Use this syllabus as your checklist for 1Z0‑997‑25. Work topic-by-topic, then drill scenario questions after each section.
What’s covered
Topic 1: Enterprise Landing Zone & Governance
Practice this topic →
1.1 Tenancy layout, compartments, and shared services design
- Design a tenancy/compartment structure that supports multi-team enterprise operations.
- Given a scenario, separate shared services from workload compartments to reduce blast radius.
- Explain how compartment boundaries support governance, cost attribution, and least privilege.
- Identify anti-patterns in enterprise tenancy design (flat hierarchy, uncontrolled root usage).
- Define a baseline "landing zone" intent: guardrails, naming/tagging, and auditability.
- Given a scenario, choose an organization model that supports scalable operations and compliance.
1.2 IAM at scale: policy strategy and workload identity
- Design policy structure that minimizes tenancy-wide permissions while enabling automation.
- Choose dynamic groups/resource principals to avoid long-lived keys in workloads (concept-level).
- Given a scenario, choose compartment-scoped policies with minimal verbs to meet requirements.
- Recognize the risk of policy sprawl and describe strategies to standardize policy patterns (concept-level).
- Identify the role of audit/logging for identity and access investigations.
- Given a scenario, choose an IAM approach that supports separation of duties.
1.3 Governance controls: tagging, quotas, budgets, and compliance baselines
- Design a tagging strategy to support cost allocation and governance reporting.
- Choose quotas/limits to prevent accidental resource sprawl and cost overruns.
- Use budgets and alerts to control spend and trigger operational review (concept-level).
- Identify baseline compliance controls expected in production (audit, logs, encryption).
- Given a scenario, choose governance controls that match risk tolerance and organizational maturity.
- Recognize that governance includes operational processes (change control, approvals, rollback).
Topic 2: Advanced Networking & Segmentation
Practice this topic →
2.1 Network architecture patterns (hub-spoke, shared services)
- Given a scenario, choose hub-spoke networking to connect many VCNs with centralized control (concept-level).
- Design segmentation between environments and tiers (prod vs non-prod, shared services vs workloads).
- Choose subnet and routing strategies that support isolation without excessive complexity.
- Recognize how IP planning influences future peering and hybrid connectivity (avoid overlaps).
- Given a scenario, choose a design that enables centralized inspection/egress control (concept-level).
- Identify common enterprise networking anti-patterns (flat networks, inconsistent routing).
2.2 Routing intent and traffic control (gateways, route tables)
- Differentiate routing functions (route tables) from security functions (NSGs/security lists).
- Choose internet gateway, NAT gateway, and service gateway correctly for edge/egress patterns.
- Design private subnet egress without inbound exposure and explain why (concept-level).
- Given a scenario, select the minimal set of gateways to meet requirements and reduce attack surface.
- Recognize why east-west controls (between tiers) matter as much as north-south controls (internet).
- Given a scenario, choose an approach that prevents unintended transitive routing paths (concept-level).
2.3 Network security architecture (NSGs, security lists, edge controls)
- Use NSGs for granular resource-level segmentation and security lists for subnet-level defaults.
- Design tier-to-tier rules using least privilege (only required ports and sources).
- Given a scenario, choose edge protections (WAF/TLS termination) in front of public workloads (concept-level).
- Recognize that databases should typically be private and protected with restrictive rules.
- Identify why logging and visibility at the edge is critical for incident response.
- Given a scenario, choose security controls that match the threat model and compliance needs.
Topic 3: Hybrid Connectivity & Integration
Practice this topic →
3.1 Connectivity selection: VPN vs FastConnect and redundancy
- Differentiate IPSec VPN and FastConnect at a conceptual level (latency, bandwidth, reliability).
- Given a scenario, choose redundant connectivity paths to meet availability requirements (concept-level).
- Recognize that connectivity design includes routing, security boundaries, monitoring, and failover.
- Explain why BGP/route propagation concepts matter for stable routing (concept-level).
- Given a scenario, choose the simplest connectivity solution that meets requirements and constraints.
- Identify the impact of egress/data transfer in hybrid connectivity decisions (concept-level).
3.2 Shared services and enterprise integration patterns
- Design shared services access patterns (DNS, security tooling, logging) for many networks (concept-level).
- Given a scenario, choose central vs distributed services based on scale and blast radius.
- Recognize the need for consistent naming and service discovery across environments.
- Identify the role of centralized logging/monitoring in enterprise operations.
- Given a scenario, choose an integration approach that supports auditability and operational control.
- Recognize that integration should include access boundaries and least privilege principles.
3.3 Identity integration and trust boundaries (concept-level)
- Explain identity federation intent at a high level and why it reduces credential sprawl.
- Given a scenario, choose federation for centralized identity while keeping least privilege in OCI policies.
- Identify trust boundary risks when integrating identity across environments (concept-level).
- Recognize the need for audit logs and monitoring for identity-related events.
- Given a scenario, choose an approach that supports separation of duties and compliance.
- Recognize that network connectivity does not imply authorization (IAM still required).
Topic 4: High Availability & Disaster Recovery (RTO/RPO)
Practice this topic →
4.1 HA within a region (AD/FD, scaling, load balancing)
- Design for failure isolation using availability domains and fault domains (concept-level).
- Use load balancing and health checks to route traffic away from unhealthy backends.
- Given a scenario, choose horizontal scaling (instance pools/autoscaling) for resilient architectures.
- Recognize that stateful workloads require additional HA considerations (session/state) conceptually.
- Explain why HA should be validated with failure testing and runbooks (concept-level).
- Given a scenario, choose an HA design that balances complexity and reliability.
4.2 DR across regions: active-passive vs active-active
- Differentiate active-passive and active-active DR patterns and match them to requirements (concept-level).
- Use RTO and RPO to drive DR design choices (replication frequency, automation, standby posture).
- Given a scenario, choose cross-region strategies that meet failover requirements within constraints.
- Recognize that DR includes DNS/traffic steering, not only data replication (concept-level).
- Identify the need to test failover and recovery procedures regularly (concept-level).
- Given a scenario, choose a DR plan that is recoverable, auditable, and operationally realistic.
4.3 Backup/restore vs replication and the operational plan
- Explain why backup/restore does not equal DR replication (RTO/RPO differences).
- Given a scenario, choose backups for corruption/human error and replication for failover needs.
- Recognize that DR requires documented runbooks and clear ownership (concept-level).
- Identify key operational signals to verify DR readiness (replication lag, backup success, alerts).
- Given a scenario, choose an approach that includes both prevention and recovery controls.
- Explain why automation reduces recovery time and human error (concept-level).
Topic 5: Data Architecture & Resilience
Practice this topic →
5.1 Storage and replication considerations
- Choose storage services based on access patterns (object vs block vs file) and resilience requirements.
- Given a scenario, choose replication or multi-copy strategies to meet durability needs (concept-level).
- Recognize the cost implications of replication and data transfer (concept-level).
- Identify access control and encryption expectations for storage designs.
- Given a scenario, choose lifecycle policies to control storage cost while meeting retention needs.
- Recognize operational risks like uncontrolled small objects/files and governance drift (concept-level).
5.2 Database availability and recovery considerations
- Choose database options and availability approaches based on workload needs (concept-level).
- Given a scenario, ensure databases are placed in private subnets with restrictive access controls.
- Explain backup intent (point-in-time recovery, retention) and how it influences RPO.
- Recognize that DR for databases includes replication, failover, and application cutover planning (concept-level).
- Given a scenario, choose a design that meets consistency and recovery requirements within constraints.
- Identify why monitoring replication/backups is required for operational readiness.
5.3 Data movement and integration trade-offs (concept-level)
- Given a scenario, choose minimal data movement to reduce egress cost and complexity.
- Explain latency and consistency trade-offs when data is accessed across regions/environments (concept-level).
- Recognize that encryption and key management responsibilities must be explicit for data flows.
- Identify the need for data governance: ownership, retention, and auditability (concept-level).
- Given a scenario, choose a data integration approach that supports recoverability and compliance.
- Recognize operational risks of uncontrolled pipelines and lack of lineage (concept-level).
Topic 6: Security Architecture & Compliance
Practice this topic →
6.1 Compartment + IAM strategy for security at scale
- Design IAM policies that enforce least privilege while supporting automation and operations.
- Given a scenario, use compartment boundaries to isolate sensitive workloads and reduce blast radius.
- Recognize that policy verbs should be minimized and scoped appropriately (read/use/manage).
- Identify the need for separation of duties and change control in security-sensitive environments.
- Given a scenario, choose workload identity over static user keys (concept-level).
- Recognize the role of audit logs for compliance and incident investigations.
6.2 Key management, encryption, and secrets handling
- Choose Vault/KMS concepts for customer-managed keys and explain why (concept-level).
- Given a scenario, choose key rotation and least privilege access to keys/secrets (concept-level).
- Recognize encryption at rest and in transit as baseline expectations for production.
- Identify the risk of storing secrets in source code and safer alternatives (Vault).
- Given a scenario, choose a key management approach that meets compliance requirements.
- Recognize the need to audit access to keys and secrets (concept-level).
6.3 Security posture and detection/response (concept-level)
- Recognize the purpose of posture management tools (e.g., Cloud Guard) conceptually.
- Given a scenario, choose a design that includes logging, alerts, and response workflows.
- Identify why “detect-only” without response/ownership is an incomplete control (concept-level).
- Recognize the importance of baseline edge protections and segmentation for reducing attack surface.
- Given a scenario, choose security controls that balance risk, cost, and operational overhead.
- Identify the importance of incident runbooks and regular testing (concept-level).
Practice this topic →
7.1 Observability and operational readiness
- Design an observability baseline using metrics, logs, and audit trails (concept-level).
- Given a scenario, choose alarms and dashboards that reflect availability and performance risks.
- Recognize the need to monitor connectivity (VPN/FastConnect) and routing paths (concept-level).
- Identify how runbooks and ownership improve recovery and reduce incident time.
- Given a scenario, choose centralized logging for cross-team operations and investigations.
- Recognize that operational readiness includes rollback and change control.
7.2 Automation and Infrastructure as Code (concept-level)
- Recognize IaC as a safer change mechanism than manual console changes (concept-level).
- Given a scenario, choose Terraform/Resource Manager approaches to standardize deployments.
- Identify the operational risk of unmanaged drift and how IaC reduces it (concept-level).
- Choose approval gates and review steps for high-risk changes (concept-level).
- Given a scenario, design automation that includes rollback and auditability.
- Recognize that automation requires least privilege and secure secret handling.
- Choose scaling approaches based on workload profile (horizontal vs vertical) conceptually.
- Given a scenario, identify and avoid common cost traps (over-provisioning, uncontrolled data transfer).
- Use tagging/budgets/quotas to enforce cost governance and ownership (concept-level).
- Recognize the relationship between resilience choices (multi-region) and cost overhead (concept-level).
- Given a scenario, choose a design that meets SLOs with reasonable cost controls.
- Explain why performance tuning should not compromise recoverability and security.