Oracle Cloud Infrastructure 2025 Architect Associate (1Z0-1072-25)

What you will practice: Build a strong OCI architecture foundation: regions/realms, availability and fault domains, tenancy structure, compartments, and core resource concepts used throughout the Architect Associate exam.

• OCI regions, realms, and region selection drivers (latency, data residency, service availability)
• Availability domains vs fault domains and placement decisions for resiliency
• Tenancy vs compartments: isolation, governance boundaries, and hierarchy design patterns
• OCI resource model: OCIDs, lifecycle states, and lifecycle operations (create, update, move, delete)
• Control plane vs data plane thinking across OCI services
• Shared-services vs per-application isolation models and blast-radius reduction

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Design secure access in OCI: identity domains, users/groups/dynamic groups, authentication methods, federation concepts, and least-privilege policy patterns for people and workloads.

• Identity domains and common multi-domain patterns (employees vs partners vs consumers)
• Users, groups, dynamic groups, and membership concepts
• Console authentication and MFA patterns
• API authentication artifacts (API signing keys, auth tokens) and rotation hygiene
• Federation concepts (IdP integration) and operational implications
• Policy statement structure, scoping (tenancy vs compartment), and least-privilege design
• Workload identity decisions: instance principals/dynamic groups vs embedded credentials

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Apply governance and guardrails: compartment design for ownership and auditability, tagging strategies for cost and compliance, and quotas/limits to control consumption.

• Compartment layout patterns aligned to environments, apps, business units, and cost centers
• Moving resources between compartments: access impact and policy inheritance implications
• Defined tags vs free-form tags, namespaces, and enforcement concepts
• Tagging patterns (environment, owner, cost center, data classification) for reporting/chargeback
• Service limits vs compartment quotas and when each is used
• Guardrail patterns to prevent runaway spend and enforce standard architecture constraints

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Design OCI networking fundamentals: VCN CIDR planning, subnets, routing components, and security controls (security lists vs NSGs), including common troubleshooting logic.

• VCN fundamentals and CIDR planning (non-overlapping, future peering/VPN readiness)
• Subnets (public vs private) and regional behavior concepts
• Route tables and next-hop choices (IGW, NAT Gateway, Service Gateway, DRG, LPG)
• Security Lists vs Network Security Groups (NSGs): differences and usage guidance
• Internet Gateway for public access and NAT Gateway for outbound-only private patterns
• Service Gateway for private access to supported OCI services without the public internet
• Troubleshooting flow: routes vs security rules vs public IP vs subnet type

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Extend OCI connectivity with DRG-centric designs, local and remote peering, and hybrid connectivity using IPSec VPN or FastConnect, including segmentation and routing isolation concepts.

• Dynamic Routing Gateway (DRG) purpose and attachment patterns
• Hub-and-spoke vs mesh connectivity approaches and high-level route propagation concepts
• Local Peering Gateway (LPG) for same-region VCN peering
• Remote peering concepts for cross-region connectivity use cases
• Site-to-Site VPN concepts and typical placement patterns
• FastConnect rationale (dedicated connectivity) and when it is preferred over VPN
• Segmentation considerations: routing isolation and traffic separation by design

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Design traffic exposure and distribution: public/private load balancers, backend sets and health checks, TLS termination, DNS patterns, and exposure control for enterprise workloads.

• Public vs private load balancers and when each is appropriate
• Listeners, backend sets, and health check concepts (how components fit together)
• Session persistence concepts and when it is required
• SSL/TLS termination concepts and certificate placement considerations
• Public DNS publishing vs private DNS needs and internal name resolution considerations
• Exposure control using network security rules and private endpoints where appropriate
• High-level WAF placement reasoning for L7 protection needs

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Design compute deployments: shapes, images, placement for availability, boot and block volume considerations, and scalable patterns using instance configurations, pools, and autoscaling policies.

• Shape selection trade-offs (CPU, memory, network performance, and cost implications)
• Boot volume vs block volume usage and attachment considerations
• Placement across availability and fault domains for availability objectives
• Oracle-provided images vs custom images and golden image lifecycle concepts
• Cloud-init/bootstrap concepts for repeatable instance configuration
• Instance configurations, instance pools, and autoscaling policy concepts
• Cost/availability trade-offs such as preemptible capacity concepts (where applicable)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Choose the right OCI storage service: object, block, and file storage, including access patterns, lifecycle policies, sharing mechanisms, backups/clones, and data movement decisions.

• Object Storage concepts: buckets, namespaces, and access patterns
• Pre-authenticated requests (PARs) for controlled sharing without making buckets public
• Lifecycle policies for tiering/archiving and retention management
• Block Volume performance reasoning (IOPS/throughput mindset) and use cases
• Backups, clones, and restore workflows for block volumes
• File Storage use cases and choosing file vs object vs block based on workload needs
• High-level data movement considerations for internet vs dedicated/hybrid transfer approaches

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Design security controls: encryption at rest and in transit, key and secret management with Vault, secure workload access patterns, segmentation with NSGs/subnets, and baseline security posture thinking.

• Encryption at rest vs in transit and design implications
• Customer-managed keys vs Oracle-managed keys: why and when to choose each
• Vault concepts: keys vs secrets and rotation as an architectural requirement
• Secure secret access for workloads using instance principals/dynamic groups (avoid hardcoded credentials)
• Network segmentation patterns using subnets and NSGs
• Private access patterns to reduce public exposure and tighten blast radius
• Baseline monitoring/alerting concepts for suspicious activity (architect-level posture)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Design for day-2 operations: monitoring/logging, alarms and notifications, resilience patterns, backup and DR rationale, and cost governance via tags and compartment-based controls.

• Metrics vs logs and common architectural use cases for each
• Alarms and notifications concepts for event-driven operations
• Centralizing logs for auditability and troubleshooting
• Availability and resiliency via AD/FD placement strategies
• Backup strategy alignment to RPO/RTO targets and DR decision logic
• Multi-region considerations and when regional DR is justified
• Cost drivers in OCI architecture (compute shapes, storage tiers, egress, load balancers) and governance via tags/compartments

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.