あなたを必ず合格させる1z0-1072-23問題集PDF 2023年最新のに更新されたのは57問あります
Oracle 1z0-1072-23リアル試験問題と解答を無料で提供いたします
質問 # 13
You have three compartments: ProjectA, ProjectB, and ProjectC. For each compartment, there is an admin groupset up: A-Admins, B-Admins, and C-Admins.
Each admin group has full access over their respective compartments as shown in the graphic below.
Your organization has set up a tag namespace, EmployeeGroup.Role and all your admin groups are tagged with a value of 'Admin'.
You want to set up a Test compartment for members of the three projects to share. You also need to provideadmin access to all three of your existing admin groups.
Which policy would you write to accomplish this task?
- A. Allow any-user to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin'
- B. Allow dynamic-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin'
- C. Allow all-group to manage all-resources in compartment Test where
request.principal.group.tag.EmployeeGroup.Role='Admin' - D. Allow group any-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin'
正解:C
解説:
Explanation
Allow all-group to manage all-resources in compartment Test where
request.principal.group.tag.EmployeeGroup.Role='Admin' is the policy that would accomplish this task. This policy grants admin access to all groups that have the tag EmployeeGroup.Role='Admin' in the compartment Test. The other options are not correct, as they use incorrect terms such as dynamic-group, any-group, or any-user. References: [Tag-Based Authorization]
質問 # 14
You are part of a team that manages a set of workload instances running in an on-premises environment. The Architect team is tasked with designing and configuring Oracle Cloud Infrastructure (OCI) Logging service to collect logs from these instances. There is a requirement to archive Info-level logging data of these instances into the OCI Object Storage.
Which TWO features of OCI can help you achieve this?
- A. Agent Configuration
- B. Service Connectors
- C. Cloud Agent Plugin
- D. Grouping Function
- E. ObjectCollectionRule
正解:B、C
解説:
Cloud Agent Plugin and Service Connectors are two features of OCI that can help collect logs from on-premises instances and archive them into OCI Object Storage. Cloud Agent Plugin is a component of the OCI Logging service that can be installed on any Linux or Windows instance to collect logs and send them to OCI. Service Connectors are components of the OCI Service Connector Hub that can transfer data between different OCI services, such as Logging and Object Storage. The other options are not relevant for this requirement. Reference: [Cloud Agent Plugin], [Service Connectors]
質問 # 15
As a network architect you have deployed a public subnet on your Virtual Cloud Network (VCN) with this security list:
You have also created a network security group (NSG) as shown in the table here, and assigned it to your bastion host:
You have confirmed that routing is correct but when you SSH to the VM from your home over the Internet you are unable to connect.
What could be the problem?
- A. User will be able to SSH to the VM from the Internet as SSH is open on the NSG.
- B. SSH traffic is not allowed in the security list nor on the NSG from the Internet.
- C. Public subnet does not have a route rule to the Internet Gateway.
- D. Internet traffic should be allowed only on the NSG.
正解:B
解説:
SSH traffic is not allowed in the security list nor on the NSG from the Internet is the correct answer. This is because the security list only allows ingress traffic from 10.0.0.24 on port 22, and the NSG only allows ingress traffic from 10.0.0.0/16 on port 22. Neither of them allows ingress traffic from 0.0.0.0/0 (the Internet) on port 22, which is required for SSH access. The other options are not correct, as they do not explain why SSH access is not possible. Reference: [Security Lists], [Network Security Groups]
質問 # 16
You are in the process of migrating several legacy applications from on-premises to Oracle Cloud Infrastructure (OCI). The current servers are already virtualized. However, you notice that the version of CentOS currentlyrunning does not align with any of the Oracle-provided compute images.How would you migrate your existing virtual server images to OCI?
- A. Export your current image in the QED format and copy to an Object Storagebucket. Import it as a customimage. Select emulated modeto ensure compatibility with legacy drivers.
- B. Export your current image in the VDI format and copy to an Object Storagebucket. Import it as a customimage. Select native modeto ensure the best possible performance.
- C. Export your current image in the QCOW2 format and copy to an Object Storage bucket. Import it as a custom image. Select emulated mode to ensure compatibility with legacy drivers
- D. Export your current image in the VMDK format and copy to an Object Storage bucket. Import it as a custom image. Select native mode to ensure the best possible performance.
正解:C
解説:
Explanation
Export your current image in the QCOW2 format and copy to an Object Storage bucket. Import it as a custom image. Select emulated mode to ensure compatibility with legacy drivers. The explanation is that QCOW2 is one of the supported formats for importing custom images to OCI. Custom images are images that you can create from your own on-premises or cloud servers and use them to launch instances in OCI. To import a custom image, you need to export your current image in a supported format, copy it to an Object Storage bucket, and then import it as a custom image using the OCI console or API. When you import a custom image, you can choose between native mode or emulated mode. Native mode offers better performance but requires compatible drivers and firmware. Emulated mode offers better compatibility but lower performance.
質問 # 17
You have objects stored in an OCI Object Storage bucket that you want to share with a partner company. You decide to use pre-authenticated requests to grant access to the objects. Which statement is true about preauthenticated requests?
- A. You cannot edit a pre-authenticated request.
- B. Pre-authenticated requests can be used to delete buckets or objects.
- C. You need to provide your OCI credentials to the partner company.
- D. Deleting a pre-authenticated request does not revoke user access to the associated bucket or object.
正解:A
解説:
Explanation
You cannot edit a pre-authenticated request is a true statement about pre-authenticated requests.
Pre-authenticated requests are URLs that allow users to access objects or buckets in OCI Object Storage without requiring additional authentication or authorization. Pre-authenticated requests can be created with an expiration date and time, and can be used for read or write operations. However, once created, pre-authenticated requests cannot be edited, but can only be deleted or extended. The other statements are false about pre-authenticated requests. References: [Pre-Authenticated Requests]
質問 # 18
Which TWO statements are NOTcorrect regarding the Oracle Cloud Infrastructure (OCI) burstable instances?
- A. Burstable instances cost less than regular instances with the same total OCPU count.
- B. Baseline utilization is a fraction of each CPU core, either 25% or 75%.
- C. Burstable instances are charged according to the baseline OCPU.
- D. Burstable instances are designed for scenarios where an instance is not typically idle and has high CPU utilization.
- E. If the instance's average CPU utilization over the past 24 hours is below the baseline, the system allows it to burst above the baseline.
正解:B、D
解説:
The explanation is that burstable instances are VM instances that have a baseline utilization of either 12% or 50% of each CPU core, not 25% or 75%. Burstable instances are designed for scenarios where an instance is typically idle or has low CPU utilization but occasionally needs to burst above the baseline to handle spikes in demand. Burstable instances cost less than regular instances with the same total OCPU count but charge extra for bursting above the baseline OCPU.
質問 # 19
Which tool provides a diagram of the implemented topology of all Virtual Cloud Networks (VCNs) in a selected region and tenancy?
- A. Network Watcher
- B. Network Visualizer
- C. VCN Flow Logs
- D. Traffic Analytics
正解:B
解説:
Explanation
Network Visualizer is the tool that provides a diagram of the implemented topology of all VCNs in a selected region and tenancy. Network Visualizer is a feature of the OCI Networking service that allows users to view and manage their network resources in a graphical interface. It can help users understand their network topology, troubleshoot issues, and optimize performance. The other options are not tools that provide a diagram of the VCN topology, but rather other features or services of OCI Networking. References: [Network Visualizer]
質問 # 20
Which TWO statements are TRUE about Private IP addresses in Oracle Cloud Infrastructure (OCI)?
- A. A private IP can have an optional public IP assigned to it if it resides in a public subnet.
- B. By default, the primary VNIC of an instance in a subnet has one primary private IP address.
- C. Each VNIC can only have one private IP address.
- D. By default, the primary VNIC of an instance in a subnet has one primary private IP address and one secondary private IP address.
正解:A、B
解説:
By default, the primary VNIC of an instance in a subnet has one primary private IP address. A private IP can have an optional public IP assigned to it if it resides in a public subnet. The explanation is that a private IP address is an IPv4 address that is assigned to a VNIC and belongs to the CIDR block of the VCN or subnet. By default, the primary VNIC of an instance in a subnet has one primary private IP address, which is automatically assigned by OCI and cannot be changed. However, you can also assign secondary private IP addresses to a VNIC, either manually or automatically, up to a maximum of 31 per VNIC. A private IP address can have an optional public IP address assigned to it, which allows the instance to communicate with the internet. A public IP address can be either ephemeral or reserved, depending on whether you want to keep it after stopping or terminating the instance. A private IP address can only have a public IP address assigned to it if it resides in a public subnet, which means that the subnet's route table has a route rule that directs traffic to the internet gateway.
質問 # 21
In which TWO ways does Cloud Guard help improve the overall security posture for your tenancy?
- A. Masks sensitive data and monitors security controls on your Oracle databases.
- B. Prevents you from creating misconfigurations on your resources in Oracle Cloud Infrastructure (OCI).
- C. Monitors unauthorized or suspicious user activity.
- D. Helps detect misconfigured resources, such as publicly accessible Object Storage buckets, instances, and restricted ports on security lists.
- E. Allows you to centrally manage encryption keys.
正解:C、D
解説:
Monitors unauthorized or suspicious user activity, prevents you from creating misconfigurations on your resources in OCI, and helps detect misconfigured resources, such as publicly accessible Object Storage buckets, instances, and restricted ports on security lists. The explanation is that Cloud Guard is a service that helps you improve the security posture of your tenancy by providing visibility into your cloud resources, identifying security misconfigurations and threats, and taking corrective actions to remediate them. Cloud Guard monitors user activity and resource configurations using data collectors and detectors, evaluates them against predefined or custom rules, generates problems and recommendations based on severity levels, and executes responders to fix the issues automatically or manually.
質問 # 22
You created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain application servers and the third subnet contains a DB System. The application requires a shared file system, therefore you have provisioned one using the file storage service (FSS).
You have also created the corresponding mount target in one of the application subnets. The VCN security lists are properly configured so that the application servers can access FSS. The security team changed the settings for the DB System to have read-only access to the file system. However when they test it, they are unable to access FSS.
How would you allow access to FSS?
- A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet.
- B. Modify the security list associated with the subnet where the mount target resides.
- C. Change the ingress rules corresponding to the DB System subnet to be stateful.
- D. Modify the security list associated with the subnet where the mount target resides. Change the ingress rules corresponding to the DB System subnet to be stateless.
- E. Create an instance principal for the DB System. Write an Identity and Access Management (IAM) policy that allows the instance principal read-only access to the file storage service.
正解:A
解説:
Creating an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet is the correct answer. This is because NFS export options are used to control the level of access that clients have to file systems. By creating an NFS export option with READ_ONLY access for the DB System subnet, you can allow the DB System to read data from the file system, but not write or modify it. The other options are not correct, as they do not address the requirement of read-only access for the DB System. Reference: [NFS Export Options]
質問 # 23
You have a block volume created in the US West (Phoenix) region. You enabled Cross Region Replication for the volume and selected US West (San Jose) as the destination region. Now, you would like to create a new volume from the volume replica in the US West (San Jose) region.
What should you do?
- A. Trigger the replica.
- B. Initiate the replica.
- C. Activate the replica.
- D. No action required. By default, the replica is available as a block volume.
正解:C
解説:
The explanation is that when you enable Cross Region Replication for a block volume, Object Storage creates a replica of the volume in another region of your choice. The replica is not available as a block volume until you activate it. To activate a replica, you need to select the replica from the Block Storage console and click Activate Replica. This will create a new block volume from the replica in the destination region.
質問 # 24
Which TWO components are optional while creating the Monitoring Query Language (MQL) expressions in the Oracle Cloud Infrastructure (OCI) Monitoring service?
- A. Interval
- B. Dimensions
- C. Grouping Function
- D. Statistic
- E. Metric
正解:B、C
解説:
Explanation
Dimensions and Grouping Function are two optional components while creating the Monitoring Query Language (MQL) expressions in the OCI Monitoring service. Dimensions are key-value pairs that provide additional information about a metric, such as region, compartment, or resource type. Grouping Function is a function that aggregates metric data across one or more dimensions, such as sum, count, or average. The other options are required components for MQL expressions. References: [Dimensions], [Grouping Function]
質問 # 25
As your company's cloud architect, you have been invited by the CEO to join his staff meeting. They want your input on interconnecting Oracle Cloud Infrastructure (OCI) to another cloud provider in London, with some specific requirements:
* They want resources in the other cloud provider to leverage OCI Autonomous Data Warehouse ML capabilities.
* The connection between OCI and the other cloud provider should be provisioned as quickly as possible.
* The connection should offer high bandwidth and predictable performance.
Which other cloud provider should you recommend to interconnect with OCI and meet the above requirements?
- A. Alibaba Cloud
- B. Microsoft Azure
- C. Google Cloud
- D. IBM Cloud
- E. Digital Ocean
- F. Amazon Web Services
- G. OCI
正解:B
解説:
The explanation is that Microsoft Azure is one of the cloud providers that has an interconnect location with OCI in London. This means that you can use OCI FastConnect to establish a private and dedicated connection between OCI and Azure in London, with high bandwidth and predictable performance. This connection can also enable you to leverage OCI Autonomous Data Warehouse ML capabilities from Azure resources, as you can access OCI services across regions using private IP addresses. The interconnect location can be provisioned quickly using the OCI and Azure consoles or APIs.
質問 # 26
You have an instance running in Oracle Cloud Infrastructure (OCI) that cannot be live-migrated during an infrastructure maintenance event. OCI schedules a maintenance due date within14 to 16 days and sends you anotification.
What would happen if you choose not to proactively reboot the instance beforethe scheduled maintenance duedate?
- A. The instance will get terminated.
- B. The instance is either reboot-migrated or rebuilt in place for you.
- C. You will receive another notification to reboot within the next 14 days.
- D. You will receive another notification to reboot within the next 7 days.
正解:B
解説:
Explanation
If you choose not to proactively reboot the instance before the scheduled maintenance due date, the instance is either reboot-migrated or rebuilt in place for you. Reboot-migration is a process where OCI migrates your instance to a new physical host without changing its configuration or public IP address. Rebuild in place is a process where OCI shuts down your instance, performs maintenance on the physical host, and restarts your instance with the same configuration and public IP address. The other options are not correct. References:
[Reboot-Migration], [Rebuild in Place]
質問 # 27
Which is NOT a valid action within the Oracle Cloud Infrastructure (OCI) Block Volume service?
- A. Expanding an existing volume in place with offline resizing.
- B. Attaching a block volume to an instance in a different availability domain.
- C. Cloning an existing volume to a new, larger volume.
- D. Restoring from a volume backup to a larger volume.
正解:B
解説:
Explanation
Attaching a block volume to an instance in a different availability domain is not a valid action within the OCI Block Volume service. A block volume can only be attached to an instance in the same availability domain.
The other options are valid actions that can be performed with the Block Volume service. References: [Block Volume Actions]
質問 # 28
......
Oracle 1z0-1072-23 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
合格できるOracle 1z0-1072-23試験情報と無料練習テスト:https://www.passtest.jp/Oracle/1z0-1072-23-shiken.html
2023年最新のの問題1z0-1072-23問題集を試そう!更新されたOracle試験が合格できます:https://drive.google.com/open?id=1xLrD5ZnGDESVlZ5L_ICOHr4j2C3AYKFi