Oracle Cloud Infrastructure Architect Associate (1Z0-1072/1Z0-1072-20/1Z0-1072-21) Exam Questions and Answers - Page 2 - Page 2 of 10

The latest Oracle Cloud Infrastructure Architect Associate (1Z0-1072/1Z0-1072-20/1Z0-1072-21) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Oracle Cloud Infrastructure Architect Associate (1Z0-1072/1Z0-1072-20/1Z0-1072-21) exam and earn Oracle Cloud Infrastructure Architect Associate (1Z0-1072/1Z0-1072-20/1Z0-1072-21) certification.

Oracle Cloud Infrastructure Architect Associate (1Z0-1072/1Z0-1072-20/1Z0-1072-21) Exam Questions and Answers

Question 111

Question

You have a shared file system between two web servers using File Storage Service (FSS) and you were tasked to create a backup plan for this environment to protect the data placed into the shared file system.
What is the recommended approach to create this backup using FSS features?

A. Implement a backup policy to execute a snapshot of the shared volume.
B. Implement a backup policy to copy data from the shared volume to object storage.
C. Compress the data that is in the shared volume and copy it into a different folder on the boot volume disk.
D. Use the rsync tool to send data from the shared volume to a boot volume disk.
E. Use the rsync tool to send data from the shared volume to a block volume.

Answer

A. Implement a backup policy to execute a snapshot of the shared volume.

Question 112

Question

Which is a customer’s responsibility on an Oracle Cloud Infrastructure database?

A. patching the database and OS
B. creating the first default database on the DBCS server
C. creating an ASM diskgroup for data file or temp file storage
D. installing the operating system (OS), Grid Infrastructure, and database software

Answer

A. patching the database and OS

Explanation

On autonomous there’s no patching needed. But on the regular DB Cloud services you need to patch the DB and the OS. During the creation on the OCDB the first DB is created automatically Oracle automatically takes care of Operating System Installation/Configuration, Grid Infrastructure, ASM diskgroup Creation/Configuration, and database software Installation and first database on the DB System. that’s all when Creating DB Systems, and then the customer responsible to apply the patches to the database and OS

Question 113

Question

You are designing a two-tier web application in Oracle Cloud Infrastructure (OCI). Your clients want to access the web servers from anywhere, but want to prevent access to the database servers from the Internet.
Which is the recommended way to design the network architecture?

A. Create public subnets for web servers and private subnets for database servers in your virtual cloud network (VCN), and associate separate internet gateways for each subnet.
B. Create public subnets for web servers and associate a dynamic routing gateway with that subnet, and a private subnet for database servers with no association to dynamic gateway.
C. Create public subnets for web servers and private subnets for database servers in your VCN, and associate separate security lists and route tables for each subnet.
D. Create a single public subnet for your web servers and database servers, and associate only your web servers to internet gateway.

Answer

C. Create public subnets for web servers and private subnets for database servers in your VCN, and associate separate security lists and route tables for each subnet.

Explanation

When you create a subnet, by default it’s considered public, which means instances in that subnet are allowed to have public IP addresses. Whoever launches the instance chooses whether it will have a public IP address.
You can override that behavior when creating the subnet and request that it be private, which means instances launched in the subnet are prohibited from having public IP addresses. Network administrators can therefore ensure that instances in the subnet have no internet access, even if the VCN has a working internet gateway, and security rules and firewall rules allow the traffic.
There are two optional gateways (virtual routers) that you can add to your VCN depending on the type of internet access you need:

Internet gateway: For resources with public IP addresses that need to be reached from the internet (example: a web server) or need to initiate connections to the internet.
NAT gateway: For resources without public IP addresses that need to initiate connections to the internet (example: for software updates) but need to be protected from inbound connections from the internet.

Just having an internet gateway alone does not expose the instances in the VCN’s subnets directly to the internet. The following requirements must also be met:

The internet gateway must be enabled (by default, the internet gateway is enabled upon creation).
The subnet must be public.
The subnet must have a route rule that directs traffic to the internet gateway.
The subnet must have security list rules that allow the traffic (and each instance’s firewall must allow the traffic).
The instance must have a public IP address.

Question 114

Question

A customer has launched a compute Instance in the Virtual Cloud Network (VCN), which has an Internet gateway, a service gateway, a default security lists and a default route table. Customer has opened up Port 22 in the security lists attached to the compute instance subnet, however is still unable to connect to compute instances using ssh.
Which option would remedy this situation?

A. Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table. Destination CIDR: 0.0.0.0/0 Target: Internet Gateway (IGW)
B. Modify the security list associated with the VCN subnet in which the instance resides. Add a stateful egress rule to allow ICMP traffic in addition to the port 22.
C. Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table. Destination CIDR: 0.0.0.0/0 Target: Dynamic Routing Gateway (DRG)
D. Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table. Destination CIDR: 0.0.0.0/0 Target: Service Gateway (SGW)

Answer

A. Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table. Destination CIDR: 0.0.0.0/0 Target: Internet Gateway (IGW)

Explanation

You create an internet gateway in the context of a specific VCN. In other words, the internet gateway is automatically attached to a VCN. However, you can disable and re-enable the internet gateway at any time.
For traffic to flow between a subnet and an internet gateway, you must create a route rule accordingly in the subnet’s route table (for example, destination CIDR = 0.0.0.0/0 and target = internet gateway). If the internet gateway is disabled, that means no traffic will flow to or from the internet even if there’s a route rule that enables that traffic.
For the purposes of access control, you must specify the compartment where you want the internet gateway to reside. If you’re not sure which compartment to use, put the internet gateway in the same compartment as the cloud network.

Question 115

Question

Which storage would you use if your big data workload requires shared access and an NFS based interface?

A. File Storage
B. Storage Software Cloud Appliance
C. Object Storage
D. Archive Storage
E. Block Volume

Answer

A. File Storage

Explanation

The File Storage service is designed to meet the needs of applications and users that need an enterprise file system across a wide range of use cases, including the following:

General Purpose File Storage: Access to an unlimited pool of file systems to manage growth of structured and unstructured data.
Big Data and Analytics: Run analytic workloads and use to store persistent data.
Lift and Shift of Enterprise Applications: Migrate existing Oracle applications that need NFS storage, such as Oracle E-Business Suite and PeopleSoft.
Databases and Transactional Applications: Run test and development workloads with Oracle, MySQL, or other databases.
Backups, Business Continuity, and Disaster Recovery: Host a secondary copy of relevant file systems from on premises to the cloud for backup and disaster recovery purposes.
MicroServices and Docker: Deliver stateful persistence for containers. Easily scale as your container-based environments grow.

References

Oracle Cloud Infrastructure Documentation > Overview of File Storage

Question 116

Question

Which three are default Virtual Cloud Network (VCN) components? (Choose three.)

A. Security List
B. Dynamic Routing Gateway
C. DHCP options
D. Internet Gateway
E. Route Table

Answer

A. Security List
C. DHCP options
E. Route Table

Explanation

(1) => Populated by Default
(0) => Not Populated by Default
Resources
Subnets (0)
Route Tables (1)
Internet Gateways (0)
Dynamic Routing Gateways (0)
Network Security Groups (0)
Security Lists (1)
DHCP Options (1)
Local Peering Gateways (0)
NAT Gateways (0)
Service Gateways (0)

Question 117

Question

Which two statements are true about an Oracle Cloud Infrastructure object storage bucket? (Choose two.)

A. You can associate a bucket with multiple compartments
B. You cannot change a bucket from private to public after it is created
C. You can associate a bucket with only a single compartment
D. You cannot edit or append data to an object, but you can replace the entire object

Answer

C. You can associate a bucket with only a single compartment
D. You cannot edit or append data to an object, but you can replace the entire object

Explanation

A bucket is associated with a single compartment.
You can’t edit or append data to an object, but you can replace the entire object.

References

Oracle Cloud Infrastructure Documentation > Managing Buckets

Question 118

Question

You have an application running on Oracle Cloud Infrastructure. You Identified that the read and write operations are slowing your application down enough to impair user access. The application is currently using a VM.Standard2.1 compute without any block storage attached to it.
Which two options allow you to increase disk IOPS performance?

A. Terminate the compute instance preserving the boot volume. Create a new compute instance using the VM.DenseI02.8 shape using the boot volume preserved and use the NVMe devices to host your application.
B. Terminate the compute instance preserving the boot volume. Create a new compute instance using the VM.Standard2.2 shape using the boot volume preserved and attach a new block volume to host your application.
C. Terminate the compute instance preserving the boot volume. Create a new compute instance using the VM.Standard2.2 shape using the boot volume preserved, but no block volume attached.
D. Terminate the compute instance preserving the boot volume. Create a new compute instance using the BM.GPU2.2 shape using the boot volume preserved, but no block volume attached.

Answer

Question 119

Question

You need to transfer over 12 TB of data from on-premises to your cloud account. You started copying this data over the internet and noticed that it will take too long to complete.
Without increasing the costs of your subscription, what is the recommended way to send this amount of data to your cloud account?

A. Use Data Transfer Service to send your data.
B. Split the data into multiple parts and use the multipart tool.
C. Use a 10 GB FastConnect line to send the data.
D. Send the data over a VPN IPsec tunnel.
E. Compress the data and use the multipart tool.

Answer

A. Use Data Transfer Service to send your data.

Explanation

Overview of Data Transfer Service
Oracle offers offline data transfer solutions that let you migrate data to Oracle Cloud Infrastructure. Moving data over the public internet is not always feasible due to high network costs, unreliable network connectivity, long transfer times, and security concerns. Our transfer solutions address these pain points, are easy to use, and provide significantly faster data upload compared to over-the-wire data transfer.

References

Oracle Cloud Infrastructure Documentation > Overview of Data Transfer Service

Question 120

Question

Which option lists Virtual Cloud Networks (VCNs) that can be peered?

A. VCN A (172.16.0.0/24) and VCN B (172.16.0.0/28)
B. VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16)
C. VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25)
D. VCN A (10.0.0.0/16) and VCN B (10.0.16.0/24)

Answer

B. VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16)

Explanation

A policy statement must specify the compartment for which access is being granted (or the tenancy).Where you create the policy determines who can update the policy. If you attach the policy to thecompartment or its parent, you can simply specify the compartment name. If you attach the policyfurther up the hierarchy, you must specify the path. The format of the path is each compartmentname (or OCID) in the path, separated by a colon: <compartment_level_1>:<compartment_level_2>: . . . <compartment_level_n>
For example, assume you have a three-level compartment hierarchy, shown here:

You want to create a policy to allowNetworkAdmins to manage VCNs in CompartmentC. If you want to attach this policy to CompartmentC or to its parent, CompartmentB, write this policy statement:
Allow group NewtworkAdmins to manage virtual-network-family in compartment CompartmentC
However, if you want to attach this policy to CompartmentA (so that only administrators of CompartmentA can modify it), write this policy statement that specifies the path:
Allow group NewtworkAdmins to manage virtual-network-family in compartmentCompartmentB:CompartmentC
To attach this policy to the tenancy, write this policy statement that specifies the path from CompartmentA to CompartmentC:
Allow group NewtworkAdmins to manage virtual-network-family in compartment CompartmentA:CompartmentB:CompartmentC