freefiles

Oracle 1z0-1072-23 Exam Dumps & Practice Test Questions


Question No 1:

You plan to upload a large file (3 TiB) to Oracle Cloud Infrastructure (OCI) Object Storage. To minimize the impact of network failures during the upload, you decide to use the multipart upload capability.

Which TWO statements are true about performing a multipart upload using the Multipart Upload API? (Choose two.)

A. You do not have to commit the upload after you have uploaded all the object parts.
B. You do not need to split the object into parts. Object Storage splits the object into parts and uploads all of the parts automatically.
C. While a multipart upload is still active, you can keep adding parts as long as the total number is less than 10,000.
D. When you split the object into individual parts, each part can be as large as 50 GiB.

Answer: C, D

Explanation:

The Multipart Upload API in OCI Object Storage provides a way to upload large files in smaller, manageable parts. This reduces the impact of network interruptions and allows you to upload objects efficiently.

A. You do not have to commit the upload after you have uploaded all the object parts.
This is incorrect. After uploading all the parts of an object using multipart upload, you must commit the upload. This final step, called Complete Multipart Upload, is required to combine all the parts and finalize the object upload. If you do not commit the upload, the object will not be fully available.

B. You do not need to split the object into parts. Object Storage splits the object into parts and uploads all of the parts automatically.
This is incorrect. While OCI Object Storage handles the upload of parts, you are responsible for splitting the object into parts. The Multipart Upload API allows you to upload the file in parts that you specify. You can control the part sizes and the order of the parts during upload. The system does not automatically split the object for you.

C. While a multipart upload is still active, you can keep adding parts as long as the total number is less than 10,000.
This is correct. While a multipart upload is active, you can keep adding parts until the total number of parts exceeds the limit of 10,000. This allows flexibility for large uploads, enabling you to add additional parts incrementally during the process. If you exceed this number, the upload will fail, and you will need to adjust the part count.

D. When you split the object into individual parts, each part can be as large as 50 GiB.
This is correct. The OCI Multipart Upload API allows individual parts to be as large as 50 GiB. This is beneficial when uploading large files like the 3 TiB file in the example, as it allows each part to be a manageable size while minimizing the number of parts needed. However, the total object size can be up to 5 TiB, so multiple large parts can be uploaded to accommodate the entire object size.

In summary, the correct statements are C and D:

  • C allows you to add parts up to a limit of 10,000 while the upload is still active.

  • D specifies that each part can be as large as 50 GiB during a multipart upload.

Question No 2:

When defining a query for metric data in Monitoring, which field provides the time window for aggregating metric data points plotted on the metric chart?

A. Namespace
B. Interval
C. Dimension
D. Statistic

Answer: B

Explanation:

When working with metric data in Monitoring, the Interval field defines the time window for aggregating metric data points that are plotted on the metric chart. This interval specifies the duration of each aggregation period, such as 1 minute, 5 minutes, 15 minutes, etc. The data points are grouped into these time windows to generate an aggregated value for each interval, which is then plotted on the chart.

For example, if you set an interval of 5 minutes, the system will aggregate the metric data over each 5-minute period and display the aggregated values on the metric chart. This is useful for viewing trends over time without being overwhelmed by individual data points.

The other options do not directly relate to the time window for aggregation:

  • A. Namespace: This refers to the logical grouping or categorization of metrics. It helps identify the specific group of metrics, but it doesn't define the time window for aggregation.

  • C. Dimension: This field is used to define specific attributes of the metric, such as resource names or other tags. It helps filter and organize metric data but does not control the time window for aggregation.

  • D. Statistic: The statistic field specifies the type of aggregation, such as average, sum, or maximum. While it influences how the metric data is aggregated, it does not determine the time window for those aggregations.

Therefore, the Interval field is responsible for defining the time window for aggregating metric data points plotted on the metric chart.

Question No 3:

Which TWO components are optional when creating Monitoring Query Language (MQL) expressions in the Oracle Cloud Infrastructure (OCI) Monitoring service?

A. Grouping Function
B. Dimensions
C. Metric
D. Interval
E. Statistic

Answer: A, D

Explanation:

The Oracle Cloud Infrastructure (OCI) Monitoring service allows users to create custom queries using the Monitoring Query Language (MQL) to analyze and retrieve metric data from their resources. MQL queries can be composed with different components, some of which are optional based on the user's query requirements. Let's examine each component:

  • A. Grouping Function: This component is optional. Grouping functions are used to aggregate data based on specific criteria, such as by resource or time. While they can be useful for summarizing data, they are not always required in every MQL query. If the query doesn't need aggregation or grouping, this function can be omitted.

  • B. Dimensions: This component is not optional. Dimensions in MQL refer to specific attributes of metrics, such as resource type or region, which help filter and refine the query results. Including dimensions in a query allows the user to narrow down the scope of the data being retrieved. They are generally necessary to define the context of the metric data.

  • C. Metric: This component is not optional. A metric is essential to the query because it defines the specific type of data you want to retrieve (e.g., CPU utilization, memory usage, etc.). Without specifying a metric, the query would have no meaning, as there would be no data to retrieve.

  • D. Interval: This component is optional. The interval specifies the time range over which the data should be retrieved or aggregated. If not specified, MQL may default to a standard time period. However, depending on the query, you may choose to omit it and let the system use the default.

  • E. Statistic: This component is not optional. Statistics, such as average, maximum, or minimum, define how the metric data should be summarized over the specified interval. In most cases, a statistic is needed to interpret the metric data in a meaningful way.

Thus, the correct answers are A (Grouping Function) and D (Interval), as these components are optional when creating MQL expressions.

Question No 4:

What should you do to rollback to version 1 of a secret in Oracle Cloud Infrastructure (OCI) Vault after mistakenly updating the content for version 2?

A. Deprecate version 2 (latest). Create new Secret version 3. Create soft link from version 3 to version 1.
B. From the version 1 menu on the OCI console, select "Promote to Current".
C. From the version 2 (latest) menu, select "Rollback" and select version 1 when given the option.
D. Create a new secret version 3 and set to Pending. Copy the content of version 1 into version 3.

Answer: B

Explanation:

In Oracle Cloud Infrastructure (OCI) Vault, the management of secrets, including their versioning and rollbacks, is designed to help ensure that users can maintain secure access to sensitive data like database passwords. OCI Vault supports the rotation of secrets and offers a versioning system where each new update to a secret creates a new version. If a mistake is made when updating the secret, it is possible to revert to a previous version.

Let’s go over each of the options to determine which one correctly addresses the rollback process:

A. Deprecate version 2 (latest). Create new Secret version 3. Create soft link from version 3 to version 1.
This option is incorrect because OCI Vault does not support the concept of creating soft links between versions. Deprecating a version does not allow you to easily rollback or directly link to an older version. The idea of creating a soft link is not applicable in this context. Therefore, this option does not align with OCI Vault's rollback functionality.

B. From the version 1 menu on the OCI console, select "Promote to Current".
This is the correct answer. OCI Vault provides the ability to promote a specific secret version to the "current" version, which is the version that is actively being used. By selecting version 1 and promoting it, you can effectively "rollback" to the content of version 1, making it the current version again. This feature ensures that you can easily revert to a previous version of a secret without creating a new secret or performing complex procedures.

C. From the version 2 (latest) menu, select "Rollback" and select version 1 when given the option.
This option is not correct because OCI Vault does not offer a "Rollback" option from the version menu. The rollback functionality is not available directly from the latest version menu. The correct way to revert to an earlier version is to promote version 1 to the current version, as described in option B.

D. Create a new secret version 3 and set to Pending. Copy the content of version 1 into version 3.
While this is technically a way to manually copy the content from version 1 into a new version (version 3), it is not an ideal solution. Creating a new secret version is unnecessary if the goal is to rollback to a previous version, and it adds an extra step of manually copying content. Additionally, it does not utilize the built-in features of OCI Vault to easily promote a version.

In conclusion, the correct approach to rolling back to version 1 of the secret is B, where you can select the version 1 menu and promote it to be the current version again. This feature is the most straightforward and effective way to revert the secret to a prior, valid version.

Question No 5:

What could be the most likely reason for the error encountered by the cloud developer while using the Oracle Cloud Infrastructure (OCI) Vault service to encrypt plaintext via the OCI Command Line Interface (CLI)?

A. The developer should pass the key version OCID instead of the key OCID.
B. The developer forgot to specify the region.
C. The plaintext needs to be in the JSON form.
D. The developer has the wrong endpoint.

Answer: A

Explanation:

When using Oracle Cloud Infrastructure (OCI) Vault to encrypt plaintext, it is crucial to provide the correct information regarding the encryption key. In OCI, a Key ID (OCID) is used to reference the key, but for certain operations like encrypting or decrypting data, the Key Version OCID is required to specify which version of the key should be used. The error could be caused by the developer passing the wrong OCID, such as the key OCID, when the Key Version OCID should have been used.

Option A (The developer should pass the key version OCID instead of the key OCID) is the most likely reason for the error. OCI Vault allows for the management of multiple versions of the same encryption key, and when performing operations like encryption, you need to reference the correct version of the key. This means that instead of passing just the key OCID, the developer must specify the OCID for the specific version of the key being used. If the key OCID is provided instead of the version OCID, the service would fail and return an error.

Option B (The developer forgot to specify the region) could be a possibility, but typically, if the region were missing, the error message would indicate a problem with region identification or region mismatch. The issue described doesn't necessarily suggest a missing region, and the region is usually a default or configured earlier in the CLI configuration.

Option C (The plaintext needs to be in the JSON form) is unlikely to be the reason for the error. While OCI Vault accepts plaintext data for encryption, the plaintext itself does not have to be in JSON form specifically. Plaintext can be passed as raw data in base64-encoded format or directly as a string, depending on the context, but it is not mandatory to use JSON.

Option D (The developer has the wrong endpoint) is also unlikely to be the root cause of the error. The error here does not point to an endpoint issue, which would typically manifest as a connection issue or service not found error. The command failure seems to be more related to the type of OCID used, not the endpoint configuration.

In conclusion, the most probable cause of the error is that the developer should have passed the Key Version OCID instead of the Key OCID, making A the correct answer.

Question No 6:

Which policy statement can be used to allow the NetworkAdmins group to manage the Virtual Cloud Network (VCN) in compartment C and attach the policy to the tenancy?

A. Allow group NetworkAdmins to manage virtual-network-family in compartment C
B. Allow group NetworkAdmins to manage virtual-network-family in compartment A:B:C
C. Allow group NetworkAdmins to manage virtual-network-family in tenancy
D. Allow group NetworkAdmins to manage virtual-network-family in compartment B:C

Answer: A

Explanation:

To create a policy that grants the NetworkAdmins group the ability to manage the Virtual Cloud Network (VCN) within compartment C, it's important to understand the structure and scope of Oracle Cloud Infrastructure (OCI) policies.

Here's how the various options break down:

  • A: This policy statement is the correct one. The syntax Allow group NetworkAdmins to manage virtual-network-family in compartment C clearly grants the NetworkAdmins group permissions to manage virtual-network-family (which includes Virtual Cloud Networks) specifically in compartment C. This is the desired outcome, as it directly applies the policy to the correct compartment.

  • B: This policy uses the path compartment A:B:C, which indicates a specific hierarchical path. However, the description doesn't mention compartments A or B being involved in this task. You are looking for compartment C specifically, so this path is incorrect. The policy should apply to compartment C alone, not involving other compartments.

  • C: The statement Allow group NetworkAdmins to manage virtual-network-family in tenancy applies the policy at the tenancy level, meaning it would allow the NetworkAdmins group to manage VCNs across the entire tenancy, including all compartments. This is broader than necessary, as the question specifies managing VCNs only in compartment C, not the entire tenancy.

  • D: This option refers to compartment B:C, which is a path that implies compartment B contains a sub-compartment C. If compartment C is indeed a sub-compartment of B, this path could potentially work. However, based on the provided hierarchy, we don't know whether compartment C is a sub-compartment of B or a separate compartment. The more direct and clear path is just compartment C as shown in option A.

In conclusion, A is the most accurate policy statement for granting NetworkAdmins the ability to manage VCNs specifically in compartment C.

Question No 7:

Which tool provides a diagram of the implemented topology of all Virtual Cloud Networks (VCNs) in a selected region and tenancy?

A. VCN Flow Logs
B. Traffic Analytics
C. Network Visualizer
D. Network Watcher

Answer: C

Explanation:

In Oracle Cloud Infrastructure (OCI), when you need to visualize the topology of Virtual Cloud Networks (VCNs) and their components, Network Visualizer is the tool that provides a graphical diagram of the network infrastructure. This tool helps you to see how your VCNs, subnets, route tables, security lists, and other components are connected in a specific region and tenancy. It's particularly useful for administrators and architects to gain insights into their network layout.

Let’s break down each option to see why Network Visualizer is the correct choice:

  • A. VCN Flow Logs:
    VCN Flow Logs provide data about the network traffic flowing through the VCN, but they do not offer a visual representation of the network topology. They are more focused on traffic analysis and auditing purposes, not on providing a diagram of the network structure.

  • B. Traffic Analytics:
    Traffic Analytics is a tool that provides insights into the traffic flowing within your VCNs, such as which IP addresses are sending and receiving traffic, but it doesn’t visualize the topology or layout of the network. It's primarily used for analyzing network traffic patterns, not for mapping out the architecture.

  • C. Network Visualizer:
    Network Visualizer is the correct tool. It provides a graphical diagram that represents the implemented topology of all your Virtual Cloud Networks (VCNs) in a specific region and tenancy. This tool allows you to see all network components and their connections in a visual format, making it easier to manage and understand the overall network design.

  • D. Network Watcher:
    Network Watcher is typically used for monitoring and troubleshooting network connectivity issues in Azure, not in Oracle Cloud. In Oracle Cloud, tools like Network Visualizer would serve a similar function of visualizing network components, while Network Watcher is not available for OCI.

Thus, the correct answer is C. Network Visualizer, as it offers a diagrammatic view of your network topology in Oracle Cloud Infrastructure.

Question No 8:

Your DevOps team needs to interconnect the on-premises network to the Oracle Cloud Infrastructure (OCI) resources, such as a managed database that resides in a private subnet. They indicate that they have a low budget and their bandwidth requirements are minimal, so you decide that a site-to-site VPN is the best option. 

They provide you with their router public IP address. You need to create an object in OCI that represents this router. Which object would you create?

A. Bastion Host
B. IPSec Tunnel
C. Dynamic Routing Gateway (DRG)
D. Customer Premises Equipment (CPE)
E. Internet Gateway
F. Virtual Network Interface Card (vNIC)

Answer: D

Explanation:

In Oracle Cloud Infrastructure (OCI), a site-to-site VPN allows you to securely connect your on-premises network to your OCI network over the internet. This involves creating objects that represent both the on-premises network and the Oracle Cloud network. One of the first steps in setting up a site-to-site VPN is to create an object that represents your on-premises router.

The correct object for this task is Customer Premises Equipment (CPE). The CPE represents your on-premises router or VPN device that will connect to Oracle Cloud Infrastructure over the site-to-site VPN. When you create a CPE object in OCI, you are essentially defining the endpoint for your on-premises network that will be linked to the OCI infrastructure.

Here’s a breakdown of why D is correct and why the other options are not:

Why the correct answer is D:

  • Customer Premises Equipment (CPE): This object in OCI represents the physical or virtual router on your on-premises network. In the context of a site-to-site VPN, this is the entity that will use the public IP address of your on-premises router to communicate securely with Oracle Cloud Infrastructure over the VPN. By creating the CPE object, you define the on-premises router and provide OCI with the necessary information to set up the VPN tunnel.

Why the other options are incorrect:

  • A. Bastion Host: A bastion host is a special-purpose instance in OCI used to securely access instances in a private network, usually for administrative purposes. It is not related to the creation of a site-to-site VPN or the representation of the on-premises router.

  • B. IPSec Tunnel: The IPSec tunnel is a secure encrypted connection used in a site-to-site VPN. However, it is not an object you would create independently; instead, it is associated with the VPN configuration between the CPE and the DRG.

  • C. Dynamic Routing Gateway (DRG): The DRG is an OCI object used to connect your OCI virtual network (VCN) to your on-premises network or other virtual networks. It is important for site-to-site VPNs, but it represents the OCI side of the connection. The CPE represents the on-premises side.

  • E. Internet Gateway: An internet gateway allows your OCI virtual network to communicate with the internet. While it’s important for public resources, it is not used to represent your on-premises router in a site-to-site VPN.

  • F. Virtual Network Interface Card (vNIC): A vNIC is a virtual network interface for an instance in OCI, used to connect an instance to a virtual network. It has no direct relevance to setting up a site-to-site VPN or representing a router.

In conclusion, to represent your on-premises router in Oracle Cloud Infrastructure for the site-to-site VPN, you need to create a Customer Premises Equipment (CPE) object. This will allow the VPN connection between your on-premises network and OCI to be configured properly.

Question No 9:

Which TWO of the following are key benefits of configuring Site-to-Site VPN on Oracle Cloud Infrastructure (OCI)? (Choose two.)

A. When setting up Site-to-Site VPN, it creates a private connection that provides consistent network experience.
B. When setting up Site-to-Site VPN, customers can expect bandwidth above 2 Gbps.
C. When setting up Site-to-Site VPN, OCI provisions redundant VPN tunnels.
D. When setting up Site-to-Site VPN, customers can configure it to use static or dynamic routing (BGP).

Answer: C, D

Explanation:

Site-to-Site VPN (Virtual Private Network) on Oracle Cloud Infrastructure (OCI) offers several key benefits that make it an essential component for establishing secure communication between an on-premises network and the cloud. Let's examine each statement to understand why C and D are the correct benefits.

C. When setting up Site-to-Site VPN, OCI provisions redundant VPN tunnels.
This is a key benefit of Site-to-Site VPN in OCI. Redundant VPN tunnels are automatically provisioned when a Site-to-Site VPN connection is created, ensuring high availability and fault tolerance. In the event that one tunnel fails, traffic can be rerouted through the secondary tunnel, ensuring the continuity of the connection. This redundancy enhances the reliability of the VPN connection, making it more robust for business-critical applications that require uptime.

D. When setting up Site-to-Site VPN, customers can configure it to use static or dynamic routing (BGP).
This is another significant advantage of OCI’s Site-to-Site VPN. Customers have the flexibility to configure routing options that best meet their network requirements. Static routing allows for manual configuration of the routes, while dynamic routing using BGP (Border Gateway Protocol) allows for automatic route advertisement and management between the on-premises network and OCI. Dynamic routing with BGP is particularly useful for large and complex network environments, as it allows for automatic adjustments to network changes and ensures optimal path selection.

Now, let’s review the incorrect options:

A. When setting up Site-to-Site VPN, it creates a private connection that provides consistent network experience.
This statement is incorrect because Site-to-Site VPN connections are built over the public internet. While they provide encryption and a secure tunnel, they do not guarantee a private connection or always offer consistent network performance. The quality of the connection depends on the internet connection between the on-premises network and OCI, and there can be variability in performance due to factors such as latency and bandwidth fluctuations in the public internet.

B. When setting up Site-to-Site VPN, customers can expect bandwidth above 2 Gbps.
This statement is incorrect because OCI’s Site-to-Site VPN does not typically guarantee such high bandwidth levels. While the performance can vary, the actual bandwidth available on a Site-to-Site VPN connection depends on the specific OCI instance, network conditions, and configuration. While the VPN might support multiple Gbps in some cases, it is not an inherent or guaranteed benefit of setting up Site-to-Site VPN on OCI.

In conclusion, the correct answers are C and D, as they highlight the important features of redundancy and flexible routing options provided by OCI’s Site-to-Site VPN service.

Question No 10:

What will happen when a retention rule with a duration of 1 year is applied to an Object Storage bucket containing two objects, ObjectA and ObjectB, where ObjectA was last modified 6 months ago and ObjectB was last modified 14 months ago?

A. It prevents the modification or deletion of ObjectA for the next 6 months and prevents the modification or deletion of ObjectB for the next 2 months.
B. It prevents the modification or deletion of ObjectA for the next 6 months and allows the modification or deletion of ObjectB.
C. It prevents the modification or deletion of ObjectA and ObjectB for the next 12 months.
D. It prevents the modification or deletion of ObjectA for the next 12 months and prevents the modification or deletion of ObjectB for the next 14 months.

Answer: A

Explanation:

Retention rules in Object Storage are used to ensure that objects cannot be modified or deleted for a specified duration, regardless of their last modification date. The duration of the retention rule is applied based on the object's last modification time, and the rule prevents modification or deletion of an object for the defined retention period, relative to its most recent modification.

In this scenario:

  • ObjectA was last modified 6 months ago.

  • ObjectB was last modified 14 months ago.

  • The retention rule is set for 1 year (12 months).

When the retention rule is applied:

  • For ObjectA, the rule starts from the last modification date (6 months ago), meaning that it will prevent any modifications or deletions for the next 6 months (to complete the full 12-month retention period).

  • For ObjectB, the rule starts from the last modification date (14 months ago), which means the object has already passed the 12-month mark. Since the object is older than the retention period, it only needs 2 more months to meet the 12-month retention rule. Therefore, ObjectB cannot be modified or deleted for the next 2 months.

Thus, the correct answer is A: The rule prevents the modification or deletion of ObjectA for the next 6 months and prevents the modification or deletion of ObjectB for the next 2 months.