[May-2024] Updated Oracle 1z0-1072-23 Dumps - PDF & Online Engine [Q18-Q38]

[May-2024] Updated Oracle 1z0-1072-23 Dumps – PDF & Online Engine

1z0-1072-23.pdf - Questions Answers PDF Sample Questions Reliable

NEW QUESTION # 18
Which TWO statements are NOTcorrect regarding the Oracle Cloud Infrastructure (OCI) burstable instances?

• A. If the instance's average CPU utilization over the past 24 hours is below the baseline, the system allows it to burst above the baseline.
• B. Baseline utilization is a fraction of each CPU core, either 25% or 75%.
• C. Burstable instances are designed for scenarios where an instance is not typically idle and has high CPU utilization.
• D. Burstable instances are charged according to the baseline OCPU.
• E. Burstable instances cost less than regular instances with the same total OCPU count.

Answer: B,C

Explanation:
The explanation is that burstable instances are VM instances that have a baseline utilization of either 12% or 50% of each CPU core, not 25% or 75%. Burstable instances are designed for scenarios where an instance is typically idle or has low CPU utilization but occasionally needs to burst above the baseline to handle spikes in demand. Burstable instances cost less than regular instances with the same total OCPU count but charge extra for bursting above the baseline OCPU.

NEW QUESTION # 19
As a network architect you have deployed a public subnet on your Virtual Cloud Network (VCN) with this security list:

You have also created a network security group (NSG) as shown in the table here, and assigned it to your bastion host:

You have confirmed that routing is correct but when you SSH to the VM from your home over the Internet youare unable to connect.
What could be the problem?

• A. SSH traffic is not allowed in the security list nor on the NSG from the Internet.
• B. User will be able to SSH to the VM from the Internet as SSH is open on the NSG.
• C. Public subnet does not have a route rule to the Internet Gateway.
• D. Internet traffic should be allowed only on the NSG.

Answer: A

Explanation:
Explanation
SSH traffic is not allowed in the security list nor on the NSG from the Internet is the correct answer. This is because the security list only allows ingress traffic from 10.0.0.24 on port 22, and the NSG only allows ingress traffic from 10.0.0.0/16 on port 22. Neither of them allows ingress traffic from 0.0.0.0/0 (the Internet) on port
22, which is required for SSH access. The other options are not correct, as they do not explain why SSH access is not possible. References: [Security Lists], [Network Security Groups]

NEW QUESTION # 20
Which Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) policy is invalid?

• A. Allow dynamic-group FrontEnd to manage instance-family in compartment Project-A
• B. Allow any-user to inspect users in tenancy
• C. Allow group A-Admins to manage all-resources in compartment Project-A
• D. Allow group A-Developers to create volumes in compartment Project-A

Answer: D

Explanation:
Allow group A-Developers to create volumes in compartment Project-A is an invalid IAM policy. This is because create is not a valid verb for volumes. The correct verb for creating volumes is attach. The other options are valid IAM policies that use correct verbs and syntax. Reference: [IAM Policies], [Verbs]

NEW QUESTION # 21
Which Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) policy is invalid?

• A. Allow dynamic-group FrontEnd to manage instance-family in compartment Project-A
• B. Allow any-user to inspect users in tenancy
• C. Allow group A-Admins to manage all-resources in compartment Project-A
• D. Allow group A-Developers to create volumes in compartment Project-A

Answer: D

Explanation:
Explanation
Allow group A-Developers to create volumes in compartment Project-A is an invalid IAM policy. This is because create is not a valid verb for volumes. The correct verb for creating volumes is attach. The other options are valid IAM policies that use correct verbs and syntax. References: [IAM Policies], [Verbs]

NEW QUESTION # 22
You want to create a policy to allow the NetworkAdmins group to manage Virtual Cloud Network (VCN) in compartment C. You want to attach this policy to the tenancy. The compartment hierarchy is shown below.

Which policy statement can be used to accomplish this task?

• A. Allow group NetworkAdmins to manage virtual-network-family in compartment C
• B. Allow group NetworkAdmins to manage virtual-network-family in tenancy
• C. Allow group NetworkAdmins to manage virtual-network-family in compartment B:C
• D. Allow group NetworkAdmins to manage virtual-network-family in compartment A:B:C

Answer: D

Explanation:
Allow group NetworkAdmins to manage virtual-network-family in compartment A:B:C. The explanation is that when you attach a policy to the tenancy, you need to specify the full path of the compartment where you want to grant permissions. In this case, the compartment C is a sub-compartment of compartment B, which is a sub-compartment of compartment A, which is a sub-compartment of the root compartment (tenancy). Therefore, the full path of compartment C is A:B:C. The virtual-network-family resource type includes all the resources related to VCN, such as subnets, route tables, security lists, gateways, etc.

NEW QUESTION # 23
Which tool provides a diagram of the implemented topology of all Virtual Cloud Networks (VCNs) in a selected region and tenancy?

• A. Network Visualizer
• B. Traffic Analytics
• C. VCN Flow Logs
• D. Network Watcher

Answer: A

Explanation:
Explanation
Network Visualizer is the tool that provides a diagram of the implemented topology of all VCNs in a selected region and tenancy. Network Visualizer is a feature of the OCI Networking service that allows users to view and manage their network resources in a graphical interface. It can help users understand their network topology, troubleshoot issues, and optimize performance. The other options are not tools that provide a diagram of the VCN topology, but rather other features or services of OCI Networking. References: [Network Visualizer]

NEW QUESTION # 24
You just got a last minute request to create a set of instances in Oracle Cloud Infrastructure (OCI). The configuration and installed software are identical for every instance, and you already have a running instance inyour OCI tenancy. Which image option allows you to achieve this task with the least amount of effort?

• A. Create a custom image and use it as a template for the new instances.
• B. Use Oracle-provided images and customize the installation using a third-party tool.
• C. Select an image from the OCI Marketplace.
• D. Bring your own image and use it as a template for the new instances.

Answer: A

Explanation:
Explanation
Creating a custom image and using it as a template for the new instances is the option that allows you to achieve this task with the least amount of effort. A custom image is a copy of an existing instance that you can use to launch other instances with the same configuration and installed software. The other options are not suitable for this scenario, as they would require more time and effort to create and customize the instances.
References: [Custom Images]

NEW QUESTION # 25
You plan to upload a large file (3 TiB) to Oracle Cloud Infrastructure (OCI) Object Storage. You would like to minimize the impact of network failures while uploading, and therefore you decide to use the multipart upload capability.
Which TWO statements are true about performing a multipart upload using the Multipart Upload API?

• A. While a multipart upload is still active, you can keep adding parts as long as the total number is less than 10,000.
• B. You do not have to commit the upload after you have uploaded all the object parts.
• C. You do not need to split the object into parts. Object Storage splits the object into parts and uploads all of the parts automatically.
• D. When you split the object into individual parts, each part can be as large as 50 GiB.

Answer: A,D

Explanation:
While a multipart upload is still active, you can keep adding parts as long as the total number is less than 10,000. When you split the object into individual parts, each part can be as large as 50 GiB. The explanation is that a multipart upload allows you to upload a large object in parts, which can improve performance and reliability. You need to split the object into parts yourself and upload each part separately using the Multipart Upload API. You can add parts to an active multipart upload until you reach the maximum number of 10,000 parts per upload. Each part can range from 10 MiB to 50 GiB in size, except for the last part, which can be any size.

NEW QUESTION # 26
You are a security administrator for your company's Oracle Cloud Infrastructure (OCI) tenancy. Your storage administrator informs you that she cannot associate an encryption key from an existing Vault to a new Object Storage bucket.
What could be a possible reason for this behavior?

• A. There is no Identity and Access Management (IAM) policy that allows the Object Storage service to use thekey.
• B. The storage administrator forgot to select "Encrypt using Oracle managed keys" while creating the bucket.
• C. The Object Storage bucket policy lacks the necessary Access Control List (ACL).
• D. The secret for the key was not created beforehand

Answer: A

Explanation:
Explanation
There is no Identity and Access Management (IAM) policy that allows the Object Storage service to use the key. The explanation is that when you create an Object Storage bucket with encryption using a customer-managed key from Vault, you need to have an IAM policy that allows the Object Storage service to use the key on your behalf. The policy should look like this:
allow service objectstorage-<region> to use key in compartment <compartment-name> where <region> is the region where your bucket resides and <compartment-name> is the compartment where your key resides.

NEW QUESTION # 27
You are in the process of migrating several legacy applications from on-premises to Oracle Cloud Infrastructure (OCI). The current servers are already virtualized. However, you notice that the version of CentOS currentlyrunning does not align with any of the Oracle-provided compute images.How would you migrate your existing virtual server images to OCI?

• A. Export your current image in the QCOW2 format and copy to an Object Storage bucket. Import it as a custom image. Select emulated mode to ensure compatibility with legacy drivers
• B. Export your current image in the VMDK format and copy to an Object Storage bucket. Import it as a custom image. Select native mode to ensure the best possible performance.
• C. Export your current image in the QED format and copy to an Object Storagebucket. Import it as a customimage. Select emulated modeto ensure compatibility with legacy drivers.
• D. Export your current image in the VDI format and copy to an Object Storagebucket. Import it as a customimage. Select native modeto ensure the best possible performance.

Answer: A

Explanation:
Explanation
Export your current image in the QCOW2 format and copy to an Object Storage bucket. Import it as a custom image. Select emulated mode to ensure compatibility with legacy drivers. The explanation is that QCOW2 is one of the supported formats for importing custom images to OCI. Custom images are images that you can create from your own on-premises or cloud servers and use them to launch instances in OCI. To import a custom image, you need to export your current image in a supported format, copy it to an Object Storage bucket, and then import it as a custom image using the OCI console or API. When you import a custom image, you can choose between native mode or emulated mode. Native mode offers better performance but requires compatible drivers and firmware. Emulated mode offers better compatibility but lower performance.

NEW QUESTION # 28
You are part of a team that manages a set of workload instances running in an on-premises environment. The Architect team is tasked with designing and configuring Oracle Cloud Infrastructure (OCI) Logging service to collect logs from these instances. There is a requirement to archive Info-level logging data of these instances into the OCI Object Storage.
Which TWO features of OCI can help you achieve this?

• A. Service Connectors
• B. Grouping Function
• C. Cloud Agent Plugin
• D. Agent Configuration
• E. ObjectCollectionRule

Answer: A,C

Explanation:
Cloud Agent Plugin and Service Connectors are two features of OCI that can help collect logs from on-premises instances and archive them into OCI Object Storage. Cloud Agent Plugin is a component of the OCI Logging service that can be installed on any Linux or Windows instance to collect logs and send them to OCI. Service Connectors are components of the OCI Service Connector Hub that can transfer data between different OCI services, such as Logging and Object Storage. The other options are not relevant for this requirement. Reference: [Cloud Agent Plugin], [Service Connectors]

NEW QUESTION # 29
You plan to launch a VM instance with the VM.Standard2.24 shape and Oracle Linux 8 platform image. You wantto protect your VM instance from low-level threats, such as rootkits and bootkits that can infect the firmwareand operating system and are difficult to detect.
What should you do?

• A. Create a burstable instance.
• B. Create a shielded instance.
• C. Use Vulnerability Scanning Service.
• D. Use in-transit encryption.

Answer: B

Explanation:
Explanation
The explanation is that shielded instances are VM instances that have additional security features to protect them from low-level threats, such as rootkits and bootkits that can infect the firmware and operating system and are difficult to detect. Shielded instances use verified boot, which ensures that only trusted software components are executed during the boot process. Shielded instances also use virtual trusted platform module (vTPM), which provides a secure storage for encryption keys and certificates. Shielded instances are available for Oracle Linux 8 platform images with VM.Standard2.* shapes.

NEW QUESTION # 30
You want to distribute DNS traffic to different endpoints based on the location of the end user. Which Traffic Management Steering Policy would you use?

• A. Load Balancer
• B. Failover
• C. Geolocation
• D. IP Prefix

Answer: C

Explanation:
The explanation is that geolocation is a type of Traffic Management Steering Policy that allows you to distribute DNS traffic to different endpoints based on the location of the end user. Geolocation steering policies use geolocation data from third-party providers to map end user IP addresses to geographic regions. You can create rules that specify which endpoints to serve for each region or country, or use a default endpoint for unspecified regions.

NEW QUESTION # 31
In which two ways can Oracle Security Zones assist with the cloud security shared responsibility model?

• A. Allow access to an unsecured compartment, which is moved from a standard compartment.
• B. Add or move a standard compartment to a highly secured security zone compartment.
• C. Deny public access to Oracle Cloud Infrastructure resources, such as databases and object storage buckets.
• D. Encrypt storage resources with a customer-managed key.

Answer: C,D

Explanation:
Explanation
Oracle Security Zones is a service that helps you enforce best practices and prevent misconfigurations on your OCI resources by applying predefined policies and controls. Some of the benefits of using Security Zones are:
Encrypt storage resources with a customer-managed key: Security Zones require that all storage resources, such as block volumes, boot volumes, file systems, and object storage buckets, are encrypted with a customer-managed key from Vault. This ensures that you have full control over the encryption and decryption of your data at rest.
Deny public access to OCI resources, such as databases and object storage buckets: Security Zones prevent you from creating or updating OCI resources that have public access enabled, such as databases and object storage buckets that are accessible from the internet. This reduces the risk of unauthorized access or data leakage.

NEW QUESTION # 32
Which THREE capabilities are available with the Oracle Cloud Infrastructure (OCI) DNS service?

• A. Creating and managing zones
• B. Creating and managing security lists
• C. Creating and managing WAF rules
• D. Viewing all zones
• E. Creating and managing Identity Access Management (IAM) policies
• F. Creating and managing records

Answer: A,D,F

Explanation:
Explanation
Creating and managing records, creating and managing zones, and viewing all zones are three capabilities that are available with the OCI DNS service. Records are data elements that map domain names to IP addresses or other information. Zones are collections of records that correspond to a domain name or a subdomain name.
The OCI DNS service allows users to create and manage records and zones for their domains or subdomains, as well as view all zones in their tenancy. The other options are not capabilities of the OCI DNS service, but of other OCI services such as WAF, IAM, and Networking. References: [DNS Service], [Records], [Zones]

NEW QUESTION # 33
You create a file system and then add a 2 GB file. You then take a snapshot of the file system.
What would be the total meteredBytes shown by the File Storage service after the hourly update cycle is complete?

• A. 3 GB
• B. 4 GB
• C. 2.5 GB
• D. 2 GB

Answer: D

Explanation:
Explanation
The total meteredBytes shown by the File Storage service after the hourly update cycle is complete would be 2 GB. This is because snapshots do not consume any additional storage space unless there are changes made to the file system after taking the snapshot. Since no changes were made in this scenario, the snapshot would not add any extra storage cost. References: [Snapshots and MeteredBytes]

NEW QUESTION # 34
Which TWO are key benefits of setting up Site-to-Site VPN on Oracle Cloud Infrastructure (OCI)?

• A. When setting up Site-to-Site VPN, OCI provisions redundant VPN tunnels.
• B. When setting up Site-to-Site VPN, customers can expect bandwidth above 2 Gbps.
• C. When setting up Site-to-Site VPN, customers can configure it to use static or dynamic routing (BGP).
• D. When setting up Site-to-Site VPN, it creates a private connection that provides consistent network experience.

Answer: A,C

Explanation:
Explanation
When setting up Site-to-Site VPN, customers can configure it to use static or dynamic routing (BGP). When setting up Site-to-Site VPN, OCI provisions redundant VPN tunnels. The explanation is that Site-to-Site VPN is a secure and encrypted connection between your on-premises network and your Virtual Cloud Network (VCN) in OCI over the public internet. When setting up Site-to-Site VPN, you can choose to use static routing or dynamic routing (Border Gateway Protocol or BGP) to exchange routes between your network and OCI.
OCI also provisions two redundant VPN tunnels for each Site-to-Site VPN connection to provide high availability and failover.

NEW QUESTION # 35
You have three compartments: ProjectA, ProjectB, and ProjectC. For each compartment, there is an admin group set up: A-Admins, B-Admins, and C-Admins.
Each admin group has full access over their respective compartments as shown in the graphic below.
Your organization has set up a tag namespace, EmployeeGroup.Role and all your admin groups are tagged with a value of 'Admin'.

You want to set up a Test compartment for members of the three projects to share. You also need to provide admin access to all three of your existing admin groups.
Which policy would you write to accomplish this task?

• A. Allow all-group to manage all-resources in compartment Test where
  request.principal.group.tag.EmployeeGroup.Role='Admin'
• B. Allow group any-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin'
• C. Allow dynamic-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin'
• D. Allow any-user to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin'

Answer: D

Explanation:
Allow all-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin' is the policy that would accomplish this task. This policy grants admin access to all groups that have the tag EmployeeGroup.Role='Admin' in the compartment Test. The other options are not correct, as they use incorrect terms such as dynamic-group, any-group, or any-user. Reference: [Tag-Based Authorization]

NEW QUESTION # 36
You created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain application servers and the third subnet contains a DB System. The application requires a shared file system, therefore you have provisioned one using the file storage service (FSS).
You have also created the corresponding mount target in one of the application subnets. The VCN security lists are properly configured so that the application servers can access FSS. The security team changed the settings for the DB System to have read-only access to the file system. However when they test it, they are unable to access FSS.
How would you allow access to FSS?

• A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet.
• B. Change the ingress rules corresponding to the DB System subnet to be stateful.
• C. Create an instance principal for the DB System. Write an Identity and Access Management (IAM) policy that allows the instance principal read-only access to the file storage service.
• D. Modify the security list associated with the subnet where the mount target resides.
• E. Modify the security list associated with the subnet where the mount target resides. Change the ingress rules corresponding to the DB System subnet to be stateless.

Answer: A

Explanation:
Creating an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet is the correct answer. This is because NFS export options are used to control the level of access that clients have to file systems. By creating an NFS export option with READ_ONLY access for the DB System subnet, you can allow the DB System to read data from the file system, but not write or modify it. The other options are not correct, as they do not address the requirement of read-only access for the DB System. Reference: [NFS Export Options]

NEW QUESTION # 37
Company XYZ is spending $300,000.00 USD per month in egress fees for 7 Petabytes that they consume for Outbound Data Transfer in North America with their current cloud provider. The company is seeking to lower that expense considerably without reducing consumption. You propose migration to OCI because the Gigabyte Outbound Data Transfer in North America costs just $0.0085 USD per month. With OCI, how much will they spend per month for 7 Petabytes of Outbound Data Transfer? (1 Petabyte = 1000 Terabytes)

• A. $59,500.00
• B. $150,000.00
• C. $0.00 (free with OCI)
• D. $59,415.00

Answer: A

Explanation:
$59,415.00 is the amount that Company XYZ will spend per month for 7 Petabytes of Outbound Data Transfer in North America with OCI. This is calculated by multiplying 7 Petabytes by 1000 Terabytes (to convert Petabytes to Terabytes), then multiplying by $0.0085 USD (the cost per Gigabyte Outbound Data Transfer in North America), then dividing by 1000 (to convert Gigabytes to Terabytes). The formula is:
(7 * 1000 * 0.0085) / 1000 = $59,415.00

NEW QUESTION # 38
......

Oracle 1z0-1072-23 Dumps PDF Are going to be The Best Score: https://www.pdfdumps.com/1z0-1072-23-valid-exam.html

Oracle Cloud 1z0-1072-23 Exam and Certification Test Engine: https://drive.google.com/open?id=1Lis3EwEkTq23b8m2BFHkk0_VQSX6SSrs