OCI 1Z0-1084-25 Sample Questions with Explanations

These original sample questions are designed to help you check how the exam topics appear in decision-style prompts. They are not taken from the live exam.

Use these sample questions as a guided self-assessment for OCI Developer Professional (1Z0-1084-25) topics such as API Gateway, Functions, Events, Notifications, Streaming, authentication choices, resource principals, retry safety, and idempotent service design. The prompts focus on service-boundary decisions and safe application behavior on OCI.

Where these questions fit in the 1Z0-1084-25 guide

The sample set below is part of the Oracle OCI 1Z0-1084-25 guide path:

• Oracle certification hub
• OCI guides
• 1Z0-1084-25 exam guide
• 1Z0-1084-25 cheat sheet
• 1Z0-1084-25 study plan
• 1Z0-1084-25 FAQ
• 1Z0-1084-25 resources
• 1Z0-1084-25 glossary

1Z0-1084-25 OCI Developer sample questions

Work through each prompt before opening the explanation. Developer questions usually reward classifying the interaction first: synchronous API, event trigger, stream processing, workflow coordination, authentication, or retry behavior.

---

Question 1

Topic: Synchronous API exposure

A team needs to expose an HTTPS endpoint for a small stateless backend. Callers must receive an immediate response, and the team wants a managed front door with routing and authentication controls before the backend executes. Which OCI design is strongest?

• A. Write files to Object Storage and ask clients to poll the bucket for responses.
• B. Use API Gateway in front of the backend or Function, with the gateway handling the public API boundary and routing.
• C. Use Events only, because every HTTPS request should be converted into an asynchronous event.
• D. Give clients direct SSH access to the compute instance running the backend.

Best answer: B

Explanation: The requirement is a synchronous HTTPS API with a managed entry point. API Gateway is the natural front door for routing, authentication integration, and invoking a backend such as a Function or service.

Why the other choices are weaker:

• A turns a request-response API into an awkward polling workflow.
• C over-applies eventing when callers need an immediate response.
• D exposes infrastructure access instead of an API boundary.

What this tests: API Gateway, synchronous interaction design, backend invocation, and public API boundaries.

Related topics: API Gateway; Functions; HTTPS APIs; Authentication; Service boundaries

---

Question 2

Topic: Event-driven processing

A storage bucket receives uploaded files. Each upload should trigger lightweight validation logic and then notify downstream teams if the file is accepted. The uploader does not need to wait for validation to finish. Which design best fits?

• A. Require uploaders to call every downstream team manually after uploading.
• B. Put the validator inside the client application so every client implements the same logic.
• C. Use an event-driven flow that routes the bucket event to validation logic, then sends a notification or follow-on message after the result.
• D. Use a public load balancer only, because load balancers handle all asynchronous processing.

Best answer: C

Explanation: The upload is an asynchronous trigger. A strong design routes the object-created event to validation code and then sends a notification or downstream message based on the result, keeping clients decoupled from back-end workflow steps.

Why the other choices are weaker:

• A is manual and unreliable.
• B duplicates validation logic across clients and weakens consistency.
• D confuses traffic distribution with event processing.

What this tests: Events, Functions, Notifications, asynchronous processing, and decoupled workflow design.

Related topics: Events; Functions; Notifications; Object Storage; Async flow

---

Question 3

Topic: Runtime authentication

Code running on OCI compute needs to call OCI APIs. The security team wants to avoid embedding user API keys in application configuration. Which approach is strongest?

• A. Use instance principals or another OCI-supported runtime identity with IAM policy scoped to the required actions.
• B. Store a developer API key in an environment variable and copy it to every instance.
• C. Make the target resources public so the application does not need identity.
• D. Put a tenancy administrator password in a configuration file and restrict file permissions.

Best answer: A

Explanation: Runtime identity should avoid long-lived user credentials when OCI can provide service or instance identity. Instance principals let compute workloads authenticate as resources, and IAM policy controls what they can do.

Why the other choices are weaker:

• B creates key distribution and rotation risk.
• C removes authorization instead of solving authentication.
• D stores a powerful credential in application configuration.

What this tests: Instance principals, IAM policy scope, runtime identity, and avoiding embedded secrets.

Related topics: Instance principals; IAM; API calls; Runtime auth; Least privilege

---

Question 4

Topic: Safe retries

A Function writes a billing adjustment when it receives an event. The event source can retry delivery after a timeout, and duplicate adjustments would be costly. What should the developer add?

• A. A larger memory allocation only.
• B. A longer function name so duplicate events are easier to see.
• C. A public endpoint that allows users to delete duplicates manually.
• D. Idempotency logic such as a unique event or request key that prevents the same adjustment from being applied twice.

Best answer: D

Explanation: Retryable and event-driven systems must assume duplicate delivery can happen. Idempotency protects the side effect by recording or checking a unique key before applying the adjustment.

Why the other choices are weaker:

• A may affect runtime capacity but does not prevent duplicate side effects.
• B improves nothing about execution safety.
• C creates a manual cleanup path after damage occurs instead of preventing duplicates.

What this tests: Idempotency, retry behavior, duplicate event handling, and safe side-effect design.

Related topics: Idempotency; Functions; Events; Retries; Reliability

Independent study note

Tech Exam Lexicon and IT Mastery are independent study tools. They are not affiliated with, endorsed by, or sponsored by Oracle or any certification body.