1Z0-1072-21 Online Practice Questions and Answers

You need to set up instance principals so that an application running on an instance can call Oracle Cloud Infrastructure (OCI) public services, without the need to configure user credentials. A developer in your team has already configured the application built using an OCI SDK to authenticate using the instance principals provider. Which is NOT a necessary step to complete this set up?

A. Create a dynamic group with matching rules to specify which instances you want to allow to make API calls against services.

B. Generate Auth Tokens to enable instances in the dynamic group to authenticate with APIs.

C. Create a policy granting permissions to the dynamic group to access services in your compartment or tenancy.

D. Deploy the application and the SDK to all the instances that belong to the dynamic group.

Which statement Is true about Data Guard implementation in Oracle Cloud Infrastructure (OCI) bare metal and virtual machine database systems?

A. Primary and standby databases must be in the same OCI region.

B. Both database systems must be in the same compartment.

C. Database systems need not be the same shape type (e.g, primary database can be a virtual machine, and standby database a bare metal shape, and vice versa).

D. Primary and standby database versions and editions need not be Identical.

You developed a microservices based application that runs on Oracle Cloud Infrastructure (OCI) Container

Engine for Kubernetes (OKE). You want to provide access to this cluster to other team members.

What should you do to provide access to this cluster using as fewest steps as possible?

A. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to the OKE cluster. Other team members should use OCI Cloud Shell to generate the kubeconfig into their own cloud shell environment and access the cluster using kubectl from cloud shell.

B. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to the OKE cluster. Create individual users and access token for each team member. Other team members should use OCI Cloud Shell to generate the kubeconfig into their own cloud shell environment and access the cluster using kubectl from cloud shell.

C. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to the OKE cluster. Create a cluster role and cluster role binding to provide access to the cluster for each team member. Other team members should install oci cli and kubectl locally on their laptop. Use the oci cli to generate the kubeconfig and use kubectl to access the cluster.

D. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to the OKE cluster. Other team members should install oci cli and kubectl locally on their laptop. Use the oci cli to generate the kubeconfig and use kubectl to access the cluster.

You have an application server running in a public subnet on a compute instance in US West (us- phoenix1) region of Oracle Cloud Infrastructure (OCI). The data sitting on this instance needs to be copied to OCI Object storage bucket available in the same region without traversing over the internet. To enable the connectivity between the instance and Object Storage, you created a service gateway with service CIDR of all Object Storage in us-phoenix-1 enabled. You also modified the security rules to allow the desired traffic. However, when you tried sending the data to the Object Storage bucket, you notice that the data is going over the internet and not via the service gateway. What could be the possible reason for this behavior?

A. The route table associated with the subnet has no route rule where the destination is object storage service

B. The service gateway created in the VCN resides in a different availability domain

C. The security list associated with the subnet has an egress rule that allows all traffic to be forwarded to a destination CIDR 0.0.0.0/0

D. Identity and Access Management (IAM) policies restrict the access to the object storage bucket

Which scaling option does Database Cloud Service (DBCS) on Bare Metal Shape offer?

A. network bandwidth

B. CPU

C. storage

D. memory

Which certificate format is used with the load balancer?

A. PFX

B. PEM

C. PKCS12

D. CRT

Which two statements are true about subnets within a VCN? (Choose two.)

A. You can have multiple subnets in an Availability Domain for a given VCN.

B. Private and Public subnets cannot reside in the same Availability Domain for a given VCN.

C. Subnets can have their IP addresses overlap with other subnets in another network for a given VCN.

D. Instances obtain their private IP and the associated security list from their subnets.

What is the maximum CIDR range that can be assigned when configuring a Virtual Cloud Network?

A. /16

B. /26

C. /24

D. /8

Which tool can automatically install Oracle Cloud Infrastructure CLI?

A. Python

B. RPM

C. APT

D. PIP

Your company is moving an Internet-facing, 2-tier web application into Oracle Cloud Infrastructure. The application must have a highly available architecture. Which two design options would you consider? (Choose two.)

A. Configure a Dynamic Route Gateway in your VCN and make it highly available.

B. Configure a NAT instance in your Virtual Cloud Network (VCN). Create a route rule by using the private IP of the NAT instance as a route target for all the private subnets in your VCN.

C. Create an Internet Gateway and attach it to your VCN. Deploy public load balancer nodes into two Available Domains.

D. Place all web servers behind a public load balancer.

Which two are required parameters to create a public load balancer instance? (Choose two.)

A. certificate

B. load balancer name

C. listener

D. back end set

E. two public subnets

What is the maximum number of security lists that can be associated with a subnet?

A. four

B. three

C. five

D. two

Which two options are available when configuring DNS resolution for your virtual cloud network? (Choose two.)

A. Internet and custom resolver

B. Google DNS servers

C. custom resolver

D. Internet and virtual cloud network (VCN) resolver

Which two statements are true about data guard service on DB Systems in Oracle Cloud Infrastructure (OCI)?

A. Data guard implementation requires two DB Systems, one running the primary database on a virtual machine and the standby database running on bare metal.

B. Data guard implementation requires two DB Systems, one containing the primary database and one containing the standby database.

C. Data guard configuration on the OCI is limited to a virtual machine only.

D. Both DB Systems must use the same VCN, and port 1521 must be open.

Which two statements are true about Oracle Cloud Infrastructure IPSec VPN Connect?

A. Each OCI IPSec VPN consists of multiple redundant IPSec tunnels B. OCI IPSec VPN tunnel supports only static routes to route traffic

C. OCI IPSec VPN can be configured in tunnel mode only

D. OCI IPSec VPN can be configured in trans port mode only