Learn which statements about Oracle Cloud Infrastructure Audit service are invalid. Understand OCI audit limitations, retention periods, and what changes are captured in audit logs for the 1z0-1072-22 exam.
Table of Contents
Question
Which is NOT a valid statement regarding the Oracle Cloud Infrastructure (OCI) Audit service?
A. Audit logs are displayed for Compartments.
B. Changes within the objects stored in an Object Storage bucket are collected as Audit logs.
C. Audit service can record REST API calls executed by a custom client.
D. Retention period for Audit logs is 365 days and it cannot be changed.
Answer
B. Changes within the objects stored in an Object Storage bucket are collected as Audit logs.
Explanation
Why Option B is Incorrect
This statement is NOT valid because the Oracle Cloud Infrastructure Audit service has specific limitations regarding Object Storage monitoring. The OCI Audit service supports logging for bucket-related events, but not for object-related events. This means that while the Audit service can track actions like creating, deleting, or modifying bucket configurations, it does not capture changes made to individual objects within those buckets.
Analysis of Other Options
Option A: Audit logs are displayed for Compartments – This is VALID. The OCI Audit service can display audit logs organized by compartments, allowing administrators to view activities within specific organizational boundaries.
Option C: Audit service can record REST API calls executed by a custom client – This is VALID. The Audit service automatically records calls to all supported Oracle Cloud Infrastructure public API endpoints, including those made by custom clients, the Console, CLI, SDKs, and other OCI services.
Option D: Retention period for Audit logs is 365 days and it cannot be changed – This statement has been a source of confusion in exam discussions. However, based on Oracle documentation, the audit log retention period can be configured, making this statement potentially invalid as well. The default retention period can be set to 365 days as a best practice, but it is configurable.
Key Points About OCI Audit Service
The Oracle Cloud Infrastructure Audit service:
- Automatically records API calls to public endpoints
- Captures information including caller ID, target resource, timestamps, and request/response parameters
- Logs activities from Console, CLI, SDK, custom clients, and other OCI services
- Does not track changes to objects within Object Storage buckets
- Can be configured for different retention periods
- Supports viewing logs by compartments and other organizational structures
This distinction between bucket-level events versus object-level events is crucial for understanding the scope and limitations of OCI’s audit capabilities, making option B the definitively incorrect statement.
Oracle Cloud Infrastructure 2022 Architect Associate (1z0-1072-22) certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Oracle Cloud Infrastructure 2022 Architect Associate (1z0-1072-22) exam and earn Oracle Cloud Infrastructure 2022 Architect Associate (1z0-1072-22) certification.