Oracle Certification
62 practice questions with correct answers and detailed explanations. Use this guide to review concepts before taking the practice exam.
The Oracle OCI Architect Associate (1Z0-1072) certification validates professional expertise in Oracle technologies. This study guide covers all 62 practice questions from our 1Z0-1072 practice test, complete with correct answers and explanations to help you understand each concept thoroughly.
Review each question and explanation below, then test yourself with the full interactive practice exam to measure your readiness.
You are designing a multi-region OCI deployment for disaster recovery. Which OCI service provides automated, continuous replication of data across regions with minimal RPO?
OCI Object Storage Cross-Region Replication provides continuous, automated replication of objects across regions with near-zero RPO. This is the most efficient method for cross-region data replication in OCI.
Your organization requires encryption of data at rest and in transit for a financial services application. Which combination of OCI services ensures end-to-end encryption without key management overhead?
OCI Autonomous Database automatically encrypts data at rest using OCI Key Management Service (which can use Oracle-managed or customer-managed keys) and enforces TLS 1.2+ for all communications, providing comprehensive encryption without requiring custom implementation.
When designing a highly available application, you need to distribute traffic across multiple subnets in different availability domains within a single region. Which OCI load balancing solution is most appropriate?
OCI Network Load Balancer supports distribution across multiple availability domains within a region and provides ultra-high performance. Application Load Balancer can also span ADs, but Network Load Balancer is optimized for this scenario.
You are implementing a solution where on-premises users need secure, consistent access to OCI resources. Which connectivity option provides the lowest latency with guaranteed bandwidth and service level?
OCI FastConnect provides a dedicated, private network connection with guaranteed bandwidth and SLA, resulting in predictable low latency. This is superior to internet-based VPN for consistent performance requirements.
Your application requires automatic scaling based on custom application metrics, not just CPU or memory. Which OCI service combination enables this capability?
OCI Compute Auto Scaling integrates with OCI Monitoring to use custom metrics for scaling policies, enabling applications to scale based on any application-specific metric, not just standard metrics.
You need to implement least privilege access for an application that runs on OCI Compute and needs to read from Object Storage and write to Autonomous Database. What is the best approach?
Dynamic Groups with instance principal authentication eliminate the need for stored credentials, while resource-specific policies enforce least privilege access. This is the OCI best practice for service-to-service authentication.
An organization wants to migrate a database with 50 TB of data to OCI with minimal downtime. Network bandwidth is limited to 100 Mbps. Which OCI service is most suitable for this scenario?
OCI Data Transfer Service provides physical appliances that allow large data transfers offline, which is essential when network bandwidth is limited and data volume is very large. It reduces transfer time from weeks to days.
You are designing a microservices architecture on OCI Kubernetes Engine. Services need to communicate securely without exposing credentials. Which approach is recommended?
OCI Service Mesh provides automatic mutual TLS encryption between services without application-level changes, ensuring secure microservice communication while maintaining zero-trust principles.
Your organization needs a database solution that requires minimal administrative overhead, automatic backups, and built-in high availability across availability domains. Which OCI database service meets these requirements?
OCI Autonomous Database automatically handles backups, patching, and provides high availability across ADs with a guaranteed uptime SLA, requiring minimal database administration.
When implementing a disaster recovery strategy, your RPO requirement is 1 hour and RTO is 4 hours. Which OCI solution provides the most cost-effective implementation?
Hourly log shipping (via Data Pump or incremental backups) can achieve a 1-hour RPO while costing significantly less than continuous replication or fully active standby systems.
You need to ensure that sensitive data in Object Storage is only accessible to authorized users and complies with data residency requirements. Which combination of features should you implement?
Private buckets with presigned URLs for temporary access and encryption ensure data security and residency compliance. Presigned URLs provide temporary, controlled access without exposing sensitive credentials.
A customer wants to run containerized applications with automatic scaling on OCI. They require Kubernetes compatibility but prefer minimal operational overhead. Which service should they choose?
OCI Container Engine for Kubernetes provides a fully managed Kubernetes control plane with automatic scaling and minimal operational overhead, while maintaining full Kubernetes compatibility.
Your organization requires strict compliance with data sovereignty laws that prohibit data transfer outside a specific country. How should you architect this in OCI?
Deploying resources exclusively in OCI regions within the required country and enforcing data residency policies through IAM and compartment controls ensures compliance with data sovereignty requirements.
You are implementing monitoring and alerting for critical applications. Which OCI service provides unified monitoring, logging, and custom metrics for compliance auditing?
OCI Monitoring collects metrics and OCI Logging provides centralized log storage and analysis, together enabling compliance auditing and unified observability across all OCI resources.
A multi-tenant SaaS application needs to isolate customer data and workloads while sharing infrastructure. Which OCI architectural approach is most appropriate?
OCI Kubernetes Engine with namespace isolation, network policies, and resource quotas provides cost-effective multi-tenancy with strong isolation, while avoiding the overhead of dedicated infrastructure per tenant.
You need to implement a solution where legacy on-premises applications can access cloud databases with minimal code changes. Which OCI connectivity and database solution is best?
IPSec VPN provides secure on-premises connectivity, and Oracle Database Cloud Service with private endpoints offers SQL compatibility without code changes, ideal for legacy application migration.
Your organization wants to implement infrastructure as code for OCI resources with version control and change management. Which approach is recommended?
OCI Resource Manager integrates with Terraform and supports version-controlled infrastructure definitions, providing proper change management, reproducibility, and compliance tracking.
You are designing a backup and recovery strategy for mission-critical databases. Which OCI feature ensures consistent backups across multiple databases with point-in-time recovery?
Autonomous Database provides application-aware, consistent backups with granular point-in-time recovery capabilities managed automatically, without requiring manual intervention.
A customer needs to ensure that all OCI API calls are logged for compliance and audit purposes. Which service should be enabled?
OCI Audit automatically logs all API calls to an auditable format and stores them in Object Storage, providing comprehensive compliance and forensic capabilities for all resource changes.
You need to architect a solution where an application running on OCI can securely access secrets without hardcoding credentials. What is the OCI native solution?
OCI Vault stores and manages secrets securely, and instance principal authentication allows applications to retrieve secrets without storing credentials, following the principle of least privilege.
An organization is implementing a hybrid cloud strategy with workloads spanning on-premises, OCI, and other cloud providers. Which OCI service enables consistent networking across environments?
Multiple site-to-site IPSec VPNs combined with OCI's dynamic routing capabilities (via BGP) enable consistent, scalable networking across multiple environments with proper traffic engineering.
You are designing an API endpoint that must handle variable traffic with automatic scaling. Which OCI solution is most serverless and cost-effective?
OCI Functions with API Gateway provides a fully serverless solution that scales automatically from zero to peak load, charging only for actual execution time, ideal for variable traffic patterns.
Your organization requires that critical infrastructure changes be approved before deployment. Which OCI service provides this capability with audit trails?
OCI Resource Manager enables stack approval workflows and integrates with OCI Audit for complete change tracking, providing necessary governance and compliance controls.
A customer wants to migrate a large Oracle Database to OCI with zero downtime. Which combination of services minimizes downtime during the cutover?
Oracle GoldenGate provides continuous replication allowing for minimal-downtime cutover, enabling the application to switch to the OCI database when fully synchronized.
You need to implement network segmentation in OCI to restrict east-west traffic between application tiers. Which mechanism should you use?
OCI VCN Network Security Lists provide stateful firewall rules at the subnet level, enabling effective network segmentation and east-west traffic control between application tiers.
Your organization is deploying a stateful application requiring consistent network identity. Which OCI networking feature ensures IP address persistence across instance restarts?
OCI Reserved Public IP can be reassociated with instances, and secondary VNICs allow multiple network interfaces, ensuring network identity persistence across instance lifecycle events.
Which OCI service provides a managed Kubernetes container orchestration platform?
OCI Container Engine for Kubernetes (OKE) is Oracle's managed Kubernetes service that simplifies deploying, managing, and scaling containerized applications on OCI infrastructure.
You are designing a highly available application that requires automatic failover across multiple regions. Which OCI service should you use to manage traffic across regions?
Traffic Management Steering policies in OCI DNS or DNS-based steering with health checks enable automatic failover and traffic distribution across multiple regions for disaster recovery.
What is the primary purpose of Oracle Cloud Infrastructure Identity and Access Management (IAM)?
IAM is used to manage user identities, groups, policies, and permissions to control who has access to OCI resources and what operations they can perform.
You need to store frequently accessed data with low latency in OCI. Which storage option provides the best performance for real-time analytics on structured data?
Oracle Autonomous Data Warehouse includes built-in features like result caches and optimizations for fast analytical queries on structured data with minimal latency.
In OCI, what is the relationship between a Compartment and a Tenancy?
A Tenancy is the root container for all OCI resources, while Compartments are logical subdivisions within a Tenancy used to organize and isolate resources for access control and billing.
You are designing a microservices architecture where individual services must be independently deployable and scalable. Which OCI service combination would be most suitable?
Oracle Functions provides serverless computing for independent services, API Gateway manages API access and routing, and OKE provides container orchestration for scalable microservices deployment.
Which OCI networking component allows you to control inbound and outbound traffic at the subnet level?
Network Security Groups (NSGs) function as stateful firewalls at the subnet level, allowing fine-grained control of inbound and outbound traffic to resources using rules.
You need to establish a private, dedicated network connection between your on-premises data center and OCI. Which service provides this capability?
FastConnect provides dedicated network connections for private, high-bandwidth connectivity between on-premises and OCI, while IPSec VPN offers encrypted connections over the internet.
An application requires automatic scaling based on CPU utilization. How would you implement this in OCI?
OCI Autoscaling policies enable automatic adjustment of instance counts based on predefined scaling rules that respond to metrics like CPU utilization, memory, or custom metrics.
Which OCI service is purpose-built for managing and deploying containerized applications without managing the underlying infrastructure?
Container Engine for Kubernetes (OKE) is a managed service that handles infrastructure management for containerized applications, and Container Instances provides a simpler serverless container option.
You are designing a disaster recovery strategy for a business-critical application. The Recovery Time Objective (RTO) is 1 hour and Recovery Point Objective (RPO) is 15 minutes. Which OCI approach best meets these requirements?
Automated backups with cross-region replication and pre-provisioned standby infrastructure allow you to achieve 1-hour RTO with 15-minute RPO through faster recovery and minimal data loss.
What is the primary advantage of using Oracle Autonomous Database over a traditional self-managed database in OCI?
Oracle Autonomous Database automates database management tasks including patching, performance tuning, scaling, and backups, significantly reducing administrative burden and human error.
In OCI, how would you ensure that a specific group of users can only access resources tagged with a particular tag value?
OCI IAM policies support conditional statements based on tags, allowing you to grant permissions only to resources with specific tag key-value pairs, providing fine-grained access control.
You need to implement encryption for sensitive data stored in OCI Object Storage. Which encryption option is managed entirely by OCI?
OCI-managed encryption keys provide server-side encryption for Object Storage without requiring customers to manage their own encryption infrastructure, while still offering strong encryption protection.
A company wants to use OCI services but must comply with data residency requirements that mandate data storage within specific geographic regions. Which OCI feature directly addresses this requirement?
OCI Regions and Availability Domains allow you to specify exact geographic locations for resource deployment, ensuring data residency compliance by keeping data within mandated regions.
You are architecting a solution where users need quick access to temporary credentials that auto-expire. Which OCI IAM feature should you implement?
OCI IAM session tokens provide temporary credentials with configurable expiration times and can integrate with multi-factor authentication, ideal for temporary and secure access.
Which OCI service would you use to store and manage application secrets, encryption keys, and sensitive configuration data?
OCI Vault is a dedicated service for managing encryption keys, secrets, and sensitive data with audit logging, access control, and secure rotation capabilities.
You are designing a load balancing solution that must route traffic based on URL paths to different backend services. Which load balancer type should you use?
OCI Application Load Balancer supports Layer 7 routing rules including path-based, hostname-based, and header-based routing to direct traffic to appropriate backend services.
An organization is planning to migrate a large on-premises application to OCI. Which approach would minimize downtime during migration?
OCI Database Migration Service and replication-based strategies allow for continuous synchronization between source and target, enabling minimal-downtime cutover when the on-premises system is stopped.
What is the primary benefit of using OCI's 'Always Free' resources for architects and developers?
OCI's Always Free tier includes resources that can be used indefinitely at no cost, making it ideal for learning, development, and testing without time limits or surprise charges.
You need to monitor and troubleshoot network connectivity issues between your on-premises network and OCI. Which OCI service provides detailed network path analysis and diagnostics?
OCI Network Path Analyzer and VCN Flow Logs provide detailed diagnostics of network traffic flows, helping identify connectivity issues and analyze network paths between resources.
An application requires a database with horizontal read scalability while maintaining ACID compliance. Which OCI database solution best fits this requirement?
Oracle Autonomous Data Warehouse supports read-only replicas across regions for horizontal scaling of read queries while maintaining ACID properties and data consistency.
Which OCI service allows you to run Docker containers without provisioning or managing any virtual machines?
Oracle Container Instances is a serverless container service that allows you to run containerized applications without managing underlying compute infrastructure or Kubernetes clusters.
You are designing a solution where applications need to access OCI resources without storing API keys or credentials in configuration files. What is the recommended approach?
Instance Principals allow compute instances to authenticate to OCI services without requiring stored credentials, using the instance's identity to obtain temporary credentials automatically.
In a multi-tier application architecture, how would you isolate network traffic between the web tier and database tier in OCI?
Separate subnets combined with Network Security Groups allow you to implement granular network policies that restrict traffic flow between tiers, ensuring security and proper isolation.
Which OCI service provides centralized monitoring, logging, and analysis of events across your entire OCI infrastructure?
OCI Monitoring provides metrics collection, OCI Logging aggregates logs from services, and OCI Audit records API calls and resource changes, together providing comprehensive infrastructure observability.
You are designing a highly available application that requires synchronous replication across multiple regions. Which OCI service best supports this requirement while maintaining strong consistency?
OCI Database Cloud Service with Data Guard provides synchronous replication across regions ensuring strong consistency and high availability for critical databases. Data Guard's synchronous mode guarantees writes are replicated before acknowledgment.
Your application requires real-time processing of streaming data from IoT devices with millisecond latency requirements. What is the most suitable OCI service combination?
OCI Streaming Service provides real-time data ingestion with low latency, and OCI Functions enable serverless event processing with millisecond response times, making this ideal for IoT streaming applications.
When implementing a multi-region disaster recovery solution, which statement about OCI's region independence is correct?
OCI regions are geographically separated and physically independent, each with their own networking, compute, and storage infrastructure. This isolation is crucial for disaster recovery and compliance purposes.
You need to implement network isolation for PCI-DSS compliance across your OCI infrastructure. What combination of services provides the strongest security posture?
PCI-DSS requires network segmentation, encrypted traffic, and access controls. VCN segmentation with NSGs in private subnets combined with WAF provides layered security controls necessary for compliance.
A customer wants to migrate a large database (10 TB) from on-premises to OCI with minimal downtime. Which migration strategy is most appropriate?
OCI Database Migration Service is purpose-built for minimal-downtime migrations, using full load initially and then capturing changes in real-time, ensuring the target database stays synchronized before cutover.
Your organization requires encryption of data at rest and in transit for all cloud resources. Which statement about OCI's encryption approach is accurate?
OCI provides built-in encryption at rest using hardware-based encryption on storage devices and mandates TLS 1.2 or higher for data in transit across most services, with customer-managed encryption keys available via OCI Key Management.
When designing a containerized microservices architecture on OCI, which container orchestration platform provides the most seamless integration with OCI services?
OCI Container Engine for Kubernetes is purpose-built for OCI and includes native integration with OCI Logging, Monitoring, API Gateway, and service mesh capabilities, providing superior operational efficiency.
A financial services company needs to ensure that specific workloads never leave a particular geographic region due to data residency laws. How should this be architected?
OCI's region-based architecture combined with IAM policies and resource tagging allows enforcement of data residency requirements at the platform level, preventing accidental cross-region data movement and ensuring compliance.
You are implementing auto-scaling for a web application tier. Which metrics combination provides the most reliable trigger for scaling decisions?
Using multiple metrics (CPU, memory, and request count) provides more accurate load assessment than single metrics, preventing premature or delayed scaling decisions and improving application responsiveness.
A healthcare organization needs to implement backup and disaster recovery with Recovery Time Objective (RTO) of 1 hour and Recovery Point Objective (RPO) of 15 minutes. Which backup strategy best meets these requirements?
Continuous replication with transaction log backups every 15 minutes ensures RPO of 15 minutes, while automated failover achieves the 1-hour RTO requirement for healthcare data recovery scenarios.
You've reviewed all 62 questions. Take the interactive practice exam to simulate the real test environment.
▶ Start Practice Exam — Free