Oracle: Question & Answers

Oracle
1Z0-997
Oracle Cloud Infrastructure 2019 Architect
Professional
QUESTION & ANSWERS
https://www.certsexpert.com/
Question #:1
A retail company runs their online shopping platform entirely on Oracle cloud Infrastructure (OCI). This is a
3-tier web application that Includes a Mbps Load Balancer. Virtual Machine Instances for web and an Oracle
DB Systems Virtual Machine Due to unprecedented growth, they noticed an Increase in the Incoming traffic to
their website and all users start getting 503 (Service Unavailable) errors.
What is the potential problem in this scenario?
A. The Load Balancer health check status Indicates critical situation for half of the backend webservers
B. All the web servers are too busy and not able to answer any request from users.
C. The Database Is down hence users can not access the web site
D. The Traffic Management Policy is not set to load Balancer the traffic to the web servers.
E. You did not configure a Service Gateway to allow connection between web servers and load Balance
Answer: B
Explanation
A 503 Service Unavailable Error is an HTTP response status code indicating that a server is temporarily
unable to handle the request. This may be due to the server being overloaded or down for maintenance.
Question #:2
ok 1 2 3
A large financial services company has used 2 types of Oracle DB Systems. In Oracle Cloud Infrastructure
(OCI) to store user data. One is running on a VM.Standard2.8 shape and the other on a VM.Standard 2.4
shape.
As business grows, data is growing rapidly on both the databases and performance is also degrading. The
company wants to address this problem with a viable and economical solution.
As the solution architect for that company you have suggested that they move their databases to Autonomous
Transaction Processing Serverless (ATP-S) database.
Which two factors should you consider before you arrived at that recommendation?
A. You verified that ATP S supports the database features and options currently being used by the 2
databases.
B. Validate that ATP-S will support the storage and processing requirements for the 2 databases over the
life cycle of the business applications.
C. Confirm that ATP-S allows customers to compress tablespaces to reduce storage costs
D. Upon provisioning, ATP-S automatically scales up CPU to meet the application's processing
requirements.
Answer: A B
Explanation
Not all features present in Oracle Database Enterprise Edition are available in ATP, and some some Oracle
Database features are restricted, for example, database features designed for administration are not available.
so you need to validate it first, You can find a complete list of the features that are not supported,
https://docs.oracle.com/en/cloud/paas/atp-cloud/atpug/experienced-database-users.html#GUID-58EE6599-6DB4-4F
Also, you must specify the initial storage required for your database but ADB is elastic, so it is possible to
grow or shrink your database as needed.
Question #:3
You are trying to delete a compartment. The delete operation is falling and you need to troubleshoot the
problem.
Which step should NOT be considered when troubleshooting this issue?
A. Verify that there are no policies In the root compartment that reference the compartment you are trying
to delete.
B. Verify that you have removed all resources from the compartment.
C. Make sure you have at least one more compartment in your tenancy other than the root compartment.
D. Search for resources in the compartment for each region that your tenancy is subscribed to.
Answer: A puede ser C ..... no esta en documento 1
Question #:4
A global retailer has decided to re-design its e-commerce platform to have a micro-services architecture. They
would like to decouple application architecture into smaller, independent services using Oracle Cloud
Infrastructure (OCI). They have decided to use both containers and servers technologies to run these
application instances.
Which option should you recommend to build this new platform?
A. Install a kubernetes cluster on OCI and use OCI event service.
B. Use Oracle Container Engine for kubernetes, OCI Registry and OCI Functions.
C. Use OCI Resource Manager to automate compute Instances provisioning and use OCI Streaming
service.
D. Use OCI functions, OCI object storage and OCI event service.
Answer: B
Explanation
Oracle Functions is a fully managed, multi-tenant, highly scalable, on-demand, Functions-as-a-Service
platform. It is built on enterprise-grade Oracle Cloud Infrastructure and powered by the Fn Project open source
engine. Use Oracle Functions (sometimes abbreviated to just Functions) when you want to focus on writing
code to meet business needs.
Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully-managed, scalable, and highly
available service that you can use to deploy your containerized applications to the cloud. Use Container
Engine for Kubernetes (sometimes abbreviated to just OKE) when your development team wants to reliably
build, deploy, and manage cloud-native applications. You specify the compute resources that your applications
require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing
OCI tenancy.
Question #:5
You are a solutions architect for a global health care company which has numerous data centers around the
globe. Due to the ever growing data that your company is storing, you were Instructed to set up a durable, cost
effective solution to archive you data from your existing on-premises tape based backup Infrastructure to
Oracle Cloud Infrastructure (OCI).
What is the most-effective mechanism to Implement this requirement?
A. Use the File Storage Service in OCI and copy the data from your existing tape based backup to the
shared file system
B. Setup an on premises OCI Storage Gateway which will back up your data to OCI Object Storage
Archive tier.(Correct)
C. Setup an on premises OCI Storage Gateway which will back up your data to OCI object Storage
Standard tier. Use Object Storage life cycle policy management to move any data older than 30 days
from Standard to Archive tier.
D. Setup an on-promises OCI Storage Gateway which will back up your data to OCI Object Storage
Standard
E. Setup fastConnect to connect your on premises network to your OCI VCN and use rsync tool to copy
your data to OCI Object Storage Archive tier.
Answer: B
Explanation
Oracle Cloud Infrastructure offers two distinct storage tiers for you to store your unstructured data. Use the
Object Storage Standard tier for data to which you need fast, immediate, and frequent access. Use the Archive
Storage service's Archive tier for data that you access infrequently, but which must be preserved for long
periods of time. Both storage tiers use the same manageable resources (for example, objects and buckets). The
difference is that when you upload a file to Archive Storage, the object is immediately archived. Before you
can access an archived object, you must first restore the object to the Standard tier.
you can use Storage Gateway to move files to Oracle Cloud Infrastructure Archive Storage as a cost effective
backup solution. You can move individual files and compressed or uncompressed ZIP or TAR
archives. Storing secondary copies of data is an ideal use case for Storage Gateway.
Question #:6
Your organization is planning on using Oracle Cloud Infrastructure (OCI) File Storage Service (FSS). You
will be deploying multiple compute instance in Oracle Cloud Infrastructure (OCI) and mounting the file
system to these compute instances. The file system will hold payment data processed by a Database instance
and utilized by compute instances to create a overall inventory report. You need to restrict access to this data
for specific compute instances and must be allowed/blocked per compute instance's CIDR block.
Which option can you use to secure access?
A. Use stateless Security List rule to restrict access from known IP addresses only.
B. Create a new VCN security list, choose SOURCE TYPE as Service and SOURCE SERVICE as FSS.
Add stateless ingress and egress rules for specific P address and CIDR blocks.
C. Use 'Export option' feature of FSS to restrict access to the mounted file systems.
D. Create and configure OCI Web Application Firewall service with built in DNS based intelligent routing.
Answer: C
Explanation
Explanation
NFS export options enable you to create more granular access control than is possible using just security list
rules to limit VCN access. You can use NFS export options to specify access levels for IP addresses or CIDR
blocks connecting to file systems through exports in a mount target. Access can be restricted so that each
client’s file system is inaccessible and invisible to the other, providing better security controls
in multi-tenant environments.
Using NFS export option access controls, you can limit clients' ability to connect to the file system and view or
write data. For example, if you want to allow clients to consume but not update resources in your file system,
you can set access to Read Only. You can also reduce client root access to your file systems and map specified
User IDs (UIDs) and Group IDs (GIDs) to an anonymous UID/GID of your choice. For more information
about how NFS export options work with other security layers
Question #:7
You are building a highly available and fault tolerant web application deployment for your company. Similar
application delayed by competitors experienced web site attack including DDoS which resulted in web server
failing.
You have decided to use Oracle Web Application Firewall (WAF) to implement an architecture which will
provide protection against such attacks and ensure additional configuration will you need to implement to
make sure WAF is protecting my web application 24×7.
Which additional configuration will you need to Implement to make sure WAF Is protecting my web
application 24×7?
A. Configure auto scaling policy and it to WAF instance.
B. Configure Control Rules to send traffic to multiple web servers
C. Configure multiple origin servers
D. Configure new rules based on now vulnerabilities and mitigations
Answer: C
Explanation
Origin Management
An origin is an endpoint (typically an IP address) of the application protected by the WAF. An origin can be
an Oracle Cloud Infrastructure load balancer public IP address. A load balancer IP address can be used for
high availability to an origin. Multiple origins can be defined, but only a single origin can be active for a
WAF. You can set HTTP headers for outbound traffic from the WAF to the origin server. These name value
pairs are then available to the application.
Oracle Cloud Infrastructure Web Application Firewall (WAF) is a cloud-based, Payment Card Industry (PCI)
compliant, global security service that protects applications from malicious and unwanted internet traffic.
WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's
applications. WAF provides you with the ability to create and manage rules for internet threats including
Cross-Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can be
mitigated while tactically allowed desirable bots to enter. Access rules can limit based on geography or the
signature of the request.
Distributed Denial of Service (DDoS)
A DDoS attack is an often intentional attack that consumes an entity’s resources, usually using a large number
of distributed sources. DDoS can be categorized into either Layer 7 or Layer 3/4 (L3/4)
A layer 7 DDoS attack is a DDoS attack that sends HTTP/S traffic to consume resources and hamper a
website’s ability to delivery content or to harm the owner of the site. The Web Application Firewall (WAF)
service can protect layer 7 HTTP-based resources from layer 7 DDoS and other web application attack vectors.
Question #:8
A digital marketing company is planning to host a website on Oracle Cloud Infrastructure (OCI) and leverage
OCI Container Engine for Kubernetes (OKE). The web server will make API calls to access OCI Object
Storage to store all images uploaded by users.
For security purposes, your manager instructed you to ensure that the credentials used by the web server to
allow access not stored locally on the compute instance.
What solution results in an Implementation with the least effort for this scenario?
A. Configure the credentials using Instance Principal to allow the web server to make API calls to OCl
Object Storage
B. Configure the credentials using OCI Registry (OC1R) which will automatically connect with OKE
allowing the web server to make API calls to OCI Object Storage.
C. Configure the credentials to use Transparent Data Encryption (TDE) which will automatically allow the
web server to make API calls to OCl Object Storage.
D. Configure the credentials using OCI Key Management to allow an instance to make API calls and grant
D.
access to OCl Object Storage.
Answer: A
Explanation
INSTANCE PRINCIPALS
The IAM service feature that enables instances to be authorized actors (or principals) to perform actions on
service resources. Each compute instance has its own identity, and it authenticates using the certificates that
are added to it. These certificates are automatically created, assigned to instances and rotated, preventing the
need for you to distribute credentials to your hosts and rotate them.
Dynamic groups A special type of group that contains resources (such as compute instances) that match rules
that you define (thus the membership can change dynamically as matching resources are created or deleted).
These instances act as "principal" actors and can make API calls to services according to policies that you
write for the dynamic group.
The following steps summarize the process flow for setting up and using instances as principals. The
subsequent sections provide more details.
1 Create a dynamic group. In the dynamic group definition, you provide the matching rules to specify which
instances you want to allow to make API calls against services.
2 Create a policy granting permissions to the dynamic group to access services in your tenancy (or
compartment).
3 A developer in your organization configures the application built using the Oracle Cloud Infrastructure SDK
to authenticate using the instance principals provider. The developer deploys the application and the SDK to
all the instances that belong to the dynamic group.
4 The deployed SDK makes calls to Oracle Cloud Infrastructure APIs as allowed by the policy (without
needing to configure API credentials).
5 For each API call made by an instance, the Audit service logs the event, recording the OCID of the instance
as the value of principalId in the event log.
Question #:9
An Oracle Cloud Infrastructure (OCI) Public Load Balancer's SSL certificate is expiring soon. You noticed the
Load Balancer is configured with SSL Termination only. When the certificate expires, data traffic can be
interrupted and security compromised.
What steps do you need to take to prevent this situation?
A. Add the new SSL certificate to the Load Balancer, update backend servers to work with a new
certificate and edit listeners so they can use the new certificate bundle.
B. Add the new SSL certificate to the Load Balancer, update listeners and backend sets so they can use the
new certificate bundle.
C. Add the new SSL certificate to the Load Balancer and implement end to end SSL so it can encrypt the
traffic from clients all the way to the backend servers.
D. Add the new SSL certificate to the Load Balancer and update backend servers to use the new certificate
bundle.
E. Add the new SSL certificate to the Load Balancer and update listeners to use the new certificate bundle.
Answer: A
Question #:10
An automobile company wants to deploy their CRM application for Oracle Database on Oracle Cloud
Infrastructure (OC1) DB Systems for one of major clients. In compliance with the Business Continuity
Program of the client, they need to provide a Recovery Point objective (RPO) of 24 hours and a Recovery time
objective (RTO) of 24 hours and Recovery Time Objective (RTO) of 1 hour.
The CRM application should be available oven in me event that an entire on Region is down.
Which approach Is the most suitable and cost effective configuration for this scenario?
A. Deploy a 1 node VM Oracle database in one region and replicate the database to a 1 node VM Oracle
database in another region using a manual setup and configuration of Oracle Data Guard.
B. Deploy a 2 node Virtual Machine (VM) Oracle RAC database in one region and replicate the database to
a 2 node VM Oracle RAC database in another region using a manual setup and configuration of Oracle
Data Guard.
C. Deploy a 1 node VM Oracle database in one region. Manual Configure a Recovery Manager (RMAN)
database backup schedule to take hourly database backups. Asynchronously copy the database backups
to object storage in another OCI region, If the primary OCI region is unavailable launch a new 1 new
VM Database in the other OCI region restore the production database from the backup.
D. Deploy an Autonomous Transaction Processing (Serverless) database in one region and replicate it to an
Autonomous Transaction Processing (Serverless) database in another region Oracle GoldenGate.
Answer: A
Explanation
You can configure the Autonomous Database instance as a target database for Oracle GoldenGate. But You
can’t set up Oracle Autonomous Database as a source database for Oracle GoldenGate.
Recovery Point objective (RPO) of 24 hours and Recovery Time Objective (RTO) of 1 hour
- To provision new VM and restore the production database from the backup on object storage, will exceed the
RTO 1 hour
- You can create the standby DB system in a different availability domain from the primary DB system for
availability and disaster recovery purposes. With Data Guard and switchover/failover can meet RTO
1 hour.
- RAC Database is not required in this solution. Standalone will be most suitable and cost effective
Question #:11
You have designed and deployed your Autonomous Data Warehouse (ADW) such that it is accessible from
your on-premises data center and servers running on both private and public networks in Oracle Cloud
Infrastructure (OCI).
As you are testing the connectivity to your ADW database from the different access paths, you notice that the
sewer lunninq on the private network is unable to connect to ADW.
Which two steps do you need to take to enable connectivity from the server on the private network to ADW?
A. Add an entry in the Security List of the ADW allowing ingress traffic for C10R block 10.2.2.0/24
B. Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/: target
type of NAT Gateway, add a stateful egress rule to the security list (associated with the private subnet)
with destination of 0.0.0.0./0 and for all IP protocols.
C. Add an entry in the access table list of ASW for CIDR block 10.2.2.0/24.
D. Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0./0; target
type of internet Gateway, add a stateful egress in the security list (associated with the private subnet)
with destination of 0.0.0.0/0 and for all IP protocols.
E. Add an entry in the access control list of ADW for IP address 129.146.160.11
Answer: B E
Explanation
There are 3 connections to ADW
1- Connecting to (ADW) from Public Internet
2- Connecting to ADW (via NAT or Service Gateway) from a server running on a private subnet in OCI (in
the same tenancy)
3- Connecting to ADW (via internet Gateway) from a server running on a public subnet in OCI (in the same
tenancy
Question #:12
Your company will soon start moving critical systems Into Oracle Cloud Infrastructure (OCI) platform. These
systems will reside in the us-phoenix-1and us-ashburn 1 regions. As part of the migration planning, you are
reviewing the company's existing security policies and written guidelines for the OCI platform usage within
the company. you have to work with the company managed key.
Which two options ensure compliance with this policy?
A. When you create a new compute instance through OCI console, you use the default options for
"configure boot volume" to speed up the process to create this compute instance.
B. When you create a new block volume through OCI console, select Encrypt using Key Management
checkbox and use encryption keys generated and stored in OCI Key Management Service.
C. When you create a new compute instance through OCI console, you use the default shape to speed up
the process to create this compute instance.
D. When you create a new OCI Object Storage bucket through OCI console, you need to choose
"ENCRYPT USING CUSTOMER-MANAGED KEYS" option.
E. You do not need to perform any additional actions because the OCI Block Volume service always
encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced
Encryption Standard (AES) algorithm with 256-bit encryption.
Answer: B D
Explanation
Block Volume Encryption
By default all volumes and their backups are encrypted using the Oracle-provided encryption keys. Each time
a volume is cloned or restored from a backup the volume is assigned a new unique encryption key.
You have the option to encrypt all of your volumes and their backups using the keys that you own and
manage using the Vault service.If you do not configure a volume to use the Vault service or you later
unassign a key from the volume, the Block Volume service uses the Oracle-provided encryption key instead.
This applies to both encryption at-rest and in-transit encryption.
Object Storage Encryption
Object Storage employs 256-bit Advanced Encryption Standard (AES-256) to encrypt object data on the
server. Each object is encrypted with its own data encryption key. Data encryption keys are always encrypted
with a master encryption key that is assigned to the bucket. Encryption is enabled by default and cannot be
turned off. By default, Oracle manages the master encryption key. However, you can optionally configure a
bucket so that it's assigned an Oracle Cloud Infrastructure Vault master encryption key that you control and
rotate on your own schedule.
Encryption: Buckets are encrypted with keys managed by Oracle by default, but you can optionally encrypt the
data in this bucket using your own Vault encryption key. To use Vault for your encryption needs, select
Encrypt Using Customer-Managed Keys. Then, select the Vault Compartment and Vault that contain the
master encryption key you want to use. Also select the Master Encryption Key Compartment and Master
Encryption Key.
Question #:13
You have deployed a web application targeting a global audience across multiple Oracle Cloud Infrastructure
(OCI) regions.
You decide to use Traffic Management Geo-Location based Steering Policy to serve web requests to users
from the region closets to the user. Within each region you have deployed a public load balancer with 4
servers in a backend set. During a DR test disable all web servers in one of the regions however, traffic
Management does not automatically direct all users to the other region.
Which two are possible causes?
A.
A. You did not setup a Route Table associated with load Balancer's subnet
B. You did not setup an HTTP Health Check associated with Load Balancer public IP in the disabled
region.
C. Rather than using Geo-Location based Steering Policy, you should use Failover Policy Type to serve
traffic.
D. One of the two working web servers In the other region did not pass Its HTTP health check
E. You did not correctly setup the Load Balancer HTTP health check policy associated with backend set
Answer: B E
Explanation
Managing Traffic Management GEOLOCATION Steering Policies
Geolocation steering policies distribute DNS traffic to different endpoints based on the location of the end
user. Customers can define geographic regions composed of originating continent, countries or
states/provinces (North America) and define a separate endpoint or set of endpoints for each region.
The Health Checks service allows you to monitor the health of IP addresses and hostnames, as measured
from geographic vantage points of your choosing, using HTTP and ping probes. After configuring a health
check, you can view the monitor's results. The results include the location from which the host was monitored,
the availability of the endpoint, and the date and time the test was performed.
Also you can Combine Managing Traffic Management GEOLOCATION Steering Policies with Oracle
Health Checks to fail over from one region to another
The Load Balancing service provides health status indicators that use your health check policies to report on
the general health of your load balancers and their components.
if you misconfigure the health check Protocol between the Load balancer and backend set that can lead to not
get an accurate response as example below
If you run a TCP-level health check against an HTTP service, you might not get an accurate response. The
TCP handshake can succeed and indicate that the service is up even when the HTTP service is ly configured or
having other issues. Although the health check appears good customers might experience transaction failures.
Question #:14
No esta en doc 1
You are working with a social media company as a solution architect. The media company wants to collect
and analyze large amounts of data being generated from their websites and social media feeds to gain insights
and continuously improve the user experience. In order to meet this requirement, you have developed a
microservices application hosted on Oracle Container Engine for Kubernetes. The application will process the
data and store the result to an Autonomous Data Warehouse (ADW) instance.
Which Oracle Cloud Infrastructure (OCI) service can you use to collect and process a large volume of
unstructured data in real time?
A. OCI Events
B. OCI Streaming
C. OCI Resource Manager
D. OCI Notifications
Answer: B
Question #:15
An OCI Architect is working on a solution consisting of analysis of data from clinical trials of a
pharmaceutical company. The data is being stored in OCI Autonomous Data Warehouse (ADW) having 8
CPU Cores and 70 TB of storage. The architect is planning to setup autoscaling to respond to dynamic changes
in the workload.
Which of the following needs to be considered while configuring auto scaling? Choose two
A. Enabling auto scaling does not change the concurrency and parallelism settings
B. Auto scaling also scales IO throughput linearly along with CPU
C. The database memory SGA and PGA will not get affected by the changes in the number of CPUs during
auto scaling
D. The maximum CPU cores that will be automatically allocated for this database is 16 CPUs
Answer: A B
Explanation
Explanation
Auto scaling is enabled by default when you create an Autonomous Database instance or you can use Scale
Up/Down on the Oracle Cloud Infrastructure console to enable or disable auto scaling.
With auto scaling enabled the database can use up to three times more CPU and IO resources than specified
by the number of OCPUs currently shown in the Scale Up/Down dialog. When auto scaling is enabled, if
your workload requires additional CPU and IO resources the database automatically uses the resources
without any manual intervention required.
Enabling auto scaling does not change the concurrency and parallelism settings for the predefined services
IO throughput depends on the number of CPUs you provision and scales linearly with the number of CPUs.
Question #:16
Which three scenarios are suitable for the Oracle Infrastructure (OCI) Autonomous transaction Processing
Server less (ATP-S) deployment?
A. well established, online auction marketplace is running an application where there is database usage
24×7 but also has peaks of activity that the hard to predict when the peaks happen, the total activities
may reach 3 times the normal activity level (Correct)
B. A small startup is deploying a new application fen eCommerce and it requires database to store
customers' transactions the team b of what the load will look like since it is a new application. (Correct)
C. A midsize company is considering migrating its legacy on premises MongoDB database to Oracle Cloud
Infrastructure (OCI). The database has significantly higher workloads on weekends than weekdays
D. A developer working on an Internal project needs to use a database during work hours but doesn't need
It during nights or weekends. the project budget requires her to keep costs low. (Correct)
E. A manufacturing company is running Oracle E-Business Suite application on premises. They are
looking to move this application to OCI and they want to use a managed database offering for their
database tier.
Answer: A B D
Explanation
MongoDB is a cross-platform document-oriented database program. Classified as a NoSQL database program,
MongoDB uses JSON-like documents with schema, so the best to be migrated to Oracle NoSQL Database.
https://blogs.oracle.com/nosql/migrate-mongodb-data-to-oracle-nosql-database
Autonomous transaction Processing Serverless (ATP-S) isn't supported yet for EBS database
Question #:17
You are working as a solutions architect for an online retail store In Frankfurt which uses multiple compute
instance VMs spread among three availability domains In the eu-frankfurt-1 region.
You noticed the website Is having very high traffic, so you enabled autoscaling to sun tee me no f your
application but, you observed that one of the availability domains is not receiving any traffic.
What could be wrong In this situation?
A. Autoscaling only works with single availability domains.
B. You have to manually acid all three availability domains to your load balancer configuration.
C.
C. Autoscaling can be enabled for multiple availability domains only in uk-london t region.
D. Autoscaling is using an Instance Pool configured to create instances in two availability Domains.
E. You forgot to attach a load balancer to your instance pool configuration.
Answer: D
Explanation
Autoscaling lets you automatically adjust the number of Compute instances in an instance pool based on
performance metrics such as CPU utilization. This helps you provide consistent performance for your end
users during periods of high demand, and helps you reduce your costs during periods of low demand.
you can associate a load balancer with an instance pool. If you do this, when you add an instance to the
instance pool, the instance is automatically added to the load balancer's backend set . After the instance
reaches a healthy state (the instance is listening on the configured port number), incoming traffic is
automatically routed to the new instance.
Instance pools let you provision and create multiple Compute instances based off the same configuration,
within the same region.
By default, the instances in a pool are distributed across all fault Domains in a best-effort manner based on
capacity. If capacity isn't available in one fault domain, the instances are placed in other fault domains to allow
the instance pool to launch successfully.
In a high availability scenario, you can require that the instances in a pool are evenly distributed across each of
the fault domains that you specify. When sufficient capacity isn't available in one of the fault domains, the
instance pool will not launch or scale successfully, and a work request for the instance pool will return an "out
of capacity" error. To fix the capacity error, either wait for capacity to become available,
or use the UpdateInstancePool operation to update the placement configuration (the availability domain and
fault domain) for the instance pool.
during create the instance pool you can select the location where you want to place the instances"
In the Availability Domain list, select the availability domain to launch the instances in.
If you want the instances in the pool to be placed evenly in one or more fault domains, select the Distribute
instances evenly across selected fault domains check box. Then, select the fault domains to place the instances
in.
Question #:18
You work for a German company as the Lead Oracle Cloud Infrastructure architect. You have designed a
highly scalable architecture for your company's business critical application which uses the Load Balancer
service auto which uses the Load Balancer service, autoscaling configuration for the application servers and a
2 Node VM Oracle RAC database. During the peak utilization period of the- application yon notice that the
application is running slow and customers are complaining. This is resulting in support tickets being created
for API timeouts and negative sentiment from the customer base.
What are two possible reasons for this application slowness?
A. Autoscaling configuration for the application servers didn't happen due to 1AM policy that's blocking
access to the application server compartment
B. The Load Balancer configuration is not sending traffic to the listener of the application servers.
C. Autoscaling configuration for the application servers didn't happen due to compartment quota breach of
the VM shapes used by the application servers.
D. Autoscaling configuration for the application servers didn't happen due to service limit breach of the
VM shapes used by the application servers
E. The Load Balancer doesn't have a Network Security Group to allow traffic to the application servers.
Answer: C D
Explanation
Autoscaling
Autoscaling enables you to automatically adjust the number of Compute instances in an
instance pool based on performance metrics such as CPU utilization. This helps you provide consistent
performance for your end users during periods of high demand, and helps you reduce your costs during
periods of low demand.
Prerequisites
- You have an instance pool. Optionally, you can attach a load balancer to the instance pool. For steps
to create an instance pool and attach a load balancer, see Creating an Instance Pool.
- Monitoring is enabled on the instances in the instance pool. For steps to enable monitoring, see
Enabling Monitoring for Compute Instances.
- The instance pool supports the maximum number of instances that you want to scale to. This limit is
determined by your tenancy's service limits.
About Service Limits and Usage
When you sign up for Oracle Cloud Infrastructure, a set of service limits are configured for your tenancy.
The service limit is the quota or allowance set on a resource. For example, your tenancy is allowed a
maximum number of compute instances per availability domain. These limits are generally established with
your Oracle sales representative when you purchase Oracle Cloud Infrastructure.
Compartment Quotas
Compartment quotas are similar to service limits; the biggest difference is that service limits are set by Oracle,
and compartment quotas are set by administrators, using policies that allow them to allocate resources with a
high level of flexibility.
Question #:19
Your customer recently ordered for a 1-Gbps Fast Connect connection In ap-tokyo-1 region of Oracle Cloud
Infrastructure (OCI). They will us this to one Virtual cloud Network (VCN) in their production (OC1) tenancy
and VCN In their development OC1 tenancy
As a Solution Architect, how should yon configure and architect the connectivity between on premises and
VCNs In OCI?
A. Create two private virtual circuits on the FastConnect link. Create two Dynamic Routing Gateways, one
for each VCNs. Attach the virtual circuits to the dynamic routing gateways.
B. You cannot achieve connectivity using single FastConnect link as the production and the development
VCNs-are in separate tenancies. Request one more FastConnect connection.
C. Create a single private virtual circuit over FastConnect and attach fastConnect to either of the VCN’s
Dynamic Routing Gateway. Use Remote Peering to peer production and development VCNs.
D. Create a hub-VCN that uses Dynamic Routing Gateway (DRG) to communicate with on-premises
network over FastConnect. Connect the hub-VCN to the production VCN spoke and with development
VCN spoke, each peered via their respective local Peering Gateway (LPG)
Answer: D
Explanation
There's an advanced routing scenario called transit routing that enables communication between an onpremises
network and multiple VCNs over a single Oracle Cloud Infrastructure FastConnect or IPSec VPN.
The VCNs must be in the same region and locally peered in a hub-and-spoke layout. As part of the scenario,
the VCN that is acting as the hub has a route table associated with each LPG (typically route tables are
associated with a VCN's subnets).
Question #:20
You are designing the network infrastructure for two application servers: appserver-1 and appserver-2 running
in two different subnets inside the same Virtual Cloud Network (VCN) Oracle Cloud Infrastructure (OCI).
You have a requirement where your end users will access appserver-1 from the internet and appserver-2 from
the on-premises network. The on-premises network is connected to your VCN over a FastConnect virtual
circuit.
How should you design your routing configuration to meet these requirements?
A. Configure a single routing table (Route Table-1) that has two set of rules. One that has route to internet
via the internet Gateway and another that propagate specific routes for the on-premise network via the
Dynamic Routing Gateway. Associate the routing table with all the VCN subnets.
B. Configure a single routing table (Routing Table-1) that has two set of rules: one that has route to internet
via the Internet Gateway and another that propagates specific routes for the on-premises network via
Dynamic Routing Gateway (DRG). Associate the routing table with the VCN.
C. Configure two routing tables: Route Table-1 that has a route to internet via the Internet gateway.
Associate this route table to the subnet containing appserver-1. Route Table-2 that propagate specific
routes for the on-premises network via the Dynamic Routing Gateway (DRG) Associate this route table
to subnet containing appserver-2.
D. Configure two routing table (Route table-1 Route Table-2) that have rule to route all traffic via the
Dynamic Routing Gateway (DRG) Associate the two routing tables with all the VCN subnets.
Answer: C
Explanation
An internet gateway is an optional virtual router you can add to your VCN to enable direct connectivity to the
internet. Resources that need to use the gateway for internet access must be in a public subnet and have public
IP addresses. Each public subnet that needs to use the internet gateway must have a route table rule that
specifies the gateway as the target. For traffic to flow between a subnet and an internet gateway, you must
create a route rule accordingly in the subnet's route table (for example, destination CIDR = 0.0.0.0/0 and target
= internet gateway).
Dynamic Routing Gateway (DRG) is A virtual edge router attached to your VCN. Necessary for private
peering. The DRG is a single point of entry for private traffic coming in to your VCN,After creating the DRG,
you must attach it to your VCN and add a route for the DRG in the VCN's route table to enable traffic flow.
Question #:21
A company has an urgent requirement to migrate 300 TB of data to Oracle Cloud Infrastructure (OCI) In two
weeks. Their data center has been recently struck by a massive hurricane and the building has been badly
damaged, although still operational. They have a 100 Mbps Internet line but the connection is Intermittent due
to the damages caused to the electrical grid
in this scenario, what is the most effective service to use to migrate the data to OCI given the time constraints?
A. Setup a OCI Storage Gateway to connect your data center and your VCN. Once the connection has been
established, upload all data to OCI using OCI Storage Gateway Cloud Sync tool.
B. Setup a hybrid network by launching aIGbpsFastConnect virtual circuit between your data center and
OCI. Use OCI Object storage multipart upload tool to automate the migration of your data to OCI.
C. Use multiple OCI Data Transfer Appliances to transfer data to OCI.
D. Upload the data to OCI using OCI Object Storage multipart upload tool.
E. Storage Gateway to connect your data center and your VCN. Once the connection has been established,
upload all data to OCI.
Answer: C
Explanation
Due to the network speed is not good enough and the connection is Intermittent due to the damages caused to
the electrical grid
Oracle offers offline data transfer solutions that let you migrate data to Oracle Cloud Infrastructure.
You have 2 Options of Data Transfer
DISK-BASED DATA TRANSFER
You send your data as files on encrypted commodity disk to an Oracle transfer site. Operators at the Oracle
transfer site upload the files into your designated Object Storage bucket in your tenancy.
APPLIANCE-BASED DATA TRANSFER
you send your data as files on secure, high-capacity, Oracle-supplied storage appliances to an Oracle transfer
site. Operators at the Oracle transfer site upload the data into your designated Object Storage bucket in your
tenancy.
Question #:22
A cloud consultant is working on implementation project on OCI. As part of the compliance requirements, the
objects placed in object storage should be automatically archived first and then deleted. He is testing a
Lifecycle Policy on Object Storage and created a policy as below:
[ { "name": "Archive_doc", "action": "ARCHIVE", "objectNameFilter": { "inclusionPrefixes": "doc"] },
"timeAmount": 5, "timeunit": "DAYS", "isEnabled": true },
{ "name": "Delete_doc", "action": "DELETE", "objectNameFilter": "inclusionPrefixes": [ "doc"]
1."timeAmount": 5, "timeunit": "DAYS", "isEnabled": true }
What will happen after this policy is applied?
A. All objects with names starting with "doc" will be deleted after 5 days of object creation
B. All the objects having file extension ".doc" will be archived for 5 days and will be deleted 10 days after
object creation
C. All the objects having file extension ".doc" will be archived 5 days after object creation
D. All the objects with names starting with "doc" will be archived 5 days after object creation and will be
deleted 5 days after archival
Answer: A
Explanation
Object Lifecycle Management works by defining rules that instruct Object Storage to archive or delete objects
on your behalf within a given bucket. A bucket's lifecycle rules are collectively known as an object lifecycle
policy.
You can use a rule to either archive or delete objects and specify the number of days until the specified
action is taken.
A rule that deletes an object always takes priority over a rule that would archive that same object.
Question #:23
An insurance company is storing critical financial data in the OCI block volume. This volume is currently
encrypted using oracle managed keys. Due to regulatory compliance, the customer wants to encrypt the data
using the keys that they can control and not the keys which are controlled by Oracle.
What of the following series of tasks are required to encrypt the block volume using customer managed keys?
A. Create a vault, import your master encryption key into the vault, generate data encryption key, assign
data encryption key to the block volume
B. Create a master encryption key, create a data encryption key, decrypt the block volume using existing
oracle managed keys, encrypt the block volume using the data encryption key
C. Create a vault, create a master encryption key in the vault, assign this master encryption key to the block
volume D. Create a master encryption key, create a new version of the encryption key, decrypt the block
volume using existing oracle managed keys and encrypt using new version of the encryption key
Answer: C
Explanation
Explanation
Oracle Cloud Infrastructure Vault lets you centrally manage the encryption keys that protect your data and
the secret credentials that you use to securely access resources. You can use the Vault service to create and
manage the following resources:
Vaults
Keys
Secrets
Vaults securely store master encryption keys and secrets that you might otherwise store in configuration files
or in code.
The Vault service lets you create vaults in your tenancy as containers for encryption keys and secrets. If
needed, a virtual private vault provides you with a dedicated partition in a hardware security module (HSM),
offering a level of storage isolation for encryption keys that’s effectively equivalent to a virtual independent
HSM.
Question #:24
Give this compartment structure:
You want to move a compute instance that is in 'Compute' compartment to 'SysTes-Team'.
You login to your Oracle Cloud Infrastructure (OCI)account and use the 'Move Resource' option.
What will happen when you attempt moving the compute resource?
A. The move will be successful though Compute Instance and its Public and Private IP address will stay the
same. The Compute instance VNIC will need to be moved separately. The Compute instance will still be
associated with the original VCN.
B. The move will fail and you will be prompted to move the VCN first. Once VCN is moved to the target
compartment, the Compute instance can be moved.
C.
C. The move will be successful though Compute Instance Public and Private IP address changed, and it
will be associated to the VCN in target compartment.
D. The move will be successful though Compute Instance and its Public and Private IP address will stay the
same. The Compute instance VNIC will still be associated with the original VCN.
Answer: D
Explanation
Moving Resources to a Different Compartment
Most resources can be moved after they are created. There are a few resources that you can't move from one
compartment to another. Some resources have attached resource dependencies and some don’t.
Not all attached dependencies behave the same way when the parent resource moves.
For some resources, the attached dependencies move with the parent resource to the new compartment.
The parent resource moves immediately, but in some cases attached dependencies move asynchronously and
are not visible in the new compartment until the move is complete.
For other resources, the attached resource dependencies do not move to the new compartment. You can move
these attached resources independently.
You can move Compute resources such as instances, instance pools, and custom images from one
compartment to another. When you move a Compute resource to a new compartment, associated resources
such as boot volumes and VNICs are not moved.
You can move a VCN from one compartment to another. When you move a VCN, its associated VNICs,
private IPs, and ephemeral IPs move with it to the new compartment.
Question #:25
You have multiple IAM users who launch different types of compute Instances and block volumes every day.
As a result, your Oracle cloud Infrastructure (OCF) tenancy quickly hit the service limit and you can no longer
create any new instances. As you are cleaning up environment, you notice that the majority of the Instances
and block volumes are untagged. Therefore, It is difficult to pinpoint the owner of these resources verify if
they are safe to terminate.
Because of this, your company has issued a new mandate, which requires adding compute instances.
Which option is the simplest way to implement this new requirement?
A. Create a policy to automatically tag a resource with the user name.
B. Create a policy using 1AM requiring users to tag specific resources. This will allow a user to launch
compute instances on\y if certain tags were defined.
C. Create tag variables to automatically tag a resource with the user name.
D. Create a default tag for each compartment, which ensure that appropriate tags are applied at resource
creation
E. Create tag variables for each compartment to automatically tag a resource with the user name.
Answer: C
Explanation
Tag Variables
You can use a variable to set the value of a defined tag. When you add the tag to a resource, the variable
resolves to the data it represents. You can use tag variables in defined tags and default tags.
Supported Tag Variables
The following tag variables are supported.
${iam.principal.name} The name of the principal that tagged the resource
${iam.principal.type} The type of principal that tagged the resource.
${oci.datetime} The date and time that the tag was created.
Consider the following example:
Operations.CostCenter=" ${iam.principal.name} at ${oci.datetime} "
Operations is the namespace, CostCenter is the tag key, and the tag value contains two tag
variables ${iam.principal.name} and ${oci.datetime} . When you add this tag to a resource, the variable
resolves to your user name (the name of the principal that applied the tag) and a time date stamp for when you
added the tag.
user_name at 2019-06-18T18:00:57.604Z
The variable is replaced with data at the time you apply the tag. If you later edit the tag, the variable is gone
and only the data remains. You can edit the tag value in all the ways you would edit any other tag value. To
create a tag variable, you must use a specific format.
${<variable>} Type a dollar sign followed by open and close curly brackets. The tag variable goes between
the curly brackets. You can use tag variables with other tag variables and with string values. Tag defaults let
you specify tags to be applied automatically to all resources, at the time of creation, in a specific
compartment. This feature allows you to ensure that appropriate tags are applied at resource creation
without requiring the user who is creating the resource to have access to the tag namespaces.
https://docs.cloud.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingtagdefaults.htm
Question #:26
An online Stock trading application is deployed to multiple Availability Domains in the us phoenix-1 region.
Considering the high volume of transactions that the trading application handles, the company has hired you to
ensure that the data stored by the application available, and disaster resilient. In the event of failure, the
Recovery lime Objective (UK)) must be less than 2 hours to meet regulator requirements.
Which Disaster Recovery strategy should be used to achieve the RTO requirement In the event of system
failure?
A. Configure hourly block volumes backups through the Storage Gateway service.
B. Configure hourly block volumes backups using the Oracle Cloud Infrastructure (OCI) Command Line
Interface (CLI)
C. Store hourly block volumes backup to NVMe device under a compute instance and generate a custom
Image every 5 minutes.
D. Configure your application to use synchronous master slave data replication between Availability
Domains.
Answer: B
Explanation
You can use the CLI, REST APIs, or the SDKs to automate, script, and manage volume backups and their
lifecycle.
Planning Your Backup
The primary use of backups is to support business continuity, disaster recovery, and long-term archiving
requirements. When determining a backup schedule, your backup plan and goals should consider the
following:
Frequency: How often you want to back up your data.
Recovery time: How long you can wait for a backup to be restored and accessible to the applications that use
it. The time for a backup to complete varies on several factors, but it will generally take a few minutes or
longer, depending on the size of the data being backed up and the amount of data that has
changed since your last backup.
Number of stored backups: How many backups you need to keep available and the deletion schedule for
those you no longer need. You can only create one backup at a time, so if a backup is underway, it will need to
complete before you can create another one. For details about the number of backups you can store
Question #:27
A retail company has recently adopted a hybrid architecture. They have the following requirements for their
end-to-end Connectivity model between their on-premises data center and Oracle Cloud Infrastructure (OC1)
region
* Highly available connection with service level redundancy
* Dedicated network bandwidth with low latency
Which connectivity setup is the most cost effective solution for this scenario?
A. Setup IPsec VPN as your primary connection, and a FastConnect virtual circuit as a backup connection.
Use separate edge devices in your on-premises data canter for each connection from your edge devices,
advertise more specific routes IPSec VPN, and specific routes through the backup FastConnect virtual
circuit.
B. Setup FastConnect virtual circuit as your primary connection, and a second FastConnect virtual circuit
as a backup connection. Use separate edge devices in your FastConnect physical connectivity is
redundant Use a single edge device in your on premises data center for each connection From yc device,
advertise more specific routes via primary FastConnect virtual circuit, and less specific routes through t
backup FastConnect circuit.
C. Setup FastConnect virtual circuit as your primary connection, and an IPSec VPN as a backup
connection. Use separate edge devices in your on-premises data center for each connection. From your
edge devices, advertise more specific routes through FastConnect virtual circuit, and more specific
routes through the backup IPSec VPN path.
D. Setup IPSec VPN as your primary connection, and a second IPSec VPN as a backup connection. Use
separate edge devices in your on p data center for each connection. From your edge devices, advertise
more specific routes via primary IPSec VPN. and less specific rod the backup TPSec VPN.
Answer: C
Explanation
there are two main requirements for this Customer
First Highly available connection with service level redundancy and that can achieve by
3- Redundant FastConnect
Question #:28
You have provisioned a new VM.DenseIO2.24 compute instance with local NVMe drives. The compute
instance is running production application. This is a write heavy application, with a significant Impact to the
business it the application goes down.
What should you do to help maintain write performance and protect against NVMe devices failure.
A. NVMe drive have built in capability to recover themself so no other actions are required
B. Configure RAID 6 for NVMe devices.
C. Configure RAID 1 for NVMe devices.
D. Configure RAID 10 for NVMe devices.
Answer: D
Explanation
VM.DeselO2.24 compute instance include locally attached NVMe devices. These devices provide extremely
low latency, high performance block storage that is ideal for big data, OLTP, and any other workload that can
benefit from high-performance block storage.
A protected RAID array is the most recommended way to protect against an NVMe device failure. There are
three RAID levels that can be used for the majority of workloads:
RAID 1: An exact copy (or mirror) of a set of data on two or more disks; a classic RAID 1 mirrored pair
contains two disks
RAID 10: Stripes data across multiple mirrored pairs. As long as one disk in each mirrored pair is functional,
data can be retrieved
RAID 6: Block-level striping with two parity blocks distributed across all member disks If you need the best
possible performance and can sacrifice some of your available space, then RAID 10 array is an option.
Question #:29
You are working as a cloud engineer for an IoT startup company which is developing a health monitoring pet
collar for dogs and cats. The company collects biometric Information of the pet every second and then sends it
to Oracle Cloud Infrastructure (OCI)
Your task is to come up with an architecture which will accept and process the monitoring data as well as
provide complete trends and health reports to the pet owners. The portal should be highly available, durable,
and scalable with an additional feature for showing real time biometric data analytics.
which architecture will help you meet this requirement?
A. Use OCI Streaming Service to collect the incoming biometric data. Use Oracle Functions to process the
date and show the results on a real-time dashboard and store the results lo OCI Object Storage Store the
data In OCI Autonomous Data warehouse (ADW) to handle analytics.
B. Launch an open source Hadoop cluster to collect the Incoming biometrics data Use an Open source
Fluentd cluster to analyze the- data me results to OCI Autonomous Transaction Processing (ADW)to
handle complex analytics
C. Create an OCI Object Storage bucket to collect the incoming biometric data from the smart pet collar
Fetch the data horn OC\ Object storage to OCI Autonomous Data Warehouse (ADW) every day and run
analytics Jobs with it
D. Use OCI Streaming Service to collect the incoming biometric data. Use an open source Hadoop cluster
to analyze the data horn streaming service. Store the results to OCI Autonomous Data warehouse
(ADW) to handle complex analytics.
Answer: A
Question #:30
An upcoming e-commerce company has deployed their online shopping application on OCI. The application
was deployed on compute instances with autoscaling configuration for application servers fronted by a load
balancer and OCI Autonomous Transaction Processing (ATP) in the backend.
In order to promote their e-commerce platform 50% discount was announced on all the products for a limited
period. During the day 1 of promotional period it was observed that the application is running slow and
company's hotline is flooded with complaints.
What could be two possible reasons for this situation?
A. The health check on some of the backend servers has failed and the load balancer has taken those
servers temporarily out of rotation
B. As part of autoscaling, the load balancer shape has dynamically changed to a larger shape to handle
more incoming traffic and the system was slow for a short time during this change
C. The health check on some of the backend servers has failed and the load balancer was rebooting these
servers.
D. The autoscaling has already scaled to the maximum number of instances specified in the configuration
and there is no room of scaling
Answer: A D
Question #:31
A FinTech startup is developing a new blockchain based application to provide Smart Contracts using
micro-services architecture. The development team is planning to deploy the application using containers and
looking for a reliable way to build, deploy and manage their cloud-native application.
Additionally, they need an easy way to store, share and manage their application artifacts.
Which option should you recommend for this application?
A. Install and manage a Kubernetes cluster on OCI Compute Instances and use OCI Resource Manager for
management of application artifacts
B. Use and OCI Resource Manager to manage cloud-native application and make the application artifacts
available using OCI Functions
C. Use Oracle Container Engine for Kubernetes (OKE) to manage of cloud-native applications and OCI
Registry for application artifacts
D. Use Oracle Container Engine for Kubernetes (OKE) to manage the deployment environment and OCI
Functions for application artifacts
Answer: C
Explanation
Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully-managed, scalable, and highly
available service that you can use to deploy your containerized applications to the cloud. Use Container
Engine for Kubernetes (sometimes abbreviated to just OKE) when your development team wants to reliably
build, deploy, and manage cloud-native applications. You specify the compute resources that your applications
require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing
OCI tenancy.
Oracle Cloud Infrastructure Registry is an Oracle-managed registry that enables you to simplify your
development to production workflow. Oracle Cloud Infrastructure Registry makes it easy for you as a
developer to store, share, and manage development artifacts like Docker images. And the highly available and
scalable architecture of Oracle Cloud Infrastructure ensures you can reliably deploy your applications.
So you don't have to worry about operational issues, or scaling the underlying infrastructure.
Question #:32
A civil engineering company is running an online portal In which engineers can upload there constructions
photos, videos, and other digital files.
There is a new requirement for you to implement: the online portal must offload the digital content to an
Object Storage bucket for a period of 72 hours. After the provided time limit has elapsed, the portal will hold
all the digital content locally and wait for the next offload period.
Which option fulfills this requirement?
A. Create a pre-authenticated URL for the entire Object Storage bucket to read and list the content with an
expiration of 72 hours.
B. Create a pre authenticated URL lot each object that Is uploaded to the Object Storage bucket with an
expiration of 72 hours.
C. Create a Dynamic Group with matching rule for the portal compute Instance and grant access to the
Object Storage bucket for 72 hours.
D. Create a pre authenticated URL for the entire Object Storage bucket to write content with an expiration
of 72 hours.
Answer: D
Explanation
Pre-authenticated requests provide a way to let users access a bucket or an object without having their own
credentials, as long as the request creator has permission to access those objects.
For example, you can create a request that lets operations support user upload backups to
a bucket without owning API keys. Or, you can create a request that lets a business partner update shared data
in a bucket without owning API keys.
When creating a pre-authenticated request, you have the following options:
You can specify the name of a bucket that a pre-authenticated request user has write access to and can upload
one or more objects to.
You can specify the name of an object that a pre-authenticated request user can read from, write to, or read
from and write to.
Scope and Constraints
Understand the following scope and constraints regarding pre-authenticated requests:
Users can't list bucket contents.
You can create an unlimited number of pre-authenticated requests.
There is no time limit to the expiration date that you can set.
You can't edit a pre-authenticated request. If you want to change user access options in response to changing
requirements, you must create a new pre-authenticated request.
The target and actions for a pre-authenticated request are based on the creator's permissions. The request is
not, however, bound to the creator's account login credentials. If the creator's login credentials change, a
pre-authenticated request is not affected.
You cannot delete a bucket that has a pre-authenticated request associated with that bucket or with an object in
that bucket.
Question #:33
You are working as a security consultant with a global insurance organization which is using Microsoft Azure
Active Directory (AD) as identity provided to manager user login/passwords. When a user logs in to Oracle
Cloud infrastructure (OCI) console, it should get authenticated by Azure AD.
Which set of steps are required to configure at OCI side in order to get it enabled
A. Setup Azure AD as an Enterprise Application, map Azure AD users and groups and policies to OCI
groups and users
B. Setup Azure AD as an Identity Provider, Import users and groups from Azure AD to OCI, set up IAM
policies to govern access to Azure AD groups
C. Setup Azure AD as an Enterprise Application, configure OCI for single sign-on, map Azure AD groups
to OCI groups, set up the IAM policies to govern access to Azure AD groups
D. Setup Azure AD as an Identity Provider, map Azure AD groups to OCI groups, set up the IAM policies
to govern access to Azure AD groups
Answer: D
Explanation
Federating with Microsoft Azure Active Directory
To federate with Azure AD, you set up Oracle Cloud Infrastructure as a basic SAML single sign-on
application in Azure AD. To set up this application, you perform some steps in the Oracle Cloud Infrastructure
Console and some steps in Azure AD.
Following is the general process an administrator goes through to set up the federation. Details for each step
are given in the next section.
In Oracle Cloud Infrastructure, download the federation metadata document.
In Azure AD, set up Oracle Cloud Infrastructure Console as an enterprise application.
In Azure AD, configure the Oracle Cloud Infrastructure enterprise application for single sign-on.
In Azure AD, set up the user attributes and claims.
In Azure AD, download the Azure AD SAML metadata document.
In Azure AD, assign user groups to the application.
In Oracle Cloud Infrastructure, set up Azure AD as an identity provider.
In Oracle Cloud Infrastructure, map your Azure AD groups to Oracle Cloud Infrastructure groups.
In Oracle Cloud Infrastructure, set up the IAM policies to govern access for your Azure AD groups.
Share the Oracle Cloud Infrastructure sign-in URL with your user
Question #:34
You are part of a project team working in the development environment created in OCI. You have realized that
the CIDR block specified for one of the subnet in a VCN is not correct and want to delete the subnet. While
deleting you are getting an error indicating that there are still resources that you must delete first. The error
includes the OCID of the VNIC that is in the subnet.
Which of the following action you will take to troubleshoot this issue?
A. Use OCI CLI to call "GetVnic" operation to find out the parent resource of the VNIC
B. Copy and Paste OCID of the VNIC in the search box of the OCI Console to find out the parent resource
of the VNIC
C. Use OCI CLI to delete the VNIC first and then delete the subnet
D. Use OCI CLI to delete the subnet using --force option
Answer: A
Explanation
VCN, it must first be empty and have no related resources or attached gateways
To delete a VCN's subnets, they must first be empty.
Note: When you create one of the preceding resources, you specify a VCN and subnet for it. The relevant
service creates at least one VNIC in the subnet and attaches the VNIC to the resource. The service manages
the VNICs on your behalf, so they are not readily apparent to you in the Console. The VNIC enables the
resource to communicate with other resources over the network. Although this documentation commonly talks
about the resource itself being in the subnet, it's actually the resource's attached VNIC.
If the subnet is not empty, you instead get an error indicating that there are still resources that you must delete
first. The error includes the OCID of a VNIC that is in the subnet (there could be more, but the error returns
only a single VNIC's OCID).
You can use the Oracle Cloud Infrastructure command line interface (CLI) or another SDK or client to call the
GetVnic operation with the VNIC OCID. The response includes the VNIC's display name. Depending on the
type of parent resource, the display name can indicate which parent resource the VNIC belongs to. You can
then delete that parent resource, or you can contact your administrator to determine who owns the resource.
When the VNIC's parent resource is deleted, the attached VNIC is also deleted from the subnet. If there are
remaining VNICs in the subnet, repeat the process of determining and deleting each parent
resource until the subnet is empty. Then you can delete the subnet.
For example, if you're using the CLI, use this command to get information about the VNIC.
oci network vnic get --vnic-id <VNIC_OCID
Question #:35
Which three options are available to migrate an Oracle database 12.x from an on-premises environment to
Oracle Cloud Infrastructure (OCI)?
A. Leverage OCI Storage Gateway asynchronous database migration option.
B. Use Oracle Data Pump Export/Import to migrate the database.
C. Configure RMAN cross-platform transportable tablespace backup sets.
D. Setup OCI schema and data transfer tool with Bare Metal DB Systems as the target.
E. Create a backup of your on-premises database In OCI DB Systems.
Answer: B C E
Explanation
https://docs.cloud.oracle.com/en-us/iaas/Content/Database/Tasks/mig-onprembackup.htm
Question #:36
A global retailer is setting up the cloud architecture to be deployed in Oracle Cloud infrastructure (OCI) which
will have thousands of users from two major geographical regions: North America and Asia Pacific. The
requirements of the services are:
* Service needs to be available 27/7 to avoid any business disruption
* North American customers should be served by application running In North American regions
* Asia Pacific customers should be served by applications running In Asia Pacific regions
* Must be resilient enough to handle the outage of an entire OCI region
A. OCl DNS, Traffic Management with Failover steering policy
B. OCl DNS, Traffic Management with Geolocation steering policy. Health Checks
C. OCl DNS, Traffic Management with Geolocation steering policy
D. OCl DNS,' Traffic Management with Load Balancer steering policy, Health Checks
Answer: B
Explanation
GEOLOCATION STEERING
Geolocation steering policies distribute DNS traffic to different endpoints based on the location of the end
user. Customers can define geographic regions composed of originating continent, countries or
states/provinces (North America) and define a separate endpoint or set of endpoints for each region. Combine
with Oracle Health Checks to fail over from one region to another
Question #:37
You are helping a customer troubleshoot a problem. The customer has several Oracle Linux servers in a
private subnet within a Virtual Cloud Network (VCN). The servers are configured to periodically
communicate to the Internet to get security patches for applications Installed on them.
The servers are unable to reach the Internet. An Internet Gateway has been deployed In the public subnet in
the VCN and the appropriate routes are configured in the Route Table associated with the public subnet.
Based on cost considerations, which option will fix this Issue?
A. Create a Public Load Balancer In front of the servers and add the servers to the Backend Set of the
Public Load Balancer.
B. Create another Internet Gateway and configure it as route target for the private subnet.
C. Implement a NAT instance In the public subnet of the VCN and configure the NAT instance as the route
target for the private subnet.
D. Create a NAT gateway in the VCN and configure the NAT gateway as the route target for the private
subnet.
Answer: A
Question #:38
Your team is conducting a root analysis (RCA) following a recent, unplanned outage. One of the block
volumes attached to your production WebLogic server was deleted and you have tasked with identifying the
source of the action. You search the Audit logs and find several Delete actions that occurred in the previous 24
hours. Given the sample of this event.
Which item from the event log helps you identify the individual or service that initiated the DeleteVolume API
call?
A. requestAgent
B. eventource
C. principalld
D. requestOrigin
E.
E. eventId
Answer: C
Explanation
The Oracle Cloud Infrastructure Audit service automatically records calls to all supported Oracle Cloud
Infrastructure public application programming interface (API) endpoints as log events. Currently, all services
support logging by Audit.
Every audit log event includes two main parts:
Envelopes that act as a container for all event messages
Payloads that contain data from the resource emitting the event message
The identity object contains the following attributes.
data.identity.authType The type of authentication used.
data.identity.principalId The OCID of the principal.
data.identity.principalName The name of the user or service. This value is the friendly name associated
with principalId .
Question #:39
A large London based eCommerce company is running Oracle DB System Virtual RAC database on Oracle
Cloud Infrastructure (OCI) for their eCommerce application activity. They are launching a new product soon,
which is expected to sell in large quantities all over the world.
The application architecture should have minimal cost, no data loss, no performance impacts during the
database backup windows and should have minimal downtime.
A. Launch a new VM RAC database in another availability domain, launch a compute instance, deploy
Oracle GoldenGate on it and then configure it to replicate the data from the eCommerce Database over
to the new RAC database using GoldenGate. Take backups from the new VM RAC database.
B. Turn off automated backups from the eCommerce database, implement Oracle Data Guard with the
Standby database deployed on another availability domain, take backups from the standby database.
C. Launch a new VM RAC database in another availability domain, launch a compute instance, deploy
Oracle GoldenGate on it and then configure bi-directional replication from the eCommerce Database
over to the new VM RAC database using GoldenGate. Take backups from the new VM RAC database.
D. Turn off automatic backups from the eCommerce database, implement Oracle Active Data Guard with
the standby database deployed on another availability domain, and take backups from the standby
database.
Answer: C
Explanation
Active Data Guard or GoldenGate are used for disaster recovery when fast recovery times or additional levels
of data protection are required. And offload queries and backup to standby system.
Oracle GoldenGate to support a disaster recovery site is to have a working bi-directional data flow, from the
primary system to the live-standby system and vice versa.
DataGuard and Automatic Backup
You can enable the Automatic Backup feature on a database with the standby role in a Data Guard association.
However, automatic backups for that database will not be created until it assumes the primary role.
Question #:40
A retailer bank is currently hosting their mission critical customer application on-premises. The application
has a standard 3 tier architecture -4 application servers process the incoming traffic and store application data
in an Oracle Exadata Database Server. The bank has recently has service disruption to other inter applications
to they are looking to avoid this issue for their mission critical Customer Application.
Which Oracle Cloud Infrastructure services should you recommend as part of the DR solution?
A. OCI DNS Service' Public Load Balancer, Oracle Database Cloud Backup Service, Object Storage
Service, Oracle Bare Metal Cloud Service, Oracle Bare Metal Cloud Service with GoldenGate, OCI
Container Engines for Kubernetes, Oracle IPSec VPN
B. OCI Traffic Management, Private Load Balancer, Compute instances distributed across multiple
Availability Domains and/or Fault Domains, Exadata Cloud Service with Data Guard, Oracle
FastConnect, Object Storage, Database Cloud backup module
C. OCI Traffic Management, Public toad Balancer, Compute Instances distributed across multiple
Availability Domains and/or Vault domains. Exadata Cloud Service with Data Guard, Oracle
FastConnect, Object Storage, Database cloud backup module
D. OCI DNS Service, Load Balancer as a service using Public Load Balancer distributing traffic Compute
Instance across multiple regions, Oracle RAC Database using Virtual Machines, Remote Peering
connecting two VCNs in different regions. Exadata Cloud Service with GoldenGate FastConnect,
Object Storage, Database Cloud backup module.
Answer: C
Explanation
OCI Traffic Management Steering Policies can account for health of answers to provide failover capabilities,
provide the ability to load balance traffic across multiple resources, and account for the location where the
query was initiated to provide a simple, flexible and powerful mechanism to efficiently steer DNS traffic.
Public Load Balancer Accepts traffic from the internet using a public IP address that serves as the entry point
for incoming traffic. Load balancing service creates a primary load balancer and a standby load balancer, each
in a different availability domain
Question #:41
Your customer has gone through a recent departmental re structure. As part of this change, they are organizing
their Oracle Cloud Infrastructure (OCI) compartment structure to align with the company's new organizational
structure.
They have made the following change:
Compartment x Is moved, and its parent compartment is now compartment c.
Policy defined in compartment A: Allow group networkadmins to manage subnets in compartment X Policy
defined in root compartment: Allow group admins to read subnets in compartment Finance:A:X
After the compartment move, which action will provide users of group networkadmins and admins with
similar privileges as before the move?
A. Define a policy in Compartment C as follows: Allow group network admins to manage subnets in
compartment X.
B. No change in any policy statement is required as compartments move automatically moves alt the policy
statements associated with compartments as well.
C. Define a policy in compartment C as follows: Allow group admins to read subnets in compartment
HR:C:X
D. Define a policy in compartment HR as follows: Allow group network admins to manage subnets in
compartment X.
E. Define a policy in compartment C as follows Allow group admins to read subnets in compartment
HR:C:X
Answer: A
Explanation
You can move a compartment to a different parent compartment within the same tenancy. When you move a
compartment, all its contents (subcom partments and resources) are moved with it.
After you move a compartment to a new parent compartment, the access policies of the new parent take effect
and the policies of the previous parent no longer apply. Before you move a compartment, ensure that:
- You are aware of the policies that govern access to the compartment in its current position.
- You are aware of the polices in the new parent compartment that will take effect when you move the
compartment.
1- Policy that defined in root compartment: Allow group admins to read subnets in compartment Finance:A:X
you move compartment X from Finance:A to HR:C. The policy that governs compartment X is attached to the
shared parent, root compartment. When the compartment X is moved, the policy statement is automatically
updated by the IAM service to specify the new compartment location.
The policy
Allow group admins to read subnets in compartment Finance:A:X
is updated to Allow group admins to read subnets in compartment HR:C:X
so the admins group will have the same access after the compartment X is moved
2- Policy that defined in compartment A: Allow group networkadmins to manage subnets in
compartment X you move compartment X from Finance:A to HR:C. However, the policy that governs
compartment X here is attached directly to the A compartment. When the compartment is moved, the policy is
not automatically updated. The policy that specifies compartment X is no longer valid and must be manually
removed. Group networkadmins no longer has access to compartment X in its new location under HR:C.
Unless another existing policy grants access to group networkadmins , you must create a new policy to allow
networkadmins to continue to manage buckets in compartment X.
Question #:42
You are working as a cloud consultant for a major media company. In the US and your client requested to
consolidate all of their log streams, access logs, application logs, and security logs into a single system.
The client wants to analyze all of their logs In real-time based on heuristics and the result should be validated
as well. This validation process requires going back to data samples extracted from the last 8 hours.
What approach should you take for this scenario?
A. Create an auto scaling pool of syslog-enabled servers using compute instances which will store the logs
In Object storage, then use map reduce jobs to extract logs from Object storage, and apply heuristics on
the logs.
B. Create a bare-metal instance big enough to host a syslog enabled server to process the logs and store
logs on the locally attached NVMe SSDs for rapid retrieval of logs when needed.
C. Set up an OCI Audit service and ingest all the API arils from Audit service pragmatically to a client side
application to apply heuristics and save the result in an OCI Object storage.
D. Stream all the logs and cloud events of Events service to Oracle Streaming Service. Build a client
process that will apply heuristics on the logs and store them in an Object Storage.
Answer: D
Explanation
The Oracle Cloud Infrastructure Streaming service provides a fully managed, scalable, and durable storage
solution for ingesting continuous, high-volume streams of data that you can consume and process in real time.
Streaming can be used for messaging, ingesting high-volume data such as application logs, operational
telemetry, web click-stream data, or other use cases in which data is produced and processed continually and
sequentially in a publish-subscribe messaging model.
Streaming Usage Scenarios
Here are some of the many possible uses for Streaming:
Metric and log ingestion: Use the Streaming service as an alternative for traditional file-scraping approaches to
help make critical operational data more quickly available for indexing, analysis, and visualization.
Messaging: Use Streaming to decouple components of large systems. Streaming provides a pull/bufferbased
communication model with sufficient capacity to flatten load spikes and the ability to feed multiple consumers
with the same data independently. Key-scoped ordering and guaranteed durability provide reliable primitives
to implement various messaging patterns, while high throughput potential allows for such a system to scale
well.
Web/Mobile activity data ingestion: Use Streaming for capturing activity from websites or mobile apps (such
as page views, searches, or other actions users may take). This information can be used for realtime
monitoring and analytics, as well as in data warehousing systems for offline processing and
reporting.
Infrastructure and apps event processing: Use Streaming as a unified entry point for cloud components to
report their life cycle events for audit, accounting, and related activities.
Question #:43
You are currently working for a public health care company based in the United Stats. Their existing patient
records runs in an on-premises data center and the customer is sending tape backups offsite as part of their
recovery planning.
You have developed an alternative archival solution using Oracle Cloud Infrastructure (OCI) that will save the
company a significant amount of mom on a yearly basis. The solution involves storing data in an OCI Object
Storage bucket After reviewing your solution with the customer global Compliance (GRC) team they have
highlighted the following security requirements:
• All data less than 1 year old must be accessible within 2 hour.
• All data must be retained for at least 10 years and be accessible within 48 hours
• AH data must be encrypted at rest
• No data may be transmitted across the public Internet
Which two options meet the requirements outlined by the customer GRC team?
A. Provision a FastConnect link to the closest OCI region and configure a private peering virtual circuit.
B. Create an OCI Object Storage Standard tier bucket Configure a lifecycle policy to archive any object
that Is older than 365 days
C. Create a VPN connection between your on premises data center and OCI. Create a Virtual Cloud
Network (VCN) along with an OCI Service Gateway for OCI Object Storage.
D. Provision a FastConnect link to the closest OCI region and configure a public peering virtual circuit
E. Create an OCI Object Storage Standard tier bucket. Configure a lifecycle policy to delete any object that
is older than 7 years
Answer: B D
Explanation
The Oracle Services Network is a conceptual network in Oracle Cloud Infrastructure that is reserved for
Oracle services. These services have public IP addresses that you typically reach over the internet. However,
you can access the Oracle Services Network without the traffic going over the internet. There are different
ways, depending on which of your hosts need the access:
Hosts in your on-premises network:
- Private access through a VCN with FastConnect private peering or VPN Connect: The on-premises hosts
use private IP addresses and reach the Oracle Services Network by way of the VCN and the VCN's service
gateway.
- Public access with FastConnect public peering: The on-premises hosts use public IP addresses.
regarding which Fastconnect Public peering: To access public services in Oracle Cloud
Infrastructure without using the internet. For example, Object Storage, the Oracle Cloud Infrastructure
Console and APIs, or public load balancers in your VCN. Communication across the connection is with IPv4
public IP addresses. Without FastConnect, the traffic destined for public IP addresses would be routed over the
internet. With FastConnect, that traffic goes over your private physical connection.
so Answer 4 will be the best answer that meets the customer requirement
A service gateway lets your virtual cloud network (VCN) privately access specific Oracle services without
exposing the data to the public internet. No internet gateway or NAT is required to reach those specific
services. The resources in the VCN can be in a private subnet and use only private IP addresses. The traffic
from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.
Object Lifecycle Management lets you automatically manage the archiving and deletion of objects. By using
Object Lifecycle Management to manage your Object Storage and Archive Storage data, you can reduce your
storage costs and the amount of time you spend managing data.
Question #:44
To serve web traffic for a popular product, your cloud engineer has provisioned four BM.Standard2.52
instances, event spread across two availability domains in the us-asburn-1 region: LoadBalancer is used to
deliver the traffic across instances.
After several months, the product grows even more popular and you need additional compute capacity. As a
result, an engineer provisioned two additional VM.Standard2.8 instances.
You register the two VM. Standard2. 8 Instances with your load Balancer Backend sot and quickly find that
the VM Standard2.8 Instances running at 100% of CPU utilization but the BM.Standard2 .52 instances have
significant CPU capacity that's unused.
Which option is the most cost effective and uses instances capacity most effectively?
A. Configure your Load Balance, with weighted round robin policy to distribute traffic to the compute
instances, with more weight assigned to bare metal instances.
B. Configure Autoscaling instance pool with LoadBalancer to add up to 3 more BM.Standard2.52 Instances
when triggered. Shut off VM.Standard2.8 instances.
C. Route traffic to BM.Standard2.52 and VM Standard2.8 instances directly using DNS and Health
Checks. Shut off the load Balances.
D. Configure LoadBalancer with two VM Standard2.8 instances and use Autoscalling Instant pool to add
up to two additional VM instances. Shut off BM.Standard2.52 instances.
Answer: A
Explanation
Customer have 4 BM.Standard2.52 and After several months he need additional compute capacity customer
find The VM Standard2.8 Instances running at 100% of CPU utilization but the BM.Standard2 .52 instances
have significant CPU capacity that unused.
so the customer need to check the Load balance policy to make sure the 4 BM and VM is utilize correctly
Question #:45
All three Data Guard Configuration are fully supported on Oracle Cloud infrastructure (OCI). You want to
deploy a maximum availability architecture (MAA) for database workload.
Which option should you consider while designing your Data Guard configuration to ensure best RTO and
PRO without causing any data loss?
A. Configure "Maximum Protection" mode which provides zero data loss If the primary database fails.
B. Configure "Maximum Performance" mode In SYNC mode between two availability domains (same
region) which provides, the highest level of data protection that is possible without affecting the
performance of the primary database.
C. Configure ''Maximum Scalability" mode which provides the highest level of scalability without
compromising the availability of the primary database.
D. Configure ''Maximum Availability" mode in SYNC mode between two availability domains (same
region), and use the Maximum Availability mode in SYNC mode between two regions.
Answer: D
Explanation
https://docs.cloud.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/best-practices-for-dr-on-oci.pdf
All three Data Guard configurations are fully supported on Oracle Cloud Infrastructure. However, because of a
high risk of production outage, we don’t recommend using the maximum protection mode for your Data Guard
configuration.
We recommend using the maximum availability mode in SYNC mode between two availability domains
(same region), and using the maximum availability mode in ASYNC mode between two regions. This
architecture provides you the best RTO and RPO without causing any data loss. We recommend building this
architecture in daisy-chain mode: the primary database ships redo logs to the first standby database in another
availability domain in SYNC mode, and then the first standby database ships the redo logs to another region in
ASYNC mode. This method ensures that your primary database is not doing the double
work of shipping redo logs, which can cause performance impact on a production workload.
This configuration offers the following benefits:
No data loss within a region.
No overhead on the production database to maintain standbys in another region.
Option to configure lagging on the DR site if needed for business reasons.
Option to configure multiple standbys in different regions without any additional overhead on the
production database. A typical use case is a CDN application
Bottom of Form
Question #:46
You are working as a solution architect with a global automotive provider who is looking to create a
multi-cloud solution
They want to run their application tier in Microsoft Azure while utilizing the Oracle DB Systems In the Oracle
Cloud Infrastructure (OCI).
What is the most fault tolerant and secure solution for this customer?
A.
A. Create an Oracle database in OCI Virtual Cloud Network (VCN) and connect to the application tier
running In Microsoft Azure over the Internet.
B. Create a FastConnect virtual circuit and choose Microsoft Azure from the list of providers available to
setup Network connectivity between application tier running in Microsoft Azure Virtual Network and
Oracle Databases running In OCI Virtual Cloud (VCN)
C. Use OCI Virtual Cloud Network remote peering connection to create connectivity among application
tier running in Microsoft Azure Virtual Network and Oracle Databases running in OCI Virtual Cloud
Network(VCN).
D. Create a VPN connection between the application tie, running in Azure Virtual Network and Oracle
Databases running In OCI Virtual Cloud Network (VCN).
Answer: B
Explanation
Oracle and Microsoft have created a cross-cloud connection between Oracle Cloud Infrastructure and
Microsoft Azure in certain regions. This connection lets you set up cross-cloud workloads without the traffic
between the clouds going over the internet.
you can connect your VNet and VCN so that traffic that uses private IP addresses goes over the crosscloud
connection.
For example, the following diagram shows a VNet that is connected to a VCN. Resources in the VNet are
running a .NET application that access an Oracle database that runs on Database service resources in the VCN.
The traffic between the application and database uses a logical circuit that runs on the cross-cloud connection
between Azure and Oracle Cloud Infrastructure.
The two virtual networks must belong to the same company and not have overlapping CIDRs.
The connection requires you to create an Azure ExpressRoute circuit and an Oracle Cloud
Infrastructure FastConnect virtual circuit.
Question #:47
A cost conscious fashions design company which sells bags, clothes, and other luxury items has recently
decided to more all of the their on-premises infrastructure Oracle Cloud Infrastructure (OCI), One of their
on-premises application is running on an NGINX server and the Oracle Database is running in a 2 node Oracle
Real Application Clusters (RAC) configuration.
Based on cost considerations, what is an effective mechanism to migrate the customer application to OCI and
set up regular automated backups?
A. Launch a compute Instance and run a NGINX server to host the application. Deploy a 2 node VM DB
Systems with oracle RAC enabled import the on premises database to OCI VM DB Systems using
oracle Data Pump and then enable automatic backups.
B.
B. Launch a compute Instance and run an NGINX server to host the application. Deploy Exadata Quarter
Rack, enable automatic backups and import the database using Oracle Data Pump.
C. Launch a compute Instance for both the NGINX application server and the database server. Attach block
volumes on the database server compute instance and enable backup policy to backup the block
volumes.
D. Launch a Compute instance and run a NGINX Server to host the application. Deploy a 2 node VM DB
Systems with Oracle RAC enabled Import the on premises database to OCI VM DB Systems using data
pump and then enable automatic backup- Also, enable Oracle Data Guard on the database server
Answer: A
Explanation
Based on cost considerations will exclude the Exadata. and there's no need for Data Guard
Cost Estimator
https://www.oracle.com/cloud/cost-estimator.html
Question #:48
You are the Solution Architect that designed this Oracle Cloud Infrastructure (OCI) compartment layout for
your organization:
The development team has deployed quite a few instances under 'Compute' Compartment and the operations
team needs to list the Instances under the same compartment for their testing. Both teams, development and
operations are part of a group called 'Eng-group'
You have been looking for an option to allow the operations team to list the instances without access any
confidential information or metadata of resources.
Which IAM policy should you write based on these requirements?
A. Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the
policy to ‘Engineering’ Compartment
B. Allow group Eng-group to inspect instance-family in compartment Dev-Team: Compute and attach the
policy to 'SysTest Team' Compartment
C. Allow group Eng-group to read instance-family in compartment Compute and attach the policy to
'Engineering' Compartment.
D. Allow group Eng-group to read instance-family in compartment Dev-Team-.Compute and attach the
policy to'Dev-Team'
Answer: A
Explanation
Policy Attachment
When you create a policy you must attach it to a compartment (or the tenancy, which is the root compartment).
Where you attach it controls who can then modify it or delete it. If you attach it to the tenancy (in other words,
if the policy is in the root compartment), then anyone with access to manage policies in the tenancy can then
change or delete it. Typically that's the Administrators group or any similar group you create and give broad
access to. Anyone with access only to a child compartment cannot modify or delete that policy.
When you attach a policy to a compartment, you must be in that compartment and you must indicate directly
in the statement which compartment it applies to. If you are not in the compartment, you'll get an error if you
try to attach the policy to a different compartment. Notice that attachment occurs during policy
creation, which means a policy can be attached to only one compartment.
Policies and Compartment Hierarchies
a policy statement must specify the compartment for which access is being granted (or the tenancy).
Where you create the policy determines who can update the policy. If you attach the policy to the compartment
or its parent, you can simply specify the compartment name. If you attach the policy further up the hierarchy,
you must specify the path. The format of the path is each compartment name (or OCID) in the path, separated
by a colon:
<compartment_level_1>:<compartment_level_2>: . . . <compartment_level_n>
to allow action to compartment Compute so you need to set the compartment PATH as per where you attach
the policy as below examples
if you attach it to Root compartment you need to specify the PATH as following
Engineering:Dev-Team:Compute
if you attach it to Engineering compartment you need to specify the PATH as following
Dev-Team:Compute
if you attach it to Dev-Team or Compute compartment you need to specify the PATH as following Compute
Note : in the Policy inspect verb that give the Ability to list resources, without access to any confidential
information or user-specified metadata that may be part of that resource.
Question #:49
A startup company is looking for a solution for processing of data transmitted by the IOT devices fitted to
transport vehicles that carry frozen foods. The data should be consumed and processed in real time. The
processed data should be archived to OCI Object Storage bucket. and use Autonomous Data warehouse
(ADW) to handle analytics.
Which architecture will help you meet this requirement?
A. Use OCI Streaming Service to collect the incoming biometric data. Use an open source Hadoop cluster
to analyze the data horn streaming service. Store the results to OCI Autonomous Data warehouse
(ADW) to handle complex analytics
B. Use OCI Streaming Service to collect the incoming biometric data. Use Oracle Functions to process the
date and show the results on a real-time dashboard and store the results lo OCI Object Storage Store the
data In OCI Autonomous Data warehouse (ADW) to handle analytics.
C. Create an OCI Object Storage bucket to collect the incoming biometric data from the smart pet collar
Fetch the data horn OC\ Object storage to OCI Autonomous Data Warehouse (ADW) every day and run
analytics Jobs with it
D. Launch an open source Hadoop cluster to collect the Incoming biometrics data Use an Open source
Fluentd cluster to analyze the- data me results to OCI Autonomous Transaction Processing (ADW)to
handle complex analytics
Answer: B
Explanation
Real-time processing of high-volume streams of data
- OCI Streaming service provides a fully managed, scalable, durable storage option for continuous,
highvolume
streams of data that you can consume and process in real-time
- Use cases
Log and Event data collection
Web/Mobile activity data ingestion
IoT Data streaming for processing and alerts
Messaging: use streaming to decouple components of large systems
- Oracle managed service with REST APIs (Create, Put, Get, Delete)
- Integrated Monitoring
Question #:50
A global media organization is working on a project which lets users upload their videos on their site. After
upload is complete, the video should be automatically processed by an Al algorithm. The algorithm will try to
recognize actions in the videos so that it can be used to show related advertisements in future. The
development team wants to focus on writing Al code and don't want to worry about underlying infrastructure
for high-availability, scalability, security and monitoring.
Which OCI services should you recommend for this project?
A. Use OCI Events service for triggering automatic processing of video, Oracle Container Engine for
Kubernetes (OKE) and OCI Digital Assistant
B. Use Oracle Container Engine for Kubernetes (OKE) for deployment of Al Code, OCI Notifications and
Object Storage
C. Use OCI Resource Manager to manage the underlying infrastructure, OCI Functions and OCI Events
service.
D. Use Object Storage for storing videos, OCI Events service and OCI Functions
Answer: D
Explanation
Oracle Functions is a fully managed, multi-tenant, highly scalable, on-demand, Functions-as-a-Service
platform. It is built on enterprise-grade Oracle Cloud Infrastructure and powered by the Fn Project open source
engine. Use Oracle Functions (sometimes abbreviated to just Functions) when you want to focus on writing
code to meet business needs.
The serverless and elastic architecture of Oracle Functions means there's no infrastructure administration or
software administration for you to perform. You don't provision or maintain compute instances, and operating
system software patches and upgrades are applied automatically. Oracle Functions simply ensures your app is
highly-available, scalable, secure, and monitored. With Oracle Functions, you can write code in Java, Python,
Node, Go, and Ruby (and for advanced use cases, bring your own Dockerfile, and Graal VM). You can then
deploy your code, call it directly or trigger it in response to events, and get billed only for the resources
consumed during the execution.
You can create automation based on state changes for your Oracle Cloud Infrastructure resources by using
event types, rules, and actions. When the function is executing inside the container, the function can read from
and write to other resources and services running in the same subnet (for example, Database as a Service). The
function can also read from and write to other shared resources (for example, Object Storage), and other
Oracle Cloud Services.
Question #:51
As a part of migration exercise for an existing on premises application to Oracle Cloud Infrastructure (OCT),
yon ore required to transfer a 7 TB file to OCI Object Storage. You have decided to upload functionality of
Object Storage.
Which two statements are true?
A. Active multipart upload can be checked by listing all parts that have been uploaded, however It Is not
possible to list information for individual object part in an active multipart upload
B. It is possible to spill this fileInto multiple parts using the APIs provided by Object Storage.
C. It is possible to split this file into multiple parts using rclone tool provided by Object Storage.
D. After initiating a multipart upload by making a CreateMultlPartUpload RESI API Call, the upload
remains active until you explicitly commit it or abort.
E. Contiguous numbers need to be assigned for each part so that Object Storage constructs the object by
ordering, part numbers in ascending order
Answer: A D
Explanation
You can check on an active multipart upload by listing all parts that have been uploaded. (You cannot list
information for an individual object part in an active multipart upload.)
After you finish creating object parts, initiate a multipart upload by making a CreateMultipartUpload REST
API call. Provide the object name and any object metadata. Object Storage responds with a unique upload ID
that you must include in any requests related to this multipart upload. Object Storage also marks the upload as
active. The upload remains active until you explicitly commit it or abort it.
Question #:52
You are creating an Oracle Cloud Infrastructure Dynamic Group. To determine the members of this group you
are defining a set of matching rules.
Which of the following are the supported variables to define conditions in the matching rules? (Choose Two)
A. iam.policy.id - the OCID of the IAM policy to apply to the group.
B. instance.tenancy.id - the OCID of the tenancy where the instance resides.
C. tag.<tagnamespace>.<tagkey>.value - the tag namespace and tag key.
D. instance.compartment.id - the OCID of the compartment where the instance resides.
Answer: C D
Explanation
You can define the members of the dynamic group based on the following:
- compartment ID
- instance ID
- tag namespace and tag key
- tag namespace, tag key, and tag value
Supported variables are:
instance.compartment.id - the OCID of the compartment where the instance resides
instance.id - the OCID of the instance
tag.<tagnamespace>.<tagkey>.value - the tag namespace and tag key. For
example, tag.department.operations.value .
tag.<tagnamespace>.<tagkey>.value='<tagvalue>' - the tag namespace, tag key, and tag value. For
example, tag.department.operations.value='45'
Question #:53
Multiple departments In your company use a shared Oracle Cloud Infrastructure (OCI) tenancy to Implement
their projects. You are in charge of managing the cost of OCI resources in the tenancy and need to obtain
better Insights Into department's usage.
Which three options can you implement together to accomplish this?
A. Create a budget that matches your commitment amount and an alert at 100 percent of the forecast
B. Set up a consolidated budget tracking lags to analyze costs in ,1 granular manner
C. Set up different compartments for each department then track and analyze cost per compartment
D. Use the billing cost tracking report to analyze costs
E. Set up a tag default that automatically applies tags to all specified resources created In a compartment
then use these tags for cost analysis.
Answer: A C E
Explanation
budgets
You can use budgets to track costs in your tenancy. After creating a budget for a compartment, you can set up
alerts that will notify you if a budget is forecast to be exceeded or if spending surpasses a certain amount.
OCI Cost Analysis
•Visualization tools Help understand spending patterns at a glance
•Filter costs by Date, Tags and Compartments
•Trend lines show how spending patterns are changing
•To use Cost Analysis you must be a member of the Administrators group
Question #:54
You want to automate the processing of new Image files to generate thumbnails. the expected rate is 10 new
files every hour.
Which of the following is the most cost effective option to meet this requirement in Oracle Cloud
Infrastructure (OCI)?
A. Upload files to an OCI Object storage bucket. Every time a file is uploaded, an event is emitted. Write a
rule to filter these events with an action to trigger a function in Oracle Functions. The function processes
the image in the file and stores the thumbnails back in an Object storage bucket.
B. Upload files to an OCI Object storage bucket. Every time a file is uploaded, trigger an event with an
action to provision a compute instance with a cloud-init script to access the file, process it and store it
back in an Object storage bucket. Terminate the instance using Autoscaling policy after the processing is
finished.
C. Build a web application to ingest the files and save them to a NoSQL Database. Configure OCI Events
service to trigger a notification using Oracle Notification Service (ONS). ONS invokes a custom
application to process the image files to generate thumbnails. Store thumbnails in a NoSQL Database
table.
D. Upload all files to an Oracle Streaming Service (OSS) stream. Set up a cron job to invoke a function in
Oracle Functions to fetch data from the stream. Invoke another function to process the image files and
generate thumbnails. Store thumbnails in another OSS stream.
Answer: A
Explanation
You can invoke a function that you've deployed to Oracle Functions by triggered by an event in the Events
service when update the Object storage to fetch the data then the function can process the File and store back
to Object storage
Question #:55
Your company has recently deployed a new web application that uses Oracle functions Your manager
Instructed you to Implement major manage your systems more effectively. You know that Oracle functions
automatically monitors functions on your behalf reports metrics through Service Metrics.
Which two metrics are collected and made available by this feature?
A. length of time a function runs
B. number of times a function is removed
C. number of times a function is invoked
D. amount of CPU used by a function
E. number of concurrent connections
Answer: A C
Explanation
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Reference/functionsmetrics.htm
you can monitor the health, capacity, and performance of functions you've deployed to Oracle Functions by
using metrics
Oracle Functions monitors function execution, and collects and reports metrics such as:
The number of times a function is invoked.
The length of time a function runs for.
The number of times a function failed.
The number of requests to invoke a function that returned a '429 Too Many Requests' error in the response
(known as 'throttled function invocations').
Question #:56
You are responsible for migrating your on premises legacy databases on 11.2.0.4 version to Autonomous
Transaction Processing Dedicated (ATP-D) In Oracle Cloud Infrastructure (OCI). As a solution architect, you
need to plan your migration approach.
Which two options do you need to implement together to migrate your on premises databases to OCI?
A. Use Oracle Data Guard to keep on premises database always active during migration
B. Retain changes to Oracle shipped privileges, stored procedures or views In the on-premises databases.
C. Use Oracle GoldenGate replication to keep on premises database online during migration.
D. Convert on-premises databases to PDB, upgrade to 19c, and encrypt Migration.
E.
E. Retain all legacy structures and unsupported features (e.g. taw U>Bs) In the onuses databases for
migration.
Answer: C D
Explanation
Autonomous Database is an Oracle Managed and Secure environment.
A physical database can’t simply be migrated to autonomous because:
- Database must be converted to PDB, upgraded to 19c, and encrypted
- Any changes to Oracle shipped privileges, stored procedures or views must be removed
- All legacy structures and unsupported features must be removed (e.g. legacy LOBs)
GoldenGate replication can be used to keep database online during migration
Question #:57
A customer has a Virtual Machine instance running in their Oracle Cloud Infrastructure tenancy. They realized
that they wrongly picked a smaller shape for their compute instance. They are reaching out to you to help them
fix the issue.
Which of the below options is best recommended to suggest to the customer?
A. Delete the running instance and spin up a new instance with the desired shape.
B. Change the shape of instance without reboot, but stop all the applications running on instance
beforehand to prevent data corruption.
C. Change the shape of the virtual machine instance using the Change Shape feature available in the
console.
D. OCI doesn't allow such an operation.
Answer: C
Explanation
Explanation
You can change the shape of a virtual machine (VM) instance without having to rebuild your instances or
redeploy your applications. This lets you scale up your Compute resources for increased performance, or scale
down to reduce cost.
When you change the shape of an instance, you select a different processor, number of cores, amount of
memory, network bandwidth, and maximum number of VNICs for the instance. The instance's public and
private IP addresses, volume attachments, and VNIC attachments remain the same.
Question #:58
A large financial company has a web application hosted in their on-premises data center. They are migrating
their application to Oracle Cloud Infrastructure (OCI) and require no downtime while the migration is
on-going. In order to achieve this, they have decided to divert only 30% of the application works fine, they
divert all traffic to OCI.
As a solution architect working with this customer, which suggestion should you provide them?
A. Use OCI Traffic management with failover steering policy and distribute the traffic between OC1 and
on premises infrastructure.
B. Use OCI Traffic management with Load Balancing steering policy and distribute the traffic between
OCI and on premises infrastructure.
C. Use an OCI load Balancer and distribute the traffic between OCI and on premises infrastructure.
D. Use VPN connectivity between on premises Infrastructure and OCI, and create routing tables to
distribute the traffic between them.
Answer: B
Explanation
Traffic Management Steering Policies can account for health of answers to provide failover capabilities,
provide the ability to load balance traffic across multiple resources, and account for the location where the
query was initiated to provide a simple, flexible and powerful mechanism to efficiently steer DNS traffic.
Question #:59
You have deployed a multi-tier application with multiple compute instances in Oracle Cloud Infrastructure.
You want to back up these volumes and have decided to use Volume Group's feature. The Block volume and
Compute instances exist in different compartments within your tenancy.
Periodically. a few child compartments are moved under different parent compartments, and you notice that
sometimes volume group backup fails.
What could be the cause?
A. You are exceeding your volume group backup quota configured.
B. You have the same block volume attached to multiple compute instances; if these compute instances are
in different compartments then all concerned compartments must be moved at the same time.
C. Compute instance with multiple block volumes attached cannot move when a compartment is moved.
D. The Identity and Access Management policy allowing backup failed to move when the compartment
was moved.
Answer: D
Explanation
You can move a compartment to a different parent compartment within the same tenancy. When you move a
compartment, all its contents (subcompartments and resources) are moved with it. Moving a compartment has
implications for the contents.
After you move a compartment to a new parent compartment, the access policies of the new parent take effect
and the policies of the previous parent no longer apply. Before you move a compartment, ensure that:
You are aware of the policies that govern access to the compartment in its current position.
You are aware of the polices in the new parent compartment that will take effect when you move the
compartment.
In some cases, when moving nested compartments with policies that specify the hierarchy, the polices are
automatically updated to ensure consistency.
Question #:60
An organization has its IT infrastructure in a hybrid setup with an on-premises environment and an Oracle
Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) in the us-phonix-1 region. The on-premise
applications communications with compute instances inside the VPN over a hardware VPN connection. They
are looking to implement an Intrusion detected and Prevention (IDS/IPS) system for their OCI environment.
This platform should have the ability to scale to thousands of compute of instances running inside the VCN.
How should they architect their solution on OCI to achieve this goal?
A. Set up an OCI Private Load Balance! and configure IDS/IPS related health checks at TCP and/or HTTP
level to inspect traffic
B. Configure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS
platform to inspection
C. There Is no need to implement an IPS/IDS system as traffic coming over IPSec VPN tunnels Is already
encrypt
D. Configure autoscaling on a compute Instance pool and set vNIC to promiscuous mode to called traffic
across the vcn and send it IDS/IPS platform for inspection.
Answer: B
Explanation
in Transit routing through a private IP in the VCN you set up an instance in the VCN to act as a firewall or
intrusion detection system to filter or inspect the traffic between the on-premises network and Oracle Services
Network.
The Networking service lets you implement network security functions such as intrusion detection,
application-level firewalls In fact, the IDS model can be host-based IDS (HIDS) or network-based IDS
(NIDS). HIDS is installed at a host to periodically monitor specific system logs for patterns of intrusions. In
contrast, an NIDS sniffs the traffic to analyze suspicious behaviors. A signature-based NIDS (SNIDS)
examines the traffic for patterns
of known intrusions. SNIDS can quickly and reliably diagnose the attacking techniques and security holes
without generating an over-whelming number of false alarms because SNIDS relies on known signatures.
However, anomaly-based NIDS (ANIDS) detects unusual behaviors based on statistical methods. ANIDS
could detect symptoms of attacks without specific knowledge of details. However, if the training data of the
normal traffic are inadequate, ANIDS may generate a large number of false alarms.
Question #:61
A retail company has several on-premises data centers which span multiple geographical locations. They plan
to move some of their applications from on-premises data centers to Oracle Cloud Infrastructure (OCI). For
these applications running in OCI, they still need to interact with applications running on their on-premises
data centers to Oracle Cloud Infrastructure (OCI). for these applications running in OCI. they still need to
interact with applications running on their on-premises data centers. These applications require highly
available, fault-tolerant network connections between on premises data centers and OCI.
Which option should you recommend to provide the highest level of redundancy?
A. Oracle cloud Infrastructure provides network redundancy by default so that no other operations are
required
B. If your data centers span multiple, geographical locations, use only the specific IP address as a static
route for the specific geographical location
C. Set up both IPSec VPN and FastConnect to connect your on premises data centers to Oracle Cloud
Infrastructure.
D. Use FastConnect private peering only to ensure secure access from your data center to Oracle Cloud
Infrastructure
E. Set up a single IPSec VPN connection (rom your data center to Oracle Cloud Infrastructure since It is
cost effective
Answer: B
Explanation
If your data centers span multiple geographical locations, we recommend using a broad CIDR (0.0.0.0/0) as a
static route in addition to the CIDR of the specific geographical location. This broad CIDR provides high
availability and flexibility to your network design. For instance, the following diagram shows two networks in
separate geographical areas that each connect to Oracle Cloud Infrastructure. Each area has a single
on-premises router, so two IPSec VPN connections can be created. Note that each IPSec VPN connection has
two static routes: one for the CIDR of the particular geographical area, and a broad 0.0.0.0/0 static route.
Question #:62
A hospital in Austin has hosted its web based medical records portal entirely In Oracle cloud Infrastructure
(OCI) using Compute Instances for its web-tier and DB system database for its data tier. To validate
compliance with Health Insurance Portability and Accountability (HIPAA), the security professional to check
their systems it was found that there are a lot of unauthorized coming requests coming from a set of IP
addresses originating from a country in Southeast Asia.
Which option can mitigate this type of attack?
A. Block the attacking IP address by creating by Network Security Group rule to deny access to the
A.
compute Instance where the web server Is running
B. Block the attacking IP address by implementing a OCI Web Application Firewall policy using Access
Control Rules
C. Mitigate the attack by changing the Route fable to redirect the unauthorized traffic to a dummy Compute
instance
D. Block the attacking IP address by creating a Security List rule to deny access to the subnet where the
web server Is running
Answer: B
Explanation
WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's
applications.
WAF provides you with the ability to create and manage rules for internet threats including
Cross-Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can be
mitigated while tactically allowed desirable bots to enter. Access rules can limit based on geography or the
signature of the request.
As a WAF administrator you can define explicit actions for requests that meet various
conditions. Conditions use various operations and regular expressions. A rule action can be
set to log and allow, detect, or block requests
Question #:63
A manufacturing company is planning to migrate their on-premises database to OCI and has hired you for the
migration. Customer has provided following information regarding their existing onpremises database:
Database version, host operating system and version, database character set, storage for data staging,
acceptable length of system outage.
What additional information do you need from customer in order to recommend a suitable migration method?
Choose two
A. Elapsed time since database was last patched
B. On-premises host operating system and version
C. Number of active connections
D. Data types used in the on-premises database
E. Top 5 longest running queries
Answer: B D
Explanation
Not all migration methods apply to all migration scenarios. Many of the migration methods apply only if
specific characteristics of the source and destination databases match or are compatible. Moreover,
additional factors can affect which method you choose for your migration from among the methods that
are technically applicable to your migration scenario.
Some of the characteristics and factors to consider when choosing a migration method are:
On-premises database version
Database service database version
On-premises host operating system and version
On-premises database character set
Quantity of data, including indexes
Data types used in the on-premises database
Storage for data staging
Acceptable length of system outage
Network bandwidth
Question #:64
You are working as a solution architect for an online retail store to create a portal to allow the users to pay for
their groceries using credit cards. Since the application is not fully compliant with the Payment Card Industry
Data Security Standard (PCI DSS), your company is looking to use a third party payment service to process
credit card payments.
The third party service allows a maximum of Spelunk IP addresses 5 public IP addresses at a time However,
your website is using Oracle Cloud Infrastructure (OCI) Instance Pool Auto Scaling policy to create up to
create up to 15 Instances during peak traffic demand, which are launched In VCN private in VCN private
subnets and attached to an OCI public Load Balancer. Upon user payment, the portal connects to the payment
service over the Interne! to complete the transaction
What solution can you implement to make sure that all compute Instances can connect to the third party
system to process the payments aw peak traffic demand?
A. Route credit card payment request from the compute instances through the NAT Gateway. On the
A.
third-party services, whitest the public IP associated with the NAT Gateway.
B. Whitelist the Internet Gateway Public IP on the third party service and route all payment requests
through the Internet Gateway.
C. Create an OCI Command Line Interface (CLI) script to automatically reserve public IP address for the
compute instances. On the third services, whitelist the Reserved public IP.
D. Route payment request from the compute instances through the OCI Load Balancer, which will then be
routed to the third party service.
Answer: D
Explanation
You can OCI Load Balancer for this solution which can you the Public IPs of Load balancer to Traffic to third
party services which allows a maximum of Spelunk IP addresses 5 public IP addresses at a time However,
your website is using Oracle Cloud Infrastructure (OCI) Instance Pool Auto Scaling policy to create up to 15
Instances during peak traffic demand
Question #:65
After performing maintenance on an Oracle Linux compute instance the system is returned to a running state
You attempt to connect using SSH but are unable to do so. You decide to create an instance console
connection to troubleshoot the issue.
Which three tasks would enable you to connect to the console connection and begin troubleshooting?
A. Use SSH to connect to the public: IP address of the compute Instance and provide the console
connection OCID as the username.
B. edit the Linux boot menu to enable access to console.
C. Use SSH to connect to the service endpoint of the console connection service
D. Reboot the compute instance using the Oracle Cloud Infrastructure (OCI) Management Console
E. Upload an API signing key for console connection authentication.
F. Stop the compute Instance using the Oracle cloud Infrastructure (OCI) Command Line interface (CLI).
Answer: B C D
Explanation
The Oracle Cloud Infrastructure Compute service provides console connections that enable you to remotely
troubleshoot malfunctioning instances, such as:
An imported or customized image that does not complete a successful boot.
A previously working instance that stops responding.
the steps to connect to console and troubleshoot the OS Issue
1- Before you can connect to the serial console you need to create the instance console connection.
Open the navigation menu. Under Core Infrastructure, go to Compute and click Instances.
Click the instance that you're interested in.
Under Resources, click Console Connections.
Click Create Console Connection.
Upload the public key (.pub) portion for the SSH key. You can browse to a public key file on your computer
or paste your public key into the text box.
Click Create Console Connection.
When the console connection has been created and is available, the status changes to ACTIVE.
2- Connecting to the Serial Console
you can connect to the serial console by using a Secure Shell (SSH) connection to the service endpoint
of the console connection service
Open the navigation menu. Under Core Infrastructure, go to Compute and click Instances.
Click the instance that you're interested in.
Under Resources, click Console Connections.
Click the Actions icon (three dots), and then click Copy Serial Console Connection for Linux/Mac.
Paste the connection string copied from the previous step to a terminal window on a Mac OS X or Linux
system, and then press Enter to connect to the console.
If you are not using the default SSH key or ssh-agent, you can modify the serial console connection string to
include the identity file flag, -i , to specify the SSH key to use. You must specify this for both the SSH
connection and the SSH ProxyCommand, as shown in the following line:
ssh -i /<path>/<ssh_key> -o ProxyCommand='ssh -i /<path>/<ssh_key> -W %h:%p -p 443...
Press Enter again to activate the console.
3- Troubleshooting Instances from Instance Console Connections
To boot into maintenance mode
Reboot the instance from the Console.
When the reboot process starts, switch back to the terminal window, and you see Console messages start to
appear in the window. As soon as you see the GRUB boot menu appear, use the up/down arrow
key to stop the automatic boot process, enabling you to use the boot menu.
In the boot menu, highlight the top item in the menu, and type e to edit the boot entry.
In edit mode, use the down arrow key to scroll down through the entries until you reach the line that starts with
either linuxefi for instances running Oracle Autonomous Linux 7.x or Oracle Linux 7.x,
or kernel for instances running Oracle Linux 6.x.
At the end of that line, add the following:
init=/bin/bash
Reboot the instance from the terminal window by entering the keyboard shortcut CTRL+X.
Question #:66
An online registration system Is currently hosted on one large Oracle Cloud Infrastructure (OCT) Bare metal
compute Instance with attached block volume to store of the users' data. The registration system accepts the
Information from the user, Including documents and photos then performs automated verification and
processing to check it the user is eligible for registration.
The registration system becomes unavailable at tunes when there is a surge of users using the system the
existing architecture needs improvement as it takes a long time for the system to complete the processing and
the attached block volumes are not large enough to use data being uploaded by the users.
Which Is the most effective option to achieve a highly scalable solution?
A. Attach more Block volumes as the data volume increase, use Oracle Notification Service (ONS) to
distribute tasks to a pool of compute instances working In parallel, and Auto Scaling to dynamically size
the pool of Instances depending on the number of notifications received from the Notification Service.
Use Resource Manager stacks to replicate your architecture to another region.
B. Change your architecture to use an OCI Object Storage standard tier bucket, replace the single bare
metal instance with a Oracle Streaming Service (OSS) to ingest the Incoming requests and distribute the
tasks to a group of compute Instances with Auto Scaling
C. Upgrade your architecture to use a pool of Bare metal servers and configure them to use their local
SSDs for faster data access Set up Oracle Streaming Service (OSS) to distribute the tasks to the pool of
Bare metal Instances with Auto Scaling to dynamically increase or decrease the pool of compute
instances depending on the length of the Streaming queue.
D. Upgrade your architecture to use more Block volumes as the data volume Increases. Replace the single
bare metal instance with a group of compute instances with Auto Scaling to dynamically increase or
decrease the compute instance pools depending on the traffic.
Answer: D
Question #:67
A data analytics company has been building Its now generation big data and analytics platform on Oracle
Cloud Infrastructure (OCI). They need a storage service that provide the scale and performance that their big
data applications require such as high throughput to compute nodes with low latency file operations in
addition, their data needs to be stored redundantly across multiple nodes In a single availability domain and
allows concurrent connections from multiple compute Instances hosted on multiple availability domains.
Which OCI storage service can you use to meet i his requirement?
A. Object Storage
B. File System Storage
C. Archive storage
D. Block Volume
Answer: B
Explanation
Oracle Cloud Infrastructure File Storage service provides a durable, scalable, secure, enterprise-grade
network file system. You can connect to a File Storage service file system from any bare metal, virtual
machine, or container instance in your Virtual Cloud Network (VCN). You can also access a file system from
outside the VCN using Oracle Cloud Infrastructure FastConnect and Internet Protocol security (IPSec) virtual
private network (VPN).
Use the File Storage service when your application or workload includes big data and analytics, media
processing, or content management, and you require Portable Operating System Interface (POSIX)- compliant
file system access semantics and concurrently accessible storage. The File Storage service is designed to
meet the needs of applications and users that need an enterprise file system across a wide range of use cases
Question #:68
By copying block volume backups to another region at regular intervals, it makes it easier for you to rebuild
applications and data in the destination region if a region-wide disaster occurs in the source region.
Which IAM Policy statement allows the VolumeAdmins group to copy volume backups between regions '
A. Allow group VolumeAdmins to use volumes in tenancy
B. Allow group VolumeAdmins to copy volume' backups in tenancy
C. Allow group VolumeAdmins to manage volume-family In tenancy
D. Allow group VolumeAdmins to inspect volumes in tenancy
Answer: C
Explanation
The backups feature of the Oracle Cloud Infrastructure Block Volume service lets you make a point-intime
snapshot of the data on a block volume.These backups can then be restored to new volumes either immediately
after a backup or at a later time that you choose.
You can copy block volume backups between regions using the Console, command line interface (CLI),
SDKs, or REST APIs.
To copy volume backups between regions, you must have permission to read and copy volume backups in the
source region, and permission to create volume backups in the destination region.
to do all things with block storage volumes, volume backups, and volume groups in all
compartments with the exception of copying volume backups across regions.
Allow group VolumeAdmins to manage volume-family in tenancy
The aggregate resource type volume-family does not include the VOLUME_BACKUP_COPY permission, so
to enable copying volume backups across regions you need to ensure that you include the third statement in
that policy, which is:
Allow group VolumeAdmins to use volume-backups in tenancy where request.permission='VOLUME

_BACKUP_COPY'
Question #:69
A customer is in a process of shifting their web based Sales application from their own data center located in
US West to OCI India West (Mumbai) region. They want to do it in a controlled manner and initially only 1%
of the traffic will be steered to the servers in OCI. After verification of everything is working as expected, the
company is gradually planning to increase the ratio until they are comfortable with fully migrating all traffic to
OCI.
Which of the following solution can be used in this situation?
A. OCI DNS and Traffic Management with Geolocation Steering policy
B. OCI DNS and Traffic Management with Failover Steering policy
C. OCI DNS and Traffic Management with Load Balancer Steering policy
D. OCI DNS and OCI Load Balancer Service
Answer: C
Explanation
STEERING POLICIES is A framework to define the traffic management behavior for your zones. Steering
policies contain rules that help to intelligently serve DNS answers.
FAILOVER
Failover policies allow you to prioritize the order in which you want answers served in a policy (for example,
Primary and Secondary). Oracle Cloud Infrastructure Health Checks are leveraged to determine the health of
answers in the policy. If the Primary Answer is determined to be unhealthy, DNS traffic will automatically
be steered to the Secondary Answer.
LOAD_BALANCE
Load Balancer policies allow distribution of traffic across multiple endpoints. Endpoints can be assigned equal
weights to distribute traffic evenly across the endpoints or custom weights may be assigned for ratio load
balancing. Oracle Cloud Infrastructure Health Checks are leveraged to determine the health of the
endpoint. DNS traffic will be automatically distributed to the other endpoints, if an endpoint is determined to
be unhealthy.
ROUTE_BY_GEO
Geolocation-based steering policies distribute DNS traffic to different endpoints based on the location of the
end user. Customers can define geographic regions composed of originating continent, countries or
states/provinces (North America) and define a separate endpoint or set of endpoints for each region.
ROUTE_BY_ASN
ASN-based steering policies enable you to steer DNS traffic based on Autonomous System Numbers (ASN).
DNS queries originating from a specific ASN or set of ASNs can be steered to a specified endpoint.
ROUTE_BY_IP
IP Prefix-based steering policies enable customers to steer DNS traffic based on the IP Prefix of the
originating query.
Question #:70
The Finance department of your company has reached out to you. They have customer sensitive data on
compute Instances In Oracle Cloud Infrastructure (OCI) which they want to store in OCI Storage for long term
retention and archival.
To meet security requirements they want to ensure this data is NOT transferred over public internet, even if
encrypted.
which they want to store In OCI Object Storage fin long term retention and archival
To meet security requirements they want to ensure this data is NOT transferred over public Internet, even it
encrypted.
Which option meets this requirements?
A. Configure a NAT instance and all traffic between compute In Private subnet should use this NAT
instance with Private IP as the route target.
B. Use NAT gateway with appropriate route table when transferring data. Then use NAT gateways' toggle
(on/off) once data transfer is complete.
C. Use Service gateway with appropriate route table.
D. Use Storage gateway with appropriate firewall rule.
Answer: C
Explanation
Service Gateway is virtual router that you can add to your VCN. It provides a path for private network traffic
between your VCN and supported services in the Oracle Services Network like Object Storage) so compute
Instances in a private subnet in your VCN can back up data to Object Storage without needing public IP
addresses or access to the intern
Question #:71
A new International hacktivfst group based in London, launched a wide scale cyber attacks Including SQL
Injection and Cross-Site Scripting (XSS) across multiple websites which are hosted in Oracle Cloud
Infrastructure (OCI). As an IT consultant, you must configure a Web Application Firewall (WAF) to protect
these website against the attacks.
How should you configure your WAF to protect the website against those attacks?
A. Enable an Access Rule that contains XSS Filters Categories and SQL Filters Categories.
B. Enable a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL
strings.
C. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.
D. Enable an Access Rule to block the IP Address range from London.
E. Enable a Protection Rule to block requests that came from London.
Answer: A
Question #:72
You have an Oracle database system in a virtual cloud network (VCN) that needs to be accessible on port 1521
from your on-premises network CIDR 172.17.0.0/24.
You have the following configuration currently.
Virtual cloud network (VCD) is associated with a Dynamic Routing Gateway (DRG), and DRG has an active
IPSec connection with your on-premises data center.
Oracle database system is hosted in a private subnet
The private subnet route table has the following configuration
The private subnet route table has following configuration.
However, you are still unable to connect to the Oracle Database system.
Which action will resolve this issue?
A)
Add an EGRESS rule in network security group as following.
B)
Add a route rule in the private subnet route table as following.
C)
Add an EGRESS rule in private subnet scurity list as following.
D)
Add an EGRESS rule in private subnet security list as following.
A. Option A
B. Option B
C. Option C
D. Option D
Answer: B
Pregunta que no esta en doc 3
Tambien podría ser la A según doc 2

Oracle: Question & Answers

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

Oracle: Question & Answers

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Oracle: Question & Answers

Uploaded by

Copyright:

Available Formats

Oracle

QUESTION & ANSWERS

What is the potential problem in this scenario?

Which step should NOT be considered when troubleshooting this issue?

Answer: A puede ser C ..... no esta en documento 1

Which option should you recommend to build this new platform?

A. Install a kubernetes cluster on OCI and use OCI event service.

What is the most-effective mechanism to Implement this requirement?

Which option can you use to secure access?

A. Configure auto scaling policy and it to WAF instance.

B. Configure Control Rules to send traffic to multiple web servers

C. Configure multiple origin servers

D. Configure new rules based on now vulnerabilities and mitigations

Distributed Denial of Service (DDoS)

What steps do you need to take to prevent this situation?

1- Connecting to (ADW) from Public Internet

Which two options ensure compliance with this policy?

This applies to both encryption at-rest and in-transit encryption.

Object Storage Encryption

Which two are possible causes?

C. OCI Resource Manager

B. Auto scaling also scales IO throughput linearly along with CPU

without any manual intervention required.

What could be wrong In this situation?

A. Autoscaling only works with single availability domains.

E. You forgot to attach a load balancer to your instance pool configuration.

Autoscaling enables you to automatically adjust the number of Compute instances in an

Enabling Monitoring for Compute Instances.

determined by your tenancy's service limits.

About Service Limits and Usage

C. Use multiple OCI Data Transfer Appliances to transfer data to OCI.

You have 2 Options of Data Transfer

DISK-BASED DATA TRANSFER

APPLIANCE-BASED DATA TRANSFER

[ { "name": "Archive_doc", "action": "ARCHIVE", "objectNameFilter": { "inclusionPrefixes": "doc"] },

"timeAmount": 5, "timeunit": "DAYS", "isEnabled": true },

{ "name": "Delete_doc", "action": "DELETE", "objectNameFilter": "inclusionPrefixes": [ "doc"]

1."timeAmount": 5, "timeunit": "DAYS", "isEnabled": true }

manage the following resources:

Give this compartment structure:

You want to move a compute instance that is in 'Compute' compartment to 'SysTes-Team'.

Which option is the simplest way to implement this new requirement?

A. Create a policy to automatically tag a resource with the user name.

Supported Tag Variables

The following tag variables are supported.

${iam.principal.name} The name of the principal that tagged the resource

${iam.principal.type} The type of principal that tagged the resource.

Consider the following example:

Operations.CostCenter=" ${iam.principal.name} at ${oci.datetime} "

Planning Your Backup

Frequency: How often you want to back up your data.

changed since your last backup.

* Highly available connection with service level redundancy

* Dedicated network bandwidth with low latency

B. Configure RAID 6 for NVMe devices.

C. Configure RAID 1 for NVMe devices.

D. Configure RAID 10 for NVMe devices.

which architecture will help you meet this requirement?