Home
Oracle
1Z0-1124-25 Exam Info
1Z0-1124-25 Exam Questions

Curious about Actual Oracle Cloud (1Z0-1124-25) Exam Questions?

Here are sample Oracle Cloud Infrastructure 2025 Networking Professional (1Z0-1124-25) Exam questions from real exam. You can get more Oracle Cloud (1Z0-1124-25) Exam premium practice questions at TestInsights.

Page: 1 /
Total 120 questions

Want more questions? Get Premium Access.

Question 1

You have deployed an application on OCI that uses a Regional Load Balancer with an HTTPS listener. You want to enforce end-to-end encryption and ensure that the connection between the load balancer and the backend servers is also encrypted. Which load balancer configuration step is MANDATORY to achieve this?

AUpload the SSL certificate to the load balancer's listener and configure the backend set protocol to HTTP.

BUpload the SSL certificate to the load balancer's listener and configure the backend set protocol to HTTPS, uploading the appropriate certificate to the instances.

CUpload the SSL certificate only to the backend servers, as the load balancer automatically proxies the traffic.

DConfigure the load balancer to use TCP proxy protocol to forward traffic directly to the backend servers without SSL termination.

Correct : B

Goal: End-to-end encryption (client-to-LB and LB-to-backend).

Option A: HTTP backend set leaves LB-to-backend unencrypted---incorrect.

Option B: HTTPS listener and backend set with certificates ensures full encryption---correct and mandatory.

Option C: Backend-only certificates lack LB termination---incorrect.

Option D: TCP proxy bypasses LB encryption---incorrect.

Conclusion: Option B is mandatory for end-to-end encryption.

Oracle states:

'For end-to-end encryption, configure the HTTPS listener with an SSL certificate and set the backend protocol to HTTPS, requiring certificates on backend instances.'

This validates Option B. Reference: Load Balancer SSL - Oracle Help Center (docs.oracle.com/en-us/iaas/Content/Balance/Tasks/managingssl.htm).

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AUpload the SSL certificate to the load balancer's listener and configure the backend set protocol to HTTP.

BUpload the SSL certificate to the load balancer's listener and configure the backend set protocol to HTTPS, uploading the appropriate certificate to the instances.

CUpload the SSL certificate only to the backend servers, as the load balancer automatically proxies the traffic.

DConfigure the load balancer to use TCP proxy protocol to forward traffic directly to the backend servers without SSL termination.

0 / 1500

Question 2

When setting up cross-tenancy VCN peering using Local Peering Gateways (LPGs), which IAM permission is required in the target tenancy to accept the peering request?

AAllow group <group_name> to manage local-peering-gateways in tenancy=<target_tenancy_OCID>

BAllow group <group_name> to use local-peering-gateways in tenancy=<target_tenancy_OCID>

CAllow group <group_name> to inspect local-peering-gateways in tenancy=<target_tenancy_OCID>

DAllow group <group_name> to read virtual-network-family in tenancy=<target_tenancy_OCID>

Correct : A

Requirement: IAM permission to accept cross-tenancy LPG peering.

Option A: ''Manage'' allows creating and accepting peering---correct.

Option B: ''Use'' permits using existing LPGs, not accepting requests---incorrect.

Option C: ''Inspect'' is read-only, insufficient---incorrect.

Option D: ''Read'' on virtual-network-family doesn't cover LPG management---incorrect.

Conclusion: Option A is required.

Oracle states:

'To accept a cross-tenancy peering request, the target tenancy needs 'manage local-peering-gateways' permission.'

This confirms Option A. Reference: Local VCN Peering - Oracle Help Center (docs.oracle.com/en-us/iaas/Content/Network/Tasks/localVCNpeering.htm).

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AAllow group <group_name> to manage local-peering-gateways in tenancy=<target_tenancy_OCID>

BAllow group <group_name> to use local-peering-gateways in tenancy=<target_tenancy_OCID>

CAllow group <group_name> to inspect local-peering-gateways in tenancy=<target_tenancy_OCID>

DAllow group <group_name> to read virtual-network-family in tenancy=<target_tenancy_OCID>

0 / 1500

Question 3

Which OCI resource is used to establish private connectivity between two VCNs within the same region, facilitating direct, low-latency communication?

ADynamic Routing Gateway (DRG)

BLocal Peering Gateway (LPG)

CInternet Gateway

DService Gateway

Correct : B

Objective: Identify the OCI resource for private, low-latency VCN-to-VCN connectivity in the same region.

Option A: DRG connects VCNs to external networks (e.g., on-premises) or across regions, not for same-region peering---incorrect.

Option B: LPG is designed for private peering of VCNs within the same region, ensuring low-latency communication---correct.

Option C: Internet Gateway provides public internet access, not private connectivity---incorrect.

Option D: Service Gateway connects VCNs to OCI services, not other VCNs---incorrect.

Conclusion: Option B is the appropriate resource.

Oracle documentation states:

'A Local Peering Gateway (LPG) enables private connectivity between two VCNs in the same region, providing direct, low-latency communication.'

This confirms Option B. Reference: Local VCN Peering Overview - Oracle Help Center (docs.oracle.com/en-us/iaas/Content/Network/Tasks/localVCNpeering.htm).

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ADynamic Routing Gateway (DRG)

BLocal Peering Gateway (LPG)

CInternet Gateway

DService Gateway

0 / 1500

Question 4

You are designing an OCI VCN for a new application with the following requirements: The application servers in a private subnet must be able to download software updates from public repositories on the internet; the application servers must NOT be directly accessible from the public internet; the application servers must also be able to access Oracle Cloud Infrastructure Registry (OCIR) within the same region to pull container images. Which combination of VCN Gateways BEST meets these requirements?

AInternet Gateway and Service Gateway

BNAT Gateway and Internet Gateway

CNAT Gateway and Service Gateway

DDynamic Routing Gateway (DRG) and Internet Gateway

Correct : C

Requirements: Outbound internet access, no inbound exposure, and private OCIR access.

Option A: Internet Gateway allows inbound traffic, violating the no-exposure rule---incorrect.

Option B: NAT Gateway enables outbound-only internet access, but Internet Gateway adds inbound exposure---incorrect.

Option C: NAT Gateway provides outbound internet access without inbound exposure; Service Gateway enables private OCIR access---correct.

Option D: DRG is for external networks, not internet/OCIR access; Internet Gateway exposes servers---incorrect.

Conclusion: Option C satisfies all requirements.

Oracle states:

'Use a NAT Gateway for outbound internet access from private subnets without inbound connectivity. Use a Service Gateway for private access to OCI services like OCIR.'

This supports Option C. Reference: NAT and Service Gateway Overview - Oracle Help Center (docs.oracle.com/en-us/iaas/Content/Network/Tasks/NATgateway.htm & docs.oracle.com/en-us/iaas/Content/Network/Tasks/servicegateway.htm).

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AInternet Gateway and Service Gateway

BNAT Gateway and Internet Gateway

CNAT Gateway and Service Gateway

DDynamic Routing Gateway (DRG) and Internet Gateway

0 / 1500

Question 5

Your company utilizes a hybrid cloud architecture, connecting its on-premises network to an OCI VCN using a FastConnect private peering connection. You need to ensure that instances within a specific subnet in the VCN can only communicate with resources in a designated IP address range within the on-premises network. What is the MOST effective way to achieve this specific network isolation?

AConfigure an Internet Gateway for the subnet with a route rule to the on-premises network.

BModify the VCN's default security list to restrict traffic to the on-premises IP address range.

CCreate a custom route table for the subnet with a route rule pointing to the Dynamic Routing Gateway (DRG) and configure network security groups (NSGs) to limit traffic to the specified on-premises IP address range.

DConfigure a Local Peering Gateway (LPG) for the subnet to route traffic to the on-premises network.

Correct : C

Goal: Restrict subnet traffic to a specific on-premises IP range via FastConnect.

Option A: Internet Gateway is for public access, not FastConnect---incorrect.

Option B: Default security list applies broadly, lacking granularity; NSGs are more effective---less optimal.

Option C: Custom route table with DRG ensures FastConnect routing; NSGs provide precise, instance-level traffic restriction---correct.

Option D: LPG is for same-region VCN peering, not on-premises---incorrect.

Conclusion: Option C is the most effective method.

Oracle notes:

'Use a custom route table with a DRG route rule for FastConnect traffic. NSGs offer granular control to restrict traffic to specific IP ranges.'

This supports Option C. Reference: FastConnect and NSG Overview - Oracle Help Center (docs.oracle.com/en-us/iaas/Content/Network/Tasks/fastconnect.htm & docs.oracle.com/en-us/iaas/Content/Network/Concepts/NSGs.htm).

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AConfigure an Internet Gateway for the subnet with a route rule to the on-premises network.

BModify the VCN's default security list to restrict traffic to the on-premises IP address range.

DConfigure a Local Peering Gateway (LPG) for the subnet to route traffic to the on-premises network.

0 / 1500

Page: 1 / 24
Total 120 questions

Unlock Full
1Z0-1124-25 Exam Features

In Just $49 You can Access

All Official Question Types
Interactive Web-Based Practice Test Software
No Installation or 3rd Party Software Required
Customize your practice sessions (Free Demo)
24/7 Customer Support

Get Full Access Now

Marked Questions
1Z0-1124-25 Exam

1Z0-1124-25 Exam Question 1
1Z0-1124-25 Exam Question 2
1Z0-1124-25 Exam Question 3
1Z0-1124-25 Exam Question 4
1Z0-1124-25 Exam Question 5

Download PDF File Demo

Try Web-Based Exam Practice Software Demo

Commenting

In order to participate in the comments you need to be logged-in.
You can sign-up or login