Browse Exams — Mock Exams & Practice Tests

1Z0-1072-25 Syllabus — Learning Objectives by Topic

Learning objectives for OCI 2025 Architect Associate (1Z0-1072-25), organized by topic with quick links to targeted practice.

Use this syllabus as your checklist for 1Z0‑1072‑25. Work topic-by-topic, then drill questions after each section.

What’s covered

Topic 1: OCI Governance & IAM for Architects

Practice this topic →

1.1 Compartment strategy, tenancy layout, and ownership

  • Design a compartment structure that separates prod/non-prod and supports team ownership.
  • Given a scenario, choose a compartment strategy that minimizes blast radius and enables least privilege.
  • Explain how compartment placement affects policy scope and resource visibility.
  • Identify when shared services should live in a separate compartment (concept-level).
  • Recognize common governance anti-patterns (everything in root, inconsistent ownership).
  • Describe how tagging supports cost reporting and governance for architecture.

1.2 IAM policies, principals, and access boundaries

  • Interpret policy statements and identify subject, verb, resource-family, and scope.
  • Choose the minimal policy verb needed (read/use/manage) for a requirement.
  • Use dynamic groups to grant permissions to workloads without long-lived user credentials (concept-level).
  • Recognize when tenancy-wide policies are required vs compartment-scoped policies.
  • Given a scenario, design an IAM approach that supports automation and least privilege.
  • Identify the security impact of over-broad policies and how to reduce scope safely.

1.3 Baseline governance: tagging, budgets, quotas, and audit

  • Explain how budgets and budget alerts help control spend and enforce governance.
  • Recognize quota/limit controls and why they prevent accidental over-provisioning.
  • Identify Audit as the canonical record of API calls for compliance (concept-level).
  • Given a scenario, choose governance controls that match risk tolerance and operational maturity.
  • Describe how consistent naming/tagging improves operability and troubleshooting.
  • Identify a baseline set of controls expected in production (audit/logging + least privilege).

Topic 2: VCN Design (Subnets, Routing, Gateways)

Practice this topic →

2.1 VCN and subnet design with IP planning

  • Design a VCN and subnets that separate public edge from private application/data tiers.
  • Choose CIDR blocks that avoid overlaps for future peering/hybrid connectivity (concept-level).
  • Differentiate public vs private subnets based on routing (internet gateway presence).
  • Explain at a high level how DNS resolution and DHCP options influence service discovery.
  • Given a scenario, choose subnet granularity that balances isolation with operational simplicity.
  • Recognize the concept of multi-AD design and how it affects subnet planning.

2.2 Routing and gateways (IGW, NAT, service gateway)

  • Differentiate internet gateway, NAT gateway, and service gateway and map each to requirements.
  • Explain route tables conceptually and identify how routes direct traffic to gateways.
  • Given a scenario, choose a design that allows private subnet egress without inbound exposure.
  • Recognize common routing errors (missing route to gateway, wrong target) and symptoms (concept-level).
  • Describe why service gateway enables private access to Oracle services without using the public internet.
  • Given a scenario, choose the minimal set of gateways to meet requirements.

2.3 Network security controls (security lists vs NSGs)

  • Differentiate security lists (subnet-level) and NSGs (resource-level) and choose appropriately.
  • Design ingress/egress rules using least privilege principles for common tiers (web/app/db).
  • Recognize stateful vs stateless rule behavior at a conceptual level.
  • Given a scenario, select NSGs to isolate applications sharing a subnet.
  • Identify why databases should typically be placed in private subnets with restricted access.
  • Describe why "allow all" rules are a common exam trap and how to tighten safely.

Topic 3: Connectivity (DRG, VPN, FastConnect) — Concept Level

Practice this topic →

3.1 DRG concepts and routing intent

  • Explain DRG as a routing hub for on-prem and cross-VCN connectivity (concept-level).
  • Given a scenario, choose DRG-based hub-and-spoke when connecting many networks.
  • Recognize the difference between routing (reachability) and security (NSGs/security lists).
  • Identify common connectivity requirements (shared services, centralized inspection) and DRG fit.
  • Describe why IP overlap complicates routing and how planning avoids it (concept-level).
  • Given a scenario, choose a connectivity approach that minimizes operational complexity.

3.2 VPN vs FastConnect selection

  • Differentiate IPSec VPN and FastConnect at a conceptual level (latency/bandwidth/reliability).
  • Given a scenario, choose VPN for quick setup and FastConnect for consistent performance needs.
  • Recognize that connectivity design should include routing, security, and monitoring considerations.
  • Explain why redundancy (dual paths) improves availability for connectivity (concept-level).
  • Identify the impact of egress and data transfer considerations in connectivity decisions.
  • Given a scenario, choose a connectivity solution that meets requirements within constraints.

3.3 DNS and traffic steering basics (concept-level)

  • Recognize DNS as a core component of traffic steering and service discovery.
  • Given a scenario, choose DNS-based approaches for failover/traffic distribution (concept-level).
  • Explain why private DNS and split-horizon patterns matter for hybrid environments (concept-level).
  • Identify when to use load balancing vs DNS for distribution (concept-level).
  • Recognize the need for consistent naming across environments for operability.
  • Given a scenario, choose a design that supports predictable service endpoints.

Topic 4: Application Delivery (Load Balancing & Web Edge)

Practice this topic →

4.1 Load balancer placement and backend pools

  • Choose a public load balancer for internet-facing applications and place it in a public subnet.
  • Choose private load balancing for internal services and place it in private networking as appropriate (concept-level).
  • Explain health checks conceptually and why they are critical for availability.
  • Given a scenario, select backend pool design that supports scaling and resilience.
  • Recognize common misconfigurations (wrong subnet placement, open ports) at a high level.
  • Explain TLS termination at the load balancer conceptually and why it matters.

4.2 HA basics: instance pools, autoscaling, and failure isolation

  • Explain instance pools conceptually and how they support horizontal scaling.
  • Given a scenario, choose autoscaling triggers based on load signals (concept-level).
  • Design for failure isolation using availability and fault domains (concept-level).
  • Recognize that stateful services need additional design for scaling (session/state handling).
  • Given a scenario, choose a design that supports rolling changes with minimal downtime.
  • Identify why monitoring is required to validate scaling behavior and availability.

4.3 Web edge security basics (WAF, certificates) — concept-level

  • Recognize WAF as a web-layer protection and identify high-level use cases (OWASP, bot mitigation) conceptually.
  • Explain certificate management intent at a high level (TLS, trust, rotation).
  • Given a scenario, choose to terminate TLS at the edge to simplify backend service configuration.
  • Identify that security controls should be layered (edge + network + IAM).
  • Recognize why logging at the edge improves incident response and troubleshooting.
  • Given a scenario, choose an approach that minimizes exposure while meeting usability needs.

Topic 5: Compute, Storage, and Database Selection

Practice this topic →

5.1 Compute design and scaling basics

  • Choose compute shapes based on workload needs at a conceptual level (CPU/memory).
  • Given a scenario, choose horizontal scaling behind a load balancer vs vertical scaling.
  • Recognize the purpose of images and boot volumes (concept-level).
  • Identify when to use dedicated vs general-purpose compute options (concept-level).
  • Given a scenario, choose a design that balances cost, performance, and availability.
  • Explain why network placement and NSG/security list design are part of compute architecture.

5.2 Storage selection and resilience (object/block/file)

  • Select Object Storage for durable blobs/backups and explain why.
  • Select Block Volumes for VM-attached data and explain why.
  • Select File Storage for shared filesystem needs and explain why.
  • Recognize the small operational pitfalls: backups, lifecycle, and access control.
  • Given a scenario, choose a storage option that meets throughput/durability needs (concept-level).
  • Recognize that encryption and access control are required for all storage types.

5.3 Database selection and availability basics

  • Choose Autonomous Database for managed automation and operational simplicity (concept-level).
  • Choose managed DB systems when configuration control is required (concept-level).
  • Recognize that database placement should be private and protected with least-privilege network rules.
  • Explain backup intent and recovery needs conceptually (point-in-time, retention).
  • Given a scenario, choose a database approach that aligns with HA/backup requirements.
  • Identify why performance and cost trade-offs matter for database designs.

Topic 6: Operations, Observability, and Resilience Basics

Practice this topic →

6.1 Monitoring, logging, and alarms for architectures

  • Choose metrics and alarms for basic availability signals (health, latency, errors) conceptually.
  • Explain how centralized logging supports troubleshooting and audit needs.
  • Given a scenario, identify which telemetry source is needed (metrics vs logs vs audit).
  • Recognize the need to monitor connectivity paths (VPN/FastConnect) for reliability.
  • Describe the value of dashboards and runbooks for operations (concept-level).
  • Given a scenario, choose an observability baseline that supports production readiness.

6.2 Backup/restore and failure awareness (concept-level)

  • Explain why backups are required even with high availability (human error, corruption) conceptually.
  • Recognize fault domain vs availability domain failure impact for architecture choices (concept-level).
  • Given a scenario, choose multi-AD placement for resilience within a region.
  • Identify the difference between backup/restore and replication/failover (concept-level).
  • Recognize that DR design should include test/validation, not just configuration (concept-level).
  • Given a scenario, choose a design that meets availability needs without unnecessary complexity.

6.3 Cost-aware design basics

  • Identify common cost drivers (compute sizing, storage class, data transfer) at a high level.
  • Use tagging and compartment structure to enable cost attribution (concept-level).
  • Given a scenario, choose a design that balances availability and cost.
  • Recognize over-provisioning as a common trap and choose autoscaling where appropriate (concept-level).
  • Explain why egress costs matter for cross-region or hybrid data flows (concept-level).
  • Given a scenario, choose budgets/quotas to enforce cost guardrails.
Study Plan
Cheat Sheet