Career upgrade: Learn practical AI skills for better jobs and higher pay.
Level up
PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free OCI Networking Professional Practice Questions

Pass your Oracle Cloud Infrastructure 2025 Networking Professional (1Z0-1124-25) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0

After enabling transit routing, on-premises hosts can reach Spoke A but not Spoke B through the hub. Which is the MOST likely cause?

A
B
C
D
to track
Same family resources

Explore More Oracle Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

Oracle SQL

Practice Questions1 blog

OCI AI Foundations

Practice Questions

OCI Architect

Practice Questions

OCI Foundations

Practice Questions

Oracle DBA

Practice Questions

OCI 2025 Data Science Professional (1Z0-1110-25)

Practice Questions

More From This Family

Videos and articles for deeper review.

ArticleOracle SQL 1Z0-071 Exam Guide 2026: Official Facts, Topic Traps, and Practice Plan12 min read
2026 Statistics

Key Facts: OCI Networking Professional Exam

50

Exam Questions

Oracle University

90 min

Exam Duration

Oracle University

68%

Passing Score

Oracle University

$245

Exam Fee

Oracle University

7

Exam Domains

Oracle 1Z0-1124-25 skills outline

24 months

Credential Validity

Oracle certification guidelines

As of May 24, 2026, Oracle University lists the Oracle Cloud Infrastructure 2025 Networking Professional exam 1Z0-1124-25 as a 50-question, 90-minute multiple-choice exam with a 68% passing score and a $245 fee. The exam spans seven domains: Plan and Design OCI Networking and App Services (20%), Design for Hybrid Networking Architectures (20%), Implement and Operate Secure OCI Networking (20%), Design and Deploy VCNs (10%), Transitive Routing (10%), Migrate Workloads to OCI (10%), and Troubleshoot OCI Networking and Connectivity Issues (10%).

Sample OCI Networking Professional Practice Questions

Try these sample questions to test your OCI Networking Professional exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1What is the primary purpose of a Virtual Cloud Network (VCN) in OCI?
A.To provide a managed DNS zone for public internet records only
B.To define a private, software-defined network within a region for your cloud resources
C.To replace the need for compartments in IAM
D.To store object data across multiple availability domains
Explanation: A VCN is a customizable, private software-defined network that you set up in an OCI region. It uses a CIDR block of private IPv4 addresses and is the foundation for subnets, route tables, gateways, and security controls. A VCN is regional, spanning all availability domains in that region.
2What is the scope of a subnet within an OCI VCN by default?
A.Subnets can span multiple regions
B.Subnets are regional and span all availability domains in the region
C.Subnets are always specific to a single availability domain
D.Subnets span all tenancies in an Oracle realm
Explanation: By default OCI subnets are regional, meaning they span all availability domains within the VCN's region. OCI still supports AD-specific subnets for legacy designs, but regional subnets are recommended because they simplify high-availability placement of resources across availability domains.
3Which gateway allows resources in a private subnet to initiate outbound connections to the public internet while blocking unsolicited inbound connections?
A.Internet Gateway
B.NAT Gateway
C.Service Gateway
D.Dynamic Routing Gateway
Explanation: A NAT Gateway gives instances in a private subnet outbound access to the internet without exposing them to inbound connections from the internet. The Internet Gateway, by contrast, allows bidirectional traffic and is used by resources with public IP addresses.
4An instance in a private subnet must reach OCI Object Storage without traversing the public internet. Which VCN gateway should be configured?
A.Internet Gateway
B.NAT Gateway
C.Service Gateway
D.Local Peering Gateway
Explanation: A Service Gateway provides private access from a VCN to supported Oracle services such as Object Storage and Autonomous Database, keeping traffic on the Oracle network fabric rather than the public internet. You attach it to the VCN and add a route rule using the appropriate service CIDR label.
5What is the key functional difference between a Security List and a Network Security Group (NSG) in OCI?
A.Security Lists operate at Layer 7 while NSGs operate at Layer 3
B.Security List rules apply to all resources in a subnet, while NSG rules apply only to the resources placed in that group
C.NSGs are stateful while Security Lists are always stateless
D.Only Security Lists can reference another group as a source or destination
Explanation: Security Lists apply their rules to every resource in any subnet that uses the list, tying security to subnet boundaries. NSGs apply rules only to the VNICs you add to the group, decoupling security from subnet architecture. NSGs can also reference other NSGs as source or destination, which Security Lists cannot.
6By default, how does OCI treat a stateful ingress security rule?
A.Return traffic must be explicitly allowed by a separate egress rule
B.Return traffic is automatically allowed without a matching egress rule
C.It blocks all return traffic regardless of configuration
D.It applies only to UDP traffic
Explanation: Stateful rules track connections so that response traffic is automatically permitted, even without an explicit matching rule in the opposite direction. Stateless rules do not track connection state, so you must define rules for both directions of the flow.
7Which OCI component acts as a virtual router that connects a VCN to on-premises networks, other VCNs, and remote regions?
A.Local Peering Gateway
B.Dynamic Routing Gateway (DRG)
C.Internet Gateway
D.Service Gateway
Explanation: The Dynamic Routing Gateway is a virtual router that provides a path for private traffic between a VCN and destinations outside the VCN's region or the public internet. It supports FastConnect virtual circuits, Site-to-Site VPN IPSec tunnels, VCN attachments, and remote peering connections, with static and BGP dynamic routing.
8Which two connectivity options terminate on a DRG to provide private access between an on-premises network and a VCN?
A.Internet Gateway and NAT Gateway
B.FastConnect virtual circuit and Site-to-Site VPN IPSec tunnel
C.Service Gateway and Local Peering Gateway
D.Object Storage replication and DNS forwarding
Explanation: FastConnect private peering and Site-to-Site VPN both terminate on a DRG attached to the VCN, giving on-premises hosts private access to VCN resources. FastConnect uses a dedicated or partner private circuit, while Site-to-Site VPN builds IPSec tunnels over the public internet.
9When would FastConnect be preferred over Site-to-Site VPN for hybrid connectivity?
A.When the workload requires consistent, dedicated bandwidth and predictable latency that avoids the public internet
B.When connectivity must be deployed in minutes with no carrier involvement
C.When the connection is temporary and low cost is the only priority
D.When IPSec encryption is the sole security requirement
Explanation: FastConnect provides a private, dedicated connection through a partner or direct circuit, delivering more consistent bandwidth and lower, more predictable latency than VPN over the public internet. Site-to-Site VPN is faster to provision and cheaper but rides the public internet, so its performance is variable.
10A company needs to encrypt its FastConnect private peering traffic with IPSec without changing its on-premises edge routing. Which OCI capability addresses this?
A.Remote Peering Connection
B.Site-to-Site VPN over FastConnect
C.Local Peering Gateway
D.Service Gateway with TLS
Explanation: Site-to-Site VPN over FastConnect lets you establish IPSec tunnels to the managed Site-to-Site VPN service across a FastConnect private virtual circuit. This secures FastConnect traffic with encryption while still using the dedicated private circuit for transport.

About the OCI Networking Professional Exam

Oracle's OCI Networking Professional exam validates the ability to plan, design, deploy, secure, and troubleshoot networking solutions on Oracle Cloud Infrastructure. The blueprint covers VCN design, hybrid connectivity with FastConnect and Site-to-Site VPN, transitive routing through the DRG, secure connectivity with security lists, NSGs, Network Firewall, and WAF, plus load balancing and DNS traffic management for Oracle Cloud Infrastructure 2025.

Questions

50 scored questions

Time Limit

90 minutes

Passing Score

68%

Exam Fee

$245 (Oracle University)

OCI Networking Professional Exam Content Outline

20%

Plan and Design OCI Networking Solutions and App Services

Design VCN architectures, subnet and CIDR strategy, gateway selection, and integration with app services such as flexible Load Balancer, OKE, API Gateway, and Functions for resilient, secure topologies.

20%

Design for Hybrid Networking Architectures

Connect on-premises networks to OCI using FastConnect virtual circuits and Site-to-Site VPN terminating on a DRG, with BGP dynamic routing and redundant, high-availability designs.

20%

Implement and Operate Secure OCI Networking and Connectivity

Apply security lists and network security groups, stateful versus stateless rules, Service Gateway private access, OCI Network Firewall, and Web Application Firewall to secure traffic.

10%

Design and Deploy OCI Virtual Cloud Networks (VCN)

Create VCNs, regional and AD-specific subnets, route tables, Internet, NAT, Service, and Dynamic Routing Gateways, IP addressing, and VNIC configuration.

10%

Transitive Routing

Use DRG route tables and route distributions, local and remote peering, hub-and-spoke topologies, and centralized egress or inspection across multiple VCNs.

10%

Migrate Workloads to OCI

Plan non-overlapping CIDRs, hybrid DNS resolution, bandwidth and latency for transfers, and preserving connectivity during phased migrations to OCI.

10%

Troubleshoot OCI Networking and Connectivity Issues

Diagnose routing, security rule, BGP, NAT, and DNS problems using VCN flow logs and a methodical layered approach.

How to Pass the OCI Networking Professional Exam

What You Need to Know

  • Passing score: 68%
  • Exam length: 50 questions
  • Time limit: 90 minutes
  • Exam fee: $245

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

OCI Networking Professional Study Tips from Top Performers

1Prioritize the three 20% domains: hybrid networking, secure networking, and plan-and-design together make up 60% of the exam.
2Build real labs for FastConnect, Site-to-Site VPN, and the DRG so transit routing and BGP concepts become intuitive rather than memorized.
3Memorize gateway purposes cold: Internet Gateway (public bidirectional), NAT Gateway (private outbound only), Service Gateway (private Oracle service access), and DRG (hybrid and cross-VCN routing).
4Be able to choose between the flexible Load Balancer and the Network Load Balancer based on Layer 7 features versus Layer 3/4 throughput and source IP preservation.
5Practice transit routing scenarios with DRG route tables and route distributions, including hub-and-spoke, centralized egress, and remote peering across regions.
6Use timed 50-question practice sets so the 90-minute, 68%-to-pass pace feels comfortable before the real exam.

Frequently Asked Questions

What are the current official exam facts for OCI Networking Professional?

Oracle University lists 1Z0-1124-25 as a 50-question multiple-choice exam with a 90-minute time limit and a 68% passing score. The exam fee is $245 and it is validated against Oracle Cloud Infrastructure 2025.

What topics are weighted most heavily on the exam?

Three domains tie for the largest weight at 20% each: Plan and Design OCI Networking and App Services, Design for Hybrid Networking Architectures, and Implement and Operate Secure OCI Networking. The remaining four domains are weighted at 10% each.

What is the difference between a Security List and a Network Security Group?

Security List rules apply to all resources in any subnet that uses the list, while NSG rules apply only to the VNICs added to the group. NSGs can also reference another NSG as a source or destination, which security lists cannot.

When should I use FastConnect instead of Site-to-Site VPN?

Use FastConnect when you need dedicated, predictable bandwidth and low latency that avoids the public internet. Site-to-Site VPN builds encrypted IPSec tunnels over the internet and is faster and cheaper to deploy for branch or backup connectivity.

Is the OCI Load Balancer different from the Network Load Balancer?

Yes. The flexible Load Balancer works up to Layer 7 with content-based routing, SSL termination, and WAF support. The Network Load Balancer operates at Layer 3/4 with ultra-low latency, high throughput, and source IP preservation.

What is the best way to prepare for OCI Networking Professional?

Start with Oracle's OCI Networking learning path, build hands-on VCN, DRG, FastConnect, and load balancer configurations, then drill mixed practice questions. Because hybrid networking, secure connectivity, and design each carry 20%, focus the largest share of study time there.