Use this syllabus as your source of truth for 1Z0‑1085‑25. Work topic-by-topic, then drill questions after each section.
What’s covered
Topic 1: OCI Fundamentals (Tenancy, Regions, Compartments)
Practice this topic →
1.1 Tenancy model, regions, availability domains, and fault domains
- Define a tenancy and explain what is managed at the tenancy level (identity, billing, limits).
- Differentiate regions, availability domains, and fault domains and explain why they matter for resiliency.
- Explain the concept of OCI regions being independent failure domains and how that impacts DR design (concept-level).
- Given a scenario, choose multi-AD placement vs single-AD placement based on availability requirements.
- Identify what an OCI region subscription implies at a high level (which regions can host resources).
- Recognize common OCI resource identifiers (OCIDs) and why they matter for automation.
1.2 Compartments, resource organization, and tagging basics
- Explain what compartments are used for (access control, governance, cost tracking).
- Differentiate compartments from networking boundaries and from billing accounts (concept-level).
- Describe basic compartment strategies (by environment, by team, by application) and trade-offs.
- Explain why consistent tagging improves cost reporting and governance.
- Recognize the difference between tag namespaces and tag keys/values (concept-level).
- Given a scenario, choose an organization strategy that supports least privilege and clean ownership.
Topic 2: Identity & Access Management (IAM) Basics
Practice this topic →
2.1 Users, groups, policies, and least privilege
- Differentiate users, groups, and policies and how they combine to grant permissions.
- Explain least privilege and why broad "manage all-resources" policies are risky.
- Interpret a simple policy statement and identify the subject, verb, resource family, and compartment scope.
- Differentiate common permission verbs at a conceptual level (read vs use vs manage).
- Given a scenario, choose an IAM approach that meets requirements with minimal access.
- Recognize when access should be scoped to a specific compartment instead of tenancy-wide.
2.2 Dynamic groups and resource principals (concept-level)
- Explain what dynamic groups are and why they are used for resource-to-resource access.
- Differentiate user-based access from instance/resource principal access (concept-level).
- Given a scenario, choose a dynamic group + policy instead of embedding user credentials in code.
- Recognize that policies can grant permissions to dynamic groups (not only user groups).
- Explain why short-lived, workload-based identities reduce key management risk.
- Identify the security implication of over-broad dynamic group matching rules (concept-level).
Topic 3: Networking Basics (VCN, Subnets, Routing, Security)
Practice this topic →
3.1 VCN and subnet basics
- Explain what a VCN is and identify its role as OCI’s virtual network boundary.
- Differentiate public vs private subnets based on routing intent (internet gateway vs not).
- Describe route tables at a conceptual level and how they direct traffic to gateways.
- Recognize the purpose of CIDR planning and avoiding overlapping IP ranges for future connectivity.
- Given a scenario, choose a subnet placement strategy for tiers (public edge, private app/data).
- Explain the role of DHCP options and DNS resolution at a conceptual level.
3.2 Gateways and network security controls
- Differentiate internet gateway, NAT gateway, and service gateway and match each to a requirement.
- Explain the difference between security lists and network security groups (NSGs) conceptually.
- Given a scenario, choose subnet-level security lists vs resource-level NSGs based on granularity needs.
- Identify where routing is configured vs where security is configured (route tables vs security controls).
- Recognize that security controls should follow least privilege (only required ports/protocols).
- Given a scenario, choose an approach that prevents direct public access to private tiers.
Topic 4: Compute & Container Fundamentals
Practice this topic →
4.1 Compute instances and shapes (concept-level)
- Differentiate VM instances and bare metal instances at a high level.
- Explain what a shape represents conceptually and why sizing impacts cost and performance.
- Recognize the purpose of boot volumes and images (concept-level).
- Identify when autoscaling or instance pools are appropriate at a conceptual level.
- Given a scenario, choose a compute approach that meets availability and cost constraints.
- Recognize that network placement (public/private subnets) affects exposure and access patterns.
4.2 Containers and managed orchestration (concept-level)
- Explain when containers are a good fit vs simple VM deployments (concept-level).
- Recognize Kubernetes as a container orchestrator and identify OCI’s managed option conceptually (OKE).
- Given a scenario, choose managed container orchestration vs VMs based on operational complexity.
- Identify the purpose of container image registries at a conceptual level.
- Explain why networking and IAM still apply to container workloads (concept-level).
- Recognize that observability is required regardless of deployment model (logs/metrics).
Topic 5: Storage & Database Fundamentals
Practice this topic →
5.1 Storage services: object, block, file, archive
- Choose Object Storage for durable blobs, logs, and backups and explain why (concept-level).
- Choose Block Volumes for VM-attached storage and explain why (concept-level).
- Choose File Storage for shared POSIX-style access and explain why (concept-level).
- Recognize Archive Storage as a low-cost tier for infrequently accessed data.
- Explain at a high level why lifecycle policies matter for cost optimization.
- Given a scenario, select the correct storage service based on access pattern and cost.
5.2 Database service selection (purpose-level)
- Differentiate managed database offerings at a high level (autonomous vs more controlled DB systems).
- Recognize that backups, patching, and availability features differ by offering (concept-level).
- Given a scenario, choose an autonomous option for automation and operational simplicity.
- Given a scenario, choose a managed DB system when configuration control is required (concept-level).
- Explain why network placement and security controls are critical for databases (private subnets, NSGs).
- Identify the purpose of replicas/standbys at a conceptual level for resilience.
Topic 6: Operations, Observability, and Governance Basics
Practice this topic →
6.1 Monitoring, logging, alarms, and audit
- Explain the difference between metrics, logs, and traces at a conceptual level.
- Describe alarms as threshold-based alerts on metrics and identify a basic use case.
- Recognize logging as the canonical record of service/application events for troubleshooting.
- Explain Audit as a record of API calls for compliance and investigations (concept-level).
- Given a scenario, choose which data source (metrics vs logs vs audit) is most relevant.
- Recognize that observability is required for both cost control and reliability.
6.2 Pricing, budgets, quotas, and support basics
- Explain at a high level what drives OCI costs (compute, storage, egress) and why tagging helps.
- Recognize budgets as cost guardrails and describe the intent of budget alerts (concept-level).
- Recognize quotas/limits as governance controls and explain why they prevent accidental spend.
- Given a scenario, choose budgets/quotas to control spend and reduce risk.
- Identify common support and documentation resources for resolving issues (concept-level).
- Explain the value of change management: tracking, rollback planning, and documentation.
Tip: After finishing a topic, do a 15–25 question drill focused on that topic, then revisit weak objectives before moving on.