IAM

(Answer all questions in this section)

1. Which statement is true about OCI Identity and Access Management (IAM)?
(1) Points
It enables only authentication for the tenancy.
It is used to control access to resources.

It enables only authorization for the tenancy.

It enables bring-your-own-devices.

Answer : It is used to control access to resources.

IAM
(Answer all questions in this section)
2. Which is NOT a valid method for authenticating a Principal in OCI Identity and Access
Management (IAM) service?
(1) Points
API Signing Key
OCI Vault Master Encryption Keys
Auth Tokens
Console user name, Password
Answer : OCI Vault Master Encryption Keys

IAM
(Answer all questions in this section)
3. Which is NOT a valid statement regarding OCI Compartments?
(1) Points
Resources can interact with other resources in different compartments.
You can give group of users access to compartments by writing policies.
Each resource belongs to a single compartment.
Compartments are restricted to a single region.
Answer : Compartments are restricted to a single region

IAM
(Answer all questions in this section)
4. How is a resource in OCI identified?
(1) Points
Tenancy ID
OCID
Username
Compartment Name

Answer : OCID
IAM
(Answer all questions in this section)
5. Which feature of OCI Identity and Access Management (IAM) service
specifies authorization for various actions for authenticated Principals?
(1) Points
Group
Role
Policy (*)
Compartment
 Correct. IAM Policies are used to specify authorization.

Networking
(Answer all questions in this section)
1. Which virtual cloud network (VCN) component enables both inbound
and outbound traffic
between a VCN and the internet?
(1) Points
Dynamic Routing Gateway
Service Gateway
NAT Gateway
Internet Gateway (*)
 Correct. An internet gateway allows both inbound and outbound traffic.

2. Which statement is true about a virtual cloud network (VCN)?

(1) Points
Each subnet in a VCN can exist in a single availability domain or across an
entire region. (*)
A VCN can only have one public subnet and more than one private
subnet.
A VCN can only have one public subnet and only one private subnet.
A VCN can be used with only one instance.
 Incorrect. You can designate a subnet to exist either in a single availability domain or across
an entire region

3. Which virtual cloud network (VCN) component blocks inbound traffic, but enables
outbound traffic to the internet?
(1) Points
NAT Gateway
Internet Gateway
Dynamic Routing Gateway
Service Gateway
Answer : NAT Gateway
4. Which statements are true about the Oracle Cloud Infrastructure (OCI) Load Balancing
service?
(1) Points
It works with public IP addresses only.
It distributes traffic to different backend servers in a virtual cloud network (VCN).
It can span across OCI regions.
It supports TCP and HTTP protocols only.
Answer :
The Load Balancing service provides automated traffic distribution from one entry point to
multiple servers reachable from your VCN.
5. Which components are created by default with the creation of a virtual
cloud network (VCN)? (Choose three)
(Choose all correct answers)
(1) Points
Default set of DHCP options, with default values
Default security list, with default security rules
Dynamic Routing Gateway
Default route table, with no route rules
Local Peering Gateway
Answer :
Each VCN comes with a default set of route tables, security lists and DHCP options with
initial values that you can change.

Test: Skill Check: Compute

Answer the question(s) on this page. Then click Submit Answers to view feedback.

Compute
(Answer all questions in this section)
1. You have a web application that receives 10X more traffic on the weekends than
weekdays. You need to automatically match capacity to demand, keep the application always
up and running, and save cost.
Which OCI compute feature can be used to meet these requirements?
(1) Points
Parallel Scaling
Manual Scaling
Vertical Scaling
Autoscaling

Answer : AutoScalling

Compute
(Answer all questions in this section)
2. Which statement is true about OCI Compute Service?
(1) Points
It doesn’t support Windows workloads.
It provides options to create Bare Metal or a Virtual Machine instance.
It provides a single size for different types of workloads.
It is used only for running databases.

Answer : It provides options to create Bare Metal or a Virtual Machine instance

Compute
(Answer all questions in this section)
3. Which is a feature of the OCI OS Management Service?
(1) Points
Disk Encryption
Cost Management
Automated Patch Management
Autoscaling
Answer : Automated Patch Management

Compute
(Answer all questions in this section)
4. Which parameter is NOT modifiable?
(1) Points
Amount of Memory
Number of OCPUs
Primary Private IP address
Fault Domain

Anser : Primary Privite IP address

Compute
(Answer all questions in this section)
5. Which is NOT a valid compute shape option within the OCI compute service?
(1) Points
Container Instance
Virtual Machine
Bare Metal
Dedicated Virtual Machine Host
Answer : Container Instance

Storage

1. Which statement is true about the OCI Block storage service?

(1) Points
It is not durable
It stores data in variable sized blocks.
It is only supported for Linux instances.
It can be attached to a compute instance.

Answer : Correct. In order to provision a volume to an instance, you need to attach it to the
instance.

Storage
(Answer all questions in this section)
2. You want to store the backup of a database in cloud storage for an
extended period of time.
Which type of storage should you configure for these files?

(1) Points
Archive Storage (*)
Block Volume
Object Storage
File Storage
Correct. The Archive Storage service is ideal for storing data that is seldom accessed, but
requires long retention periods.

Storage
(Answer all questions in this section)
3. Which statement is true about OCI File Storage?
(1) Points
It is supported by Windows operating system only.
It is a local file system for a compute instance.
It is supported by Linux operating systems only.
It organizes files in a hierarchy of named directories. (*)
Answer : It organizes files in a hierarchy of named directories. 

Storage
(Answer all questions in this section)
4. You store multiple versions of objects in a bucket, but your IT team has
asked you to delete any previous object versions 120 days after the
object version transitions from the latest version to a previous version.

Which OCI Object Storage feature can be used for this purpose?

(1) Points
Object Lifecycle Management (*)
Retention Rules
Multipart Uploads
Pre-Authenticated Requests
Correct. Object Lifecycle management manages object storage versioning.

5. Which storage option is NOT available in OCI?

(1) Points
Object Storage
File Storage
Archive Storage
NetApp Cloud Volume
Answer : NetApp Cloud Volume

Database
(Answer all questions in this section)
1. Which types of DB Systems is NOT available in OCI?
(1) Points
VM DB System
ATP DB System
Bare Metal DB Systems
Exadata DB System
Answer :  Correct. ATP is a workload type on the Autonomous Database and not a DB
system

Database
(Answer all questions in this section)
2. Which task is NOT performed by default by an Autonomous Database?
(1) Points
Firmware Patching
Data Loading
Backups
Database Upgrades
Answer : Data Loading

Database
(Answer all questions in this section)
3. Which database edition would you use to launch a two-node Oracle RAC DB System?
(1) Points
Database Enterprise Edition High Performance
Database Standard Edition
Oracle Enterprise Edition - Extreme Performance.
Database Enterprise Edition

Answer : Oracle Enterprise Edition - Extreme Performance

Database
(Answer all questions in this section)
4. Which infrastructure option is available for creating and managing an
Autonomous Database?
(1) Points
Bare Metal Infrastructure
Exadata Cloud@Customer
Dedicated Infrastructure
VM DB System

Answer : Dedicated Infrastructure

5. Which fully managed database would you use to achieve a single-digit millisecond latency
with high performance workloads?
(1) Points
DB System
NoSQL
Autonomous
MySQL
Answer : NO SQL

Security
(Answer all questions in this section)
1. Which statement is true about Security Zones?
(1) Points
Data in a security zone can be copied to another standard compartment.
They are associated with a compartment.
Existing resources cannot be moved to a security zone.
They are associated with an availability domain.
Answer :  Correct. A security zone is associated with a compartment and a security zone
recipe.

2. You want to centrally manage the encryption keys and secret credentials that protect your
data.
What should you use to achieve this?

(1) Points
Cloud Guard
Data Safe
Encryption Wallet
Vault
Answer :  Correct. Oracle Cloud Infrastructure Vault is a managed service that lets you
centrally manage the encryption keys that protect your data and the secret credentials that you
use to securely access resources

3. Which key encryption algorithm is NOT supported by the OCI Vault

service?
(1) Points
Elliptic curve digital signature algorithm (ECDSA)
Rivest-Shamir-Adleman (RSA)
Advanced Encryption Standard (AES)
JSON Web Algorithm (JWA)
Answer :  Correct. JWA is not a supported algorithm for OCI Vault service.

4. You want to add another step of user verification along with password authentication.
What should you use to achieve this?

(1) Points
Identity and Access Management
Multi-factor Authentication
Identity Federation
Identity Provider
Answer :  Correct. Multi-factor authentication is a method of authentication that requires the
use of more than one factor to verify a user’s identity.

5. Your IT team has created a web-based marketing site that needs to be protected against
internet threats including Cross-Site Scripting (XSS) and SQL Injection.

Which OCI security service should they use?

(1) Points

Application Firewall
Vulnerability Scanning
Vault
Bastion
Answer : 5. Your IT team has created a web-based marketing site that needs to be protected
against internet threats including Cross-Site Scripting (XSS) and SQL Injection.

Which OCI security service should they use?

(1) Points
Web Application Firewall
Vulnerability Scanning
Vault
Bastion

App Dev

1. Which statement is valid for OCI Container Registry (OCIR)?

(1) Points
You can create only public Docker repositories in OCIR.
A single registry can contain both private and public Docker repositories.
A single registry can only contain either private or public Docker repositories
You can create only private Docker repositories in OCIR.

Answer:  Correct. A single registry can contain both private and public Docker repositories.

2. Which OCI service leverages Terraform to enable Infrastructure-as-code?

(1) Points
Events
Resource Manager
Oracle Functions
Compute
Answer : Correct. Using Terraform, Resource Manager helps you install, configure, and
manage resources through the "infrastructure-as-code" model.

3. Which OCI service lets you to run code without provisioning any underlying infrastructure
such as virtual machines?
(1) Points
Oracle Functions
Oracle Container Engine for Kubernetes
Storage Gateway
API Gateway

Answer:  Correct. The serverless and elastic architecture of Oracle Functions means there's
no infrastructure administration or software administration for you to perform.
4. A banking platform has been re-designed to a Microservices-based architecture using
Docker containers.
Which OCI service should be used for deployment of these new Microservices?

(1) Points
Events Service
API Gateway
Oracle Container Engine for Kubernetes
Streaming Service
 Correct. Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully-managed,
scalable, and highly available service that you can use to deploy your containerized
applications to the cloud.

5. Which is not a characteristic of the OCI API Gateway service?

(1) Points
It supports both Oracle and 3rd-party OAuth servers.
It is an Oracle-managed serverless service.
It appears as a network device on your Virtual Cloud Network.
It provides a deployment platform for your API implementations.
Answer :  Correct. You can access the API Gateway service to define API gateways and API
deployments using the Console and the REST API.

Observability and Management

1. Which services is NOT part of OCI Observability and Management services?

(1) Points
OCI Registry
Monitoring
Logging
Logging Analytics
Answer : Correct. Monitoring, Logging and Logging Analytics are a part of Observability
and Management Services.

2. Which statements is true with regard to the Oracle Cloud Infrastructure (OCI) Logging
service?
(1) Points
It can analyze critical diagnostic information that describes how resources are performing.
It can index, enrich, and aggregate log data from applications.
It enables you to analyze cloud resources using custom metrics
It enables you to monitor cloud resources using metrics and alarms.
Answer :
 Correct. The OCI Logging service can be used to enable,manage and search critical
diagnostic information that describes how resources are performing.

3. Which types of logs is NOT supported by the OCI Logging service?

(1) Points

Audit Logs
Custom Logs
Alert Logs
Answer : Alert Logs

4. Which OCI Monitoring service feature uses metrics for monitoring and consists of a
trigger action and notification method?
(1) Points
Namespace
Queries
Alarms
Triggers

Answer :
Alarms use metrics for monitoring and consists of a trigger action and notification method.

5. Which OCI service will send you an alert for high usage?
(1) Points
Monitoring
Logging
Events
Logging Analytics
Answer :
 Correct. The Oracle Cloud Infrastructure Monitoring service enables you to actively and
passively monitor your cloud resources using the Metrics and Alarms features.

Analytics and AI

1. Which statement correctly describe the OCI Accelerated Data Science SDK?
(1) Points
It is a PHP library that makes common tasks faster, easier, and less error prone.
It is an additional cost to the Data Science service.
It is a Python library that makes common tasks faster, easier, and less error prone.
It is a JavaScript library that makes common tasks faster, easier, and less error
prone.
Answer :  Correct. The Oracle Accelerated Data Science (ADS) SDK is a Python library that
is included as part of the OCI Data Science service.

2. Your client needs to move their Extract-Transform-Load (ETL) process to Oracle Cloud
Infrastructure (OCI). They want to take a no-code approach.

Which OCI service should you recommend?

(1) Points
Data Science
Data Catalog
Data Flow
Data Intergration

Answer : Correct. Data Integration enables the ETL developers to develop, build, and test
data integration solutions
3. Your organization consumes and analyzes data from a wide variety of sources. Many
departments are struggling with finding trusted data sources.

Which OCI service should you use to harvest the metadata and provide a central repository?

(1) Points
Data Flow
Autonomous Data Warehouse
Data Integration
Data Catalog

Answer : Correct. Data Catalog can harvest technical metadata from a wide range of
supported data sources that are accessible using public or private IPs.

4. Your organization has a Spark application that sometimes consumes a large amount of
compute resources. You need to run this on OCI.

Which OCI service can be used to meet this requirement?

(1) Points
Data Integration
Data Catalog
Data Flow
File Storage

Answer :  Correct. Data flow is used to easily create, share, run, and view the output of
Apache Spark applications.

5. Which is a capability of the OCI Data Catalog service?

(1) Points
It runs Spark jobs at scale.
It has an accelerated library to quickly build analytics models.
It is an alternative to Autonomous Data Warehouse.
It provides a repository of searchable metadata.

Answer : Correct. Find the information you need by exploring the data assets, browsing the
data catalog, or using the quick search bar.
Hybrid

1. Oracle Cloud VMware Solution uses what type of compute shapes?

(1) Points
Exadata
Bare Metal
Virtual Machine
Autonomous
Answer :  Correct. OCVS uses Bare Metal compute shape.
2. What is NOT a primary use case for the Oracle Cloud VMware Solution?
(1) Points
Cloud Migration
Hyper-V workloads
Disaster Recovery
Data Center Extension
Answer :
Oracle Cloud VMware solution is based on VMware ESXi and related technologies. It
doesn’t support Hyper-V.

Correct. Dedicated regions provide extremely low latency.

3. What is NOT a capability of an Oracle Dedicated Region

Cloud@Customer?
(1) Points
99.95% availability SLA
Self-contained cloud region
Pay-as-you-go Pricing Model
A VCN can only have one public subnet and more than one private
subnet.
High latency (*)
Correct. Dedicated regions provide extremely low latency.

4. Which Oracle offering lets a customer provision OCI services into their
own data centers in a self-contained model, achieving the same
architecture and billing as the OCI public cloud?
(1) Points
OCI Dedicated Region (*)
OCI Customer Region
OCI Private Region
Oracle Cloud VMware Solution
 Correct. Dedicated regions are public regions assigned to a single organization.

Governance and Administration

1. Which types of traffic is charged under the data transfer cost?

(1) Points
Egress is charged to and from the internet
Ingress and Egress both are charged to and from the internet
Ingress is charged between two availability zones
Ingress and egress are charged between instances in different availability zones
Answer : Correct. Ingress is free while egress rates are based on geography.
Correct. Ingress is free while egress rates are based on geography.

2. Which is a factor that impact OCI pricing?

(1) Points
OCI Region
Availability Domain
Resource Type
Fault Domain
Answer :  Correct. Pricing depends on types of resources used.

 Correct. Pricing depends on types of resources used.

3. Which Pricing model is supported by OCI?
(1) Points
Weekly Universal Credit
Daily Universal Credits
License Included
Pay As You Go
Answer : Oracle offers these billing models: Pay as you go, monthly universal credits, annual
universal credits, and BYOL.

4. Which is a valid target for setting OCI budgets?

(1) Points
Availability Domain
Compartment
Region
Tenancy
Answer : Budgets are set on cost-tracking tags or on compartments
SLA

Test: Skill Check: SLA and Support

1. You are facing an issue with the DB system in your tenancy and you want to raise a service
request with Oracle Support.

As a customer, which information is not required to log a service request?

(1) Points
Customer Support Identifier
Resource OCID
DB System IP
Tenancy OCID
Answer : To log a service request, you need the customer support identifier, tenancy OCID,
and Resource OCID.
2. Which type of SLA is not offered by the OCI Compute service?
(1) Points
Data Plane
Application Plane
Performance
Control Plane
Answer :  Application Plane .Oracle offers end-to-end SLAs covering performance,
availability, and manageability of services.

3. Which of the following is not covered in OCI SLAs?

(1) Points
Reliability (*)
Performance
Availability
Manageability
 Correct. Mission-critical workloads also require consistent performance, and the ability to
manage, monitor, and modify resources running in the cloud at any time. Only Oracle offers
end-to-end SLAs covering performance, availability, and manageability of services.

4. Which statement correctly describe OCI Service Level Agreements?

(1) Points
Defined as a number of nines for a month and a percentage credit. (*)
Defined as a number of nines for a quarter and a percentage credit.
Defined as a number of nines for a week and a percentage credit.
Defined as a number of nines for a year and a percentage credit.
 Correct. OCI SLA is defined as a number of nines for a month and a percentage credit.

5. Which type of OCI account allows opening a support ticket?

(1) Points
Demo Accounts
Paid Account
Always Free Account
30 Day Free Trial
Answer : Paid Account
Documentations
Sample Questions

Compartment are logically separate and compartment can have sub compartments up to
6levels deep.
A,b,D we can change but we need downtime to move another rack
In Vertical scaling when u edit an instance instance get instanted in another default defaut
domain so fault domain can change

Online resizing mean no down time.Always increase and cannot decreae size

Peering has nothing to do with VPN

Overlaping side : Prerquiest for peering VCN not to overlap
We can do peering in Same or different OCI regions

A&E for monitoring and alaram services.

B is Log Analytics

Answer : DataFlow is our managed apache spark service

Practise Test :
10TB is free after that you have to pay
Manage Cost : To Manager cost we have 3 services Budgets,Usage Reports and
Compartment Quota.

Answer : Policy
Answer : Allow Group

Answer : OCT Dedicated Region

Answer : Container Instance

Answer : resource Manager (Teraaform or IAC)

Answer : A single registry can conatin both Priviate or Public but not both at the same time.
So it is D.

Answer : NAT Gateway

NAT Gateway used to connect instance with in OCI in only one directions.
Horizontal Scaling: we can add more resources when usage is more and reduce when less
usage (Sclae In/Out)

Vertical Scaling: With in single machine decrease/ increase

Auto Sclaing : HS & VS as per demand .based on threshold touch

OS Management Service : Automation Patches,LINUX distributions.

VCN Intro
VCN Routing : one machine to another defended by route table with in VCN.
VCN Security : rules to VNC’s
Security List :
Group :

Load Balancer:

To distribute the data to the backend servers.

Layer 7,Layer balancers

DRG : Dynamic Routing Gateway : Site-to-Site, Fast connect

2 type of connect in OCI;
Internet based connect /VPN software required DRG, physical connection : FAST
CONNECTIONS
On Prem : connection between 2 VCN

BI Directionally : Internet Gateway

NAT Gateway = One Directions(Privite Subnet)
Service Gateway = Public service

Storage : Block Volume(Hard Disk),SSD, File Share

Block Volume : Store/Delete

File Storage : Hierarchal collections of documents

Migration Service : Upload data in HD and sent to oracle and they will upload into Oracle
Standard Storage Tier: Access data frequently

Infrequent :Minimum 30 days less cost than SS,

Archieve : Cannot be upgraded.

Basic Tier
Balance Tier
Higher Tier
Ultra Higher Tier

Left to Righ cost is higher

ATP :
ADW:
AJD :
Blogs
OCI Exam Question & Answers | OCI Foundations 2021 | Oracle Cloud Infrastructure
Foundations 2020 Associate Dumps Set 6 (dwhlaureate.blogspot.com)