Free Oracle Cloud Infrastructure 2024 Cloud Operations Professional Exam 1Z0-1067-24 Exam Practice Test

SIMULATIONScenario: 4 (Write Identity and Access Management Policies to Secure a Tenancy)Scenario Description: (Hands-On Performance Exam Certification)Your company has signed up for an OCI tenancy to migrate an e-commerce application, a supply chain management (SCM) system, and a customer relationship management (CRM) system. You have been tasked with setting up the requisite identity and access management (IAM) policies for your team to begin developing on OCI.You start by setting up the following compartment hierarchy:Tenancy (root) Common-InfraNetwork Security Applications E-CommSCM CRMYou create the following groups:Network-Admins Security-Admins E-Comm-Admins SCM-Admins CRM-AdminsWrite the IAM policies for the following use cases:Assumptions:Assume that all policies will be attached to the root compartment. Write one policy per given text box.Keep policies as simple as possible by using verbs instead of permissions (for example, “inspect orm-stacks” instead of “ORM_STACK_INSPECT”) and aggregate resource types instead of individual ones (for example, “file-family” instead of “file-systems” and “mount-targets”)Task 1Write a policy statement to enable Network-Admins to create and destroy network-related resources, such as VCNs, subnets, gateways, and so on in the Network compartment.Task 2Write policy statements to enable E-Comm-Admins to provision and destroy compute instances in the E-Comm compartment by using networking resources in the Network compartment.[Write one policy per given text box]Task 3Write a policy statement to enable SCM-Admins to provision, destroy, and back up block volumes in the SCM compartment—but only in Phoenix and London.

Which default authentication is used by Ansible modules for Oracle Cloud Infrastructure (OCO formaking API requests?

• OAuth Authentication
• Resource Principal Authentication
• Instance principal authentication
• API Key Authentication

You set up a bastion host in your VCN to only allow your IP address (140.19.2.140) to establish SSH connections to your Compute Instances that are deployed in a private subnet. The Compute Instances have an attached Network Security Group with a Source Type: Network Security Group (NSG), Source NSG: NSG-050504. To secure the bastion host, you added the following ingress rules to its Network Security Group:However, after checking the bastion host logs, you discovered that there are IP addresses other than your own that can access your bastion host. What is the root cause of this issue? (Choose the best answer.)

• The port 22 provides unrestricted access to 140.19.2.140 and to other IP address.
• A netmask of /32 allows all IP address in the 140.19.2.0 network, other than your IP 140.19.2.140
• All compute instances associated with NSG-050504 are also able to connect to the bastion host.
• The Security List allows access to all IP address which overrides the Network Security Group ingress rules.

What is a key benefit of using Oracle Cloud Infrastructure Resource Manager for your Terraform provisioning and management activities? (Choose the best answer.)

• You can use Resource Manager to apply patches to all existing Oracle Linux interfaces in a specified compartment.
• You can use Resource Manager to identify and maintain an inventory of all Compute and Database instances across your tenancy.
• Resource Manager has administrative privileges by design. Even if your IAM user does not have access, you can leverage Resource Manager to provision new resources to any compartment in the Tenancy.
• Resource Manager manages to Terraform state file for your infrastructure and locks the file so that only one job at a time can run on a given stack.

When you provision a compute instance in Oracle Cloud Infrastructure (OCI), you can provide data to cloud-init on the instance. This data is referred to as "user data" by cloud-init. and can be written in various formats that cloud-init can read.Which two file formats can be used to write user data with cloud- init?

• JSON
• Shell script
• Cloud-config (YAML)
• Markdown
• Binary executable

(CHK) Your company recently adopted a hybrid cloud architecture which requires them to migrate some of their on-premises web applications to Oracle Cloud Infrastructure (OCI). You created a Terraform template which automatically provisions OCI resources such as compute instances, load balancer, and a database instance. After running the stack using the terraform apply command, it successfully launched the compute instances and the load balancer, but it failed to create a new database instance with the following error: Service error: NotAuthorizedOrNotFound. shape VM.Standard2.4 not found. http status code: 404 You dis-covered that the resource quotas assigned to your compartment prevent you from using VM.Standard2.4 instance shapes available in your tenancy. You edit the Terraform script and replace the shape with VM.Standard2.2 Which option would you recommend to re-run the terraform command to have required OCI resources provisioned with the least effort? (Choose the best answer.)

• terraform refresh target=oci_database_db_system.db_system
• terraform apply auto-approve
• terraform apply target=oci_database_db_system.db_system
• terraform plan target=oci_database_db_system.db_system

You created an Oracle Linux compute instance through the Oracle Cloud Infrastructure (OCI) management console then immediately realize you forgot to add an SSH key file. You notice that OCI compute service provides instance console connections that supports adding SSH keys for a running instance. Hence, you created the console connection for your Linux server and activated it using the connection string provided. However, now you get prompted for a username and password to login. What option should you recommend to add the SSH key to your running instance, while minimizing the administrative overhead? (Choose the best answer.)

• You need to configure the boot loader to use ttyS0 as a console terminal on the VM.
• You need to modify the serial console connection string to include the identity file flag, to specify the SSH key to use.
• You need to terminate the running instance and recreate it by providing the SSH key file.
• You need to reboot the instance from the console, boot into the bash shell in maintenance mode, and add SSH keys for the OPC user.

You are running an old version of PostgreSQL on several compute instances and want to update to the latest version. Which tool must you use to update the PostgreSQL packages on the existing machines?

• Ansible
• OCI Package Manager
• Terraform
• OCI CLI

Your customer is running a set of compute instances inside a private subnet to manage their workloads on Oracle Cloud Infrastructure (OCI) tenancy. You have set up auto scaling feature to provide consistent performance to their end users during period of high demand. Which step should be met for auto scaling to work? (Choose the best answer.)

• Audit logs for the instances should be enabled.
• OS Management Service agent (osms) must be installed on the instances.
• Monitoring for the instances should not be enabled.
• Service gateway should be setup to allow instances to send metrics to monitoring ser-vice.

You are using a load balancer to distribute traffic to an autoscaling instance pool running an HTTP application. You want to periodically check if all compute instances in the pool, including the new instances provisioned by autoscaling. are responding on TCP port 80.How can you achieve this?

• Create an HTTP monitor on port 80 in the OCI Health Checks service.
• Create an alarm in the OCI Monitoring service.
• Deploy Management Agents via the Oracle Cloud Agent to monitor HTTP on port 80
• Create a load balancer health check for HTTP on port 80.