Oracle 1z0-1072-20 Exam Questions

Question 6 of 60

You need to set up instance principals so that an application running on an instance can call Oracle Cloud Infrastructure (OCI) public services, without the need to configure user credentials.
A developer in your team has already configured the application built using an OCI SDK to authenticate using the instance principals provider.
Which is NOT a necessary step to complete this set up?

Create a dynamic group with matching rules to specify which instances you want to allow to make API calls against services.

Generate Auth Tokens to enable instances in the dynamic group to authenticate with APIs.

Create a policy granting permissions to the dynamic group to access services in your compartment or tenancy.

Deploy the application and the SDK to all the instances that belong to the dynamic group.

Correct Answer: B

To set up instance principals so an application running on an instance can call OCI public services without user credentials, you need to create a dynamic group with matching rules to specify which instances are allowed to make API calls, create policies granting permissions to the dynamic group to access services, and deploy the application and SDK to all instances in the dynamic group. Generating Auth Tokens is not necessary for this setup as those are typically used for third-party applications or scenarios where dynamic groups and instance authentication are not possible.

Question 7 of 60

You have been asked to create an Identity and Access Management (IAM) user that will authenticate to Oracle Cloud Infrastructure (OCI) API endpoints. This user must not be given credentials that would allow them to log into the OCI console.
Which two authentication options can you use? (Choose two.)

SSL certificate

API signing key

SSH key pair

PEM Certificate file

Auth token

Correct Answer: B, E

To authenticate to Oracle Cloud Infrastructure (OCI) API endpoints without accessing the OCI console, you should use an API signing key and an auth token. An API signing key allows programmatic access to API requests, while an auth token is a uniquely generated token used for API authentication purposes. Both methods bypass the need for console login credentials, making them suitable for this requirement.

Question 8 of 60

You work for a health insurance company that stores a large number of patient health records in an Oracle Cloud Infrastructure (OCI) Object Storage bucket named "HealthRecords".
Each record needs to be securely stored for a period of 5 years for regulatory compliance purposes and cannot be modified, overwritten or deleted during this time period.
What can you do to meet this requirement?

Create an OCI Object Storage Lifecycle Policies rule to archive objects in the HealthRecords bucket for five years.

Create an OCI Object Storage time-bound Retention Rule on the HealthRecords bucket for five years. Enable Retention Rule Lock on this bucket.

Enable encryption on the HealthRecords bucket using your own vault master encryption keys.

Enable versioning on the HealthRecords bucket.

Correct Answer: B

To meet the requirement of securely storing patient health records for a period of five years without modification, overwriting, or deletion, you should create an OCI Object Storage time-bound Retention Rule on the HealthRecords bucket for five years and enable Retention Rule Lock on this bucket. This ensures that the records cannot be altered or deleted during the specified retention period, complying with regulatory requirements.

Question 9 of 60

Which two components cannot be deleted in your Oracle Cloud Infrastructure Virtual Cloud Network? (Choose two.)

Service gateway

Default security list

Routing gateway

Default route table

Default subnet

Correct Answer: B, D

The two components that cannot be deleted in your Oracle Cloud Infrastructure Virtual Cloud Network are the default security list and the default route table. When a VCN is created, it automatically includes a default security list and a default route table. These components are integral to the functioning of the VCN and are therefore not deletable. Other components like the service gateway, routing gateway, and subnet can be managed and deleted as needed based on the user’s configuration requirements.

Question 10 of 60

A financial firm is designing an application architecture for its online trading platform that must have high availability and fault tolerance.
Their solutions architect configured the application to use an Oracle Cloud Infrastructure Object Storage bucket located in the US West (us-phoenix-1) region to store large amounts of financial data. The stored financial data in the bucket must not be affected even if there is an outage in one of the Availability Domains or a complete region.
What should the architect do to avoid any costly service disruptions and ensure data durability?

Create a new Object Storage bucket in another region and configure lifecycle policy to move data every 5 days.

Create a lifecycle policy to regularly send data from Standard to Archive storage.

Copy the Object Storage bucket to a block volume.

Create a replication policy to send data to a different bucket in another OCI region.

Correct Answer: D

To ensure high availability, fault tolerance, and data durability even in the event of an outage in one availability domain or a complete region, the architect should create a replication policy to send data to a different bucket in another Oracle Cloud Infrastructure region. This approach provides continuous data synchronization across regions, protecting against regional failures and ensuring that the data remains accessible and durable without costly service disruptions.