You have an instance running in a development compartment that needs to make API calls against other OCI services, but you do not want to configure user credentials or a store a configuration file on the instance. How can you meet this requirement?
A. Create a dynamic group with matching rules to include your instance
B. Instances can automatically make calls to other OCI services
C. Instances are secure and cannot make calls to other OCI services
D. Create a dynamic group with matching rules to include your instance and write a policy for this dynamic group
Correct Answer: D
Dynamic groups allow you to group Oracle Cloud Infrastructure computer instances as "principal" actors (similar to user groups). When you create a dynamic group, rather than adding members explicitly to the group, you instead define a set of matching rules to define the group members. For example, a rule could specify that all instances in a particular compartment are members of the dynamic group. The members can change dynamically as instances are launched and terminated in that compartment. A dynamic group has no permissions until you write at least one policy that gives that dynamic group permission to either the tenancy or a compartment. When writing the policy, you can specify the dynamic group by using either the unique name or the dynamic group's OCID. Per the preceding note, even if you specify the dynamic group name in the policy, IAM internally uses the OCID to determine the dynamic group.
Question 22:
Which two Oracle Cloud Infrastructure services use a Dynamic Routing Gateway?
A. OCI FastConnect Public Peering
B. Local Peering
C. OCI FastConnect Private Peering
D. Internet Gateway
E. OCI IPSec VPN Connect
Correct Answer: CE
You can think of a DRG as a virtual router that provides a path for private traffic (that is, traffic that uses private IPv4 addresses) between your VCN and networks outside the VCN's region. You use a DRG when connecting your existing on-premises network to your virtual cloud network (VCN) with one (or both) of these: IPSec VPN Oracle Cloud Infrastructure FastConnect (Private Only) You also use a DRG when peering a VCN with a VCN in a different region: Remote VCN Peering (Across Regions)
Question 23:
Which two statements are true about Oracle Cloud Infrastructure IPSec VPN Connect?
A. Each OCI IPSec VPN consists of multiple redundant IPSec tunnels B. OCI IPSec VPN tunnel supports only static routes to route traffic
C. OCI IPSec VPN can be configured in tunnel mode only
D. OCI IPSec VPN can be configured in trans port mode only
Correct Answer: AC
VPN Connect provides a site-to-site IPSec VPN between your on-premises network and your virtual cloud
network (VCN). The IPSec protocol suite encrypts IP traffic before the packets are transferred from the
source to the destination and decrypts the traffic when it arrives. On general, IPSec can be configured in
the following modes:
Transport mode: IPSec encrypts and authenticates only the actual payload of the packet, and the header
information stays intact.
Tunnel mode (supported by Oracle): IPSec encrypts and authenticates the entire packet. After encryption,
the packet is then encapsulated to form a new IP packet that has different header information.
Oracle Cloud Infrastructure supports only the tunnel mode for IPSec VPNs. Each Oracle IPSec VPN
consists of multiple redundant IPSec tunnels. For a given tunnel, you can use either Border Gateway
Protocol (BGP) dynamic routing or static routing to route that tunnel's traffic.
More details about routing follow.
IPSec VPN site-to-site tunnels offer the following advantages:
Public internet lines are used to transmit data, so dedicated, expensive lease lines from one site to another
aren't necessary.
The internal IP addresses of the participating networks and nodes are hidden from external users. The
entire communication between the source and destination sites is encrypted, significantly lowering the
chances of information theft.
Question 24:
You are running several Linux based operating systems in your on .premises environment that you want to import to OCI as custom images. You can launch your imported images as OCI compute Virtual machines. Which two modes below can be used to launch these imported Linux VMs?
A. Native
B. Mixed
C. Paravirtualized
D. Emulated
Correct Answer: CD
You can use the Console or API to import exported images from Object Storage. To import an image, you
need read access to the Object Storage object containing the image.
during the Import you can select the Launch mode:
For custom images where the image format is .oci, Oracle Cloud Infrastructure selects the applicable
launch mode based on the launch mode for the source image. For custom images exported from Oracle
Cloud Infrastructure where the image type is QCOW2, select Native Mode.
To import other custom images select Paravirtualized Mode or Emulated Mode. For more information, see
Bring Your Own Image (BYOI).
Question 25:
You have deployed a compute instance (VM.Standard2.24) to run an Oracle database. With this set up, you run into some performance issues and want to leverage an OCI Dense IO shape (VM.DenseIO2.24), with which you get 25.6 TB local NVMe SSD. You do not want to lose the configuration changes you made to the instance. Which of the following TWO steps ARE NOT required to make this transition?
A. Terminate the VM.Standard2.24 instance and do not preserve the boot volume
B. Create a new instance using the VM.Dense102.24 shape using the preserved boot volume and move the Oracle Database data to NVMe disks
C. Terminate the VM.Standard2.24 instance and preserve the boot volume
D. Create a new instance using a VM.DenseIO2.24 shape using the preserved boot volume and move the Oracle Database data to block volumes
Correct Answer: AD
You can permanently terminate (delete) instances that you no longer need. Any attached VNICs and volumes are automatically detached when the instance terminates. Eventually, the instance's public and private IP addresses are released and become available for other instances. By default, the instance's boot volume is deleted when you terminate the instance, however you can preserve the boot volume associated with the instance, so that you can attach it to a different instance as a data volume, or use it to launch a new instance. Dense I/O Shapes Designed for large databases, big data workloads, and applications that require high-performance local storage. DenseIO shapes include locally-attached NVMe-based SSDs. so once you create the VM.DenseIO you need to moce the Database to locally-attached NVMe-based SSDs
Question 26:
Which two statements are true regarding cloning a block volume?
A. You can change the block volume performance when creating a clone
B. You can clone block volumes across regions
C. You can change the block volume size when creating a clone
D. You can skip block volume encryption when creating a clone
Correct Answer: AC
You can create a clone from a volume using the Block Volume service. Cloning enables you to make a copy of an existing block volume without needing to go through the backup and restore process. A cloned volume is a point-in-time direct disk-to-disk deep copy of the source volume, so all the data that is in the source volume when the clone is created is copied to the clone volume. You can only create a clone for a volume within the same region, availability domain and tenant. You can create a clone for a volume between compartments as long as you have the required access permissions for the operation. during create a clone you can do the following If you want to clone the block volume to a larger size volume, check Custom Block Volume Size (GB) and then specify the new size. You can only increase the size of the volume, you cannot decrease the size. If you clone the block volume to a larger size volume, you need to extend the volume's partition. See Extending the Partition for a Block Volume for more information. If you want to change the elastic performance setting when cloning the volume, check Custom Block Volume Performance and select the elastic performance setting you want the volume clone to use. See Block Volume Elastic Performance for more information. You can also change the elastic performance setting after you have cloned the volume, see Block Volume Elastic Performance. If you leave Custom Block Volume Performance unchecked, the cloned volume will use the same elastic performance setting as the source volume.
Question 27:
The Oracle Cloud Infrastructure Block Volume service lets you expand the size of block and boot volumes. Which three options below can you use to increase the size of your block volumes?
A. Clone an existing volume to a new, larger volume
B. You can only expand block volumes and not boot volumes
C. Expand an existing volume in place with offline resizing
D. Take a backup of your existing volume and restore from the volume backup to a larger volume
E. Expand an existing volume in place with online resizing
Correct Answer: ACD
The Oracle Cloud Infrastructure Block Volume service lets you expand the size of block volumes and boot
volumes. You have three options to increase the size of your volumes:
Expand an existing volume in place with offline resizing. See Resizing a Volume Using the Console for the
steps to do this.
Restore from a volume backup to a larger volume. See Restoring a Backup to a New Volume and
Restoring a Boot Volume.
Clone an existing volume to a new, larger volume. See Cloning a Volume and Cloning a Boot Volume.
Question 28:
Which two options are necessary for achieving high availability on Oracle Cloud Infrastructure?
A. Store your database across multiple regions so that half of the data resides in one region and the other half resides in another region.
B. Attach your block volume form Availability Domain 1 to a compute instance in Availability Domain 2 (and vice versa) so that they are highly available.
C. Configure your database to have Data Guard in another Availability Domain in Sync mode within a region.
D. Store your database files on Object Storage so that they are available in all Availability Domains in all regions.
E. Distribute your application servers across all Availability Domains within a region.
Correct Answer: CE
All details can find in "Best Practices for Deploying High Availability Architecture on Oracle Cloud Infrastructure" https://docs.cloud.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/best-practicesdeploying-ha-architecture-oci.pdf
Question 29:
In what two ways does Oracle Cloud Infrastructure (OCI) file storage service differ from OCI object storage and block volume services?
A. You can move object storage buckets, block volumes and file storage mount targets between compartments.
B. File Storage uses the network file system (NFS) protocol, whereas block volume uses iSCSI.
C. Block volume service Is NVMe based, while file storage service is not.
D. File storage mount target does not provide a private IP address, while the object storage bucket provides one.
Correct Answer: AB
The mount target provides the IP address or DNS name that is used together with a unique export path to
mount the file system.
You can move mount targets from one compartment to another.
Question 30:
Which statement is true about Data Guard Implementation in DB systems?
A. Both DB systems must be in the same compartment, and they must be the same shape
B. You can define the backup window and set custom backup retention period for the automatic database backup schedule.
C. You cannot manage Oracle database initialization parameters at a global level.
D. You cannot manage the database as sys/sysdba.
Correct Answer: A
An Oracle Data Guard implementation requires two DB systems, one containing the primary database and one containing the standby database. When you enable Oracle Data Guard for a virtual machine DB system database, a new DB system with the standby database is created and associated with the primary
database. For a bare metal DB system, the DB system with the database that you want to use as the
standby must already exist before you enable Oracle Data Guard.
Requirement details are as follows:
-Both DB systems must be in the same compartment.
-The DB systems must be the same shape type (for example, if the shape of the primary database is a virtual machine, then the shape of the standby database can be any other virtual machine shape).
-If your primary and standby databases are in different regions, then you must peer the virtual cloud networks (VCNs) for each database. See Remote VCN Peering (Across Regions).
-Configure the security list ingress and egress rules for the subnets of both DB systems in the Oracle Data Guard association to enable TCP traffic to move between the applicable ports. Ensure that the rules you create are stateful (the default).
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Oracle exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 1Z0-1072-21 exam preparations and Oracle certification application, do not hesitate to visit our Vcedump.com to find your solutions here.