oracle 1Z0-1072-21 Exam Questions
Questions for the 1Z0-1072-21 were updated on : Jul 20 ,2024
Page 1 out of 16. Viewing questions 1-15 out of 239
Question 1
You have an Oracle Cloud Infrastructure (OCI) load balancer distributing traffic via an evenly-
weighted round robin policy to your back-end web servers. You notice that one of your web servers is
receiving more traffic than other web servers.
How can you resolve this to make sure traffic is evenly distributed across all back-end webservers?
- A. Disable cookie-based session persistence on your backend set.
- B. Change keep-alive setting between the load balancer and backend server.
- C. Disable SSL configuration associated with your backend set.
- D. Create separate listeners for each backend web server.
Answer:
D
Explanation:
Reference:
https://docs.cloud.oracle.com/en-
us/iaas/Content/Balance/Concepts/balanceoverview.htm
Question 2
Which two are Regional resources in Oracle Cloud Infrastructure? (Choose two.)
- A. Ephemeral public IPs
- B. Compartments
- C. Compute images
- D. Dynamic groups
- E. Block volume backups
Answer:
BD
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm
Question 3
An Oracle Cloud Infrastructure tenancy administrator is not able to delete a user in the tenancy.
What can cause this issue?
- A. User has multi-factor authentication (MFA) enabled.
- B. User is member of an Identity and Access Management (IAM) group.
- C. Users can be blocked but not deleted.
- D. User needs to be deleted from federation Identity Provider (IdP) before deleting from IAM.
Answer:
A
Question 4
D18912E1457D5D1DDCBD40AB3BF70D5D
You are a system administrator of your company and you are asked to manage updates and patches
across all your compute instances running Oracle Linux in Oracle Cloud Infrastructure (OCI). As part of
your task, you need to apply all the latest kernel security updates to all instances.
Which OCI service will allow you to complete this task?
- A. Resource Manager
- B. OS Management
- C. Storage Gateway
- D. Streaming
- E. Registry
Answer:
B
Explanation:
Reference:
https://blogs.oracle.com/cloud-infrastructure/os-management-with-oracle-cloud-
infrastructure
Question 5
Which of the following statements is true about the Oracle Cloud Infrastructure (OCI) Object Storage
serverside encryption?
- A. Encryption of data encryption keys with a master encryption key is optional.
- B. Customer-provided encryption keys are always stored in OCI Vault service.
- C. Encryption is enabled by default and cannot be turned off.
- D. Each object in a bucket is always encrypted with the same data encryption key.
Answer:
B
Explanation:
Reference:
https://docs.cloud.oracle.com/en-
us/iaas/Content/Object/Tasks/usingyourencryptionkeys.htm
Question 6
You need to set up instance principals so that an application running on an instance can call Oracle
Cloud Infrastructure (OCI) public services, without the need to configure user credentials.
A developer in your team has already configured the application built using an OCI SDK to
authenticate using the instance principals provider.
Which is NOT a necessary step to complete this set up?
- A. Create a dynamic group with matching rules to specify which instances you want to allow to make API calls against services.
- B. Generate Auth Tokens to enable instances in the dynamic group to authenticate with APIs.
- C. Create a policy granting permissions to the dynamic group to access services in your compartment or tenancy.
- D. Deploy the application and the SDK to all the instances that belong to the dynamic group.
Answer:
D
Explanation:
Reference:
https://blogs.oracle.com/cloud-infrastructure/announcing-instance-principals-for-
identity-andaccess-management
Question 7
You have been asked to create an Identity and Access Management (IAM) user that will authenticate
to Oracle Cloud Infrastructure (OCI) API endpoints. This user must not be given credentials that
would allow them to log into the OCI console.
Which two authentication options can you use? (Choose two.)
- A. SSL certificate
- B. API signing key
- C. SSH key pair
- D. PEM Certificate file
- E. Auth token
Answer:
BE
Explanation:
Reference:
https://docs.cloud.oracle.com/en-
us/iaas/Content/Identity/Tasks/managingcredentials.htm
Question 8
You work for a health insurance company that stores a large number of patient health records in an
Oracle Cloud Infrastructure (OCI) Object Storage bucket named "HealthRecords".
Each record needs to be securely stored for a period of 5 years for regulatory compliance purposes
and
cannot be modified, overwritten or deleted during this time period.
What can you do to meet this requirement?
- A. Create an OCI Object Storage Lifecycle Policies rule to archive objects in the HealthRecords bucket for five years.
- B. Create an OCI Object Storage time-bound Retention Rule on the HealthRecords bucket for five years. Enable Retention Rule Lock on this bucket.
- C. Enable encryption on the HealthRecords bucket using your own vault master encryption keys.
- D. Enable versioning on the HealthRecords bucket.
Answer:
B
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Object/Tasks/usingretentionrules.htm
Question 9
Which two components cannot be deleted in your Oracle Cloud Infrastructure Virtual Cloud
Network? (Choose two.)
- A. Service gateway
- B. Default security list
- C. Routing gateway
- D. Default route table
- E. Default subnet
Answer:
BD
Explanation:
Reference:
https://www.oracle.com/a/ocom/docs/vcn-deployment-guide.pdf
(4)
Question 10
A financial firm is designing an application architecture for its online trading platform that must have
high availability and fault tolerance.
Their solutions architect configured the application to use an Oracle Cloud Infrastructure Object
Storage bucket located in the US West (us-phoenix-1) region to store large amounts of financial dat
a. The stored financial data in the bucket must not be affected even if there is an outage in one of the
Availability Domains or a complete region.
What should the architect do to avoid any costly service disruptions and ensure data durability?
- A. Create a new Object Storage bucket in another region and configure lifecycle policy to move data every 5 days.
- B. Create a lifecycle policy to regularly send data from Standard to Archive storage.
- C. Copy the Object Storage bucket to a block volume.
- D. Create a replication policy to send data to a different bucket in another OCI region.
Answer:
A
Question 11
As a solution architect, you are showcasing the Oracle Cloud Infrastructure (OCI) Object Storage
feature about Object Versioning to a customer.
Which statement is true in regards to OCI Object Storage Versioning?
- A. Object versioning does not provide data protection against accidental or malicious object update, overwrite, or deletion.
- B. By default, object versioning is disabled on a bucket.
- C. A bucket that is versioning-enabled can have only and always will have a latest version of the object in the bucket.
- D. Objects are physically deleted from a bucket when versioning is enabled.
Answer:
A
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Object/Tasks/usingversioning.htm
Question 12
You created a public subnet and an internet gateway in your virtual cloud network (VCN) of Oracle
Cloud Infrastructure. The public subnet has an associated route table and security list. However, after
creating several compute instances in the public subnet, none can reach the Internet.
Which two are possible reasons for the connectivity issue? (Choose two.)
- A. The route table has no default route for routing traffic to the internet gateway.
- B. There is no stateful egress rule in the security list associated with the public subnet.
- C. There is no dynamic routing gateway (DRG) associated with the VCN.
- D. There is no stateful ingress rule in the security list associated with the public subnet.
- E. A NAT gateway is needed to enable the communication flow to internet.
Answer:
AB
Explanation:
An internet gateway as an optional virtual router that connects the edge of the VCN with the
internet. To use the gateway, the hosts on both ends of the connection must have public IP addresses
for routing. Connections that originate in your VCN and are destined for a public IP address (either
inside or outside the VCN) go through the internet gateway. Connections that originate outside the
VCN and are destined for a public IP address inside the VCN go through the internet gateway.
Working with Internet Gateways
You create an internet gateway in the context of a specific VCN. In other words, the internet gateway
is automatically attached to a VCN. However, you can disable and re-enable the internet gateway at
any time. Compare this with a
dynamic routing gateway
(DRG), which you create as a standalone
object that you thenattachto a particular VCN. DRGs use a different model because they're intended
to be modular building blocks for privately connecting VCNs to your on-premises network.
For traffic to flow between a subnet and an internet gateway, you must create a route rule
accordingly in the subnet's route table (for example, destination CIDR = 0.0.0.0/0 and target =
internet gateway). If the internet gateway is disabled, that means no traffic will flow to or from the
internet even if there's a route rule that enables that traffic. For more information, see
Route Tables
.
For the purposes of access control, you must specify the compartment where you want the internet
gateway to reside. If you're not sure which compartment to use, put the internet gateway in the
same compartment as the cloud network. For more information, see
Access Control
.
You may optionally assign a friendly name to the internet gateway. It doesn't have to be unique, and
you can change it later. Oracle automatically assigns the internet gateway a unique identifier called
an Oracle Cloud ID (OCID). For more information, see
Resource Identifiers
.
To delete an internet gateway, it does not have to be disabled, but there must not be a route table
that lists it as a target.
AS per compute instances can connect to the Internet so you use egress no ingress
Question 13
You are designing a lab exercise for your team that has a large number of graphics with large file
sizes. The application becomes unresponsive if the graphics are embedded in the application. You
have uploaded the graphics to Oracle Cloud Infrastructure and only added the URL in the application.
You need to ensure these graphics are accessible without requiring any authentication for an
extended period of time.
How can you achieve these requirements?
- A. Create pre-authenticated requests (PAR) and specify 00:00:0000 as the expiration time.
- B. Make the object storage bucket private and all objects public and use the URL found in the Object Details.
- C. Make the object storage bucket public and use the URL found in the Object “Details”.
- D. Create PARs and do not specify an expiration date.
Answer:
C
Explanation:
Pre-authenticated requests provide a way to let you access a bucket or an object without having your
own credentials. For example, you can create a request that lets you upload backups to a bucket
without owning API keys.
When you create a bucket, the bucket is considered a private bucket and the access to the bucket
and bucket contents requires authentication and authorization. However, Object Storage supports
anonymous,unauthenticatedaccess to a bucket. You make a bucketpublicby enabling read access
to the bucket.
pre-authenticated requests have to select expiration date
Question 14
You have setup your environment as shown below with the Mount Target "MT" successfully mounted
on both compute instances CLIENT-X and CLIENT-Y.
For security reasons you want to control the access to the File System A in such a way that CLIENT-X
has READ/WRITE and CLIENT-Y has READ only permission.
What you should do?
- A. Update the OS firewall in CLIENT-X to allow READ/WRITE access.
- B. Update the security list TWO to restrict CLIENT-Y access to read-only.
- C. Update the mount target export options to restrict CLIENT-Y access to read-only.
- D. Update the security list ONE to restrict CLIENT-Y access to read only.
Answer:
D
Question 15
D18912E1457D5D1DDCBD40AB3BF70D5D
Which two methods are supported for migrating your on-premises Oracle database to an Oracle
Autonomous Transaction Processing (ATP) database in Oracle Cloud Infrastructure? (Choose two.)
- A. Load text files into ATP using SQL Developer.
- B. Use RMAN duplicate.
- C. Use Oracle Data Pump.
- D. Transfer the physical database files and re-create the database.
- E. Use database backup and restore.
Answer:
CD
Explanation:
Reference:
https://docs.oracle.com/en/solutions/migrate-to-atp/index.html#GUID-28E5A683-6DC6-
4A07
-
BB1C-55F020D4C1CD