Was :
$81
Today :
$45
Was :
$99
Today :
$55
Was :
$117
Today :
$65
Why Should You Prepare For Your Oracle Cloud Infrastructure 2023 Architect Associate With MyCertsHub?
At MyCertsHub, we go beyond standard study material. Our platform provides authentic Oracle 1z0-1072-23 Exam Dumps, detailed exam guides, and reliable practice exams that mirror the actual Oracle Cloud Infrastructure 2023 Architect Associate test. Whether you’re targeting Oracle certifications or expanding your professional portfolio, MyCertsHub gives you the tools to succeed on your first attempt.
Verified 1z0-1072-23 Exam Dumps
Every set of exam dumps is carefully reviewed by certified experts to ensure accuracy. For the 1z0-1072-23 Oracle Cloud Infrastructure 2023 Architect Associate , you’ll receive updated practice questions designed to reflect real-world exam conditions. This approach saves time, builds confidence, and focuses your preparation on the most important exam areas.
Realistic Test Prep For The 1z0-1072-23
You can instantly access downloadable PDFs of 1z0-1072-23 practice exams with MyCertsHub. These include authentic practice questions paired with explanations, making our exam guide a complete preparation tool. By testing yourself before exam day, you’ll walk into the Oracle Exam with confidence.
Smart Learning With Exam Guides
Our structured 1z0-1072-23 exam guide focuses on the Oracle Cloud Infrastructure 2023 Architect Associate's core topics and question patterns. You will be able to concentrate on what really matters for passing the test rather than wasting time on irrelevant content. Pass the 1z0-1072-23 Exam – Guaranteed
We Offer A 100% Money-Back Guarantee On Our Products.
After using MyCertsHub's exam dumps to prepare for the Oracle Cloud Infrastructure 2023 Architect Associate exam, we will issue a full refund. That’s how confident we are in the effectiveness of our study resources.
Try Before You Buy – Free Demo
Still undecided? See for yourself how MyCertsHub has helped thousands of candidates achieve success by downloading a free demo of the 1z0-1072-23 exam dumps.
MyCertsHub – Your Trusted Partner For Oracle Exams
Whether you’re preparing for Oracle Cloud Infrastructure 2023 Architect Associate or any other professional credential, MyCertsHub provides everything you need: exam dumps, practice exams, practice questions, and exam guides. Passing your 1z0-1072-23 exam has never been easier thanks to our tried-and-true resources.
Oracle 1z0-1072-23 Sample Question Answers
Question # 1
Which TWO statements are TRUE about Private IP addresses in Oracle Cloud Infrastructure (OCI)?
Each VNIC can only have one private IP address. By default, the primary VNIC of an instance in a subnet has one primary private IP address. By default, the primary VNIC of an instance in a subnet has one primary private IP address and one secondary private IP address.
A private IP can have an optional public IP assigned to it if it resides in a public subnet.
Explanation By default, the primary VNIC of an instance in a subnet has one primary private IP address. A private IP can
have an optional public IP assigned to it if it resides in a public subnet. The explanation is that a private IP
address is an IPv4 address that is assigned to a VNIC and belongs to the CIDR block of the VCN or subnet.
By default, the primary VNIC of an instance in a subnet has one primary private IP address, which is
automatically assigned by OCI and cannot be changed. However, you can also assign secondary private IP
addresses to a VNIC, either manually or automatically, up to a maximum of 31 per VNIC. A private IP
address can have an optional public IP address assigned to it, which allows the instance to communicate with
the internet. A public IP address can be either ephemeral or reserved, depending on whether you want to keep
it after stopping or terminating the instance. A private IP address can only have a public IP address assigned to
it if it resides in a public subnet, which means that the subnet’s route table has a route rule that directs traffic to
the internet gateway.
Question # 2
Which TWO statements about the Oracle Cloud Infrastructure (OCI) File Storage Service are accurate?
Communication with file systems in a mount target is encrypted via HTTPS. File systems use Oracle-managed keys by default. Customer can encrypt data in their file system using their own Vault encryption key. Mount targets use Oracle-managed keys by default. Customer can encrypt the communication to a mount target via export options.
Explanation
File systems use Oracle-managed keys by default. Customer can encrypt data in their file system using their
own Vault encryption key. The explanation is that File Storage Service encrypts all data at rest using AES-256
encryption algorithm. By default, File Storage Service uses Oracle-managed keys to encrypt and decrypt data.
However, you can also use your own Vault encryption key to encrypt data in your file system. To do so, you
need to create a key in Vault and associate it with your file system when you create or update it.
Question # 3
Which TWO are key benefits of setting up Site-to-Site VPN on Oracle Cloud Infrastructure (OCI)?
When setting up Site-to-Site VPN, it creates a private connection that provides consistent network experience.
When setting up Site-to-Site VPN, customers can configure it to use static or dynamic routing (BGP). When setting up Site-to-Site VPN, OCI provisions redundant VPN tunnels. When setting up Site-to-Site VPN, customers can expect bandwidth above 2 Gbps.
Explanation
When setting up Site-to-Site VPN, customers can configure it to use static or dynamic routing (BGP). When
setting up Site-to-Site VPN, OCI provisions redundant VPN tunnels. The explanation is that Site-to-Site VPN
is a secure and encrypted connection between your on-premises network and your Virtual Cloud Network
(VCN) in OCI over the public internet. When setting up Site-to-Site VPN, you can choose to use static routing
or dynamic routing (Border Gateway Protocol or BGP) to exchange routes between your network and OCI.
OCI also provisions two redundant VPN tunnels for each Site-to-Site VPN connection to provide high
availability and failover.
Question # 4
Your DevOps team needs to interconnect the on-premises network to the Oracle Cloud Infrastructure (OCI)
resources, such as a managed database that resides in a private subnet. They indicate that they have a low
budget and their bandwidth requirements are minimal, so you decide that a site-to-site VPN is the best option.They provide you with their router public IP address. You need to create an object in OCI that represents this
router. Which object would you create?
Explanation Customer Premises Equipment (CPE). The explanation is that CPE is an object in OCI that represents your
on-premises router or VPN device that connects to your VCN via a site-to-site VPN. A site-to-site VPN is a
secure and encrypted connection between your on-premises network and your VCN over the public internet.
To set up a site-to-site VPN, you need to create a CPE object with your router’s public IP address and other
information, such as vendor and platform. You also need to create a Dynamic Routing Gateway (DRG) object
in your VCN and attach it to your VCN. Then, you need to create an IPSec connection between your CPE and
DRG, which will create two redundant VPN tunnels for high availability.
Question # 5
Which TWO statements are NOTcorrect regarding the Oracle Cloud Infrastructure (OCI) burstable instances?
If the instance's average CPU utilization over the past 24 hours is below the baseline, the system allows
it to burst above the baseline. Baseline utilization is a fraction of each CPU core, either 25% or 75%. Burstable instances cost less than regular instances with the same total OCPU count. Burstable instances are designed for scenarios where an instance is not typically idle and has high CPU
utilization. Burstable instances are charged according to the baseline OCPU.
Explanation The explanation is that burstable instances are VM instances that have a baseline utilization of either 12% or
50% of each CPU core, not 25% or 75%. Burstable instances are designed for scenarios where an instance is
typically idle or has low CPU utilization but occasionally needs to burst above the baseline to handle spikes in
demand. Burstable instances cost less than regular instances with the same total OCPU count but charge extra
for bursting above the baseline OCPU.
Question # 6
Which statement is NOT correct regarding the Oracle Cloud Infrastructure (OI) File System snapshots?
Even if nothing has changed within the file system since the last snapshot was taken, a new snapshot consumes more storage.
Snapshots are accessible under the root directory of the file system at .snapshot/name. Before you can clone a file system, at least one snapshot must exist for the file system. Snapshots are a consistent, point-in-time view of your file systems.
Explanation Even if nothing has changed within the file system since the last snapshot was taken, a new snapshot does not
consume more storage. This is because snapshots are incremental and only store the changes made to the file
system since the previous snapshot. The other statements are correct regarding the OCI File System snapshots.
References: [Snapshots and Storage Consumption]
Question # 7
Which is NOT a valid Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) approach?
Ensure VCN CIDR prefix overlaps with other VCNs in your tenancy or with your organizations private
IP network ranges. Ensure not all IP addresses are allocated at once within a VCN or subnet; instead reserve some IP addresses for future use.
Private subnets should ideally have individual route tables to control the flow of traffic within and
outside of VCN. Use OCI tags to tag VCN resources so that all resources follow organizational tagging/naming
conventions.
Explanation Ensure VCN CIDR prefix overlaps with other VCNs in your tenancy or with your organizations private IP
network ranges. The explanation is that a VCN CIDR prefix is the range of IPv4 addresses that can be used
within the VCN and its subnets. The VCN CIDR prefix should not overlap with other VCNs in your tenancy
or with your organization’s private IP network ranges, as this can cause routing conflicts and connectivity
issues. You should choose a VCN CIDR prefix that is large enough to accommodate your current and future
needs, but not too large to waste IP addresses. You can use any of the private IPv4 address ranges specified in
RFC 1918 for your VCN CIDR prefix.
Question # 8
Oracle Cloud Agent is a lightweight process that manages plugins running on compute instances.Which is NOT a valid Oracle Cloud Agent plugin name?
Live Migration Agent OS Management Service Agent Compute Instance Run Command Bastion
Explanation
Live Migration Agent is not a valid Oracle Cloud Agent plugin name. Oracle Cloud Agent plugins are the
following1: Bastion: Allows secure shell (SSH) connections to an instance without public IP addresses using the
Bastion service Block Volume Management: Configures Block Volume sessions for the instance. Compute Instance Monitoring: Emits metrics about the instance’s health, capacity, and performance.
These metrics are consumed by the Monitoring service. Compute Instance Run Command: Runs scripts within the instance to remotely configure, manage, and
troubleshoot the instance Custom Logs Monitoring: Ingests custom logs into the Logging service. Management Agent: Collects data from resources such as OSs, applications, and infrastructure resources
for Oracle Cloud Infrastructure services that are integrated with Management Agent. OS Management Service Agent: Enables you to manage updates and patches for the operating system
running on your instance.
Live Migration is a feature of Oracle Cloud Infrastructure that enables you to migrate a running instance from
one physical host to another without rebooting the instance or impacting its availability. Live Migration does
not require any Oracle Cloud Agent plugin to function.
Question # 9
You are backing up your on-premises data to the Oracle Cloud Infrastructure (OCI) Object Storage Service. Your requirements are:1. Backups need to be retained for at least full 31 days.
2. Data should be accessible immediately if and when needed after the backup.
Which OCI Object Storage tier is suitable for storing the backup to minimize cost?
Infrequent Access tier Archive tier Standard tier Auto-Tiering tier
Explanation The explanation is that the Infrequent Access tier is suitable for storing data that is accessed less frequently but
requires immediate access when needed. The Infrequent Access tier has lower storage costs than the Standard
tier, but higher retrieval costs. The Infrequent Access tier also has a minimum storage duration of 30 days,
which means that you will be charged for at least 30 days of storage even if you delete or move the data before
that period.
Question # 10
You have a high-demand web application running on Oracle Cloud Infrastructure (OCI). Your tenancy administrator has set up a schedule-based autoscaling policy on instance pool with an initial size of 5 instances
for the application.Policy 1:Target pool size:10 instances
Execution time:8:30 a.m. on every Monday through Friday, in every month, in every year
Cron expression:0 30 8 ? * MON-FRI *
Which statement accurately explains the goal of this policy?
Goal: A one-time schedule with only one scaling out event. At 8:30 a.m., on December 31, 2021, scale
the instance pool to 10 instances from 5. Goal: A recurring monthly schedule. On all days of the month, set the initial pool size to 5 instances. At
8.30 a.m., on every day of the month, scale out to 10 instances. Goal: A recurring daily schedule. On weekday mornings at 8.30 a.m., scale out to 10 instances. Goal: A recurring weekly schedule. On all days of the week at 8.30 a.m., scale out the pool to 10
instances from the initial size of 5
Explanation The explanation is that a schedule-based autoscaling policy allows you to adjust the size of your instance pool
based on a cron expression that specifies the date and time of the scaling action. The cron expression consists
of six fields: seconds, minutes, hours, day of month, month, and day of week. In this case, the cron expression
is 0 30 8 ? * MON-FRI *, which means that the scaling action will occur at 8:30 a.m. on every Monday
through Friday, regardless of the day of month or month. Therefore, the goal of this policy is to scale out the
instance pool to 10 instances on weekday mornings at 8:30 a.m.
Question # 11
You created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain application
servers and the third subnet contains a DB System. The application requires a shared file system, therefore you
have provisioned one using the file storage service (FSS).You have also created the corresponding mount target in one of the application subnets. The VCN security
lists are properly configured so that the application servers can access FSS. The security team changed the
settings for the DB System to have read-only access to the file system. However when they test it, they are unable to access FSS.
How would you allow access to FSS?
Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of
the DB System subnet. Create an instance principal for the DB System. Write an Identity and Access Management (IAM)
policy that allows the instance principal read-only access to the file storage service. Modify the security list associated with the subnet where the mount target resides. Change the ingress
rules corresponding to the DB System subnet to be stateless. Modify the security list associated with the subnet where the mount target resides. Change the ingress rules corresponding to the DB System subnet to be stateful.
Question # 12
You are a system administrator of your company and you are managing a complex environment consisting of
compute instances running Oracle Linux on Oracle Cloud Infrastructure (OCI). It's your task to apply all the
latest kernel security updates to all instances.Which OCI service will allow you to complete this task?
OCI Streaming service OS Management service OCI Registry OCI Security Zones to achieve automatic security updates OCI Cloud Guard to monitor and install the security updates
Explanation OS Management service is the OCI service that will allow you to complete this task. OS Management service
is a service that helps users automate patching and package management for Oracle Linux and Windows
instances in OCI. It can also help users monitor and manage system configuration and compliance across their
instances. The other options are not suitable for this task, as they do not provide the functionality of OS
Management service. References: [OS Management Service]
Question # 13
Which tool provides a diagram of the implemented topology of all Virtual Cloud Networks (VCNs) in a
selected region and tenancy?
Explanation Network Visualizer is the tool that provides a diagram of the implemented topology of all VCNs in a selected
region and tenancy. Network Visualizer is a feature of the OCI Networking service that allows users to view
and manage their network resources in a graphical interface. It can help users understand their network
topology, troubleshoot issues, and optimize performance. The other options are not tools that provide a
diagram of the VCN topology, but rather other features or services of OCI Networking. References: [Network
Visualizer]
Question # 14
You have objects stored in an OCI Object Storage bucket that you want to share with a partner company. You
decide to use pre-authenticated requests to grant access to the objects. Which statement is true about
preauthenticated requests?
You cannot edit a pre-authenticated request. Deleting a pre-authenticated request does not revoke user access to the associated bucket or object. You need to provide your OCI credentials to the partner company. Pre-authenticated requests can be used to delete buckets or objects.
Explanation You cannot edit a pre-authenticated request is a true statement about pre-authenticated requests.
Pre-authenticated requests are URLs that allow users to access objects or buckets in OCI Object Storage
without requiring additional authentication or authorization. Pre-authenticated requests can be created with an
expiration date and time, and can be used for read or write operations. However, once created,
pre-authenticated requests cannot be edited, but can only be deleted or extended. The other statements are false
about pre-authenticated requests. References: [Pre-Authenticated Requests]
Question # 15
You are responsible for deploying an application on Oracle Cloud Infrastructure (OCI). The application is
memory intensive and performs poorly if enough memory is not available. You have created an instance pool
of Linux compute instances in OCI to host the application and defined Autoscaling Configuration for the
instance pool.What should you do to ensure that the instance pool autoscales to prevent poor application performance?
Install OCI SDK on all compute instances and create a script that triggers the autoscaling event if there
is high memory usage. Configure the autoscaling policy to monitor memory usage and scale up the number of instances when it
meets the threshold. Install the monitoring agent on all compute instances, which triggers the autoscaling group. Configure the autoscaling policy to monitor CPU usage and scale up the number of instances when it meets the threshold
Explanation According to the Oracle Cloud Infrastructure documentation1, autoscaling enables you to automatically adjust
the number of compute instances in an instance pool based on performance metrics such as CPU and memory
utilization. You select a performance metric to monitor and set thresholds that the performance metric must
reach to trigger an autoscaling event. When system usage meets a threshold, autoscaling dynamically resizes
the instance pool in near-real time. As load increases, the pool scales out. As load decreases, the pool scales in. Therefore, option B is the correct answer, as it allows you to monitor the memory usage of your application
and scale up the number of instances when it meets or exceeds a predefined threshold. This will prevent poor
application performance due to insufficient memory.
Question # 16
When creating an Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) with the VCN wizard,
which THREE gateways are created automatically?
Internet Gateway Local Peering Gateway Dynamic Routing Gateway NAT Gateway Storage Gateway Bastion Host Service Gateway
Explanation Internet Gateway, NAT Gateway, and Service Gateway are three gateways that are created automatically when
creating a VCN with the VCN wizard. An Internet Gateway allows public traffic between the VCN and the
internet. A NAT Gateway allows private traffic from the VCN to access the internet without exposing the
VCN resources to incoming internet connections. A Service Gateway allows private traffic from the VCN to
access OCI services such as Object Storage, Email Delivery, and Notifications. The other options are not
created automatically by the VCN wizard, but can be added manually later if needed. References: [VCN
Wizard], [Gateways]
Question # 17
Company XYZ is spending $300,000.00 USD per month in egress fees for 7 Petabytes that they consume for
Outbound Data Transfer in North America with their current cloud provider. The company is seeking to lower
that expense considerably without reducing consumption. You propose migration to OCI because the Gigabyte
Outbound Data Transfer in North America costs just $0.0085 USD per month. With OCI, how much will they
spend per month for 7 Petabytes of Outbound Data Transfer? (1 Petabyte = 1000 Terabytes)
$59,500.00 $150,000.00 $59,415.00 $0.00 (free with OCI)
Question # 18
You want to distribute DNS traffic to different endpoints based on the location of the end user. Which Traffic
Management Steering Policy would you use?
IP Prefix Load Balancer Geolocation Failover
Explanation The explanation is that geolocation is a type of Traffic Management Steering Policy that allows you to
distribute DNS traffic to different endpoints based on the location of the end user. Geolocation steering
policies use geolocation data from third-party providers to map end user IP addresses to geographic regions.
You can create rules that specify which endpoints to serve for each region or country, or use a default endpoint
for unspecified regions.
Question # 19
Which is NOT a valid action within the Oracle Cloud Infrastructure (OCI) Block Volume service?
Expanding an existing volume in place with offline resizing. Restoring from a volume backup to a larger volume. Attaching a block volume to an instance in a different availability domain. Cloning an existing volume to a new, larger volume.
Explanation Attaching a block volume to an instance in a different availability domain is not a valid action within the OCI
Block Volume service. A block volume can only be attached to an instance in the same availability domain.
The other options are valid actions that can be performed with the Block Volume service. References: [Block
Volume Actions]
Question # 20
You are in the process of migrating several legacy applications from on-premises to Oracle Cloud
Infrastructure(OCI). The current servers are already virtualized. However, you notice that the version of CentOS currently
running does not align with any of the Oracle-provided compute images.How would you migrate your existing
virtual server images to OCI?
Export your current image in the VMDK format and copy to an Object Storage bucket. Import it as a custom image. Select native mode to ensure the best possible performance.
Export your current image in the VDI format and copy to an Object Storage bucket. Import it as a
custom image. Select native modeto ensure the best possible performance. Export your current image in the QED format and copy to an Object Storage bucket. Import it as a
custom image. Select emulated modeto ensure compatibility with legacy drivers. Export your current image in the QCOW2 format and copy to an Object Storage bucket. Import it as a custom image. Select emulated mode to ensure compatibility with legacy drivers
Explanation Export your current image in the QCOW2 format and copy to an Object Storage bucket. Import it as a custom
image. Select emulated mode to ensure compatibility with legacy drivers. The explanation is that QCOW2 is
one of the supported formats for importing custom images to OCI. Custom images are images that you can
create from your own on-premises or cloud servers and use them to launch instances in OCI. To import a
custom image, you need to export your current image in a supported format, copy it to an Object Storage
bucket, and then import it as a custom image using the OCI console or API. When you import a custom image,
you can choose between native mode or emulated mode. Native mode offers better performance but requires
compatible drivers and firmware. Emulated mode offers better compatibility but lower performance.
Question # 21
You are a security administrator for your company's Oracle Cloud Infrastructure (OCI) tenancy. Your storage
administrator informs you that she cannot associate an encryption key from an existing Vault to a new Object
Storage bucket.What could be a possible reason for this behavior?
The Object Storage bucket policy lacks the necessary Access Control List (ACL). The storage administrator forgot to select "Encrypt using Oracle managed keys" while creating the
bucket. There is no Identity and Access Management (IAM) policy that allows the Object Storage service to use
the key. The secret for the key was not created beforehand
Explanation There is no Identity and Access Management (IAM) policy that allows the Object Storage service to use the
key. The explanation is that when you create an Object Storage bucket with encryption using a
customer-managed key from Vault, you need to have an IAM policy that allows the Object Storage service to
use the key on your behalf. The policy should look like this: allow service objectstorage- to use key in compartment where is the region where your bucket resides and is the compartment where
your key resides.
Question # 22
What should be created before provisioning an Oracle Cloud Infrastructure (OCI) DB System?
Bucket in Object Storage Virtual Cloud Network Compute Instance Compartment
Explanation The explanation is that a Virtual Cloud Network (VCN) is a software-defined network that you set up in OCI
to connect your cloud resources, such as compute instances and databases. A VCN provides you with
complete control over your network environment, including selecting your own IP address range, creating
subnets, route tables, gateways, security lists, etc. You need to create a VCN before provisioning an OCI DB
System, as you need to specify which subnet in your VCN you want to launch your DB System in.
Question # 23
Which THREE capabilities are available with the Oracle Cloud Infrastructure (OCI) DNS service?
Creating and managing records Creating and managing WAF rules Creating and managing Identity Access Management (IAM) policies Creating and managing zones Viewing all zones Creating and managing security lists
Explanation Creating and managing records, creating and managing zones, and viewing all zones are three capabilities that
are available with the OCI DNS service. Records are data elements that map domain names to IP addresses or
other information. Zones are collections of records that correspond to a domain name or a subdomain name.
The OCI DNS service allows users to create and manage records and zones for their domains or subdomains,
as well as view all zones in their tenancy. The other options are not capabilities of the OCI DNS service, but of
other OCI services such as WAF, IAM, and Networking. References: [DNS Service], [Records], [Zones]
Question # 24
Which statement is TRUE about delegating an existing domain to the Oracle Cloud Infrastructure (OCI) DNS
service?
Domains can be delegated to OCI DNS via FastConnect partners. Domains can be delegated to OCI DNS from the OCI Marketplace. Domains can be self-delegated to OCI DNS from its own service portal. Domains can be delegated to OCI DNS from the Domain Registrar’s self-service portal. All domains can be retrieved to OCI DNS via DYN.
Explanation Domains can be delegated to OCI DNS from the Domain Registrar’s self-service portal. The explanation is
that delegating a domain to OCI DNS means that you are transferring the authority to resolve DNS queries for
your domain from your current DNS provider to OCI DNS. To delegate a domain to OCI DNS, you need to
create a zone in OCI DNS that matches your domain name and add any records that you want to serve from
OCI DNS. Then, you need to update the name servers for your domain at your Domain Registrar’s self-service
portal with the name servers provided by OCI DNS. This will point your domain to OCI DNS and allow it to
resolve DNS queries for your domain.
Question # 25
You want a full-featured Identity-as-a-Service (IDaaS) solution that helps you manage workforce
authentication and access to all of your Oracle and non-Oracle applications, whether they are SaaS apps,
on-premises enterprise apps, or apps that are hosted in the cloud. Which IAM Identity Domain type should you
create?
Free Oracle Apps Premium Premium External User
Explanation Premium is the IAM Identity Domain type that you should create if you want a full-featured IDaaS solution
that helps you manage workforce authentication and access to all of your Oracle and non-Oracle applications.
Premium Identity Domain provides users with access to Oracle Identity Cloud Service, which is an IDaaS
solution that offers identity management, single sign-on, multifactor authentication, identity governance, and
integration with third-party applications. The other options are not IAM Identity Domain types that provide a
full-featured IDaaS solution. References: [Identity Domains], [Oracle Identity Cloud Service]
Feedback That Matters: Reviews of Our Oracle 1z0-1072-23 Dumps
