1Z0-1127-25 Syllabus — Learning Objectives by Topic

Use this syllabus as your checklist for 1Z0‑1127‑25.

What’s covered

• Topic 1: LLM & Prompt Engineering Fundamentals
• Topic 2: RAG and Knowledge Grounding
• Topic 3: Fine-Tuning and Adaptation
• Topic 4: Evaluation and Experimentation
• Topic 5: Safety, Security, and Compliance
• Topic 6: Building on OCI (Services and Architecture)
• Topic 7: Operations, Reliability, and Cost

Topic 1: LLM & Prompt Engineering Fundamentals

Practice this topic →

1.1 Model behavior (tokens, context, sampling)

• Explain how tokenization and context windows affect latency, cost, and truncation risk.
• Differentiate temperature, top-p, and max tokens and predict their impact on output variability.
• Recognize when determinism is required (for example, compliance outputs) vs when creativity is acceptable.
• Given a scenario, choose chunking or summarization strategies to fit context limits.
• Explain why prompt ordering and recency bias can change model behavior.

1.2 Prompt structure and reusable templates

• Structure prompts with role/context, task, constraints, and output format requirements.
• Given a scenario, choose between zero-shot, few-shot, and instruction-based prompting.
• Design prompts that reduce ambiguity using explicit definitions, examples, and validation rules.
• Recognize common prompt failure modes: missing constraints, conflicting instructions, and hidden assumptions.

1.3 Tool use, function calling, and structured output

• Explain why tool calling improves reliability for factual queries and deterministic tasks.
• Given a scenario, choose JSON/structured outputs to simplify parsing and downstream automation.
• Identify strategies to validate structured outputs (schema checks, constrained decoding, retries).
• Recognize when a model should refuse or escalate instead of guessing.

1.4 Model selection under constraints (quality, cost, privacy)

• Given a scenario, select an LLM based on quality requirements, latency budget, and token cost.
• Choose when to use smaller models for routing, summarization, or classification tasks.
• Explain trade-offs between hosting models, using managed endpoints, and hybrid approaches.
• Recognize when data residency or privacy requirements constrain where prompts and context can be processed.

Topic 2: RAG and Knowledge Grounding

Practice this topic →

2.1 Data ingestion and document processing for RAG

• Identify RAG sources (documents, tickets, wikis, databases) and how freshness impacts design.
• Given a scenario, choose extraction vs OCR vs parsing approaches for different content types.
• Design ingestion pipelines that preserve metadata (source, timestamps, ACL tags) for governance.
• Explain why normalization (cleaning, deduplication) improves retrieval quality and reduces cost.

2.2 Chunking, embeddings, and indexing

• Choose chunking strategies (fixed size, semantic, hierarchical) based on query patterns.
• Explain how embeddings enable semantic similarity search and how embedding choice affects recall.
• Given a scenario, select an indexing approach that supports filtering by metadata and access control.
• Recognize common indexing pitfalls: too-large chunks, missing metadata, and inconsistent preprocessing.
• Explain why reranking can improve relevance even when embeddings are noisy.

2.3 Retrieval strategies and query understanding

• Differentiate dense, sparse, and hybrid retrieval and when each is appropriate.
• Given a scenario, choose query rewriting or decomposition to improve retrieval coverage.
• Explain top-k selection and how to tune k for quality vs latency.
• Identify signals of poor retrieval (irrelevant context, missing citations, inconsistent answers).

2.4 Grounded generation, citations, and response shaping

• Design generation prompts that enforce grounding (use only provided context, cite sources).
• Given a scenario, choose answer formats that make evidence clear (quotes, citations, extracted fields).
• Explain why refusing to answer is preferable when retrieval confidence is low.
• Recognize hallucination risks when context is incomplete or conflicting and mitigation strategies.

Topic 3: Fine-Tuning and Adaptation

Practice this topic →

3.1 Decide: RAG vs fine-tuning vs prompt engineering

• Given a scenario, decide when RAG is sufficient vs when fine-tuning is justified.
• Explain why fine-tuning is not a replacement for up-to-date factual knowledge.
• Identify tasks that benefit from tuning (style, policy, domain language) vs tasks that do not.
• Recognize operational impacts of fine-tuning (evaluation burden, rollback complexity, governance).

3.2 Dataset creation, labeling, and quality control

• Define high-quality instruction/response pairs and why consistency matters for tuning.
• Given a scenario, design data collection that avoids leakage of secrets and proprietary content.
• Identify dataset quality checks: deduplication, toxicity screening, and bias review.
• Explain why a held-out evaluation set is required to detect regression after tuning.
• Recognize when synthetic data is acceptable and what must be validated.

3.3 Tuning approaches and evaluation gating

• Differentiate full fine-tuning vs parameter-efficient methods (concept-level).
• Given a scenario, choose gating criteria for promotion (quality thresholds, safety checks, cost bounds).
• Explain why tuning can degrade general capability and how to detect it with regression tests.
• Recognize when to stop tuning and invest in better retrieval or better prompts instead.

3.4 Governance and risk controls for tuned models

• Describe versioning practices for tuned models and how to support rollback.
• Given a scenario, choose controls for IP/privacy risks (data filtering, access controls, auditability).
• Identify responsible AI checks for tuned models (bias review, safety prompts, refusal policies).
• Explain change management needs when model behavior is part of a business process.

Topic 4: Evaluation and Experimentation

Practice this topic →

4.1 Offline evaluation design (rubrics, test sets, baselines)

• Design evaluation sets that represent real user tasks and edge cases.
• Create rubrics that separate factual correctness, groundedness, completeness, and style.
• Explain why baseline comparisons are required to justify changes to prompts or retrieval.
• Given a scenario, choose between automated scoring, human evaluation, and hybrid approaches.

4.2 Retrieval evaluation (coverage and relevance)

• Explain retrieval-focused metrics (recall@k, precision@k, MRR) at a conceptual level.
• Given a scenario, diagnose whether failures are caused by retrieval, generation, or both.
• Choose evaluation strategies for chunking and embedding changes (fixed prompts, controlled variables).
• Recognize how access-control filtering can reduce recall and how to mitigate with better metadata.

4.3 Online evaluation (A/B tests and feedback loops)

• Define online signals: task success rate, deflection, latency, cost per successful task, and user ratings.
• Given a scenario, design an A/B test with guardrails that prevent unsafe regressions.
• Explain why user feedback must be de-biased and monitored for misuse or prompt injection attempts.
• Recognize when to segment evaluation by user group, region, or use case to avoid misleading averages.

4.4 Continuous evaluation pipelines and regression testing

• Design regression suites that detect changes in safety behavior and factual accuracy.
• Given a scenario, choose a promotion pipeline that blocks deployments when thresholds are not met.
• Explain how to version prompts, retrieval configs, and datasets for reproducible evaluation.
• Recognize when evaluation needs to be repeated after data refreshes or model upgrades.

Topic 5: Safety, Security, and Compliance

Practice this topic →

5.1 Threat model for GenAI systems

• Identify prompt injection, jailbreaks, and data exfiltration as core LLM-specific risks.
• Given a scenario, choose defenses: input sanitization, context isolation, and tool permissioning.
• Explain why least privilege applies to retrieval sources and tool actions.
• Recognize indirect prompt injection via retrieved content and mitigations (content filters, allowlists).
• Describe why caching and logs can become data leak paths and how to reduce exposure.

5.2 Content safety and policy enforcement

• Define safety categories commonly enforced in enterprise GenAI (PII, toxic content, regulated advice).
• Given a scenario, design moderation layers (pre-check, post-check, and refusal paths).
• Explain the difference between refusal, safe completion, and human escalation.
• Recognize why safety prompts alone are insufficient without monitoring and evaluation.

5.3 Privacy, residency, and data retention

• Given a scenario, choose data handling controls: encryption, access controls, masking, and retention limits.
• Identify which parts of a GenAI system can store sensitive data (retrieval index, transcripts, caches, logs).
• Explain how data residency requirements can constrain endpoint placement and data replication choices.
• Recognize when to tokenize or redact sensitive inputs before sending them to an LLM.

5.4 Governance, auditability, and change management

• Describe governance controls: approval workflows, separation of duties, and audit trails for prompt/model changes.
• Given a scenario, choose monitoring and reporting artifacts that support compliance reviews.
• Explain why model outputs used for decisions require traceability back to sources and configurations.
• Recognize when to implement human-in-the-loop controls for high-impact actions.

Topic 6: Building on OCI (Services and Architecture)

Practice this topic →

6.1 OCI services for GenAI solutions (endpoints and orchestration)

• Identify common OCI services used in GenAI apps: Generative AI, Data Science, Object Storage, Functions, API Gateway.
• Given a scenario, choose how to expose a GenAI capability (API, chatbot UI, batch job) with appropriate auth.
• Explain when to use synchronous APIs vs asynchronous workflows for long-running tasks.
• Recognize how quotas and rate limits influence architecture (backpressure, retries, queues).

6.2 Identity, networking, and secure access patterns

• Apply least-privilege IAM to GenAI components (retrieval, storage, deployment, monitoring).
• Given a scenario, choose public vs private connectivity and justify the security trade-offs.
• Explain how secrets management and key management support secure model and data access.
• Recognize when to use network controls (allowlists, gateways, WAF) to reduce exposure.

6.3 Event-driven and pipeline patterns for GenAI

• Design an event-driven ingestion pipeline (new document -> process -> index) using OCI primitives.
• Given a scenario, choose streaming/queueing to decouple producers and consumers and manage load.
• Explain idempotency and retry patterns for document processing and index updates.
• Recognize when to use workflow orchestration for multi-step RAG pipelines (extract, chunk, embed, index).

6.4 Data stores for grounding (documents, metadata, vectors)

• Given a scenario, choose storage for source documents, embeddings, and metadata with governance needs.
• Explain why metadata filters (tenant, department, ACL tags) are essential for enterprise RAG.
• Recognize when a hybrid approach is needed (vector similarity + keyword filtering + structured DB queries).
• Identify data lifecycle practices: re-embedding after model changes and re-indexing after schema changes.

Topic 7: Operations, Reliability, and Cost

Practice this topic →

7.1 Observability (logs, metrics, traces)

• Define the minimum telemetry for GenAI systems: latency, token usage, error rates, and safety events.
• Given a scenario, design tracing that links user requests to retrieval results and generated outputs.
• Explain why sampling and redaction are needed to keep logs useful without leaking sensitive content.
• Recognize leading indicators of degradation: retrieval miss rate, increased refusals, and rising costs.

7.2 Deployment strategies and rollback

• Given a scenario, choose canary vs blue/green vs shadow deployments for prompt/model changes.
• Explain why prompt changes should be versioned and rolled back like code changes.
• Design rollback triggers using guardrail metrics (quality, safety, latency, cost).
• Recognize when to freeze changes and investigate (sudden quality drops, increased safety incidents).

7.3 Cost management (token budgets, caching, batching)

• Explain token cost drivers and how context length and retries increase spend.
• Given a scenario, choose caching, batching, or summarization to reduce cost while preserving quality.
• Recognize trade-offs between larger context vs better retrieval and reranking.
• Design rate limiting and quotas that protect against runaway usage and abuse.

7.4 Incident response and continuous improvement

• Create an incident playbook for GenAI failures (hallucinations, data leakage, tool misuse).
• Given a scenario, identify containment actions: disable tools, tighten retrieval, or roll back versions.
• Explain how postmortems feed back into evaluation sets and safety tests.
• Recognize when to retrain, re-embed, or rebuild indexes after major data or model changes.