a Dynamic Routing Gateway (DRG) object in your VCN and attach it to your VCN. Then, you need to create an IPSec connection between your CPE and DRG, which will create two redundant VPN tunnels for high availability. tp s: // w Which statement is TRUE about delegating an existing domain to the Oracle Cloud Infrastructure (OCI) DNS service? ht A. Domains can be delegated to OCI DNS via FastConnect partners. B. Domains can be delegated to OCI DNS from the OCI Marketplace. C. Domains can be self-delegated to OCI DNS from its own service portal. D. Domains can be delegated to OCI DNS from the Domain Registrar’s self-service portal. E. All domains can be retrieved to OCI DNS via DYN. Answer: D Explanation: Domains can be delegated to OCI DNS from the Domain Registrar’s self-service portal. The explanation is that delegating a domain to OCI DNS means that you are transferring the authority to resolve DNS queries for your domain from your current DNS provider to OCI DNS. To delegate a domain to OCI DNS, you need to create a zone in OCI DNS that matches your domain name and add any records that you want to serve from OCI DNS. Then, you need to update the name servers for your domain at your Domain Registrar’s self-service portal with the name servers provided by OCI https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 22/31 DNS. This will point your domain to OCI DNS and allow it to resolve DNS queries for your domain. Question: 39 As a network architect you have deployed a public subnet on your Virtual Cloud Network (VCN) with this security list: m ps .c om You have also created a network security group (NSG) as shown in the table here, and assigned it to your bastion host: am du You have confirmed that routing is correct but when you SSH to the VM from your home over the Internet you are unable to connect. What could be the problem? Explanation: w w .v al id ex A. User will be able to SSH to the VM from the Internet as SSH is open on the NSG. B. Public subnet does not have a route rule to the Internet Gateway. C. Internet traffic should be allowed only on the NSG. D. SSH traffic is not allowed in the security list nor on the NSG from the Internet. Answer: D ht tp s: // w SSH traffic is not allowed in the security list nor on the NSG from the Internet is the correct answer. This is because the security list only allows ingress traffic from 10.0.0.24 on port 22, and the NSG only allows ingress traffic from 10.0.0.0/16 on port 22. Neither of them allows ingress traffic from 0.0.0.0/0 (the Internet) on port 22, which is required for SSH access. The other options are not correct, as they do not explain why SSH access is not possible. Reference: [Security Lists], [Network Security Groups] Question: 40 Which statement is true about File System Replication in Oracle Cloud Infrastructure (OCI)? A. You can replicate the data in one file system to another file system only in the same region. B. You can replicate the data in one file system to another file system in the same region or a different region. C. Only a file system that has been exported can be used as a target file system. D. You cannot specify a replication interval when you create the replication resource. https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 23/31 Answer: B Explanation: You can replicate the data in one file system to another file system in the same region or a different region is a true statement about File System Replication in OCI. File System Replication is a feature that allows users to create a copy of a file system in another file system, either within the same region or across regions. This can be useful for disaster recovery, data migration, or data distribution purposes. The other statements are false about File System Replication in OCI. Reference: [File System Replication] om Question: 41 al id ex du am A. OCI Streaming service B. OS Management service C. OCI Registry D. OCI Security Zones to achieve automatic security updates E. OCI Cloud Guard to monitor and install the security updates m ps .c You are a system administrator of your company and you are managing a complex environment consisting of compute instances running Oracle Linux on Oracle Cloud Infrastructure (OCI). It's your task to apply all the latest kernel security updates to all instances. Which OCI service will allow you to complete this task? Explanation: Answer: B tp s: // w w w .v OS Management service is the OCI service that will allow you to complete this task. OS Management service is a service that helps users automate patching and package management for Oracle Linux and Windows instances in OCI. It can also help users monitor and manage system configuration and compliance across their instances. The other options are not suitable for this task, as they do not provide the functionality of OS Management service. Reference: [OS Management Service] Question: 42 ht Which tool provides a diagram of the implemented topology of all Virtual Cloud Networks (VCNs) in a selected region and tenancy? A. Network Watcher B. Traffic Analytics C. VCN Flow Logs D. Network Visualizer Answer: D Explanation: Network Visualizer is the tool that provides a diagram of the implemented topology of all VCNs in a selected region and tenancy. Network Visualizer is a feature of the OCI Networking service that https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 24/31 allows users to view and manage their network resources in a graphical interface. It can help users understand their network topology, troubleshoot issues, and optimize performance. The other options are not tools that provide a diagram of the VCN topology, but rather other features or services of OCI Networking. Reference: [Network Visualizer] Question: 43 om You have objects stored in an OCI Object Storage bucket that you want to share with a partner company. You decide to use pre-authenticated requests to grant access to the objects. Which statement is true about preauthenticated requests? du m ps .c A. You cannot edit a pre-authenticated request. B. Deleting a pre-authenticated request does not revoke user access to the associated bucket or object. C. You need to provide your OCI credentials to the partner company. D. Pre-authenticated requests can be used to delete buckets or objects. am Explanation: Answer: A w w .v al id ex You cannot edit a pre-authenticated request is a true statement about pre-authenticated requests. Pre-authenticated requests are URLs that allow users to access objects or buckets in OCI Object Storage without requiring additional authentication or authorization. Pre-authenticated requests can be created with an expiration date and time, and can be used for read or write operations. However, once created, pre-authenticated requests cannot be edited, but can only be deleted or extended. The other statements are false about pre-authenticated requests. Reference: [Pre-Authenticated Requests] Question: 44 tp s: // w You want a full-featured Identity-as-a-Service (IDaaS) solution that helps you manage workforce authentication and access to all of your Oracle and non-Oracle applications, whether they are SaaS apps, on-premises enterprise apps, or apps that are hosted in the cloud. Which IAM Identity Domain type should you create? ht A. Free B. Oracle Apps Premium C. Premium D. External User Answer: C Explanation: Premium is the IAM Identity Domain type that you should create if you want a full-featured IDaaS solution that helps you manage workforce authentication and access to all of your Oracle and nonOracle applications. Premium Identity Domain provides users with access to Oracle Identity Cloud Service, which is an IDaaS solution that offers identity management, single sign-on, multifactor https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 25/31 authentication, identity governance, and integration with third-party applications. The other options are not IAM Identity Domain types that provide a full-featured IDaaS solution. Reference: [Identity Domains], [Oracle Identity Cloud Service] Question: 45 Which statement accurately describes the key features and benefits of OCI Confidential Computing? du m ps .c om A. It encrypts and isolates in-use data and the applications processing that data, thereby preventing unauthorized access or modification. B. It optimizes network performance and reduces latency through advanced routing algorithms and caching mechanisms. C. It enables users to securely store and retrieve data by using distributed file systems, ensuring high availability and fault tolerance. D. It provides automatic scalability and load balancing capabilities, which allow seamless integration with other cloud providers. am Explanation: Answer: A w Question: 46 w w .v al id ex It encrypts and isolates in-use data and the applications processing that data, thereby preventing unauthorized access or modification is an accurate description of the key features and benefits of OCI Confidential Computing. Confidential Computing is a feature that leverages hardware-based Trusted Execution Environments (TEEs) to protect data and applications from unauthorized access or modification while they are in use by the CPU or memory. This adds an extra layer of security to cloud computing, as it protects data not only at rest and in transit, but also in use. The other options are not accurate descriptions of the key features and benefits of OCI Confidential Computing. Reference: [Confidential Computing] ht tp s: // You created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain application servers and the third subnet contains a DB System. The application requires a shared file system, therefore you have provisioned one using the file storage service (FSS). You have also created the corresponding mount target in one of the application subnets. The VCN security lists are properly configured so that the application servers can access FSS. The security team changed the settings for the DB System to have read-only access to the file system. However when they test it, they are unable to access FSS. How would you allow access to FSS? A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet. B. Create an instance principal for the DB System. Write an Identity and Access Management (IAM) policy that allows the instance principal read-only access to the file storage service. C. Modify the security list associated with the subnet where the mount target resides. Change the ingress rules corresponding to the DB System subnet to be stateless. D. Modify the security list associated with the subnet where the mount target resides. https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 26/31 E. Change the ingress rules corresponding to the DB System subnet to be stateful. Answer: A Explanation: om Creating an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet is the correct answer. This is because NFS export options are used to control the level of access that clients have to file systems. By creating an NFS export option with READ_ONLY access for the DB System subnet, you can allow the DB System to read data from the file system, but not write or modify it. The other options are not correct, as they do not address the requirement of read-only access for the DB System. Reference: [NFS Export Options] m ps .c Question: 47 am du You need to set up instance principals so that an application running on an instance can call Oracle Cloud Infrastructure (OCI) public services, without the need to configure user credentials. A developer in your team has already configured the application built using an OCI SDK to authenticate using the instance principals provider. Which is NOTa necessary step to complete this set up? Answer: B w Explanation: w w .v al id ex A. Create a dynamic group with matching rules to specify which instances can make API calls against services. B. Generate Auth Tokens to enable instances in the dynamic group to authenticate with APIs. C. Create a policy granting permissions to the dynamic group to access services in your compartment or tenancy. D. Deploy the application and the SDK to all the instances that belong to the dynamic group. ht tp s: // Generating Auth Tokens to enable instances in the dynamic group to authenticate with APIs is not a necessary step to complete this set up. This is because Auth Tokens are used to authenticate users, not instances, when making API calls to OCI services. Instance principals are a feature that allows instances to authenticate themselves using certificates, without requiring user credentials or Auth Tokens. The other options are necessary steps to complete this set up, as they enable instances in the dynamic group to make API calls against services using instance principals and IAM policies. Reference: [Instance Principals], [Auth Tokens] Question: 48 When defining a query for metric data in Monitoring, which field provides the time window for aggregating metric data points plotted on the metric chart? A. Dimension B. Namespace C. Statistic https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 27/31 D. Interval Answer: D Explanation: om Interval is the field that provides the time window for aggregating metric data points plotted on the metric chart. Interval is a parameter that specifies how often metric data points are collected and aggregated by the Monitoring service. For example, an interval of 5 minutes means that metric data points are aggregated every 5 minutes and displayed on the chart. The other options are not fields that provide the time window for aggregating metric data points, but rather other parameters that define the metric query. Reference: [Interval] m ps .c Question: 49 al id ex Explanation: Answer: A w w .v A. Auth Tokens B. OCI Username and Password C. API Signing Key D. SSH Key Pair with 2048-bit algorithm am du You are using a custom application with third-party APIs to manage the application and data hosted in an Oracle Cloud Infrastructure (OCI) tenancy. Although your third-party APIs do not support OCI’s signature-based authentication, you want them to communicate with OCI resources. Which authentication option should you use to ensure this? tp s: // w Auth Tokens is the authentication option that you should use to ensure that your custom application with third-party APIs can communicate with OCI resources. Auth Tokens are tokens that can be used as an alternative to passwords when making API calls to OCI services. Auth Tokens can be generated and revoked by users in the OCI Console or CLI, and can be used with any API client that supports basic authentication. The other options are not suitable for this scenario, as they either require OCI’s signature-based authentication or are not applicable for API calls. Reference: [Auth Tokens] ht Question: 50 Company XYZ is spending $300,000.00 USD per month in egress fees for 7 Petabytes that they consume for Outbound Data Transfer in North America with their current cloud provider. The company is seeking to lower that expense considerably without reducing consumption. You propose migration to OCI because the Gigabyte Outbound Data Transfer in North America costs just $0.0085 USD per month. With OCI, how much will they spend per month for 7 Petabytes of Outbound Data Transfer? (1 Petabyte = 1000 Terabytes) A. $59,500.00 B. $150,000.00 C. $59,415.00 https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 28/31 D. $0.00 (free with OCI) Answer: A Explanation: om $59,415.00 is the amount that Company XYZ will spend per month for 7 Petabytes of Outbound Data Transfer in North America with OCI. This is calculated by multiplying 7 Petabytes by 1000 Terabytes (to convert Petabytes to Terabytes), then multiplying by $0.0085 USD (the cost per Gigabyte Outbound Data Transfer in North America), then dividing by 1000 (to convert Gigabytes to Terabytes). The formula is: (7 * 1000 * 0.0085) / 1000 = $59,415.00 m ps .c Question: 51 al id ex am du You have a high-demand web application running on Oracle Cloud Infrastructure (OCI). Your tenancy administrator has set up a schedule-based autoscaling policy on instance pool with an initial size of 5 instances for the application. Policy 1: Target pool size:10 instances Execution time:8:30 a.m. on every Monday through Friday, in every month, in every year Cron expression:0 30 8 ? * MON-FRI * Which statement accurately explains the goal of this policy? tp s: // w w w .v A. Goal: A one-time schedule with only one scaling out event. At 8:30 a.m., on December 31, 2021, scale the instance pool to 10 instances from 5. B. Goal: A recurring monthly schedule. On all days of the month, set the initial pool size to 5 instances. At 8.30 a.m., on every day of the month, scale out to 10 instances. C. Goal: A recurring daily schedule. On weekday mornings at 8.30 a.m., scale out to 10 instances. D. Goal: A recurring weekly schedule. On all days of the week at 8.30 a.m., scale out the pool to 10 instances from the initial size of 5 Answer: C Explanation: ht The explanation is that a schedule-based autoscaling policy allows you to adjust the size of your instance pool based on a cron expression that specifies the date and time of the scaling action. The cron expression consists of six fields: seconds, minutes, hours, day of month, month, and day of week. In this case, the cron expression is 0 30 8 ? * MON-FRI *, which means that the scaling action will occur at 8:30 a.m. on every Monday through Friday, regardless of the day of month or month. Therefore, the goal of this policy is to scale out the instance pool to 10 instances on weekday mornings at 8:30 a.m. Question: 52 In which two ways can Oracle Security Zones assist with the cloud security shared responsibility model? https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 29/31 A. Encrypt storage resources with a customer-managed key. B. Allow access to an unsecured compartment, which is moved from a standard compartment. C. Deny public access to Oracle Cloud Infrastructure resources, such as databases and object storage buckets. D. Add or move a standard compartment to a highly secured security zone compartment. Answer: A, C Explanation: am du m ps .c om Oracle Security Zones is a service that helps you enforce best practices and prevent misconfigurations on your OCI resources by applying predefined policies and controls. Some of the benefits of using Security Zones are: Encrypt storage resources with a customer-managed key: Security Zones require that all storage resources, such as block volumes, boot volumes, file systems, and object storage buckets, are encrypted with a customer-managed key from Vault. This ensures that you have full control over the encryption and decryption of your data at rest. Deny public access to OCI resources, such as databases and object storage buckets: Security Zones prevent you from creating or updating OCI resources that have public access enabled, such as databases and object storage buckets that are accessible from the internet. This reduces the risk of unauthorized access or data leakage. al id ex Question: 53 w tp s: // A. IP Prefix B. Load Balancer C. Geolocation D. Failover w w .v You want to distribute DNS traffic to different endpoints based on the location of the end user. Which Traffic Management Steering Policy would you use? Answer: C Explanation: ht The explanation is that geolocation is a type of Traffic Management Steering Policy that allows you to distribute DNS traffic to different endpoints based on the location of the end user. Geolocation steering policies use geolocation data from third-party providers to map end user IP addresses to geographic regions. You can create rules that specify which endpoints to serve for each region or country, or use a default endpoint for unspecified regions. Question: 54 What should be created before provisioning an Oracle Cloud Infrastructure (OCI) DB System? A. Bucket in Object Storage B. Virtual Cloud Network https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 30/31 C. Compute Instance D. Compartment Answer: B Explanation: om The explanation is that a Virtual Cloud Network (VCN) is a software-defined network that you set up in OCI to connect your cloud resources, such as compute instances and databases. A VCN provides you with complete control over your network environment, including selecting your own IP address range, creating subnets, route tables, gateways, security lists, etc. You need to create a VCN before provisioning an OCI DB System, as you need to specify which subnet in your VCN you want to launch your DB System in. m ps .c Question: 55 Which is NOT a valid option for an Oracle Cloud Infrastructure (OCI) compute shape? al id ex am du A. Bare Metal B. Dedicated Virtual Machine Host C. Virtual Machine D. Exadata Virtual Machine Explanation: Answer: D ht tp s: // w w w .v Exadata Virtual Machine is not a valid option for an OCI compute shape. Exadata Virtual Machine is a deployment option for Exadata Cloud Service or Exadata Cloud@Customer, which are services that provide dedicated Exadata infrastructure for running Oracle databases in OCI. Exadata Virtual Machine allows you to create multiple virtual machines on each Exadata compute node and isolate them from each other using Oracle VM technology. The valid options for OCI compute shapes are: Bare Metal: A bare metal instance is a physical server that gives you direct access to the underlying hardware and full isolation from other tenants. Dedicated Virtual Machine Host: A dedicated virtual machine host is a physical server that hosts only your virtual machine instances and no other tenant’s instances. Virtual Machine: A virtual machine instance is a virtual server that runs on a shared physical server with other tenants’ instances. Burstable: A burstable instance is a virtual machine instance that has a baseline utilization of either 12% or 50% of each CPU core and can burst above the baseline when needed. https://www.validexamdumps.com/1Z0-1072-23.html Questions and Answers PDF 31/31 Thank you for your visit. ht tp s: // w w w .v al id ex am du m ps .c om To try more exams, please visit below link https://www.validexamdumps.com/1Z0-1072-23.html https://www.validexamdumps.com/1Z0-1072-23.html