O R A C L E C E R T I F I C A T I O N
1Z0-1084 Oracle Cloud Infrastructure Developer 2022 Professional Practice Exam
Exam Number: 4820 | Last updated April 19, 2026 | 700+ questions across 4 vendor-aligned objectives
The 1Z0-1084 Oracle Cloud Infrastructure Developer 2022 Professional exam is built for cloud-native developers, DevOps engineers, and application architects who build and operate applications on OCI. Candidates validate command of container-based workloads, serverless services, API Gateway, Events, Streaming, and the observability and CI/CD patterns that keep cloud-native applications healthy.
The heaviest content is Container and Serverless Development (roughly 35%), covering the Container Engine for Kubernetes, Container Registry, Oracle Functions, and Resource Manager for Terraform-driven infrastructure. API, Events, and Streaming contributes another 25% with API Gateway, OCI Events, OCI Streaming, and Notifications.
Identity, Security, and Observability sits near 20% and drills into instance principals, resource principals, OCI Vault, and the Monitoring, Logging, and Application Performance Monitoring stack. DevOps, CI/CD, and Integration rounds out the remaining weight with the OCI DevOps service, build and deployment pipelines, and integration with Autonomous Database and Object Storage.
Every answer links to the source. Each explanation below includes a hyperlink to the exact Oracle documentation page the question was derived from. PowerKram is the only practice platform with source-verified explanations. Learn about our methodology →
452
practice exam users
94.9%
satisfied users
92.7%
passed the exam
4.5/5
quality rating
Test your 1Z0 1084 OCI Developer Pro knowledge
10 of 700+ questions
Question #1 - Container and Serverless Development
A developer deploys a Python service to Oracle Functions. The service needs to read a file from Object Storage each time it is invoked. She wants the function to authenticate using the function’s own identity rather than hard-coded credentials.
Which OCI identity pattern supports credential-free authentication from a function?
A) Resource principals granting the function an identity usable by OCI APIs.
B) A shared tenancy username and password in environment variables.
C) An API key baked into the function source code.
D) No authentication; rely on public bucket access.
Show solution
Correct answers: A – Explanation:
Resource principals give Functions their own identity tied to dynamic groups, and IAM policies authorize this identity — removing the need for embedded credentials. Option C and Option B are credential risks. Option D exposes data. Source: Check Source
Question #2 - Container and Serverless Development
A DevOps engineer packages a Java microservice into a container and wants to deploy it to OCI’s managed Kubernetes service so that worker nodes, upgrades, and scaling are handled without running a self-managed control plane.
Which OCI service should she target?
A) A compute instance running Kubernetes manually.
B) Container Engine for Kubernetes (OKE) with managed node pools.
C) Bare metal with no orchestration.
D) Oracle Functions only.
Show solution
Correct answers: B – Explanation:
OKE provides a managed Kubernetes control plane and managed node pools, which is exactly the described requirement. Option A is self-managed. Option D is serverless, not container orchestration. Option C lacks Kubernetes entirely. Source: Check Source
Question #3 - API, Events, and Streaming
An architect wants to publish a REST API fronting three backend microservices, with API-key authentication, rate limiting, and request transformation at the edge.
Which OCI service provides this API frontend with policies?
A) A load balancer alone without policies.
B) A static web server.
C) API Gateway with deployments that enforce authentication, rate limiting, and transformations.
D) A compute instance running Nginx without OCI integration.
Show solution
Correct answers: C – Explanation:
API Gateway is purpose-built for fronting APIs with authentication, rate limiting, and request/response transforms — the native answer. Option A lacks policy features. Option D is unmanaged. Option B is not an API gateway. Source: Check Source
Question #4 - API, Events, and Streaming
An architect wants an event-driven pipeline: a file arriving in Object Storage triggers a function that processes the file and emits a message to a downstream consumer.
Which OCI services chain together to deliver this pattern?
A) A manual file drop and phone call.
B) A polling script on a compute instance that checks the bucket every minute.
C) A scheduled BI Publisher report that looks for new files.
D) OCI Events to detect the Object Storage event, invoke a Function, and publish to Streaming or Notifications for downstream consumption.
Show solution
Correct answers: D – Explanation:
OCI Events subscribes to Object Storage events, triggers Functions, and downstream the Function publishes to Streaming/Notifications — the canonical event-driven chain. Option B is polling. Option C is reporting. Option A is manual. Source: Check Source
Question #5 - Container and Serverless Development
A developer pushes Docker images to OCI Container Registry and wants the images scanned for known vulnerabilities before they are deployed to OKE.
Which OCI Container Registry feature supports vulnerability scanning?
A) Image scanning integration with Vulnerability Scanning service for images in the registry.
B) No scanning — trust the developer.
C) Manual review of Dockerfiles in source control.
D) A static quarterly audit by a consultant.
Show solution
Correct answers: A – Explanation:
OCI Container Registry integrates with the Vulnerability Scanning service to analyze pushed images, aligning with the described pre-deployment check. Option C only looks at the source file. Option D is lagging. Option B is insecure. Source: Check Source
Question #6 - Identity, Security, and Observability
A developer’s application stores secret API keys for third-party services. She wants the keys encrypted at rest, rotated periodically, and fetched by the application using the application’s identity.
Which OCI service supports secret storage, rotation, and identity-based access?
A) A plain-text config file in a private bucket.
B) OCI Vault with secrets and IAM policies granting access by dynamic group.
C) Environment variables on the compute instance.
D) Hard-coded secrets in the application binary.
Show solution
Correct answers: B – Explanation:
OCI Vault stores secrets encrypted, supports rotation, and access is controlled through IAM policies tied to dynamic groups — the full requirement. Option C, Option A, and Option D are all credential anti-patterns. Source: Check Source
Question #7 - Identity, Security, and Observability
A platform engineer wants application latency, error rates, and distributed traces across a microservice deployment, with a single pane for debugging a slow transaction.
Which OCI service set delivers this observability?
A) No observability — react when customers complain.
B) SSH into each server and run top.
C) Application Performance Monitoring (APM) for traces, Monitoring for metrics, and Logging for logs.
D) Manual print statements reviewed in a text editor.
Show solution
Correct answers: C – Explanation:
APM plus Monitoring plus Logging is the OCI-native observability stack for traces, metrics, and logs respectively. Option D is primitive. Option B does not scale. Option A is reactive. Source: Check Source
Question #8 - DevOps, CI/CD, and Integration
A release engineer wants a CI/CD pipeline in OCI where a Git push triggers a build, the build pushes a container image to registry, and a blue-green deploy sends the image to OKE with automatic rollback on failure.
Which OCI service delivers this end-to-end pipeline?
A) Manual build on a laptop and kubectl apply.
B) A BI Publisher report of build status.
C) A cron job on a compute instance.
D) OCI DevOps service with build and deployment pipelines, including deployment strategies and rollback.
Show solution
Correct answers: D – Explanation:
OCI DevOps provides source-triggered build pipelines, registry integration, deployment pipelines with blue-green/canary strategies, and rollback — the designed end-to-end answer. Options A, B, and C lack the integrated pipeline. Source: Check Source
Question #9 - API, Events, and Streaming
A data engineer needs a durable, high-throughput stream to ingest 30,000 events per second from IoT devices, with multiple consumer groups processing independently at their own pace.
Which OCI service supports high-throughput, durable event ingestion with multiple consumer groups?
A) OCI Streaming with multiple consumer groups.
B) Notifications-only; skip streaming.
C) Object Storage polled by a cron job.
D) A relational database with triggers.
Show solution
Correct answers: A – Explanation:
OCI Streaming is Kafka-compatible and supports high-throughput durable streams with multiple independent consumer groups. Option C is polling. Option D is the wrong tool. Option B is for short messages, not streams. Source: Check Source
Question #10 - DevOps, CI/CD, and Integration
An infrastructure engineer wants repeatable, version-controlled infrastructure provisioning on OCI using Terraform, with state managed by OCI rather than a local file.
Which OCI service manages Terraform state and drives provisioning?
A) Ansible with no state management.
B) Manual clicks in the Console.
C) Resource Manager with stacks and managed Terraform state.
D) A local Terraform state file committed to Git.
Show solution
Correct answers: C – Explanation:
Resource Manager runs Terraform, stores state in OCI, and exposes stacks that support repeatable provisioning — the managed answer. Option B is unrepeatable. Option D is not OCI-managed state. Option A is a different tool. Source: Check Source
Get 700+ more questions with source-linked explanations
Every answer traces to the exact Oracle documentation page — so you learn from the source, not just memorize answers.
Exam mode & learn mode · Score by objective · Updated April 19, 2026
Learn more...
What the 1Z0 1084 OCI Developer Pro exam measures
- Container and serverless development (35%) — build and deploy workloads on the Container Engine for Kubernetes, Container Registry, Oracle Functions, and Resource Manager.
- API, events, and streaming (25%) — design API Gateway deployments, author OCI Events rules, stream data with OCI Streaming, and wire notifications.
- Identity, security, and observability (20%) — apply instance and resource principals, store secrets in OCI Vault, and instrument workloads with Monitoring, Logging, and Application Performance Monitoring.
- DevOps, CI/CD, and integration (20%) — build pipelines with the OCI DevOps service and integrate applications with Autonomous Database and Object Storage.
How to prepare for this exam
- Review the official 1Z0-1084 exam page and align your plan to the current objectives.
- Complete the Oracle University OCI Developer Professional learning path on MyLearn.
- In an OCI always-free tenancy, build an Oracle Functions handler triggered by an OCI Events rule from Object Storage, store a secret in Vault, and ship the pipeline with OCI DevOps.
- Apply the skills on real work: deploy a microservice to OKE, add API Gateway fronting, or publish a canary release with a rollback stage.
- Master one objective at a time, starting with container and serverless development since it carries the most weight.
- Run PowerKram learn mode to see feedback after every question with sourced links back to Oracle documentation.
- Finish with PowerKram exam mode across all objectives until you pass three back-to-back full-length attempts.
Career paths and salary outlook
OCI Developer Professional skills support cloud-native engineering careers:
- Cloud Application Developer (OCI) — $115,000–$160,000 (Glassdoor).
- DevOps Engineer — $120,000–$170,000 (Levels.fyi).
- Cloud-Native Architect — $135,000–$190,000 (PayScale).
Official resources
Work through the OCI Developer Professional Learning Path on Oracle MyLearn. Reinforce with the Oracle Cloud Infrastructure documentation and the OCI DevOps service documentation.