Exam 1Z0-1072-25

Oracle Cloud Infrastructure 2025

Architect Associate
Dump
1. A large organization is using Oracle Cloud Infrastructure (OCI) and has implemented a complex
compartment structure. They have a root compartment, with multiple nested compartments for
various projects, teams, and environments. A new virtual machine is created for a specific project in a
development sub-compartment.
Which statement is INCORRECT regarding the virtual machine in this scenario?

A. If necessary, the virtual machine can be moved to a different compartment within the tenancy.

B. The virtual machine is associated with a specific compartment, and it cannot simultaneously exist in
any other compartment.

C. Access to the virtual machine is only controlled by policies attached to the root compartment.

D. The virtual machine can interact with resources such as a Virtual Cloud Network (VCN) in a different
compartment.

2. When compared to IAM policies, what is a KEY advantage of utilizing administrator roles for access
control within OCI IAM identity domain?

A. Provide granular control over user access to specific compartments within the domain

B. Offer a wider range of permissions combinations than IAM policies

C. Can be used to grant access to resources outside of the associated identity domain

D. Simplify access management by eliminating the need for complex policy creation

3. A company accidentally moved a critical database instance to a different compartment within their
OCI tenancy. The existing IAM policies were previously mapped to the database's original
compartment and granted access to authorized users.
How will this impact user access to the database?

A. Existing IAM policies will continue to function normally, regardless of the compartment move.

B. Compartments prevent resource movement, once a resource is placed in a compartment, it cannot be

moved.

C. Access to the database will be immediately revoked for all authorized users due to the compartment
change.

D. Compartments are not covered by IAM policies, they only apply to resources.
4. You are backing up your on-premises data to the Oracle Cloud Infrastructure (OCI) Object Storage
Service. Your requirements are:
1. Backups need to be retained for at least full 31 days.
2. Data should be accessible immediately if and when needed after the backup.
Which OCI Object Storage tier is suitable for storing the backup to minimize cost?

A. Infrequent Access tier

B. Standard tier

C. Auto-Tiering tier

D. Archive tier

5. You are managing Oracle Cloud Infrastructure (OCI) with several instances and attached block
volume. To optimize performance and cost-efficiency, you consider enabling the detached volume
performance autotuning feature in the Block Volume service.
What happens to the performance level of a volume when it is detached from an instance?

A. The performance level is adjusted to Higher Performance.

B. The performance level is adjusted to Lower Cost (0 VPUs/GB).

C. The performance level remains unchanged.

D. The performance level is adjusted to Balanced.

6. Which Traffic Management Steering Policy facilitates the distribution of DNS traffic to specific
endpoints based on the geopolitical location of end users?

A. ASN Steering

B. Proximity Steering

C. Geolocation Steering

D. IP Prefix Steering
7. Which TWO are key benefits of setting up Site-to-Site VPN on Oracle Cloud Infrastructure (OCI)?

A. When setting up Site-to-Site VPN, it creates a private connection that provides consistent network
experience.

B. When setting up Site-to-Site VPN, customers can expect bandwidth above 2 Gbps.

C. When setting up Site-to-Site VPN, OCI provisions redundant VPN tunnels.

D. When setting up Site-to-Site VPN, customers can configure it to use static or dynamic routing (BGP).

8. Which is NOT a valid action within the Oracle Cloud Infrastructure (OCI) Block Volume service?

A. Cloning an existing volume to a new, large volume.

B. Expanding an existing volume in place with offline resizing.

C. Attaching a block volume to an instance in a different availability domain.

D. Restoring from a volume backup to a larger volume.

9. By default, OCI IAM policies follow the principle of least privilege.

What does this principle mean in the context of policy creation?

A. Policies should grant all possible permissions to simplify access control.

B. Policies should be written in a complex and technical manner to enhance security.

C. Policies should be identical for all users within a tenancy.

D. Policies should provide only the minimum set of permissions required for users to perform their tasks
effectively.

10. You want to create a policy to allow the NetworkAdmins group to manage Virtual Cloud Network
(VCN) in compartment C. You want to attach this policy to the tenancy. The compartment hierarchy is
shown below.
Which policy statement can be used to accomplish this task?

A. Allow group 'Default'/'NetworkAdmins' to manage virtual-network-family in

compartment C

B. Allow group 'Default'/'NetworkAdmins' to manage virtual-network-family in

compartment A:B:C

C. Allow group 'Default'/'NetworkAdmins' to manage virtual-network-family in

compartment B:C

D. Allow group 'Default'/'NetworkAdmins' to manage virtual-network-family in tenancy

11. Which Oracle Cloud Infrastructure (OCI) Identify and Access Management (IAM) policy is invalid?

A. Allow any-user to inspect users intenancy

B. Allow group 'Default'/'A-Admins' to manage all-resources in compartment Project-A

C. Allow group 'Default'/'A-Developers' to create volumes in compartment Project-A

D. Allow dynamic-group 'Default'/'Frontend' to manage instance-family in compartment Project-A

12. A company has deployed a multitier application in Oracle Cloud Infrastructure (OCI), with web
servers in a public subnet and database servers in a private subnet. The database server needs to
access data from OCI Object Storage, and the company wants to ensure that this communication is
secure and not exposed to the public internet.
Which OCI feature should be used?

A. Use a NAT Gateway to enable private access to Object Storage.

B. Use a VPN Gateway to create an encrypted tunnel to Object Storage.

C. Use a Service Gateway to establish a secure connection to Object Storage.

D. Use a Local Peering Gateway to peer with the Object Storage subnet.

13. You just got a last-minute request to create a set of instances in Oracle Cloud Infrastructure (OCI).
The configuration and installed software and identical for every instance, and you already have a
running instance in your OCI tenancy.
Which image option allows you to achieve this task with the least amount of effort?

A. Bring your own image and use it as a template for the new instances.

B. Create a custom image and use it as a template for the new instances.

C. Use Oracle-provided images and customize the installation using a third-party tool.

D. Select an image from the OCI Marketplace

14. Which statement is true about File System Replication in Oracle Cloud Infrastructure (OCI)?

A. You can replicate the data in one file system to another file system in the same region or a different
region.

B. You cannot specify a replication interval when you create the replication resource.

C. You can replicate the data in one file system to another file system only in the same region.

D. Only a file system that has been reported can be used as a target file system.
15. You are managing a complex environment consisting of compute instances running Oracle Linux
on Oracle Cloud Infrastructure (OCI). You want to apply all the latest kernel security updates to all
instances. Which OCI service would you use?

A. OS Management Hub service

B. Data Safe

C. Container Registry

D. Artifact Registry

16. What is the primary function of the Network Path Analyzer (NPA) tool provided by Oracle Cloud
Infrastructure (OCI)?

A. Providing real-time monitoring of network traffic to detect security threats and unauthorized access
attempts.

B. Optimizing network performance by dynamically adjusting routing paths based on traffic patterns

C. Collecting and analyzing network configuration to identify virtual network configuration issues
impacting connectivity

D. Sending actual traffic between source and destination to diagnose connectivity issues

17. Which components are required at a high level for establishing remote peering between two
Virtual Cloud Networks (VCNs) in Oracle Cloud Infrastructure (OCI)?

A. Two VCNs with nonoverlapping CIDRs in the same region, a dynamic routing gateway (DRG) attached
to each VCN, and a direct connection between the DRGS

B. Two VCNs with overlapping CIDRs in different regions, a virtual private network (VPN) gateway
attached to each VCN, and a direct connection between the VPN gateways.

C. A single VCN with nonoverlapping CIDRs in each region, a dynamic routing gateway (DRG) attached to
each VCN, and a direct connection between the DRGS

D. Two VCNs with nonoverlapping CIDRs in the same region, a dynamic routing gateway (DRG) attached
to each VCN, a remote peering connection (RPC) on each DRG, and a connection established between
the RPCs
18. You want to run compute virtual machine (VM) instances in Oracle Cloud Infrastructure (OCI). Your
business unit has the following requirements that need to be considered before you launch the VMs:
Requirement 1: Shared infrastructure should not be used to deploy VMs.
Requirement 2: Meet node-based licensing requirements that require you to license an entire server.
Which compute capacity type would you select to meet these requirements?

A. On-demand capacity

B. Dedicated host

C. Preemptible capacity

D. Capacity reservation

19. You plan to launch a VM instance with the VM.Standard3.Flex shape and Oracle Linux 8 platform
image. You want to protect your VM instance form low-level threats, such as rootkits and bootkits
that can infect the firmware and operating system and are difficult to detect.
What should you do?

A. Use vulnerability Scanning Service.

B. Create a burstable instance.

C. Create a shielded instance.

D. Use in-transit encryption.

20. In the context of Oracle Cloud Infrastructure (OCI) Compute service, which statement about
instance configuration and instance pools is true?

A. An instance pool can have multiple instance configurations associated with it.

B. You can only delete an instance configuration if it is not associated with any instance pool.

C. You can delete an instance configuration if it is not associated with instance pool.

D. You cannot reuse the same instance configuration for multiple instance pools.

21. A client has reported they cannot access a file system even though their IP address is allowed in
the export options. Upon investigation, you realize that a security list rule is blocking access to the
mount target. Which layer needs adjustment?

A. UNIX Security Layer

B. Interface Export Options
C. Network Security
D. IAM Service
22. You create a file system and then add a 2GB file You then take a snapshot of the file system.
What would be the total meteredBytes shown by the File Storage service after the hourly update cycle
is complete?

A. 2 GB

B. 3 GB

C. 4 GB

D. 2.5 GB

23. As a network architect you have been tasked with creating a fully redundant connection from your
on-premises data center to your Virtual Cloud Network (VCN) in the us-ashburn-1 region.
Which TWO options will accomplish this requirement?

A. Configure a Site-to-Site VPN from a single on-premises CPE.

B. Configure one FastConnect virtual circuit to the us-ashburn-1 region and a Site-to-Site VPN to the us-
ashburn-1 region.

C. Configure one FastConnect virtual circuit to the us-ashburn-1 region and the second FastConnect
virtual circuit to the us-phoenix-1 region.

D. Configure one FastConnect virtual circuit to the us-ashburn-1 region and terminate them in diverse
hardware on-premises.

24. As a cloud infrastructure manager at a multinational company, you're tasked with optimizing data
transfer and backup strategies across different regions on Oracle Cloud Infrastructure (OCI). You
decide to utilize the Inter-Region Latency dashboard provided by OCI to gain insights into latency
between regions?
Why is the OCI Inter-Region Latency dashboard useful for your task?

A. It focuses solely on latency within your own tenancy ensuring accurate monitoring of data transfer.

B. It's designed for troubleshooting latency issues within your specific applications, providing targeted
insights for optimizing performance.

C. It offers a current and historical view of latency snapshots, enabling you to analyze up to a 30-day
history.

D. It provides real-time data specific to your tenancy's workloads.

25. A financial firm is designing an application architecture for its online trading platform that should
have high availability and fault tolerance.
Their solutions architect configured the application to use an Oracle Cloud Infrastructure (OCI) Object
Storage bucket located in the US West(us-phoenix-1) region to store large amounts of financial data.
The stored financial data in the bucket should not be impacted even if there is an outage in one of the
Availability Domains or a complete region.
What should the architect do to avoid any costly service disruptions and ensure data durability?

A. Create a new Object Storage bucket in another region and configure lifecycle policy to move data
every 5 days.

B. Copy the Object Storage bucket to a block volume.

C. Create a lifecycle policy to regularly send data from the Standard to Archive storage.

D. Create a replication policy to send data to a different bucket in another OCI region.

26. Which THREE capabilities are available with the Oracle Cloud Infrastructure (OCI) DNS service?

A. Viewing all zones

B. Creating and managing zones
C. Creating and managing records
D. Creating and managing Web Application Firewall (WAF) rules
E. Creating and managing Identity Access Management (IAM) policies
F. Creating and managing security lists

27. In an Object Storage bucket you have two objects named ObjectA and ObjectB. ObjectA was last
modified six months ago and ObjectB was modified 14 months ago. You create a retention rule and
specify a duration of 1 year.
What does the rule do?

A. It prevents the modification or deletion of ObjectA for the next 6 months and prevents the
modification or deletion of ObjectB for the next 2 months.

B. It prevents the modification or deletion of ObjectA for the next 6 months and allows the modification
or deletion of ObjectB

C. It prevents the modification or deletion of ObjectA for the next 12 months and prevents the
modification or deletion of ObjectB for the next 14 months.

D. It prevents the modification or deletion of ObjectA and ObjectB for the next 12 months.
28. Which statement is TRUE about restoring a volume from a block volume backup in the Oracle
Cloud Infrastructure (OCI) Block Volume service?

A. You can restore a volume from any full volume backup but not from an incremental backup.

B. You can restore a block volume backup to a larger volume size.

C. You can only restore a volume to the same availability domain in which the original block volume
resides

D. You can restore only one volume from a manual block volume backup.

29. Which THREE protocols are supported by the Oracle Cloud Infrastructure (OCI) private Network
Load Balancers?

A. ICMP
B. TCP
C. iSCSI
D. HTTP
E. UDP
F. BGP

30. What is the primary purpose of the Web Application Acceleration service offered by Oracle Cloud
Infrastructure (OCI)?

A. Encrypting HTTP traffic to ensure secure communication between clients and servers

B. Monitoring and analyzing HTTP traffic patterns to identify potential security vulnerabilities

C. Improving the reliability of layer 7 HTTP load balancers by implementing redundancy measures

D. Speeding up traffic on layer 7 HTTP load balancers through caching and compression techniques

31. Which TWO statements are NOT correct regarding the Oracle Cloud Infrastructure (OCI) burstable
instances?
A. Burstable instances cost less than regular instances with the same total OCPU count.
B. Burstable utilization is a fraction of each CPU core either 25% ог 75%.
C. Burstable instances are charged according to the baseline OCPU.
D. Burstable instances are designed for scenarios where an instance is not typically idle and has high
CPU utilization.
E. If the instance's average CPU utilization over the past 24 hours is below the baseline, the system
allows it to burst above the baseline.
32. Your company sells services to photographers where patrons can preview the photos that they
want prints for. To avoid unauthorized copies, the sample photos have lower resolution and are
watermarked. The photos are processed after they are uploaded. The process is fast but not
immediate. It creates samples and sends them to storage outside of the instances.
Which type of instance is ideal for a process like this, short lived and one that keeps the cost low?
A. Burstable instances
B. Spot instance
C. On-demand instances
D. Preemptible instances

33. Which statement accurately describes the key features and benefits of OCI Confidential
Computing?

A. It encrypts and isolates in-use data and the applications processing that data, thereby preventing
unauthorized access or modification.

B. It provides automatic scalability and load balancing capabilities. Which allow seamless integration
with other cloud providers.

C. It optimizes network performance and reduces latency through advanced routing algorithms and
caching mechanisms.

D. It enables users to securely store and retrieve data by using distributed file systems, ensuring high
availability and fault tolerance.

34. You create a file system and then add a 1 GB file. You then take a snapshot of the file system. After
the hourly update cycle is complete, the total meteredBytes shown by the File Storage service remain
at 1 GB you then overwrite the first 0.5 GB of the file.
What would be the total meteredBytes shown by the File Storage service after the hourly update cycle
is complete?

A. 0.5 GB

B. 1.5 GB

C. 1 GB

D. 2.5 GB
35. Which TWO statements about the Oracle Cloud Infrastructure (OCI) File Storage Service are
accurate?

A. File systems use Oracle-managed keys by default.

B. Mount targets use Oracle-managed keys by default

C. Communication with file systems in a mount target is encrypted via HTTPS.

D. Customer can encrypt the communication to a mount target via export options.

E. Customer can encrypt data in their file system using their own Vault encryption key.

36. You have objects stored in an OCI Object Storage bucket that you want to share with a partner
company. You decide to use pre-authenticated requests to grant access to the objects.
Which statement is true about pre-authenticated requests?

A. You need to provide your OCI credentials to the partner company.

B. You cannot edit a pre-authenticated request.

C. Deleting a pre-authenticated request does not revoke user access to the associated bucket or object.

D. Pre-authenticated requests can be used to delete buckets or objects.

37. You can attach resources to a Dynamic Routing Gateway (DRG).

Select THREE of these resources.

A. Virtual Circuits

B. Subnet

C. VNIC

D. Remote Peering Connections

E. Local Peering Connection

F. IPSec Tunnel
38. You have a block volume created in the US West (Phoenix) region. You enable Cross Region
Replication for the volume and selected US West (San Jose) as the destination region. Now, you would
like to create a new volume from the volume replica in the US West (San Jose) region.
What should you do?

A. Trigger the replica.

B. Active the replica.

C. Initiate the replica.

D. No action required. By default, the replica is available as a block volume.

39. Which of the following is a valid RFC 1918 CIDR prefix that can be used for creating an Oracle
Cloud Infrastructure (OCI) Virtual Cloud Network (VCN)?

Α. 192.268.0.0/24

Β. 192.168.0.0/16

C. 172.16.0.0/12

D. 10.0.0.0/8

Ε. 0.0.0.0/0

F. 189.215.154.89/32

40. You are working on an OCI tenancy where different teams manage
policies within their respective compartments. You notice that several
compartments have policies granting the same "manage virtual-
network-family" permissions to a central "NetworkAdmins" group.
What is the MOST efficient way to optimize these policies while
maintaining consistent access for "NetworkAdmins"?

A. Replace all "manage virtual-network-family" policies with more granular policies in each
compartment, specifying only the required "use" or "read" permissions for network resources.

B. Remove the redundant "manage virtual-network-family" policies from the child compartments,
relying on inheritance from the parent compartment.

C. Consolidate all "manage virtual-network-family" policies into a single statement attached to the root
compartment, explicitly listing each child compartment as a condition.

D. Implement a dynamic group membership system that automatically adds "NetworkAdmins" to the
relevant groups within each compartment, eliminating the need for compartment-specific policies.
41. You are using a custom application with third-party APIs to manage the application and data
hosted in an Oracle Cloud Infrastructure (OCI) tenancy. Although your third-party APIs do not support
OCI's signature-based authentication, you want them to communicate with OCI resources.
Which authentication option should you use to ensure this?

A. Auth Tokens

B. API Signing Key

C. SSH Key Pair with 2048-bit algorithm

D. OCI Username and Password

42. You have an instance running in Oracle Cloud Infrastructure (OCI) that cannot be live-migrated
during an infrastructure maintenance event. OCI schedules a maintenance due date within 14 to 16
days and sends you a notification.
What would happen if you choose not to proactively reboot the instance before the scheduled
maintenance due date?

A. You will receive another notification to reboot within the next 14 days.

B. You will receive another notification to reboot within the next 7 days.

C. The instance is reboot migrated for you.

D. The instance will get terminated.

43. What are the two types of capture filters that can be created for network monitoring?

A. Flow control capture filters and traffic capture filters

B. Flow log capture filters and packet capture filters

C. VTAP capture filters and network capture filters

D. Flow log capture filters and VTAP capture filters

44. As a network engineer responsible for managing the virtual network infrastructure on Oracle
Cloud Infrastructure (OCI) for your organization, you decide to utilize the Network Visualizer tool
provided by OCI.
Why is the Network Visualizer tool valuable for managing virtual network infrastructure OCI?

A. It generates automated reports on network performance metrics, facilitating decision-making for

optimizing network resources and bandwidth allocation.

B. It provides detailed information about the physical network components.

C. It visualizes the topology of all VCNs in a selected region and tenancy, allowing for a concise
understanding of their relationships and connections.

D. It offers real-time monitoring of network traffic, enabling proactive identification of security threats
and unauthorized access attempts.

45. Company XYZ is spending $300,000.00 USD per month in egress fees for 7 Petabytes (1 Petabyte
1000 Terabytes) that they consume for Outbound Data Transfer in North America with their current
cloud provider.
The company is seeking to lower that expense considerably without deducing consumption. You
propose migration to OCI because the Gigabyte Outbound Data Transfer in North America costs just
$0.0085 USD per month.
Which OCI, how much will they spend per month for 7 Petabytes of Outbound Data Transfer? (1
Terabyte 1000 Gigabytes)

A. $0.00 (free with OCI)

B. $59,415.00

C. $59,500.00

D. $150,000.00

46. Which two statements are TRUE about Private IP addresses in Oracle Cloud Infrastructure (OCI)?

A. By default, the primary VNIC of an instance in a subnet has one primary private IP address.

B. By default, the primary VNIC of an instance in a subnet has one primary private IP address and one
secondary private IP address.

C. Each VNIC can only have one private IP address.

D. A private IP can have an optional public IP assigned to it if it resides in a public subnet.

47. You install MySQL from binary archive and use the --initialize-insecure option to initialize the data
directory.
You have three compartments: ProjectA, ProjectB, and ProjectC. For each compartment, there is an
admin group set up: A-Admins, B-Admins, and C-Admins.
Each admin group has full access over their respective compartments as shown in the graphic below.
Your organization has set up a tag namespace, EmployeeGroup. Role and all your admin groups are
tagged with a value of 'Admin'.

You want to setup a Test compartment for members of the three projects to share. You also need to
provide admin access to all three of your existing admin groups.
Which policy would you write to accomplish this task?

A. Allow any-user to manage all-resources in compartment Test where

request.principal.group.tag.EmployeeGroup. Role-'Admin'

B. Allow dynamic-group to manage all-resources in compartment Test where

request.principal.group.tag. EmployeeGroup.Role-'Admin

C. Allow group any-group to manage all-resources in compartment Test where

request.principal.group.tag.EmployeeGroup.Role-'Admin'

D. Allow all-group to manage all-resources in compartment Test where

request.principal.group.tag.EmployeeGroup. Role-'Admin'
48. You need to set up instance principals so that an application running on an instance can call Oracle
Cloud Infrastructure (OCI) public services, without the need to configure user credentials or a
configuration file. A developer in your team has already configured the application build using an OCI
SDK to authenticate using the instance principals provider.
Which is NOT a necessary step to complete this set up?

A. Generate Auth Tokens to enable instances in the dynamic group to authenticate with APIs.

B. Deploy the application and the SDK to all the instances that belong to the dynamic group.

C. Create a dynamic group with matching rules to specify which instances can make API calls against
services.

D. Create a policy granting permissions to the dynamic group to access services in your compartment or
tenancy.

49. You plan to upload a large file (3 TiB) to Oracle Cloud Infrastructure (OCI) Object Storage. You
would like to minimize the impact of network failures while uploading, and therefore you decide to
use the multipart upload capability.
Which TWO statements are true about performing a multipart upload using the Multipart Upload API?

A. When you split the object into individual parts, each part can be as large as 50 GiB

B. While a multipart upload is still active, you can keep adding parts as long as the total number is less
than 10.000.

C. You do not need to split the object into parts. Object Storage splits the object into parts and uploads
all of the parts automatically.

D. You do not have to commit the upload after you have uploaded all the object parts.
50. As a network architect you have deployed a public subnet on your Virtual Cloud Network (VCN)
with this security list:

You also created a network security group (NSG) as show, and assigned it to your bastion host:

You have confirmed that routing is correct but when you SSH to the VM from your home over the
Internet, you are unable to connect.
What could be the problem?

A. SSH traffic is not allowed in the security list nor on the NSG from the Internet.

B. User will be able to the VM from the Internet as SSH is open on the NSG.

C. Internet traffic should be allowed only on the NSG.

D. Public subnet does not have a route to the Internet Gateway.