Oracle 1Z0-1067-25 Exam Questions (Updated 2025) 100% Real Question Answers [Q46-Q70]

Oracle 1Z0-1067-25 Exam Questions (Updated 2025) 100% Real Question Answers

Pass Oracle 1Z0-1067-25 Exam Quickly With Actual4test

NEW QUESTION # 46
You run a large global application with 90% of your customers based in the US and Canad a. You want to test a new feature and allow a small percentage of users to access the new version of your application. Which Oracle Cloud Infrastructure (OCI) Traffic Management steering policy should you utilize?

• A. Load Balancer
• B. Geolocation steering
• C. IP Prefix steering
• D. ASN steering

Answer: A

NEW QUESTION # 47
As a cloud operations engineer responsible for a Rails application on multiple compute instances in an OCI subnet your database team recently provided you with a new config/database. yml file to direct Rails to use a new database back end. You need to update this file on each compute instance and restart Rails in a rolling fashion.
Which tool is best suited for this task?

• A. OCI CLI
• B. Oracle Cloud Agent
• C. Ansible
• D. Terraform

Answer: C

NEW QUESTION # 48
Your company hosts a web application on OCI using compute instances and block volumes. To minimize your recovery point objective (RPO), you enable cross-region block volume replication for the block volumes. Which option is true regarding cross-region volume replication?

• A. The replica cannot be directly mounted on a compute instance. Instead, it must be activated, creating a clone that will be available for mounting.
• B. Replication replaces the need for block volume backups.
• C. The cost of the replica matches the cost of the source volume; for example, the replica of a high-performance volume will be billed at the high-performance rate.
• D. Replication is synchronous, so it may slightly degrade block volume performance.

Answer: A

NEW QUESTION # 49
The general syntax for an IAM policy is: Allow <identity_domain_name>/<subject> to <verb> <resource-type> in <location> where <conditions> Which two are valid values for <lo-cation>?

• A. region us-phoenix-1
• B. compartment MyCompartment
• C. security-zone MyZone
• D. availability-domain aBCD:us-phoenix-1
• E. tenancy

Answer: B,E

NEW QUESTION # 50
You set up a bastion host in your Virtual Cloud Network (VCN) to allow only your IP ad-dress (140.19.2.140) to establish SSH connections with your compute instances that are deployed in a private subnet. The compute instances have an attached Network Security Group (NSG) with a Source Type: Network Security Group (NSG), Source NSG: NSG-050504. To secure the bastion host, you add the following ingress rules to its NSG: Type: All TCP Proto-col: TCP Port Range: 22 Source: 140.19.2.140/32 Type: All TCP Protocol: TCP Port Range: 22 Source: NSG-050504 However, when you check the bastion host logs, you discover that there are IP addresses other than your own that can access your bastion host. What is the root cause of this issue?

• A. All compute instances associated with NSG-050504 are also able to connect to the bastion host.
• B. A netmask of /32 allows all IP addresses in the140.19.2.0 network, other than your IP 140.19.2.140.
• C. The port 22 provides unrestricted access to 140.19.2.140 and to other IP addresses.
• D. The security list allows access to all IP addresses that override the NSG ingress rules.

Answer: A

NEW QUESTION # 51
You launched a Linux compute instance to host the new version of your company website via Apache Httpd server on HTTPS (port 443). The instance is created in a public subnet along with other instances. The default security list associated to the subnet is:

• A. Create a Network Security Group (NSG), add a stateful rule to allow ingress access on port 443, and associate it with the instance that hosts the company website.
• B. You want to allow access to the company website from public internet without exposing websites eventually hosted on the other instances in the public subnet. Which action would you take to accomplish the task? (Choose the best answer.)
• C. In the default security list, add a stateful rule to allow ingress access on port 443.
• D. Create an NSG, add a stateful rule to allow ingress access on port 443, and associate it with the public subnet that hosts the company website.

Answer: A

Explanation:
Create a new security list with a stateful rule to allow ingress access on port 443 and associate it with the public subnet.

NEW QUESTION # 52
Here is a partial code from a Terraform template written for Oracle Cloud Infrastructure (OCI):

What operation(s) does it perform? (Choose the best answer.)

• A. Creates a pre-authenticated request for objects in an OCI Object Storage bucket.
• B. Creates a lifecycle policy for an OCI Object Storage bucket for moving data to Archival storage at a specified time.
• C. Provides object read and write access for an OCI Object Storage bucket.
• D. Creates a URL to provide access to an OCI Object Storage bucket for managing objects.

Answer: A

NEW QUESTION # 53
To upload a file from a compute instance into Object Storage, you SSH into the compute instance and run the following OCI CLI command: oci os object put -ns mynamespace -bn mybucket --name myfile.txt --file /Users/me/myfile.txt --auth instance_principal Which statement must be true for this command to succeed?

• A. The instance matches a matching rule for a dynamic group with the permission to up-load to the bucket.
• B. The bucket has a pre-authenticated request (PAR) that specifies the compute instance that will upload to it.
• C. Your OCI API key has been placed on the compute instance.
• D. Your OCI user has the permission to upload to the bucket.

Answer: A

NEW QUESTION # 54
You have been asked to set up connectivity between a client on-premises network and Oracle Cloud Infrastructure (OCI). The requirements are:
* Low latency: The applications are financial and require low latency connectivity into OCI. * Consistency: The application is not tolerant of performance variation.
* Performance: The communications link needs to support up to 1.25 Gbps.
* Encryption: The communications link needs to encrypt any data in transit between the on-premises network and OCI Virtual Cloud Network (VCN). The client wants to implement the above with as low a cost as possible, while meeting all of the requirements. What should you suggest? (Choose the best answer.)

• A. Provision FastConnect with a single private virtual circuit.
• B. Provision FastConnect with a single private virtual circuit, and run an IPsec VPN tunnel over the top of this virtual circuit.
• C. Provision FastConnect with a single public virtual circuit.
• D. Provision FastConnect with a single public virtual circuit, and run an IPsec VPN tunnel over the top of this virtual circuit.
• E. Provision a site-to-site IPsec VPN between your on-premises network and your virtual cloud network (VCN) using VPN Connect.

Answer: D

NEW QUESTION # 55
You created an Oracle Linux compute instance through the Oracle Cloud Infrastructure (OCI) management console then immediately realize you forgot to add an SSH key file. You notice that OCI compute service provides instance console connections that supports adding SSH keys for a running instance. Hence, you created the console connection for your Linux server and activated it using the connection string provided. However, now you get prompted for a username and password to login. What option should you recommend to add the SSH key to your running instance, while minimizing the administrative overhead? (Choose the best answer.)

• A. You need to modify the serial console connection string to include the identity file flag, to specify the SSH key to use.
• B. You need to reboot the instance from the console, boot into the bash shell in maintenance mode, and add SSH keys for the OPC user.
• C. You need to terminate the running instance and recreate it by providing the SSH key file.
• D. You need to configure the boot loader to use ttyS0 as a console terminal on the VM.

Answer: B

NEW QUESTION # 56
You are asked to investigate a potential security risk on your company Oracle Cloud Infrastructure (OCI) tenancy. You decide to start by looking through the audit logs for suspicious activity. How can you retrieve the audit logs using the OCI Command Line Interface (CLI)? (Choose the best answer.)

• A. oci audit event list --start-time $start-time -end-time $end-time -compartment-id $com-partment-id
• B. oci audit event list --start-time $start-time -compartment-id $compartment-id
• C. oci audit event list --start-time $start-time -end-time $end time -tenancy-id $tenancy id
• D. oci audit event list --end-time $end-time -compartment-id $compartment-id

Answer: A

NEW QUESTION # 57
You have ordered two FastConnect connections that provide a high availability connection architecture between your on-premises data center and Oracle Cloud Infrastructure (OCI). You want to run these connections in an ACTIVE/PASSIVE architecture. How can you accomplish this? (Choose the best answer.)

• A. Adjust one of the connections to have a higher ASN.
• B. Use AS PATH prepending with your routes.
• C. Enable BGP on the FastConnect that you want as the ACTIVE connection.
• D. Decrease the prefix length of AS for the FastConnect you want to use as PASSIVE connection.

Answer: B

NEW QUESTION # 58
An insurance company has contracted you to help automate their application business continuity plan. They have the application running in eu-frankfurt-1 as the primary site and uk-london-1 as a disaster recovery site. Normally they have a DNS A record associated with the IP address of the primary endpoint in eu- frankfurt-1. In the event of a disaster, they use OCI DNS Zone Management to update the A record and replace it with the IP address of the end-point in uk- londond-1. How can you automate the failover process? (Choose the best answer.)

• A. Create a Health Check that evaluates both regional endpoints. Create a Traffic Management Steering policy with Failover type and associate it with the Health Check.
• B. Provision a Load Balancer in Frankfurt and associate it with the A record in DNS. Create a backend set with backend servers from both eu-frankfurt-1 and uk- london-1 regions.
• C. Create a Traffic Management Steering policy and attach it to a backend servers from both eu-frankfurt-1 and uk-london-1 regions.
• D. Create a Traffic Management Steering policy with Load Balancer type and add both eu-frankfurt-1 and uk-london-1 endpoints. Attach the Traffic Management Steering policy to the A record.

Answer: A

NEW QUESTION # 59
You have created a geolocation steering policy in the Oracle Cloud Infrastructure (OCI) Traffic Management service, with this configuration:

What happens to requests that originate in Africa? (Choose the best answer.)

• A. The traffic will be forwarded at the same time to both Pool 1 and Pool 2.
• B. The traffic will be forwarded randomly to any of the pools mentioned in the rules.
• C. The traffic will be dropped.
• D. The traffic will be forwarded to Pool 1. If Pool 1 is not available, then it will be for-warded to Pool 2.

Answer: B

NEW QUESTION # 60
You set up a bastion host in your VCN to only allow your IP address (140.19.2.140) to establish SSH connections to your Compute Instances that are deployed in a private subnet. The Compute Instances have an attached Network Security Group with a Source Type: Network Security Group (NSG), Source NSG: NSG-050504. To secure the bastion host, you added the following ingress rules to its Network Security Group:
However, after checking the bastion host logs, you discovered that there are IP addresses other than your own that can access your bastion host. What is the root cause of this issue? (Choose the best answer.)

• A. A netmask of /32 allows all IP address in the 140.19.2.0 network, other than your IP 140.19.2.140
• B. All compute instances associated with NSG-050504 are also able to connect to the bastion host.
• C. The Security List allows access to all IP address which overrides the Network Security Group ingress rules.
• D. The port 22 provides unrestricted access to 140.19.2.140 and to other IP address.

Answer: B

NEW QUESTION # 61
Your company hosts an application on many compute instances in the same subnet in OCI. You have an Ansible playbook to ensure that all instances have the latest versions of dependencies installed.
Which three are required to run the playbook in OCI Cloud Shell?

• A. A service principal with appropriate permissions to access the instances
• B. An SSH key pair, where the private key is available on the Cloud Shell VM and the public key is in the outhorized_keys file in each of the compute instances
• C. An Ansible agent on each target compute instance
• D. A hosts file on the Cloud Shell VM containing all of the IP addresses of the target instances
• E. A network route from the Cloud Shell VM to each of the target compute instances

Answer: B,C,E

NEW QUESTION # 62
Which option is NOT a possible return value for an OCI health check?

• A. UNREACHABLE
• B. TIMED_OUT
• C. REGEX_MISMATCH
• D. INVALID_STATUS_CODE
• E. UNKNOWN

Answer: A

NEW QUESTION # 63
Recently, your e-commerce web application has been receiving significantly more traffic than usual. Users are reporting they often encounter a 503 Service Error when trying to access your site. Sometimes the site is very slow. You check your instance pool configuration to con-firm that the maximum number of instances is configured to allow 20 compute instances. Currently, 14 compute instances have been provisioned by the instance pool. You also confirm that current CPU utilization across all hosts exceeds the scale-out threshold you set in your auto-scaling policy. However, the instance pool is not provisioning any new instances. What can you check to determine why the application is NOT functioning properly? (Choose the best answer.)

• A. Verify that the Quality Assurance team is not currently performing load-testing against production.
• B. Verify that the new offer feature code did not introduce any performance bugs.
• C. Verify that the database is accessible.
• D. Verify that the compute resource quota has not been exceeded.

Answer: D

NEW QUESTION # 64
One of the compute instances that you have deployed on Oracle Cloud Infrastructure (OCI) is malfunctioning. You have created a console connection to remotely troubleshoot it. Which two statements about console connections are TRUE? (Choose two.)

• A. It is not possible to connect to the serial console to an instance running Microsoft Windows, however VNC console connection can be used.
• B. VNC console connection uses SSH port forwarding to create a secure connection from your local system to the VNC server attached to your instance's console.
• C. It is not possible to use VNC console connections to connect to Bare Metal Instances.
• D. If you do not disconnect from the session, your serial console connection will automatically be terminated after 24 hours.
• E. For security purpose, the console connection will not let you edit system configuration files.

Answer: B,D

NEW QUESTION # 65
You are using Oracle Cloud Infrastructure (OCI) console to set up an alarm on a budget to track your OCI spending. Which two are valid targets for creating a budget in OCI? (Choose two.)

• A. Select Cost-Tracking Tags as the type of target for your budget.
• B. Select Compartment as the type of target for your budget.
• C. Select Tenancy as the type of target for your budget.
• D. Select user as the type of target for your budget.
• E. Select group as the type of target for your budget.

Answer: A,B

NEW QUESTION # 66
Which TWO components are optional while creating the MQL expressions in the Oracle Cloud Infrastructure (OCI) Monitoring service? (Choose two.)

• A. Interval
• B. Dimensions
• C. Grouping Function
• D. Metric
• E. Statistic

Answer: B,C

NEW QUESTION # 67
You have a 750 MIB file in an Oracle Cloud Infrastructure (OCI) Object Storage bucket. You want to download the file in multiple parts to speed up the download using the OCI CLI. You also want to configure each part size to be 128 MIB. Which is the correct OCI CLI command for this operation? (Choose the best answer.)

• A. oci os object get -ns my-namespace -bn my-bucket --name my-large-object --multipart-download-threshold 500 --part-size 128
• B. oci os object download -ns my-namespace -bn my-bucket --name my-large-object --resume-put --multipart-download-threshold 500 --part-size 128
• C. oci os object get -ns my-namespace -bn my-bucket --name my-large-object --multipart-download-threshold 750 --parallel-download-count 128
• D. oci os object download -ns my-namespace -bn my-bucket --name my-large-object --multipart-download-threshold 750 --parallel-download-count 128

Answer: A

NEW QUESTION # 68
You have recently joined a startup company and quickly find that nobody is tracking the amount of money spent on Oracle Cloud Infrastructure (OCI). Seeing an opportunity to help save money you begin creating a solution to better track the cost of resources provisioned by each individual on the team. Which option allows you to identify excessive spend across all re-sources in your tenancy? (Choose the best answer.)

• A. Create a budget for each compartment that will send a notification when monthly spend reaches a pre-defined amount.
• B. Use the Events Service and create rules that will act when a new Object Storage bucket or Compute Instance has been created. Have the rule email you each time one of these events occurs.
• C. Use the Python SDK to write a custom application that will monitor the Audit log. Look for CREATE events and configure the application to send you an email each time a new resource is created.
• D. Create a tag namespace named BILLING with a Tag Key named CostCenter. Tag each of your resources with this Tag Key and the correct value.

Answer: A

NEW QUESTION # 69
You have a Linux compute instance located in a public subnet in a VCN which hosts a web application. The security list attached to subnet containing the compute instance has the following stateful ingress rule.

The Route table attached to the Public subnet is shown below. You can establish an SSH connection into the compute instance from the internet. However, you are not able to connect to the web server using your web browser.

Which step will resolve the issue? (Choose the best answer.)

• A. In the security list, remove the ssh rule.
• B. In the security list, add an ingress rule for port 80 (http).
• C. In the route table, add a rule for your default traffic to be routed to service gateway.
• D. In the route table, add a rule for your default traffic to be routed to NAT gateway.

Answer: B

NEW QUESTION # 70
......

Oracle 1Z0-1067-25 Exam Syllabus Topics:

Topic	Details
Topic 1	Utilizing Configuration Management Tools: This section of the exam measures the skills of the target audience] and focuses on configuring cloud resources efficiently. It covers the use of configuration management tools for automating resource setup and cloud-init for initializing compute instances, ensuring proper configuration from the start.
Topic 2	Optimizing Cost and Performance: This section of the exam covers strategies for optimizing cost and performance in OCI. It includes implementing cost-saving measures, improving resource efficiency, and setting budgets and compartment quotas to manage cloud expenditures effectively.
Topic 3	Implementing Observability: This section of the exam focuses on monitoring and maintaining cloud infrastructure. It covers implementing Metric Query Language (MQL) for analyzing performance data, setting up alarms and notifications for system events, and performing health checks to ensure the stability of cloud services.
Topic 4	Implementing Reliability and Business Continuity: This section of the exam focuses on ensuring system reliability and continuity. It covers implementing scalability and elasticity for handling workload demands, automating failover mechanisms for high availability, and applying data retention strategies for long-term storage and recovery.

 

Real Oracle 1Z0-1067-25 Exam Questions [Updated 2025]: https://freetorrent.actual4test.com/1Z0-1067-25_examcollection.html