Oracle 1Z0-1072-21 Online Practice Questions and Exam Preparation

Oracle 1Z0-1072-21 Online Questions & Answers

• Question 51:

  Which two statements are true about an Oracle Cloud Infrastructure (OCI) virtual cloud network (VCN)? (Choose two.)

  A. To delete a VCN, its subnets must contain no resources.
  B. A VCN can have multiple CIDR blocks associated with it.
  C. In regions with multiple Availability Domains (AD), each AD should have their own VCN assigned to it.
  D. If you own a block of public IPs, you can assign it to one of your VCNs.
  E. A VCN covers a single, contiguous IPv4 CIDR block of your choice.
  A. To delete a VCN, its subnets must contain no resources.
  E. A VCN covers a single, contiguous IPv4 CIDR block of your choice.

  ---

  Reference: https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/managingVCNs.htm

• Question 52:

  You have been notified of an application failure indicating that one or more of the Oracle Cloud Infrastructure (OCI) resources have become unavailable. After scanning the Compute and Database consoles, you notice that one of the DB Systems is missing. What would you do to identify the reason for this missing resource?

  A. Navigate to the Audit console and search the previous 24 hours for all DELETE request actions to get a list of any resource that was deleted in the past 24 hours.
  B. Navigate to the Audit console and search the previous 24 hours for all the GET request actions to get a list of every event that occurred in the past 24 hours.
  C. View the service limits associated with your account to ensure that you have not exceeded the allowable number of DB Systems in your tenancy.
  D. Create a serial console connection to the DB System that does not appear in the management console. Connect to the serial console connection, and then review the system logs under /var/log/messages.
  A. Navigate to the Audit console and search the previous 24 hours for all DELETE request actions to get a list of any resource that was deleted in the past 24 hours.

  ---

  You can filter results by request actions to zero in on only the events with operations that interest you. For example, say that you only want to know about instances that were deleted during a specific time frame. Select a delete request action filter to see only the events with delete operations Reference: https://docs.cloud.oracle.com/en-us/iaas/Content/GSG/Tasks/usingaudit.htm

• Question 53:

  You have created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain application servers and the third subnet contains a DB System. The application requires a shared file system so you have provisioned one using the file storage service (FSS). You also created the corresponding mount target in one of the application subnets. The VCN security lists are properly configured so that both application servers and the DB System can access the file system. The security team determines that the DB System should have read-only access to the file system. What change would you make to satisfy this requirement?

  A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet.
  B. Connect via SSH to one of the application servers where the file system has been mounted. Use the Unix command chmod to change permissions on the file system directory, allowing the database user read only access.
  C. Modify the security list associated with the subnet where the mount target resides. Change the ingress rules corresponding to the DB System subnet to be stateless.
  D. Create an instance principal for the DB System. Write an Identity and Access Management (IAM) policy that allows the instance principal read-only access to the file storage service.
  A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet.

  ---

  NFS export options enable you to create more granular access control than is possible using just security list rules to limit VCN access. You can use NFS export options to specify access levels for IP addresses or CIDR blocks connecting to file systems through exports in a mount target.

• Question 54:

  Which does NOT set a variable in Terraform?

  A. Passing the variable with a var statement to Terraform
  B. Setting the variable as key value pairs in a file in a subdirectory named tfvar
  C. A default value in the variable declaration within a TF plan file
  D. Setting the environment variable using a TF_VAR_ predicate in front of the variable name
  B. Setting the variable as key value pairs in a file in a subdirectory named tfvar

• Question 55:

  Which resource is required when connecting to your on-premise network from your Virtual Cloud Network (VCN) via IPSec VPN or FastConnect?

  A. Internet Gateway (IGW)
  B. Dynamic Routing Gateway (DRG)
  C. local peering gateway
  D. NAT
  B. Dynamic Routing Gateway (DRG)

  ---

  References: https://cloud.oracle.com/networking/vcn/faq

• Question 56:

  Which two statements are true about an Oracle Cloud Infrastructure object storage bucket? (Choose two.)

  A. You can associate a bucket with multiple compartments
  B. You cannot change a bucket from private to public after it is created
  C. You can associate a bucket with only a single compartment
  D. You cannot edit or append data to an object, but you can replace the entire object
  C. You can associate a bucket with only a single compartment
  D. You cannot edit or append data to an object, but you can replace the entire object

  ---

  A bucket is associated with a single compartment.

  You can't edit or append data to an object, but you can replace the entire object.

• Question 57:

  You have setup your environment as shown below with the Mount Target "MT" successfully mounted on both compute instances CLIENT-X and CLIENT-Y.

  For security reasons you want to control the access to the File System A in such a way that CLIENT-X has READ/WRITE and CLIENT-Y has READ only permission.

  

  What you should do?

  A. Update the OS firewall in CLIENT-X to allow READ/WRITE access.
  B. Update the security list TWO to restrict CLIENT-Y access to read-only.
  C. Update the mount target export options to restrict CLIENT-Y access to read-only.
  D. Update the security list ONE to restrict CLIENT-Y access to read only.
  D. Update the security list ONE to restrict CLIENT-Y access to read only.

• Question 58:

  When creating a subnet, one or more placeholder security lists are often associated with the subnet. Why?

  A. Each operator needs its own security list.
  B. Each protocol needs its own security list.
  C. Each network endpoint or instance in the subnet needs its own security list.
  D. It is not possible to add or remove security lists after a subnet is created.
  C. Each network endpoint or instance in the subnet needs its own security list.

  ---

  References:

  https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/securitylists.htm?tocpath=Services %7CNetworking%7CAccess%20and%20Security%7C_____3

• Question 59:

  Which two statements are true regarding cloning a block volume?

  A. You can change the block volume performance when creating a clone
  B. You can clone block volumes across regions
  C. You can change the block volume size when creating a clone
  D. You can skip block volume encryption when creating a clone
  A. You can change the block volume performance when creating a clone
  C. You can change the block volume size when creating a clone

  ---

  You can create a clone from a volume using the Block Volume service. Cloning enables you to make a copy of an existing block volume without needing to go through the backup and restore process. A cloned volume is a point-in-time direct

  disk-to-disk deep copy of the source volume, so all the data that is in the source volume when the clone is created is copied to the clone volume. You can only create a clone for a volume within the same region, availability domain and tenant.

  You can create a clone for a volume between compartments as long as you have the required access permissions for the operation.

  during create a clone you can do the following

  If you want to clone the block volume to a larger size volume, check Custom Block Volume Size (GB) and then specify the new size. You can only increase the size of the volume, you cannot decrease the size. If you clone the block volume to

  a larger size volume, you need to extend the volume's partition. See Extending the Partition for a Block Volume for more information. If you want to change the elastic performance setting when cloning the volume, check Custom Block Volume

  Performance and select the elastic performance setting you want the volume clone to use. See Block Volume Elastic Performance for more information. You can also change the elastic performance setting after you have cloned the volume,

  see Block Volume Elastic Performance. If you leave Custom Block Volume Performance unchecked, the cloned volume will use the same elastic performance setting as the source volume.

• Question 60:

  Which two statements are true about Oracle Cloud Infrastructure (OCI) DB Systems?

  A. Customers have no control over database patching.
  B. The database and backups are encrypted by default.
  C. Customers can consolidate multiple database homes on a single virtual machine database host.
  D. Customers can manage the TDE Wallet after DB Systems is provisioned.
  B. The database and backups are encrypted by default.
  D. Customers can manage the TDE Wallet after DB Systems is provisioned.

  ---

  All databases created in Oracle Cloud Infrastructure are encrypted using transparent data encryption (TDE).

  Oracle Cloud Infrastructure encrypts all managed backups in the object store. Oracle uses the Database Transparent Encryption feature by default for encrypting the backups. and the customers can manage the TDE Wallet after DB Systems

  are provisioned.