1z0-1067-25 Oracle Cloud Infrastructure 2025 Cloud Operations Professional exact Exam Questions

Oracle Cloud Infrastructure 2025 Cloud Operations Professional

Last Update 17 hours ago Total Questions : 93

The Oracle Cloud Infrastructure 2025 Cloud Operations Professional content is now fully updated, with all current exam questions added 17 hours ago. Deciding to include 1z0-1067-25 practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our 1z0-1067-25 exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these 1z0-1067-25 sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Oracle Cloud Infrastructure 2025 Cloud Operations Professional practice test comfortably within the allotted time.

Question # 1

You have been brought In to help secure an existing application that leverages Object Storage buckets to distribute content. The data is currently being shared from public buckets and the security team Is not satisfied with this approach. They have stated that all data must be stored In storage buckets. Your application should be able to provide secure access to the data. The URL that is provided for access to the data must be rotated every 30 days. Which design option will meet these requirements?

Use Pre-Authenticated request, even though there will be multiple URLs this will pro-vide better security.

Create a private bucket only to share the data.

Create multiple bucket and classify them as Public and Private. Use public bucket for non-sensitive data and private bucket for sensitive data.

Create a new group and map users to this group, create a IAM policy providing access to Object Storage service only to this group. Users can then simply login to OCI console and retrieve needed flies.

Question # 2

You set up a bastion host in your Virtual Cloud Network (VCN) to allow only your IP ad-dress (140.19.2.140) to establish SSH connections with your compute instances that are deployed in a private subnet. The compute instances have an attached Network Security Group (NSG) with a Source Type: Network Security Group (NSG), Source NSG: NSG-050504. To secure the bastion host, you add the following ingress rules to its NSG: Type: All TCP Proto-col: TCP Port Range: 22 Source: 140.19.2.140/32 Type: All TCP Protocol: TCP Port Range: 22 Source: NSG-050504 However, when you check the bastion host logs, you discover that there are IP addresses other than your own that can access your bastion host. What is the root cause of this issue?

The port 22 provides unrestricted access to 140.19.2.140 and to other IP addresses.

All compute instances associated with NSG-050504 are also able to connect to the bastion host.

The security list allows access to all IP addresses that override the NSG ingress rules.

A netmask of /32 allows all IP addresses in the140.19.2.0 network, other than your IP 140.19.2.140.

Question # 3

As a solution architect of the Oracle Cloud Infrastructure tenancy, you have been asked to provide members of group CloudOps the ability to view and retrieve monitoring metrics, but only for all monitoring-enabled compute instances. Which policy statement will you define to grant this access?

Allow group CloudOps to read metrics in tenancy where tar-get.metrics.namespace=oci_computeagent

Allow group CloudOps to read compute-metrics in tenancy

Restricting monitoring access only to compute instances metrics is not possible.

Allow group CloudOps to read metrics in tenancy where tar-get.metrics.monitoring= ' oci_computeagent '

Question # 4

You have configured an Alarm Definition in the Oracle Cloud Infrastructure (OCI) Monitoring service to send notifications through email. The alarm should resend notifications at specified intervals if the alarm. continues to be in the firing state. A subscriber in the Notifications Topic complains about not receiving multiple emails upon failures. Which of the following could be the possible cause of this issue?

Trigger Condition was not configured while defining the Alarm

Repeat notification was not enabled while creating the Alarm.

OCI Monitoring service can send only one notification per Alarm Definition when the alarm condition is met.

Resending notifications depends on the total metric streams returned from the query.

Question # 5

Which option is NOT a possible return value for an OCI health check?

REGEX_MISMATCH

UNKNOWN

UNREACHABLE

INVALID_STATUS_CODE

TIMED_OUT

Question # 6

Here is a partial code from a Terraform template written for Oracle Cloud Infrastructure (OCI):

What operation(s) does it perform? (Choose the best answer.)

Creates a pre-authenticated request for objects in an OCI Object Storage bucket.

Provides object read and write access for an OCI Object Storage bucket.

Creates a URL to provide access to an OCI Object Storage bucket for managing objects.

Creates a lifecycle policy for an OCI Object Storage bucket for moving data to Archival storage at a specified time.

Question # 7

In your root compartment, you have two subcompartments, A and B. You have three in-stances in each compartment, including the root (for a total of nine). What does the following metric query return if you use the console to run it in the root compartment? CpuUtiliza-tion[1m].mean()

One time series: the average CPU utilization over the three instances in the root compartment per minute

One number: the average CPU utilization over all nine instances over the last minute

One time series: the average CPU utilization over all nine instances per minute

Three different time series: each time series represents the average CPU utilization of one of the three instances in the root compartment per minute.

Question # 8

Scenario: 2 (Oracle Cloud-init and AutoScaling: Use cloud-init to Configure Apache on Instances in an Autoscaling Instance Pool)

Scenario Description: (Hands-On Performance Exam Certification)

You ' re deploying an Apache-based web application on OCI that requires horizontal autoscaling.

To configure instances upon provisioning, write a cloud-init script for Oracle Linux 8 that installs and enables Apache (httpd), and opens the firewall for HTTP on TCP port 80. Create an instance configuration and include the cloud-init script in it. Use this instance configuration to create an instance pool and autoscaling configuration.

Pre-Configuration:

To fulfill this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

A VCN Cloud-Init Challenge VCN with an Internet gateway and a public subnet. The security list for the subnet allows ingress via TCP ports 22 and 80 (SSH and HTTP). The route table forwards all egress to the Internet gateway.

Access to the OCI Console

Required IAM policies

An SSH key pair for the compute instance

Public Key https://objectstorage.us-ashburn-1.oraclecloud.com/n/tenancyname/b/PBT_Storage/o/PublicKey.pub

Private Key https://objectstorage.us-ashburn-1.oraclecloud.com/n/tenancyname/b/PBT_Storage/o/PKey.key

Note: Throughout your exam, ensure to use assigned Compartment , User Name , and Region.

Complete the following tasks in the provisioned OCI environment:

Task 1(a): Develop the cloud-init Script:

Task 1(b): Use cloud-init to Configure Apache on Instances in an Autoscaling Instance Pool:

Answer:

See the solution below with Step by Step Explanation.

Explanation:

Task 1(a): Develop the cloud-init Script:

Create a compute instance pbt_cloud_init_vm_01 with the following properties:

Shape: VM.Standard.A1.Flex instance with 1 OCPU and 6 GB memory

Image: Oracle Linux 8

Placement: Use any of the availability domains

Network:

Place in the public subnet Cloud-Init Challenge SNT

Assign a public IPv4

Use the SSH public key

Add a cloud-init script and perform the following:

Use yum or dnf to install httpd.

Use systemctl to enable and start httpd

Open the firewall to http:

sudo firewall-offline-cmd --add-service=http

systemctl restart firewalld

Mark Complete

Task 1(b): Use cloud-init to Configure Apache on Instances in an Autoscaling Instance Pool:

You ' re deploying an Apache-based web application on OCI that requires horizontal autoscaling.

Task 2: Create an Autoscaling Instance Pool Including the cloud-init Script:

Create an instance configuration named pbt_cloud_init_config_01 with the following properties:

Shape: VM.Standard.A1.Flex instance with 1 OCPU and 6 GB memory

Image: Oracle Linux 8

Placement: Use any of the availability domains

Network:

Place in the public subnet Cloud-Init Challenge SNT

Assign a public IPv4

Use the SSH public key

Attach the cloud-init script created in Task 1

Create an instance pool named pbt_cloud_init_pool_01 with one instance by using the instance configuration pbt_cloud_init_config_01

Create and attach an autoscaling configuration named pbt_cloud_autoscaling_config_01 with the following settings:

Metric-based autoscaling

Cooldown: 300 second

Performance metric: CPU utilization

Scale-out rule:

Operator: Greater than ( > )

Threshold: 75%

Number of instances to add: 1

Scale-in rule:

Operator: Less than ( < )

Threshold: 25%

Number of instances to remove: 1

Scaling limits:

Minimum number of instances: 1

Maximum number of instances: 2

Initial number of instances: 1

Task 1: Develop the cloud-init script

In the main menu, go to Compute > Instances and click Create an Instance

In the instance creation menu, enter the following details

a. Name: Provide name given in the instructions

b. Compartment: Use the assigned compartment

c. Placement: Use any of the availability domains

d. Image: Oracle Linux 8

e. Shape: VM.Standard.A1.Flex instance with 1 OCPU and 6 GB memory

f. Network:

i. Place in the public subnet

ii. Assign a public IPv4

g. SSH keys: Upload or paste the provided SSH public key

h. Boot volume: Leave as default

i. Under advanced options, add the following cloud-init script:

#!/bin/shsudo dnf install httpd --assumeyes --quietsudo systemctl enable httpdsudo systemctl start httpdsudo firewall-offline-cmd --add-service=httpsystemctl restart firewalld

j. Create the instance.

Task 2: Create an autoscaling instance pool including the cloud-init script

1. In the main menu, go to Compute > Instance Configurations . Click Create instance configuration .

a. In the instance configuration creation menu, enter the same details as before:

b. Name: Provide name given in the instruction/if not specified provide any name

c. Compartment: Assigned compartment

d. Placement: Use any of the availability domains

e. Image: Oracle Linux 8

f. Shape: VM.Standard.A1.Flex instance with 1 OCPU and 6 GB memory

g. Network:

i. Place in the public subnet

ii. Assign a public IPv4

h. SSH keys: Upload or paste the provided SSH public key

i. Boot volume: Leave as default

j. Under advanced options, add the following cloud-init script:

#!/bin/shsudo dnf install httpd --assumeyes --quietsudo systemctl enable httpdsudo systemctl start httpdsudo firewall-offline-cmd --add-service=httpsystemctl restart firewalld

k. Create the instance configuration.

Task 2: In the main menu, go to Compute > Instance Pools . Click Create instance pool.

Enter the following details:

a. Name: Provide name given in the instruction/if not specified provide any name

b. Compartment: Assigned compartment

c. Instance configuration: Created in last step

d. Number of instances: 1

e. Select any availability domain

f. Leave fault domain unselected

g. Primary VNIC: Provided VCN in the instructions

h. Subnet: Public subnet

i. Do not attach a load balancer

j. Create the instance pool

Task 3: In the main menu, go to Compute > Autoscaling Configurations . Click Create autoscaling configuration and enter the following details:

a. Name: Provide name given in the instruction/if not specified provide any name

b. Compartment: Assigned compartment

c. Instance Pool: Created in last step

d. Select Metric-based autoscaling

e. Autoscaling policy name: Does not matter

f. Cooldown: 300 seconds

g. Performance metric: CPU utilization

h. Scale-out rule:

i. Operator: Greater than ( > )

ii. Threshold: 75%

iii. Number of instances to add: 1

i. Scale-in rule:

i. Operator: Less than ( < )

ii. Threshold: 25%

iii. Number of instances to remove: 1

j. Scaling limits:

i. Minimum number of instances: 1

ii. Maximum number of instances: 2

iii. Initial number of instances: 1

k. Create the autoscaling configuration.

Question # 9

Scenario: 4 (Write Identity and Access Management Policies to Secure a Tenancy)

Scenario Description: (Hands-On Performance Exam Certification)

Your company has signed up for an OCI tenancy to migrate an e-commerce application, a supply chain management (SCM) system, and a customer relationship management (CRM) system. You have been tasked with setting up the requisite identity and access management (IAM) policies for your team to begin developing on OCI.

You start by setting up the following compartment hierarchy:

Tenancy (root)

Common-Infra

Network

Security

Applications

E-Comm

SCM

CRM

You create the following groups:

Network-Admins

Security-Admins

E-Comm-Admins

SCM-Admins

CRM-Admins

Write the IAM policies for the following use cases:

Assumptions:

Assume that all policies will be attached to the root compartment.

Write one policy per given text box.

Keep policies as simple as possible by using verbs instead of permissions (for example, “inspect orm-stacks” instead of “ORM_STACK_INSPECT”) and aggregate resource types instead of individual ones (for example, “file-family” instead of “file-systems” and “mount-targets”)

Task 1

Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.

Task 2

Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box]

Task 3

Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment—but only in Phoenix and London.

Question # 10

Scenario: 3 (Use the OCI CLI to Work with Object Storage from a Compute Instance)

Scenario Description: (Hands-On Performance Exam Certification)

Your company runs a web application in OCI that generates log files. You want to upload these files to OCI Object Storage to meet data retention requirements. Some files need to be retained indefinitely, whereas others can be deleted after 30 days. Use the OCI CLI to create bucket and upload the log directory and create a lifecycle policy rule to delete temporary files after 30 days.

Pre-Configuration:

To fulfill this requirement, you are provided with the following:

Access to an OCI tenancy, an assigned compartment, and OCI credentials

A compute instance with OCI CLI installed and a set of files in ~/dir_to_upload to use

Access to the OCI Console

Required IAM policies

Assumptions:

Perform the tasks by using the OCI CLI on the compute instance.

Use instance principal authentication for all CLI commands; the instance has been given the policies necessary.

Connect to the compute instance using Cloud Shell’s private networking and the provided SSH key.

An SSH key pair has been provided to you for the compute instance.

Private Key https://objectstorage.us-ashburn- 1.oraclecloud.com/n/tenancyname/b/PBT_Storage/o/PKey.key

Note: Throughout your exam, ensure to use assigned Compartment , User Name and Region.

Complete the following tasks in the provisioned OCI environment:

Task 1: Create a Bucket in Object Storage

Task 2: Upload a Directory’s Contents to Object Storage

Task 3: Add a Lifecycle Policy to the Bucket

Answer:

See the solution below with Step by Step Explanation.

Explanation:

Task 1: Create a Bucket in Object Storage

Create a bucket named CloudOpsBucket_ < user id > with the following properties:

Storage tier: Standard

Auto-tiering: Disabled

Object versioning: Enabled

Emit events: Disabled

Keys: Oracle-managed

Visibility: Private

Task 2: Upload a Directory’s Contents to Object Storage

Upload the contents of the directory ~/dir_to_upload and its subdirectories to the bucket CloudOpsBucket

Task 3: Add a Lifecycle Policy to the Bucket

Create a lifecycle policy rule that deletes all files from ~/dir_to_upload/temp after 30 days

Task 1: Create a bucket in Object Storage

1. Open Cloud Shell in the console. Under Network along the top, select Ephemeral Private Network Setup .

2. Select the subnet of the compute instance.

3. SSH into the compute instance using the provided SSH key:

ssh -i /path/to/key opc@ < private_ip >

4. In the compute instance, create the bucket with the following command (note that it’s one long line):

oci os bucket create -c " < compartment_id > " --name " CloudOpsBucket " --auth instance_principal --versioning ' Enabled '

Task 2: Upload a directory’s contents to Object Storage

1. Upload the contents of the specified directory and subdirectories with the following command (note that it’s one long line):

oci os object bulk-upload -bn " CloudOpsBucket " --src-dir " ~/dir_to_upload " --auth instance_principal

Task 3: Add a lifecycle policy to the bucket

1. Create a file named rule.json

2. Add the following content to rule.json:

{ " items " : [{ " action " : " DELETE " , " is-enabled " : true, " name " : " Delete-Rule " , " object-name-filter " : { " exclusion-patterns " : null, " inclusion-patterns " : null, " inclusion-prefixes " : [ " temp/ " ]}, " target " : " objects " , " time-amount " : 30, " time-unit " : " DAYS " }]}

3. Add the lifecycle policy rule with the following command:

oci os object-lifecycle-policy put -bn " CloudOpsBucket " --from-json file://rule.json –-auth instance_principal

Top of Form

Go to page: