OCI 2025 Architect Associate 1Z0-1072-25

 Identity and Access Management Overview 1. When onboarding users to an OCI IAM identity domain, which of these methods can be leveraged?. Synchronization from an external directory, like Active Directory, using directory bridges. User self-service registration. Manual user creation only. All of the options.

1. Identity and Access Management Overview In OCI IAM, which authentication method enables compute instances to access resources securely without storing credentials directly?. API keys. OAuth 2.0 tokens. Federated Identity. Instance Principal.

1. Identity and Access Management Overview. In the context of OCI IAM and role-based access control (RBAC), how are permissions assigned to users?. Permissions are directly assigned to individual users. All users have the same base level of permissions. Users inherit permissions based on their membership in groups. Permissions are granted based on a user's job title.

1. Identity and Access Management Overview. 4. A company is setting up a new OCI environment and anticipates needing to manage a large number of users with fine-grained access control. It also plans to integrate on-premises or cloud-based Oracle and non-Oracle applications. Which OCI IAM identity domain type best meets these requirements?. Premium. External User. Free. Oracle Apps.

1. Identity and Access Management Overview 5. n the context of OCI IAM and identity domains, what is the primary benefit of using separate domains for employees, business partners, and consumers?. Improved security and compliance by isolating access privileges for each group. Centralized management of all users across the organization. Cost optimization. Simplified social login integration for consumer applications.

2. Identity and Access Management - Basics 1. In OCI IAM policies, verbs such as "inspect," "read," "use," and "manage" are used to: Define the level of permission granted on resources. Control the location or compartment where the policy applies. Identify the specific resource type being accessed. Assign a unique identifier for the policy.

2. Identity and Access Management - Basics 2. A company wants to grant a user the ability to create and manage applications within an OCI IAM identity domain, but restrict access to user accounts and security settings. Which predefined administrator role would be MOST appropriate?. Help Desk Administrator. User Administrator. Application Administrator. Security Administrator.

2. Identity and Access Management - Basics 3. By default, which group in the OCI default domain has full access to all OCI Cloud resources?. Security Administrator Group. Domain Administrator Group. Default User Group. Administrator Group.

2. Identity and Access Management - Basics 4. OCI compartment quotas has three quota policy statements: Set, Unset, and Zero. Which statement removes all access to a specific resource type within a compartment?. Set. Zero. All statements have the same effect. Unset.

2. Identity and Access Management - Basics 5. How many levels deep can compartments be nested within OCI?. Six levels. Unlimited levels. Two levels. Nesting is not supported in OCI.

3 Identity and Access Management - Advanced 1. How does a policy reference a network source to control access?. By attaching the network source to the resource itself. By specifying the source IP address directly in the policy. By using the request.networkSource.id variable in the policy condition. By referencing the network source name using request.networkSource.name.

"3 Identity and Access Management - Advanced 2. Tag Based Access Control (TBAC) policies allow you to define conditions based on tags associated with: The requesting user only. The target resource only. Both the requesting resource (group/compartment) and the target resource. None of the above. Tags cannot be used for conditions in TBAC.

"3 Identity and Access Management - Advanced 3. What is the primary benefit of using individual permissions instead of verbs such as "manage" in OCI policies?. Improve policy readability by separating permissions from resource types. Enhance security by enforcing the principle of least privilege. Allow automatic assignment of user roles based on compartment location. Simplify policy creation by reducing the number of statements.

"3 Identity and Access Management - Advanced 4. When creating a dynamic group in OCI IAM, what defines the membership criteria?. Matching rules based on resource type, compartment, or OCID. The specific IAM policies assigned to the group. Predefined roles assigned to the group. A static list of user accounts.

"3 Identity and Access Management - Advanced 5. How does the "any" keyword function when combining multiple conditions in a policy?. Only the first condition within the curly braces is evaluated. All conditions within the curly braces must be true for the policy to be true. The "any" keyword cannot be used with policy conditions. At least one condition within the curly braces must be true for the policy to be true.

"4 Networking - Virtual Cloud Network 1. Which CIDR prefix in a VCN can allocate hosts more resources?. /32. /16. /24. /0. /8.

"4 Networking - Virtual Cloud Network 2. Which IP address is invalid?. 10.0.0.4. 257.10.0.3. 192.168.0.3. 1.1.1.1. 172.16.0.3.

"4 Networking - Virtual Cloud Network 4. Which gateway is not needed for communicating with resources outside of a VCN?. Internet Gateway. Local Peering Gateway. NAT Gateway. Storage Gateway. Service Gateway.

"4 Networking - Virtual Cloud Network 3. Which three statements about Virtual Cloud Network (VCN) are true?. A VCN is a software-defined network, defined in Oracle data centers. A VCN cannot connect to another VCN. Each subnet in a VCN can exist in multiple availability domains. A VCN can reside in multiple regions. A VCN can reside only in a single region.

"4 Networking - Virtual Cloud Network 5. What happens if you create a VCN with the same CIDR prefix as another VCN in the same tenancy, region, and compartment?. OCI will not allow you to create a VCN if another one already has the same CIDR Prefix. 33. 32. Unlimited. 1.

5 Networking -IP Management 2. Which option best describes a public IP pool in Oracle Cloud Infrastructure?. A group of IPv6 CIDR blocks available for use by multiple tenancies. A set of IPv4 CIDR blocks allocated to a tenancy. A group of IPv4 CIDR blocks available for use by multiple tenancies. A collection of IPv6 CIDR blocks allocated to a tenancy.

5 Networking -IP Management 3. What is required for importing a public IPv4 CIDR block or IPv6 prefix into Oracle Cloud Infrastructure?. Ownership of the public IPv4 CIDR block or IPv6 prefix registered with a Domain Name System (DNS) Service. Ownership of the public IPv4 CIDR block or IPv6 prefix registered with a Web Hosting Provider. Ownership of the public IPv4 CIDR block or IPv6 prefix registered with a Regional Internet Registry (RIR). Ownership of the public IPv4 CIDR block or IPv6 prefix registered with a Domain Name Registrar.

5 Networking -IP Management 4. Which option accurately describes the behavior of Reserved Public IP addresses in Oracle Cloud Infrastructure?. They can be allocated to any private IP address of a compute instance, float between instances, or be reserved for their tenancy until explicitly deleted. They can only be allocated to specific instances and cannot float between instances. They can only be used for a specific duration and cannot be reserved indefinitely. They are ephemeral in nature.

5 Networking -IP Management 5. Which option correctly identifies the types of public IP addresses available in Oracle Cloud Infrastructure?. Ephemeral and Reserved. Permanent and Temporary. Dedicated and Shared. Static and Dynamic.

"6 Networking - Connectivity 1. A Customer-Premises Equipment is an object that represents a __________. VPN tunnel. shared secret. router on the customer side. digital circuit. compute instance.

"6 Networking - Connectivity 2. A FastConnect Public Virtual Circuit will connect you from on-premises to __________. The Oracle Services Network. The Internet. Your VPN Tunnels. The Virtual Cloud Network. The Remote Peering Connection.

"6 Networking - Connectivity 3. To which OCI gateway do you attach a FastConnect virtual circuit?. NAT Gateway. Local Peering Gateway. Service Gateway. Dynamic Routing Gateway. Internet Gateway.

"6 Networking - Connectivity 4. Site-to-Site VPN provides two __________. VPN tunnels. FastConnect digital circuits. CPE devices. Dynamic Routing Gateways. VPN compartments.

"6 Networking - Connectivity 5. Which three resources can be attached to Dynamic Routing Gateways (DRGs)?. Site-to-Site VPN IPSec Tunnels. Network Load Balancer. Remote Peering Connections. Local Peering Connections. Virtual Cloud Network.

7 Networking - Load Balancer 1. Which three must be configured for a load balancer to accept incoming traffic?. A backend set with at least one backend server. SSL Certificate. A security list that is open on the listener port. A route table entry pointing to the listener IP address. A listener.

7 Networking - Load Balancer 2. When you create a public load balancer, which two types of IP addresses can you select?. Ephemeral IPv4 address. Quad zero IPv4 address. Listener public IPv4 address. Reserved IPv4 address.

7 Networking - Load Balancer 3. Which three protocols are supported when you use a private network load balancer?. UDP. HTTP. SMTP. ICMP. TCP.

7 Networking - Load Balancer 4. In what type of load balancer do you NOT need to specify the bandwidth?. A public load balancer. A redundant Site-to-Site VPN. An ephemeral load balancer. A network load balancer. A private load balancer.

7 Networking - Load Balancer 5. In a multi AD region, when selecting a public load balancer, how many AD-specific subnets do you need?. At least two, each in different availability domains. Only one. What you need is VPN. At least two, both in the same Availability Domain. You have to use regional subnets.

8 Networking - DNS Management 1. Which DNS resolver endpoint do you need for receiving DNS queries from other VCN Resolvers?. An alias endpoint. A listening endpoint. A forwarding endpoint. A visual endpoint. An on-premises endpoint.

8 Networking - DNS Management 2. Which DNS record do you use for an IPv6 Address?. NS Record. CNAME Record. A Record. ALIAS Record. AAAA Record.

8 Networking - DNS Management 3. What is the purpose of using private views in managing private DNS zones?. To logically group a set of private DNS zones. To accelerate DNS resolution for designated zones. To encrypt DNS queries and responses. To restrict access to specific DNS zones.

8 Networking - DNS Management 4. Which record do you need to take to the registrar in case you would like to delegate a DNS zone from your DNS registrar to OCI public DNS?. Name Server Record. ALIAS Record. CNAME Record. AAAA Record. A Record.

8 Networking - DNS Management 5. What Traffic Management Steering Policy do you need for distributing traffic over several servers to optimize performance?. Failover. IP Prefix Steering. ASN Steering. Load Balancer. Geolocation.

9 Networking - Network Command Center 1. What are the two types of capture filters that can be created for network monitoring?. Flow log capture filters and packet capture filters. Flow log capture filters and VTAP capture filters. VTAP capture filters and network capture filters. Flow control capture filters and traffic capture filters.

9 Networking - Network Command Center 2. Which can serve as a target for traffic mirrored from a VTAP (Virtual Test Access Points) source?. A Database system. A Network Load Balancer. A single Compute instance VNIC in a subnet. An Exadata VM Cluster.

9 Networking - Network Command Center 3. You can use the Inter-Region tool to estimate traffic from the Ashburn region to which region?. Microsoft Azure. Our FastConnect partners. On-premises. Any other OCI region. Within Ashburn.

9 Networking - Network Command Center 4. Which service provides a diagram of the implemented topology of all VCNs in a selected region and tenancy?. Capture Filters. VCN Flow Logs. Network Visualizer. Network Path Analyzer.

9 Networking - Network Command Center 5. How does the Network Path Analyzer (NPA) identify virtual network configuration issues impacting connectivity?. By monitoring physical network infrastructure for anomalies. By collecting and analyzing network configuration without sending actual traffic. By sending simulated traffic to test network paths. By sending actual traffic to test network paths.

10 Compute-Basics 1. You have a workload that is fault-tolerant and can withstand interruptions. Which compute capacity type would you use?. Capacity Reservations. Preemptible Instances. Dedicated Virtual Machine Hosts. Instance Configuration.

10 Compute-Basics 2. Which statement about Capacity Reservations is NOT correct?. Capacity reservations can be shared between availability domains. You can create, modify, and terminate your capacity reservation at any time. Capacity reservations can have up to 50 capacity configurations. Unused reserved capacity is metered differently than used reserved capacity.

10 Compute-Basics 3. Which compute shape is designed for hardware-accelerated workloads?. GPU Shapes. Standard Shapes. Optimized Shapes. Dense I/O Shapes.

10 Compute-Basics 4. You want to run Oracle Cloud Infrastructure (OCI) compute virtual machine instances on dedicated servers that are single tenant and not shared with other customers. Which compute capacity type would you use?. Exclusive Virtual Machine Hosts. Capacity Reservation. Preemptible Instances. Dedicated Virtual Machine Hosts.

10 Compute-Basics 5. You want to connect to a Linux Instance from a UNIX-style system. Which SSH command would you use to access the instance?. ssh -i <public_key_file> <username>@<virtual-ip-address>. ssh -i <public_key_file> <username>@<private-ip-address>. ssh -i <private_key_file> <username>@<public-ip-address>. ssh -i <public_key_file> <username>@<public-ip-address>.

11 Compute - Advanced 1. You want to encrypt and isolate in-use data and the applications processing that data. Which Oracle Cloud Infrastructure (OCI) offering would you use?. Secret Computing. Confidential Computing. Private Computing. Privileged Computing.

11 Compute - Advanced 2. Which statement about the Run Command feature is NOT true?. You can run commands on an instance even when the instance does not have SSH access or open inbound ports. The maximum size for a script file that you upload directly to an instance in plain text is 8 KB. On Windows instances, the script runs in a batch shell by default. On Linux instances, the script runs in a Bash shell by default.

11 Compute - Advanced 3. You have an instance that cannot be live migrated. OCI schedules a maintenance due date within 14 to 16 days and sends you a notification. What would happen if you do not proactively reboot the instance before the due date?. OCI does not take any action. OCI will send you another notification to reboot. The instance is either reboot migrated or rebuilt in place for you. OCI will terminate the instance.

11 Compute - Advanced 4. Which statement about burstable instances is correct?. Burstable instances cost more than regular instances with the same total OCPU count. The baseline utilization is a fraction of each CPU core, either 50% or 75%. Burstable instances are charged according to the baseline OCPU. Burstable instances are designed for scenarios where an instance is not typically idle and has high CPU utilization.

11 Compute - Advanced 5. Which two are the supported types of autoscaling you can apply to an instance pool?. Schedule-based autoscaling. Time-based autoscaling. Predictive autoscaling. Metric-based autoscaling.

12 Object Storage - Basics 1. You would like to store some data that is seldom accessed but requires long retention periods. Which storage tier should you use to make the solution more cost effective?. Reduced Redundancy. Archive. Infrequent Access. Standard.

12 Object Storage - Basics 2. You want Object Storage service to monitor the data access pattern and help you reduce costs by automatically moving objects larger than 1 MiB out of the Standard tier into the more cost-effective Infrequent Access tier. Which feature should you enable?. Auto-Change. Auto-Move. Auto-Transition. Auto-Tiering.

12 Object Storage - Basics 4. You want to upload a 2 TiB object to Object Storage. You would like to have the flexibility of pausing between the uploads of individual parts and resuming the upload when your schedule allows. Which feature should you use?. Multipart uploads. Splitpart uploads. Simultaneous upload. Split upload.

12 Object Storage - Basics 3. Which two types of object name filters are supported while configuring a lifecycle policy rule in Object Storage service?. Pattern matching. Filter matching. Prefix matching. Regex matching.

12 Object Storage - Basics 5. Which is NOT a valid storage tier in Object Storage service?. Standard. Infrequent Access. Glacier. Archive.

13 Object Storage - Advanced 1. You have an object in a bucket. The object was last modified 4 months ago. You create a retention rule and specify a duration of 1 year. Which statement is correct?. You will not be able to modify or delete the object for the next 8 months. You will be able to modify or delete the object for the next 4 months. You will not be able to modify or delete the object for the next 12 months. You will be able to modify or delete the object for the next 12 months.

13 Object Storage - Advanced 2. Which two are valid retention rule types in Oracle Cloud Infrastructure (OCI) Object Storage?. Indefinite. Duration-bound. Unlimited. Time-bound.

13 Object Storage - Advanced 3. You would like to enable Object Storage replication. Which two statements about a replication policy are correct?. A destination bucket cannot also be a replication source. Replication policy creation automatically creates a destination bucket. After the replication policy is created, the destination bucket remains in a writable state and you can upload objects directly to it. There can be a maximum of one replication policy per source bucket.

13 Object Storage - Advanced 4. Which mechanism provides a way to let users access a bucket or an object without having their own credentials?. Pre-Authenticated Requests. Auth Tokens. Multipart Uploads. API Keys.

14 Block Storage - Basics 1. You want to attach a block volume to a VM instance and one of your requirements is to get a better IOPS performance. Which volume attachment type would you use?. iSCSI. SMB. NFS. Paravirtualized.

13 Object Storage - Advanced 5. Which two statements about object versioning are correct?. Object versioning does not increase your storage costs. Object versioning is enabled at the bucket level. You cannot enable versioning on a bucket with active retention rules. A bucket that is versioning-enabled can have only two versions of an object.

14 Block Storage - Basics 3. Which is NOT a block volume performance level?. Ultra High Performance. Lower Cost. Higher Performance. Optimized.

14 Block Storage - Basics 2. Which three are options for access type when you attach a block volume to an instance?. Read-only-Shareable. Read/Execute. Read/write. Read/write-Shareable.

14 Block Storage - Basics 4. Which two are options for attachment type when you attach a block volume to a VM instance?. SMB. NFS. Paravirtualized. iSCSI.

14 Block Storage - Basics 5. What happens when the detached volume autotuning feature is enabled and the volume is detached from the instance?. The Block Volume service adjusts the performance level to Balanced. The Block Volume service adjusts the performance level to Higher Performance. The Block Volume service adjusts the performance level to Ultra High Performance. The Block Volume service adjusts the performance level to Lower Cost.

15 Block Storage-Advanced 1. Which statement about the OCI Block Volume Cross Region Replication is NOT correct?. The replica in the destination region is always billed using the Block Storage Lower Cost option price. It performs ongoing automatic asynchronous replication of block volumes to other regions. It does not cause any downtime or impact on source volumes. You can resize a volume with Cross Region Replication enabled.

15 Block Storage-Advanced 2. You would like to make a point-in-time snapshot of the data on a block volume and later restore it as a new volume in a different availability domain within the same region. What would you create?. A replica. A prototype. A clone. A backup.

15 Block Storage-Advanced 3. You want to make a point-in-time disk-to-disk deep copy of an existing block volume without needing to go through the backup and restore process. What would you create?. A prototype. A twin. A clone. A replica.

15 Block Storage-Advanced 4. Which two statements about resizing a block volume are correct?. You can increase as well as decrease the size of the volume. You can restore from a volume backup to a larger volume. You can clone an existing volume to a new, smaller volume. You can expand an existing volume in place with online resizing.

15 Block Storage-Advanced 5. Which two statements about volume groups are correct?. You can add up to 32 volumes in a volume group. A volume group can include both boot volumes and block volumes. Each volume can be a part of multiple volume groups. When you delete a volume group, the individual volumes in the group are deleted.

16 File Storage - Basics 1. Which statement about the OCI File System Export is correct?. Each export set contains only one export. You cannot delete exports in a mount target. You can add export options to an export to control access to the file system. The export path is the same as the client mount point path.

16 File Storage - Basics 2. Which component represents paths within a client instance to a locally accessible directory to which the remote file system is mounted?. Mount Point Path. Dump Path. Export Path. Import Path.

16 File Storage - Basics 3. Which component uniquely identifies the file system within the mount target, letting you associate many file systems to a single mount target?. Import Path. Dump Path. Mount Point Paths. Export Path.

16 File Storage - Basics 4. Which statement about Oracle Cloud Infrastructure (OCI) File Storage service is correct?. You cannot connect to a file system from a bare metal instance. The File Storage service supports the Network File System version 3.0 (NFSv3) protocol. Storage provisioning is not fully managed. You cannot access a file system from outside the VCN.

16 File Storage - Basics 5. Which statement about the OCI File System Mount Target is NOT true?. It provides the IP address or DNS name that is used with a unique export path to mount the file system. File systems are exported through mount targets. It is an NFS endpoint that is present in a VCN subnet. You cannot reuse the same mount target to make multiple file systems available on the network.

17 File Storage - Advanced 1. You create a file system and then add a 1 GB file. You then take a snapshot of the file system. What would be the total meteredBytes shown by the File Storage service after the hourly update cycle is complete?. 1.5 GB. 0.5 GB. 2 GB. 1 GB.

17 File Storage - Advanced 2. Which package needs to be installed on an instance to enable in-transit encryption with OCI’s File Storage service?. nfs-common. nfs-utils. oci-growfs. oci-fss-utils.

17 File Storage - Advanced 3. Which statement about File System Replication is NOT correct?. You can replicate the data in one file system to another file system only in the same region. You can replicate the data in one file system to another file system in the same region or a different region. Replication Resource is the control component of the replication process. Only a file system that has never been exported can be used as a target file system.

17 File Storage - Advanced 4. When a clone is created, the metadata is copied from the source file system to the clone. What do we call that process?. Dehydration. Hydration. Inheritance. Depth.

17 File Storage - Advanced 5. Which statement about File System Snapshots is NOT correct?. Snapshots are accessible under the root directory of the file system at .target/name. The File Storage service encrypts all file system and snapshot data at rest. You can take as many snapshots as per your requirement. Snapshots are a consistent, point-in-time view of your file systems.