top of page

Oracle Cloud Infrastructure 2025 Architect Associate Dumps & 1Z0-1072-25 Prep

  • CertiMaan
  • Oct 16, 2025
  • 32 min read

Updated: Jan 2

Prepare for the Oracle Cloud Infrastructure 2025 Architect Associate certification exam with the latest 1Z0-1072-25 dumps and expertly curated sample questions. Our comprehensive OCI 2025 Architect Associate dumps are designed to reflect the real exam format and cover essential topics like core cloud services, networking, storage, security, and identity management. Whether you're aiming to clear the exam on your first attempt or strengthen your foundational knowledge, these updated dumps and practice exams help bridge the gap. Gain confidence through scenario-based learning, real-world OCI questions, and hands-on prep material aligned with Oracle's current blueprint for 2025. Ideal for cloud architects, developers, and IT professionals seeking Oracle certification success.


Oracle Cloud Infrastructure 2026 Architect Associate Dumps - Sample Questions List :


1. Why are two subnets required to create a public load balancer when additional subnets are often used for back-end servers? (Choose two.)

  1. Routing is simpler when the load balancer is not in the same subnet as the back-end server.

  2. Performance is higher when more subnets are used.

  3. Additional subnets for back-end servers allow for separate route tables for these servers.

  4. Additional subnets for back-end servers allow for separate security lists for these servers.

2. Which two statements are true about Oracle Cloud Infrastructure Compute Service? (Choose two.)

  1. You can launch a virtual or bare metal instance by using the same LaunchInstance API.

  2. You cannot launch a bare metal server in Oracle Cloud Infrastructure Compute Service.

  3. You can attach a block volume in an Availability Domain other than your compute instance.

  4. You can share custom images across tenancies and regions.

3. You are responsible for setting up access for all the cloud users of a large enterprise. You log in to the Phoenix region and start creating users and policies. You then realize that some users might be creating resources in the Ashburn region. Which step should you perform to enable those users?

  1. You can assign a region to each of the users at the time of creation.

  2. IAM users are global and non-admin users can add resources to any region by default.

  3. You need to log in to each region separately to create users for that particular region.

  4. IAM users are global. As an administrator, make sure that you subscribe to the Ashburn region.

4. Which two options are true for Autonomous Transaction Processing (ATP) database? (Choose two.)

  1. You can add/remove Diskgroup in ATP

  2. You can scale storage up or down in ATP

  3. You can scale CPU up or down in ATP

  4. You can add more Pluggable Database for consolidating multiple databases in ATP

  5. You can add new ORACLE_HOME for bringing older versions of on-premises databases to ATP

5. You deployed a web server in Oracle Cloud Infrastructure using an ephemeral public IP. After a few changes in your web server configuration, you rebooted the server and a new public IP was associated to your instance. What should you do to prevent this from happening again?

  1. Create a reserved public IP and associate it with the security list that your complete instance is using

  2. Create a reserved public IP and associate it with the subnet of your compute instance

  3. Create a reserved public IP and associate it with the VNIC of your compute instance

  4. Create a reserved public IP and associate it with the hosts file of your web server

6. You have created a public subnet in a VCN, and your public subnet has a Route Table, a Security List, and an Internet Gateway. However, none of the compute instances can connect to the Internet. Which two are possible reasons for the connectivity issue? (Choose two.)

  1. There is no Dynamic Routing Gateway (DRG) associated with the VCN.

  2. The Route Table has no default route for routing traffic to the Internet Gateway.

  3. There is no stateful ingress rule in the Security List associated with the public subnet.

  4. There is no stateful egress rule in the Security List associated with the public subnet.

7. You currently manage an e-commerce application that utilizes 25 identical compute resources to handle customer traffic. The stakeholders have asked you to create another 25 identical compute resources in order to deploy and test a new version of the software? What is the most efficient process to create 25 additional compute resources that are identical to the first 25?

  1. Create a custom image from 1 of the 25 servers. Use this custom image to provision 25 more servers

  2. Create a manual backup of each boot volume belonging to the 25 servers. Restore each backup to create 25 new boot volumes, from which you will provision 25 more servers

  3. Provision a new server and configure it to be identical to the first 25. Create a custom image from the new server, then use the custom image to provision 24 more servers

  4. Clone the boot volume of 1 of the 25 servers. Use the boot volume clone to provision 25 more servers

8. Which two are true for achieving High Availability on Oracle Cloud Infrastructure? (Choose two.)

  1. Store your database across multiple regions so that half of the data resides in one region and the other half resides in another region.

  2. Attach your block volume form Availability Domain 1 to a compute instance in Availability Domain 2 (and vice versa) so that they are highly available.

  3. Configure your database to have Data Guard in another Availability Domain in Sync mode within a region.

  4. Store your database files on Object Storage so that they are available in all Availability Domains in all regions.

  5. Distribute your application servers across all Availability Domains within a region.

9. You are deploying a highly available web application in Oracle Cloud Infrastructure and have decided to use a public load balancer. The back-end web servers will be distributed across all three availability domains (ADs). How many subnets should you create to deliver a secure highly available application?

  1. three subnets in total; one subnet in each AD

  2. five subnets in total; two subnets each in the first and second AD with a single subnet in the third AD

  3. six subnets in total; two subnets in each AD; one for the load balancer and one for the web servers

  4. four subnets in total; one subnet in each AD for the web servers and a single subnet in any one AD for the load balancer

10. You are in the process of setting up a highly available student registration website on Oracle Cloud Infrastructure (OCI). You use a load balancer and a database service on OCI. You launch two compute instances each in a different subnet and add them to the back end set of a public load balancer. The load balancer is configured correctly and working. You then deploy the student registration application on these two compute instances. The application can communicate with the database service. However, when you type the URL of this student registration application in your browser, no web page appears. What could be the cause?

  1. The security lists of the subnets on which the two instances are located do not have “allow” rules for port 80 and 443.

  2. The load balancer performed a health check on the application and found that compute instances were not in a healthy state and terminated the instances.

  3. The client requested https access to the application and the load balancer service does not support end-to-end SSL from the client to the listener to the back-end set.

  4. The Dynamic Routing Gateway is preventing the client traffic from your data center network from reaching the public IP of the load balancer.

11. Which statement is true about cloning a volume?

  1. You need to detach a volume before cloning from it.

  2. A cloned volume is the same as a snapshot that has a dependency on the source volume.

  3. You cannot change the block volume size when cloning a volume.

  4. You can create a clone for a volume across regions.

12. When terminating a compute instance, you want to preserve the boot volume and its data. Which step will you need to perform?

  1. You cannot preserve the boot volume; it will always be deleted when you terminate the instance.

  2. Reboot the instance first, and then terminate the instance.

  3. Disable the default option to delete the boot volume when terminating an instance.

  4. Before terminating the instance, you must detach the boot volume.

13. How can you provide users access to an existing compartment?

  1. by granting users access to a compartment when the compartment is created

  2. by adding users to a group and defining a policy to provide the group access to the compartment

  3. by adding users to a compartment. All users in the compartment will have access to the objects in the compartment.

  4. by granting access directly to the user when the user is created

14. You have been notified of an application failure indicating that one or more of the Oracle Cloud Infrastructure (OCI) resources have become unavailable. After scanning the Compute and Database consoles, you notice that one of the DB Systems is missing. What would you do to identify the reason for this missing resource?

  1. Navigate to the Audit console and search the previous 24 hours for all Delete actions to get a list of any resource that was deleted in the past 24 hours.

  2. Create a serial console connection to the DB System that does not appear in the management console. Connect to the serial console connection, and then review the system logs under /var/log/messages.

  3. View the service limits associated with your account to ensure that you have not exceeded the available number of DB system in your tenancy.

  4. Navigate to the Audit console and search the previous 24 hours for all List actions to get a list of every event that occurred in the past 24 hours.

15. Which two statements are true about policies?

  1. You can use read, write, manage, and inspect as verbs for defining a policy.

  2. A policy is a document that specifies who can access which Oracle Cloud Infrastructure resources that your company has, and how.

  3. Users need not do anything but still have to be added to a group with appropriate policies defined.

  4. You can deny access to a group via policies.

16. You have an application deployed in Oracle Cloud Infrastructure running only in the Phoenix region. You were asked to create a disaster recovery (DR) plan that will protect against the loss of critical data. The DR site must be at least 500 miles from your primary site and data transfer between the two sites must not traverse the public Internet. Which is the recommended disaster recovery plan?

  1. Create a new virtual cloud network (VCN) in the Phoenix region and create a subnet in one availability domain (AD) that is not currently being used by your production systems. Establish VCN peering between the production and DR sites.

  2. Create a DR environment in Ashburn. Associate a DRG with the VCN in each region and create a remote peering connection between the two VCNs.

  3. Create a DR environment in Ashburn and provision a FastConnect virtual circuit using DRG between the regions.

  4. Create a DR environment in Ashburn. Associate a dynamic routing gateway (DRG) with the VCN in each region and configure an IPsec VPN connection between the two regions.

17. Which three actions need to be performed before attempting a data transfer service job?

  1. Obtain an available host machine which can run the dts utility on-premise with SATA or USB drives attached for the transfer job.

  2. Get access to a high-speed internet connection

  3. Data Transfer Service and Storage Service Limits should be checked and raised if required.

  4. Set up SSH access to a host on OCI to coordinate the transfer job.

  5. Create an object bucket to receive the job.

18. A customer has established an Oracle Cloud Infrastructure (OCI) FastConnect connection to OCI. The virtual circuit is up and routes are being advertised from the customer’s end, however the customer is unable to ping from compute instances inside the virtual cloud network (VCN) to servers residing in its on-premises data center. Which two options on OCI would remedy this situation? (Choose two.)

  1. Modify the route table associated with the VCN subnet in which the instance resides. Add a route to the customer’s on-premises network via the Dynamic Routing Gateway (DRG).

  2. Modify the security list associated with the VCN subnet in which the instance resides. Add a stateful egress rule to allow ICMP traffic to the customer’s on-premises network.

  3. Modify the security list associated with the VCN subnet in which the instance resides. Add a stateful ingress rule to allow ICMP traffic from anywhere.

  4. Modify the default VCN route table to add a route back to the customer’s on-premises network via the DRG.

19. You have five different company locations spread across the US. For a proof-of-concept (POC) you need to setup secure and encrypted connectivity to your workloads running in a single virtual cloud network (VCN) in the Oracle Cloud Infrastructure Ashburn region from all company locations. What would meet this requirement?

  1. Create five internet gateways in your VCN and have separate route table for each internet gateway.

  2. Create five virtual circuits using FastConnect for each company location and terminate those connections on a single dynamic routing gateway (DRG). Attach that DRG to your VCN.

  3. Create five IPsec connections with each company location and terminate those connections on a single DRG. Attach that DRG to your VCN.

  4. Create five IPsec VPN connections with each company location and terminate those connections on five separate DRGs. Attach those DRGs to your VCN.

20. Which statement is true about DB Systems?

  1. Data Guard as a Service is offered between regions.

  2. You cannot manage the database as sys/sysdba.

  3. You have full control over the automatic backup schedule and retention periods.

  4. You can manage Oracle database initialization parameters at a global level.

21. Your company has decided to move a few applications to Oracle Cloud Infrastructure and you have been asked to design it for Disaster Recovery (DR). One of the items of your design is to deploy the DR at least 300 miles from the home site and minimize the network latency as much as possible. Based on that, what will be the recommended deployment?

  1. Deploy applications in two separated VCNs in different Availability Domains and use VCN Remote Peering

  2. Deploy applications in different regions and have them connected using VCN Remote Peering

  3. Deploy applications in two separated VCNs in different regions and use VCN Local Peering

  4. Deploy applications on the same region splitting workloads across Availability Domains.

22. Your company is moving an Internet-facing, 2-tier web application into Oracle Cloud Infrastructure. The application must have a highly available architecture. Which two design options would you consider? (Choose two.)

  1. Configure a Dynamic Route Gateway in your VCN and make it highly available.

  2. Configure a NAT instance in your Virtual Cloud Network (VCN). Create a route rule by using the private IP of the NAT instance as a route target for all the private subnets in your VCN.

  3. Create an Internet Gateway and attach it to your VCN. Deploy public load balancer nodes into two Available Domains.

  4. Place all web servers behind a public load balancer.

23. You have created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain application servers and the third subnet contains a DB System. The application requires a shared file system so you have provisioned one using the file storage service (FSS). You also created the corresponding mount target in one of the application subnets. The VCN security lists are properly configured so that both application servers and the DB System can access the file system. The security team determines that the DB System should have read-only access to the file system. What change would you make to satisfy this requirement?

  1. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet.

  2. Connect via SSH to one of the application servers where the file system has been mounted. Use the Unix command chmod to change permissions on the file system directory, allowing the database user read only access.

  3. Modify the security list associated with the subnet where the mount target resides. Change the ingress rules corresponding to the DB System subnet to be stateless.

  4. Create an instance principal for the DB System. Write an Identity and Access Management (IAM) policy that allows the instance principal read-only access to the file storage service.

24. You are the Cloud Architect of a company, and are designing a solution on Oracle Cloud Infrastructure where you want to have all your compute instances resistant to hardware failure. Which two are recommended best practices to achieve the requirement on Oracle Cloud Infrastructure? (Choose two.)

  1. Create a custom image of your system drive each time you change the image.

  2. Attach block volumes from different Availability Domains to compute instances in different Availability Domains for high availability.

  3. Design your system with redundant compute modes in different Availability Domains to support the failover capability.

  4. Create backups of your block volumes that are associated with compute instances in different regions.

25. Your organization has deployed a large, complex application across multiple compute instances in Oracle Cloud Infrastructure (OCI). These compute instances also have block volume storage attached to them. You want to create a time consistent backup of these block volume storage.\Which implementation strategy should be used?

  1. Create a manual backup of each volume

  2. Use scripts available in OCI to backup block volume storage

  3. Group volumes in a volume group first and then use available scripts in OCI

  4. Group volumes in a volume group and create a manual backup of the volume group

26. Within your tenancy you have a compute instance with a boot volume and a block volume attached. The boot volume contains the OS and the attached block volume contains the instance’s important data. Logs on the boot volume have filled the boot volume and are causing issues with the OS. What should you do to resolve this situation?

  1. Stop the instance that is full. Create a manual backup of the block storage before making changes. Detach the block volume, create a new instance of the same shape with a larger custom boot volume and attach the block volume to the new instance. Configure the OS and any related application(s) to access the block volume under the same mount point as before.

  2. Create a new instance with a larger boot volume size as well a new block volume which is the same size or larger than the one attached to the full instance. rsync the state of the boot volume and the state of the block volume between the two instances.

  3. Detach the block volume from the full instance. Create a new instance of the same shape with a larger boot volume and rsync the state of the boot volume between the instances. Attach the block volume to the new instance.

  4. Create a manual backup of the block storage instance. Create a custom image of the full instance. Once that completes deploy the custom image to a new instance.

27. Which two use Oracle dynamic routing gateway (DRG) for connectivity? (Choose two.)

  1. Remote virtual cloud network (VCN) peering across region

  2. Oracle IPsec VPN

  3. Local VCN peering

  4. Oracle Cloud Infrastructure FastConnect public peering

28. You have an external facing web server running in the Oracle Cloud Infrastructure (OCI) London region. You are notified that customers in North America and Australia are facing high latency while connecting to your web server. Which services are available on OCI that can help you get current latency statistics to your web server from these markets?

  1. Use DNS Zone Management service to check latency over that connection

  2. Setup an IPsec VPN with customers in those markets and check latency over that connection

  3. Use the Internet Intelligence tool. Run tests using the web server’s public IP address and review traceroute details from different vantage points

  4. Setup a FastConnect with customers in those markets and check latency over that connection

29. At the end of a terraform apply operation, what is the default output?

  1. nothing by default

  2. statistics about what was added, changed, and destroyed

  3. the entire state file

  4. statistics about what was added, changed, and destroyed, and the values of outputs

30. You have a shared file system between two web servers using File Storage Service (FSS) and you were tasked to create a backup plan for this environment to protect the data placed into the shared file system. What is the recommended approach to create this backup using FSS features?

  1. Implement a backup policy to execute a snapshot of the shared volume.

  2. Implement a backup policy to copy data from the shared volume to object storage.

  3. Compress the data that is in the shared volume and copy it into a different folder on the boot volume disk.

  4. Use the rsync tool to send data from the shared volume to a boot volume disk.

  5. Use the rsync tool to send data from the shared volume to a block volume.

31. A company currently uses Microsoft Active Directory as its identity provider. The company recently purchased Oracle Cloud Infrastructure (OCI) to leverage the cloud platform for its test and development operations. As the administrator, you are now tasked with giving access only to developers so that they can start creating resources in their OCI accounts. Which step will you perform to achieve this requirement?

  1. Create a group for developers on OCI and map the group to a similar group in Microsoft Active Directory during the federation process.

  2. Federate all Microsoft Active Directory groups with OCI to allow users to use their existing credentials.

  3. Create a new user account for each user, and then create policies to provide access to developers.

  4. Create a group for developers on OCI, export all the developers from Microsoft Active Directory, and then import them into the Identity and Access Management (IAM) group.

32. You have successfully configured identity federation between Oracle Cloud Infrastructure (OCI) and Oracle Identity Cloud Services (IDCS). A new project manager wants access to OCI for her team and provides the name of an existing group within IDCS to use when granting access. How do you configure federation to allow the project team access to OCI resources?

  1. Create a new IAM group in OCI and map it to the existing IDCS group. Create a new policy in IDCS and reference the name of the IAM group.

  2. Create a new Identity and Access Management (IAM) policy in OCI and reference the name of the IDCS group in each policy statement.

  3. Create a new compartment in OCI with the same name as the existing IDCS group. Create an IAM policy that references the new compartment and the name of the IDCS group.

  4. Create a new IAM group in OCI and map it to the existing IDCS group. Create a new IAM policy and reference the name of the IAM group in each policy statement.

33. Which three are capabilities of the dbaascli utility? (Choose three.)

  1. Patching the primary database deployment

  2. Open port 1521 in the VCN to allow for traffic to the listener

  3. Start and open the database instance

  4. Switchover and failover in an Oracle Guard configuration

  5. .E. Clone a DB

34. As the Cloud Architect for your company, you have been tasked with designing a high performance (HPC) cluster in Oracle Cloud Infrastructure (OCI). The following requirements have been defined: The cluster must be a minimum of three nodes, but may increase to six nodes when demand requires. The cluster must be resilient to any potential infrastructure failures. To minimize latency, all nodes must be deployed within the same availability domain (AD). Adding or replacing nodes within the cluster should take no more than 30 minutes. Which two steps should be performed to satisfy these requirements in OCI? (Choose two.)

  1. Deploy the cluster in a single AD with a shared file system that leverages the file storage service (FSS). Deploy a standby cluster in another AD and configure it to use the same shared file system.

  2. Deploy the cluster in a single AD. Place each of the nodes in one of the three different fault domains in that AD.

  3. Create a backup of your HPC node compute instance boot volume. Launch new compute instances directly from the backup reduce provisioning time.

  4. Create a custom image of your HPC node compute instance. Launch new compute instances using this image to reduce provisioning time.

  5. Deploy the cluster in a single AD. Place each of the nodes in a different virtual cloud network (VCN) subnet.

35. Which two statements about the Oracle File Storage Service (FSS) Security are accurate? (Choose two.)

  1. Oracle IAM controls which filesystems are mountable by which instances.

  2. Security lists can be used as a virtual firewall to prevent an instance from mounting an FSS mount target within a subnet.

  3. Encryption of file storage in FSS is optional.

  4. Data in transit to an FSS mount target is encrypted.

  5. FSS leverages UNIX user group and permission checking for file access security.

36. You had an outage in your application caused by the loss of a shared volume provisioned by File Storage Service (FSS). At this point, you need to restore the data from a snapshot you created of the FSS. What are the steps to restore the data?

  1. Access the directory where the shared volume is mounted, then cd into .snapshot folder, find the snapshot folder you want to recover and use cp or rsync tool to copy the files to the original location.

  2. Open OCI Console, select File Storage Service, find the shared storage, then click on snapshot and restore.

  3. Open OCI Console, select File Storage Service, find the snapshot you created and click restore.

  4. Access the directory, where you mounted the shared volume, then cd into .snapshot folder and find the snapshot folder you want to recover and rename that folder to the original folder name.

37. When terminating a compute instance, which statement is true?

  1. The instance needs to be stopped first, and then terminated.

  2. The boot volume is always deleted.

  3. All block volumes attached to the instance are terminated.

  4. Users can preserve the boot volume associated with the instance.

38. Which two statements are true about subnets within a VCN? (Choose two.)

  1. You can have multiple subnets in an Availability Domain for a given VCN.

  2. Private and Public subnets cannot reside in the same Availability Domain for a given VCN.

  3. Subnets can have their IP addresses overlap with other subnets in another network for a given VCN.

  4. Instances obtain their private IP and the associated security list from their subnets.

39. Which statement is true about Oracle Cloud Identifiers (OCID)?

  1. mytenancy.oc.ocid is a valid OCID.

  2. If you delete a user, and them create a new user with the same name, the user will be considered a different user because of different OCIDs.

  3. Users can customize OCIDs for all the resources in their compartments.

  4. If you delete a user, and then create a new user with the same name, the new user will be assigned the exact same OCIDs as the system remembers.

40. Which two statements are true about data guard service on DB Systems in Oracle Cloud Infrastructure (OCI)? (Choose two.)

  1. Data guard implementation requires two DB Systems, one running the primary database on a virtual machine and the standby database running on bare metal

  2. Data guard configuration on the OCI is limited to one standby database per primary database

  3. Data guard configuration on the OCI is limited to a virtual machine only

  4. Data guard implementation requires two DB Systems, one containing the primary database and one containing the standby database

41. Your company has decided to move a few applications to Oracle Cloud Infrastructure (OCI) and you have been asked to design a cloud-based disaster recovery (DR) solution. One of the requirements is to deploy the DR resources at least 300 miles from the home OCI region and minimize the network latency. What will be the recommended deployment?

  1. Deploy production and DR applications in the same VCN. Create production subnets in one AD, and DR subnets in another AD.

  2. Deploy production and DR applications in two separate VCNs in different availability domains (ADs) within your home region, and then use a VCN remote peering connection for connectivity.

  3. Deploy production and DR applications in two separate VCNs, each in different regions. Connect them using a VCN remote peering connection.

  4. Deploy production and DR applications in two separate virtual cloud networks (VCNs), each in different regions, and then use VCN local peering gateways for connectivity.

42. You are running a mission-critical database in Oracle Cloud Infrastructure (OCI). You take regular backups of your DB system to OCI object storage. Recently, you notice a failed database backup status in the console. What two steps can you take to determine the cause of the backup failure? (Choose two.)

  1. Ensure the database archiving mode is set to NOARCHIVELOG

  2. Ensure that your database host can connect to the OCI object storage

  3. Restart the dcsagent program if it has a status of stop or waiting

  4. Make sure that the database is not active and running while backup is in progress

43. You are an administrator with an application running on OCI. The company has a fleet of OCI compute virtual instances behind an OCI Load Balancer. The OCI Load Balancer Backend Set health check API is providing a ‘Critical’ level warning. You have confirmed that your application is running healthy on the backend servers. What is the possible reason for this ‘Critical’ warning?

  1. A user does not have correct IAM credentials on the Backend Servers.

  2. The Backend Server VCN’s Route Table does not include the route for OCI LB.

  3. OCI Load Balancer Listener is not configured correctly.

  4. The Backend Server VCN’s Security List does not include the IP range for the source of the health check requests.

44. You have an application running on Oracle Cloud Infrastructure. You identified that the read and write operations are slowing your application down enough to impair user access. The application is currently using a VM.Standard 1.2 compute without any block storage attached to it. Which two options allow you to increase disk performance? (Choose two.)

  1. Terminate the compute instance preserving the boot volume. Create a new compute instance a VM Dense IO shape using the boot volume preserved.

  2. Terminate the compute instance preserving the boot volume. Create a new compute instance using a VM Standard shape and attach a new block volume to host your application.

  3. Create a backup of the boot volume. Create a new compute instance a VM Dense IO shape and restore the backup.

  4. Terminate the compute instance and create a backup of the boot volume. Create a new compute instance using a VM Dense IO shape and restore the backup.

45. Which two resources are available by default when your Oracle Cloud Infrastructure tenancy is provisioned?

  1. an NVMe SSD boot disk for each instance, whose size is determined by the image and shape of the instance

  2. a range of public IP addresses that are reserved for your tenancy

  3. a set of images, where each image is a template of a virtual hard drive that consists of the OS and installed software and applications

  4. a variety of shapes, where each shape determines the number of CPUs and memory allocated to an instance.

46. You want an Oracle Cloud Infrastructure (OCI) compute instance in your compartment to make API calls to other services within OCI without storing credentials in a configuration file. What do you need to do?

  1. Create a dynamic group with appropriate matching rules to include the instance, and reference this group in your IAM policy statement

  2. Instances cannot access services outside their compartment

  3. VM instances are treated as users. Create a user, assign the user to that VM instance, and reference the instance in your Identity and Access Management (IAM) policy statement

  4. By default, all VM instances are created with an instance principal. Reference this instance principal in your IAM policy statement

47. You are the Solutions Architect of a large company and are tasked with migrating all your services to Oracle Cloud Infrastructure. As part of this, you first design a Virtual Cloud Network (VCN) with a public subnet and a private subnet. Then in order to provide Internet connectivity to the instances in your private subnet, you create an Oracle Linux instance in your public subnet and configure NAT on it. However, even after adding all related security list rules and routes in the Route Table, your private subnet instances still cannot connect to the Internet. Which action should you perform to enable Internet connectivity?

  1. Disable “Source and Destination Check” on the VNIC of your Linux instance.

  2. There is no way that a private subnet can connect to the Internet.

  3. Create a Dynamic Routing Gateway (DRG) and route your private IP traffic to the DRG.

  4. Restart the NAT instance.

48. Which statement is true about Oracle Cloud Infrastructure Object Storage Service?

  1. An Archive Object Storage tier bucket can be upgraded to the Standard Object Storage tier.

  2. You cannot directly download an object from an Archive Object Storage bucket.

  3. An existing Standard Object Storage tier bucket can be downgraded to the Archive Object Storage tier.

  4. Data retrieval in Archive Object Storage is instantaneous.

49. Which is a customer’s responsibility on an Oracle Cloud Infrastructure database?

  1. patching the database and OS

  2. creating the first default database on the DBCS server

  3. creating an ASM diskgroup for data file or temp file storage

  4. installing the operating system (OS), Grid Infrastructure, and database software

50. Which statement is true about a pre-authenticated request in Oracle Cloud Infrastructure Object Storage?

  1. You can create only 1, 000 pre-authenticated requests per bucket.

  2. You can create a pre-authenticated request only for public buckets.

  3. You cannot retire a pre-authenticated request before it expires.

  4. You cannot extend the expiration date on a pre-authenticated request.

51. Which two statements are true about the Oracle Cloud Infrastructure Object Storage Service? (Choose two.)

  1. It provides higher IOPS than Block Storage.

  2. It can be directly attached or detached from a compute instance.

  3. Data is stored redundantly only in a single AD.

  4. Data is stored redundantly across multiple availability domains (ADs).

  5. It provides strong consistency.

52. Which two statements are true about Database Cloud Service (DBCS)? (Choose two.)

  1. Data Guard as a Service is offered among regions.

  2. You have full control over backup schedule and retention.

  3. You can manage Oracle parameters at a global system level.

  4. You cannot manage the database as sys/sysdba.

53. Your Operations team has recently created a new, standard image that will be used to launch all new application servers in the Finance compartment. The custom image currently exists in the Operations compartment. You have access to manage all-resources in the Finance compartment and do not have access to the Operations compartment. Which two methods would make the new image available for you to use when deploying new servers in the Finance compartment? (Choose two.)

  1. Instruct the Operations team to reassign the custom image to the Finance compartment so you can select it from a drop-down list when launching new compute resources.

  2. Instruct the Operations team to export the image to an object storage bucket, create a pre-authenticated request (PAR), and provide you with the URL. Download the custom image to your laptop and import it as a custom image in the Finance compartment.

  3. Instruct the Administrators team to grant you access to use instance-images in the Operations compartment. Use the Oracle Cloud Identifier (OCID) of the custom image when launching new compute resources in the Finance compartment.

  4. Instruct the Operations team to export the image to an object storage bucket, create a PAR, and provide you with the URL. Use that URL as the source when importing a custom image. Import the custom image into the Finance compartment.

  5. Instruct the Operations team to export the image to an object storage bucket. Instruct the Administrators team to grant you access to the object storage bucket where the custom image is stored. Use the download URL of the custom image as the image source when launching new compute resources in the Finance compartment.

54. Which two statements about fault domains are true? (Choose two.)

  1. A fault domain is a grouping of hardware and infrastructure within an availability domain

  2. Each availability domain contains three fault domains

  3. A failed instance in a fault domain is automatically relaunched

  4. A fault domain is selected automatically based on usage data

55. You need to create a high performance shared file system, and have been advised to use file storage service (FSS). You have logged into the Oracle Cloud Infrastructure console, created a file system, and followed the steps to mount the shared file system on your Linux instance. However, you are still unable to access the shared file system from your Linux instance. What is the likely reason for this?

  1. nThere are no security list rules for mount target traffic

  2. There is no internet gateway (IGW) set up for mount target traffic

  3. There is no Identity and Access Management (IAM) policies set up to allow you to access the mount target

  4. There is no route in your virtual cloud network’s (VCN) route table for mount target traffic

56. You are tasked with creating a highly available clustered application on Oracle Cloud Infrastructure consisting of three nodes. The round-trip latency between nodes must be less than 500 µs (micro-seconds) and your cluster should be resilient to hardware failure. What is the recommended deployment strategy?

  1. Deploy the cluster nodes in a single region and deploy each node into a different AD. Select the same fault domain in each AD to ensure consistency.

  2. Deploy the cluster nodes in two separate regions and take advantage of multiple availability domains (ADs) in each region.

  3. Deploy the cluster nodes in a single region and deploy each node into a different AD.

  4. Deploy the cluster nodes in a single region and deploy each node in different fault domains within a single AD.

57. Your application front end consists of several Oracle Cloud Infrastructure compute instances behind a load balancer. You have configured the load balancer to perform health checks on these instances. If an instance fails to pass the configured health checks, what will happen?

  1. The instance is replaced automatically by the load balancer.

  2. The instance is terminated automatically by the load balancer.

  3. The instance is taken out of the back end set by the load balancer.

  4. The load balancer stops sending traffic to that instance.

58. Which three actions are required to configure a highly available and secure hybrid network between Oracle Cloud and your data center? (Choose three.)

  1. Define a non-overlapping IP Address Space between the data center and the cloud.

  2. Configure each of the CPEs to leverage each of the IPSec Tunnels created by the connection process.

  3. Create two or more CPEs that map to the private IP addresses of the customer routers used in the IPSec VPN Tunnel.

  4. Define a default route table entry for the VCN that directs all traffic to the data center network to a single DRG.

  5. Create dynamic routing gateways in more than one AD within your region.

59. Your company has been running several small applications in Oracle Cloud Infrastructure and is planning a proof-of-concept (POC) to deploy PeopleSoft. If your existing resources are being maintained in the root compartment, what is the recommended approach for defining security for the upcoming POC?

  1. Create a new compartment for the POC and grant appropriate permissions to create and manage resources within the compartment.

  2. Provision all new resources into the root compartment. Grant permissions that only allow for creation and management of resources specific to the POC.

  3. Provision all new resources into the root compartment. Use defined tags to separate resources that belong to different applications.

  4. Create a new tenancy for the POC. Provision all new resources into the root compartment. Grant appropriate permissions to create and manage resources within the root compartment.

60. You have created a public subnet and an internet gateway in your virtual cloud network (VCN). The public subnet has an associated route table and security list. However, after creating several compute instances in the public subnet, none can reach the Internet. Which two are possible reasons for the connectivity issue? (Choose two.)

  1. The route table has no default route for routing traffic to the internet gateway

  2. There is no stateful egress rule in the security list associated with the public subnet

  3. There is no dynamic routing gateway (DRG) associated with the VCN

  4. There is no stateful ingress rule in the security list associated with the public subnet

61. Which does NOT set a variable in Terraform?

  1. Passing the variable with a var statement to Terraform

  2. Setting the variable as key value pairs in a file in a subdirectory named tfvar

  3. A default value in the variable declaration within a TF plan file

  4. Setting the environment variable using a TF_VAR_ predicate in front of the variable name

62. Which statement is true about Oracle Cloud Infrastructure (OCI) object storage support for server-side encryption?

  1. You must manually enable server-side encryption for each object as you upload to OCI object storage

  2. Objects are automatically encrypted as they are uploaded to object storage and decrypted upon retrieval

  3. You must manually decrypt the data when retrieving from OCI object storage

  4. Only the object data is encrypted and the user-defined metadata that is associated with the object is not encrypted

63. Which two statements are true about encryption on Oracle Cloud Infrastructure (OCI)? (Choose two.)

  1. By default, object storage and block storage are encrypted at rest.

  2. A customer is responsible for data encryption in all services of OCI.

  3. By default, DB Systems offers an encrypted database.

  4. By default, NVMe drives are encrypted but the block volume service is not.

64. You have provisioned an Autonomous Data Warehouse (ADW) database with 16 enabled OCPUs and need to configure the consumer group for your application. Which two are true when deciding the number of sessions for each application? (Choose two.)

  1. The MEDIUM and LOW consumer group can run up to 16 concurrent SQL statements if HIGH consumer group has 0 SQL statements

  2. The HIGH consumer group can run up to 16 concurrent SQL statements as long as MEDIUM and LOW consumer groups have 0 SQL statements

  3. The MEDIUM consumer group can run 20 concurrent SQL statements when HIGH consumer group has 0 SQL statements

  4. The HIGH consumer group can run up to 16 concurrent SQL statements in addition to 32 concurrent SQL statements in MEDIUM and LOW consumer group each

  5. The HIGH consumer group can run 3 concurrent SQL statements when MEDIUM consumer group has 0 SQL statements

65. Which deployment architecture is offered when you deploy the Platform Service Manager based Database Cloud Service (DBCS) onto Oracle Cloud Infrastructure?

  1. Two node Primary RAC database leveraging ACFS for the shared file system

  2. Single Instance database with a Single Instance Data Guard in Maximum Performance mode

  3. Single Instance database with a Single Instance Data Guard in Maximum Protection mode

  4. Two node Primary RAC database with a two node RAC Data Guard Standby in Maximum Performance mode

66. You are designing a high bandwidth, redundant connection between your data center and Oracle Cloud Infrastructure (OCI). While researching for OCI FastConnect locations, you notice that you are co-located with Oracle at one of the Oracle FastConnect locations in the Ashburn region. What is the recommended design in this scenario?

  1. Create a cross-connect group and have two or more cross-connects in that group. Create an IPsec VPN connection on this group.

  2. Setup two IPsec connections between your data center and OCI Ashburn region. Create a OCI load balancer to distribute the traffic across the two connections.

  3. Create a cross-connect group and have at least two or more cross-connects in that group. Create at least two or more virtual circuits in the group.

  4. Create a cross-connect group and have at least one cross-connect in that group. Create at least one virtual circuit in the group.

67. Which two are valid options when migrating a database from on-premise to Oracle Cloud Infrastructure? (Choose two.)

  1. snapping or cloning storage form on-premise to Oracle Cloud Infrastructure

  2. performing a backup to Oracle Cloud Infrastructure Object Storage, and then restoring to a database server on Oracle Cloud Infrastructure

  3. performing RMAN backup to an on-premise storage device, and then shipping to Oracle Cloud Infrastructure

  4. converting the Oracle database to a NoSQL database and migrating to Oracle Cloud Infrastructure by using rsync file copy

68. What is a “transfer package” when transferring data to OCI via the OCI Data Transfer Service?

  1. A transfer package is the logical representation of the physical shipment containing the HDD transfer devices that you ship to Oracle to upload to OCI.

  2. A transfer package is the software Oracle provides for you to prepare transfer devices for shipment to Oracle

  3. A transfer package contains the physical devices.

  4. A transfer package is the archive file that the Data Transfer Service Utility (dts) writes to the transfer device.

69. Which two are true for Oracle Cloud Infrastructure DNS? (Choose two.)

  1. It can function only as a primary DNS.

  2. It supports other cloud providers such as AWS and Azure.

  3. It supports segregation of traffic by using the private pool.

  4. It does not provide DDoS protection.

70. You are responsible for creating and maintaining an enterprise application that consists of multiple storage volumes across multiple instances. The storage volumes include boot volumes and block volumes for your data storage. You need to create backups of these storage volumes in the most time-efficient manner. How can you meet this requirement?

  1. You can create clones of storage volumes one at a time

  2. You can group together multiple storage volumes in a volume group and create volume group backups

  3. You can create on-demand one-off backups of boot volumes, but not block volumes

  4. You can create on-demand one-off backups of block volumes, but not boot volumes

71. You have an application server that needs to copy data on Oracle Cloud Infrastrucutre (OCI) object storage in the same region. You have created a service gateway for OCI object storage in your virtual cloud network (VCN) and modified security lists associated with the subnet to allow traffic to the service gateway. You are able to connect to the OCI object storage, however, you notice that the connectivity is over the Internet instead of the service gateway. What is the reason for this behavior?

  1. The route table associated with the subnet has no route rule where the destination is object storage service

  2. The service gateway created in the VCN resides in a different availability domain

  3. The security list associated with the subnet has an egress rule that allows all traffic to be forwarded to a destination CIDR 0.0.0.0/0

  4. Identity and Access Management (IAM) policies restrict the access to the object storage bucket

72. You are running your warehouse using Autonomous Data Warehouse (ADW) service and you noticed that a newly configured batch job is always running in serial even through nothing else is running in the database. All your jobs are configured to run with parallelism enabled. What could be the reason for this batch job to run in serial?

  1. The batch job depends on only one table and parallelism cannot be enabled on single-table queries.

  2. The parallelism of batch job depends on the number of ADW databases involved in the query.

  3. The new batch job is connected to LOW consumer group.

  4. The new batch job runs on database tables that are not enable for parallel execution.

  5. Parallelism on the database is controlled by the application, not the database.

73. Which two statements about file storage service (FSS) are accurate? (Choose two.)

  1. FSS leverages UNIX user group and permission checking for file access security

  2. Encryption of file system in FSS is optional

  3. Identity and Access Management (IAM) controls which file systems are mountable by which instances

  4. Security lists can be used as a virtual firewall to prevent an instance from mounting an FSS mount target within the same subnet

  5. Data in transit to an FSS mount target is encrypted

74. You are designing a two-tier web application in Oracle Cloud Infrastructure (OCI). Your clients want to access the web servers from anywhere, but want to prevent access to the database servers from the Internet. Which is the recommended way to design the network architecture?

  1. Create public subnets for web servers and private subnets for database servers in your virtual cloud network (VCN), and associate separate internet gateways for each subnet.

  2. Create public subnets for web servers and associate a dynamic routing gateway with that subnet, and a private subnet for database servers with no association to dynamic gateway.

  3. Create public subnets for web servers and private subnets for database servers in your VCN, and associate separate security lists and route tables for each subnet.

  4. Create a single public subnet for your web servers and database servers, and associate only your web servers to internet gateway.

75. Which two statements define the types of DNS resolvers that exist? (Choose two.)

  1. A custom resolver allows instances to use the host names of the hosts in your on-prem network that are connected to your VCN by an IPSec VPN connection.

  2. A VCN resolver allows instances to use the host names of the hosts in your on-prem network that are connected to your VCN by an IPSec VPN connection.

  3. A VCN resolver allows instances to use host names to communicate with instances on other VCNs in your tenancy.

  4. An Internet resolver allows instances to use the host names that are published on the Internet.


FAQs


1. What is the Oracle Cloud Infrastructure 2025 Architect Associate 1Z0-1072-25 certification?

It is an Oracle certification that validates knowledge of OCI core services, networking, storage, security, and architecting cloud solutions.

2. How do I become Oracle Cloud Infrastructure Architect Associate certified in 2025?

You must study OCI concepts, register for the 1Z0-1072-25 exam on Oracle’s certification portal, and pass it.

3. What are the prerequisites for the 1Z0-1072-25 OCI Architect Associate exam?

There are no formal prerequisites, but basic knowledge of cloud computing and prior OCI experience is recommended.

4. How much does the Oracle 1Z0-1072-25 certification exam cost?

The exam fee is $245 USD.

5. How many questions are on the Oracle OCI Architect Associate 1Z0-1072-25 exam?

The exam consists of 55–60 multiple-choice questions.

6. What is the passing score for the 1Z0-1072-25 certification exam?

The passing score is typically 65%.

7. How long is the Oracle Cloud Infrastructure Architect Associate exam?

The exam duration is 90 minutes.

8. What topics are covered in the Oracle 1Z0-1072-25 exam?

It covers OCI compute, networking, storage, identity, security, databases, and cloud architecture best practices.

9. How difficult is the Oracle OCI Architect Associate 2025 exam?

It is considered moderately difficult, requiring both theoretical knowledge and practical OCI experience.

10. How long does it take to prepare for the 1Z0-1072-25 exam?

Most candidates prepare in 6–8 weeks, depending on prior cloud knowledge.

11. Are there any Oracle 1Z0-1072-25 sample questions or practice tests available?

Yes, Oracle provides exam guides, and CertiMaan offers dumps and practice tests.

12. What is the validity period of the Oracle OCI Architect Associate 1Z0-1072-25 certification?

The certification is valid for 18 months, after which recertification may be required.

13. Can I retake the Oracle 1Z0-1072-25 exam if I fail?

Yes, you can retake it after paying the exam fee again.

14. What jobs can I get with an Oracle Cloud Infrastructure 2025 Architect Associate certification?

You can work as a Cloud Architect, Cloud Engineer, OCI Solutions Architect, or Cloud Consultant.

15. How much salary can I earn with the Oracle 1Z0-1072-25 certification?

OCI-certified professionals typically earn between $90,000–$130,000 annually, depending on location and role.

16. Is the Oracle OCI 1Z0-1072-25 certification worth it in 2025?

Yes, it is highly valued as Oracle Cloud continues to grow across industries.

17. What is the difference between Oracle 1Z0-1072-22 and 1Z0-1072-25 exams?

  • 1Z0-1072-22: Older version of the exam.

  • 1Z0-1072-25: Updated for 2025 with the latest OCI services and features.

18. What are the best study materials for the Oracle 1Z0-1072-25 certification exam?

Use Oracle’s official exam guide, OCI documentation, and CertiMaan practice resources.

19. Does Oracle provide official training for the OCI Architect Associate 2025 certification?

Yes, Oracle University provides official training and learning subscriptions.

20. Where can I register for the Oracle Cloud Infrastructure 2025 Architect Associate 1Z0-1072-25 exam?

You can register on the Oracle Certification Exam Portal.


Recent Posts

See All

Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
CertiMaan Logo

​​

Terms Of Use     |      Privacy Policy     |      Refund Policy    

   

 Copyright © 2011 - 2026  Ira Solutions -   All Rights Reserved

Disclaimer:: 

The content provided on this website is for educational and informational purposes only. We do not claim any affiliation with official certification bodies, including but not limited to Pega, Microsoft, AWS, IBM, SAP , Oracle , PMI, or others.

All practice questions, study materials, and dumps are intended to help learners understand exam patterns and enhance their preparation. We do not guarantee certification results and discourage the misuse of these resources for unethical purposes.

PayU logo
Razorpay logo
bottom of page