Oracle 1z0-1072-23 Oracle Cloud Infrastructure 2023 Architect Associate Exam Practice Test

File systems use Oracle-managed keys by default. Customer can encrypt data in their file system using their own Vault encryption key. The explanation is that File Storage Service encrypts all data at rest using AES-256 encryption algorithm. By default, File Storage Service uses Oracle-managed keys to encrypt and decrypt data. However, you can also use your own Vault encryption key to encrypt data in your file system. To do so, you need to create a key in Vault and associate it with your file system when you create or update it.

The explanation is that shielded instances are VM instances that have additional security features to protect them from low-level threats, such as rootkits and bootkits that can infect the firmware and operating system and are difficult to detect. Shielded instances use verified boot, which ensures that only trusted software components are executed during the boot process. Shielded instances also use virtual trusted platform module (vTPM), which provides a secure storage for encryption keys and certificates. Shielded instances are available for Oracle Linux 8 platform images with VM.Standard2.* shapes.

Oracle Security Zones is a service that helps you enforce best practices and prevent misconfigurations on your OCI resources by applying predefined policies and controls. Some of the benefits of using Security Zones are:

• Encrypt storage resources with a customer-managed key: Security Zones require that all storage resources, such as block volumes, boot volumes, file systems, and object storage buckets, are encrypted with a customer-managed key from Vault. This ensures that you have full control over the encryption and decryption of your data at rest.
• Deny public access to OCI resources, such as databases and object storage buckets: Security Zones prevent you from creating or updating OCI resources that have public access enabled, such as databases and object storage buckets that are accessible from the internet. This reduces the risk of unauthorized access or data leakage.

Attaching a block volume to an instance in a different availability domain is not a valid action within the OCI Block Volume service. A block volume can only be attached to an instance in the same availability domain. The other options are valid actions that can be performed with the Block Volume service. References: [Block Volume Actions]

Network Visualizer is the tool that provides a diagram of the implemented topology of all VCNs in a selected region and tenancy. Network Visualizer is a feature of the OCI Networking service that allows users to view and manage their network resources in a graphical interface. It can help users understand their network topology, troubleshoot issues, and optimize performance. The other options are not tools that provide a diagram of the VCN topology, but rather other features or services of OCI Networking. References: [Network Visualizer]

The explanation is that when you enable Cross Region Replication for a block volume, Object Storage creates a replica of the volume in another region of your choice. The replica is not available as a block volume until you activate it. To activate a replica, you need to select the replica from the Block Storage console and click Activate Replica. This will create a new block volume from the replica in the destination region.

According to the Oracle Cloud Infrastructure documentation1, autoscaling enables you to automatically adjust the number of compute instances in an instance pool based on performance metrics such as CPU and memory utilization. You select a performance metric to monitor and set thresholds that the performance metric must reach to trigger an autoscaling event. When system usage meets a threshold, autoscaling dynamically resizes the instance pool in near-real time. As load increases, the pool scales out. As load decreases, the pool scales in.

Therefore, option B is the correct answer, as it allows you to monitor the memory usage of your application and scale up the number of instances when it meets or exceeds a predefined threshold. This will prevent poor application performance due to insufficient memory.

Allow group NetworkAdmins to manage virtual-network-family in compartment A:B:C. The explanation is that when you attach a policy to the tenancy, you need to specify the full path of the compartment where you want to grant permissions. In this case, the compartment C is a sub-compartment of compartment B, which is a sub-compartment of compartment A, which is a sub-compartment of the root compartment (tenancy). Therefore, the full path of compartment C is A:B:C. The virtual-network-family resource type includes all the resources related to VCN, such as subnets, route tables, security lists, gateways, etc.

Domains can be delegated to OCI DNS from the Domain Registrar’s self-service portal. The explanation is that delegating a domain to OCI DNS means that you are transferring the authority to resolve DNS queries for your domain from your current DNS provider to OCI DNS. To delegate a domain to OCI DNS, you need to create a zone in OCI DNS that matches your domain name and add any records that you want to serve from OCI DNS. Then, you need to update the name servers for your domain at your Domain Registrar’s self-service portal with the name servers provided by OCI DNS. This will point your domain to OCI DNS and allow it to resolve DNS queries for your domain.

Group the boot volumes into a volume group and create a custom backup policy. Group the block volumes and create a custom backup policy. The explanation is that volume groups are logical collections of block volumes and boot volumes that can be backed up together as a consistent point-in-time snapshot. You can create a custom backup policy for each volume group and specify the frequency and retention period of the backups. This way, you can meet different backup requirements for different types of volumes.

Creating a custom image and using it as a template for the new instances is the option that allows you to achieve this task with the least amount of effort. A custom image is a copy of an existing instance that you can use to launch other instances with the same configuration and installed software. The other options are not suitable for this scenario, as they would require more time and effort to create and customize the instances. References: [Custom Images]

You can replicate the data in one file system to another file system in the same region or a different region is a true statement about File System Replication in OCI. File System Replication is a feature that allows users to create a copy of a file system in another file system, either within the same region or across regions. This can be useful for disaster recovery, data migration, or data distribution purposes. The other statements are false about File System Replication in OCI. References: [File System Replication]

Dimensions and Grouping Function are two optional components while creating the Monitoring Query Language (MQL) expressions in the OCI Monitoring service. Dimensions are key-value pairs that provide additional information about a metric, such as region, compartment, or resource type. Grouping Function is a function that aggregates metric data across one or more dimensions, such as sum, count, or average. The other options are required components for MQL expressions. References: [Dimensions], [Grouping Function]

Even if nothing has changed within the file system since the last snapshot was taken, a new snapshot does not consume more storage. This is because snapshots are incremental and only store the changes made to the file system since the previous snapshot. The other statements are correct regarding the OCI File System snapshots. References: [Snapshots and Storage Consumption]

There is no Identity and Access Management (IAM) policy that allows the Object Storage service to use the key. The explanation is that when you create an Object Storage bucket with encryption using a customer-managed key from Vault, you need to have an IAM policy that allows the Object Storage service to use the key on your behalf. The policy should look like this:

allow service objectstorage- to use key in compartment

where is the region where your bucket resides and is the compartment where your key resides.

The explanation is that geolocation is a type of Traffic Management Steering Policy that allows you to distribute DNS traffic to different endpoints based on the location of the end user. Geolocation steering policies use geolocation data from third-party providers to map end user IP addresses to geographic regions. You can create rules that specify which endpoints to serve for each region or country, or use a default endpoint for unspecified regions.