Difficult questions

Question: 208 *************************************

You have an application running on Oracle Cloud Infrastructure. You Identified that the read and
write operations are slowing your application down enough to impair user access. The application is
currently using a VM.Standard2.1 compute without any block storage attached to it.
Which two options allow you to increase disk IOPS performance?
A. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the VM.DenseI02.8 shape using the boot volume preserved and use the NVMe devices to host
your application.
B. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the VM.Standard2.2 shape using the boot volume preserved and attach a new block volume to
host your application.
C. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the VM.Standard2.2 shape using the boot volume preserved, but no block volume attached.
D. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the BM.GPU2.2 shape using the boot volume preserved, but no block volume attached

Answer: AD

Since the read and write operations are slowing your application down enough to impair user access,
you need to avoid using Standard shape.

Question: 199 ****************************************super diff

You have provisioned an Autonomous Transaction Processing (ATP) database and logged into the ATP
service console.
What are three abilities that can be performed from this service console? (Choose three.)

A. scale up/down the CPUs

B. create ATP database users
C. reset the admin password
D. set resource management rules
E. monitor database activity and SQL queries
Answer: C,D,E

Question: 234 *********************************************super diff

Which of the following two tasks can be performed in the Oracle Cloud Infrastructure Console for
Autonomous Data Warehouse?
A. Adjust Network Bandwidth
B. Scale up/down Memory
C. Increase Storage allocated for Database
D. Scale up/down CPU

Answer: CD

Explanation:
You can scale up/down your Autonomous Database to scale both in terms of compute (CPU) and
storage only when needed, allows people to pay per use.
Oracle allows you to scale compute and storage independently, no need to do it together. these
scaling activities fully online (no downtime required)
in Details page Autonomous Database in OCI console, click Scale Up/Down. Click on arrow to select a
value for CPU Core Count or Storage (TB).
Or Select auto scaling to allow the system to automatically use up to three times more CPU and IO
resources to meet workload demand, compared to the database operating with auto scaling
disabled.

Question: 65****************************very difficult

Which two statements are true about Oracle Cloud Infrastructure Compute Service? (Choose two.)
A. You can launch a virtual or bare metal instance by using the same LaunchInstance API.
B. You cannot launch a bare metal server in Oracle Cloud Infrastructure Compute Service.
C. You can attach a block volume in an Availability Domain other than your compute instance.
D. You can share custom images across tenancies and regions.
Answer: A,D

Explanation:
References:
Regions and Availability Domains
Volumes are only accessible to instances in the same availability domain . You cannot move a volume
between availability domains or regions.
FYI: https://docs.cloud.oracle.com/iaas/Content/Block/Concepts/overview.htm

Answer: D

Question: 109 ***********************************very difficult

You have one database-style application that frequently makes many random reads and writes across
the dataset.
Which storage offering supports this application?
A. Object Storage Service
B. Archive Storage Service
C. File Storage Service
D. Block Storage Service

Answer: D
Question: 186
Which two options are true for Autonomous Transaction Processing (ATP) database? (Choose two.)
A. You can add/remove Diskgroup in ATP
B. You can scale storage up or down in ATP
C. You can scale CPU up or down in ATP
D. You can add more Pluggable Database for consolidating multiple databases in ATP
E. You can add new ORACLE_HOME for bringing older versions of on-premises databases to ATP

Answer: B, C
Question: 85********************************************very difficult
Which statement is true about restoring a block volume from a manual or policy-based block volume
backup?
A. It can be restored as new volumes to any Availability Domain within the same region.
B. It must be restored as new volumes to the same Availability Domain on which the original block
volume backup resides.
C. It can be restored as new volumes to any Availability Domain across different regions.
D. It can be restored as new volumes with different sizes from the backups.

Answer: A

Question: 73

Which three types of credentials are used to manage Oracle Cloud Infrastructure Identity and Access
Management (IAM)? (Choose three.)
A. Windows Password
B. API Signing Key
C. Swift Password
D. SSH Key
E. Console Password

Answer: B,C,E
Question: 70
Which statement is true about cloning a volume?
A. You need to detach a volume before cloning from it.
B. A cloned volume is the same as a snapshot that has a dependency on the source volume.
C. You can change the block volume size when cloning a volume.
D. You can create a clone for a volume across regions.

Answer: C ***********************

Question: 2
Which two are Regional resources in Oracle Cloud Infrastructure? (Choose two.)
A. Ephemeral public IPs
B. Compartments
C. Compute images
D. Dynamic groups
E. Block volume backups

https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm

Correct Answer is C and E.

Compartments and Dynamic Groups are Cross Region resources.

Ephemeral Public IP is AD specific resource.

In, Oracle Autonomous Database, Customers are not given OS logons or SYSDBA privileges to
prevent phishing attacking.
- If a bare metal DB system requires more compute node processing power, you can scale up
(increase) the number of enabled CPU cores in the system without impacting the availability of that
system.
You cannot change the number of CPU cores for a virtual machine DB system in the same way as
metal DB system. Instead, you must change the shape to one with a different number of OCPUs
Changing the shape does not impact the amount of storage available to the DB system. However, the
new shape can have different memory and network bandwidth characteristics, and you might need
to reapply any customizations to these aspects after the change.

Question: 19
You have an AI/ML application running on Oracle Cloud Infrastructure. You identified that the
application needs GPU and at least 20Gbps Network throughput.
The application is currently using a VM.Standard2.1 compute without any block storage attached to
it.Which two options allow you to get your required performance for your application? (Choose two.)
A. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the BM.GPU2.2 shape using the boot volume preserved, but no block volume attached.
B. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the VM.Standard2.2 shape using the boot volume preserved, but no block volume attached
C. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the VM.GPU3.4 shape using the boot volume preserved and use the NVMe devices to host
your application.
D. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the BM.HPC2.36 shape using the boot volume preserved and use the NVMe devices to host
your application.
E. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the BM.GPU2.2 shape using the boot volume preserved and attach a new block volume to host
your application.

Answer: DE

Because BM.GPU2.2, VM.GPU3.4 shape comes with Block Storage only so A and C
are False. B is false cause It is VM.Standard2.2

******
Internet gateway For resources with public IP addresses that need to be reached from the internet
(example: a web server) or need to initiate connections to the internet.
NAT gateway For resources without public IP addresses that need to initiate connections to the
internet (example: for software updates) but need to be protected from inbound connections from
the internet. Gives private network, outgoing access to VCN(private subnet) & the Internet without
assigning Public IP to host.

Dynamic Routing Gateway(DRG) provides private network traffic between VCN and destinations
other than the Internet like On-Premise and VCN in another Region.

Service Gateway(SGW) lets resources in VCN access public OCI Service (Ex Object Storage) but
without using the Internet (IGW or NAT GW).

Local Peering Gateway(LPG) provides a connection between two VCNs in the same region, so
their resources can communicate using private IP addresses without routing the traffic over the
Internet or through your On-Premises Network.

Fast Connect: FastConnect is a network connectivity alternative to using the public internet
for connecting your on-premise data center or network to Oracle Cloud Infrastructure

An IPSec VPN establishes an encrypted network connection over the internet between your
network or data center and your Oracle Cloud Infrastructure virtual cloud network (VCN). It's
a suitable solution if you have low or modest bandwidth requirements and can tolerate the
inherent variability in internet-based connections. FastConnect bypasses the internet.
Instead, it uses dedicated, private network connections between your network or
data center and your VCN.

Question: 34 ************************************very difficult

Which two statements below are correct with respect to adding secondary Virtual Network Interface
Cards
(VNICs) to an existing compute instance in Oracle Cloud Infrastructure? (Choose two.)
A. The secondary VNIC is required to be in the same Virtual Cloud Network (VCN), but can be in
Different
subnet, as the primary VNIC.
B. The primary and secondary VNIC association can be in different virtual cloud networks (VCNs).
C. You cannot assign an Ephemeral Public IP to a secondary VNIC.
D. The primary and secondary VNIC association must be in the same availability domain.
E. You can remove the primary VNIC after the secondary VNIC's attachment is complete.

Answer: BD

Each secondary VNIC can be in a subnet in the same VCN as the primary VNIC, or in
a different subnet that is either in the same VCN or a different one.
However, all the VNICs must be in the same availability domain as the instance.

Question: 58 *********************************super duper difficult

You are working for a financial institution that is currently running two web applications in Oracle
Cloud
Infrastructure (OCI). All resources were created in the root compartment.
Your manager asked you to deploy new resources to support a proof-of-concept (PoC) for Oracle
FlexCube.
You must ensure that the FlexCube resources are secured and cannot be affected by the team that
manages the two web applications.
Which two tasks should you complete to ensure the required security of your resources? (Choose
two.)
A. Create a new compartment for the two web applications and move the existing resources into the
compartment. Deploy the FlexCube application into the root compartment. Create a new policy in
the root
compartment that gives the FlexCube project team the ability to manage all resources in the tenancy.
B. Create a new policy in the root compartment for the FlexCube project team. Assign a policy
statement that grants the FlexCube project team the ability to manage all resources in the tenancy,
where a specific tag key and tag value are present.
C. Create a Tag Default within the root compartment with a default value of ${iam.principle.name} so
that each new resource created is tagged with the name of the person who created it. Create a new
IAM
policy that allows users to only modify resources they created.
D. Create a new compartment for the two web applications and move the existing resources into this
compartment. Modify the existing policy for the team that manages these applications so that the
scope of access is defined as this new compartment.
E. Create a new compartment for the FlexCube application deployment. Create a policy in this
compartment for the project team that gives them the ability to manage all resources within the
scope of this
compartment.

Answer: CD

Question: 68

Which three can you achieve by using Terraform? (Choose three.)

A. Create resources in the right order without regard to the order in the terraform plan file.
B. Automatically re-provision the resources that are tainted or whose configuration has changed.
C. Automatically translate a deployed infrastructure and create a plan.
D. Automatically destroy all the resources that are in tenancy.
E. Continuously maintain the configuration files in an instance.

Answer: A,B,D

Question: 135 ************************

Which two statements are true about Database Cloud Service (DBCS)? (Choose two.)

A. Data Guard as a Service is offered among regions.

B. You have full control over backup schedule and retention.
C. You can manage Oracle parameters at a global system level.
D. You cannot manage the database as sys/sysdba.
Answer: BC

A is wrong. Can I set up Data Guard across Oracle Cloud Infrastructure regions?
Yes, you can set up Data Guard across regions, but the Database Cloud Service Data Guard feature
currently does not support it. You can manually set up Data Guard across regions by logging on to your host
and using DGMGRL.

Question: 151
What is a valid option when exporting a custom image?
A. object storage URL
B. archive storage URL
C. file storage service
D. block volume

Answer: A
Explanation:
You can use the Console or API to export images, and the exported images are stored in the Oracle
Cloud Infrastructure Object Storage service. To perform an image export, you need write access to
the Object Storage bucket for the image.

Question: 155
You have provisioned an Autonomous Data Warehouse (ADW) database with 16 enabled OCPUs and
need to configure the consumer group for your application.
Which two are true when deciding the number of sessions for each application? (Choose two.)
A. The MEDIUM and LOW consumer group can run up to 16 concurrent SQL statements if HIGH
consumer group has 0 SQL statements
B. The HIGH consumer group can run up to 16 concurrent SQL statements as long as MEDIUM and
LOW consumer groups have 0 SQL statements
C. The MEDIUM consumer group can run 20 concurrent SQL statements when HIGH consumer group
has 0 SQL statements
D. The HIGH consumer group can run up to 16 concurrent SQL statements in addition to 32
concurrent SQL statements in MEDIUM and LOW consumer group each
E. The HIGH consumer group can run 3 concurrent SQL statements when MEDIUM consumer group
has 0 SQL statements

Answer: C,E

Question: 166 *******

A customer has established an Oracle Cloud Infrastructure (OCI) FastConnect connection to OCI. The
virtual circuit is up and routes are being advertised from the customer’s end, however the customer
is unable to ping from compute instances inside the virtual cloud network (VCN) to servers residing
in its on-premises data center.
Which two options on OCI would remedy this situation? (Choose two.)
A. Modify the route table associated with the VCN subnet in which the instance resides. Add a route
to the customer’s on-premises network via the Dynamic Routing Gateway (DRG).
B. Modify the security list associated with the VCN subnet in which the instance resides. Add a
stateful egress rule to allow ICMP traffic to the customer’s on-premises network.
C. Modify the security list associated with the VCN subnet in which the instance resides. Add a
stateful ingress rule to allow ICMP traffic from anywhere.
D. Modify the default VCN route table to add a route back to the customer’s on-premises network via
the DRG.

Answer: AB
Question: 171
You have an application deployed in Oracle Cloud Infrastructure running only in the Phoenix region.
You were asked to create a disaster recovery (DR) plan that will protect against the loss of critical data.
The DR site must be at least 500 miles from your primary site and data transfer between the two
sites must not traverse the public Internet.
Which is the recommended disaster recovery plan?
A. Create a new virtual cloud network (VCN) in the Phoenix region and create a subnet in one
availability domain (AD) that is not currently being used by your production systems. Establish VCN
peering between the production and DR sites. n
B. Create a DR environment in Ashburn. Associate a DRG with the VCN in each region and create a
remote peering connection between the two VCNs.
C. Create a DR environment in Ashburn and provision a FastConnect virtual circuit using DRG
between the regions.
D. Create a DR environment in Ashburn. Associate a dynamic routing gateway (DRG) with the VCN in
each region and configure an IPsec VPN connection between the two regions.

Answer: B
Explanation:
C is wrong.FastConnect is for on-prem/provider connectivity to the Cloud.
D is wrong. VPN connection is via the internet.
Remote VCN peering is the process of connecting two VCNs in different regions (but the
same tenancy ). The peering allows the VCNs' resources to communicate using private IP addresses
without routing the traffic over the internet or through your on-premises network. Without peering,
a given VCN would need an internet gateway and public IP addresses for the instances that need to
communicate with another VCN in a different region.
At a high level, the Networking service components required for a remote peering include:
- Two VCNs with non-overlapping CIDRs, in different regions that support remote peering. The VCNs
must be in the same tenancy.
- A dynamic routing gateway (DRG) attached to each VCN in the peering relationship. Your VCN
already has a DRG if you're using an IPSec VPN or an Oracle Cloud Infrastructure FastConnect private
virtual circuit.
A remote peering connection (RPC) on each DRG in the peering relationship.
A connection between those two RPCs.
Supporting route rules to enable traffic to flow over the connection, and only to and from select
subnets in the respective VCNs (if desired).
Supporting security rules to control the types of traffic allowed to and from the instances in the
subnets that need to communicate with the other VCN.

Question: 177 ***************

Which statement is true about Oracle Cloud Infrastructure FastConnect?

A. For private peering, FastConnect extends your existing infrastructure to allow you to consume
object storage from your on-premises data center
B. For private peering, FastConnect extends your existing infrastructure to a virtual cloud network
C. The FastConnect provider network offers only 1 Gbps port connection speed increments
D. For public peering, a dynamic routing gateway must be configured and attached to the virtual
cloud network (VCN)

Answer: B

Question: 189

Which two use Oracle dynamic routing gateway (DRG) for connectivity? (Choose two.)
A. Remote virtual cloud network (VCN) peering across region
B. Oracle IPsec VPN
C. Local VCN peering
D. Oracle Cloud Infrastructure FastConnect public peering

Answer: A,B

A.Between Region peering is using DRG

B IPSEV VPN is a basic VPN connection from on premise to OCI using DRG.
C is within a region using LPG( Local Peering Gateway and not drg
D. Public Fastconnect is for Object storage vs Private fastconnect which is with DRG.
Question: 198
You have five different company locations spread across the US. For a proof-of-concept (POC) you
need to setup secure and encrypted connectivity to your workloads running in a single virtual cloud
network (VCN) in the Oracle Cloud Infrastructure Ashburn region from all company locations.
What would meet this requirement?
A. Create five internet gateways in your VCN and have separate route table for each internet
gateway.
B. Create five virtual circuits using FastConnect for each company location and terminate those
connections on a single dynamic routing gateway (DRG). Attach that DRG to your VCN.
C. Create five IPsec connections with each company location and terminate those connections on a
single DRG. Attach that DRG to your VCN.
D. Create five IPsec VPN connections with each company location and terminate those connections
on five separate DRGs. Attach those DRGs to your VCN.

Answer: C

Question: 214
Which two statements are true regarding cloning a block volume?
A. You can change the block volume performance when creating a clone
B. You can clone block volumes across regions
C. You can change the block volume size when creating a clone
D. You can skip block volume encryption when creating a clone

Answer: AC