1z0-1072-23トレーニング最新認定問題をゲットOracle Cloud合格目指せ2024年08月15日
認定トレーニング1z0-1072-23試験問題集テストエンジン
Oracle 1z0-1072-23 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
| トピック 10 |
|
質問 # 28
Which is NOT a valid option for an Oracle Cloud Infrastructure (OCI) compute shape?
- A. Dedicated Virtual Machine Host
- B. Bare Metal
- C. Virtual Machine
- D. Exadata Virtual Machine
正解:D
解説:
Explanation
Exadata Virtual Machine is not a valid option for an OCI compute shape. Exadata Virtual Machine is a deployment option for Exadata Cloud Service or Exadata Cloud@Customer, which are services that provide dedicated Exadata infrastructure for running Oracle databases in OCI. Exadata Virtual Machine allows you to create multiple virtual machines on each Exadata compute node and isolate them from each other using Oracle VM technology. The valid options for OCI compute shapes are:
Bare Metal: A bare metal instance is a physical server that gives you direct access to the underlying hardware and full isolation from other tenants.
Dedicated Virtual Machine Host: A dedicated virtual machine host is a physical server that hosts only your virtual machine instances and no other tenant's instances.
Virtual Machine: A virtual machine instance is a virtual server that runs on a shared physical server with other tenants' instances.
Burstable: A burstable instance is a virtual machine instance that has a baseline utilization of either 12% or 50% of each CPU core and can burst above the baseline when needed.
質問 # 29
You are part of an organization with thousands of users accessing Oracle Cloud Infrastructure (OCI). An unknownuser action was executed resulting in configuration errors. You are tasked to quickly identify the details of allusers who were active in the last six hours along with any REST API calls that were executed.
Which OCI service would you use?
- A. Notifications
- B. Logging
- C. Service Connectors
- D. Audit
- E. Notifications
正解:D
解説:
Explanation
Audit is the OCI service that would help identify the details of all users who were active in the last six hours along with any REST API calls that were executed. Audit is a service that records all API calls and other actions taken by or on behalf of users in OCI. It can be used to track user activity, monitor compliance, and troubleshoot issues. The other options are not suitable for this task. References: [Audit]
質問 # 30
As a network architect you have been tasked with creating a fully redundant connection from your on-premisesdata center to your Virtual Cloud Network (VCN) in the us-ashburn-1 region.Which TWO options will accomplish this requirement?
- A. Configure two FastConnect virtual circuits to the us-ashburn-1 region and terminate them in diverse hardware on-premises.
- B. Configure a Site-to-Site VPN from a single on-premises CPE.
- C. Configure one FastConnect virtual circuit to the us-ashburn-1 region and a Site-to-Site VPN to the usashburn-1 region.
- D. Configure one FastConnect virtual circuit to the us-ashburn-1 region andthe second FastConnect virtual circuit to the us-phoenix-1 region.
正解:A、C
解説:
Explanation
Configure two FastConnect virtual circuits to the us-ashburn-1 region and terminate them in diverse hardware on-premises. Configure one FastConnect virtual circuit to the us-ashburn-1 region and a Site-to-Site VPN to the us-ashburn-1 region. The explanation is that FastConnect is a service that provides a private and dedicated connection between your on-premises network and your VCN in OCI. FastConnect offers higher bandwidth, lower latency, and more consistent network performance than public internet connections. To create a fully redundant connection from your on-premises data center to your VCN in the us-ashburn-1 region, you can either configure two FastConnect virtual circuits to the same region and terminate them in diversehardware on-premises, or configure one FastConnect virtual circuit to the region and a Site-to-Site VPN to the same region as a backup option.
質問 # 31
Which Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) policy is invalid?
- A. Allow group A-Admins to manage all-resources in compartment Project-A
- B. Allow dynamic-group FrontEnd to manage instance-family in compartment Project-A
- C. Allow group A-Developers to create volumes in compartment Project-A
- D. Allow any-user to inspect users in tenancy
正解:C
解説:
Allow group A-Developers to create volumes in compartment Project-A is an invalid IAM policy. This is because create is not a valid verb for volumes. The correct verb for creating volumes is attach. The other options are valid IAM policies that use correct verbs and syntax. Reference: [IAM Policies], [Verbs]
質問 # 32
Which statement accurately describes the key features and benefits of OCI Confidential Computing?
- A. It encrypts and isolates in-use data and the applications processing that data, thereby preventing unauthorized access or modification.
- B. It optimizes network performance and reduces latency through advanced routing algorithms and caching mechanisms.
- C. It enables users to securely store and retrieve data by using distributed file systems, ensuring high availability and fault tolerance.
- D. It provides automatic scalability and load balancing capabilities, which allow seamless integration with other cloud providers.
正解:A
解説:
It encrypts and isolates in-use data and the applications processing that data, thereby preventing unauthorized access or modification is an accurate description of the key features and benefits of OCI Confidential Computing. Confidential Computing is a feature that leverages hardware-based Trusted Execution Environments (TEEs) to protect data and applications from unauthorized access or modification while they are in use by the CPU or memory. This adds an extra layer of security to cloud computing, as it protects data not only at rest and in transit, but also in use. The other options are not accurate descriptions of the key features and benefits of OCI Confidential Computing. Reference: [Confidential Computing]
質問 # 33
You need to set up instance principals so that an application running on an instance can call Oracle Cloud Infrastructure (OCI) public services, without the need to configure user credentials.
A developer in your team has already configured the application built using an OCI SDK to authenticate using the instance principals provider.
Which is NOTa necessary step to complete this set up?
- A. Create a dynamic group with matching rules to specify which instances can make API calls against services.
- B. Generate Auth Tokens to enable instances in the dynamic group to authenticate with APIs.
- C. Create a policy granting permissions to the dynamic group to access services in your compartment or tenancy.
- D. Deploy the application and the SDK to all the instances that belong to the dynamic group.
正解:B
解説:
Generating Auth Tokens to enable instances in the dynamic group to authenticate with APIs is not a necessary step to complete this set up. This is because Auth Tokens are used to authenticate users, not instances, when making API calls to OCI services. Instance principals are a feature that allows instances to authenticate themselves using certificates, without requiring user credentials or Auth Tokens. The other options are necessary steps to complete this set up, as they enable instances in the dynamic group to make API calls against services using instance principals and IAM policies. Reference: [Instance Principals], [Auth Tokens]
質問 # 34
You have three compartments: ProjectA, ProjectB, and ProjectC. For each compartment, there is an admin group set up: A-Admins, B-Admins, and C-Admins.
Each admin group has full access over their respective compartments as shown in the graphic below.
Your organization has set up a tag namespace, EmployeeGroup.Role and all your admin groups are tagged with a value of 'Admin'.
You want to set up a Test compartment for members of the three projects to share. You also need to provide admin access to all three of your existing admin groups.
Which policy would you write to accomplish this task?
- A. Allow group any-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin'
- B. Allow any-user to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin'
- C. Allow all-group to manage all-resources in compartment Test where
request.principal.group.tag.EmployeeGroup.Role='Admin' - D. Allow dynamic-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin'
正解:B
解説:
Allow all-group to manage all-resources in compartment Test where request.principal.group.tag.EmployeeGroup.Role='Admin' is the policy that would accomplish this task. This policy grants admin access to all groups that have the tag EmployeeGroup.Role='Admin' in the compartment Test. The other options are not correct, as they use incorrect terms such as dynamic-group, any-group, or any-user. Reference: [Tag-Based Authorization]
質問 # 35
Your DevOps team needs to interconnect the on-premises network to the Oracle Cloud Infrastructure (OCI) resources, such as a managed database that resides in a private subnet. They indicate that they have a low budget and their bandwidth requirements are minimal, so you decide that a site-to-site VPN is the best option.
They provide you with their router public IP address. You need to create an object in OCI that represents this router. Which object would you create?
- A. IPSec Tunnel
- B. Bastion Host
- C. Virtual Network Interface Card (vNIC)
- D. Customer Premises Equipment (CPE)
- E. Dynamic Routing Gateway (DRG)
- F. Internet Gateway
正解:D
解説:
Customer Premises Equipment (CPE). The explanation is that CPE is an object in OCI that represents your on-premises router or VPN device that connects to your VCN via a site-to-site VPN. A site-to-site VPN is a secure and encrypted connection between your on-premises network and your VCN over the public internet. To set up a site-to-site VPN, you need to create a CPE object with your router's public IP address and other information, such as vendor and platform. You also need to create a Dynamic Routing Gateway (DRG) object in your VCN and attach it to your VCN. Then, you need to create an IPSec connection between your CPE and DRG, which will create two redundant VPN tunnels for high availability.
質問 # 36
You are part of an organization with thousands of users accessing Oracle Cloud Infrastructure (OCI). An unknown user action was executed resulting in configuration errors. You are tasked to quickly identify the details of all users who were active in the last six hours along with any REST API calls that were executed.
Which OCI service would you use?
- A. Notifications
- B. Logging
- C. Service Connectors
- D. Audit
- E. Notifications
正解:D
解説:
Audit is the OCI service that would help identify the details of all users who were active in the last six hours along with any REST API calls that were executed. Audit is a service that records all API calls and other actions taken by or on behalf of users in OCI. It can be used to track user activity, monitor compliance, and troubleshoot issues. The other options are not suitable for this task. Reference: [Audit]
質問 # 37
Which is NOT a valid option for an Oracle Cloud Infrastructure (OCI) compute shape?
- A. Dedicated Virtual Machine Host
- B. Bare Metal
- C. Virtual Machine
- D. Exadata Virtual Machine
正解:D
解説:
Exadata Virtual Machine is not a valid option for an OCI compute shape. Exadata Virtual Machine is a deployment option for Exadata Cloud Service or Exadata Cloud@Customer, which are services that provide dedicated Exadata infrastructure for running Oracle databases in OCI. Exadata Virtual Machine allows you to create multiple virtual machines on each Exadata compute node and isolate them from each other using Oracle VM technology. The valid options for OCI compute shapes are:
Bare Metal: A bare metal instance is a physical server that gives you direct access to the underlying hardware and full isolation from other tenants.
Dedicated Virtual Machine Host: A dedicated virtual machine host is a physical server that hosts only your virtual machine instances and no other tenant's instances.
Virtual Machine: A virtual machine instance is a virtual server that runs on a shared physical server with other tenants' instances.
Burstable: A burstable instance is a virtual machine instance that has a baseline utilization of either 12% or 50% of each CPU core and can burst above the baseline when needed.
質問 # 38
Which TWO statements about the Oracle Cloud Infrastructure (OCI) File Storage Service are accurate?
- A. File systems use Oracle-managed keys by default.
- B. Customer can encrypt data in their file system using their own Vault encryption key.
- C. Mount targets use Oracle-managed keys by default.
- D. Customer can encrypt the communication to a mount target via export options.
- E. Communication with file systems in a mount target is encrypted via HTTPS.
正解:A、B
解説:
File systems use Oracle-managed keys by default. Customer can encrypt data in their file system using their own Vault encryption key. The explanation is that File Storage Service encrypts all data at rest using AES-256 encryption algorithm. By default, File Storage Service uses Oracle-managed keys to encrypt and decrypt data. However, you can also use your own Vault encryption key to encrypt data in your file system. To do so, you need to create a key in Vault and associate it with your file system when you create or update it.
質問 # 39
When defining a query for metric data in Monitoring, which field provides the time window for aggregatingmetric data points plotted on the metric chart?
- A. Statistic
- B. Namespace
- C. Interval
- D. Dimension
正解:C
解説:
Explanation
Interval is the field that provides the time window for aggregating metric data points plotted on the metric chart. Interval is a parameter that specifies how often metric data points are collected and aggregated by the Monitoring service. For example, an interval of 5 minutes means that metric data points are aggregated every 5 minutes and displayed on the chart. The other options are not fields that provide the time window for aggregating metric data points, but rather other parameters that define the metric query. References: [Interval]
質問 # 40
You have an instance running in Oracle Cloud Infrastructure (OCI) that cannot be live-migrated during an infrastructure maintenance event. OCI schedules a maintenance due date within 14 to 16 days and sends you a notification.
What would happen if you choose not to proactively reboot the instance before the scheduled maintenance due date?
- A. You will receive another notification to reboot within the next 7 days.
- B. You will receive another notification to reboot within the next 14 days.
- C. The instance is either reboot-migrated or rebuilt in place for you.
- D. The instance will get terminated.
正解:C
解説:
If you choose not to proactively reboot the instance before the scheduled maintenance due date, the instance is either reboot-migrated or rebuilt in place for you. Reboot-migration is a process where OCI migrates your instance to a new physical host without changing its configuration or public IP address. Rebuild in place is a process where OCI shuts down your instance, performs maintenance on the physical host, and restarts your instance with the same configuration and public IP address. The other options are not correct. Reference: [Reboot-Migration], [Rebuild in Place]
質問 # 41
You create a file system and then add a 2 GB file. You then take a snapshot of the file system.
What would be the total meteredBytes shown by the File Storage service after the hourly update cycle is complete?
- A. 2.5 GB
- B. 3 GB
- C. 4 GB
- D. 2 GB
正解:D
解説:
Explanation
The total meteredBytes shown by the File Storage service after the hourly update cycle is complete would be 2 GB. This is because snapshots do not consume any additional storage space unless there are changes made to the file system after taking the snapshot. Since no changes were made in this scenario, the snapshot would not add any extra storage cost. References: [Snapshots and MeteredBytes]
質問 # 42
You want to create a policy to allow the NetworkAdmins group to manageVirtual Cloud Network (VCN) incompartment C.
You want to attach this policy to the tenancy. The compartment hierarchy is shown below.
Which policy statement can be used to accomplish this task?
- A. Allow group NetworkAdmins to manage virtual-network-family in tenancy
- B. Allow group NetworkAdmins to manage virtual-network-family in compartment C
- C. Allow group NetworkAdmins to manage virtual-network-family in compartment A:B:C
- D. Allow group NetworkAdmins to manage virtual-network-family in compartment B:C
正解:C
解説:
Explanation
Allow group NetworkAdmins to manage virtual-network-family in compartment A:B:C. The explanation is that when you attach a policy to the tenancy, you need to specify the full path of the compartment where you want to grant permissions. In this case, the compartment C is a sub-compartment of compartment B, which is a sub-compartment of compartment A, which is a sub-compartment of the root compartment (tenancy).
Therefore, the full path of compartment C is A:B:C. The virtual-network-family resource type includes all the resources related to VCN, such as subnets, route tables, security lists, gateways, etc.
質問 # 43
Which is NOT a valid Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) approach?
- A. Private subnets should ideally have individual route tables to control the flowof traffic within and outsideof VCN.
- B. Ensure not all IP addresses are allocated at once within a VCN or subnet; instead reserve some IP addresses for future use.
- C. Use OCI tags to tag VCN resources so that all resources follow organizational tagging/naming conventions.
- D. Ensure VCN CIDR prefix overlaps with other VCNs in your tenancy or withyour organizations private IPnetwork ranges.
正解:D
解説:
Explanation
Ensure VCN CIDR prefix overlaps with other VCNs in your tenancy or with your organizations private IP network ranges. The explanation is that a VCN CIDR prefix is the range of IPv4 addresses that can be used within the VCN and its subnets. The VCN CIDR prefix should not overlap with other VCNs in your tenancy or with your organization's private IP network ranges, as this can cause routing conflicts and connectivity issues. You should choose a VCN CIDR prefix that is large enough to accommodate your current and future needs, but not too large to waste IP addresses. You can use any of the private IPv4 address ranges specified in RFC 1918 for your VCN CIDR prefix.
質問 # 44
As a network architect you have deployed a public subnet on your Virtual Cloud Network (VCN) with this security list:
You have also created a network security group (NSG) as shown in the table here, and assigned it to your bastion host:
You have confirmed that routing is correct but when you SSH to the VM from your home over the Internet you are unable to connect.
What could be the problem?
- A. User will be able to SSH to the VM from the Internet as SSH is open on the NSG.
- B. Public subnet does not have a route rule to the Internet Gateway.
- C. SSH traffic is not allowed in the security list nor on the NSG from the Internet.
- D. Internet traffic should be allowed only on the NSG.
正解:C
解説:
SSH traffic is not allowed in the security list nor on the NSG from the Internet is the correct answer. This is because the security list only allows ingress traffic from 10.0.0.24 on port 22, and the NSG only allows ingress traffic from 10.0.0.0/16 on port 22. Neither of them allows ingress traffic from 0.0.0.0/0 (the Internet) on port 22, which is required for SSH access. The other options are not correct, as they do not explain why SSH access is not possible. Reference: [Security Lists], [Network Security Groups]
質問 # 45
You created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain applicationservers and the third subnet contains a DB System. The application requires a shared file system, therefore youhave provisioned one using the file storage service (FSS).
You have also created the corresponding mount target in one of the application subnets. The VCN security listsare properly configured so that the application servers can access FSS. The securityteam changed the settings forthe DB System to have read-only access to the file system. However when they testit, they are unable to accessFSS.
How would you allow access to FSS?
- A. Modify the security list associated with the subnet where the mount target resides. Change the ingressrules corresponding to the DB System subnet to be stateless.
- B. Create an instance principal for the DB System. Write an Identity andAccess Management (IAM) policythat allows the instance principal read-only access to the file storage service.
- C. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DBSystem subnet.
- D. Change the ingress rules corresponding to the DB System subnet to be stateful.
- E. Modify the security list associated with the subnet where the mount target resides.
正解:C
解説:
Explanation
Creating an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet is the correct answer. This is because NFS export options are used to control the level of access that clients have to file systems. By creating an NFS export option with READ_ONLY access for the DB System subnet, you can allow the DB System to read data from the file system, but not write or modify it.
The other options are not correct, as they do not address the requirement of read-only access for the DB System. References: [NFS Export Options]
質問 # 46
You are responsible for creating and maintaining an enterprise application that consists of multiple storage volumes across multiple compute instances in Oracle Cloud Infrastructure (OCI).
The storage volumes include boot volumes and block volumes for your data storage. You need to create a backupfor the boot volumes that will be done daily and a backup for the block volumes that will be done every six hours.
How can you meet this requirement?
- A. Create on-demand full backups of block volumes, and create custom images from the boot volumes. Use afunction to run at a specific time to start the backup process.
- B. Create clones of all boot volumes and block volumes one at a time.
- C. Group the boot volumes into a volume group and create a custom backup policy. Group the block volumesand create a custom backup policy.
- D. Group multiple storage volumes in a volume group and create volume group backups.
正解:C
解説:
Explanation
Group the boot volumes into a volume group and create a custom backup policy. Group the block volumes and create a custom backup policy. The explanation is that volume groups are logical collections of block volumes and boot volumes that can be backed up together as a consistent point-in-time snapshot. You can create a custom backup policy for each volume group and specify the frequency and retention period of the backups.
This way, you can meet different backup requirements for different types of volumes.
質問 # 47
Which TWO statements about the Oracle Cloud Infrastructure (OCI) File Storage Service are accurate?
- A. File systems use Oracle-managed keys by default.
- B. Customer can encrypt data in their file system using their own Vault encryption key.
- C. Mount targets use Oracle-managed keys by default.
- D. Customer can encrypt the communication to a mount target via export options.
- E. Communication with file systems in a mount target is encrypted via HTTPS.
正解:A、B
解説:
Explanation
File systems use Oracle-managed keys by default. Customer can encrypt data in their file system using their own Vault encryption key. The explanation is that File Storage Service encrypts all data at rest using AES-256 encryption algorithm. By default, File Storage Service uses Oracle-managed keys to encrypt and decrypt data.
However, you can also use your own Vault encryption key to encrypt data in your file system. To do so, you need to create a key in Vault and associate it with your file system when you create or update it.
質問 # 48
You plan to upload a large file (3 TiB) to Oracle Cloud Infrastructure (OCI) Object Storage. You would like tominimize the impact of network failures while uploading, and therefore you decide to use the multipart upload capability.
Which TWO statements are true about performing a multipart upload using the Multipart Upload API?
- A. You do not need to split the object into parts. Object Storage splits the object into parts and uploads all ofthe parts automatically.
- B. When you split the object into individual parts, each part can be as large as 50 GiB.
- C. You do not have to commit the upload after you have uploaded all the object parts.
- D. While a multipart upload is still active, you can keep adding parts as long asthe total number is less than10,000.
正解:B、D
解説:
Explanation
While a multipart upload is still active, you can keep adding parts as long as the total number is less than
10,000. When you split the object into individual parts, each part can be as large as 50 GiB. The explanation is that a multipart upload allows you to upload a large object in parts, which can improve performance and reliability. You need to split the object into parts yourself and upload each part separately using the Multipart Upload API. You can add parts to an active multipart upload until you reach the maximum number of 10,000 parts per upload. Each part can range from 10 MiB to 50 GiB in size, except for the last part, which can be any size.
質問 # 49
Which THREE capabilities are available with the Oracle Cloud Infrastructure (OCI) DNS service?
- A. Creating and managing records
- B. Creating and managing WAF rules
- C. Viewing all zones
- D. Creating and managing zones
- E. Creating and managing Identity Access Management (IAM) policies
- F. Creating and managing security lists
正解:A、C、D
解説:
Explanation
Creating and managing records, creating and managing zones, and viewing all zones are three capabilities that are available with the OCI DNS service. Records are data elements that map domain names to IP addresses or other information. Zones are collections of records that correspond to a domain name or a subdomain name.
The OCI DNS service allows users to create and manage records and zones for their domains or subdomains, as well as view all zones in their tenancy. The other options are not capabilities of the OCI DNS service, but of other OCI services such as WAF, IAM, and Networking. References: [DNS Service], [Records], [Zones]
質問 # 50
You are using the Oracle Cloud Infrastructure (OCI) Vault service to create and manage Secrets. For your database password, you have created a secret and rotated the secret one time. The secret versions are as follows:
-----------------------------------------
2 (latest) | Current
1 | Previous
You later realize that you have made a mistake in updating the secret content for version 2 and want to rollback to version 1.
What should you do to rollback to version 1?
- A. Create a new secret version 3 and set to Pending. Copy the content of version 1 into version 3.
- B. From the version 2 (latest) menu, select "Rollback" and select version 1 when given the option.
- C. From the version 1 menu on the OCI console, select "Promote to Current".
- D. Deprecate version 2 (latest). Create new Secret version 3. Create soft link from version 3 to version 1.
正解:C
解説:
From the version 1 menu on the OCI console, select "Promote to Current". The explanation is that when you promote a secret version to current, it becomes the latest version of the secret and is used by default when you access the secret. This way, you can rollback to a previous version of the secret without creating a new version.
質問 # 51
......
合格確定、ガイドで準備1z0-1072-23試験:https://jp.fast2test.com/1z0-1072-23-premium-file.html