PracticeVideosBlogFlashcardsEspañol
All Practice Exams

100+ Free OCI Architect Associate Practice Questions

Pass your Oracle Cloud Infrastructure 2025 Architect Associate (1Z0-1072-25) exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free

Loading practice questions...

Same family resources

Explore More Oracle Certifications

Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.

Oracle SQL

Practice Questions1 blog

OCI AI Foundations

Practice Questions

OCI Architect

Practice Questions

OCI Foundations

Practice Questions

Oracle DBA

Practice Questions

OCI 2025 Data Science Professional (1Z0-1110-25)

Practice Questions

More From This Family

Videos and articles for deeper review.

ArticleOracle SQL 1Z0-071 Exam Guide 2026: Official Facts, Topic Traps, and Practice Plan12 min read
2026 Statistics

Key Facts: OCI Architect Associate Exam

~50 questions

Approximate number of multiple-choice questions on the 1Z0-1072-25 exam

Oracle University - 1Z0-1072-25 exam page

90 minutes

Time limit to complete the OCI 2025 Architect Associate exam

Oracle University - 1Z0-1072-25 exam page

68%

Passing score published for the 1Z0-1072-25 exam

Oracle 1Z0-1072-25 exam syllabus

USD $245

Standard registration fee plus applicable local taxes

Oracle University - exam registration

Networking 35%

Largest objective area, ahead of Storage 25%, Compute 20% and IAM 20%

Oracle 1Z0-1072-25 exam objectives

18 months

Validity period before Oracle recommends re-certifying on the latest version

Oracle University certification policy

Retires Jun 22, 2026

1Z0-1072-25 (2025 version) retirement date, replaced by a 2026 version

Oracle University exam retirement schedule

100

Free original practice questions in this bank

OpenExamPrep

The Oracle Cloud Infrastructure 2025 Architect Associate exam (1Z0-1072-25) is a 90-minute, roughly 50-question multiple-choice exam that costs USD $245 and requires about 68% to pass. It is weighted toward Networking (35%), followed by Storage (25%), Compute (20%) and Identity and Access Management (20%), with mostly scenario-based questions on OCI architecture. Candidates design secure, highly available solutions using VCNs, gateways, load balancers, compute, block/object/file storage, databases, IAM policies and observability. The certification is valid for 18 months, and the 1Z0-1072-25 version retires on June 22, 2026. This 100-question bank gives original, weighted practice across all four objective areas with explanations for every answer.

Sample OCI Architect Associate Practice Questions

Try these sample questions to test your OCI Architect Associate exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.

1An architect needs to plan the CIDR block for a new VCN that must not overlap with an on-premises network of 10.0.0.0/16. Which VCN CIDR is a valid, non-overlapping choice that follows OCI recommendations?
A.10.0.0.0/16
B.172.16.0.0/16
C.10.0.5.0/24
D.0.0.0.0/0
Explanation: OCI recommends RFC 1918 private ranges for VCN CIDRs and they must not overlap with networks you connect to. 172.16.0.0/16 is a private range that does not overlap with the on-premises 10.0.0.0/16, so it is the safe choice.
2Instances in a private subnet need to download operating-system patches from the public internet but must not be reachable from the internet. Which gateway should be added to the VCN?
A.Internet Gateway
B.NAT Gateway
C.Service Gateway
D.Dynamic Routing Gateway
Explanation: A NAT Gateway allows instances in a private subnet to initiate outbound connections to the internet (for example to fetch patches) while blocking any inbound connections initiated from the internet. This matches the requirement exactly.
3Which OCI gateway lets resources in a private subnet reach Oracle services like Object Storage over the Oracle network backbone without traversing the public internet?
A.NAT Gateway
B.Service Gateway
C.Internet Gateway
D.Local Peering Gateway
Explanation: A Service Gateway provides private connectivity from a VCN to supported Oracle services (such as Object Storage) using a service CIDR label, keeping the traffic on Oracle's network and off the public internet.
4What is the key behavioral difference between an OCI security list and a network security group (NSG)?
A.Security lists are stateless only; NSGs are stateful only
B.Security lists apply to all VNICs in a subnet, while NSGs apply to a defined set of VNICs you assign
C.NSGs apply to entire subnets, while security lists apply to individual instances
D.NSGs cannot reference other NSGs as a source or destination
Explanation: A security list applies its rules to every VNIC in the subnets that use it. An NSG applies only to the specific VNICs you place into the group, giving finer-grained, application-tier control. Both support stateful and stateless rules.
5By default, an OCI security list rule that allows inbound TCP traffic is stateful. What does this mean for the return traffic?
A.Return traffic must be explicitly allowed by a separate egress rule
B.Return traffic is automatically allowed without a matching egress rule
C.Return traffic is dropped unless a stateless rule is added
D.Return traffic is allowed only for ICMP
Explanation: A stateful rule tracks connections, so when an inbound connection is allowed, the corresponding return (response) traffic is automatically permitted without needing a separate egress rule. This is the default behavior in OCI.
6An architect must connect two VCNs in the SAME OCI region so resources can communicate using private IP addresses. Which component should be used?
A.Remote Peering Connection
B.Local Peering Gateway
C.Internet Gateway
D.Service Gateway
Explanation: A Local Peering Gateway (LPG) connects two VCNs within the same region so their resources communicate over private IPs without traversing the internet. Each VCN gets its own LPG and they are connected together.
7Which OCI connectivity option provides a dedicated, private connection between an on-premises data center and OCI that does NOT traverse the public internet?
A.Site-to-Site VPN
B.FastConnect
C.NAT Gateway
D.Public Load Balancer
Explanation: FastConnect provides a dedicated, private, high-bandwidth connection between on-premises and OCI that bypasses the public internet, offering more consistent latency than an internet-based VPN.
8A Dynamic Routing Gateway (DRG) is attached to a VCN. Which of the following is its primary purpose?
A.Provide public internet egress for private subnets
B.Act as a virtual router for traffic to on-premises networks and other VCNs via VPN, FastConnect, or peering
C.Store and version route tables for subnets
D.Encrypt object storage data at rest
Explanation: A DRG is a virtual router that you attach to a VCN to route traffic to destinations outside the VCN, including on-premises networks (via Site-to-Site VPN or FastConnect) and other VCNs (via remote peering). A modern DRG can attach to multiple VCNs.
9An OCI public load balancer must distribute HTTPS traffic across backend web servers and terminate TLS at the load balancer. Which load balancer feature handles TLS termination?
A.A backend set with TCP health checks
B.An SSL/TLS certificate associated with the HTTPS listener
C.A path route set
D.A network security group on the backends
Explanation: To terminate TLS at the load balancer, you associate an SSL/TLS certificate bundle with the HTTPS listener. The load balancer decrypts incoming traffic and can forward it to backends over HTTP or re-encrypted HTTPS.
10What is the main functional difference between the OCI Load Balancer and the OCI Network Load Balancer?
A.The Load Balancer operates at Layer 7 (HTTP/HTTPS) while the Network Load Balancer operates at Layer 4 (TCP/UDP) and preserves source IP
B.The Network Load Balancer only works with on-premises servers
C.The Load Balancer cannot perform health checks
D.The Network Load Balancer cannot use a public IP
Explanation: The OCI Load Balancer is a Layer 7 (and Layer 4) service with rich HTTP features like path-based routing and SSL termination. The Network Load Balancer is a high-performance Layer 4 (TCP/UDP/ICMP) service that can preserve the client source IP and offers ultra-low latency.

About the OCI Architect Associate Exam

The Oracle Cloud Infrastructure 2025 Architect Associate exam (1Z0-1072-25) validates the ability to design, deploy and operate secure, resilient infrastructure on Oracle Cloud Infrastructure (OCI). It targets cloud architects, infrastructure engineers and administrators who build OCI solutions using Virtual Cloud Networks, compute, block/object/file storage, databases, load balancing, identity and access management, security and observability. The exam is scenario heavy: candidates choose correct, least-privilege, highly available baseline designs rather than recall isolated facts. The 2025 version (1Z0-1072-25) is scheduled to retire on June 22, 2026 and be replaced by a 2026 version, so candidates should confirm the active version before booking.

Assessment

Approximately 50 multiple-choice questions, mostly scenario based, weighted across Networking (35%), Storage (25%), Compute (20%) and Identity and Access Management (20%).

Time Limit

90 minutes.

Passing Score

68% (the passing score is set by Oracle and may be adjusted; the published value for 1Z0-1072-25 is 68%).

Exam Fee

USD $245 plus applicable local taxes. Discounts may apply through Oracle vouchers, promotions or Oracle Learning Subscriptions. (Oracle University (delivered through Oracle MyLearn online proctoring and Pearson VUE).)

OCI Architect Associate Exam Content Outline

35%

Networking

The largest objective area. Covers VCN design (CIDR blocks, regional and AD-specific subnets), route tables, security lists versus network security groups, internet/NAT/service/dynamic routing gateways, local and remote VCN peering, site-to-site VPN Connect and FastConnect, DNS and Traffic Management steering policies, and the OCI Load Balancer and Network Load Balancer.

25%

Storage

Covers Block Volume (performance tiers, backups, clones, volume groups, cross-region replication), Object Storage (Standard vs Archive tiers, buckets, pre-authenticated requests, lifecycle policy rules, multipart upload) and File Storage (NFS exports, mount targets, snapshots), plus when to choose each storage service for a workload.

20%

Compute

Covers compute shapes (virtual machine, bare metal, flexible, GPU), platform vs custom images, instance configurations, instance pools and autoscaling, OS Management, availability domains and fault domains for resiliency, and boot/block volume attachment.

20%

Identity and Access Management

Covers IAM identity domains, compartments, users and groups, dynamic groups for instance principals, policy syntax and inheritance, tag-based and least-privilege access control, federation and the relationship between IAM, resources and the tenancy.

How to Pass the OCI Architect Associate Exam

What You Need to Know

  • Passing score: 68% (the passing score is set by Oracle and may be adjusted; the published value for 1Z0-1072-25 is 68%).
  • Assessment: Approximately 50 multiple-choice questions, mostly scenario based, weighted across Networking (35%), Storage (25%), Compute (20%) and Identity and Access Management (20%).
  • Time limit: 90 minutes.
  • Exam fee: USD $245 plus applicable local taxes. Discounts may apply through Oracle vouchers, promotions or Oracle Learning Subscriptions.

Keys to Passing

  • Complete 500+ practice questions
  • Score 80%+ consistently before scheduling
  • Focus on highest-weighted sections
  • Use our AI tutor for tough concepts

OCI Architect Associate Study Tips from Top Performers

1Spend the most time on Networking; at about 35% it is the largest objective. Be able to design a VCN end to end: CIDR planning, public vs private subnets, route tables, security lists vs NSGs, and the right gateway (internet, NAT, service, DRG) for each traffic flow.
2Build a free OCI tenancy and actually deploy a VCN, a compute instance, a load balancer and block/object storage; the scenario questions are much easier once you have configured these services yourself.
3Learn IAM policy syntax precisely: the verb (inspect, read, use, manage), resource-type, compartment scope and conditions. Many questions hinge on choosing the least-privilege policy.
4Memorize when to use each storage service: Block Volume for boot/data disks, Object Storage (Standard vs Archive) for unstructured and backup data with lifecycle rules, and File Storage for shared NFS access.
5Understand resiliency building blocks: availability domains vs fault domains, regional vs AD-specific subnets, load balancer backend sets and health checks, and cross-region replication for storage and databases.
6Confirm the active exam version before booking. The 1Z0-1072-25 version retires on June 22, 2026, so check the Oracle University exam page if you are testing near that date.

Frequently Asked Questions

How many questions are on the 1Z0-1072-25 exam and how long is it?

The exam has approximately 50 multiple-choice questions and a 90-minute time limit. Most questions are scenario based, asking you to pick the best OCI design or configuration rather than recall a single fact.

What is the passing score for 1Z0-1072-25?

Oracle sets the passing score at 68% for the 1Z0-1072-25 exam. Oracle can adjust passing scores over the life of an exam, so confirm the current value on the official Oracle University exam page before booking.

How much does the exam cost?

The standard fee is USD $245 plus applicable local taxes. Oracle vouchers, promotions and Oracle Learning Subscriptions can reduce or waive the cost, and the free OCI Architect Associate learning path is available without charge.

What topics does the exam cover and how are they weighted?

There are four objective areas: Networking (about 35%), Storage (about 25%), Compute (about 20%) and Identity and Access Management (about 20%). Networking, including VCNs, gateways and load balancing, is the most heavily weighted.

Is 1Z0-1072-25 being retired?

Yes. The 2025 version (1Z0-1072-25) is scheduled to retire on June 22, 2026 and be replaced by a 2026 version. If you are testing close to that date, confirm which version is active so your preparation matches the live objectives.

Are these official Oracle exam questions?

No. These are original OpenExamPrep practice questions written to match the published 1Z0-1072-25 objectives and difficulty. Oracle provides the official learning path, documentation and hands-on labs separately through Oracle University and Oracle MyLearn.