oracle 1z0-1067-20 practice test

Oracle Cloud Infrastructure 2020 Cloud Operations Associate

Question 1

Which technique does NOT help you get the optimal performance out of the Oracle Cloud Infrastructure (OC1) File Storage

  • A. Serialize operations to the file system to access consecutive blocks as much as possible.
  • B. Limit access to the same Availability Domain (AD) as the File Storage service where possible.
  • C. Right size compute instances from where file system is accessed based on their network capacity.
  • D. Store files across multiple directories in the file system.
  • E. Increase concurrency by using multiple threads, multiple clients, and multiple mount targets.


Oracle Cloud Infrastructure File Storage is a fully managed file storage service that can be accessed concurrently by
thousands of compute instances.
To optimize the performance of File Storage, consider the following guidelines:
- While it is possible to access mount targets from any availability domain in a region, for optimal performance, place File
Storage resources in the same availability domain as the Compute instances that access them.
- File Storage performance increases with parallelism. Increase concurrency by using multiple threads, multiple clients, and
multiple mount targets. In particular, scalability will be greatest when clients and threads are accessing independent portions
of the file system
- Use tools to run file operations in parallel. The File Storage engineering team has developed parallel tar and untar (puntar),
parallel copy (parcp), and parallel remove (parrm) tools. These tools are available in the
fss-parallel-tools package in Oracle Linux.
- The available bandwidth to a file system can significantly impact its performance. In Oracle Cloud Infrastructure, larger
instances (more CPUs) are entitled to more network bandwidth. File Storage performance is best with Oracle bare metal
instances or large VM shapes
- To minimize latency, clients, mount targets, and file systems should be in the same availability domain.
- For best performance, dont set any mount options such as rsize or wsize when mounting the file system. In the absence of
these options, the system automatically negotiates optimal window sizes.
- Due to the limitations of Oracle Cloud Infrastructures VNICs, each mount target is limited to about 600 MB/s of read or
write traffic. If you have bandwidth-heavy workloads, consider spreading your workload across multiple mount targets after
your file system exceeds 10 TB.


Question 2

You created an Oracle Linux compute Instance through the Oracle Cloud Infrastructure (OCI) management console then
immediately realize you add an SSH key file. You notice that OCI compute service provides instance console connections
that supports adding SSH keys for a running Instance. Hence, you created the console connection for your Linux server and
activated it using the connection string provided. However, now you get' prompted for a username and password to login.
What option should you recommend to add the SSH key to your running Instance, while minimizing the administrative

  • A. You need to configure the boot loader to use ttyS0 as a console terminal on the VM.
  • B. You need to terminate the running instance and recreate it by providing the SSH key file.
  • C. You need to reboot the instance from the console, boot into the bash shell In maintenance mode, and add SSH keys for the open user.
  • D. You need to modify the serial console connection string to include the identity file flag, -i to specify the SSH key to use.


The Oracle Cloud Infrastructure Compute service provides console connections that enable you to remotely troubleshoot
malfunctioning instances.
There are two types of instance console connections:
- Serial console connections
- VNC console connections
Before you can connect to the serial console or VNC console, you need to create the instance console connection.
After you have created the console connection for the instance, you can then connect to the serial console by using a
Secure Shell (SSH) connection. When you are finished with the serial console and have terminated the SSH connection, you
should delete the serial console connection. If you do not disconnect from the session, Oracle Cloud Infrastructure
terminates the serial console session after 24 hours and you must reauthenticate to connect again
If you are not using the default SSH key or ssh-agent, you can modify the serial console connection string to include the
identity file flag, -i, to specify the SSH key to use. You must specify this for both the SSH connection and the SSH
ProxyCommand, as shown in the following line:
ssh -i // -o ProxyCommand='ssh -i // -W %h:%p -p 443


Question 3

You are configuring on alarm In Oracle Cloud Infrastructure (OCI) for a compute instance named vision. The metric needs to
be triggered when the ingress network rate is greater than 1MB.
Which statement will accomplish this?

  • A. NetworksBytesIn[1MB]{resourceDisplayName - "vision"}.rate() > 1
  • B. NetworksBytesIn[1m]{resourceDisplayName - "vision"}.rate() > 1024
  • C. {resourceDisplayName = "vision"}(NetworksBytesIn[lm]).rate() > 1024
  • D. {resourceDisplayName = Hvision"}(NetworksBytesIn[1MB]).rate() > 1


NetworkBytesIn is aggregated across all the instance's attached VNICs Example
The query components appear in the following order:


Question 4

You set up a bastion host in your VCN to only allow your IP address ( to establish SSH connections to your
Compute instances that are deployed private subnet. The Compute instances have an attached Network Security Group with
a Source Type: Network security Group (NSG) , Source NSG:
-050504. To secure the bastion host, you added the following ingress rules to its Network Security Group:

However, after checking the bastion host logs, you discovered that there are IP addresses other than your own that can
access your bastion host.
What is the root cause of this issue?

  • A. A netmask of /32 allows all IP address in the network, other than your IP
  • B. The port 22 provides unrestricted access to and to other IP address
  • C. All compute instances associated with NSG-050504 are also able to connect to the bastion host.
  • D. The Security List allows access to all IP address which overrides the Network Security Group ingress rules.


As per security rules that allow ssh on port 22 and source will be NSG-050504, so any compute instance that attached to this
NSG will able to access the bastion host as it includes in the same NSG


Question 5

Which two parameters are required in a back end set’s HTTP health check? (Choose two.)

  • A. timeout
  • B. response body
  • C. port
  • D. status code
  • E. URL path


Enter the Health Check details.
Load Balancing automatically checks the health of the instances for your load balancer. If it detects an unhealthy instance, it
stops sending traffic to the instance and reroutes traffic to healthy instances. In this step, you provide the information
required to check the health of servers in the backend set and ensure that they can receive data traffic.
Protocol: Select HTTP.
Port: Enter 80
URL Path (URI): Enter /
The rest of the fields are optional and can be left blank for this tutorial. Click Create.
When the Backend Set is created, the Work Request shows a status of Succeeded. Close the Work Request dialog box.


Question 6

You Saw created a group for several auditors. You assign the following policies to the group:

What actions are the auditors allowed to perform within your tenancy?

  • A. Auditors are able to view all resources in the compartment.
  • B. Auditors are able to create new instances in the tenancy.
  • C. The Auditors can view resources in the tenancy.
  • D. The Auditors are able to delete resources in the tenancy.


Let auditors inspect your resources
Type of access: Ability to list the resources in all compartments. Be aware that: The operation to list IAM policies includes the
contents of the policies themselves
The list operations for Networking resource-types return all the information (for example, the contents of security lists and
route tables)
The operation to list instances requires the read verb instead of inspect, and the contents include the user-provided
The operation to view Audit service events requires the read verb instead of inspect.
Where to create the policy: In the tenancy. Because of the concept of policy inheritance, auditors can then inspect both the
tenancy and all compartments beneath it. Or you could choose to give auditors access to only specific compartments if they
don't need access to the entire tenancy.
Allow group Auditors to inspect all-resources in tenancy Allow group Auditors to read instances in tenancy Allow group
Auditors to read audit-events in tenancy


Question 7

Which three statements ate true about Object Storage data security and encryption In Oracle Cloud Infrastructure (OCI)?

  • A. OCI Key Management is used by default to provide data security.
  • B. Client-side encryption is managed by the customer.
  • C. A VPN connection to OCI is required to ensure secure data transfer to an object storage bucket.
  • D. All traffic to and from Object Storage service is encrypted using TLS.
  • E. Server side encryption uses per-object keys which are managed by Oracle.


All data in Object Storage is encrypted at rest by using AES-256. Encryption is on by default and cannot be turned off. Each
object is encrypted with its encryption key, and the object encryption keys are encrypted with a master encryption key. In
addition, customers can use client-side encryption to encrypt objects with their encryption keys before storing them in Object
Storage buckets. An available option for customers is to use the Amazon S3 Compatibility API, along with client-side object
encryption support available in AWS SDK for Java.
Data in transit between customer clients (for example, SDKs and CLIs) and Object Storage public endpoints is encrypted
with TLS 1.2 by default. FastConnect public peering allows on-premises access to Object Storage to go over a private
network, rather than the public internet.
Oracle Cloud Infrastructure Key Management is a managed service the enables you, the customer, to manage and control
AES symmetric keys used to encrypt your data-at-rest. Keys are stored in a FIPS 140-2, Level
3- certified, Hardware Security Module (HSM) that is durable and highly available. The Key Management service is
integrated with many Oracle Cloud Infrastructure services, including Block Volumes, File Storage, Oracle Container Engine
for Kubernetes, and Object Storage.
Use the Key Management service if you need to store your Master Encryption Keys in an HSM to meet governance and
regulatory compliance requirements or when you want more control over the cryptoperiod of the encryption keys used for
your data.
When you store your data with Oracle Cloud Infrastructure Block Volumes, File Storage Service, and Object Storage and
dont use Key Management, your data is protected using encryption keys that are securely stored and controlled by Oracle.


Question 8

You have created the following JSON file to specify a lifecycle policy for one of your object storage buckets:

How will this policy affect the objects that are stored in the bucket?

  • A. Objects containing the name prefix LOGS will be automatically migrated from standard Storage to Archive storage 30 days after the creation date. The objects will be deleted 120 days after creation.
  • B. Objects containing the name prefix LOGS will automatically be migrated from standard Storage to Archive storage 30 days after the creation date. The objects will be migrated back to standard Storage 120 days after creation.
  • C. The objects with prefix "LOGS" will be deleted 30 days after creation date.
  • D. Objects with the prefix "LOGS" will be retained for 120 days and then deleted permanently.


Using Object Lifecycle Management
Object Lifecycle Management lets you automatically manage the archiving and deletion of objects. By using Object Lifecycle
Management to manage your Object Storage and Archive Storage data, you can reduce your storage costs and the amount
of time you spend managing data.
Object Lifecycle Management works by defining rules that instruct Object Storage to archive or delete objects on your behalf
within a given bucket. A bucket's lifecycle rules are collectively known as an object lifecycle policy.
This lifecycle policy archives objects after 30 days and deletes them after 120 days. for objects containing the name prefix


Question 9

Your application is using Object Storage bucket named app-data In the namespace vision, to store both persistent and
temporary date. Every week all the temporary data should be deleted to limit the storage
Currently you need to navigate to the Object Storage page using the web console, select the appropriate bucket to view all
the objects and delete the temporary ones.
To simplify the task you have configured the application to save all the temporary data with /temp prefix. You have also
decided to use the Command Line Interface (CLI) to perform this operation.
What is the command you should use to speed up the data cleanup? A)




  • A. Option A
  • B. Option B
  • C. Option C
  • D. Option D


bulk-delete : Deletes all objects in a bucket which match the provided criteria. delete : Deletes an object.
# Delete all the objects.
oci os object bulk-delete -ns mynamespace -bn mybucket # Delete objects that match the specified prefix.
oci os object bulk-delete -ns mynamespace -bn mybucket --prefix myprefix
By default, the bulk-delete command will prompt you prior to deleting objects. To suppress this prompt, pass the --force


Question 10

You are asked to Implement the disaster recovery (DR) and business continuity requirements for Oracle Cloud Infrastructure
(OCI) Block Volumes. Two OCI regions being used: a primary/source region and a DR/destination region.
The requirements are:
There should be a copy of data in the destination region to use If a region-wide disaster occurs in the source region
Minimize costs
Which of the following design will help you meet these requirements?

  • A. Clone block volumes. Copy block volume clones from source region to destination region at regular intervals.
  • B. Back up block volumes. Use Object Storage lifecycle management to automatically move backup objects to Archive Storage. Copy Archive Storage buckets from source region to destination at regular Intervals.
  • C. Back up block volumes. Copy block volume backups from source region to destination region at regular intervals.
  • D. Clone block volumes. Use Object Storage lifecycle management to automatically move clone object Archive Storage. Copy Archive Storage buckets from source region to destination at regular intervals.


You can copy block volume backups between regions using the Console, command line interface (CLI), SDKs, or REST
APIs. For steps, see Copying a Volume Backup Between Regions. This capability enhances the following scenarios:
Disaster recovery and business continuity: By copying block volume backups to another region at regular intervals, it makes
it easier for you to rebuild applications and data in the destination region if a region-wide disaster occurs in the source
Migration and expansion: You can easily migrate and expand your applications to another region. You can also enable
scheduled cross-region automated backups with user defined policies,
To copy volume backups between regions, you must have permission to read and copy volume backups in the source
region, and permission to create volume backups in the destination region.

To page 2