oracle 1Z0-1067-21 Exam Questions
Questions for the 1Z0-1067-21 were updated on : Jul 20 ,2024
Page 1 out of 4. Viewing questions 1-15 out of 55
Question 1
You have been asked to ensure that in-transit communication between an Oracle Cloud
Infrastructure (OCI) compute instance and an on-premises server (192.168.10.10/32) is encrypted.
The instances communicate using HTTP. The OCI Virtual Cloud Network (VCN) is connected to the on-
premises network by two separate connections: a Dynamic IPsec VPN tunnel and a FastConnect
virtual circuit. No static configuration has been added.
What solution should you recommend? (Choose the best answer.)
- A. It is not possible to use VNC console connections to connect to Bare Metal Instances.
- A. The instances will communicate by default over IPsec VPN, which ensures data is encrypted in- transit.
- B. VNC console connection uses SSH port forwarding to create a secure connection from your local system to the VNC server attached to your instances console.
- B. Advertise a 192.168.10.10/32 route over the VPN.
- C. It is not possible to connect to the serial console to an instance running Microsoft Windows, however VNC console connection can be used.
- C. Advertise a 192.168.10.10/32 router over the FastConnect.
- D. For security purpose, the console connection will not let you edit system configuration files.
- D. The instances will communicate by default over the FastConnect private virtual circuit, which ensures data is encrypted in-transit.
- E. If you do not disconnect from the session, your serial console connection will automatically be terminated after 24 hours.
Answer:
B
Explanation:
https://www.oracle.com/uk/cloud/networking/fastconnect-faq.html
Question 2
You have created a group for several auditors. You assign the following policies to the group:
What actions are the auditors allowed to perform within your tenancy? (Choose the best answer.)
- A. Change the alarm’s metric interval to 1.
- A. The Auditors can view resources in the tenancy.
- B. Change the alarm condition to be grater than 3%.
- B. Auditors are able to create new instances in the tenancy.
- C. Change the notification topic that you previously associated with the alarm.
- C. The Auditors are able to delete resource in the tenancy.
- D. Change the alarm’s trigger delay minutes value to 1.
- D. Auditors are able to view all resources in the compartment.
Answer:
A
Explanation:
https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policies.htm#Verbs
Question 3
You have a web application running on Oracle Cloud Infrastructure (OCI) that lets users log in with a
username and password. You notice that an attacker has tried to use SQL comment --" to alter the
database query, remove the password check and log in as a user. You decide to prevent any future
attacks.
Which of the following OCI services or features would you choose to safeguard your application?
(Choose the best answer.)
- A. Use the Python SDK to write a custom application that will monitor the Audit log. Look for CREATE events and configure the application to send you an email each time a new resource is created.
- A. Network Security Group
- B. Create a tag namespace named BILLING with a Tag Key named CostCenter. Tag each of your resources with this Tag Key and the correct value.
- B. Data Safe
- C. Use the Events Service and create rules that will act when a new Object Storage bucket or Compute Instance has been created. Have the rule email you each time one of these events occurs.
- C. Web Application Framework (WAF)
- D. Create a budget for each compartment that will send a notification when monthly spend reaches a pre-defined amount.
- D. Vault
Answer:
C
Explanation:
WAF provides you with the ability to create and manage rules for internet threats including Cross-
Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities.
Reference:
https://docs.oracle.com/en-
us/iaas/Content/WAF/Concepts/overview.htm#Overview_of_the_Web_Application_Firewall_Servic
e
Question 4
One of the compute instances that you have deployed on Oracle Cloud Infrastructure (OCI) is
malfunctioning. You have created a console connection to remotely troubleshoot it.
Which two statements about console connections are TRUE? (Choose two.)
- A. The traffic will be forwarded at the same time to both Pool 1 and Pool 2.
- A. It is not possible to use VNC console connections to connect to Bare Metal Instances.
- B. The traffic will be dropped.
- B. VNC console connection uses SSH port forwarding to create a secure connection from your local system to the VNC server attached to your instances console.
- C. The traffic will be forwarded randomly to any of the pools mentioned in the rules.
- C. It is not possible to connect to the serial console to an instance running Microsoft Windows, however VNC console connection can be used.
- D. The traffic will be forwarded to Pool 1. If Pool 1 is not available, then it will be forwarded to Pool 2.
- D. For security purpose, the console connection will not let you edit system configuration files.
- E. If you do not disconnect from the session, your serial console connection will automatically be terminated after 24 hours.
Answer:
BE
Explanation:
https://docs.oracle.com/en-us/iaas/Content/Compute/References/serialconsole.htm
Question 5
You have created an Autonomous Data Warehouse (ADW) service in your companys Oracle Cloud
Infrastructure (OCI) tenancy and you now have to load historical data into it. You have already
extracted this historical data from multiple data marts and data warehouses. This data is stored in
multiple CSV text files and these files are ranging in size from 25 MB to 20 GB.
Which is the most efficient and error tolerant method for loading data into ADW? (Choose the best
answer.)
- A. oci resource-manager stack create ––tenancy–id \ ––config-source prod.zip ––variables file://variables.json \ ––display-name Production stack build \ ––description Creating new Production environment
- A. Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL, using the web console upload the CSV files to an OCI object storage bucket, create the tables in the ADW database and then execute DBMS_CLOUD.COPY_DATA for each CSV file to copy the contents into the corresponding ADW database table.
- B. oci resource-manager stack update ––compartment–id \ ––config-source prod.zip ––variables file://variables.json \ ––display-name “Production stack build” \ ––description Creating new Production environment
- B. Create the tables in the ADW database and then execute SQL*Loader for each CSV file to load the contents into the corresponding ADW database table.
- C. oci resource-manager stack create ––compartment–id \ ––config-source prod.zip ––variables file://variables.json \ ––display-name Production stack build \ ––description Creating new Production environment
- C. Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL, using OCI CLI upload the CSV files to an OCI object storage bucket, create the tables in the ADW database and then execute Data Pump Import for each CSV file to copy the contents into the corresponding ADW database table.
- D. oci resource-manager stack update ––tenancy–id \ ––config-source prod.zip ––variables file://variables.json \ ––display-name “Production stack build” \ ––description Creating new Production environment
- D. Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL, using OCI CLI upload the CSV files to an OCI object storage bucket, create the tables in the ADW database and then execute DBMS_CLOUD.COPY_DATA for each CSV file to copy the contents into the corresponding ADW database table.
Answer:
D
Explanation:
Using Object Storage and COPY_DATA is the standard recommended method for fetching data into
ADW. Furthermore using CLI over web has the benefit of multipart upload, that is chunk upload of
large files, thus reducing the chance of a transfer failure
Question 6
You are using the Oracle Cloud Infrastructure Command Line Interface to launch a Linux virtual
machine. You enter the following command (with correct values for all parameters):
The command fails.
Which is NOT a valid parameter in this command? (Choose the best answer.)
- A. Provision FastConnect with a single private virtual circuit, and run an IPsec VPN tunnel over the top of this virtual circuit.
- A. –t <tenancy_id>
- B. Provision FastConnect with a single public virtual circuit.
- B. – –image-id <image_id>
- C. Provision a site-to-site IPsec VPN between your on-premises network and your virtual cloud network (VCN) using VPN Connect.
- C. – –shape “<shape_name>”
- D. Provision FastConnect with a single private virtual circuit.
- D. –c <compartment_id>
- E. Provision FastConnect with a single public virtual circuit, and run an IPsec VPN tunnel over the top of this virtual circuit.
- E. – –subnet-id <subnet_id>
Answer:
A
Explanation:
Tenacy
is
not
in
the
parameters
https://docs.oracle.com/en-us/iaas/tools/oci-cli/3.0.5/oci_cli_docs/cmdref/compute/instance/launch.html
Question 7
You have received an email from your manager to provision new resources on Oracle Cloud
Infrastructure (OCI). When researching OCI, you determined that you should use OCI Resource
Manager. Since this is a task that will be done multiple times for development, test, and production.
You will need to create a command that can be re-used.
Which CLI command can be used in this situation? (Choose the best answer.)
- A. You can use Resource Manager to apply patches to all existing Oracle Linux interfaces in a specified compartment.
- A. oci resource-manager stack create tenancyid <tenancy_OCID> \ config-source prod.zip variables file://variables.json \ display-name Production stack build \ description Creating new Production environment
- B. Resource Manager has administrative privileges by design. Even if your IAM user does not have access, you can leverage Resource Manager to provision new resources to any compartment in the Tenancy.
- B. oci resource-manager stack update compartmentid <compartment_OCID> \ config-source prod.zip variables file://variables.json \ display-name Production stack build \ description Creating new Production environment
- C. You can use Resource Manager to identify and maintain an inventory of all Compute and Database instances across your tenancy.
- C. oci resource-manager stack create compartmentid <compartment_OCID> \ config-source prod.zip variables file://variables.json \ display-name Production stack build \ description Creating new Production environment
- D. Resource Manager manages to Terraform state file for your infrastructure and locks the file so that only one job at a time can run on a given stack.
- D. oci resource-manager stack update tenancyid <tenancy_OCID> \ config-source prod.zip variables file://variables.json \ display-name Production stack build \ description Creating new Production environment
Answer:
C
Explanation:
https://docs.oracle.com/en-us/iaas/tools/oci-cli/3.0.2/oci_cli_docs/cmdref/resource-manager/stack/create.html
Question 8
You are asked to deploy a new application that has been designed to scale horizontally. The business
stakeholders have asked that the application be deployed in us-phoenix-1.
Normal usage requires 2 OCPUs. You expect to have few spikes during the week, that will require up
to 4 OCPUs, and a major usage uptick at the end of each month that will require 8 OCPUs.
What is the most cost-effective approach to implement a highly available and scalable solution?
(Choose the best answer.)
- A. You can run CLI commands from inside OCI Regions only.
- A. Create an instance pool with a VM.Standard2.2 shape instance configuration. Setup the autoscaling configuration to use 2 availability domains and have a minimum of 2 instances, to handle the weekly spikes, and a maximum of 4 instances.
- B. You can filter CLI output using the JMESPath query option for JSON.
- B. Create an instance with 1 OCPU shape. Use the Resize Instance action to scale up to a larger shape when more resources are needed.
- C. The CLI provides an automatic way to connect with instances provisioned on OCI.
- C. Create an instance with 1 OCPU shape. Use a CLI script to clone it when more resources are needed.
- D. The CLI allows you to use the Python language to interact with OCI APIs.
- D. Create an instance pool with a VM.Standard2.1 shape instance configuration. Setup the autoscaling configuration to use 2 availability domains and have a minimum of 2 instances and a maximum of 8 instances.
- E. The CLI provides the same core functionality as the Console, plus additional commands.
Answer:
D
Explanation:
https://docs.oracle.com/en-
us/iaas/Content/Compute/References/computeshapes.htm#baremetalshapes__bm-standard
Question 9
You have been asked to set up connectivity between a clients on-premises network and Oracle
Cloud Infrastructure (OCI). The requirements are:
Low latency: The applications are financial and require low latency connectivity into OCI.
Consistency: The application isnt tolerant of performance variation.
Performance: The communications link needs to support up to 1.25 Gbps.
Encryption: The communications link needs to encrypt any data in transit between the on-premises
network and OCI Virtual Cloud Network (VCN).
The client wants to implement the above with as low a cost as possible, while meeting all of the
requirements. What should you suggest? (Choose the best answer.)
- A. ‘touch’ command is not available in Oracle Linux by default.
- A. Provision FastConnect with a single private virtual circuit, and run an IPsec VPN tunnel over the top of this virtual circuit.
- B. Service limits or quota for file system writes have been breached.
- B. Provision FastConnect with a single public virtual circuit.
- C. User is not part of any OCI Identity and Access Management group with write permissions to File Storage service.
- C. Provision a site-to-site IPsec VPN between your on-premises network and your virtual cloud network (VCN) using VPN Connect.
- D. User is connecting as the default Oracle Linux user ‘opc’ instead of ‘root’ user.
- D. Provision FastConnect with a single private virtual circuit.
- E. Provision FastConnect with a single public virtual circuit, and run an IPsec VPN tunnel over the top of this virtual circuit.
Answer:
E
Explanation:
https://docs.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/encrypted-fastconnect-
public-peering.pdf
Question 10
Which two statements about the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI) are
TRUE? (Choose two.)
- A. oci audit event list –-end-time $end-time –-compartment-id $compartment-id
- A. You can run CLI commands from inside OCI Regions only.
- B. oci audit event list –-start-time $start-time –-compartment-id $compartment-id
- B. You can filter CLI output using the JMESPath query option for JSON.
- C. oci audit event list –-start-time $start-time –-end-time $end-time –-compartment-id $compartment-id
- C. The CLI provides an automatic way to connect with instances provisioned on OCI.
- D. oci audit event list –-start-time $start-time –-end-time $end–time –-tenancy-id $tenancy–id
- D. The CLI allows you to use the Python language to interact with OCI APIs.
- E. The CLI provides the same core functionality as the Console, plus additional commands.
Answer:
BE
Explanation:
https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliusing.htm
https://blogs.oracle.com/cloud-infrastructure/post/exploring-the-search-and-query-features-of-
oracle-cloud-infrastructure-command-line-interface
Question 11
You have a Linux compute instance located in a public subnet in a VCN which hosts a web application.
The security list attached to subnet containing the compute instance has the following stateful
ingress rule.
The Route table attached to the Public subnet is shown below. You can establish an SSH connection
into the compute instance from the internet. However, you are not able to connect to the web server
using your web browser.
Which step will resolve the issue? (Choose the best answer.)
- A. Customers are allowed to use their own testing and monitoring tools.
- A. In the route table, add a rule for your default traffic to be routed to NAT gateway.
- B. Customers can simulate DoS attack scenarios as long as it’s restricted to the customer’s own environment.
- B. In the security list, add an ingress rule for port 80 (http).
- C. Customers can validate that their network resources are isolated from other customer resources.
- C. In the security list, remove the ssh rule.
- D. Customers are allowed to test Oracle Cloud Infrastructure (OCI) hardware related to resources in their tenancy.
- D. In the route table, add a rule for your default traffic to be routed to service gateway.
Answer:
B
Explanation:
You need to add a rule in the security list table to allow access to web application. Web applications
are usually exposed over port 80 (HTTP), therefore answer B makes sense here.
Question 12
Your company recently adopted a hybrid cloud architecture which requires them to migrate some of
their on- premises web applications to Oracle Cloud Infrastructure (OCI). You created a Terraform
template which automatically provisions OCI resources such as compute instances, load balancer,
and a database instance. After running the stack using the terraform apply command, it successfully
launched the compute instances and the load balancer, but it failed to create a new database
instance with the following error:
Service error: NotAuthorizedOrNotFound. shape VM.Standard2.4 not found. http status code: 404
You discovered that the resource quotas assigned to your compartment prevent you from using
VM.Standard2.4 instance shapes available in your tenancy. You edit the Terraform script and replace
the shape with VM.Standard2.2
Which option would you recommend to re-run the terraform command to have required OCI
resources provisioned with the least effort? (Choose the best answer.)
- A. Create a Cost-Tracking tag. Apply this tag to all resources with team information. Use the OCI cost analysis tools to filter costs by tags.
- A. terraform plan –target=oci_database_db_system.db_system
- B. Create separate compartment for each team. Use the OCI cost analysis tools to filter costs by compartment.
- B. terraform apply –auto-approve
- C. Create an Identity and Access Management (IAM) group for each team. Create an OCI budget for each group to track spending.
- C. terraform refresh –target=oci_database_db_system.db_system
- D. Define and use tags for resources used by each team. Analyze usage data from the OCI Usage Report which has detailed information about resources and tags.
- D. terraform apply –target=oci_database_db_system.db_system
Answer:
B
Question 13
You have been monitoring your companys applications running in Oracle Cloud Infrastructure (OCI)
and notice that the application is using OCI Traffic Management service. This service uses a traffic
steering policy to distribute the DNS traffic based on subnet addresses in a rule set.
Which steering policy is in use in this particular case? (Choose the best answer.)
- A. Create a Health Check that evaluates both regional endpoints. Create a Traffic Management Steering policy with Failover type and associate it with the Health Check.
- A. Load Balancing policy
- B. Create a Traffic Management Steering policy with Load Balancer type and add both eu-frankfurt-1 and uk-london-1 endpoints. Attach the Traffic Management Steering policy to the A record.
- B. Geolocation steering
- C. Provision a Load Balancer in Frankfurt and associate it with the A record in DNS. Create a backend set with backend servers from both eu-frankfurt-1 and uk-london-1 regions.
- C. ASN steering policy
- D. Create a Traffic Management Steering policy and attach it to a backend servers from both eu-frankfurt-1 and uk-london-1 regions.
- D. IP Prefix steering
Answer:
D
Explanation:
IP Prefix steering policies enable customers to steer DNS traffic based on the IP Prefix of the
originating query.
Question 14
You have the following compartment structure within your companys Oracle Cloud Infrastructure
(OCI) tenancy:
You want to create a policy in the root compartment to allow SystemAdmins to manage VCNs only in
CompartmentC.
Which policy is correct? (Choose the best answer.)
- A. Create a load balancer policy in the Traffic Management service. Configure one answer for each site. Set the answer for the primary site with a weight of 10 and the answer for the secondary site with a weight of 100.
- A. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentB:CompartmentC
- B. Create a new A record in DNS that points to the public load balancer at the secondary site. Create a CNAME for the sub- domain failover that will resolve to the new A record. Inform customers to prepend the website URL with failover if the primary site is unavailable.
- B. Allow group SystemAdmins to manage virtual-network-family in compartment Root
- C. Create a failover policy in the Traffic Management service. Set the IP address of the public load balancer for the primary site in answer pool 1. Set the IP address of the public load balancer for the secondary site in answer pool 2. Define a health check to monitor both sites.
- C. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentA:CompartmentB:CompartmentC
- D. Deploy a new load balancer in the primary region. Create one backend set for the primary application servers and a second backend set for the standby application servers. Create a listener for the primary backend set with a timeout of 3 minutes. Create a listener for the secondary backend set with a timeout of 10 minutes.
- D. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentC
Answer:
C
Explanation:
Complete Compartment path is required. It is also advisable to do so, as policies are name based
ones.
Question 15
Which option contains the essential components of the Oracle Cloud Infrastructure Notifications
service? (Choose the best answer.)
- A. In the route table, add a rule for your default traffic to be routed to NAT gateway.
- A. An ALARM with a name unique across the tenancy, a SUBSCRIPTION, and a METRIC with the measurement of interest.
- B. In the security list, add an ingress rule for port 80 (http).
- B. A TOPIC with a name unique across the tenancy, a SUBSCRIPTION, and a MESSAGE where content is published.
- C. In the security list, remove the ssh rule.
- C. A TOPIC with a name unique across the compartment, a SUBSCRIPTION, and a MESSAGE where content is published.
- D. In the route table, add a rule for your default traffic to be routed to service gateway.
- D. An ALARM with a name unique across the compartment, a SUBSCRIPTION, and a METRIC with the measurement of interest.
Answer:
B
Explanation:
https://docs.oracle.com/en-us/iaas/Content/Notification/Concepts/notificationoverview.htm
https://docs.oracle.com/en-
us/iaas/Content/Notification/Tasks/managingtopicsandsubscriptions.htm