Oracle Cloud Infrastructure 2025 Cloud Ops Professional (1Z0-1067-25)

What you will practice: Design an operations-ready OCI tenancy structure, compartments, tagging, limits, and runbook governance for day-to-day cloud operations.

• OCI tenancy structure
• Tenancy vs region vs availability domain vs fault domain
• Compartments: hierarchy design (prod vs non-prod, business units, applications, environments)
• Governance constructs
• Compartment quotas and service limits (planning and operational handling)
• Tagging strategy (cost tracking, ownership, environment, compliance classification)
• Resource organization for operations
• Standard naming conventions for fleet operations
• Resource lifecycle management expectations (create, update, move between compartments, delete)
• Operational readiness
• Runbook-oriented operations: standard procedures for provisioning, patching, scaling, incident response

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Apply least-privilege IAM for operators and automation using users, groups, policies, dynamic groups, federation, and credential hygiene.

• IAM primitives
• Users, groups, policies (policy statements, scope by compartment/tenancy)
• Dynamic groups (instance/OCI resource principal patterns)
• Least privilege design and enforcement
• Policy design for ops vs developers vs auditors (segregation of duties)
• “Manage” vs “use” vs “read/inspect” permission planning
• Authentication patterns
• Federation concepts (IdP integration) and common operational implications
• API signing keys, auth tokens, and operational rotation practices
• Access control for automation
• Instance principals / resource principals (when to avoid static credentials)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Design an operations-ready OCI tenancy structure, compartments, tagging, limits, and runbook governance for day-to-day cloud operations.

• Security posture baseline
• Secure tenancy configuration mindset (guardrails, compartment isolation, minimal exposure)
• Security “operational controls”: logging, monitoring, alerting tied to security events
• Encryption and key management
• Encryption at rest vs in transit (operational verification and controls)
• Customer-managed keys vs Oracle-managed keys (decision factors and operations)
• Secrets management
• Storing and rotating secrets (avoid embedding secrets in scripts/images)
• Integrating secrets into automation workflows safely
• Secure network access patterns
• Private endpoints/private access where possible
• Minimizing public exposure surface for workloads

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Apply least-privilege IAM for operators and automation using users, groups, policies, dynamic groups, federation, and credential hygiene.

• Compute provisioning operations
• Instance shapes: selecting CPU/memory profiles for workloads
• Boot volumes and block volume attachment patterns
• Images, custom images, and golden image operational lifecycle
• Access and connectivity
• SSH access approach, bastion-style patterns, and key handling hygiene
• Scaling and elasticity
• Scaling up vs scaling out operational decision logic
• Autoscaling concepts (policies/threshold thinking and capacity planning)
• Maintenance and availability
• Operational handling of maintenance windows
• Fault domain/availability domain placement strategies

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Operate VCN networking and connectivity with correct routing, segmentation, traffic controls, and operational troubleshooting of common misconfigurations.

• VCN fundamentals
• VCNs, subnets (public vs private), route tables, security lists/NSGs
• Connectivity and routing operations
• Internet connectivity vs private connectivity patterns (what ops typically verifies/troubleshoots)
• Routing correctness: route table intent, next hop validation
• Traffic control and segmentation
• NSGs vs security lists (why/when you use each operationally)
• Common misconfig patterns: overly-permissive ingress, missing egress, wrong subnet routing
• Availability and scale considerations
• Designing/operating for failure domains and regional resilience (where applicable)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Manage Object, Block, and File Storage with lifecycle, performance considerations, backup/restore, and retention controls aligned to requirements.

• Object Storage operations
• Buckets, namespaces, access control patterns
• Lifecycle policies (tiering, archival, deletion schedules)
• Versioning and immutability concepts (where needed for compliance)
• Block Storage operations
• Performance considerations (IOPS/throughput mindset)
• Backups, restores, cloning operations
• File Storage operations
• Mount targets and access control (operational checks)
• Retention strategy design
• Retention requirements mapped to lifecycle policies and backup/restore plans
• Operational validation of retention and recovery procedures

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Standardize post-provision configuration using cloud-init and configuration management to reduce drift and enable repeatable operations.

• Configuration management goals
• Standardizing instance configuration (repeatability, drift reduction)
• Managing config across fleets (environment parity: dev/test/prod)
• Cloud-init fundamentals
• Bootstrapping packages, users, configuration, and registration steps
• Idempotency and safe re-runs (avoid breaking instances on reboot/redeploy)
• Drift control
• Detecting drift (config differences) and remediating
• Versioning configuration artifacts and rollback concepts

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Automate OCI provisioning and change management using Infrastructure as Code, operational guardrails, and secure credential patterns.

• IaC approach
• Defining OCI resources declaratively (modules, variables, environments)
• Safe change management: plan/apply workflow mindset
• Automation scopes
• Automated provisioning of compute/network/storage baselines
• Automated patching/maintenance workflows (where applicable)
• Operational controls in automation
• Embedding guardrails: policy compliance checks, tagging enforcement, safe defaults
• Credential management for automation (prefer principals over static secrets)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Implement reliability and continuity operations using redundancy, backups, restore testing, DR runbooks, and automated failover triggers.

• Reliability design basics (Ops perspective)
• Fault isolation and blast-radius reduction
• Designing for redundancy at compute/network/storage layers
• Backup and recovery operations
• Backup schedules and restore testing
• Runbooks for partial restores vs full service recovery
• Failover concepts
• Automated vs manual failover decision logic
• Health checks and failover triggers (what ops monitors and tunes)
• BCP/DR planning
• RTO/RPO translation into OCI operational actions
• Regular DR drills and evidence collection (audit readiness)

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.

What you will practice: Build observability for operations with metrics, logs, events, alerting, and incident-response workflows that drive root-cause resolution.

• Observability pillars in OCI
• Metrics monitoring (resource/service performance)
• Logging (centralized collection, routing, retention)
• Events/notifications (event-driven ops workflows)
• Alerting strategy
• Threshold-based vs symptom-based alerts (noise reduction)
• Alert routing to the right responders (on-call workflow design)
• Troubleshooting workflow
• Diagnose availability vs performance vs access issues
• Correlating signals (metrics + logs + events) to isolate root cause
• Operational reporting
• SLA/SLO thinking (uptime, latency, error rates, capacity headroom)
• Post-incident reviews: corrective actions, automation opportunities, prevention controls

Tip: After topic practice, do mixed sets under time pressure and review missed questions immediately.