Oracle 1z0-1072-23 Oracle Cloud Infrastructure 2023 Architect Associate Exam Practice Test

Creating a custom image and using it as a template for the new instances is the option that allows you to achieve this task with the least amount of effort. A custom image is a copy of an existing instance that you can use to launch other instances with the same configuration and installed software. The other options are not suitable for this scenario, as they would require more time and effort to create and customize the instances. References: [Custom Images]

The explanation is that a schedule-based autoscaling policy allows you to adjust the size of your instance pool based on a cron expression that specifies the date and time of the scaling action. The cron expression consists of six fields: seconds, minutes, hours, day of month, month, and day of week. In this case, the cron expression is 0 30 8 ? * MON-FRI *, which means that the scaling action will occur at 8:30 a.m. on every Monday through Friday, regardless of the day of month or month. Therefore, the goal of this policy is to scale out the instance pool to 10 instances on weekday mornings at 8:30 a.m.

Even if nothing has changed within the file system since the last snapshot was taken, a new snapshot does not consume more storage. This is because snapshots are incremental and only store the changes made to the file system since the previous snapshot. The other statements are correct regarding the OCI File System snapshots. References: [Snapshots and Storage Consumption]

Cloud Agent Plugin and Service Connectors are two features of OCI that can help collect logs from on-premises instances and archive them into OCI Object Storage. Cloud Agent Plugin is a component of the OCI Logging service that can be installed on any Linux or Windows instance to collect logs and send them to OCI. Service Connectors are components of the OCI Service Connector Hub that can transfer data between different OCI services, such as Logging and Object Storage. The other options are not relevant for this requirement. References: [Cloud Agent Plugin], [Service Connectors]

According to the Oracle Cloud Guard documentation1, Cloud Guard is a cloud native service that helps customers monitor, identify, achieve, and maintain a strong security posture on Oracle Cloud. Use the service to examine your Oracle Cloud Infrastructure resources for security weakness related to configuration, and your Oracle Cloud Infrastructure operators and users for risky activities. Upon detection, Cloud Guard can suggest, assist, or take corrective actions, based on your configuration.

Therefore, option A and option E are correct ways that Cloud Guard helps improve the overall security posture for your tenancy. Option B is incorrect because Cloud Guard does not allow you to centrally manage encryption keys. That is the function of the Vault service2. Option C is incorrect because Cloud Guard does not prevent you from creating misconfigurations on your resources in OCI. It only detects and reports them, and optionally takes corrective actions. Option D is incorrect because Cloud Guard does not mask sensitive data and monitor security controls on your Oracle databases. That is the function of the Data Safe service3.

The explanation is that geolocation is a type of Traffic Management Steering Policy that allows you to distribute DNS traffic to different endpoints based on the location of the end user. Geolocation steering policies use geolocation data from third-party providers to map end user IP addresses to geographic regions. You can create rules that specify which endpoints to serve for each region or country, or use a default endpoint for unspecified regions.

 You can change the block volume size when cloning a volume. The explanation is that cloning a volume is a way of creating an exact copy of an existing volume without creating a backup first. Cloning a volume is faster and cheaper than creating a backup and restoring it to a new volume. When you clone a volume, you can change the block volume size, performance, encryption settings, and tags of the new volume. You do not need to detach a volume before cloning it, as cloning does not affect the source volume or its attachments. You cannot clone a volume to another region, as cloning only works within the same region and availability domain. Creating a clone usually takes less time than creating a backup of a volume, as cloning does not involve transferring data to Object Storage.

Domains can be delegated to OCI DNS from the Domain Registrar’s self-service portal. The explanation is that delegating a domain to OCI DNS means that you are transferring the authority to resolve DNS queries for your domain from your current DNS provider to OCI DNS. To delegate a domain to OCI DNS, you need to create a zone in OCI DNS that matches your domain name and add any records that you want to serve from OCI DNS. Then, you need to update the name servers for your domain at your Domain Registrar’s self-service portal with the name servers provided by OCI DNS. This will point your domain to OCI DNS and allow it to resolve DNS queries for your domain.

Customer Premises Equipment (CPE). The explanation is that CPE is an object in OCI that represents your on-premises router or VPN device that connects to your VCN via a site-to-site VPN. A site-to-site VPN is a secure and encrypted connection between your on-premises network and your VCN over the public internet. To set up a site-to-site VPN, you need to create a CPE object with your router’s public IP address and other information, such as vendor and platform. You also need to create a Dynamic Routing Gateway (DRG) object in your VCN and attach it to your VCN. Then, you need to create an IPSec connection between your CPE and DRG, which will create two redundant VPN tunnels for high availability.

 Generating Auth Tokens to enable instances in the dynamic group to authenticate with APIs is not a necessary step to complete this set up. This is because Auth Tokens are used to authenticate users, not instances, when making API calls to OCI services. Instance principals are a feature that allows instances to authenticate themselves using certificates, without requiring user credentials or Auth Tokens. The other options are necessary steps to complete this set up, as they enable instances in the dynamic group to make API calls against services using instance principals and IAM policies. References: [Instance Principals], [Auth Tokens]

Auth Tokens is the authentication option that you should use to ensure that your custom application with third-party APIs can communicate with OCI resources. Auth Tokens are tokens that can be used as an alternative to passwords when making API calls to OCI services. Auth Tokens can be generated and revoked by users in the OCI Console or CLI, and can be used with any API client that supports basic authentication. The other options are not suitable for this scenario, as they either require OCI’s signature-based authentication or are not applicable for API calls. References: [Auth Tokens]

Live Migration Agent is not a valid Oracle Cloud Agent plugin name. Oracle Cloud Agent plugins are the following1:

• Bastion: Allows secure shell (SSH) connections to an instance without public IP addresses using the Bastion service.
• Block Volume Management: Configures Block Volume sessions for the instance.
• Compute Instance Monitoring: Emits metrics about the instance’s health, capacity, and performance. These metrics are consumed by the Monitoring service.
• Compute Instance Run Command: Runs scripts within the instance to remotely configure, manage, and troubleshoot the instance.
• Custom Logs Monitoring: Ingests custom logs into the Logging service.
• Management Agent: Collects data from resources such as OSs, applications, and infrastructure resources for Oracle Cloud Infrastructure services that are integrated with Management Agent.
• OS Management Service Agent: Enables you to manage updates and patches for the operating system running on your instance.

Live Migration is a feature of Oracle Cloud Infrastructure that enables you to migrate a running instance from one physical host to another without rebooting the instance or impacting its availability. Live Migration does not require any Oracle Cloud Agent plugin to function.

SSH traffic is not allowed in the security list nor on the NSG from the Internet is the correct answer. This is because the security list only allows ingress traffic from 10.0.0.24 on port 22, and the NSG only allows ingress traffic from 10.0.0.0/16 on port 22. Neither of them allows ingress traffic from 0.0.0.0/0 (the Internet) on port 22, which is required for SSH access. The other options are not correct, as they do not explain why SSH access is not possible. References: [Security Lists], [Network Security Groups]

According to the Oracle Cloud Infrastructure documentation1, autoscaling enables you to automatically adjust the number of compute instances in an instance pool based on performance metrics such as CPU and memory utilization. You select a performance metric to monitor and set thresholds that the performance metric must reach to trigger an autoscaling event. When system usage meets a threshold, autoscaling dynamically resizes the instance pool in near-real time. As load increases, the pool scales out. As load decreases, the pool scales in.

Therefore, option B is the correct answer, as it allows you to monitor the memory usage of your application and scale up the number of instances when it meets or exceeds a predefined threshold. This will prevent poor application performance due to insufficient memory.

Exadata Virtual Machine is not a valid option for an OCI compute shape. Exadata Virtual Machine is a deployment option for Exadata Cloud Service or Exadata Cloud@Customer, which are services that provide dedicated Exadata infrastructure for running Oracle databases in OCI. Exadata Virtual Machine allows you to create multiple virtual machines on each Exadata compute node and isolate them from each other using Oracle VM technology. The valid options for OCI compute shapes are:

• Bare Metal: A bare metal instance is a physical server that gives you direct access to the underlying hardware and full isolation from other tenants.
• Dedicated Virtual Machine Host: A dedicated virtual machine host is a physical server that hosts only your virtual machine instances and no other tenant’s instances.
• Virtual Machine: A virtual machine instance is a virtual server that runs on a shared physical server with other tenants’ instances.
• Burstable: A burstable instance is a virtual machine instance that has a baseline utilization of either 12% or 50% of each CPU core and can burst above the baseline when needed.