1Z0-1067-22 Online Practice Questions and Answers

You have created a group for several auditors. You assign the following policies to the group:

What actions are the auditors allowed to perform within your tenancy? (Choose the best answer.)

A. The Auditors can view resources in the tenancy.

B. Auditors are able to create new instances in the tenancy.

C. The Auditors are able to delete resource in the tenancy.

D. Auditors are able to view all resources in the compartment.

One of the compute instances that you have deployed on Oracle Cloud Infrastructure (OCI) is malfunctioning. You have created a console connection to remotely troubleshoot it.

Which two statements about console connections are TRUE? (Choose two.)

A. It is not possible to use VNC console connections to connect to Bare Metal Instances.

B. VNC console connection uses SSH port forwarding to create a secure connection from your local system to the VNC server attached to your instance's console.

C. It is not possible to connect to the serial console to an instance running Microsoft Windows, however VNC console connection can be used.

D. For security purpose, the console connection will not let you edit system configuration files.

E. If you do not disconnect from the session, your serial console connection will automatically be terminated after 24 hours.

You are asked to deploy a new application that has been designed to scale horizontally. The business stakeholders have asked that the application be deployed in us-phoenix-1.

Normal usage requires 2 OCPUs. You expect to have few spikes during the week, that will require up to 4 OCPUs, and a major usage uptick at the end of each month that will require 8 OCPUs.

What is the most cost-effective approach to implement a highly available and scalable solution? (Choose the best answer.)

A. Create an instance pool with a VM.Standard2.2 shape instance configuration. Setup the autoscaling configuration to use 2 availability domains and have a minimum of 2 instances, to handle the weekly spikes, and a maximum of 4 instances.

B. Create an instance with 1 OCPU shape. Use the Resize Instance action to scale up to a larger shape when more resources are needed.

C. Create an instance with 1 OCPU shape. Use a CLI script to clone it when more resources are needed.

D. Create an instance pool with a VM.Standard2.1 shape instance configuration. Setup the autoscaling configuration to use 2 availability domains and have a minimum of 2 instances and a maximum of 8 instances.

You have been monitoring your company's applications running in Oracle Cloud Infrastructure (OCI) and notice that the application is using OCI Traffic Management service. This service uses a traffic steering policy to distribute the DNS traffic based on subnet addresses in a rule set.

Which steering policy is in use in this particular case? (Choose the best answer.)

A. Load Balancing policy

B. Geolocation steering

C. ASN steering policy

D. IP Prefix steering

You are working with Terraform on your laptop and have been tasked with spinning up multiple compute instances in Oracle Cloud Infrastructure (OCI) for a project. In addition, you are also required to collect IP

addresses of provisioned instances and write them to a file and save it in your laptop. Which specific Terraform functionality can help accomplish this task? (Choose the best answer.)

A. Terraform modules

B. Terraform remote state

C. Terraform local-exec

D. Terraform remote-exec

You have set an alarm to be generated when the CPU usage of a specified instance is greater than 10%. In the alarm behavior view below you notice that the critical condition happened around 23:30. You were expecting a notification after 1 minute, however, the alarm firing state did not begin until 23:33.

What should you change to fix it? (Choose the best answer.)

A. Change the alarm's metric interval to 1.

B. Change the alarm condition to be grater than 3%.

C. Change the notification topic that you previously associated with the alarm.

D. Change the alarm's trigger delay minutes value to 1.

You have ordered two FastConnect connections that provide a high availability connection architecture between your on-premises data center and Oracle Cloud Infrastructure (OCI). You want to run these connections in an ACTIVE/PASSIVE architecture.

How can you accomplish this? (Choose the best answer.)

A. Decrease the prefix length of AS for the FastConnect you want to use as PASSIVE connection.

B. Enable BGP on the FastConnect that you want as the ACTIVE connection.

C. Use AS PATH prepending with your routes.

D. Adjust one of the connections to have a higher ASN.

You are using Oracle Cloud Infrastructure (OCI) services across several regions: us-phoenix-1, usashburn-1, uk-london-1 and ap-tokyo-1. You have creates a separate administrator group for each region: PHX-Admins, ASH-Admins, LHR-Admins and NRT-Admins, respectively.

You want to restrict admin access to a specific region. E.g., PHX-Admins should be able to manage all resources in the us-phoenix-1 region only and not any other OCI regions.

What IAM policy syntax is required to restrict PHX-Admins to manage OCI resources in the us-phoenix-1 region only? (Choose the best answer.)

A. Allow group PHX-Admins to manage all-resources in tenancy where request.region= ‘phx’

B. Allow group PHX-Admins to manage all-resources in tenancy where request.permission= ‘phx’

C. Allow group PHX-Admins to manage all-resources in tenancy where request.target= ‘phx’

D. Allow group PHX-Admins to manage all-resources in tenancy where request.location= ‘phx’

Which statement about Oracle Cloud Infrastructure paravirtualized block volume attachments is TRUE? (Choose the best answer.)

A. Paravirtualized volumes may reduce the maximum IOPS performance for larger block volumes.

B. Paravirtualized is required to manage iSCSI configuration for virtual machine instances.

C. Paravirtualized volumes become immediately available on bare metal compute instances.

D. Paravirtualization utilizes the internal storage stack of compute instance OS and network hardware virtualization to access block volumes.

You have a group pf developers who launch multiple VM.Standard2.2 compute instances every day into the compartment Dev. As a result, your OCI tenancy quickly hit the service limit for this shape. Other groups can no longer create new instances using VM.Standard2.2 shape.

Because of this, your company has issued a new mandate that the Dev compartment must include a quota to allow for use of only 20 VM.Standard2.2 shapes per Availability Domain. Your solution should not affect any other compartment in the tenancy.

Which quota statement should be used to implement this new requirement? (Choose the best answer.)

A. set compute quota vm-standard2–2count to 10 in compartment dev where request.region = usphoenix–1

B. set compute quota vm-standard2–2–count to 20 in compartment dev

C. zero compute quotas in tenancy set compute quota vm–standard2–2–count to 20 in compartment dev

D. zero compute quotas in tenancy set compute quota vm–standard2–2–count to 20 in tenancy dev

You set up a bastion host in your VCN to only allow your IP address (140.19.2.140) to establish SSH connections to your Compute Instances that are deployed in a private subnet. The Compute Instances have an attached Network Security Group with a Source Type: Network Security Group (NSG), Source NSG: NSG-050504. To secure the bastion host, you added the following ingress rules to its Network Security Group:

However, after checking the bastion host logs, you discovered that there are IP addresses other than your own that can access your bastion host.

What is the root cause of this issue? (Choose the best answer.)

A. The Security List allows access to all IP address which overrides the Network Security Group ingress rules.

B. All compute instances associated with NSG-050504 are also able to connect to the bastion host.

C. The port 22 provides unrestricted access to 140.19.2.140 and to other IP address.

D. A netmask of /32 allows all IP address in the 140.19.2.0 network, other than your IP 140.19.2.140

You are asked to implement the disaster recovery (DR) and business continuity requirements for Oracle Cloud Infrastructure (OCI) Block Volumes. Two OCI regions being used: a primary/source region and a DR/destination region. The requirements are:

There should be a copy of data in the destination region to use if a region-wide disaster occurs in the source region Minimize costs

Which design will help you meet these requirements? (Choose the best answer.)

A. Clone block volumes. Use Object Storage lifecycle management to automatically move clone objects to Archive Storage. Copy Archive Storage buckets from source region to destination at regular intervals.

B. Clone block volumes. Copy block volume clones from source region to destination region at regular intervals.

C. Back up block volumes. Copy block volume backups from source region to destination region at regular intervals.

D. Back up block volumes. Use Object Storage lifecycle management to automatically move backup objects to Archive Storage. Copy Archive Storage buckets from source region to destination at regular intervals.

Security Testing Policy describes when and how you may conduct certain types of security testing of Oracle Cloud Services, including vulnerability and penetration tests, as well as tests involving data scraping tools.

What does Oracle allow as part of this testing? (Choose the best answer.)

A. Customers are allowed to use their own testing and monitoring tools.

B. Customers can simulate DoS attack scenarios as long as it's restricted to the customer's own environment.

C. Customers can validate that their network resources are isolated from other customer resources.

D. Customers are allowed to test Oracle Cloud Infrastructure (OCI) hardware related to resources in their tenancy.

Your team implemented a SaaS application that requires a whole system deployment for each new customer. The infrastructure provisioning is already automated via Terraform, and now you have been asked to develop an Ansible playbook to centralize configuration file management and deployment.

What is the most effective way to ensure your playbooks are utilizing up-to-date and accurate inventory? (Choose the best answer.)

A. Export an inventory list from the Oracle Cloud Infrastructure Web console.

B. Export an inventory list using Terraform apply command.

C. Implement a Command Line Interface script to list all the resources and run it within Ansible to generate a dynamic inventory list.

D. Download the dynamic inventory script provided by Oracle Cloud Infrastructure and include it in the playbook invocation command.

An insurance company has contracted you to help automate their application business continuity plan. They have the application running in eu-frankfurt-1 as the primary site and uk-london-1 as a disaster recovery site. Normally they have a DNS A record associated with the IP address of the primary endpoint in eu-frankfurt-1. In the event of a disaster, they use OCI DNS Zone Management to update the A record and replace it with the IP address of the endpoint in uk-londond-1.

How can you automate the failover process? (Choose the best answer.)

A. Create a Health Check that evaluates both regional endpoints. Create a Traffic Management Steering policy with Failover type and associate it with the Health Check.

B. Create a Traffic Management Steering policy with Load Balancer type and add both eu-frankfurt-1 and uk-london-1 endpoints. Attach the Traffic Management Steering policy to the A record.

C. Provision a Load Balancer in Frankfurt and associate it with the A record in DNS. Create a backend set with backend servers from both eu-frankfurt-1 and uk-london-1 regions.

D. Create a Traffic Management Steering policy and attach it to a backend servers from both eu-frankfurt1 and uk-london-1 regions.