Visit here for our full Oracle 1z0-1072-25 exam dumps and practice test questions.

Question 31

A company needs to deploy a highly available web application across multiple availability domains in Oracle Cloud Infrastructure. The application requires automatic failover and load distribution. Which OCI service should be used?

A) Oracle Database Cloud Service

B) Load Balancer

C) Virtual Cloud Network

D) Block Volume

Answer: B

Explanation:

Load Balancer is the appropriate OCI service for deploying a highly available web application with automatic failover and load distribution across multiple availability domains. OCI Load Balancer distributes incoming traffic across multiple backend servers in one or more availability domains, providing fault tolerance and high availability. The service performs health checks on backend servers and automatically routes traffic away from unhealthy instances, ensuring continuous application availability even when individual servers fail.

Option A is incorrect because Oracle Database Cloud Service provides database functionality rather than load balancing capabilities. While databases are important components of web applications, they do not distribute incoming traffic or provide the load balancing features needed for high availability across multiple servers.

Option C is incorrect because Virtual Cloud Network provides the networking foundation for resources but does not perform traffic distribution or health checking of application servers. VCN enables network connectivity between resources but requires a load balancer for distributing traffic across multiple instances.

Option D is incorrect because Block Volume provides block storage for compute instances rather than traffic distribution capabilities. Block volumes store data and are attached to instances but do not contribute to load balancing or traffic management functions.

Question 32

An architect is designing an OCI solution that requires data to be stored with 99.999999999% durability. Which storage service meets this requirement?

A) Block Volume

B) Object Storage

C) File Storage

D) Local NVMe

Answer: B

Explanation:

Object Storage meets the requirement for data durability of 99.999999999 percent, also known as eleven nines durability. OCI Object Storage automatically replicates data across multiple storage servers and availability domains within a region, providing exceptional durability guarantees. The service uses erasure coding and multiple copies to protect against hardware failures, ensuring that stored objects remain accessible and intact even in the face of multiple simultaneous failures.

Option A is incorrect because Block Volume provides lower durability compared to Object Storage. While block volumes are replicated within an availability domain and offer good durability, they do not provide the eleven nines durability characteristic of Object Storage’s architecture.

Option C is incorrect because File Storage, while highly reliable and replicated within an availability domain, does not offer the same durability level as Object Storage. File Storage is designed for shared file system access rather than the massive-scale, highly durable object storage use case.

Option D is incorrect because Local NVMe storage provides high performance but the lowest durability among OCI storage options. Data on local NVMe drives is lost if the instance terminates or fails, making it suitable only for temporary or easily recreatable data.

Question 33

A development team needs to grant temporary access to OCI resources for a contractor who will work on a project for three months. Which IAM component should be used to define what actions the contractor can perform?

A) Compartment

B) User

C) Policy

D) Group

Answer: C

Explanation:

Policy is the IAM component that defines what actions users can perform on OCI resources. Policies are written statements that specify which groups can access which resources and what actions they can perform. For the contractor scenario, an administrator would create a policy that grants the necessary permissions to a group containing the contractor’s user account, controlling exactly what operations the contractor can execute during their engagement period.

Option A is incorrect because Compartment is an organizational structure for grouping and isolating resources, not a mechanism for defining access permissions. Compartments help organize resources logically but do not themselves control what actions users can perform.

Option B is incorrect because User is an identity representing a person or application that needs access to OCI resources. While the contractor would be assigned a user account, the user object itself does not define permissions or allowed actions.

Option D is incorrect because Group is a collection of users who need similar access to resources. While the contractor would likely be added to a group, the group itself does not define permissions; policies grant permissions to groups.

Question 34

An application running on OCI compute instances needs to access Object Storage buckets without storing credentials in the application code. Which OCI feature enables this secure access pattern?

A) API keys

B) Instance principals

C) Auth tokens

D) Customer secret keys

Answer: B

Explanation:

Instance principals enable compute instances to access OCI resources without storing credentials in application code. This feature allows instances to authenticate themselves using certificates managed by OCI, eliminating the need to embed API keys or other credentials in applications. Administrators configure policies that grant permissions to dynamic groups containing instances, and applications running on those instances can make OCI API calls using the instance principal for authentication.

Option A is incorrect because API keys are credentials associated with user accounts that must be stored and managed within applications. Using API keys requires embedding credentials in code or configuration files, which creates security risks and management overhead that instance principals are designed to avoid.

Option C is incorrect because Auth tokens are used for authentication to OCI services that do not support API key signatures, such as Oracle Container Registry or Swift API access to Object Storage. Auth tokens still require credential storage and do not provide the seamless, credential-free access that instance principals offer.

Option D is incorrect because Customer secret keys are used for Amazon S3 compatibility API access to Object Storage. Like API keys, these credentials must be stored and managed, which contradicts the requirement to avoid storing credentials in application code.

Question 35

A company wants to isolate development, testing, and production environments in OCI while maintaining centralized billing. Which approach should be used?

A) Create separate tenancies for each environment

B) Use compartments to organize resources by environment

C) Deploy resources in different regions for each environment

D) Create separate VCNs without any organizational structure

Answer: B

Explanation:

Using compartments to organize resources by environment is the correct approach for isolating development, testing, and production while maintaining centralized billing. Compartments provide logical isolation within a single tenancy, allowing different teams or environments to have separated resources with distinct access controls through IAM policies. All resources across compartments are billed to the same tenancy, providing consolidated billing and reporting while maintaining clear separation between environments.

Option A is incorrect because creating separate tenancies for each environment results in completely independent OCI subscriptions with separate billing, which contradicts the requirement for centralized billing. Multiple tenancies also increase administrative overhead and make resource sharing between environments more complex.

Option C is incorrect because deploying resources in different regions is a strategy for geographic distribution and disaster recovery rather than environment isolation. Regions do not provide the logical isolation and access control boundaries that compartments offer, and regional deployment does not inherently separate development, testing, and production environments.

Option D is incorrect because separate VCNs provide network isolation but do not offer the organizational structure, access control, or billing visibility that compartments provide. VCNs are networking constructs rather than organizational or access management tools.

Question 36

An architect needs to design a solution where compute instances can communicate with each other within a VCN but should not have internet access. Which configuration accomplishes this?

A) Create instances in a public subnet with internet gateway

B) Create instances in a private subnet without internet gateway

C) Assign public IP addresses to all instances

D) Remove all security list rules

Answer: B

Explanation:

Creating instances in a private subnet without an internet gateway accomplishes the requirement for instances to communicate internally while preventing internet access. Private subnets do not have routes to an internet gateway, ensuring that resources within them cannot reach or be reached from the internet. Instances in the same VCN or connected VCNs can communicate through private IP addresses using the VCN’s internal routing, while the absence of internet gateway routes prevents external connectivity.

Option A is incorrect because public subnets have routes to an internet gateway, allowing instances to access the internet. This configuration contradicts the requirement that instances should not have internet access.

Option C is incorrect because assigning public IP addresses to instances enables internet connectivity when combined with appropriate routing and security rules. Public IPs are specifically designed to allow resources to communicate with the internet.

Option D is incorrect because removing all security list rules would block all traffic including internal VCN communication. Security lists must contain appropriate rules to allow desired traffic between instances while the subnet and routing configuration controls internet access.

Question 37

A company needs to connect their on-premises data center to OCI with predictable bandwidth and low latency. Which connectivity option provides dedicated physical connectivity?

A) Site-to-Site VPN

B) FastConnect

C) Internet Gateway

D) Service Gateway

Answer: B

Explanation:

FastConnect provides dedicated physical connectivity between on-premises data centers and OCI with predictable bandwidth and low latency. FastConnect establishes private connections through supported network service providers or direct physical cross-connects in colocation facilities, bypassing the public internet entirely. This dedicated connectivity offers consistent performance, higher bandwidth options, and improved security compared to internet-based connections.

Option A is incorrect because Site-to-Site VPN uses encrypted tunnels over the public internet, which provides less predictable bandwidth and higher latency compared to dedicated physical connections. While VPN is more cost-effective and easier to deploy, it does not offer the performance characteristics of FastConnect.

Option C is incorrect because Internet Gateway provides connectivity between VCN resources and the public internet, not a dedicated connection to on-premises data centers. Internet Gateway enables resources with public IPs to communicate with internet destinations but does not create private dedicated links.

Option D is incorrect because Service Gateway provides private connectivity from a VCN to Oracle services without using public internet, not connectivity to on-premises data centers. Service Gateway is designed for accessing OCI services privately rather than connecting to customer facilities.

Question 38

An application stores sensitive data in Object Storage. The security team requires that all data be encrypted using keys managed by the customer. Which OCI service should be used?

A) Block Volume

B) Vault

C) Identity and Access Management

D) Security Lists

Answer: B

Explanation:

Vault is the OCI service used for managing encryption keys, including customer-managed keys for encrypting data in Object Storage. Vault provides a centralized key management service that allows customers to create, store, and control encryption keys used to protect data across OCI services. Using Vault, customers can implement encryption with keys they fully control, meeting compliance requirements for customer-managed encryption while benefiting from integration with Object Storage and other OCI services.

Option A is incorrect because Block Volume is a storage service for compute instances rather than a key management solution. While block volumes can be encrypted using keys from Vault, the Block Volume service itself does not provide key management capabilities.

Option C is incorrect because Identity and Access Management controls who can access resources and what actions they can perform, not encryption key management. IAM policies may control who can use encryption keys, but IAM is not the service for storing and managing the keys themselves.

Option D is incorrect because Security Lists are virtual firewall rules that control network traffic to and from resources. Security Lists operate at the network layer and do not provide encryption or key management functionality.

Question 39

A company wants to monitor the performance and health of their OCI compute instances. Which service provides metrics, alarms, and notifications for resource monitoring?

A) Logging

B) Events

C) Monitoring

D) Notifications

Answer: C

Explanation:

Monitoring is the OCI service that provides metrics, alarms, and notifications for tracking resource performance and health. The Monitoring service collects measurements from OCI resources including compute instances, databases, and load balancers, allowing administrators to create alarms that trigger when metrics exceed defined thresholds. These alarms can send notifications through various channels, enabling proactive response to performance issues or resource problems.

Option A is incorrect because Logging is used for collecting and analyzing log data from applications and resources rather than collecting performance metrics and generating alarms. While logging provides valuable troubleshooting information, it does not offer the metrics collection and alarm capabilities needed for performance monitoring.

Option B is incorrect because Events tracks state changes in OCI resources and can trigger actions based on those changes, but it does not collect continuous performance metrics or provide the comprehensive monitoring and alarming capabilities of the Monitoring service.

Option D is incorrect because Notifications is a messaging service that delivers messages to subscribers through various channels. While Monitoring uses Notifications to deliver alarm messages, the Notifications service itself does not collect metrics or evaluate alarm conditions.

Question 40

An architect is designing a multi-tier application with web servers in one subnet and database servers in another subnet within the same VCN. Which security mechanism controls traffic between these subnets?

A) Route Tables

B) Security Lists

C) Internet Gateway

D) Dynamic Routing Gateway

Answer: B

Explanation:

Security Lists control traffic between subnets within a VCN by acting as virtual firewalls for instances. Each subnet is associated with one or more security lists containing ingress and egress rules that specify allowed traffic based on protocol, ports, and source or destination IP ranges. For the multi-tier application scenario, security lists would be configured to allow traffic from the web tier subnet to the database tier subnet on database ports while blocking other traffic, implementing proper security segmentation.

Option A is incorrect because Route Tables control where network traffic is directed rather than whether it is allowed. Route tables define next-hop destinations for traffic but do not filter or block traffic based on security rules.

Option C is incorrect because Internet Gateway provides connectivity between VCN resources and the internet, not between subnets within a VCN. The gateway functions at the VCN boundary rather than controlling internal subnet-to-subnet traffic.

Option D is incorrect because Dynamic Routing Gateway provides connectivity between VCNs and external networks such as on-premises data centers, not for controlling traffic between subnets within a single VCN. The DRG operates at the VCN boundary for external connectivity.

Question 41

A company needs to ensure that compute instances in one region can automatically failover to another region in case of regional outage. Which OCI feature supports this cross-region disaster recovery requirement?

A) Availability Domains

B) Fault Domains

C) Region Pairs

D) Cross-region replication and traffic management

Answer: D

Explanation:

Cross-region replication and traffic management support disaster recovery requirements by enabling data synchronization between regions and intelligent traffic routing. OCI provides mechanisms for replicating data across regions using services like Object Storage cross-region replication, database Data Guard, and backup replication. Traffic Management Steering Policies can detect regional failures and automatically redirect users to healthy regions, providing automated failover capabilities for cross-region disaster recovery architectures.

Option A is incorrect because Availability Domains provide redundancy within a single region rather than across regions. While availability domains protect against data center failures, they do not address regional outage scenarios that require cross-region failover capabilities.

Option B is incorrect because Fault Domains provide redundancy within a single availability domain by distributing resources across separate physical hardware. Fault domains protect against hardware failures but operate at a much smaller scope than regional disaster recovery.

Option C is incorrect because Region Pairs is not a specific OCI feature. While some cloud providers use region pairing concepts, OCI allows customers to choose any regions for disaster recovery implementations using available replication and traffic management services.

Question 42

An application needs to scale compute capacity automatically based on CPU utilization. Which OCI feature enables this automatic scaling capability?

A) Manual instance creation

B) Autoscaling

C) Load Balancer

D) Instance Pool without configuration

Answer: B

Explanation:

Autoscaling enables automatic compute capacity adjustment based on metrics like CPU utilization. Autoscaling configurations define policies that specify when to add or remove instances from instance pools based on performance metrics collected by the Monitoring service. When CPU utilization exceeds defined thresholds, autoscaling automatically launches additional instances to handle increased load, and when utilization decreases, it terminates excess instances to reduce costs while maintaining application performance.

Option A is incorrect because manual instance creation requires administrator intervention and does not provide the automatic response to changing load conditions that autoscaling delivers. Manual processes introduce delays and require ongoing monitoring that automatic scaling eliminates.

Option C is incorrect because Load Balancer distributes traffic across existing instances but does not create or terminate instances based on utilization. While load balancers work with autoscaling configurations, they do not themselves provide scaling capabilities.

Option D is incorrect because Instance Pools without autoscaling configuration maintain a static number of instances. Instance pools provide the foundation for autoscaling but require autoscaling configuration with metric-based policies to enable automatic capacity adjustment.

Question 43

A company wants to run batch processing jobs that can tolerate interruptions and are not time-sensitive to reduce costs. Which compute instance option should be used?

A) Always Free instances

B) Preemptible instances

C) Dedicated Virtual Machine Hosts

D) Bare Metal instances

Answer: B

Explanation:

Preemptible instances are the appropriate choice for batch processing jobs that can tolerate interruptions and are not time-sensitive. Preemptible instances offer significantly reduced pricing compared to standard instances but can be reclaimed by OCI with short notice when capacity is needed for higher-priority workloads. For workloads that can checkpoint progress and resume after interruption, preemptible instances provide substantial cost savings while still delivering compute capacity for batch processing tasks.

Option A is incorrect because Always Free instances are limited to specific shapes and quantities per tenancy, making them unsuitable for significant batch processing workloads. Always Free tier is designed for learning and small-scale development rather than production batch processing.

Option C is incorrect because Dedicated Virtual Machine Hosts provide isolated physical servers at premium pricing, which contradicts the goal of reducing costs. Dedicated hosts are chosen for compliance or licensing requirements rather than cost optimization.

Option D is incorrect because Bare Metal instances provide dedicated physical servers without hypervisor overhead, typically at higher cost than virtual machine instances. Bare metal is selected for performance requirements, not cost reduction for interruptible workloads.

Question 44

An architect needs to design a solution where a VCN in one region can communicate with a VCN in another region. Which OCI feature enables this connectivity?

A) Local Peering Gateway

B) Remote Peering Connection

C) Internet Gateway

D) NAT Gateway

Answer: B

Explanation:

Remote Peering Connection enables communication between VCNs in different regions by creating a private connection over the Oracle network backbone. Remote peering allows resources in VCNs across regions to communicate using private IP addresses without traversing the public internet, providing secure and efficient cross-region connectivity. The connection is established through Dynamic Routing Gateways in each region and configured through remote peering connection resources.

Option A is incorrect because Local Peering Gateway enables connectivity between VCNs within the same region, not across regions. Local peering provides VCN interconnection for regional scenarios but cannot connect VCNs in different geographic regions.

Option C is incorrect because Internet Gateway provides connectivity between VCN resources and the public internet rather than private VCN-to-VCN connectivity. Using internet gateways for cross-region VCN communication would require public IP addresses and traverse the internet, reducing security and performance.

Option D is incorrect because NAT Gateway enables instances without public IP addresses to access the internet for outbound connections. NAT Gateway does not provide VCN-to-VCN connectivity across regions and operates at the VCN boundary for internet access.

Question 45

A database application requires consistent low latency and high IOPS performance. Which block volume performance option should be selected?

A) Lower Cost

B) Balanced

C) Higher Performance

D) Default performance settings

Answer: C

Explanation:

Higher Performance block volume option should be selected for database applications requiring consistent low latency and high IOPS. This performance tier provides the maximum IOPS and throughput capabilities that OCI block volumes offer, delivering the sustained performance characteristics needed by demanding database workloads. Higher Performance volumes use faster storage media and optimized configurations to minimize latency and maximize transaction throughput for performance-sensitive applications.

Option A is incorrect because Lower Cost block volumes prioritize cost efficiency over performance, providing adequate performance for less demanding workloads. Database applications with strict latency and IOPS requirements need the performance characteristics of higher tiers.

Option B is incorrect because Balanced block volumes provide moderate performance between cost and capability, which may not deliver the consistent low latency and high IOPS that demanding database applications require. Balanced is suitable for general-purpose workloads rather than performance-critical databases.

Option D is incorrect because relying on default performance settings without explicitly selecting the appropriate tier may result in insufficient performance for database workloads. Database applications with specific performance requirements need intentional configuration of the Higher Performance tier.