Question 1

SIMULATION
Scenario: 3 (Use the OCI CLI to Work with Object Storage from a Compute Instance)
Scenario Description: (Hands-On Performance Exam Certification)
Your company runs a web application in OCI that generates log files. You want to upload these files
to OCI Object Storage to meet data retention requirements. Some files need to be retained
indefinitely, whereas others can be deleted after 30 days. Use the OCI CLI to create bucket and
upload the log directory and create a lifecycle policy rule to delete temporary files after 30 days.
Pre-Configuration:
To fulfill this requirement, you are provided with the following:
Access to an OCI tenancy, an assigned compartment, and OCI credentials
A compute instance with OCI CLI installed and a set of files in ~/dir_to_upload to use
Access to the OCI Console
Required IAM policies
Assumptions:
Perform the tasks by using the OCI CLI on the compute instance.
Use instance principal authentication for all CLI commands; the instance has been given the policies
necessary.
Connect to the compute instance using Cloud Shell’s private networking and the provided SSH key.
An SSH key pair has been provided to you for the compute instance.
Private Key https://objectstorage.us-ashburn1.oraclecloud.com/n/tenancyname/b/PBT_Storage/o/PKey.key
Note: Throughout your exam, ensure to use assigned Compartment , User Name and Region.
Complete the following tasks in the provisioned OCI environment:
Task 1: Create a Bucket in Object Storage
Task 2: Upload a Directory’s Contents to Object Storage
Task 3: Add a Lifecycle Policy to the Bucket

Accepted Answer

Explanation: . Explanation: Task 1: Create a Bucket in Object Storage Create a bucket named CloudOpsBucket_ with the following properties: Storage tier: Standard Auto-tiering: Disabled Object versioning: Enabled Emit events: Disabled Keys: Oracle-managed Visibility: Private Task 2: Upload a Directory’s Contents to Object Storage Upload the contents of the directory ~/dir_to_upload and its subdirectories to the bucket CloudOpsBucket Task 3: Add a Lifecycle Policy to the Bucket Create a lifecycle policy rule that deletes all files from ~/dir_to_upload/temp after 30 days Task 1: Create a bucket in Object Storage 1. Open Cloud Shell in the console. Under Network along the top, select Ephemeral Private Network Setup. 2. Select the subnet of the compute instance. 3. SSH into the compute instance using the provided SSH key: ssh -i /path/to/key opc@ 4. In the compute instance, create the bucket with the following command (note that it’s one long line): oci os bucket create -c " " --name "CloudOpsBucket" --auth instance_principal -- versioning 'Enabled' Task 2: Upload a directory’s contents to Object Storage 1. Upload the contents of the specified directory and subdirectories with the following command (note that it’s one long line): oci os object bulk-upload -bn "CloudOpsBucket" --src-dir "~/dir_to_upload" --auth instance_principal Task 3: Add a lifecycle policy to the bucket 1. Create a file named rule.json 2. Add the following content to rule.json: {"items": [{"action": "DELETE","is-enabled": true,"name": "Delete-Rule","object-name-filter": {"exclusion-patterns": null,"inclusion-patterns": null,"inclusion-prefixes": ["temp/"]},"target": "objects","time-amount": 30,"time-unit": "DAYS"}]} 3. Add the lifecycle policy rule with the following command: oci os object-lifecycle-policy put -bn "CloudOpsBucket" --from-json file://rule.json –-auth instance_principal Top of Form

Question 2

Which statement is incorrect regarding replication being turned ON for a bucket named my-bucket?

Accepted Answer

D

Question 3

SIMULATION

Scenario: 1 (Create a reusable VCN Configuration with Terraform)

Scenario Description: (Hands-On Performance Exam Certification)

You’ll launch and destroy a VCN and subnet by creating Terraform automation scripts and issuing

commands in Code Editor. Next, you’ll download those Terraform scripts and create a stack by

uploading them into Oracle Cloud Infrastructure Resource Manager.

You’ll then use that service to launch and destroy the same VCN and subnet.

In this scenario, you will:

a. Create a Terraform folder and file in Code Editor.

b. Create and destroy a VCN using Terraform.

c. Create and destroy a VCN using Resource Manager.

Accepted Answer

SEE THE SOLUTION BELOW WITH STEP BY STEP

Explanation: . Explanation: Create a Terraform Folder and File in Code Editor: You’ll create a folder and file to hold your Terraform scripts. 1. Log in to your tenancy in the Cloud Console and open the Code Editor, whose icon is at the top- right corner, to the right of the CLI Cloud Shell icon. 2. Expand the Explorer panel with the top icon on the left panel. It looks like two overlapping documents. 3. Expand the drop-down for your home directory if it isn’t already expanded. It’s okay if it is empty. 4. Create a new folder by clicking File, then New Folder, and name it terraform-vcn. 5. Create a file in that folder by clicking File, then New File, and name it vcn.tf. To make Code Editor, create the file in the correct folder, click the folder name in your home directory to highlight it. 6. First, you’ll set up Terraform and the OCI Provider in this directory. Add these lines to the file: terraform {required_providers {oci = {source = "oracle/oci"version = ">=4.67.3"}}required_version = ">= 1.0.0"} 7. Save the changes by clicking File, then Save. 8. Now, run this code. Open a terminal panel in Cloud Editor by clicking Terminal, then New Terminal. 9. Use pwd to check that you are in your home directory. 10. Enter ls and you should see your terraform_vcn directory. 11. Enter cd terraform_vcn/ to change to that directory with. 12. Use terraform init to initialize this directory for Terraform. 13. Use ls -a and you should see that Terraform created a hidden directory and file. Create and Destroy a VCN Using Terraform You’ll create a Terraform script that will launch a VCN and subnet. You’ll then alter your script and create two additional files that will apply a compartment OCID variable to your Terraform script. Write the Terraform 1. Add the following code block to your Terraform script to declare a VCN, replacing with the proper OCID. The only strictly required parameter is the compartment OCID, but you’ll add more later. If you need to retrieve your compartment OCID, navigate to Identity & Security, then Compartments. Find your compartment, hover the cursor over the OCID, and click Copy. resource "oci_core_vcn" "example_vcn" {compartment_id = ""} This snippet declares a resource block of type oci_core_vcn. The label that Terraform will use for this resource is example_vcn. 2. In the terminal, run terraform plan, and you should see that Terraform would create a VCN. Because most of the parameters were unspecified, terraform will list their values as “(known after apply).” You can ignore the “-out option to save this plan” warning. Note that terraform plan parses your Terraform configuration and creates an execution plan for the associated stack, while terraform apply applies the execution plan to create (or modify) your resources. 3. Add a display name and CIDR block (the bolded portion) to the code. Note that we want to set the cidr_blocks parameter, rather than cidr_block (which is deprecated). resource "oci_core_vcn" "example_vcn" {compartment_id = ""display_name = "VCN-01"cidr_blocks = ["10.0.0.0/16"]} 4. Save the changes and run terraform plan again. You should see the display name and CIDR block reflected in Terraform’s plan. 5. Now add a subnet to this VCN. At the bottom of the file, add the following block: resource "oci_core_subnet" "example_subnet" {compartment_id = ""display_name = "SNT-01"vcn_id = oci_core_vcn.example_vcn.idcidr_block = "10.0.0.0/24"} Note the line where we set the VCN ID. Here we reference the OCID of the previously declared VCN, using the name we gave it to Terraform: example_vcn. This dependency makes Terraform provision the VCN first, wait for OCI to return the OCID, then provision the subnet. 6. Run terraform plan to see that it will now create a VCN and subnet. Add Variables 7. Before moving on there are a few ways to improve the existing code. Notice that the subnet and VCN both need the compartment OCID. We can factor this out into a variable. Create a file named variables.tf 8. In variables.tf, declare a variable named compartment_id: variable "compartment_id" {type = string} 9. In vcn.tf, replace all instances of the compartment OCID with var.compartment_id as follows: terraform {required_providers {oci = {source = "oracle/oci"version = ">=4.67.3"}}required_version = ">= 1.0.0"} resource "oci_core_vcn" "example_vcn" {compartment_id = var.compartment_iddisplay_name = "VCN-01"cidr_blocks = ["10.0.0.0/16"]} resource "oci_core_subnet" "example_subnet" {compartment_id = var.compartment_iddisplay_name = "SNT- 01"vcn_id = oci_core_vcn.example_vcn.idcidr_block = "10.0.0.0/24"} Save your changes in both vcn.tf and variables.tf 10. If you were to run terraform plan or apply now, Terraform would see a variable and provide you a prompt to input the compartment OCID. Instead, you’ll provide the variable value in a dedicated file. Create a file named exactly terraform.tfvars 11. Terraform will automatically load values provided in a file with this name. If you were to use a different name, you would have to provide the file name to the Terraform CLI. Add the value for the compartment ID in this file: compartment_id = "" Be sure to save the file. 12. Run terraform plan and you should see the same output as before. Provision the VCN 13. Run terraform apply and confirm that you want to make the changes by entering yes at the prompt. 14. Navigate to VCNs in the console. Ensure that you have the right compartment selected. You should see your VCN. Click its name to see the details. You should see its subnet listed. Terminate the VCN 15. Run terraform destroy. Enter yes to confirm. You should see the VCN terminate. Refresh your browser if needed. Create and Destroy a VCN Using Resource Manager (You will most probably be tested on this in the actual certification) We will reuse the Terraform code but replace the CLI with Resource Manager. 1. Create a folder named terraform_vcn on your host machine. Download the vcn.tf, terraform.tfvars, and variables.tf files from Code Editor and move them to the terraform_vcn folder to your local machine. To download from Code Editor, right-click the file name in the Explorer panel and select Download. You could download the whole folder at once, but then you would have to delete Terraform’s hidden files. Create a Stack 2. Navigate to Resource Manager in the Console’s navigation menu under Developer Services. Go to the Stacks page. 3. Click Create stack. a. The first page of the form will be for stack information. 1) For the origin of the Terraform configuration, keep My configuration selected. 2) Under Stack configuration, upload your terraform_vcn folder. 3) Under Custom providers, keep Use custom Terraform providers deselected. 4) Name the stack and give it a description. 5) Ensure that your compartment is selected. 6) Click Next. b. The second page will be for variables. 1) Because you uploaded a terraform.tfvars file, Resource Manager will auto-populate the variable for compartment OCID. 2) Click Next. c. The third page will be for review. 1) Keep Run apply deselected. 2) Click Create. This will take you to the stack’s details page. Run a Plan Job 4. The stack itself is only a bookkeeping resource—no infrastructure was provisioned yet. You should be on the stack’s page. Click Plan. A form will pop up. a. Name the job RM-Plan-01. b. Click Plan again at the bottom to submit a job for Resource Manager to run terraform plan. This will take you to the job’s details page. 5. Wait for the job to complete, and then view the logs. They should match what you saw when you ran Terraform in Code Editor. Run an Apply Job 6. Go back to the stack’s details page (use the breadcrumbs). Click Apply. A form will pop up. a. Name the job RM-Apply-01. b. Under Apply job plan resolution, select the plan job we just ran (instead of “Automatically approve”). This makes it execute based on the previous plan, instead of running a new one. c. Click Apply to submit a job for Resource Manager to run terraform apply. This will take you to the job’s details page. 7. Wait for the job to finish. View the logs and confirm that it was successful. View the VCN 8. Navigate to VCNs in the Console through the navigation menu under Networking and Virtual Cloud Networks. 9. You should see the VCN listed in the table. Click its name to go to its Details page. 10. You should see the subnet listed. Run a Destroy Job 11. Go back to the stack’s details page in Resource Manager. 12. Click Destroy. Click Destroy again on the menu that pops up. 13. Wait for the job to finish. View the logs to see that it completed successfully. 14. Navigate back to VCNs in the Console. You should see that it has been terminated. 15. Go back to the stack in Resource Manager. Click the drop-down for More actions. Select Delete stack. Confirm by selecting Delete.

Question 4

You set up a bastion host in your Virtual Cloud Network (VCN) to allow only your IP ad-dress
(140.19.2.140) to establish SSH connections with your compute instances that are deployed in a
private subnet. The compute instances have an attached Network Security Group (NSG) with a
Source Type: Network Security Group (NSG), Source NSG: NSG-050504. To secure the bastion host,
you add the following ingress rules to its NSG: Type: All TCP Proto-col: TCP Port Range: 22 Source:
140.19.2.140/32 Type: All TCP Protocol: TCP Port Range: 22 Source: NSG-050504 However, when you
check the bastion host logs, you discover that there are IP addresses other than your own that can
access your bastion host. What is the root cause of this issue?

Accepted Answer

B

Question 5

SIMULATION
Scenario: 4 (Write Identity and Access Management Policies to Secure a Tenancy)
Scenario Description: (Hands-On Performance Exam Certification)
Your company has signed up for an OCI tenancy to migrate an e-commerce application, a supply
chain management (SCM) system, and a customer relationship management (CRM) system. You
have been tasked with setting up the requisite identity and access management (IAM) policies for
your team to begin developing on OCI.
You start by setting up the following compartment hierarchy:
Tenancy (root)
Common-Infra
Network
Security
Applications
E-Comm
SCM
CRM
You create the following groups:
Network-Admins
Security-Admins
E-Comm-Admins
SCM-Admins
CRM-Admins
Write the IAM policies for the following use cases:
Assumptions:
Assume that all policies will be attached to the root compartment.
Write one policy per given text box.
Keep policies as simple as possible by using verbs instead of permissions (for example, “inspect
orm-stacks” instead of “ORM_STACK_INSPECT”) and aggregate resource types instead of individual
ones (for example, “file-family” instead of “file-systems” and “mount-targets”)
Task 1
Write a policy statement to enable Network-Admins to create and destroy network-related
resources, such as VCNs, subnets, gateways, and so on in the Network compartment.
Task 2
Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in
the E-Comm compartment by using networking resources in the Network compartment.[Write one
policy per given text box]
Task 3
Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in
the SCM compartment—but only in Phoenix and London.

Accepted Answer

Explanation: . Explanation: Task 1 Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment. Solution- Policy Statement: allow Network-Admins to manage virtual-network-family in compartment Common-Infra:Network Task 2 Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box] Solution- Policy Statement: allow E-Comm-Admins to manage instance-family in compartment Applications:E-Comm allow E- Comm-Admins to use virtual-network-family in compartment Common-Infra:Network Task 3 Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment—but only in Phoenix and London. Solution- Policy Statement: allow SCM-Admins to manage volume-family in compartment Applications:SCM where any{request.region='phx',request.region='lhr'} Thank you for your visit.

Question 6

Which option is NOT a possible return value for an OCI health check?

Accepted Answer

C

Question 7

Which default authentication is used by Ansible modules for Oracle Cloud Infrastructure (OCO for making API requests?

Accepted Answer

C

Question 8

You have created several block volumes in the us-phoenix-1 region in a specific compart-ment. The
compartment can be identified by the following Oracle Cloud Infrastructure (OCI) unique identifier,
or ocid1.compartment.oc1.phx..exampleuniquelD Your manager has asked you to leverage the OCI
monitoring service and write a metric query showing all read IOPS at a one-minute interval, filtered
to this compartment and aggregated for the maximum. Which metric query will you create?

Accepted Answer

D

Question 9

Security Testing Policy describes when and how you may conduct certain types of security testing of Oracle Cloud Services, including vulnerability and penetration tests, as well as tests involving data scraping tools. What does Oracle allow as part of this testing? (Choose the best)

Accepted Answer

ANSWER: B

Question 10

You have set an alarm to be generated when the CPU usage of a specified instance is greater than 10%. In the alarm behavior view below you notice that the critical condition happened around 23:30. You were expecting a notification after 1 minute, however, the alarm firing state did not begin until 23:33. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/1Z0-1067-25/page_30_img_1.jpg What should you change to fix it? (Choose the best)

Accepted Answer

ANSWER: B

Question 11

Recently, your e-commerce web application has been receiving significantly more traffic than usual. Users are reporting they often encounter a 503 Service Error when trying to access your site. Sometimes the site is very slow. You check your instance pool configuration to con-firm that the maximum number of instances is configured to allow 20 compute instances. Currently, 14 compute instances have been provisioned by the instance pool. You also confirm that current CPU utilization across all hosts exceeds the scale-out threshold you set in your auto-scaling policy. However, the instance pool is not provisioning any new instances. What can you check to determine why the application is NOT functioning properly? (Choose the best)

Accepted Answer

ANSWER: B

Question 12

You are asked to investigate a potential security risk on your company Oracle Cloud Infrastructure (OCI) tenancy. You decide to start by looking through the audit logs for suspicious activity. How can you retrieve the audit logs using the OCI Command Line Interface (CLI)? (Choose the best)

Accepted Answer

ANSWER: C

Question 13

You are working with Terraform on your laptop and have been tasked with spinning up multiple compute instances in Oracle Cloud Infrastructure (OCI) for a project. In addition, you are also required to collect IP addresses of provisioned instances and write them to a file and save it in your laptop. Which specific Terraform functionality can help accomplish this task? (Choose the best)

Accepted Answer

ANSWER: D

Question 14

You set up a bastion host in your VCN to only allow your IP address (140.19.2.140) to establish SSH connections to your Compute Instances that are deployed in a private subnet. The Compute Instances have an attached Network Security Group with a Source Type: Network Security Group (NSG), Source NSG: NSG-050504. To secure the bastion host, you added the following ingress rules to its Network Security Group: However, after checking the bastion host logs, you discovered that there are IP addresses other than your own that can access your bastion host. What is the root cause of this issue? (Choose the best)

Accepted Answer

ANSWER: C

Question 15

The boot volume on your Oracle Linux instance has run out of space. Your application has crashed due to a lack of swap space, forcing you to increase the size of the boot volume. Which step should NOT be included in the process used to solve the issue? (Choose the best)

Accepted Answer

ANSWER: C

Free Oracle 1Z0-1067-25 Actual Exam Questions