1Z0-1067-22 Online Practice Questions and Answers

You have been asked to ensure that in-transit communication between an Oracle Cloud Infrastructure (OCI) compute instance and an on-premises server (192.168.10.10/32) is encrypted. The instances communicate using HTTP. The OCI Virtual Cloud Network (VCN) is connected to the on-premises network by two separate connections: a Dynamic IPsec VPN tunnel and a FastConnect virtual circuit. No static configuration has been added.

What solution should you recommend? (Choose the best answer.)

A. The instances will communicate by default over IPsec VPN, which ensures data is encrypted in-transit.

B. Advertise a 192.168.10.10/32 route over the VPN.

C. Advertise a 192.168.10.10/32 router over the FastConnect.

D. The instances will communicate by default over the FastConnect private virtual circuit, which ensures data is encrypted in-transit.

Your company recently adopted a hybrid cloud architecture which requires them to migrate some of their on-premises web applications to Oracle Cloud Infrastructure (OCI). You created a Terraform template which automatically provisions OCI resources such as compute instances, load balancer, and a database instance. After running the stack using the terraform apply command, it successfully launched the compute instances and the load balancer, but it failed to create a new database instance with the following error:

Service error: NotAuthorizedOrNotFound. shape VM.Standard2.4 not found. http status code: 404

You discovered that the resource quotas assigned to your compartment prevent you from using VM.Standard2.4 instance shapes available in your tenancy. You edit the Terraform script and replace the shape with VM.Standard2.2

Which option would you recommend to re-run the terraform command to have required OCI resources provisioned with the least effort? (Choose the best answer.)

A. terraform plan –target=oci_database_db_system.db_system

B. terraform apply –auto-approve

C. terraform refresh –target=oci_database_db_system.db_system

D. terraform apply –target=oci_database_db_system.db_system

Your company has restructured its HR departments. As part of this change, you also need to re-organize compartments within Oracle Cloud Infrastructure (OCI) to align them to the company's new organizational structure. The following change is required:

Compartment Team_x needs to be moved under a new parent compartment, Project_B

The tenancy has the following policies defined for compartments Project_A and Project_B: Policy1: Allow group G1 to manage instance-family in compartment HR:Project_A Policy2: Allow group G2 to manage instance-family in compartment HR:Project_B

Which two statements describe the impacts after the compartment Team_x is moved? (Choose two.)

A. Group G2 can now manage instance-families in compartment Project_B and compartment Team_X

B. Group G1 can now manage instance-families in compartment Project_A, compartment Project_B and compartment Team_X

C. Group G1 can now manage instance-families in compartment Project_A but not in compartment Team_x

D. Group G2 can now manage instance-families in compartment Project_A but not in compartment Team_x

E. Group G2 can now manage instance-families in compartment Project_B, compartment Project_A and compartment Team_X

You launched a Linux compute instance to host the new version of your company website via Apache Httpd server on HTTPS (port 443). The instance is created in a public subnet along with other instances. The default security list associated to the subnet is:

You want to allow access to the company website from public internet without exposing websites eventually hosted on the other instances in the public subnet.

Which action would you take to accomplish the task? (Choose the best answer.)

A. Create a network security group, add a stateful rule to allow ingress access on port 443 and associate it to the public subnet that hosts the company website.

B. In default security list, add a stateful rule to allow ingress access on port 443.

C. Create a new security list with a stateful rule to allow ingress access on port 443 and associate it to the public subnet.

D. Create a network security group, add a stateful rule to allow ingress access on port 443 and associate it to the instance that hosts the company website.

Multiple teams are sharing a tenancy in Oracle Cloud Infrastructure (OCI). You are asked to figure out an appropriate method to manage OCI costs.

Which is NOT a valid technique to accurately attribute costs to resources used by each team? (Choose the best answer.)

A. Create a Cost-Tracking tag. Apply this tag to all resources with team information. Use the OCI cost analysis tools to filter costs by tags.

B. Create separate compartment for each team. Use the OCI cost analysis tools to filter costs by compartment.

C. Create an Identity and Access Management (IAM) group for each team. Create an OCI budget for each group to track spending.

D. Define and use tags for resources used by each team. Analyze usage data from the OCI Usage Report which has detailed information about resources and tags.

You have been asked to investigate a potential security risk on your company's Oracle Cloud Infrastructure (OCI) tenancy. You decide to start by looking through the audit logs for suspicious activity.

How can you retrieve the audit logs using the OCI Command Line Interface (CLI)? (Choose the best answer.)

A. oci audit event list –-end-time $end-time –-compartment-id $compartment-id

B. oci audit event list –-start-time $start-time –-compartment-id $compartment-id

C. oci audit event list –-start-time $start-time –-end-time $end-time –-compartment-id $compartment-id

D. oci audit event list –-start-time $start-time –-end-time $end–time –-tenancy-id $tenancy–id

Your deployment platform within Oracle Cloud Infrastructure (OCI) leverages a compute instance with multiple block volumes attached. There are multiple teams that use the same compute instance and have access to these block volumes. You want to ensure that no one accidentally deletes any of these block volumes. You have started to construct the following IAM policy but need to determine which permissions should be used.

allow group DeploymentUsers to manage volume-family where ANY { request.permission != , request.permission != , request.permission != }

Which permissions can you use in place of in this policy? (Choose the best answer.)

A. VOLUME_DELETE, VOLUME_ATTACHMENT_DELETE, VOLUME_BACKUP_DELETE

B. VOLUME_ERASE, VOLUME_ATTACHMENT_ERASE, VOLUME_BACKUP_ERASE

C. ERASE_VOLUME, ERASE_VOLUME_ATTACHMENT, ERASE_VOLUME_BACKUP

D. DELETE_VOLUME, DELETE_VOLUME_ATTACHMENT, DELETE_VOLUME_BACKUP

Security Testing Policy describes when and how you may conduct certain types of security testing of Oracle Cloud Services, including vulnerability and penetration tests, as well as tests involving data scraping tools.

What does Oracle allow as part of this testing? (Choose the best answer.)

A. Customers are allowed to use their own testing and monitoring tools.

B. Customers can simulate DoS attack scenarios as long as it's restricted to the customer's own environment.

C. Customers can validate that their network resources are isolated from other customer resources.

D. Customers are allowed to test Oracle Cloud Infrastructure (OCI) hardware related to resources in their tenancy.

You are working as a Cloud Operations Administrator for your company. They have different Oracle Cloud Infrastructure (OCI) tenancies for development and production workloads. Each tenancy has resources in two regions – uk-london-1 and eu-frankfurt-1. You are asked to manage all resources and to automate all the tasks using OCI Command Line Interface (CLI).

Which is the most efficient method to manage multiple environments using OCI CLI? (Choose the best answer.)

A. Use OCI CLI profiles to create multiple sets of credentials in your config file, and reference the appropriate profile at runtime.

B. Create environment variables for the sets of credentials that align to each combination of tenancy, region, and environment.

C. Run oci setup config to create new credentials for each environment every time you want to access the environment.

D. Use different bash terminals for each environment.

An insurance company has contracted you to help automate their application business continuity plan. They have the application running in eu-frankfurt-1 as the primary site and uk-london-1 as a disaster recovery site. Normally they have a DNS A record associated with the IP address of the primary endpoint in eu-frankfurt-1. In the event of a disaster, they use OCI DNS Zone Management to update the A record and replace it with the IP address of the endpoint in uk-londond-1.

How can you automate the failover process? (Choose the best answer.)

A. Create a Health Check that evaluates both regional endpoints. Create a Traffic Management Steering policy with Failover type and associate it with the Health Check.

B. Create a Traffic Management Steering policy with Load Balancer type and add both eu-frankfurt-1 and uk-london-1 endpoints. Attach the Traffic Management Steering policy to the A record.

C. Provision a Load Balancer in Frankfurt and associate it with the A record in DNS. Create a backend set with backend servers from both eu-frankfurt-1 and uk-london-1 regions.

D. Create a Traffic Management Steering policy and attach it to a backend servers from both eu-frankfurt1 and uk-london-1 regions.