Question No. 1

You have been asked to set up connectivity between a client's on-premises network and Oracle Cloud Infrastructure (OCI). The requirements are:

Low latency: The applications are financial and require low latency connectivity into OCI. Consistency: The application isn't tolerant of performance variation.

Performance: The communications link needs to support up to 1.25 Gbps.

Encryption: The communications link needs to encrypt any data in transit between the on-premises network and OCI Virtual Cloud Network (VCN).

The client wants to implement the above with as low a cost as possible, while meeting all of the requirements. What should you suggest? (Choose the best answer.)

AProvision FastConnect with a single private virtual circuit, and run an IPsec VPN tunnel over the top of this virtual circuit.

BProvision FastConnect with a single public virtual circuit.

CProvision a site-to-site IPsec VPN between your on-premises network and your virtual cloud network (VCN) using VPN Connect.

DProvision FastConnect with a single private virtual circuit.

EProvision FastConnect with a single public virtual circuit, and run an IPsec VPN tunnel over the top of this virtual circuit.

Show Answer

Correct Answer: E

https://docs.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/encrypted-fastconnect-public-peering.pdf

Question No. 2

Your customer is running a set of compute instances inside a private subnet to manage their workloads on Oracle Cloud Infrastructure (OCI) tenancy. You have set up auto scaling feature to provide consistent performance to their end users during period of high demand.

Which step should be met for auto scaling to work? (Choose the best answer.)

AOS Management Service agent (osms) must be installed on the instances.

BAudit logs for the instances should be enabled.

CService gateway should be setup to allow instances to send metrics to monitoring service.

DMonitoring for the instances should not be enabled.

Show Answer

Correct Answer: C

https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/enablingmonitoring.htm#Enabling_Monitoring_for_Compute_Instances

Service gateways or public IP addresses: The compute instance must have either a public IP address or a service gateway to be able to send compute instance metrics to the Monitoring service.

For metric-based autoscaling, monitoring is enabled on the instances in the instance pool, and the Monitoring service is receiving metrics that are emitted by the instance. When you initially create an instance pool using instances that support monitoring, monitoring is enabled by default, regardless of the settings in the pool's instance configuration.

Question No. 3

You have been asked to ensure that in-transit communication between an Oracle Cloud Infrastructure (OCI) compute instance and an on-premises server (192.168.10.10/32) is encrypted. The instances communicate using HTTP. The OCI Virtual Cloud Network (VCN) is connected to the on-premises network by two separate connections: a Dynamic IPsec VPN tunnel and a FastConnect virtual circuit. No static configuration has been added.

What solution should you recommend? (Choose the best answer.)

AThe instances will communicate by default over IPsec VPN, which ensures data is encrypted in-transit.

BAdvertise a 192.168.10.10/32 route over the VPN.

CAdvertise a 192.168.10.10/32 router over the FastConnect.

DThe instances will communicate by default over the FastConnect private virtual circuit, which ensures data is encrypted in-transit.

Show Answer

Correct Answer: B

https://www.oracle.com/uk/cloud/networking/fastconnect-faq.html

Question No. 4

You set up a bastion host in your VCN to only allow your IP address (140.19.2.140) to establish SSH connections to your Compute Instances that are deployed in a private subnet. The Compute Instances have an attached Network Security Group with a Source Type: Network Security Group (NSG), Source NSG: NSG-050504. To secure the bastion host, you added the following ingress rules to its Network Security Group:

However, after checking the bastion host logs, you discovered that there are IP addresses other than your own that can access your bastion host.

What is the root cause of this issue? (Choose the best answer.)

AThe Security List allows access to all IP address which overrides the Network Security Group ingress rules.

BAll compute instances associated with NSG-050504 are also able to connect to the bastion host.

CThe port 22 provides unrestricted access to 140.19.2.140 and to other IP address.

DA netmask of /32 allows all IP address in the 140.19.2.0 network, other than your IP 140.19.2.140

Show Answer

Correct Answer: B

Question No. 5

You have the following compartment structure within your company's Oracle Cloud Infrastructure (OCI) tenancy:

You want to create a policy in the root compartment to allow SystemAdmins to manage VCNs only in CompartmentC.

Which policy is correct? (Choose the best answer.)

AAllow group SystemAdmins to manage virtual-network-family in compartment CompartmentB:CompartmentC

BAllow group SystemAdmins to manage virtual-network-family in compartment Root

CAllow group SystemAdmins to manage virtual-network-family in compartment CompartmentA:CompartmentB:CompartmentC

DAllow group SystemAdmins to manage virtual-network-family in compartment CompartmentC

Show Answer

Correct Answer: C

Complete Compartment path is required. It is also advisable to do so, as policies are name based ones.

Free Oracle 1Z0-1067-22 Exam Actual Questions

The questions for 1Z0-1067-22 were last updated On Nov 20, 2024