Oracle Cloud Infrastructure Architect Associate (1Z0-1072/1Z0-1072-20/1Z0-1072-21) Exam Questions and Answers – Page 2

The latest Oracle Cloud Infrastructure Architect Associate (1Z0-1072/1Z0-1072-20/1Z0-1072-21) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Oracle Cloud Infrastructure Architect Associate (1Z0-1072/1Z0-1072-20/1Z0-1072-21) exam and earn Oracle Cloud Infrastructure Architect Associate (1Z0-1072/1Z0-1072-20/1Z0-1072-21) certification.

Oracle Cloud Infrastructure Architect Associate (1Z0-1072/1Z0-1072-20/1Z0-1072-21) Exam Questions and Answers

Question 151

Question

Which three must be configured for a load balancer to accept incoming traffic? (Choose three.)

A. a listener
B. a back-end server
C. a back end set
D. a security list that is open on a listener port
E. a certificate

Answer

A. a listener
B. a back-end server
C. a back end set

Explanation

The essential components for load balancing include:

  • A load balancer with pre-provisioned bandwidth.
  • A backend set with a health check policy. See Managing Backend Sets.
  • Backend servers for your backend set. See Managing Backend Servers.
  • One or more listeners . See Managing Load Balancer Listeners.
  • Load balancer subnet security rules to allow the intended traffic. To learn more about these rules, see Security Rules.
  • Optionally, you can associate your listeners with SSL server certificate bundles to manage how your system handles SSL traffic. See Managing SSL Certificates

References

Oracle Cloud Infrastructure Documentation > Listener Management

Question 152

Question

Which two Oracle Cloud Infrastructure database services allow you to dynamically both scale CPU and storage? (Choose two.)

A. bare metal DB system
B. virtual machine DB system
C. Autonomous Data Warehouse (ADW)
D. Autonomous Transaction Processing (ATP)

Answer

C. Autonomous Data Warehouse (ADW)
D. Autonomous Transaction Processing (ATP)

Explanation

If a bare metal DB system requires more compute node processing power, you can scale up (increase) the number of enabled CPU cores in the system without impacting the availability of that system but you can’t increase the storage If the original DB system VM shape uses a single node, running databases on the DB system nodes are sequentially stopped and then restarted on the new shape so not dynamic

Question 153

Question

You have created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain application servers and the third subnet contains a DB System. The application requires a shared file system so you have provisioned one using the file storage service (FSS). You also created the corresponding mount target in one of the application subnets. The VCN security lists are properly configured so that both application servers and the DB System can access the file system. The security team determines that the DB System should have read-only access to the file system.
What change would you make to satisfy this requirement?

A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet.
B. Connect via SSH to one of the application servers where the file system has been mounted. Use the Unix command chmod to change permissions on the file system directory, allowing the database user read-only access.
C. Modify the security list associated with the subnet where the mount target resides. Change the ingress rules corresponding to the DB System subnet to be stateless.
D. Create an instance principal for the DB System. Write an Identity and Access Management (IAM) policy that allows the instance principal read-only access to the file storage service.

Answer

A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet.

Explanation

NFS export options enable you to create more granular access control than is possible using just security list rules to limit VCN access. You can use NFS export options to specify access levels blocks connecting to file systems through exports in a mount target.

Question 154

Question

You are running several Linux-based operating systems in your on .premises environment that you want to import to OCI as custom images. You can launch your imported images as OCI compute Virtual machines.
Which two modes below can be used to launch these imported Linux VMs?

A. Native
B. Mixed
C. Paravirtualized
D. Emulated

Answer

C. Paravirtualized
D. Emulated

Explanation

You can use the Console or API to import exported images from Object Storage. To import an image, you need read access to the Object Storage object containing the image. During the Import you can select the Launch mode:

For custom images where the image format is .oci, Oracle Cloud Infrastructure selects the applicable launch mode based on the launch mode for the source image.

For custom images exported from Oracle Cloud Infrastructure where the image type is QCOW2, select Native Mode.

To import other custom images select Paravirtualized Mode or Emulated Mode. For more information, see Bring Your Own Image (BYOI).

These Linux distributions support custom image import:

Linux DistributionSupport VersionPreferred Launch Mode
CentOS7 or laterParavirtualized
CentOS4.0, 4.8, 5.11, 6.9Emulated
CoreOS Container Linux
Note: The end-of-support date for CoreOS Container Linux is May 26, 2020. You should migrate your workloads to another operating system to remain secure.
2345.3.0 or laterParavirtualized
Debian8 or laterParavirtualized
Debian5.0.10, 6.0, 7Emulated
FreeBSD12 or laterParavirtualized
FreeBSD8, 9, 10, 11Emulated
openSUSE Leap15.1Paravirtualized
Oracle Linux7 or laterParavirtualized
Oracle Linux4.5, 4.8, 5.8, 5.11, 6.5, 6.9Emulated
RHEL7 or laterParavirtualized
RHEL4.5, 5.5, 5.6, 5.9, 5.11, 6.5, 6.9Emulated
SUSE12.27 or laterParavirtualized
SUSE11, 12.1Emulated
Ubuntu13.047 or laterParavirtualized
Ubuntu12.04Emulated

Question 155

Question

Which two statements are true about Oracle Cloud Infrastructure Compute Service? (Choose two.)

A. You can launch a virtual or bare metal instance by using the same LaunchInstance API.
B. You cannot launch a bare metal server in Oracle Cloud Infrastructure Compute Service.
C. You can attach a block volume in an Availability Domain other than your compute instance.
D. You can share custom images across tenancies and regions.

Answer

A. You can launch a virtual or bare metal instance by using the same LaunchInstance API.
D. You can share custom images across tenancies and regions.

Explanation

Regions and Availability Domains
Volumes are only accessible to instances in the same availability domain.
You cannot move a volume between availability domains or regions.

References

Question 156

Question

You have an application server that needs to copy data on Oracle Cloud Infrastrucutre (OCI) object storage in the same region. You have created a service gateway for OCI object storage in your virtual cloud network (VCN) and modified security lists associated with the subnet to allow traffic to the service gateway. You are able to connect to the OCI object storage, however, you notice that the connectivity is over the Internet instead of the service gateway.
What is the reason for this behavior?

A. The route table associated with the subnet has no route rule where the destination is object storage service
B. The service gateway created in the VCN resides in a different availability domain
C. The security list associated with the subnet has an egress rule that allows all traffic to be forwarded to a destination CIDR 0.0.0.0/0
D. Identity and Access Management (IAM) policies restrict the access to the object storage bucket

Answer

A. The route table associated with the subnet has no route rule where the destination is object storage service

Question 157

Question

A company currently uses Microsoft Active Directory as its identity provider. The company recently purchased Oracle Cloud Infrastructure (OCI) to leverage the cloud platform for its test and development operations. As the administrator, you are now tasked with giving access only to developers so that they can start creating resources in their OCI accounts.
Which step will you perform to achieve this requirement?

A. Create a group for developers on OCI and map the group to a similar group in Microsoft Active Directory during the federation process.
B. Federate all Microsoft Active Directory groups with OCI to allow users to use their existing credentials.
C. Create a new user account for each user, and then create policies to provide access to developers.
D. Create a group for developers on OCI, export all the developers from Microsoft Active Directory, and then import them into the Identity and Access Management (IAM) group.

Answer

A. Create a group for developers on OCI and map the group to a similar group in Microsoft Active Directory during the federation process.

Question 158

Question

Which two statements are true about Oracle Cloud Infrastructure IPSec VPN Connect?

A. Each OCI IPSec VPN consists of multiple redundant IPSec tunnels
B. OCI IPSec VPN tunnel supports only static routes to route traffic
C. OCI IPSec VPN can be configured in tunnel mode only
D. OCI IPSec VPN can be configured in trans port mode only

Answer

A. Each OCI IPSec VPN consists of multiple redundant IPSec tunnels
C. OCI IPSec VPN can be configured in tunnel mode only

Explanation

VPN Connect provides a site-to-site IPSec VPN between your on-premises network and your virtual cloud network (VCN). The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.

On general, IPSec can be configured in the following modes:

  • Transport mode: IPSec encrypts and authenticates only the actual payload of the packet, and the header information stays intact.
  • Tunnel mode (supported by Oracle): IPSec encrypts and authenticates the entire packet. After encryption, the packet is then encapsulated to form a new IP packet that has different header information.

Oracle Cloud Infrastructure supports only the tunnel mode for IPSec VPNs.

Each Oracle IPSec VPNconsists of multiple redundant IPSec tunnels. For a given tunnel, you can use either Border Gateway Protocol (BGP) dynamic routing or static routing to route that tunnel’s traffic. More details about routing follow.

IPSec VPN site-to-site tunnels offer thefollowing advantages:

  • Public internet lines are used to transmit data, so dedicated, expensive lease lines from one site to another aren’t necessary.
  • The internal IP addresses of the participating networks and nodes are hidden from external users.
  • The entire communication between the source and destination sites is encrypted, significantly lowering the chances of information theft.

Question 159

Question

Which five are the required parameters to launch an instance in Oracle Cloud Infrastructure? (Choose five.)

A. subnet
B. Availability Domain
C. Virtual Cloud Network
D. host name
E. instance shape
F. image operating system
G. private IP address

Answer

A. subnet
B. Availability Domain
C. Virtual Cloud Network
E. instance shape
F. image operating system

References

Oracle Cloud Infrastructure Documentation > Overview of the Compute Service

Question 160

Question

You want an Oracle Cloud Infrastructure (OCI) compute instance in your compartment to make API calls to other services within OCI without storing credentials in a configuration file.
What do you need to do?

A. Create a dynamic group with appropriate matching rules to include the instance, and reference this group in your IAM policy statement
B. Instances cannot access services outside their compartment
C. VM instances are treated as users. Create a user, assign the user to that VM instance, and reference the instance in your Identity and Access Management (IAM) policy statement
D. By default, all VM instances are created with an instance principal. Reference this instance principal in your IAM policy statement

Answer

A. Create a dynamic group with appropriate matching rules to include the instance, and reference this group in your IAM policy statement