Last-mile 1Z0-1085-25 review: OCI tenancy model, IAM basics, VCN networking basics, compute/storage pickers, observability, and governance/pricing.
Use this for last‑mile review. Pair it with the Syllabus for coverage.
flowchart TD
T["Tenancy"] --> C1["Compartment: Prod"]
T --> C2["Compartment: Dev"]
C1 --> P1["Policies"]
C1 --> R1["Resources (VCN, Compute, DB, ...)"]
C2 --> P2["Policies"]
C2 --> R2["Resources"]
Rule: Compartments are logical isolation for access + governance; they are not “network boundaries”.
| Term | What it is | What to remember |
|---|---|---|
| Tenancy | your OCI account boundary | top-level for identity + billing |
| Compartment | logical container | used in policies, tagging, budgets |
| Region | geographic area | contains availability domains |
| AD / FD | failure isolation | use for HA within a region |
| VCN | virtual network | subnets, route tables, security |
| You need… | Use… |
|---|---|
| Human access | Users + Groups + Policies |
| Resource-to-resource access | Dynamic Groups + Policies |
Policy language is human-readable. Typical pattern:
1Allow group <group-name> to manage <resource-family> in compartment <compartment-name>
Exam cues
| Concept | Exam-friendly rule |
|---|---|
| Security Lists | subnet-level, stateful by default |
| NSGs | attach to VNIC/resources, more granular |
| Route table | where traffic goes (IGW/NAT/SGW/DRG) |
| Internet Gateway (IGW) | public internet ingress/egress |
| NAT Gateway | private subnet outbound only |
| Service Gateway | private access to Oracle services without internet |
| Requirement | Prefer |
|---|---|
| Durable object store, backups, logs | Object Storage |
| Attach volumes to compute | Block Volumes |
| Shared POSIX-style filesystem | File Storage |
| Lowest cost archival | Archive Storage |
| Requirement | Prefer |
|---|---|
| General VM workloads | Compute VM instances |
| Dedicated performance / special needs | Bare metal / specialized shapes |
| Managed containers | OKE (Kubernetes) |