The latest Oracle Cloud Infrastructure Architect Associate (1Z0-1072/1Z0-1072-20/1Z0-1072-21) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Oracle Cloud Infrastructure Architect Associate (1Z0-1072/1Z0-1072-20/1Z0-1072-21) exam and earn Oracle Cloud Infrastructure Architect Associate (1Z0-1072/1Z0-1072-20/1Z0-1072-21) certification.
Table of Contents
- Exam Question 21
- Question
- Answer
- Explanation
- Exam Question 22
- Question
- Answer
- Exam Question 23
- Question
- Answer
- Exam Question 24
- Question
- Answer
- References
- Exam Question 25
- Question
- Answer
- References
- Exam Question 26
- Question
- Answer
- Question 27
- Question
- Answer
- Explanation
- References
- Question 28
- Question
- Answer
- References
- Question 29
- Question
- Answer
- Question 30
- Question
- Answer
Exam Question 21
Question
A customer launched a compute instance in the Virtual Cloud Network (VCN), which has an internet gateway, a service gateway, a default security lists and a default route table. The customer opened up Port 22 in the security lists attached to the compute instance subnet, however is still unable to connect to compute instances using SSH. Which action can resolve this issue?
A. Modify the security list associated with the VCN subnet in which the instance resides. Add a stateful egress rule to allow ICMP traffic in addition to the port 22.
B. Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table:
Destination CIDR: 0.0.0.0/0
Target: Service Gateway (SGW)
C. Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table:
Destination CIDR: 0.0.0.0/0
Target: Dynamic Routing Gateway (DRG)
D. Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table:
Destination CIDR: 0.0.0.0/0
Target: Internet Gateway (IGW)
Answer
A. Modify the security list associated with the VCN subnet in which the instance resides. Add a stateful egress rule to allow ICMP traffic in addition to the port 22.
Explanation
You create an internet gateway in the context of a specific VCN. In other words, the internet gateway is automatically attached to a VCN. However, you can disable and re-enable the internet gateway at any time.
For traffic to flow between a subnet and an internet gateway, you must create a route rule accordingly in the subnet’s route table (for example, destination CIDR = 0.0.0.0/0 and target = internet gateway). If the internet gateway is disabled, that means no traffic will flow to or from the internet even if there’s a route rule that enables that traffic.
For the purposes of access control, you must specify the compartment where you want the internet gateway to reside. If you’re not sure which compartment to use, put the internet gateway in the same compartment as the cloud network.
Exam Question 22
Question
Your customer is using an Oracle Cloud Infrastructure (OCI) compartment named Production that hosts several resources such as compute instances, DB Systems and File Systems. Each resource in the Production compartment is tagged. The customer’s security team wants to restrict access to DB Systems to only the authorized group of DBAs. Which OCI Tagging capability can be used to meet this requirement?
A. Tags Defaults with predefined values
B. Tag Defaults
C. Cost-Tracking Tags
D. Tag-based Access Control
Answer
D. Tag-based Access Control
Exam Question 23
Question
You have an application server running in a public subnet on a compute instance in US West (us-phoenix-1) region of Oracle Cloud Infrastructure (OCI). The data sitting on this instance needs to be copied to OCI Object storage bucket available in the same region without traversing over the internet. To enable the connectivity between the instance and Object Storage, you created a service gateway with service CIDR of all Object Storage in us-phoenix-1 enabled. You also modified the security rules to allow the desired traffic. However, when you tried sending the data to the Object Storage bucket, you notice that the data is going over the internet and not via the service gateway. What could be the possible reason for this behavior?
A. Identity and Access Management (IAM) policies restrict the access to the object storage bucket.
B. The service gateway created in the VCN resides in a different availability domain.
C. The security list associated with the subnet has an egress rule that allows all traffic to be forwarded to a destination CIDR 0.0.0.0/0.
D. The route table associated with the subnet has no route rule where the destination is object storage service.
Answer
D. The route table associated with the subnet has no route rule where the destination is object storage service.
Exam Question 24
Question
You are responsible for creating and maintaining an enterprise application that consists of multiple storage volumes across multiple compute instances in Oracle Cloud Infrastructure (OCI). The storage volumes include boot volumes and block volumes for your data storage. You need to create backups of these storage volumes in the most time-efficient manner. How can you meet this requirement?
A. Create clones of all boot volumes and block volumes one at a time.
B. Create on-demand full backups of boot volumes, and copy data in block volumes to Object Storage using OCI CLI.
C. Create on-demand full backups of block volumes, and create custom images from the boot volumes.
D. Group together multiple storage volumes in a volume group and create volume group backups.
Answer
D. Group together multiple storage volumes in a volume group and create volume group backups.
References
Oracle Cloud Infrastructure Documentation > Volume Groups
Exam Question 25
Question
As an Oracle Cloud Infrastructure tenancy administrator, you created predefined lists of values and associated them with tag key definitions. One of the users in your tenancy complains that she cannot see these predefined values. What is causing this issue?
A. The user is trying to use free-form tags.
B. Some of the predefined values are null.
C. The user is not part of an Identity and Access Management group that gives access to tagging.
D. The user has breached either the quota or service limit for using tags.
Answer
A. The user is trying to use free-form tags.
References
Oracle Cloud Infrastructure Documentation > Using Predefined Values
Exam Question 26
Question
You are working for a financial institution that is currently running two web applications in Oracle Cloud Infrastructure (OCI). All resources were created in the root compartment. Your manager asked you to deploy new resources to support a proof-of-concept (PoC) for Oracle FlexCube. You must ensure that the FlexCube resources are secured and cannot be affected by the team that manages the two web applications. Which two tasks should you complete to ensure the required security of your resources? (Choose two.)
A. Create a new compartment for the two web applications and move the existing resources into the compartment. Deploy the FlexCube application into the root compartment. Create a new policy in the root compartment that gives the FlexCube project team the ability to manage all resources in the tenancy.
B. Create a new policy in the root compartment for the FlexCube project team. Assign a policy statement that grants the FlexCube project team the ability to manage all resources in the tenancy, where a specific tag key and tag value are present.
C. Create a Tag Default within the root compartment with a default value of ${iam.principle.name} so that each new resource created is tagged with the name of the person who created it. Create a new IAM policy that allows users to only modify resources they created.
D. Create a new compartment for the two web applications and move the existing resources into this compartment. Modify the existing policy for the team that manages these applications so that the scope of access is defined as this new compartment.
E. Create a new compartment for the FlexCube application deployment. Create a policy in this compartment for the project team that gives them the ability to manage all resources within the scope of this compartment.
Answer
C. Create a Tag Default within the root compartment with a default value of ${iam.principle.name} so that each new resource created is tagged with the name of the person who created it. Create a new IAM policy that allows users to only modify resources they created.
D. Create a new compartment for the two web applications and move the existing resources into this compartment. Modify the existing policy for the team that manages these applications so that the scope of access is defined as this new compartment.
Question 27
Question
When terminating a compute instance, you want to preserve the boot volume and its data.
Which step will you need to perform?
A. You cannot preserve the boot volume; it will always be deleted when you terminate the instance.
B. Reboot the instance first, and then terminate the instance.
C. Disable the default option to delete the boot volume when terminating an instance.
D. Before terminating the instance, you must detach the boot volume.
Answer
C. Disable the default option to delete the boot volume when terminating an instance.
Explanation
The dialog will show you when you terminate the instance. If you want to preserve the boot volume associated with the instance, uncheck Permanently delete the attached Boot Volume.
References
Oracle Cloud Infrastructure Documentation > Terminating an Instance
Question 28
Question
An instance is launched with a primary VNIC that is created during instance launch.
Which two operations are true when you add secondary VNICs to an existing instance? (Choose two.)
A. You can remove the primary VNIC after the secondary VNIC’s attachment is complete.
B. You can remove the secondary VNIC later if it is not needed.
C. The primary and secondary VNIC association should be within the same Availability Domain.
D. It is not possible to connect two VNICs to an instance.
Answer
B. You can remove the secondary VNIC later if it is not needed.
C. The primary and secondary VNIC association should be within the same Availability Domain.
References
Oracle Cloud Infrastructure Documentation > Virtual Network Interface Cards (VNICs)
Question 29
Question
Which does NOT set a variable in Terraform?
A. Passing the variable with a var statement to Terraform
B. Setting the variable as key value pairs in a file in a subdirectory named tfvar
C. A default value in the variable declaration within a TF plan file
D. Setting the environment variable using a TF_VAR_ predicate in front of the variable name
Answer
B. Setting the variable as key value pairs in a file in a subdirectory named tfvar
Question 30
Question
Which two are NOT an image source when launching a new compute instance? (Choose two.)
A. boot volume
B. custom image
C. Object Storage
D. bare metal instance
Answer
C. Object Storage
D. bare metal instance