OCI Foundations Certification
My takeaways: Oracle Functions - multiple questions Data Safe vs. Data Guard - know the difference Which is faster - IPSec VPN or FastConnect? Which three services make up Key Management?
-
Which statement below is NOT true regarding OCI Compute Autoscaling? A. Autoscaling lets you scale-up and scale-down instance shapes B. If one VM fails in the Autoscaling group, others will keep working C. Autoscaling lets you match traffic demand by adding or removing VMs automatically D. There is no extra cost for using Autoscaling
Answer: A Autoscaling is also referred to as scale-out or scale-in. Autoscaling does not Scale-up or Scale-down instance shapes.
You have two web servers and a clustered database running in a single OCI Availability Domain. Which step below can help you achieve high availability? A. Group one web server and one database node in one fault domain and the other half of each pair in another fault domain B. OCI provides high availability by default, so you don't need to do anything C. Put both web servers in the same fault domain and database nodes in another fault domain D. Put both database nodes in the same fault domain and web servers in another fault domain
Answer: A Grouping web server and a database node and placing a pair in two separate fault domains ensure that a failure of any one fault domain does not result in an outage for your application.
Which statement below is NOT correct regarding a highly available system? A. Highly available systems always involve manual intervention to maintain high availability. B. Highly available systems typically have redundant hardware and software C. Highly availability systems avoid having single points-of-failure D. Highly available systems involve a failover process that moves processing performed by the failed component to the backup component
Answer: A It is possible to have some manual intervention, but typically, highly available systems do not involve manual failover processes. The more transparent the failover is, the more highly available the system is.
You want to render fluid dynamic jobs on your compute instance in Oracle Cloud Infrastructure (OCI). Which compute shape is the best for your use case? A. OCI GPU Shapes B. OCI Flexible VM Shapes C. OCI Dedicated Virtual Machine Host D. OCI HPC Shapes
Answer: A OCI GPU shapes are designed for hardware-accelerated workloads such as fluid dynamics jobs. GPU shapes include Intel CPUs and NVIDIA graphics processors.
Which of the following is the valid syntax for an Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) Policy? A. Allow group <group_name> to <verb> <resource-type> in tenancy B. Allow user <user_name> to <verb> <resource-type> in tenancy C. Deny group <group_name> to <verb> <resource-type> in tenancy D. Deny user <user_name> to <verb> <resource-type> in tenancy
Answer: A OCI IAM policy is defined at the group level and written in the following syntax: Allow group <group_name> to <verb> <resource-type> in tenancy
Which Oracle Cloud Infrastructure storage service can provide a shared file system across multiple compute instances? A. File Storage B. Archive Storage C. Object Storage D. Local NVMe
Answer: A Oracle Cloud Infrastructure File Storage service provides shared, scalable, secure, enterprise-grade storage across multiple compute instances.
Which of the below use cases is supported by Oracle Cloud Infrastructure Identity and Access Management service? A. Single sign-on to identity providers B. Workload isolation C. DDoS Protection D. Centralized key management
Answer: A Oracle Cloud Infrastructure IAM service supports federation and single sign-on with Oracle Identity Cloud Service, Microsoft Active Directory, Microsoft Azure Active Directory, and other identity providers that supports the Security Assertion Markup Language (SAML) 2.0 protocol.
Which Oracle Cloud Infrastructure service allows you to run code without provisioning any underlying infrastructure resources and invoke the code in response to events? A. Oracle Functions B. Oracle Container Engine for Kubernetes C. OCI Bare Metal D. OCI Virtual Machine
Answer: A The serverless and elastic architecture of Oracle Functions means there is no need to provision or maintain compute instances, and operating system software patches and upgrades. You can deploy your code and call it directly or trigger it in response to events.
Which OCI database service below uses Block Volumes for storing data? A. Virtual Machine database systems B. Bare Metal database systems C. Exadata database systems D. Autonomous databases
Answer: A VM DB Systems leverage OCI Block Volumes for data storage; BM DB Systems use Local NVMe, and Exadata and Autonomous Database use Local disks and NVMe flash cards.
You are setting up a proof of concept (POC) and need to cost-effectively establish a secure connection between an on-premises data center and Oracle Cloud Infrastructure (OCI). Which OCI service would you use? A. VPN Connect B. Service Gateway C. Internet Gateway D. FastConnect
Answer: A VPN Connect provides a site-to-site IPSec VPN between your on-premises network and your virtual cloud network (VCN). It can be used for a proof of concept setup: VPN Connect is a free service with no port hour charges. Data transfer cost is covered under networking cloud pricing.
You have a requirement to store application backups in OCI for 6-12 months, but retrieve data immediately based on business needs. Which OCI storage service can be used to meet this requirement? A. Object Storage (standard) B. Block Volume C. Archive Storage D. File Storage
Answer: A You can use Object Storage for data to which you need fast, immediate, and frequent access. You can use Archive Storage for data to which you seldom or rarely access, but that must be retained and preserved for long periods.
Which of the Oracle Cloud Infrastructure services support encryption of data at rest and in-transit? Choose TWO A. OCI Block Volume B. OCI File Storage C. Local NVMe storage D. OCI Virtual Cloud Network
Answer: A, B OCI Block Volume and File Storage services provide data encryption at-rest and in-transit
Which two are valid reasons to use an Oracle Cloud Infrastructure Fault Domain? A. Protect against unexpected hardware or power supply failures B. Protect against planned hardware maintenance C. To mitigate the risk of large scale events such as earthquakes D. Build replicated systems for disaster recovery E. To meet requirements for legal jurisdictions
Answer: A, B You can use fault domains to (1) protect against unexpected hardware failures or power supply failures (2) protect against planned outages because of compute hardware maintenance.
Which two are valid reasons to deploy your apps in multiple Oracle Cloud Infrastructure regions? A. To mitigate the risk of region-wide events such as large weather systems or earthquakes B. To achieve high availability and real time data synchronization C. To meet varying requirements for legal jurisdictions, tax domains, and other business or social criteria D. To lower costs, as some OCI regions have lower pricing than others
Answer: A, C In OCI, pricing is not region-specific. In addition, if you deploy apps to multiple regions, you cannot achieve real-time data synchronization as regions can be separated by vast distances—across countries or even continents
Oracle cloud Infrastructure is compliant with which three industry standards? A. ISO/IEC 27001:2013—International Organization for Standardization 27001 B. Health Care Compliance Association (HCCA) C. Health Insurance Portability and Accountability Act (HIPAA) D. SOC 1 - Systems and Organizational Controls 1 E. CJIS - Criminal Justice Information Services
Answer: A, C, D List of certifications is available here, https://www.oracle.com/cloud/cloud-infrastructure-compliance/
Which of the following are valid targets for setting Oracle Cloud Infrastructure (OCI) budgets? Choose TWO. A. Compartment B. Tenancy C. IAM group D. Cost-tracking tag E. Budget tag
Answer: A, D Budgets are set on cost tracking tags or on compartments to track all spending in that cost-tracking tag or for that compartment.
Which of the following is not a core characteristic of cloud computing as defined by NIST standards? A. On-demand self-service access B. Upfront license payments C. Rapid elasticity D. Measured services
Answer: B A, C, D are characteristics as defined by NIST; cloud computing enables pay-as-you-pricing and does not involve paying for licenses upfront.
Which is a key benefit of using Oracle Cloud Infrastructure Autonomous Transaction Processing? A. Maintain root-level access to the underlying operating system B. Scale both CPU and Storage without downtime C. Use without any username and password D. Apply database patches as they become available
Answer: B Autonomous Database allows you to scale the CPU and storage capacity of the database at any time without affecting availability or performance
What is the smallest block volume size that can be provisioned on Oracle Cloud Infrastructure? A. 1 GB B. 50 GB C. 1 TB D. 1 MB
Answer: B Block Volume service supports volumes that can be from 50 GB to 32 TB in size.
Where are Oracle Cloud Infrastructure (OCI) cost and usage reports stored? A. User-specified object storage bucket B. Oracle-owned object storage bucket C. User-specified HTTPS end-point D. OCI Cloud Shell
Answer: B Both cost and usage reports are automatically generated daily, and stored in an Oracle-owned Object Storage bucket
On Oracle Cloud Infrastructure DB systems, Real Application Clusters (RAC) can be configured for which of the options below? A. Autonomous shared databases B. 2-node virtual machine DB systems C. Bare metal DB systems D. Autonomous dedicated databases
Answer: B Oracle Cloud Infrastructure offers 1-node DB systems on either bare metal or virtual machines, and 2-node RAC DB systems on virtual machines only.
Oracle Data Guard is primarily used for which of the below scenarios? A. To support automatic backups B. To survive disaster and data corruption C. To support rolling patching D. To support auto scaling
Answer: B Oracle Data Guard provides a set of services that create, maintain, manage, and monitor one or more standby databases to enable Oracle databases to survive disasters and data corruptions. It maintains synchronization between the primary and the standby databases.
Which of the below option is NOT recommended for securing your Oracle Cloud Infrastructure virtual cloud networks (VCN)? A. VCN Private subnets B. OCI Object Storage service C. VCN Network Security Groups D. VCN Security Lists
Answer: B The Oracle Cloud Infrastructure Object Storage service is an internet-scale, high-performance storage platform that offers reliable and cost-efficient data durability.
What three characteristics constitute an Oracle Cloud Infrastructure Compute shape? A. Number of vCPU, amount of memory, network bandwidth B. Number of OCPU, amount of memory, network bandwidth C. Public or private visibility of the Compute instance D. Availability Domain and Fault Domain physical locations
Answer: B The amount of memory, network bandwidth (and number of VNICs) scale proportionately with the number of OCPUs in a compute instance.
Which of the following statements is NOT true regarding Oracle Data Safe? A. Data Safe can be used for protecting sensitive and regulated data in Oracle Cloud databases. B. Data Safe features include Security and User Assessments C. Data safe is not supported for Virtual Machine or Bare Metal DB Systems D. There is no extra cost to use Data safe service
Answer: C Data Safe is supported for VM and BM DB Systems.
Which statement below is NOT true regarding an Oracle Cloud Infrastructure Region? A. Each region has at least one Availability Domain. B. Availability domains are isolated from each other and very unlikely to fail simultaneously. C. Each Fault Domain has multiple Availability Domains. D. Each Availability Domain has three Fault Domains.
Answer: C Each Availability Domain has three Fault Domains and not the other way around.
You are running two compute instances in Oracle Cloud Infrastructure (OCI): VM.Standard2.1 and VM.Standard2.16. Which of these two instances costs more per OCPU? A. VM.Standard2.1 B. VM.Standard2.16 C. Both cost the same per OCPU D. Depends on how many cores you use in your instance
Answer: C In OCI, compute instances are priced per OCPU and both VM.Standard2.1 and VM.Standard2.16 belong to the same category (Compute - VM Standard - X7).
Which of the following is NOT a valid statement regarding Oracle Cloud Infrastructure (OCI) Compartments? A. Each resource belongs to a single compartment B. Resources can interact with other resources in different compartments C. Resources cannot be moved from one compartment to another D. You can give group of users access to compartments by writing policies
Answer: C In OCI, resources can be moved from one compartment to another.
How do instances in Private Subnets in OCI Virtual Cloud Network communicate to Internet? A. Through a Service Gateway B. Through a Dynamic Routing Gateway C. Through a NAT Gateway D. Through an Internet gateway
Answer: C NAT is a networking technique commonly used to give an entire private network access to the internet without assigning each host a public IP address. OCI provides a managed NAT Gateway service that gives cloud resources without public IP addresses access to the internet without exposing those resources to incoming internet connections.
What does compute vertical scaling imply? A. Compute scaling out is called vertical scaling B. Compute scaling in is called vertical scaling C. Compute scaling up (or down) is called vertical scaling D. In cloud, you can cannot scale compute instances
Answer: C Scale in or out is horizontal scaling.
Which of the following is NOT a component of the Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) service? A. User B. Group C. Role D. Policy
Answer: C OCI IAM service components include Users, Groups, Policies and Compartments.
You are planning to deploy Oracle JDE on Oracle Cloud Infrastructure (OCI). The application will require a database and several servers. Which two OCI services are best suited for this project? A. Oracle Container Engine for Kubernetes B. Oracle Object Storage C. Virtual Machine (VM) or Bare Metal (BM) compute instances D. Virtual Machine (VM) or Bare Metal (BM) DB Systems E. Object File Storage
Answer: C, D In this case, you can use compute instances - VM or Bare Metal and managed DB systems - VM or Bare Metal.
If you choose to use both Security Lists and Network Security Groups in an OCI VCN, at what two levels is security functioning? (choose TWO) A. VPN Level B. VCN Level C. Subnet Level D. Instance Level E. Gateways Level
Answer: C, D NSG rules apply to an instance (vNIC) while Security Lists applies at the subnet level (and all instances in that particular subnet). If you choose to use both, a packet is allowed if any rule in any of the relevant Security Lists and Network Security Groups allows the traffic
You are writing an Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) Policy. Where can it be attached? Choose TWO A. User B. Group C. Tenancy D. Compartment
Answer: C, D Policies can be attached to a compartment or the tenancy. Where you attach it controls who can then modify it or delete it
Which statement below is NOT true regarding Oracle Cloud Infrastructure High Availability Architecture? A. Fault Domains provide protection against failures within an Availability Domain B. In a multi-AD region, Availability Domain provides protection from an entire Availability Domain failure C. OCI region pair enables disaster recovery while meeting compliance and data residency requirements D. Compartments enable a high availability design within an Availability Domain
Answer: D A compartment is a collection of related resources and provides logical not physical isolation.
You are building out a site-to-site VPN connection from an on-site network to a private subnet within a Virtual Cloud Network. Which of the following might you need for this connection to function properly? A. NAT Gateway B. Service Gateway C. Internet Gateway D. Dynamic Routing Gateway E. VPN Gateway
Answer: D DRG is a virtual router that provides a path for private traffic (that is, traffic that uses private IPv4 addresses) between your VCN and an on-premises network.
Which one of the following is not a cloud pricing model? A. Pay-as-you-go B. Commitment based pricing C. Consumption based pricing D. Enterprise license based pricing
Answer: D Enterprise license based pricing is not a cloud pricing model, while the others are. In cloud computing, you only pay for resources that you use and in some cases, pay only for how much you consume.
Which of the following is NOT true about Oracle Cloud Infrastructure Object Storage service? A. Maximum object size that can be stored in OCI Object Storage buckets is 10 TB. B. Standard Object storage buckets cannot be downgraded to Archive storage. C. Archive Storage buckets cannot be upgraded to Standard Object storage. D. Object Storage is eventually consistent.
Answer: D OCI Object Storage supports strong consistency that means that when a read request is made, Object Storage always serves the most recent copy of the data that was written to the system.
What is the primary purpose of using Oracle Cloud Infrastructure Web Application Firewall? A. Network security control B. Hardware based key storage C. Patch management D. Filter malicious web traffic
Answer: D Oracle Cloud Infrastructure Web Application Firewall (WAF) is a cloud-based global security service that protects applications from malicious and unwanted internet traffic.
Which of the following statement is true about VCN peering? A. A VCN peering connection is a networking connection between two VCNs within a single region. B. A VCN peering connection is a VPN-based connection. C. VCN peering does not require using any Gateways, Local or Remote D. Peered VCNs can exist in different regions.
Answer: D Remote Peering connects VCNs across regions
Which of the following factors does NOT impact pricing in Oracle Cloud Infrastructure (OCI)? A. Resource size B. Resource type C. Data transfer D. Compartment size
Answer: D Resource type, size and data transfer impact pricing but pricing is independent of compartments
Which of the following features help you set up budgets in Oracle Cloud Infrastructure (OCI)? A. Free-form tags B. Budget tags C. Compartment tags D. Cost-tracking tags
Answer: D You can use cost-tracking tags to track resource usage and costs and set up budgets.
Which of the following is NOT a valid method for authenticating a Principal in Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) service? A. User name, Password B. API Signing Key C. Auth Tokens D. Certificate based auth
Answer: D The supported authentication methods for OCI IAM service include user name, password; Auth Tokens and API Signing Keys.
What statement below is not true for OCI compartments? A. Each OCI resource belongs to a single compartment B. Compartments cannot be nested C. Resources can be moved from one compartment to another D. Resources and compartments can be added and deleted anytime
B. Compartments cannot be nested
A company has developed a payroll application in OCI. What should they do to ensure that the application has the highest level of availability and resilience? A. Deploy the application across multiple Virtual Cloud Networks B. Deploy the application across multiple Regions and Availability Domains C. Deploy the application across multiple Availability Domains and Fault Domains D. Deploy the application across multiple Availability Domains and subnets
B. Deploy the application across multiple Regions and Availability Domains
Which purpose does and OCI Dynamic Routing Gateway Serve? A. Enables OCI compute instances to privately connect to OCI Object Storage B. Enables OCI compute instances to connect to on-premises environments C. Enables OCI compute instances to connect to the Internet D. Enables OCI compute instances to be reached from the Internet
B. Enables OCI compute instances to connect to on-premises environments
Which OCI capability can be used to protect against power failures within an Availability Domain? A. Top of Rack Switch B. Fault Domains C. Service Cells D. Data Plane
B. Fault Domains
Which option provides the best performance for running OLTP workloads in OCI? A. OCI Virtual Machine Instance B. OCI Exadata DB Systems C. OCI Dedicated Virtual Host D. OCI Autonomous Data Warehouse
B. OCI Exadata DB Systems
Which OCI service would you use to distribute incoming traffic between a set of web servers? A. Autoscaling B. Public Load Balancer C. Private Load Balancer D. Internet Gateway
B. Public Load Balancer
What is Oracle's responsibility according to the OCI shared security model? A. Configuring OCI services securely B. Security of data-center facilities C. Data classification and compliance D. Securing application workloads
B. Security of data-center facilities
Which SLA types is not offered by OCI compute service? A. Control Plane B. Service Plane C. Performance D. Data Plane
B. Service Plane
Which OCI Compute shapes does NOT incur instance billing in a STOPPED state? A. GPU B. Standard C. HPC D. Dense I/O
B. Standard
You run four OCI virtual machine instances on an OCI Dedicated virtual host. How will this deployment be billed? A. All the four instances will be billed based on the number of OCPU. B. The dedicated virtual machine host and the boot volumes of each instance will be billed. C. The dedicated virtual machine host, all four instances, and the boot volumes of each instance will be billed. D. Only the dedicated virtual machine host will be billed.
B. The dedicated virtual machine host and the boot volumes of each instance will be billed.
What does compute instance vertical scaling mean? A. Enabling Disaster Recovery B. Providing Fault Tolerance C. Changing to a larger or smaller shape D. Adding additional compute instances
C. Changing to a larger or smaller shape
You have an application that requires a shared file system. Which OCI service would you choose? A. Block Volume B. Archive Storage C. Object Storage D. File Storage
D. File Storage
Which OCI storage service does not provide encryption for data-at-rest? A. Block Volume B. File Storage C. Object Storage D. Local NVMe
D. Local NVMe
How is total network throughput allocated to a Virtual Machine (VM) instance? A. When launching a compute instance, customers may select the desired maximum network bandwidth B. Each VM is allocated 10 Gbps of network bandwidth regardless of the selected shape C. Network bandwidth is variable D. Network bandwidth is proportional to the number of OCPUs in the instance shape
D. Network bandwidth is proportional to the number of OCPUs in the instance shape
Which resource do you manage in an IAAS offering? A. Networking B. Servers C. Storage D. Operating System
D. Operating System
You want to leverage a managed Real Application Cluster (RAC) offering in OCI. Which OCI managed database service would you choose? A. Bare Metal DB Systems B. Autonomous Data Warehousing (Shared) C. Autonomous Transaction Processing (Shared) D. VM DB Systems
D. VM DB Systems
Which statement is correct regards the OCI Compute service? A. You cannot attach a block volume to a compute instance B. When you stop a compute instance, all data on boot volume is lost C. You can attach a maximum of one public IP to each compute instance D. You can launch either virtual machines or bare metal instances
D. You can launch either virtual machines or bare metal instances
Which statement is true for an OCI compute instance? A. Compute instance always get a private IP address B. Compute instance always get a public IP address C. Compute instance cannot leverage Autoscaling feature D. Compute instance does not use a boot volume
A. Compute instance always get a private IP address
Which two situations incur costs within OCI? A. Data egress to the Internet B. Transferring data across regions C. Transferring data from one instance to another within the same Availability Domain D. Transferring data from one instance to another across different Availability Domains in a region E. Data ingress from the Internet
A. Data egress to the Internet B. Transferring data across regions
Which security service is offered by OCI? A. Key Management B. Managed Active Directory C. Certificate Management System D. Managed Intrusion detection
A. Key Management
Which storage service offers the lowest pricing (per GB)? A. Archive Storage B. Object Storage C. Block Volume D. File Storage
Answer: A Archive Storage is ideal for storing data that is accessed infrequently and requires long retention periods. Archive Storage is more cost effective than Object, Block and File storage services
