Questions for the 1Z0-1072-25 were updated on : Dec 01 ,2025
Which statement accurately describes the key features and benefits of OCI Confidential Computing?
C
Explanation:
OCI Confidential Computing is a security feature designed to protect data in use. This is particularly
important for sensitive workloads where data must be secured not only when at rest or in transit but
also while being processed.
Encrypts and Isolates In-Use Data: OCI Confidential Computing ensures that data and the
applications processing it are isolated from the underlying infrastructure. This means that even if the
infrastructure is compromised, the in-use data remains secure. The technology typically leverages
secure enclaves or other hardware-based isolation mechanisms to achieve this.
Other Options:
Optimizing Network Performance (A), Automatic Scalability and Load Balancing (B), and Secure Data
Storage (D) are important features, but they are not related to the core capabilities of Confidential
Computing, which focuses on in-use data protection.
Relevant OCI Documentation:
OCI Confidential Computing Overview
This documentation provides a detailed explanation of how OCI Confidential Computing works and
its benefits for securing sensitive data during processing.
Which statement is true about pre-authenticated requests?
A
Explanation:
In Oracle Cloud Infrastructure (OCI), pre-authenticated requests (PARs) allow users to grant access to
specific objects in Object Storage without requiring the recipient to have an OCI account or
credentials. This feature is useful for sharing objects securely without exposing broader access.
Cannot Edit a PAR: Once a pre-authenticated request is created, you cannot edit it. If you need to
change the settings, such as the expiration date or the object being shared, you must delete the
existing PAR and create a new one.
Other Statements:
Deleting a PAR does indeed revoke access immediately, contradicting option B.
Providing OCI credentials (C) is not required for using PARs. The purpose of PARs is to avoid sharing
credentials.
Deleting Buckets (D): PARs are designed for accessing objects, not for administrative actions like
deleting buckets.
Relevant OCI Documentation:
Managing Pre-Authenticated Requests
This reference outlines the features and limitations of pre-authenticated requests, including the
inability to edit them once created.
Which OCI service would you use to apply kernel security updates to all instances?
D
Explanation:
The OS Management Service in Oracle Cloud Infrastructure (OCI) is designed to manage and maintain
the operating systems of your compute instances. This service allows you to apply kernel security
updates, manage package installations, and monitor the status of updates across all instances in your
environment.
Kernel Security Updates: With OS Management Service, you can automate and schedule kernel
updates, ensuring that all instances are up-to-date with the latest security patches. This helps
maintain the security and integrity of your infrastructure without needing to manually update each
instance.
Other Options:
Container Registry: Used for storing and managing container images, not for applying OS updates.
Data Safe: A service focused on database security, not applicable for OS-level updates.
Artifact Registry: A repository for storing and managing software artifacts, not related to OS
management.
Relevant OCI Documentation:
OS Management Service Overview
This documentation provides details on how to use OS Management Service to handle kernel
security updates and other OS-level management tasks.
Which TWO statements are true about performing a multipart upload using the Multipart Upload
API?
C, D
Explanation:
When performing a multipart upload using the Multipart Upload API in Oracle Cloud Infrastructure
(OCI) Object Storage, the following points are true:
C . Each part can be as large as 50 GiB: OCI allows each part of a multipart upload to be up to 50 GiB
in size. This enables the efficient uploading of large objects in smaller, manageable parts.
D . You can keep adding parts as long as the total number is less than 10,000: The Multipart Upload
API supports up to 10,000 parts for a single object. This allows the upload of very large objects by
dividing them into multiple parts.
Incorrect Statements:
A . After uploading all parts, you must commit the upload to finalize the multipart upload and
combine all parts into a single object.
B . The object must be split into parts before uploading when using the Multipart Upload API.
Reference:
Oracle Cloud Infrastructure Documentation: Multipart Uploads
Which statement accurately describes ephemeral principals?
A
Explanation:
Ephemeral principals in Oracle Cloud Infrastructure (OCI) refer to temporary security credentials
granted to resources, such as compute instances, to enable them to interact with OCI services
securely. These credentials have a limited lifespan and are typically used in situations where
resources need to authenticate temporarily without the need for long-lived credentials.
Use Case: Ephemeral principals are often used for instance principals, allowing compute instances to
make API calls without the need to manage long-term keys or credentials.
Reference:
Oracle Cloud Infrastructure Documentation: Using Instance Principals
How can OCI IAM be configured to facilitate cross-region access?
A
Explanation:
In Oracle Cloud Infrastructure (OCI), cross-region access is facilitated by configuring IAM policies that
grant users or groups permissions to access resources in other regions. IAM policies in OCI are global,
meaning they apply across all regions by default. However, an administrator can specifically
configure these policies to allow or restrict access to resources in different regions.
Example: An administrator can write a policy that allows a user to manage compute instances in a
specific region by including the region's name in the policy statement.
Reference:
Oracle Cloud Infrastructure Documentation: IAM Policies
What is a key advantage of utilizing administrator roles for access control within OCI IAM identity
domains?
B
Explanation:
In Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM), administrator roles play
a significant role in managing access:
Simplification of Access Management: Utilizing administrator roles allows you to simplify access
management by eliminating the need to create complex IAM policies manually. These roles come
with predefined permissions that cover common administrative tasks, reducing the effort needed to
manage access controls.
Granular Control: While administrator roles provide a broad range of permissions, they may not offer
the same level of granularity as custom policies.
Other Benefits:
Offer a wider range of permission combinations (A): While custom policies can offer more specific
combinations, administrator roles are designed to cover a broad range of tasks.
Granting Access Outside Identity Domain (C): Administrator roles are generally scoped to their
identity domain and do not provide cross-domain access.
Granular Control (D): Although administrator roles simplify management, custom policies are
typically used when granular control over specific compartments or resources is needed.
Relevant OCI Documentation:
OCI IAM Roles Overview
This resource provides detailed information on how roles and policies are used in OCI to manage
access.
How many capacity reservations would you create to meet the requirement for high availability and
distribution across Availability Domains?
C
Explanation:
In Oracle Cloud Infrastructure (OCI), to ensure high availability and distribution across Availability
Domains (ADs), the recommended approach is as follows:
Capacity Reservations for High Availability: To achieve high availability, especially across all three
Availability Domains in a region, you should create three capacity reservations. Each reservation
corresponds to one AD, ensuring that your instances or resources are evenly distributed and resilient
to AD-level failures.
Why Three: This setup provides redundancy and load distribution across the ADs, meeting the high
availability requirements.
Relevant OCI Documentation:
Capacity Reservations
This document outlines how to create and manage capacity reservations to meet high availability
and fault tolerance requirements.
Which statement is true about instance configurations and instance pools in OCI?
C
Explanation:
Instance configurations and instance pools are used in OCI to manage groups of instances
collectively:
Deleting Instance Configurations: An instance configuration cannot be deleted if it is currently
associated with an instance pool. You must first disassociate or delete the instance pool before you
can delete the instance configuration.
Reusing Instance Configurations: You can reuse the same instance configuration for multiple instance
pools, which allows you to deploy identical groups of instances in different contexts.
Instance Pools: A single instance pool can only be associated with one instance configuration,
ensuring uniformity across the instances in the pool.
Relevant OCI Documentation:
Instance Configuration Overview
Instance Pools Overview
These references explain how to manage instance configurations and pools, including the rules for
deletion.
How will moving a database instance to a different compartment impact user access?
B
Explanation:
In Oracle Cloud Infrastructure (OCI), when you move a database instance to a different compartment,
the following impact on user access occurs:
Impact of Moving Resources: When you move a resource, like a database instance, to a different
compartment, the IAM policies that grant access to that resource in the original compartment no
longer apply. This effectively revokes access for users or groups unless equivalent policies are in place
in the new compartment.
Restoring Access: To restore access, you would need to create new IAM policies in the destination
compartment that grant the necessary permissions to the users or groups who need access.
Relevant OCI Documentation:
Managing Compartments
Moving Resources
These resources provide detailed steps on how compartment changes impact resource access and
management.
Which image option allows you to create identical instances with minimal effort?
D
Explanation:
When you need to create identical instances with minimal effort, creating a custom image is the best
option.
Custom Images: A custom image captures the exact configuration of an instance, including the OS,
software, configurations, and data. By using a custom image, you can easily replicate the same setup
across multiple instances, ensuring consistency and reducing the need for manual configuration each
time.
Other Options:
Bring Your Own Image: This allows you to import your custom OS image into OCI, but it's more suited
for cases where you are migrating from another environment.
Select an Image from the OCI Marketplace: This provides pre-configured images from Oracle or third
parties, but they may require additional setup to match your specific requirements.
Use Oracle-Provided Images: These are basic images provided by Oracle, which may not include the
specific customizations you need.
Relevant OCI Documentation:
Custom Images Overview
This resource explains how to create and use custom images for quickly deploying identical
instances.
Which statement is NOT true about the Oracle Cloud Infrastructure (OCI) Object Storage service?
B
Explanation:
Oracle Cloud Infrastructure (OCI) Object Storage is a scalable, highly durable service that allows you
to store any type of data in a secure and cost-effective manner. The correct and incorrect statements
regarding OCI Object Storage are as follows:
A . Immutable Option: You can indeed set an immutable option for data in Object Storage using
retention rules. This feature ensures that once data is written, it cannot be modified or deleted until
the retention period expires, making it ideal for regulatory compliance.
C . Object Lifecycle Rules: Object lifecycle policies allow you to automate the archiving or deletion of
objects based on their age or other criteria, helping manage storage costs and data retention
efficiently.
D . Object Versioning: Versioning is enabled at the bucket level, not the namespace level. However,
once enabled for a bucket, it helps retain, retrieve, and restore every version of every object stored
in that bucket.
B . Object Storage Sharing Across Tenancies: This statement is not true. OCI Object Storage buckets
and objects are specific to a tenancy and cannot be shared across different tenancies directly. Access
to Object Storage resources is controlled within a single tenancy through IAM policies.
Relevant OCI Documentation:
OCI Object Storage Overview
Object Lifecycle Management
These references provide details on how Object Storage functions and the features available.
Which TWO statements are NOT correct regarding the Oracle Cloud Infrastructure (OCI) burstable
instances?
A, B
Explanation:
The following statements about OCI burstable instances are NOT correct:
A . Burstable instances cost less than regular instances: This is incorrect because burstable instances
are not necessarily cheaper; the cost depends on the baseline utilization. While they allow for cost
efficiency when running at a lower CPU baseline, they can become more expensive if frequently
bursting above the baseline.
B . Burstable instances are charged according to the baseline OCPU: This is incorrect because
burstable instances are billed based on actual OCPU usage, which includes both baseline and burst
usage. If an instance frequently operates above its baseline, the cost will reflect this higher usage.
Correct Concepts:
C . Burstable instances can temporarily use more CPU than their baseline if the average CPU
utilization is below the baseline.
D . Baseline utilization is a fraction of each CPU core, which determines the level of consistent
performance available without bursting.
Reference:
Oracle Cloud Infrastructure Documentation: Burstable Instances
How would you allow access to FSS for a DB System with read-only permissions?
A
Explanation:
To allow access to Oracle Cloud Infrastructure (OCI) File Storage Service (FSS) for a Database (DB)
System with read-only permissions, you should create an NFS export option that specifies
READ_ONLY access.
NFS Export Options: These options define the access permissions (read/write or read-only) for clients
connecting to the file system. By setting the export option to READ_ONLY, you ensure that the DB
System can only read from the FSS and cannot modify or delete files.
Reference:
Oracle Cloud Infrastructure Documentation: File Storage Service Export Options
Why is the OCI Inter-Region Latency dashboard useful for optimizing data transfer and backup
strategies?
A
Explanation:
The OCI Inter-Region Latency dashboard is useful for optimizing data transfer and backup strategies
because it provides both current and historical views of latency snapshots between OCI regions. This
information helps you understand the network performance between regions over time, allowing
you to optimize the placement of resources and data transfer operations.
Optimization Use: By analyzing latency data, you can make informed decisions on where to store
backups and how to efficiently transfer data across regions, potentially reducing costs and improving
performance.
Reference:
Oracle Cloud Infrastructure Documentation: Inter-Region Latency Dashboard