OCI Professional Exam

Which 3 scenarios are suitable for the OCI ATP serverless deployment? A developer working on an internal project needs to use a database during work hours but does not need it during nights or weekends the project budget requires her to keep costs low. A midsize company is considering migrating its legacy on-premises MongoDB database to OCI. The database has significantly higher workloads on weekends than weekdays. A small startup is deploying a new application for e-commerce and it requires the database to store customer's transactions the team b of what the load will look like since it is a new application A well-established, online auction marketplace is running an application where there is database usage 24x7 but also has peaks of activity that are hard to predict when they will happen. The total activities may reach 3x the normal activity level. A manufacturing company is running Oracle EBS application on-premises. They are looking to move this application to OCI an they want to use a managed database offering for their database tier.

A developer working on an internal project needs to use a database during work hours but does not need it during nights or weekends the project budget requires her to keep costs low. A small startup is deploying a new application for e-commerce and it requires the database to store customer's transactions the team b of what the load will look like since it is a new application A well-established, online auction marketplace is running an application where there is database usage 24x7 but also has peaks of activity that are hard to predict when they will happen. The total activities may reach 3x the normal activity level.

As part of a migration exercise for an existing on-premises application to OCI, you are required to transfer a 7TB file to OCI Object Storage. You have decided to upload functionality of Object Storage. Which 2 statements are true? Active multipart upload can be checked by listing all parts that have been uploaded, however it is not possible to list information for individual object part in an active multipart upload. It is possible to split this file into multiple parts using the APIs provided by Object Storage. It is possible to split this file into multiple parts using rclone tool provided by Object Storage. After initiating a multipart upload by making a CreateMultiPartUpload REST API call, the upload remains active until you explicitly commit it or abort. Contiguous numbers used to be assigned for each part so that Object Storage constructs the object by ordering part numbers in ascending order

Active multipart upload can be checked by listing all parts that have been uploaded, however it is not possible to list information for individual object part in an active multipart upload. After initiating a multipart upload by making a CreateMultiPartUpload REST API call, the upload remains active until you explicitly commit it or abort.

A hospital in Austin has hosted its web based medical records portal entirely in OCI using Compute Instances for its web-tier and DB system database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the security professional to check their systems it was found that there are a lot of unauthorized requests coming from a set of IP addresses originating from a country in Southeast Asia. Which option can mitigate this type of attack? Block the attacking IP address by creating a Network Security Group rule to deny access to the compute instance where the web server is running Block the attacking IP address by implementing a OCI Web Application Firewall policy using Access Control Rules Mitigate the attack by changing the route table to redirect the unauthorized traffic to a dummy compute instance Block the attacking IP address by creating a security list rule to deny access to the subnet where the web server is running

Block the attacking IP address by implementing a OCI Web Application Firewall policy using Access Control Rules

1. You are working with a customer who needs to attach an Oracle Cloud Infrastructure (OCI) block volume to a VM instance with read/write access type. The customer wants to know if the number of IOPS and throughput performance differs between the following two choices: • Option A: attach a single 1 TB block volume to the VM instance • Option B: attach two separate 500 GB block volumes In a RAID 0 array configuration to the VM instance You can assume that the customer is using iSCSI attachment type to attach the volumes to the instance. In addition, you can assume 1 MB block size for throughput and 4 KB block size for IOPS consideration. How should you respond to the customer? Option A provides better IOPS, but lower throughput performance. Option B provides better IOPS and throughput performance. Both options provide the same number of IOPS and throughput performance. Option B provides higher level of throughput, but lower level of IOPS performance.

Both options provide the same number of IOPS and throughput performance.

6. Which of the following is NOT a good use case for using the functionality available in the OCI Events service? Publish all events in a specific compartment to Oracle Streaming service for later analysis Capture Monitoring Alarms and invoke auto-scaling of compute instance Trigger a notification when a function completes its execution Publish a notification when long lived tasks complete, such as OCI Autonomous Database backup completion Trigger a Function using Oracle Functions when new files are uploaded in an OCI Object Storage bucket (no)

Capture Monitoring Alarms and invoke auto-scaling of compute instance

1. Which of the below options is best recommended to suggest to the customer? Change the shape of instance without reboot but stop all the applications running on instance beforehand to prevent data corruption Delete the running instance and spin up a new instance with the desired shape OCI doesn't allow such an operation Change the shape of the virtual machine instance using the Change Shape feature available in the console.

Change the shape of the virtual machine instance using the Change Shape feature available in the console.

14. A customer has a Virtual Machine instance running in their Oracle Cloud Infrastructure tenancy. They realized that they wrongly picked a smaller shape for their compute instance. They are reaching out to you to help them fix the issue. Which of the below options is best recommended to suggest to the customer? OCI doesn't allow such an operation. Change the shape of instance without reboot, but stop all the applications running on instance beforehand to prevent data corruption. Delete the running instance and spin up a new instance with the desired shape. Change the shape of the virtual machine instance using the Change Shape feature available in the console.

Change the shape of the virtual machine instance using the Change Shape feature available in the console.

1. A retail company has several on-premises data centers which span multiple geographical locations. They plan to move some of their applications from on-premises data centers to Oracle Cloud Infrastructure (OCI). For these applications running in OCI, they still need to interact with applications running on their on-premises data centers to Oracle Cloud Infrastructure (OCI). for these applications running in OCI. they still need to interact with applications running on their on-premises data centers. These applications require highly available, fault-tolerant network connections between on premises data centers and OCI. Which option should you recommend to provide the highest level of redundancy? Set up a single IPSec VPN connection (rom your data center to Oracle Cloud Infrastructure since It is cost effective If your data centers span multiple, geographical locations, use only the specific IP address as a static route for the specific geographical location Use FastConnect private peering only to ensure secure access from your data center to Oracle Cloud Infrastructure Set up both IPSec VPN and FastConnect to connect your on premises data centers to Oracle Cloud Infrastructure. Oracle cloud Infrastructure provides network redundancy by default so that no other operations are required

If your data centers span multiple, geographical locations, use only the specific IP address as a static route for the specific geographical location

1. What is the most cost effective way to expose multiple application endpoints without that needs to be exposed to the public internet? Cluster IP Load Balancer Ingress NodePort

Ingress NodePort

1. You work for a retail company and they developed a Microservices based shopping application that needs to access Oracle Autonomous Database from the application. As an Architect, you have been tasked to treat all of the application components as Kubernetes native objects, such as the microservices, OracleAutonomous database, Kubernetes services, etc. What should you do to make sure that you can use Kubernetes constructs to manage the life cycle of the application components, including Oracle AutonomousDatabase? Provision an Oracle Autonomous Database and then use OCI Service Broker to access the database as a native component to your Kubernetes cluster. Create a service from the Kubernetes cluster and point to the Oracle Autonomous Database using its FQDN. Install and secure the OCI Service Broker for Kubernetes. Then provision and bind to the required Oracle Cloud Infrastructure services. Create an Oracle Cloud Infrastructure (OCI) Service Gateway and connect to the Oracle Autonomous Database using the private IP address from the microservice.

Install and secure the OCI Service Broker for Kubernetes. Then provision and bind to the required Oracle Cloud Infrastructure services.

2. You work for a retail company and they developed a Microservices based shopping application that needs to access Oracle Autonomous Database from the application. As an Architect, you have been tasked to treat all of the application components as Kubernetes native objects, such as the microservices, OracleAutonomous database, Kubernetes services, etc. What should you do to make sure that you can use Kubernetes constructs to manage the life cycle of the application components, including Oracle AutonomousDatabase? Create an Oracle Cloud Infrastructure (OCI) Service Gateway and connect to the Oracle Autonomous Database using the private IP address from the microservice. Install and secure the OCI Service Broker for Kubernetes. Then provision and bind to the required Oracle Cloud Infrastructure services. Create a service from the Kubernetes cluster and point to the Oracle Autonomous Database using its FQDN. Provision an Oracle Autonomous Database and then use OCI Service Broker to access the database as a native component to your Kubernetes cluster

Install and secure the OCI Service Broker for Kubernetes. Then provision and bind to the required Oracle Cloud Infrastructure services.

5. You have decided to migrate your application to OCI and use Oracle Functions to deploy your microservices. Which monitoring metrics are available to help you calculate your total cost for using Oracle Functions per month? Choose 2. Number of times a function is invoked Amount of storage used by your functions Length of time a function runs Network bandwidth used by your functions Amount of RAM used by your functions

Number of times a function is invoked Length of time a function runs

1. A customer is in a process of shifting their web based Sales application from their own data center located in US West to OCI India West (Mumbai) region. They want to do it in a controlled manner and initially only 1% of the traffic will be steered to the servers in OCI. After verification of everything is working as expected, the company is gradually planning to increase the ratio until they are comfortable with fully migrating all traffic to OCI. Which of the following solutions can be used in this situation? OCI DNS and Traffic Management with Geolocation Steering Policy OCI DNS and OCI Load Balancer service OCI DNS and Traffic Management with failover steering policy OCI DNS and Traffic Management with load balancer steering policy

OCI DNS and Traffic Management with load balancer steering policy

52. A global retailer is setting up the cloud architecture to be deployed in OCI which will have thousands of users from 2 major geographical regions: North America and Asia Pacific. The requirements of the services are: Service needs to be available 24x7 to avoid any business disruption North American customers should be served by application running in North American regions Asia Pacific customers should be served by applications running in Asia Pacific regions Must be resilient enough to handle the outage of an entire OCI region OCI DNS, Traffic Management with Failover steering policy OCI DNS, Traffic Management with Geo-location steering policy, health checks OCI DNS, Traffic Management with Geo-location steering policy OCI DNS, Traffic Management with Load Balancer steering policy, Health checks

OCI DNS, Traffic Management with Geo-location steering policy, health checks

33. A developer is using Oracle Functions to deploy her code as part of an event-driven solution in OCI. When she invokes her function, Oracle Functions returns a FunctionInvokeImageNotAvailable message and a 502 error: ("code":"FunctionInvokeImageNotAvailable","message":"Failed to pull function image") Fn: Error invoking function. status: 502 message: Failed to pull function image Which of the following is NOT a plausible reason for this error? OCI Events service rule is not configured with the correct location of the function in OCI Registry. Missing or invalid IAM policy to give Oracle Functions read access to images stored for functions in repositories in OCI Registry. The VCN being used does not have an internet gateway or a service gateway configured for Oracle Functions to be able to access OCI Registry. The function does not exist in the specified location in OCI Registry.

OCI Events service rule is not configured with the correct location of the function in OCI Registry.

10.A global media organization is working on a project which lets users upload their videos to the site. After upload is complete, the video should be automatically processed by an Al algorithm. The algorithm will try to recognize certain actions in the videos so that it can be used to show related advertisements in future. The development team wants to focus on writing Al code and not worry about underlying infrastructure for high availability, scalability, security and monitoring. Which Oracle Cloud Infrastructure (OCI) services would meet these requirements? OCI Object Storage, OCI Events service and OCI Functions. Oracle Container Engine for Kubernetes, OCI Notifications and OCI Object Storage. OCI Events, Oracle Container Engine for Kubernetes and OCI Digital Assistant. OCI Resource Manager, OCI Functions and OCI Events service

OCI Object Storage, OCI Events service and OCI Functions.

54. You are working with a social media company as a solution architect. The media company wants to collect and analyze large amounts of data being generated from their websites and social media feeds to gain insights and continuously improve the user experience. In order to meet this requirement, you have developed a micro services application hosted on OKE. The application will process the data and store the result to an ADW instance. Which OCI service can you use to collect and process a large volume of unstructured data in real time? OCI Events OCI Streaming OCI Resource Manager OCI Notifications

OCI Streaming

4. Which of the following is NOT a good use case for the volume backup feature of the OCI Block Volume service? Rapidly duplicate an environment in seconds to test configuration changes without impacting your production environment. Retain a copy of data in a volume, so that you can duplicate an environment later or preserver the data for future use. Support business continuity requirements of reducing the risk of outages or data mutation over time. Meet compliance and regulatory requirements for data to remain unchanged over time, so that it can be retrieved for audit purposes.

Rapidly duplicate an environment in seconds to test configuration changes without impacting your production environment.

23.You have deployed art application server irt a private Subnet irt your virtual cloud network (VCN). For the database, you have provisioned an Autonomous Transaction Processing (ATP) serverless instance. However, you are unable to connect to the database instance from your application server. Which two steps would you need to enable this connectivity? - Add an internet gateway to your VCN and add a route rule to your private subnet route table. CIDR: 0.0.0.0/0 Target: Internet Gateway - Add a remote peering connection from your VCN to the ATP VCN - Add a stateful egress rule to the security list associated with your private subnet. Destination CIDR: 0.0.0.0/0 Protocols: All Protocols - Create a NAT Gateway and add the following route rule to the route table of private subnet. CIDR: 0.0.0.0/0 Target: NAT Gateway

- Add a stateful egress rule to the security list associated with your private subnet. Destination CIDR: 0.0.0.0/0 Protocols: All Protocols - Create a NAT Gateway and add the following route rule to the route table of private subnet. CIDR: 0.0.0.0/0 Target: NAT Gateway

32. As an administrator you want to give users of ObjectWriters group full access to bucket Bucket-A and its objects in compartment comp-images. You want users of ObjectWriters to not to be able to access or modify properties of any other buckets in the compartment comp-images. Select the statement below that will best define your IAM polies. - Allow group ObjectWriters to manage buckets in compartment comp-images where target.bucket.name='Bucket-A' - Allow group ObjectWriters to manage buckets in compartment comp-imagesAllow group ObjectWriters to manage objects in compartment comp-images where target.bucket.name='Bucket-A' - Allow group ObjectWriters to read objects in compartment comp-images where target.bucket.name='Bucket-A'Allow group ObjectWriters to manage objects in compartment comp-images where target.bucket.name='Bucket-A' - Allow group ObjectWriters to inspect buckets in compartment comp-imagesAllow group ObjectWriters to read objects in compartment comp-images where target.bucket.name='Bucket-A'Allow group ObjectWriters to manage objects in compartment comp-images where target.bucket.name='Bucket-A'

- Allow group ObjectWriters to inspect buckets in compartment comp-imagesAllow group ObjectWriters to read objects in compartment comp-images where target.bucket.name='Bucket-A'Allow group ObjectWriters to manage objects in compartment comp-images where target.bucket.name='Bucket-A'

28. You customer has gone through a recent reorganization. As part of this change, they are organizing their OCI compartment structure to align with the company's new organizational structure. (Refer to the exhibit.) They have made the following change:Compartment A is moved, and its new parent compartment is compartment Dev.Policy defined in compartment A: Allow group G1 to manage instance-family in compartment APolicy defined in root compartment: Allow group admins to manage instance-family in compartment Ops: Test: AAfter the compartment move, which action will provide users of group G1 and admins with similar privileges as before the move? - Define the following policy in compartment Dev:Allow group G1 to manage instance-family in compartment A - Define the following policies in compartment Dev:Allow group G1 to manage instance-family in compartment AAllow group admins to manage instance-family in compartment Ops: Dev: A - Define the following policy in compartment Dev:Allow group admins to manage instance-family in compartment Ops: Dev: A - No change in any policy statement is required as all the policies associated with a compartment being moved is automatically updated.

- Define the following policy in compartment Dev:Allow group G1 to manage instance-family in compartment A

24. As part of planning the network design on Oracle Cloud Infrastructure, you have been asked to create an Oracle Cloud Infrastructure Virtual Cloud Network (VCN) with 3 subnets, one in each Availability Domain. Each subnet needs to have a minimum of 64 usable IP addresses. What is the smallest subnet and VCN size you should use to implement this design? The requirements are static, so no growth is expected. 122 for the VCN; 124 for the subnets /24 for the VCN; /24 for the subnets /23 for the VCN; /25 for the subnets /22 for the VCN; /25 for the subnets

/23 for the VCN; /25 for the subnets

1. You are working for a Travel company and your travel portal application is a collection of microservices that run on Oracle Cloud Infrastructure Container Engine for Kubernetes. As per the recent security overview, you have noticed that Oracle has published a newer image of the Operating System used by the worker nodes. You want to make sure that your application doesn't face any downtime but at the same time the worker nodes gets upgraded to the latest version of the Operating System.What should you do to get this upgrade done without application downtime? 1. Run kubectl cordon <node name> against all the worker nodes in the old pool to stop any new application pods to get scheduled 2. Run kubectl drain <node name> """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 3. Download the patches for the new Operating System image 4. Patch the worker nodes to the latest Operating System image 1. Create a new node pool using the latest available Operating System image. 2. Run kubectl cordon <node name> against all the worker nodes in the old pool to stop any new application pods to get scheduled 3. Run kubectl drain <node name> """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 4. Delete the old node pool 1. Create a new node pool using the latest available Operating System image 2. Run kubectl taint nodes """"allnode""role.kubernetes.io/master"" 3. Delete the old node pool 1. Shutdown the worker nodes 2. Create a new node pool 3. Manually schedule the pods on the newly built node pool

1. Create a new node pool using the latest available Operating System image. 2. Run kubectl cordon <node name> against all the worker nodes in the old pool to stop any new application pods to get scheduled 3. Run kubectl drain <node name> """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 4. Delete the old node pool

Question 4 of 11 You are working for a Travel company and your travel portal application is a collection of microservices that run on Oracle Cloud Infrastructure Container Engine for Kubernetes. As per the recent security overview, you have noticed that Oracle has published a newer image of the Operating System used by the worker nodes. You want to make sure that your application doesn't face any downtime but at the same time the worker nodes gets upgraded to the latest version of the Operating System. What should you do to get this upgrade done without application downtime? 1. Create a new node pool using the latest available Operating System image. 2. Run kubectl cordon <node name> against all the worker nodes in the old pool to stop any new application pods to get scheduled 3. Run kubectl drain <node name> """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 4. Delete the old node pool 1. Shutdown the worker nodes 2. Create a new node pool 3. Manually schedule the pods on the newly built node pool 1. Create a new node pool using the latest available Operating System image 2. Run kubectl taint nodes """"allnode""role.kubernetes.io/master"" 3. Delete the old node pool 1. Run kubectl cordon <node name> against all the worker nodes in the old pool to stop any new application pods to get scheduled 2. Run kubectl drain <node name> """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 3. Download the patches for the new Operating System image 4. Patch the worker nodes to the latest Operating System image

1. Create a new node pool using the latest available Operating System image. 2. Run kubectl cordon <node name> against all the worker nodes in the old pool to stop any new application pods to get scheduled 3. Run kubectl drain <node name> """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 4. Delete the old node pool

35. You have been asked to review some network proposals by a major client. The client's IT director needs to provision 2 VCNs for a major application. Both applications use a large number of virtual machine instances, and so will ideally occupy VCNs with as many address spaces as possible. Additionally, in the future, VCN peering will be required to allow communication between the VCNs. Which of the following are valid IP ranges to consider for the VCNs? 10.0.0.0/16 and 10.0.64.0/24 10.0.1.0/24 and 10.0.1.0/27 10.0.0.0/24 and 10.0.1.0/24 10.0.0.0/8 and 11.0.0.0/8

10.0.0.0/24 and 10.0.1.0/24

1. You have an Oracle database system in a virtual cloud network (VCN) that needs to be accessible on port 1521 from your on-premises network CIDR 172.17.0.0/24.You have the following configuration currently.Virtual cloud network (VCD) is associated with a Dynamic Routing Gateway (DRG), and DRG has an active IPSec connection with your on-premises data center. Oracle database system is hosted in a private subnetThe private subnet route table has the following configuration The private subnet route table has following configuration. However, you are still unable to connect to the Oracle Database system. Which action will resolve this issue? - Add an EGRESS rule in private subnet security list as following.Source Port Range: AllDestination Port Range: 1521 - Add an EGRESS rule in network security group as following. - Add an EGRESS rule in private subnet security list as following.Source Port Range: 1521Destination Port Range: All - Add a route rule in the private subnet route table as following.

Add an EGRESS rule in private subnet security list as following. Source Port Range: 1521 Destination Port Range: All

You have designed and deployed your ADW such that it is accessible form your on-premises data center and servers running on both private and public networks in OCI. As you are testing the connectivity to your ADW database from the different access paths, you notice that the server on the private network is unable to connect to ADW. Which 2 steps do you need to take to enable connectivity from the server on the private network to ADW? Add an entry in the security list of the ADW allowing ingress traffic for CIDR block 10.2.2.0/24 Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/ 0 target type of NAT Gateway, add a stateful egress rule to the security list (associated with the private subnet) with destination of 0.0.0.0/0 and for all IP protocols Add an entry in the access table list of ADW for CIDR block 10.2.2.0/24 Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/0 target type of Internet Gateway, add a stateful egress in the security list (associated with the private subnet) with destination of 0.0.0.0/0 and for all IP protocols Add an entry to the access control list of ADW for IP address 129.146.160.11

Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/ 0 target type of NAT Gateway, add a stateful egress rule to the security list (associated with the private subnet) with destination of 0.0.0.0/0 and for all IP protocols Add an entry to the access control list of ADW for IP address 129.146.160.11

An OCI public load balancer's SSL certificate is expiring soon. You noticed the load balancer is configured with SSL termination only. When the certificate expires, data traffic can be interrupted and security compromised. What steps do you need to take to prevent this situation? Add the new SSL certificate to the load balancer, update backend servers to work with a new certificate and edit listeners so they can use the new certificate bundle. Add the new SSL certificate to the load balancer, update listeners and backend sets so they can use the new certificate bundle. Add the new SSL certificate to the load balancer and implement end to end SSL so it can encrypt the traffic from clients all the way to the backend servers. Add the new SSL certificate to the load balancer and update backend servers to use the new certificate bundle Add the new SSL certificate to the load balancer and update listener to use the new certificate bundle.

Add the new SSL certificate to the load balancer, update backend servers to work with a new certificate and edit listeners so they can use the new certificate bundle.

1. Your company developed a function that needs to access the Oracle Database to inject some data to it at runtime. You are tasked to move this function to theOracle Cloud Infrastructure (OCI) and use Oracle Functions and access Oracle Autonomous Database. You created a Dockerfile below to run this function, however, you are getting this error "cx_Oracle.DatabaseError: ORA""12560: TNS:protocol adapter error". What should you do to make sure that Oracle Functions can run this Dockerfile properly? Add these two lines to your Dockerfile: groupadd """"gid 1000 fn && \ adduser """"uid 1000 """"gid fn fn Use """"privileged ag while running the Docker container to add runtime privilege Use """"cap""add=ALL ag while running the Docker container to add runtime capability You ned to run this Container as root, so add this line: USER root

Add these two lines to your Dockerfile: groupadd """"gid 1000 fn && \ adduser """"uid 1000 """"gid fn fn

Question 7 of 11 Your company developed a function that needs to access the Oracle Database to inject some data to it at runtime. You are tasked to move this function to theOracle Cloud Infrastructure (OCI) and use Oracle Functions and access Oracle Autonomous Database. You created a Dockerfile below to run this function, however, you are getting this error "cx_Oracle.DatabaseError: ORA""12560: TNS:protocol adapter error". What should you do to make sure that Oracle Functions can run this Dockerfile properly? Add these two lines to your Dockerfile: groupadd """"gid 1000 fn && \ adduser """"uid 1000 """"gid fn fn Use """"cap""add=ALL ag while running the Docker container to add runtime capability You ned to run this Container as root, so add this line: USER root Use """"privileged ag while running the Docker container to add runtime privilege

Add these two lines to your Dockerfile: groupadd """"gid 1000 fn && \ adduser """"uid 1000 """"gid fn fn

1. A cloud consultant is working on implementation project on OCI. As part of the compliance requirements, the objects placed in object storage should be automatically archived first and then deleted. He is testing a Lifecycle Policy on Object Storage and created a policy as below: [("name":"Archive doc", "action":"ARCHIVE", "objectNameFilter":{"inclusionPrefixes":"doc"] "timeAmount":5, "timeunit":"DAYS", "isEnabled":true}, ("name":"Delete_doc", "action":"DELETE", "objectNameFilter":"inclusionPrefixes": {"doc"] 1,"timeAmount":5, "timeunit":"DAYS","isEnabled":true) What will happen after this policy is applied? All the objects having file extension ".doc" will be archived 5 days after object creation All the objects with names starting with "doc" will be archived 5 days after object creation and will be deleted 5 days after archival All objects with names starting with "doc" will be deleted after 5 days of object creation All the objects having file extension "doc" will be archived for 5 days and be deleted 10 days after object creation

All objects with names starting with "doc" will be deleted after 5 days of object creation

49. A retail company runs their online shopping platform entirely on OCI. This is a 3-tier web application that includes a Mbps load balancer. Virtual Machine instances for web and an Oracle DB systems VM due to unprecedented growth. They noticed an increase in the incoming traffic to their website and all users start getting 503 (Service Unavailable) errors. What is the potential problem in this scenario? The Load Balancer health check status indicates critical situation for half of the backend webservers All the web servers are too busy and not able to answer any request from users The database is down hence users cannot access the website The Traffic Management Policy is not set to load balancer the traffic to the web servers You did not configure a Service Gateway to allow connection between web servers and load balancer

All the web servers are too busy and not able to answer any request from users

A retail company runs their online shopping platform entirely on OCI. This is a 3-tier web application that includes a Mbps load balancer. Virtual Machine instances for web and an Oracle DB systems VM due to unprecedented growth. They noticed an increase in the incoming traffic to their website and all users start getting 503 (Service Unavailable) errors. What is the potential problem in this scenario? The Load Balancer health check status indicates critical situation for half of the backend webservers All the web servers are too busy and not able to answer any request from users The database is down hence users cannot access the website The Traffic Management Policy is not set to load balancer the traffic to the web servers You did not configure a Service Gateway to allow connection between web servers and load balancer

All the web servers are too busy and not able to answer any request from users

1. You are the Solution Architect that designed this Oracle Cloud Infrastructure (OCI) compartment layout for your organization: The development team has deployed quite a few instances under 'Compute' Compartment and the operations team needs to list the Instances under the same compartment for their testing. Both teams, development and operations are part of a group called 'Eng-group'You have been looking for an option to allow the operations team to list the instances without access any confidential information or metadata of resources. Which IAM policy should you write based on these requirements? Allow group Eng-group to inspect instance-family in compartment Dev-Team: Compute and attach the policy to 'SysTest Team' Compartment Allow group Eng-group to read instance-family in compartment Compute and attach the policy to 'Engineering' Compartment. Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to 'Engineering' Compartment Allow group Eng-group to read instance-family in compartment Dev-Team-.Compute and attach the policy to'Dev-Team'

Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to 'Engineering' Compartment

1. By copying block volume backups to another region at regular intervals, it makes it easier for you to rebuild applications and data in the destination region if a region-wide disaster occurs in the source region. Which IAM Policy statement allows the VolumeAdmins group to copy volume backups between regions? Allow group VolumeAdmins to manage volume-family In tenancy Allow group VolumeAdmins to copy volume' backups in tenancy Allow group VolumeAdmins to inspect volumes in tenancy Allow group VolumeAdmins to use volumes in tenancy

Allow group VolumeAdmins to manage volume-family In tenancy

27. You have created compartment called Dev for developers. There are two IAM groups for developers: group-dev1 and group-dev2. You need to write an Identity and Access Management (IAM) policy to give users in these groups access to manage all resources in the compartment Dev. Which of the following IAM policies will accomplish this? Allow group group-dev1, group-dev2 to manage all resources in compartment Dev Allow any-user to manage all resources in compartment Dev where request.group= /group-dev*/ Allow any-user to manage all resources in tenancy where target.compartment= Dev Allow group /group-dev*/ to manage all resources in compartment Dev

Allow group group-dev1, group-dev2 to manage all resources in compartment Dev

You work for a German company as the lead OCI architect. You have designed a high scalable architecture for your company's business critical application which uses the Load Balancer service, auto-scaling configuration for the application servers, and a 2 note VM Oracle RAC database. During the peak utilization period of the application, you noticed that the application is running slow and customers are complaining. This is resulting in support tickets being created for API timeouts and negative sentiment from the customer base. What are 2 possible reasons for this application slowness? Auto-scaling configuration for the application servers didn't happen due to IAM policy that's blocking access to the application server compartment The Load Balancer configuration is not sending traffic to the listener of the application servers Auto-scaling configuration for the application servers didn't happen due to compartment quota breach of the shapes used by the application servers Auto-scaling configuration for the application servers didn't happen due to service limit breach of the VM shapes used by the application servers The Load Balancer doesn't have a Network Security Group to allow traffic to the application servers.

Auto-scaling configuration for the application servers didn't happen due to compartment quota breach of the shapes used by the application servers Auto-scaling configuration for the application servers didn't happen due to service limit breach of the VM shapes used by the application servers

You are working as a solutions architect for an online retail store in Frankfurt which uses multiple compute instance VMs spread among 3 ADW in the eu-frankfurt-1 region. You noticed the website is having very high traffic, so you enabled auto-scaling to your application but you observed that one of the ADs is not receiving any traffic. What could be wrong in this situation? Auto-scaling only works with single ADs You have to manually add all 3 ADs to your load balancer configuration Auto-scaling can be enabled for multiple ADs only in UK London region Auto-scaling is using an Instance Pool configured to create instances in 2 ADs You forgot to attach a load balancer to your instance pool configuration

Auto-scaling is using an Instance Pool configured to create instances in 2 ADs

57. All 3 Data Guard configurations are fully supported on OCI. You want to deploy maximum availability architecture (MAA) for database workload. Which option should you consider while designing your Data Guard configuration to ensure best RTO and RPO without causing any data loss? Configure "Maximum Protection" mode which provides zero data loss if the primary database fails. Configure "Maximum Performance" mode in SYNC mode between 2 ADs (same region) which provides the highest level of data protection that is possible without affecting the performance of the primary database. Configure "Maximum Scalability" mode which provides the highest level of scalability without compromising the availability of the primary database. Configure "Maximum Availability" mode in SYNC mode between 2 ADs (same region) and use the Maximum Availability mode in SYNC mode between 2 regions.

Configure "Maximum Availability" mode in SYNC mode between 2 ADs (same region) and use the Maximum Availability mode in SYNC mode between 2 regions.

You are designing the network infrastructure for 2 application servers: appserver-1 and appserver-2 running in 2 different subnets inside the same VCN in OCI. You have a requirement where your end users will access appserver-1 from the internet and appserver-2 from the on-premises network. The on-premises network is connected to your VCN over a FastConnect virtual circuit. How should you design your routing configuration to meet these requirements? Configure a single routing table (RouteTable-1) that has 2 sets of routes. One that has route to internet via the Internet Gateway and another that propagate specific routes for the on-premises network via the DRG. Associate the routing table with all the VCN subnets. Configure a single routing table (RoutingTable-1) that has 2 sets of rules: one that has route to internet via the Internet Gateway and another that propagates specific routes for the on-premises network via the DRG. Associate the routing table with the VCN. Configure 2 routing tables: RouteTable-1 that has a route to internet via the Internet Gateway. Associate this route table to the subnet containing appserver-1. RouteTable-2 that propagates specific routes for the on-premises network via the DRG. Associate this route table to subnet containing appserver-2. Configure 2 routing tables (RouteTable-1, RouteTable-2) that have rules to route all traffic via the DRG. Associate the two routing tables with all the VCN subnets.

Configure 2 routing tables: RouteTable-1 that has a route to internet via the Internet Gateway. Associate this route table to the subnet containing appserver-1. RouteTable-2 that propagates specific routes for the on-premises network via the DRG. Associate this route table to subnet containing appserver-2.

34. You are designing the network infrastructure for an application consisting of a web server (server-1) and a Domain Name Server (server-2) running in 2 different subnets inside the same VCN in OCI. You have a requirement where your end useres will access server-1 from teh internet and server-2 from your customer's on-premises network. The on-premises network is connected to your VCN over a FastConnect virtual circuit. How should you design your routing configuration to meet these requirements? Configure a single routing table with 2 sets of rules: one that has route to internet via an Internet Gateway and another that propagates specific routes to the on-premises network via DRG. Associate the routing table with all the VCN subnets. Configure 2 routing tables that have rules to route all traffic via a DRG. Associate the two routing tables with all the VCN subnets. Configure 2 routing tables: first one with a route to internet via an internet gateway; associate this route table to the subnet containing server-1. Configure the second route table to propagate specific routes to the on-premises network via a DRG; associate this route table to subnet containing server-2. Configure a single routing table with two sets of rules: one that has route to internet via an Internet Gateway and another that propagates specific routes for the on-premises network via a DRG. Don't associate this routing table with any of the subnets in the VCN.

Configure 2 routing tables: first one with a route to internet via an internet gateway; associate this route table to the subnet containing server-1. Configure the second route table to propagate specific routes to the on-premises network via a DRG; associate this route table to subnet containing server-2.

You have provisioned a new VM.Desel02.24 compute instance with local NVM3 drives. The compute instance is running production applications. This is a write heavy application, with a significant impact to the business if the application goes down. What should you do to help maintain write performance and protect against NVMe device failures? NVMe drive; have built-in capability to recover themselves so no other actions are required Configure RAID 6 for NVMe devices Configure RAID 1 for NVMe devices Configure RAID 10 for NVMe device

Configure RAID 10 for NVMe device

1. Which three options are available to migrate an Oracle database 12.x from an on-premises environment to Oracle Cloud Infrastructure (OCI)? Configure RMAN cross-platform transportable tablespace backup sets. Setup OCI schema and data transfer tool with Bare Metal DB Systems as the target. Create a backup of your on-premises database In OCI DB Systems. Leverage OCI Storage Gateway asynchronous database migration option. Use Oracle Data Pump Export/Import to migrate the database.

Configure RMAN cross-platform transportable tablespace backup sets. Create a backup of your on-premises database In OCI DB Systems. Use Oracle Data Pump Export/Import to migrate the database.

1. A company has an application that processes confidential data. The data is currently stored in an on-premises data centre. A solution architect needs to move this data to OCI object storage and ensure data is encrypted in-transit to OCI. Which two steps should the solutions architect perform to set up the most cost effective connection between on-premises and OCI? Set up an IPsec tunnel between the customer equipment and software VPN on an OCI instance. Set up private endpoint for accessing object storage. Attach the Internet Gateway to VCN. Configure a service gateway for accessing object storage. Configure a private peering connection on the OCI FastConnect Set up VPN connect between the customer equipment and the DRG.

Configure a service gateway for accessing object storage. Set up VPN connect between the customer equipment and the DRG.

1. An organization has its IT infrastructure in a hybrid setup with an on-premises environment and an OCI VCN in the us-phoenix-1 region. The on-premises applications communications with compute instances inside the VPN over a hardware VPN connection. They are looking to implement an intrusion detection and prevention (IDS/IPS) system for their OCI environment. This platform should have the ability to scale to thousands of compute instances running inside the VCN. How should they architect their solution on OCI to achieve this goal? There is no need to implement an IPS/IDS system as traffic coming over IPSec VPN tunnels is already encrypted Set up an OCI Private Load Balancer and configure IDS/IPS related health checks at TCP and/or HTTP level to inspect traffic Configure auto-scaling on a compute instance pool and set VNIC to promiscuous mode to called traffic across the VCN and send it to IDS/IPS platform for inspection Configure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS platform for inspection

Configure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS platform for inspection

An online stock trading application is deployed to multiple Ads in the us-phoenix-1 region. Considering the high volume of transactions that the trading application handles, the company has hired you to ensure that the data stored by the application available, and disaster resilient. In the event of failure, the recovery time objective (RTO) must be less than 2 hours to meet regulator requirements. Which DR strategy should be used to achieve the RTO requirement in the event of system failure? Configure hourly block volume backups through the Storage Gateway service Configure hourly block volume backups using the OCI CLI Store hourly block volume backups to NVMe device under a compute instance and generate a custom image every 5 minutes Configure your application to use synchronous master slave data replication between ADs.

Configure hourly block volume backups using the OCI CLI

12. An online gaming application is deployed to multiple Availability Domains in the Oracle Cloud Infrastructure (OCI) us-ashburn-1 region. Considering the high volume of traffic that the gaming application handles, the company has hired you to ensure that the data stored by the application is scalable, highly available, and disaster resilient. In the event of failure, the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) must be less than 2 hours. Which Disaster Recovery strategy should be used to achieve the RTO and RPO requirements in the event of a system failure? Configure hourly block volumes backups using the OCI Command Line Interface (CLI). Create a user defined backup policy with a schedule of generating daily backups for block volumes. Configure hourly block volumes backups through the OCI Storage Gateway service. Create a user defined backup policy with a schedule of generating hourly backups for block volumes.

Configure hourly block volumes backups using the OCI Command Line Interface (CLI).

You are building a highly available and fault tolerant web application deployment for your company. Similar application delayed by competitors experienced website attack including DDoS which resulted in web server failing. You have decided to use Oracle Web Application Firewall (WAF) to implement an architecture which will provide protection against such attacks and ensure additional configuration will you need to implement to make sure WAF is protecting my web application 24x7. Which additional configuration will you need to implement to make sure WAF is protecting my web application 24x7? Configure auto-scaling policy and it to WAF instance. Configure Control Rules to send traffic to multiple web servers. Configure multiple origin servers Configure new rules based on new vulnerabilities and mitigations

Configure multiple origin servers

!!! A digital marketing company is planning to host a website on Oracle Cloud Infrastructure (OCI) and leverage OCI Container Engine for Kubernetes (OKE). The web server will make API calls to access OCI Object Storage to store all images uploaded by users.For security purposes, your manager instructed you to ensure that the credentials used by the web server to allow access not stored locally on the compute instance. What solution results in an Implementation with the least effort for this scenario? Configure the credentials to use Transparent Data Encryption (TDE) which will automatically allow the web server to make API calls to OCl Object Storage. Configure the credentials using Instance Principal to allow the web server to make API calls to OCl Object Storage Configure the credentials using OCI Registry (OC1R) which will automatically connect with OKE allowing the web server to make API calls to OCI Object Storage. Configure the credentials using OCI Key Management to allow an instance to make API calls and grant access to OCl Object Storage.

Configure the credentials to use Transparent Data Encryption (TDE) which will automatically allow the web server to make API calls to OCl Object Storage.

Question 11 of 11 A digital marketing company is planning to host a website on Oracle Cloud Infrastructure (OCI) and leverage OCI Container Engine for Kubernetes (OKE). This web server will make API calls to access OCI Object Storage to store all images uploaded by users. For security purposes, your manager instructed you to ensure that the credentials used by the web server to allow access to OCI Object Storage are not stored locally on the compute instance. What solution results in an implementation with the least effort for this scenario? Configure the credentials using Instance Principal to allow the web server to make API calls to OCI Object Storage. Configure the credentials using OCI Key Management to allow an instance to make API calls and grant access to OCI Object Storage. Configure the credentials to use Transparent Data Encryption (TDE) which will automatically allow the web server to make API calls to OCI Object Storage. Configure the credentials using OCI Registry (OCIR) which will automatically connect with OKE allowing the web server to make API calls to OCI Object Storage.

Configure the credentials using Instance Principal to allow the web server to make API calls to OCI Object Storage.

53. A digital marketing company is planning to host a website on OCI and leverage OCI OKE. The web server will make API calls to access OCI Object Storage to store all images uploaded by users. For security purpose, your manager instructed you to ensure that the credentials used by the web server to allow access not stored locally on the compute instance. What solution results in an implementation with the least effort for this scenario? Configure the credentials using instance principal to allow the web server to make API calls to OCI Object Storage Configure the credentials using OCI Registry (OCIR) which will automatically connect with OKE allowing the web server to make API calls to OCI Object Storage Configure the credentials to use Transparent Data Encryption (TDE) which will automatically allow the web server to make API calls to OCI Object Storage Configure the credentials using OCI Key Management to allow an instance to make API calls and grant access to OCI Object Storage.

Configure the credentials using instance principal to allow the web server to make API calls to OCI Object Storage

To serve web traffic for a popular product, your cloud engineer has provisioned 4 BM.Standard2.52 instances, evenly spread across 2 ADs in the us-ashburn-1 region. Load balancer is used to delivery the traffic across instances. After several months, the product grows even more popular and you need additional compute capacity. As a result, an engineer provisioned 2 additional VM.Standard2.8 instances. You register the 2 VM.Standard2.8 instances with your load balancer backend slot and quickly find that the VM.Standard2.8 instances running at 100% of CPU utilization but the BM.Standard2.52 instances have significant CPU capacity that is unused. Which option is the most cost effective and uses instances capacity most effectively? Configure Load Balancer with 2 VM.Standard2.8 instances and use auto-scaling instance pool to add up to 2 additional VM instances. Shut off BM.Standard2.52 instances. Route traffic to BM.Standard2.52 and VM.Standard2.8 instances directly using DNS and Health Checks. Shut off the load balancers. Configure auto-scaling instance pool with Load Balancer to add up to 3 more BM.Standard2.52 instances when triggered. Shut off VM.Standard2.8 instances. Configure your load balancer with weighted round robin policy to distribute traffic to the compute instances, with more weight assigned to bare metal instances

Configure your load balancer with weighted round robin policy to distribute traffic to the compute instances, with more weight assigned to bare metal instances

1. You are working as a solution architect with a global automotive provider who is looking to create a multi-cloud solutionThey want to run their application tier in Microsoft Azure while utilizing the Oracle DB Systems In the Oracle Cloud Infrastructure (OCI). What is the most fault tolerant and secure solution for this customer? Create a VPN connection between the application tie, running in Azure Virtual Network and Oracle Databases running In OCI Virtual Cloud Network (VCN). Use OCI Virtual Cloud Network remote peering connection to create connectivity among application tier running in Microsoft Azure Virtual Network and Oracle Databases running in OCI Virtual Cloud Network(VCN). Create an Oracle database in OCI Virtual Cloud Network (VCN) and connect to the application tier running In Microsoft Azure over the Internet. Create a FastConnect virtual circuit and choose Microsoft Azure from the list of providers available to setup Network connectivity between application tier running in Microsoft Azure Virtual Network and Oracle Databases running In OCI Virtual Cloud (VCN)

Create a FastConnect virtual circuit and choose Microsoft Azure from the list of providers available to setup Network connectivity between application tier running in Microsoft Azure Virtual Network and Oracle Databases running In OCI Virtual Cloud (VCN)

1. You are helping a customer troubleshoot a problem. The customer has several Oracle Linux servers in a private subnet within a Virtual Cloud Network (VCN). The servers are configured to periodically communicate to the Internet to get security patches for applications Installed on them. The servers are unable to reach the Internet. An Internet Gateway has been deployed In the public subnet in the VCN and the appropriate routes are configured in the Route Table associated with the public subnet. Based on cost considerations, which option will fix this Issue? Implement a NAT instance In the public subnet of the VCN and configure the NAT instance as the route target for the private subnet. Create a Public Load Balancer In front of the servers and add the servers to the Backend Set of the Public Load Balancer. Create another Internet Gateway and configure it as route target for the private subnet. Create a NAT gateway in the VCN and configure the NAT gateway as the route target for the private subnet.

Create a NAT gateway in the VCN and configure the NAT gateway as the route target for the private subnet.

Multiple departments in your company use a shared OCI tenancy to implement their projects. You are in charge of managing the cost of OCI resources in the tenancy and need to obtain better insights into department usage. Which 3 options can you implement together to accomplish this? Create a budget that matches your commitment amount and an alert at 100% of the forecast Use the billing cost tracking report to analyze costs Set up consolidated budget tracking tags to analyze costs in granular manner Set up different compartments for each department then track and analyze cost per compartment Set up a tag default that automatically applies tags to all specified resources created in a compartment then use these tags for cost analysis

Create a budget that matches your commitment amount and an alert at 100% of the forecast Set up different compartments for each department then track and analyze cost per compartment Set up a tag default that automatically applies tags to all specified resources created in a compartment then use these tags for cost analysis

1. You are advising the database administrator responsible for managing non-production environment for Oracle Autonomous Database running on Oracle CloudInfrastructure. You need to help the database administrator ensure that the non-production environments have a copy of the current data from the production environment in a manner that is most time-efficient. Which method should you recommend? Create a metadata clone of the production Autonomous Database and create the non-production database from it. Create a full clone of the production Autonomous Database and create the non-production database from it. Take a Data Pump export of the production Autonomous database and import into the non-production database. Take a full database backup of the production Autonomous database and create the non-production database from it.

Create a full clone of the production Autonomous Database and create the non-production database from it.

1. You are advising the database administrator responsible for managing non-production environment for Oracle Autonomous Database running on Oracle CloudInfrastructure. You need to help the database administrator ensure that the non-production environments have a copy of the current data from the production environment in a manner that is most time-efficient. Which method should you recommend? Create a metadata clone of the production Autonomous Database and create the non-production database from it. Take a full database backup of the production Autonomous database and create the non-production database from it. Create a full clone of the production Autonomous Database and create the non-production database from it. Take a Data Pump export of the production Autonomous database and import into the non-production database.

Create a full clone of the production Autonomous Database and create the non-production database from it.

1. Your customer recently ordered for a 1-Gbps Fast Connect connection In ap-tokyo-1 region of Oracle Cloud Infrastructure (OCI). They will us this to one Virtual cloud Network (VCN) in their production (OC1) tenancy and VCN In their development OC1 tenancy. As a Solution Architect, how should yon configure and architect the connectivity between on premises and VCNs In OCI? Create two private virtual circuits on the FastConnect link. Create two Dynamic Routing Gateways, one for each VCNs. Attach the virtual circuits to the dynamic routing gateways. Create a single private virtual circuit over FastConnect and attach fastConnect to either of the VCN's Dynamic Routing Gateway. Use Remote Peering to peer production and development VCNs. Create a hub-VCN that uses Dynamic Routing Gateway (DRG) to communicate with on-premises network over FastConnect. Connect the hub-VCN to the production VCN spoke and with development VCN spoke, each peered via their respective local Peering Gateway (LPG) You cannot achieve connectivity using single FastConnect link as the production and the development VCNs-are in separate tenancies. Request one more FastConnect connection.

Create a hub-VCN that uses Dynamic Routing Gateway (DRG) to communicate with on-premises network over FastConnect. Connect the hub-VCN to the production VCN spoke and with development VCN spoke, each peered via their respective local Peering Gateway (LPG)

1. A civil engineering company is running an online portal in which engineers can upload their construction photos, videos, and other digital files. There is a new requirement for you to implement: the online portal must offload the digital content to an Object Storage bucket for a period of 72 hours. After the provided time limit has elapsed, the portal will hold all the digital content locally and wait for the next offload period. Which option fulfills this requirement? Create a pre-authenticated URL for the entire Object Storage bucket to read and list the content with an expiration of 72 hours. Create a pre-authenticated URL for each object that is uploaded to the Object Storage bucket with an expiration of 72 hours. Create a Dynamic Group with matching rule for the portal compute instance and grant access to the Object Storage bucket for 72 hours. Create a pre-authenticated URL for the entire Object Storage bucket to write content with an expiration of 72 hours.

Create a pre-authenticated URL for the entire Object Storage bucket to write content with an expiration of 72 hours.

41. Many development engineers are deploying new instances as part of their projects in OCI tenancy, but majority of these instances have not been tagged. You as an administrator of this tenancy want to enforce tagging to identify owners who are launching these instances. Which option below should be used to implement this requirement? Create an IAM policy to automatically tag a resource with a username. Create a predefined tag with tag variables to automatically tag a resource with username. Create tag variables for each compartment to automatically tag a resource with username. Create a default tag for each compartment which ensure appropriate tags are allowed at resource creation.

Create a predefined tag with tag variables to automatically tag a resource with username.

1. An insurance company is storing critical financial data in the OCI block volume. This volume is currently encrypted using Oracle managed keys. Due to regulatory compliance, the customer wants to encrypt the data using the keys that they can control and not the keys which are controlled by Oracle. What of the following series of tasks are required to encrypt the block volume using customer managed keys? Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume Create a master encryption key, create a data encryption key, decrypt the block volume using existing Oracle managed keys, encrypt the block volume using the data encryption key Create a vault, import your master encryption key into the vault, generate data encryption key, assign data encryption key to the block volume Create a master encryption key, create a new version of the encryption key, decrypt the block volume using existing Oracle managed keys and encrypt using new version of the encryption key

Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume

1. You have developed an alternative archival solution using OCI that will save the company a significant amount of money on a yearly basis. The solution involves storing data in an OCI Object Storage bucket. After reviewing your solution with the customer, the Global Compliance (GRC) team have highlighted the following security requirements: All data less than 1 year old must be accessible within 2 hours All data must be retained for at least 10 years and be accessible within 48 hours All data must be encrypted at rest No data may be transmitted across the public internet Which 2 options meet the requirements outlined by the customer GRC team? Provision a FastConnect link to the closest OCI region and configure a private peering virtual circuit. Create an OCI Object Storage Standard tier bucket. Configure a lifecycle policy to archive any object that is older than 365 days. Create a VPN connection between your on-premises data center and OCI. Create a VCN along with an OCI Service Gateway for OCI Object Storage Provision a FastConnect link to the closest OCI region and configure a public peering virtual circuit Create an OCI Object Storage Standard tier bucket. Configure a lifecycle policy to delete any object that is older than 7 years.

Create an OCI Object Storage Standard tier bucket. Configure a lifecycle policy to archive any object that is older than 365 days. Provision a FastConnect link to the closest OCI region and configure a public peering virtual circuit

51. You have multiple IAM users who launch different types of compute instances and block volumes every day. As a result, your OCI tenancy quickly hit the service limit and you can no longer create any new instances. As you are cleaning up an environment, you notice that the majority of the instances and block volumes are untagged. Therefore, it is difficult to pinpoint the owner of these resources verify if they are safe to terminate. Because of this, your company has issued a new mandate, which requires adding compute instances. Which option is the simplest way to implement this new requirement? Create a policy to automatically tag a resource with the username Create a policy using IAM requiring users to tag specific resources. This will allow a user to launch compute instances now if certain tags were defined. Create tag variables to automatically tag a resource with the user name Create a default tag for each compartment, which ensures that appropriate tags are applied at resource creation Create tag variables for each compartment to automatically tag a resource with the username

Create tag variables to automatically tag a resource with the user name

40. You notice that a majority of your OCI resources like compute instances, block volumes, and load balancers are not tagged. You have received a mandate from your CIO to add a predefined set of tags to identify owners for respective OCI resources. E.g. If Chris and Larry each create compute instances in a compartment, the instances that Chris creates include tags that contain his name as the value, while the instances that Larry creates have his name. Which option is the simplest way to implement this new tagging requirement? Create a default tag for each compartment, which ensure that appropriate tags are applied at the time of resource creation. Create an OCI IAM policy to automatically tag a resource with the user name. Create tag variables to automatically tag a resource with the user name. Create an OCI IAM policy requiring users to tag resources with their user name.

Create tag variables to automatically tag a resource with the user name.

8. You are building a demo for a customer that showcases OCI Events service and Oracle Functions. You plan to create an event every time an image is uploaded to an OCI Object Storage bucket. You have also created a function that is listening to the event and processes the image for face recognition. Choose 2 actions from below that are NOT required to run the demo successfully. You must specify an action type while creating an Event service and specify the function you want to trigger You must deploy the function that does facial recognition for the demo to work Creating an event rule is not permitted for OCI Object Storage The function must be deployed only to OKE You have to enable Object Storage buckets to emit events for state changes

Creating an event rule is not permitted for OCI Object Storage The function must be deployed only to OKE

16. You are building a demo for a customer that showcases OCI Events service and Oracle Functions. You plan to create an event every time an image is uploaded to an OCI Object Storage bucket. You have also created a function that is listening to the event and processes the image for face recognition. Choose the 2 actions from below that are NOT required to run the demo successfully. You have to enable Object Storage buckets to emit events for state changes. Creating an event rule is not permitted for OCI Object Storage. You must specify an action type while creating an Event service and specify the function you want to trigger. The function must be deployed only to OKE. You must deploy the function that does facial recognition for the demo to work.

Creating an event rule is not permitted for OCI Object Storage. The function must be deployed only to OKE.

31. There are 2 compartments: Networks and DevInstances There are 2 groups: NetworkAdmins with a user named Nick and Devs with a user named Dave The following IAM policies are being used: - Allow group NetworkAdmins to manage virtual-network-family in compartment Networks -Allow group NetworkAdmins to manage instance-family in compartment Networks -Allow group Dave to use virtual-network-family in compartment Networks -Allow group Dave to manage all-resources in compartment DevInstances Nick creates a VCN in Networks compartment. Dave creates a VCN in DevInstances compartment. Which of the following statements is INCORRECT? Dave launches instances in DevInstances using the VCN in Networks compartment Nick launches instances in Networks using VCN in DevInstances compartment Dave cannot launch new instances in Networks compartment Nick cannot launch new instances in DevInstances compartment

Dave launches instances in DevInstances using the VCN in Networks compartment

1. Your customer has gone through a recent departmental re structure. As part of this change, they are organizing their Oracle Cloud Infrastructure (OCI) compartment structure to align with the company's new organizational structure.They have made the following change: Compartment X is moved, and its parent compartment is now compartment c. Policy defined in compartment A: Allow group networkadmins to manage subnets in compartment X Policy defined in root compartment: Allow group admins to read subnets in compartment Finance:A:X After the compartment move, which action will provide users of group networkadmins and admins with similar privileges as before the move? Define a policy in compartment HR as follows: Allow group network admins to manage subnets in compartment X. Define a policy in compartment C as follows Allow group admins to read subnets in compartment HR:C:X Define a policy in compartment C as follows: Allow group admins to read subnets in compartment HR:C:X Define a policy in Compartment C as follows: Allow group network admins to manage subnets in compartment X. No change in any policy statement is required as compartments move automatically moves alt the policy statements associated with compartments as well.

Define a policy in Compartment C as follows: Allow group network admins to manage subnets in compartment X.

1. Your company needs to migrate a business critical application from your data center to Oracle Cloud Infrastructure (OCI). The application runs on OracleDatabase and both the application and database servers run on Oracle Linux version 7. The application server is WebLogic server running on multiple 4-core servers and the database is deployed as an Oracle Database Enterprise Edition RAC database on 2 servers (4-cores each). Which method of database migration should you choose so that the application has minimal impact? Deploy Virtual Machine RAC DB system on OCI and use the Oracle Database Backup module with RMAN to migrate the data from customer on-premises to OCI. Deploy Virtual Machine RAC DB system on OCI and use the ZDM tool for the database migration. Deploy Exadata Cloud Service Base rack and use Oracle Data Pump tool to migrate the data from customer on-premises to OCI. Deploy Autonomous Transaction Processing Database on OCI and use the MV2ADB tool for the database migration.

Deploy Virtual Machine RAC DB system on OCI and use the ZDM tool for the database migration.

50. After performing maintenance on an Oracle Linux compute instance, the system is returned to a running state. You attempt to connect using SSH but are unable to do so. You decided to create an instance console connection to troubleshoot the issue. Which 3 tasks would enable you to connect to the console connection and begin troubleshooting? Use SSH to connect to the public IP address of the compute instance and provide the console connection OCID as the username Upload an API signing key for console connection authentication Edit the Linux boot menu to enable access to console Stop the compute instance using the OCI CLI Use SSH to connect to the service endpoint of the console connection service Reboot the compute instance using the OCI Management Console

Edit the Linux boot menu to enable access to console Use SSH to connect to the service endpoint of the console connection service Reboot the compute instance using the OCI Management Console

Question 3 of 11 Your company needs to migrate a business critical application from your data center to Oracle Cloud Infrastructure (OCI). The application runs on OracleDatabase and both the application and database servers run on Oracle Linux version 7. The application server is WebLogic server running on multiple 4-core servers and the database is deployed as an Oracle Database Enterprise Edition RAC database on 2 servers (4-cores each). Which method of database migration should you choose so that the application has minimal impact? Deploy Exadata Cloud Service Base rack and use Oracle Data Pump tool to migrate the data from customer on-premises to OCI. Deploy Virtual Machine RAC DB system on OCI and use the ZDM tool for the database migration. Deploy Virtual Machine RAC DB system on OCI and use the Oracle Database Backup module with RMAN to migrate the data from customer on-premises to OCI. Deploy Autonomous Transaction Processing Database on OCI and use the MV2ADB tool for the database migration.

Deploy Virtual Machine RAC DB system on OCI and use the ZDM tool for the database migration.

59. An automobile company wants to deploy their CRM application for Oracle DB on OCI DB systems for one of their major clients. In compliance with the Business Continuity Program of the client, they need to provide a Recovery Point Objective (RPO) of 24 hours and a Recovery Time Objective (RTO) of 1 hour. The CRM application should be available in the event that an entire region is down. Which approach is the most suitable and cost effective configuration for this scenario? Deploy a 1 node VM Oracle DB in one region and replicate the database to a 1 node VM Oracle database in another region using a manual step and configuration of Oracle Data Guard. Deploy a 2 node VM Oracle RAC database in one region and replicate the database to a 2 node VM Oracle RAC database in another region using a manual setup and configuration of Oracle Data Guard. Deploy a 1 node VM Oracle database in one region. Manually configure a Recovery Manager (RMAN) database backup schedule to take hourly database backups. Asynchronously copy the database backups to Object Storage in another OCI region. If the primary OCI region is unavailable, launch a new VM database in the other OCI region and restore the production database from the backup. Deploy an ATP serverless database in one region and replicate it to an ATP serverless database in another region using GoldenGate.

Deploy a 1 node VM Oracle DB in one region and replicate the database to a 1 node VM Oracle database in another region using a manual step and configuration of Oracle Data Guard.

20. An E-Commerce company wants to deploy their web application for Oracle Database on Oracle Cloud Infrastructure (OCIJ DB Systems. In compliance with the business continuity program of the business, they need to provide a Recovery Point Objective (RPO) of 1 hour and a Recovery Time Objective (RTO) of 5 minutes. The web application should be highly available within the region and meet the RTO and RPO requirements in case of a region outage. Which approach is the most suitable and cost effective configuration for this scenario? Deploy a 1 node VM Oracle database in one region and replicate the database to a 1 node VM Oracle database in another region using a manual setup and configuration of Oracle Data Guard. Deploy an Autonomous Transaction Processing (Serverless) database in one region and replicate it to an Autonomous Transaction Processing (Serverless) database in another region using Oracle GoldenGate. Deploy a 2 node Virtual Machine (VM) Oracle RAC database in one region and replicate the database to a 2 node VM Oracle RAC database in another region using a manual setup and configuration of Oracle Data Guard. Deploy a 1 node VM Oracle database in one region. Manually Configure a Recovery Manager (RMAN) database backup schedule to take hourly database backups. Asynchronously copy the database backups to object storage in another OCI region. If the primary OCI region is unavailable, launch a new 1 node VM Database in the other OCI region and restore the production database from the backup.

Deploy a 2 node Virtual Machine (VM) Oracle RAC database in one region and replicate the database to a 2 node VM Oracle RAC database in another region using a manual setup and configuration of Oracle Data Guard.

1. You developed a micro-services based application that runs on OKE. It has multiple endpoints that need to be exposed to the public internet. What is the most cost effective way to expose multiple application endpoints without adding complexit to the application? Deploy an ingress controller and use it to expose each endpoint with its own routing endpoint Use separate load balancer instances for each service, but use the 100 Mbps load balancer option Use NodePort service type in Kubernetes for each of your service endpoints and use node's public IP address to access the applications Use ClusterIP service type in Kubernetes for each of your service endpoints and use a load balancer to expose the endpoints.

Deploy an ingress controller and use it to expose each endpoint with its own routing endpoint

1. You are tasked with building a highly available, fault tolerant web application for your current employer. The security team is concerned about an increase in malicious web-based attacks across the internet and asked what you can do to add a higher level of security to the website. How should you architect the solution on Oracle Cloud Infrastructure (OCI) to meet all requirements defined by your organization? Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Deploy a Web Application Firewall (WAF) and Configure the load balancer public IP address as the origin. Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Use the OCI traffic Management service to create a load balancing policy that will resolve DNS evenly between all web servers. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Create a Geolocation steering policy in Trac Management and add an answer pool that directs to the public IP address of the load balancer. Configure a global catch-all rule to use this answer pool. Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Ensure that each web application server is assigned a public IP address. Deploy a Web Application Firewall (WAF) and configure one Origin for each public IP address.

Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Deploy a Web Application Firewall (WAF) and Configure the load balancer public IP address as the origin.

Question 8 of 11 You are tasked with building a highly available, fault tolerant web application for your current employer. The security team is concerned about an increase in malicious web-based attacks across the internet and asked what you can do to add a higher level of security to the website.How should you architect the solution on Oracle Cloud Infrastructure (OCI) to meet all requirements defined by your organization? Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Use the OCI traffic Management service to create a load balancing policy that will resolve DNS evenly between all web servers. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Create a Geolocation steering policy in Trac Management and add an answer pool that directs to the public IP address of the load balancer. Configure a global catch-all rule to use this answer pool. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Deploy a Web Application Firewall (WAF) and Configure the load balancer public IP address as the origin. Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Ensure that each web application server is assigned a public IP address. Deploy a Web Application Firewall (WAF) and configure one Origin for each public IP address.

Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Deploy a Web Application Firewall (WAF) and Configure the load balancer public IP address as the origin.

1. A new International hacktivfst group based in London, launched a wide scale cyber attacks Including SQL Injection and Cross-Site Scripting (XSS) across multiple websites which are hosted in Oracle Cloud Infrastructure (OCI). As an IT consultant, you must configure a Web Application Firewall (WAF) to protect these website against the attacks. How should you configure your WAF to protect the website against those attacks? Enable an Access Rule to block the IP Address range from London. Enable an Access Rule that contains XSS Filters Categories and SQL Filters Categories. Enable a Protection Rule to block requests that came from London. Enable a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL strings. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

1. An OCI Architect is working on a solution consisting of analysis of data from clinical trials of a pharmaceutical company. The data is being stored in OCI ADW having 8 OCPUs and 70TB of storage. The architect is planning to setup auto-scaling to respond to dynamic changes in the workload. Which of the following needs to be considered while configuring auto-scaling? The maximum CPU cores that will be automatically allocated for this database is 16 OCPUs. The database memory SGA and PGA will not be affected by the changes in the number of OCPUs during auto-scaling Enabling auto-scaling does not change the concurrency and parallelism settings Auto-scaling also scales IO throughput along with OCPU

Enabling auto-scaling does not change the concurrency and parallelism settings Auto-scaling also scales IO throughput along with OCPU

A data analytics company has been building its new generation big data and analytics platform on OCI. They need a storage service that provides the scale and performance that their big data applications require such as high throughput to compute nodes with low latency file operations in addition, their data needs to be stored redundantly across multiple nodes in a single AD and allows concurrent connections from multiple compute instances hosted on multiple Ads. Which OCI storage service can you use to meet this requirement? Object Storage File System Storage Archive Storage Block Volume

File System Storage

7. You are tasked with backing up your data using OCI Block Volume service. When you are finalizing your block volume backup schedule, which of the following two are valid considerations for your backup plan? Choose 2. Frequency: How often you want to back up your data Governance: Tagging of backups so you can capture backup related API calls through the Audit service Number of Stored Backups: How many backups you need to keep available and the deletion schedule for those you no longer need Encryption: Whether you use your own key to encrypt your volume backups Location: Determine the Object Store Bucket where the backups are stored

Frequency: How often you want to back up your data Number of Stored Backups: How many backups you need to keep available and the deletion schedule for those you no longer need

1. You work for a large bank where your main application is a payment processing gateway API. You deployed the application on Oracle Container Engine for Kubernetes (OKE) and used API Gateway with several policies to control the access of the API endpoint.However, your customers are complaining about the unavailability of the API endpoint. Upon checking, you noticed that the Gateway URL is throwing ServiceUnavailable error. You need to check the backend latency and backend responses when this error started last night. What should you do to get this data? Check with the application owner and search the log file for the container to get the metrics from the log file. Go to Monitoring and click on Service Metrics. Choose the Metric Namespace as oci_apigateway. Change the Start and End time accordingly. Add a Dimension and select httpStatusCode: 503. Check the backend latency and backend responses metric. Go to Developer Services and click on API Gateway. Go to the detail page of the gateway and select Metrics. Change the Start and End time to filter the metrics. Go to Governance Menu and click on Audit to see the Audit log for the API Gateway. Filter it using Start and End date with a 503 response status.

Go to Monitoring and click on Service Metrics. Choose the Metric Namespace as oci_apigateway. Change the Start and End time accordingly. Add a Dimension and select httpStatusCode: 503. Check the backend latency and backend responses metric.

Question 5 of 11 You work for a large bank where your main application is a payment processing gateway API. You deployed the application on Oracle Container Engine for Kubernetes (OKE) and used API Gateway with several policies to control the access of the API endpoint.However, your customers are complaining about the unavailability of the API endpoint. Upon checking, you noticed that the Gateway URL is throwing ServiceUnavailable error. You need to check the backend latency and backend responses when this error started last night. What should you do to get this data? Go to Developer Services and click on API Gateway. Go to the detail page of the gateway and select Metrics. Change the Start and End time to filter the metrics. Go to Governance Menu and click on Audit to see the Audit log for the API Gateway. Filter it using Start and End date with a 503 response status. Go to Monitoring and click on Service Metrics. Choose the Metric Namespace as oci_apigateway. Change the Start and End time accordingly. Add a Dimension and select httpStatusCode: 503. Check the backend latency and backend responses metric. Check with the application owner and search the log file for the container to get the metrics from the log file.

Go to Monitoring and click on Service Metrics. Choose the Metric Namespace as oci_apigateway. Change the Start and End time accordingly. Add a Dimension and select httpStatusCode: 503. Check the backend latency and backend responses metric.

58. A cost conscious fashion design company which sells bags, clothes, and other luxury items has recently decided to move all their on-premises infrastructure to OCI. One of their on-premises applications is running on an NGINX server and the Oracle database is running in a 2 node Oracle RAC configuration. Based on cost considerations, what is an effective mechanism to migrate the customer application to OCI and set up regular automated backups? Launch a compute instance and run an NGINX server to host the application. Deploy a 2 node VM DB systems with Oracle RAC enabled, Import the on-premises database to OCI VM DB systems using data pump, and then enable automatic backup. Also, enable Oracle Data Guard on the database server. Launch a compute instance and run an NGINX server to host the application, deploy a 2 node VM DB systems with Oracle RAC enabled, import the on-premises database to OCI VM DB systems using Oracle Data Pump, and then enable automatic backups. Launch a compute instance and run an NGINX server to host the application. Deploy Exadata quarter rack, enable automatic backups, and import the database using Oracle Data Pump. Launch a compute instance for both the NGINX application server and the database server. Attach block volumes on the database server compute instance and enable backup policy to backup the block volumes.

Launch a compute instance and run an NGINX server to host the application, deploy a 2 node VM DB systems with Oracle RAC enabled, import the on-premises database to OCI VM DB systems using Oracle Data Pump, and then enable automatic backups.

56. A large London based ecommerce company is running Oracle DB system Virtual RAC database on OCI for their ecommerce application activity. They are launching a new product soon, which is expected to sell in large quantities all over the world. The application architecture should have minimal cost, no data loss, no performance impacts during the database backup window and should have minimal downtime. Launch a new VM RAC database in another AD, launch a compute instance, deploy Oracle GoldenGate on it and then configure it to replace the data from the ecommerce database over to the new RAC database using GoldenGate. Take backups from the new VM RAC database. Turn off automated backups from the ecommerce database, implement Oracle Data Guard with the standby database deployed on another AD, take backups from the standby database. Launch a new VM RAC database in another availability domain, launch a compute instance, deploy Oracle GoldenGate on it and then configure bi-directional replication from the ecommerce database over to the new VM RAC database using GoldenGate. Take backups from the new VM RAC database. Turn off automatic backups from the ecommerce database, implement Oracle Active Data Guard with the standby database deployed on another AD, and take backups from the standby database.

Launch a new VM RAC database in another availability domain, launch a compute instance, deploy Oracle GoldenGate on it and then configure bi-directional replication from the ecommerce database over to the new VM RAC database using GoldenGate. Take backups from the new VM RAC database.

11. You have decided to migrate your application to Oracle Cloud Infrastructure and use Oracle Functions to deploy your microservices. Which monitoring metrics are available to help you calculate your total cost for using Oracle Functions per month? (Choose 2) Amount of RAM used by your functions. Length of time a function runs. Number of times a function is invoked. Amount of storage used by your functions. Network bandwidth used by your functions.

Length of time a function runs. Number of times a function is invoked.

1. An organization has its mission critical application consisting of multiple application servers and databases running inside Virtual Cloud Network (VCN) in uk-london-1 region. Their solution architect wants to further strengthen their architecture by planning for Disaster Recovery (DR) in eu-frankfurt- 1 region. Which two solutions should their architect keep in mind while designing for DR? Load balancer will automatically distribute traffic between both the regions. rsync utility can be used to asynchronously copy file systems or snapshot data to another region. A remote VCN peering connection is required to establish secure and reliable connectivity between different VCNs created in uk-london-1 and eu-frankfurt-1 region. It is not possible to use Active Data Guard to synchronize a database in uk-london-1 region to equivalent database in eu-frankfurt-1 region. The RTO is the acceptable timeframe of lost data that application can tolerate.

Load balancer will automatically distribute traffic between both the regions. A remote VCN peering connection is required to establish secure and reliable connectivity between different VCNs created in uk-london-1 and eu-frankfurt-1 region.

2. Which of the following is NOT a good use case for the OCI Streaming Service? Ingesting metric and log data to help make critical operational data more quickly available for indexing, analysis, and visualization Providing a unified entry point for cloud components to report their lifecycle events for audit, accounting, and related activities Messaging with a pull-based communication model and the ability to feed multiple consumers with the same data independently Meeting compliance requirements for data to remain unchanged over a long time, so that it can be retrieved for audit purposes

Meeting compliance requirements for data to remain unchanged over a long time, so that it can be retrieved for audit purposes

39. Which of the following features is NOT supported by OCI Multi-factor authentication (MFA)? Users can disable MFA for their own accounts. Members of the Administrators group can disable MFA for other users. Members of the Administrators group can enable MFA for other users. Only the user can enable MFA for their own account.

Members of the Administrators group can enable MFA for other users.

1. A retailer bank is currently hosting their mission critical customer application on-premises. The application has a standard 3 tier architecture - 4 application servers process the incoming traffic and store application data in an Oracle Exadata Database Server. The bank has recently had service disruption to other internal applications so they are looking to avoid this issue for their mission critical customer application. Which Oracle Cloud Infrastructure services should you recommend as part of the DR solution? OCI DNS service, Public Load Balancer, Oracle Database Cloud Backup Service, Object Storage Service, Oracle Bare Metal Cloud Service, Oracle Bare Metal Cloud Service with GoldenGate, OCI Container Engine for Kubernets, Oracle IPSec VPN OCI Traffic Management, Private Load Balancer, Compute Instances distributed across multiple ADs and/or Fault Domains, Exadata Cloud Service with Data Guard, Oracle FastConnect, Object Storage, Database Cloud Backup module OCI Traffic Management, Public Load Balancer, Compute Instances distributed across multiple ADs and/or Fault Domains, Exadata Cloud Service with Data Guard, Oracle FastConnect, Object Storage, Database Cloud Service Backup module OCI DNS service, Load Balancer as a service using Public Load Balancer distributing traffic, Compute Instances across multiple regions, Oracle RAC Database using VMs, Remote Peering connecting 2 VCNs in different regions, Exadata Cloud Service with GoldenGate, FastConnect, Object Storage, Database Cloud Backup module

OCI Traffic Management, Public Load Balancer, Compute Instances distributed across multiple ADs and/or Fault Domains, Exadata Cloud Service with Data Guard, Oracle FastConnect, Object Storage, Database Cloud Service Backup module

1. A manufacturing company is planning to migrate their on-premises database to OCI and has hired you for the migration. Customer has provided following information regarding their existing on-premises database: Database version, host OS and version, database character set, storage for data staging, acceptable length of system outage. What additional information do you need from customer in order to recommend a suitable migration method? Choose 2. On-premises host OS and version Elapsed time since database was last patched Number of active connections Data types used in the on-premises database Top 5 longest running queries

On-premises host OS and version Data types used in the on-premises database

48. Your team is conducting a root cause analysis (RCA) following a recent unplanned outage. One of the block volumes attached to your production WebLogic server was deleted and you have tasked with identifying the source of the action. You search the Audit logs and find several Delete actions that occurred the previous 24 hours. <image> Which item from the event log helps you identify the individual or service that initiated the DeleteVolume API call? requestAgent eventSource PrincipalID requestOrigin EventID

PrincipalID

Your team is conducting a root cause analysis (RCA) following a recent unplanned outage. One of the block volumes attached to your production WebLogic server was deleted and you have tasked with identifying the source of the action. You search the Audit logs and find several Delete actions that occurred the previous 24 hours. <image> Which item from the event log helps you identify the individual or service that initiated the DeleteVolume API call? requestAgent eventSource PrincipalID requestOrigin EventID

PrincipalID

!!! You are currently working for a public health care company based in the United Stats. Their existing patient records runs in an on-premises data center and the customer is sending tape backups offsite as part of their recovery planning. You have developed an alternative archival solution using Oracle Cloud Infrastructure (OCI) that will save the company a significant amount of mom on a yearly basis. The solution involves storing data in an OCI Object Storage bucket After reviewing your solution with the customer global Compliance (GRC) team they have highlighted the following security requirements: • All data less than 1-year-old must be accessible within 2 hours.• All data must be retained for at least 10 years and be accessible within 48 hours • AH data must be encrypted at rest• No data may be transmitted across the public Internet Which two options meet the requirements outlined by the customer GRC team? Provision a FastConnect link to the closest OCI region and configure a private peering virtual circuit. Provision a FastConnect link to the closest OCI region and configure a public peering virtual circuit Create a VPN connection between your on premises data center and OCI. Create a Virtual Cloud Network (VCN) along with an OCI Service Gateway for OCI Object Storage. Create an OCI Object Storage Standard tier bucket. Configure a lifecycle policy to delete any object that is older than 7 years Create an OCI Object Storage Standard tier bucket Configure a lifecycle policy to archive any object that Is older than 365 days

Provision a FastConnect link to the closest OCI region and configure a public peering virtual circuit Create an OCI Object Storage Standard tier bucket Configure a lifecycle policy to archive any object that Is older than 365 days

30. You are working on the migration of the web application infrastructure of your company from on-premises to OCI. You need to ensure that the DNS cache entries of external clients will not direct them to the on-premises infrastructure after switching to the new infrastructure. Which of the following options will minimize this problem? Reduce the TTL of the DNS records before the switch. Increase the TTL of the DNS records after the switch. Reduce the TTL of the DNS records after the switch. DNS changes propagate fast enough that is not necessary to take any action. Increase the TTL of the DNS records before the switch.

Reduce the TTL of the DNS records before the switch.

You are working as a solution architect for an online retail store to create a portal to allow the users to pay for their groceries using credit cards. Since the application is not fully compliant with the Payment Cared Industry Data Security Standard (PCI DSS), your company is looking to use a third party payment service to process credit card payments. The third party service allows a maximum of Spelunk IP addresses 5 public IP addresses at a time. However your website is using OCI instance pool auto-scaling policy to create up to 15 instances during peak traffic demand, which are launched in VCN private subnets and attached to an OCI public load balancer. Upon user payment, the portal connects to the payment service over the internet to complete the transaction. What solution can you implement to make sure that all compute instances can connect to the third party system to process the payments for peak traffic demand? Route credit card payment request for the compute instances through the NAT Gateway. On the third-party services, whitelist the public IP associated with the NAT Gateway Whitelist the Internet Gateway Public IP on the third-party service and route all payment requests through the Internet Gateway. Create an OCI CLI script to automatically reserve public IP addresses for the compute instances. On the third services, whitelist the reserved public IP. Route payment request from the compute instances through the OCI load balancer, which will then be routed to the third party service.

Route payment request from the compute instances through the OCI load balancer, which will then be routed to the third party service.

1. You are running a legacy application in a compute instance on Oracle Cloud Infrastructure (OCI). To provide enough space for it to store internal data, a block volume is attached to the instance in paravirtualized mode.Your application is not resilient to crash-consistent backup. What should you do to backup the block volume in a secure and cost effective way? Create a volume group, add the boot volume and then run the volume group backup. Save your application data, detach the block volume and create a backup. Save your application data, detach the block volume and create a clone. Create a backup, detach the block volume and save your application data.

Save your application data, detach the block volume and create a backup.

Question 6 of 11 You are running a legacy application in a compute instance on Oracle Cloud Infrastructure (OCI). To provide enough space for it to store internal data, a block volume is attached to the instance in paravirtualized mode.Your application is not resilient to crash-consistent backup. What should you do to backup the block volume in a secure and cost effective way? Save your application data, detach the block volume and create a backup. Create a backup, detach the block volume and save your application data. Save your application data, detach the block volume and create a clone. Create a volume group, add the boot volume and then run the volume group backup.

Save your application data, detach the block volume and create a backup.

22. You have been asked to create a mobile application which will be used for submitting orders by users of a popular E-Commerce site. The application is built to work with Autonomous Transaction Processing - Serverless (ATP-S) database as the backend and HTML5 on Oracle Application Express as the front end. During the peak usage of the application you notice that the application response time is very slow. ATP-S database is deployed with 3 CPU cores and 1 TB of memory. Which two options are expensive or impractical ways to improve the application response times? Identify the maximum memory capacity needed for peak times and scale the memory for the ATPS database to that number. ATP-S will scale the memory down when not needed. Use the Machine Learning (ML) feature of the ATP-S database iteratively to tune the SQL queries used by the application. Scale up CPU core count and memory during peak times. Enable auto scaling for CPU cores on ATP-S database. Identify the maximum CPU capacity needed for peak times and scale the CPU core count for the ATP-S database to that number. ATP-S will scale the CPU core count down when not needed.

Scale up CPU core count and memory during peak times. Identify the maximum CPU capacity needed for peak times and scale the CPU core count for the ATP-S database to that number. ATP-S will scale the CPU core count down when not needed.

1. You are tasked with migrating an online shopping website to OCI and decide to use a Load Balancer. You have configured the backend set with the round robin policy. During the testing phase, you noticed that users are losing items from their shopping carts when they navigate to different pages. How should you implement a solution to this problem? Set up a Traffic Management Steering Policy to redirect traffic to a different backend set that is deployed exclusively for the purpose of holding all items placed in the shopping cart. Configure a set of path rules that will route to different backend sets based on the URI requested by the customer's browser. Set up session persistence at the Load Balancer backend set. Replace the round robin policy with least connections policy at the backend set.

Set up session persistence at the Load Balancer backend set.

3. Which of the following options is true regarding OCI's load balancing service? When you create a private load balancer, the service requires 2 or more subnets to host both the primary and standby load balancers. The public load balancer applies a floating public IP address to the primary load balancer. You can dynamically change the load balancer shape to handle more incoming traffic. A public load balancer is Availability Domain specific in scope.

The public load balancer applies a floating public IP address to the primary load balancer.

1. You are working as a security consultant with a global insurance organization which is using Microsoft Azure AD as their identity provider to manage user login/passwords. When a user logs in to OCI console, it should get authenticated by Azure AD. Which set of steps are required to configure at OCI side in order to get it enabled? Setup Azure AD as an identity provider, import users and groups from Azure AD to OCI, setup IAM polices to govern access to Azure AD groups Setup Azure AD as an Enterprise Application, map Azure AD users and groups and policies to OCI groups and users Setup Azure AD as an identity provider, map Azure AD groups to OCI groups, setup the IAM polices to govern access to Azure AD groups Setup Azure AD as an Enterprise Application, configure OCI for SSO, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups You are currently working for a public health care company based in the United States. Their existing patient records runs in an on-premises data center and the customer is sending tape backups offsite as part of their recovery planning.

Setup Azure AD as an identity provider, map Azure AD groups to OCI groups, setup the IAM polices to govern access to Azure AD groups

A retail company has recently adopted a hybrid architecture. They have the following requirements for their end-to-end connectivity model between their on-premises data center and OCI region. Highly available connection with service level redundancy Dedicated network bandwidth with low latency Which connectivity setup is the most cost effective solution for this scenario? Setup IPsec VPN as your primary connection, and a FastConnect virtual circuit as a backup connection. Use separate edge devices in your on-premises data center for each connection from your edge devices, advertise more specific routes IPSec VPN, and specific routes through the backup FastConnect virtual circuit. Setup FastConnect virtual circuit as your primary connection, and a second FastConect virtual circuit as a backup connection. Use separate edge devices in your FastConnect physical connectivity is redundant. Use a single edge device in your on-premises data center for each connection from your device, advertise more specific routes via primary FastConnect virtual circuit, and less specific routes through backup FastConnect circuit. Setup FastConnect virtual circuit as your primary connection, and an IPSec VPN as a backup connection. Use separate edge devices in your on-premises data center for each connection. From your edge devices, advertise more specific routes through FastConnect virtual circuit, and more specific routes through the backup IPSec VPN path. Setup IPSec VPN as your primary connection, and a second IPSec VPN as a backup connection. Use separate edge devices in your on-premises data center for each connection. From your edge devices, advertise more specific routes via primary IPSec VPN and less specific route the backup TPSec VPN.

Setup FastConnect virtual circuit as your primary connection, and an IPSec VPN as a backup connection. Use separate edge devices in your on-premises data center for each connection. From your edge devices, advertise more specific routes through FastConnect virtual circuit, and more specific routes through the backup IPSec VPN path.

!!! A retail company has recently adopted a hybrid architecture. They have the following requirements for their end-to-end Connectivity model between their on-premises data center and Oracle Cloud Infrastructure (OC1) region* Highly available connection with service level redundancy* Dedicated network bandwidth with low latency Which connectivity setup is the most cost effective solution for this scenario? Setup IPSec VPN as your primary connection, and a second IPSec VPN as a backup connection. Use separate edge devices in your on p data center for each connection. From your edge devices, advertise more specific routes via primary IPSec VPN. and less specific rod the backup IPSec VPN. Setup FastConnect virtual circuit as your primary connection, and a second FastConnect virtual circuit as a backup connection. Use separate edge devices in your FastConnect physical connectivity is redundant Use a single edge device in your on premises data center for each connection From yc device, advertise more specific routes via primary FastConnect virtual circuit, and less specific routes through t backup FastConnect circuit. Setup FastConnect virtual circuit as your primary connection, and an IPSec VPN as a backup connection. Use separate edge devices in your on-premises data center for each connection. From your edge devices, advertise more specific routes through FastConnect virtual circuit, and more specific routes through the backup IPSec VPN path. Setup IPsec VPN as your primary connection, and a FastConnect virtual circuit as a backup connection. Use separate edge devices in your on-premises data canter for each connection from your edge devices, advertise more specific routes IPSec VPN, and specific routes through the backup FastConnect virtual circuit.

Setup IPSec VPN as your primary connection, and a second IPSec VPN as a backup connection. Use separate edge devices in your on p data center for each connection. From your edge devices, advertise more specific routes via primary IPSec VPN. and less specific rod the backup IPSec VPN.

37. You have an application running in Microsoft Azure and want to use ADW instance for running business analytics. How can you build a secure solution for such a use case? Create a software Remote Peering Connection between OCI VCN and Microsoft Azure Virtual Network (VNet) and connect the application with ADW instance. Create a software VPN connection between OCI VCN and Microsoft VNet and connect the application with ADW instance. Connect the ADW in your VCN to the Microsoft VNet over the internet. Setup an interconnect between OCI and Microsoft Azure using FastConnect and ExpressRoute. Use a Service Gateway in OCI VCN to provide connectivity to ADW instance for the application in VNet.

Setup an interconnect between OCI and Microsoft Azure using FastConnect and ExpressRoute. Use a Service Gateway in OCI VCN to provide connectivity to ADW instance for the application in VNet.

You are a solutions architect for a global health care company which has numerous data centers around the globe. Due to the ever growing data that your company is storing, you were instructed to set up a durable, cost effective solution to archive your data from your existing on-premises tape based backup infrastructure to OCI. What is the most effective mechanism to implement this requirement? Setup an on-premises OCI Storage Gateway which will back up your data to OCI Object Storage standard tier. Use Object Storage lifecycle policy management to move any data older than 30 days from Standard to Archive tier. Setup FastConnect to connect your on-premises network to your OCI VCN and use rsync tool to copy your data to OCI Object Storage Archive tier. Use the File Storage Service in OCI and copy the data from your existing tape based backup to the shared file system Setup an on-premises OCI Storage Gateway which will backup your data to OCI Object Storage standard. Setup an on-premises OCI Storage Gateway which will back up your data to OCI Object Storage Archive tier.

Setup an on-premises OCI Storage Gateway which will back up your data to OCI Object Storage Archive tier.

60. You are working as a cloud consultant for a major media company in the US and your client requested to consolidate all of their log streams, access logs, application logs, and security logs into a single system., The client wants to analyze all of their logs in real-time based on heuristics and the result should be validated as well. This validation process requires going back to data samples extracted from the last 8 hours. What approach should you take for this scenario? Create an auto-scaling pool of syslog-enabled servers using compute instances which will store the logs in Object Storage, then use map reduce jobs to extract logs from Object Storage, and apply heuristics on the logs. Create a bare-metal instance big enough to host a syslog enabled server to process the logs and store logs on the locally attached NVMe SSDs for rapid retrieval of logs when needed. Set up an OCI Audit service and ingest all the API trails from Audit service pragmatically to a client side application to apply heuristics and save the result in an OCI Object Storage. Stream all the logs and cloud events of Events serve to Oracle Streaming Service. Build a client process that will apply heuristics on the logs and store them in an Object Storage.

Stream all the logs and cloud events of Events serve to Oracle Streaming Service. Build a client process that will apply heuristics on the logs and store them in an Object Storage.

1. You are working as a cloud consultant for a major media company. In the US and your client requested to consolidate all of their log streams, access logs, application logs, and security logs into a single system. The client wants to analyze all of their logs In real-time based on heuristics and the result should be validated as well. This validation process requires going back to data samples extracted from the last 8 hours. What approach should you take for this scenario? Stream all the logs and cloud events of Events service to Oracle Streaming Service. Build a client process that will apply heuristics on the logs and store them in an Object Storage. Create an auto scaling pool of syslog-enabled servers using compute instances which will store the logs In Object storage, then use map reduce jobs to extract logs from Object storage, and apply heuristics on the logs. Create a bare-metal instance big enough to host a syslog enabled server to process the logs and store logs on the locally attached NVMe SSDs for rapid retrieval of logs when needed. Set up an OCI Audit service and ingest all the API arils from Audit service pragmatically to a client side application to apply heuristics and save the result in an OCI Object storage.

Stream all the logs and cloud events of Events service to Oracle Streaming Service. Build a client process that will apply heuristics on the logs and store them in an Object Storage.

You have deployed a multi-tier application with multiple compute instances in OCI. You want to back up these volumes and have decided to use Volume Group's feature. The Block Volume and Compute Instances exist in different compartments within your tenancy. Periodically, a few child compartments are moved under different parent compartments, and you notice that sometimes volume group backup fails. What could be the cause? You have the same block volume attached go multiple compute instances: If these compute instances are in different compartments then all concerned compartments must be moved at the same time. You are exceeding your volume group backup quota configured. The IAM policy allowing backup failed to move when the compartment was moved. Compute instance with multiple block volumes attached cannot move when a compartment is moved.

The IAM policy allowing backup failed to move when the compartment was moved.

21. You have configured backups for your Oracle Cloud Infrastructure (OCI) 2-node RAC DB systems on virtual machines. In the console, the database backup displays a Failed status. Which of the following options is the most likely reason for this backup issue? The master key stored in OCI Key Management for encryption and decryption of data in the database is not accessible to the backup service. The allocated storage on the OCI File Storage service file system attached with the database is full. The auth token being used by the Object Store Swift endpoint is incorrect. The RMAN backup agent is not compatible with the version of database being used.

The auth token being used by the Object Store Swift endpoint is incorrect.

1. An upcoming e-commerce company has deployed their online shopping application on OCI. The application was deployed on compute instances with auto-scaling configuration for application servers fronted by a load balancer and OCI ATP in the backend. In order to promote their e-commerce platform 50% discount was announced on all the products for a limited period. During the day 1 of promotional period it was observed that the application is running slow and company's hotline is flooded with complaints. What could be 2 possible reasons for this situation? The health check on some of the backend servers has failed and the load balancer was rebooting these servers. The auto-scaling has already scaled to the maximum number of instances specified in the configuration and there is no room for scaling As part of auto-scaling, the load balancer shape has dynamically changed to a larger shape to handle more incoming traffic and the system was slow for a short time during this change. The health check on some of the backend servers has failed and the load balancer has taken those servers temporarily out of rotation.

The auto-scaling has already scaled to the maximum number of instances specified in the configuration and there is no room for scaling The health check on some of the backend servers has failed and the load balancer has taken those servers temporarily out of rotation.

You want to move a compute instance that is in 'Compute' compartment to 'SysTes-Team'. You login to your OCI account and use the 'Move Resource' option. What will happen when you attempt moving the compute resource? The move will fail and you will be prompted to move the VCN first. Once VCN is moved to the target compartment, the Compute Instance can be moved. The move will be successful through Compute Instance and it's Public and Private IP address will stay the same. The Compute Instance VNIC will need to be moved separately. The Compute Instance will still be associated with the original VCN. The move will be successful through Compute Instance and its Public and Private IP address will stay the same. The Compute Instance will still be associated with the original VCN. The move will be successful through Compute instance Public and Private IP address changed, and it will be associated o the last VCN in the target compartment.

The move will be successful through Compute Instance and its Public and Private IP address will stay the same. The Compute Instance will still be associated with the original VCN.

An online registration system is currently hosted on one large OCI Bare Metal compute instance with attached block volume to store the users data. The registration system accepts the info from the user, including documents and photos then performs automated verification and processing to check if the user is eligible for registration. The registration system becomes unavailable at times when there is a surge of users using the system. The existing architecture needs improvement as it takes a long time for the system to complete the processing and the attached block volumes are not large enough to use data being uploaded by the users. What is the most effective option to achieve a highly scalable solution? Attach more block volumes as the data volume increases, use Oracle Notification Service (ONS) to distribute tasks to a pool of compute instances working in parallel, and auto-scaling to dynamically size the pool of instances depending on the number of notifications received from the Notification Service. Use Resource Manager stacks to replicate your architecture to another region. Change your architecture to use an OCI Object Storage standard tier bucket, replace the single bare metal instance with OSS to ingest the incoming requests and distribute the tasks to a group of compute instances with auto-scaling Upgrade your architecture to use a pool of bare metal servers and configure them to use their local SSDs for faster data access. Set up OSS to distribute tasks to the pool of bare metal instances with auto-scaling to dynamically increase or decrease the pool of compute instances depending on the length of streaming queue. Upgrade your architecture to use more block volumes as the data volume increases. Replace the single bare metal instance with a group of compute instances with auto-scaling to dynamically increase or decrease the compute instance pools depending on the traffic.

Upgrade your architecture to use more block volumes as the data volume increases. Replace the single bare metal instance with a group of compute instances with auto-scaling to dynamically increase or decrease the compute instance pools depending on the traffic.

9. You want to automate the processing of new image files to generate thumbnails. The expected rate is 10 new files every hour. Which of the following is the most cost effective option to meet this requirement in OCI? Upload files to an OCI Object Storage bucket. Every time a file is uploaded, an event is emitted. Write a rule to filter these events with an action to trigger a function in Oracle Functions. The function processes the image in the file and stores the thumbnails back in an Object Storage bucket. Upload files to an OCI Object Storage bucket. Every time a file is uploaded, trigger an event with an action to provision a compute instance with a cloud-init script to access the file, process it and store it back in an Object Storage bucket. Terminate the instance using Autoscaling policy after the processing is finished. Build a web application to ingest the files and save them to a NoSQL database. Configure OCI Events service to trigger a notification using Oracle Notification Service (ONS). ONS invokes a custom application to process the image files to generate thumbnails. Store thumbnails in a NoSQL database table. Upload all files to an Oracle Streaming Service (OSS) stream. Set up a cron job to invoke a function in Oracle Functions to fetch data from the stream. Invoke another function to process the image files and generate thumbnails. Store thumbnails in another OSS stream.

Upload files to an OCI Object Storage bucket. Every time a file is uploaded, an event is emitted. Write a rule to filter these events with an action to trigger a function in Oracle Functions. The function processes the image in the file and stores the thumbnails back in an Object Storage bucket.

1. Your organization is planning on using OCI File Storage Service. You will be deploying multiple compute instances on OCI and mounting the file system to these compute instances. The file system will hold payment data processed by a Database instance and utilized by compute instances to create an overall inventory report. You need to restrict access to this data for specific compute instances and must be allowed/blocked per compute instance's CIDR block. Which option can you use to secure access? Use stateless Security List rule to restrict access from known IP addresses only. Create and configure OCI Web Application Firewall service with built-in DNS based intelligent routing. Create a new VCN security list, choose SOURCE TYPE as service and SOURCE SERVICE as FSS. Add stateless ingress and egress rules for specific IP addresses and CIDR blocks. Use "Export option" feature of FSS to restrict access to the mounted file system.

Use "Export option" feature of FSS to restrict access to the mounted file system.

17. You have been asked to implement a bespoke financial application in Oracle Cloud Infrastructure using virtual machine instances controlled by Autoscaling across multiple Availability Domains. The application stores transaction logs, intermediate transaction data, and audit data and needs to store this on a persistent, durable data store accessible from all of the application servers. The application requires the file system to be mounted in the /audit folder on the Linux file system. The system needs to tolerate the failure of two or more Fault Domains and still maintain data integrity. The solution should be as low maintenance as possible. What storage architecture should you suggest? Use locally attached NVMe instances and configure RAID 0 replication between servers. Store the data on Oracle Object Storage mounted at the /audit mount point on all the Linux instances using the default mount options. Implement a single instance and install an NFS server, configure and create an NFS share, and mount this as /audit on the application instances. Use File Storage Service(FSS). Configure FSS to operate from all Availability Domains the application servers operate in and mount the file system in the /audit folder.

Use File Storage Service(FSS). Configure FSS to operate from all Availability Domains the application servers operate in and mount the file system in the /audit folder.

1. You are part of a project team working in the development environment created in OCI. You have realized that the CIDR block specified for one of the subnet in a VCN is not correct and want to delete the subnet. While deleting you are getting an error indicating that there are still resources that you must delete first. The error includes the OCID of the VNIC that is in the subnet. Which of the following action will you take to troubleshoot this issue? Use OCI CLI to delete the subnet using --force option Copy and paste OCID of the VNIC in the search box of the OCI console to find out the parent resource of the VNIC Use OCI CLI to delete the VNIC first and then delete the subnet Use OCI CLI to call "GetVnic" operation to find out the parent resource of the VNIC

Use OCI CLI to call "GetVnic" operation to find out the parent resource of the VNIC

18. You are part of a project team working in the development environment created in Oracle Cloud Infrastructure (OCI). You realize that the CIDR block specified for one of the subnets in a Virtual Cloud Network (VCN) is not correct and want to delete the subnet. While deleting you get an error indicating that there are still resources that you must delete first. The error includes the OCID of the VNIC that is in the subnet. Which of the following action you will take to troubleshoot this issue? Use OCI CLI to call "network vnic" and "compute vnic-attachment" operations to find out the parent resource of the VNIC. Use OCI CLI to delete the VNIC first and then delete the subnet. Use OCI CLI to delete the subnet using -force option. Copy and paste OCID of the VNIC in the search box of the OCI Console to find out the parent resource of the VNIC.

Use OCI CLI to call "network vnic" and "compute vnic-attachment" operations to find out the parent resource of the VNIC.

29. Your Oracle database is deployed on-premises and has produced 100TB database backup locally. You have a disaster recovery plan that requires you to create redundant database backups in OCI. Once the initial backup is completed, the backup must be available for retrieval in less than 30 minutes to support the RTO of your solution. Which is the most cost effective option to meet these requirements? Setup an IPsec VPNConnect between on-premises data center and OCI. Then to use OCI CLI command to upload database backups to OCI Object Storage Archive tier as the final destination. Use OCI Storage Gateway to transfer the backup files to OCI Object Storage Archive tier as the final destination. Use OCI Storage Gateway to transfer the backup files to OCI Object Storage Standard tier as the final destination. Setup a FastConnect connection between on-premises data center and OCI. Then to use OCI CLI command to upload database backups to OCI Object Storage Standard tier as the final destination.

Use OCI Storage Gateway to transfer the backup files to OCI Object Storage Standard tier as the final destination.

!!! You are working as a cloud engineer for an IoT startup company which is developing a health monitoring pet collar for dogs and cats. The company collects biometric Information of the pet every second and then sends it to Oracle Cloud Infrastructure (OCI)Your task is to come up with an architecture which will accept and process the monitoring data as well as provide complete trends and health reports to the pet owners. The portal should be highly available, durable, and scalable with an additional feature for showing real time biometric data analytics. Which architecture will help you meet this requirement? Create an OCI Object Storage bucket to collect the incoming biometric data from the smart pet collar Fetch the data horn OC\ Object storage to OCI Autonomous Data Warehouse (ADW) every day and run analytics Jobs with it Launch an open source Hadoop cluster to collect the Incoming biometrics data Use an Open source Fluentd cluster to analyze the- data me results to OCI Autonomous Transaction Processing (ADW)to handle complex analytics Use OCI Streaming Service to collect the incoming biometric data. Use Oracle Functions to process the date and show the results on a real-time dashboard and store the results lo OCI Object Storage Store the data In OCI Autonomous Data warehouse (ADW) to handle analytics. Use OCI Streaming Service to collect the incoming biometric data. Use an open source Hadoop cluster to analyze the data horn streaming service. Store the results to OCI Autonomous Data warehouse (ADW) to handle complex analytics.

Use OCI Streaming Service to collect the incoming biometric data. Use Oracle Functions to process the date and show the results on a real-time dashboard and store the results lo OCI Object Storage Store the data In OCI Autonomous Data warehouse (ADW) to handle analytics.

55. You are working as a cloud engineer for an IoT startup company which is developing a health monitoring pet collar for dogs and cats. The company collects biometric information of the pet every second and then sends it to OCI. Your task is to come up with an architecture which will accept and process the monitoring data as well as provide complete trends and health reports to the pet owners. The portal should be highly available, durable, and scalable with an additional feature for showing real-time biometric data analytics. Which architecture will help you meet this requirement? Use OCI Streaming Service to collect the incoming biometric data. Use Oracle Functions to process the date and show the results on a real-time dashboard and store the results in 10 OCI Object Storage buckets. Store the data in OCI ADW to handle analytics. Launch an open source Hadoop cluster to collect the incoming biometrics data. Use an open source Fluentd cluster to analyze the data. Store results to OCI ADW to handle complex analytics. Create an OCI Object Storage bucket to collect the incoming biometric data from the smart pet collar. Fetch the data from OCI Object Storage to OCI ADW every day and run analytics jobs with it Use OCI Streaming Service to collect the incoming biometric data. Use an open source Hadoop cluster to analyze the data from streaming service. Store the results in OCI ADW to handle complex analytics.

Use OCI Streaming Service to collect the incoming biometric data. Use an open source Hadoop cluster to analyze the data from streaming service. Store the results in OCI ADW to handle complex analytics.

A large financial company has a web application hosted in their on-premises data center. They are migrating their application to OCI and require no downtime while the migration is on-going. In order to achieve this, they have decided to divert only 30% and if the application works fine, they will divert all traffic to OCI. As a solution architect working with this customer, which suggestion should you provide them? Use OCI Traffic Management with failover steering policy and distribute the traffic between OCI and on-premises infrastructure. Use OCI Traffic Management with Load Balancing steering policy and distribute the traffic between OCI and on-premises infrastructure Use an OCI Load Balancer and distribute the traffic between OCI and on-premises infrastructure. Use VPN connectivity between on-premises infrastructure and OCI, and create routing tables to distribute the traffic between them.

Use OCI Traffic Management with Load Balancing steering policy and distribute the traffic between OCI and on-premises infrastructure

1. A global media organization is working on a project which lets users upload their videos on their site. After upload is complete, the video should be automatically processed by an AI algorithm. The algorithm will try to recognize actions in the video so that it can be used to show related advertisements in the future. The development team wants to focus on writing AI code and doesn't want to worry about underlying infrastructure for high-availability, scalability, security, and monitoring. Which OCI services should you recommend for this project? Use OCI Events service for triggering automatic processing of video, Oracle Container Engine for Kubernetes (OKE) and OCI Digital Assistant. Use Oracle Container Engine for Kubernetes (OKE) for deployment of AI code, OCI Notifications, and Object Storage Use OCI Resource Manager to manage the underlying infrastructure, OCI Functions, and OCI Events service. Use Object Storage for storing videos. OCI Evens service and OCI Functions.

Use Object Storage for storing videos. OCI Evens service and OCI Functions.

1. You are trying to delete a compartment. The delete operation is falling and you need to troubleshoot the problem. Which step should NOT be considered when troubleshooting this issue? Verify that you have removed all resources from the compartment. Make sure you have at least one more compartment in your tenancy other than the root compartment. Search for resources in the compartment for each region that your tenancy is subscribed to. Verify that there are no policies in the root compartment that reference the compartment you are trying to delete.

Verify that there are no policies in the root compartment that reference the compartment you are trying to delete.

1. A FinTech startup is developing a new blockchain based application to provide Smart Contracts using micro-services architecture. The development team is planning to deploy the application using containers and looking for a reliable way to build, deploy, and manage their cloud-native application. Additionally, they need an easy way to store, share, and manage their application artifacts. Which option should you recommend for this applicaiton? Use Oracle Container Engine for Kubernetes (OKE) to manage the deployment environment and OCI Functions for application artifacts. Install and manage a Kubernetes cluster on OCI compute instances and use OCI Resource Manager for management of application artifacts Use Oracle Container Engine for Kubernetes (OKE) to manage of cloud-native applications and OCI Registry for application artifacts. Use an OCI Resource Manager to manage cloud-native application and make the application artifacts available OCI Functions.

Use Oracle Container Engine for Kubernetes (OKE) to manage of cloud-native applications and OCI Registry for application artifacts.

1. A global retailer has decided to redesign its e-commerce platform to have a microservices architecture. They would like to decouple application architecture into smaller, independent services using Oracle cloud application instances. They have decided to use both containers and servers technologies to run these application instances. Which option should you recommend to build this new platform? Install a Kubernetes cluster on OCI and use OCI Event Service Use Oracle Container Engine for Kubernetes (OKE), OCI Registry, and OCI Functions Use OCI Resource Manager to automate compute instances provisioning and use OCI streaming service Use OCI Functions, OCI Object Storage, and OCI Event Service

Use Oracle Container Engine for Kubernetes (OKE), OCI Registry, and OCI Functions

42. You are responsible for migrating your on-premises legacy databases on 11.2.0.4 version to ATP-D in OCI. As a solution architect, you need to plan your migration approach. Which 3 options do you need to implement together to migrate your on-premises database to OCI? Retain all legacy structures and unsupported features (e.g. legacy LOBs) in the on-premises databases for migration. Use Oracle Data Guard to keep on-premises databases always active during migration. Use Oracle GoldenGate replication to keep on-premises database online during migration. Launch ATP-D in OCI Convert on-premises database to PDB, upgrade to 19c, and encrypt to Oracle shipped privileges, stored procedures, or views in the on-premises databases

Use Oracle GoldenGate replication to keep on-premises database online during migration. Launch ATP-D in OCI Convert on-premises database to PDB, upgrade to 19c, and encrypt to Oracle shipped privileges, stored procedures, or views in the on-premises databases

You are responsible for migrating your on-premises legacy databases on 11.2.0.4 version to ATP Dedicated in OCI. As a solution architect, you need to plan your migration approach. Which 2 options do you need to implement together to migrate your on-premises databases to OCI? Use Oracle Data Guard to keep on-premises database always active during migration Retain changes to Oracle shipped privileges, stored procedures or views in the on-premises databases Use Oracle GoldenGate replication to keep on-premises databases online during migration Convert on-premises databases to PDB, upgrade to 19c, and encrypt migration Retain all legacy structures and unsupported features (eg taw U>Bs) in the on-premises databases for migration

Use Oracle GoldenGate replication to keep on-premises databases online during migration Convert on-premises databases to PDB, upgrade to 19c, and encrypt migration

The Finance department of your company has reached out to you. They have customer sensitive data on compute instances in OCI which they want to store in OCI Storage for long-term retention and archival. To meet security requirements they want to ensure this data is NOT transferred over public internet, even if encrypted which they want to store in OCI Object Storage fit long term retention and archival. Which option meets these requirements? Configure a NAT instance and all traffic between compute in private subnet should use this NAT instance with private IPs as the route target. Use NAT gateway with appropriate route table when transferring data. Then use NAT gateways toggle (on/off) once data transfer is complete. Use Service Gateway with appropriate route table. Use Storage Gateway with appropriate firewall.

Use Service Gateway with appropriate route table.

26. You have to migrate your application to OCI. The database is constantly being updated and needs to be online without interruptions. How can you transition the database to OCI with interrupting its use? Use an on-premises database with two-way synchronization to a cloud-based database and allow clients to connect to either database. Use an on-premises database with one-way synchronization to a cloud-based database and allow clients to connect only to the cloud database. It is impossible to migrate without interruption. Use an on-premises database with one-way synchronization to a cloud-based database and allow clients to connect only to the on-premises database until it is synchronized.

Use an on-premises database with one-way synchronization to a cloud-based database and allow clients to connect only to the on-premises database until it is synchronized.

A company that has an urgent requirement to migrate 300 TB of data to OCI in 2 weeks. Their data center has been recently struck by a massive hurricane and the building has been badly damaged, although still operational. They have a 100 Mbps internet line but the connection is intermittent due to the damages caused to the electrical grid in this scenario, what is the most effective service to use to migrate the data to OCI given the time constraints? Setup an OCI Storage Gateway to connect your data center and your VCN. Once the connection has been established, upload all data to OCI using OCI Storage Gateway Cloud Sync Tool. Setup a hybrid network by launching a 1Gbps FastConnect virtual circuit between your data center and OCI. Use OCI Object Storage multi-part upload tool to automate the migration of your data to OCI. Use multiple OCI Data Transfer Appliances to transfer data to OCI. Upload the data to OCI using OCI Object Storage multi-part upload tool. Storage Gateway to connect your data center and your VCN. Once the connection has been established, upload all data to OCI.

Use multiple OCI Data Transfer Appliances to transfer data to OCI.

1. You are running a legacy applica3tion In a compute Instance on Oracle Cloud Infrastructure (OCI). To provide enough space for it to store internal data, a block volume is attached to the instance in paravirtualized mode. Your application is not resilient to crash-consistent backup. What should you do to securely backup the block volume? Before creating a backup, save your application data and detach the block volume. Use the block volume clone feature to save cost and speed up the backup process. Create a backup, detach the block volume and save your application data. Create a volume group, add the block volume and boot volume and then run the volume group backup.

Use the block volume clone feature to save cost and speed up the backup process.

1. Your security team has informed you that there are a number of malicious requests for your application coming from a set of IP addresses originating from a country in Europe. Which of the following methods can be used to mitigate these types of unauthorized requests? Delete Internet Gateway from VCN Deny rules in VCN Security Group for the specific set of IP addresses Deny rules in VCN Security Lists for the specific set of IP addresses Web Application Firewall policy using access control rules

Web Application Firewall policy using access control rules

38. An eCommerce company is running on OCI and many compute instances remain unused for the most part of the year except during Black Friday and Christmas. You suggest them to use OCI's Autoscaling feature and present them a slide to showcase the features of Autoscaling. Which option below is inaccurate in your presentation to the customer? Autoscaling relies on performance metrics such as CPU utilization that are collected by OCI Monitoring service to trigger an Autoscaling event. When an instance pool scales in, instances are terminated in this order: the number of instances is balanced across ADs, and then balanced across FDs. Finally, within a FD, the newest instance is terminated first. A cooldown period between Autoscaling events lets the system stabilize at the updated level. Autoscaling requires an instance pool as a pre-requisite so that it can automatically adjust the number of compute instances in an instance pool.

When an instance pool scales in, instances are terminated in this order: the number of instances is balanced across ADs, and then balanced across FDs. Finally, within a FD, the newest instance is terminated first.

Your company will soon start moving critical systems into OCI platform. These systems will reside in the us-phoenix-1 and us-ashburn-1 regions. As part of the migration planning, you are reviewing the company's existing security policies and written guidelines for the OCI platform usage within the company. Which 2 options ensure compliance with this policy? When you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option You do not need to perform any additional actions because the OCI Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption When you create a new compute instance through OCI console, you use the default shape to speed up the process to create this compute instance. When you create a new block volume through OCI console, select Encrypt using Key Management checkbox and use encryption keys generated and stored in OCI Key Management Service When you create a new compute instance through OCI console, you use the default options for "configure boot volume" to speed up the process to create this compute instance.

When you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option When you create a new block volume through OCI console, select Encrypt using Key Management checkbox and use encryption keys generated and stored in OCI Key Management Service

Question 9 of 11 You work for a large bank where security and compliance are critical. As part of the security overview meeting, your company decided to minimize the installation of local tools on your laptop. You have been running Ansible and kubectl to spin up Oracle Container Engine for Kubernetes (OKE) clusters and deployed your application.For authentication, you are using an Oracle Cloud Infrastructure (OCI) CLI config file that contains OCIDs, Fingerprint, and a locally stored PEM file. Your security team doesn't want you to store any local API key and certificate, or any other local tools. Which two actions should you perform to spin up the OKE cluster and interact with it? Develop your own code using OCI SDK to deploy the OKE cluster. Create a developer workstation on OCI. Install Ansible and kubectl on it. Use resource principal to authenticate against OCI API and create the OKE Cluster. Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Bring in your own config file and certificate to authenticate against OCI API. Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Use OCI_CLI_AUTH=instance_obo_user environment variable to authenticate using built-in token. Create a developer workstation on OCI. Install Ansible and kubectl on it. Use instance principal to authenticate against OCI API and create the OKE Cluster.

Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Use OCI_CLI_AUTH=instance_obo_user environment variable to authenticate using built-in token. Create a developer workstation on OCI. Install Ansible and kubectl on it. Use instance principal to authenticate against OCI API and create the OKE Cluster.

15.You are trying to troubleshoot the configuration of your Oracle Cloud Infrastructure (OCI) Load Balancing service. You have a backend HTTP service for which you have created a backend set in the load balancer. You have configured health checks for the backend set. Although the health checks appear good, customers sometimes experience transaction failures. Which of the following options will definitely lead to this problem? You are NOT using regional subnets in your Virtual Cloud Network. With Availability Domain (AD) specific subnet. the compute instances of the backend service running in the subnet have issues when the AD is down. You are using OCI Domain Name System. You have misconfigured the 'A' record with the wrong IP address leading to requests not getting routed correctly. You are running a TCP-level health check against your HTTP service. The TCP handshake can succeed and indicate that the service is up even when the HTTP service has issues. You are using iSCI for block volume attachment to the compute instances in your backed HTTP service. TCP/IP configuration of your block volume attachment is not configured correctly, leading to issues in your backend service.

You are running a TCP-level health check against your HTTP service. The TCP handshake can succeed and indicate that the service is up even when the HTTP service has issues.

25. A company is running High Performance Computing workloads on OCI and are using OCI Bare Metal compute shape. They have decided to create a custom image of the bare metal instance's boot disk and use it to launch other instances. Which of the following is NOT a true statement? You can create additional custom images of an instance while the instance is engaged in the image creation process. Before you create a custom image of an instance, you must disconnect all iSCSI attachments and remove all iscsid node configurations from the instance. Custom images do not include the data from any attached block volumes. Editing custom Windows images is not supported due to hardware differences between shapes.

You can create additional custom images of an instance while the instance is engaged in the image creation process.

1. You are a solution architect working with a startup that has decided to move their workload to OCI. Since their workload is small, upon architecting, you decide its sufficient to use 8 compute instances to run their workload. The company wants to use a common storage for their instances. You propose attaching block volume to multiple instances to provide a common storage. What is NOT true for such a solution? Once you attach a block volume to an instance as r-only it can only be attached to other instances as r-only. Block volumes attaches as r-only are configured as shareable by default. If the block volume is already attached to an instance as r/w non-shareable you can't attach it to another instance until you detach it from the first instance. You can delete a block volume from 1 instance without detaching it from all other instances there by keeping other instance's storage intact.

You can delete a block volume from 1 instance without detaching it from all other instances there by keeping other instance's storage intact.

Question 10 of 11 You are a solution architect working with a startup that has decided to move their workload to OCI. Since their workload is small, upon architecting, you decide its sufficient to use 8 compute instances to run their workload. The company wants to use a common storage for their instances. You propose attaching block volume to multiple instances to provide a common storage. What is NOT true for such a solution? If the block volume is already attached to an instance as r/w non-shareable you can't attach it to another instance until you detach it from the first instance. Block volumes attaches as r-only are configured as shareable by default. You can delete a block volume from 1 instance without detaching it from all other instances there by keeping other instance's storage intact. Once you attach a block volume to an instance as r-only it can only be attached to other instances as r-only.

You can delete a block volume from 1 instance without detaching it from all other instances there by keeping other instance's storage intact.

19. You are a solution architect working with a startup that has decided to move their workload to Oracle Cloud Infrastructure. Since their workload is small, upon architecting, you decide its sufficient to use 8 compute instances to run their workload. The company wants to use a common storage for their instances. So, you propose the idea of attaching a block volume to multiple instances to provide a common storage. Which of the below option is NOT true for such a solution? If the block volume is already attached to an instance as read/write non-shareable you can't attach it to another instance until you detach it from the first instance. Block volumes attached as read-only are configured as shareable by default. You can delete a block volume from one instance without detaching it from all other instances there by keeping other instance's storage intact. Once you attach a block volume to an instance as read-only, it can only be attached to other instances as read-only.

You can delete a block volume from one instance without detaching it from all other instances there by keeping other instance's storage intact.

36. Which of the below options for private access to services within OCI is NOT valid? You cannot use the private endpoint for hosts in the on-premises network You can enable private access to certain services within OCI from your VCN by using either a private endpoint or a service gateway. Traffic from an OCI compute instance going through a Service Gateway to Object Storage is routed without being sent over the internet The private endpoint gives hosts within your VCN access to a given service within OCI.

You cannot use the private endpoint for hosts in the on-premises network

You have deployed a web application targeting a global audience across multiple OCI regions. You decided to use Traffic Management Geo-Location based Steering Policy to serve web requests to users from the region closest to the user. Within each region, you have deployed a public load balancer with 4 servers in a backend set. During a DR test, you disable all web servers in one of the regions. However, Traffic Management does not automatically direct all users to the other region. Which 2 are possible causes? You did not correctly setup the Load Balancer HTTP health check policy associated with the backend set One of the 2 working web servers in the other region did not pass its HTTP health check You did not setup a route table associated with the Load Balancer's subnet You did not setup an HTTP Health Check associated with the Load Balancer public IP in the disabled region Rather than using Geo-Location based Steering Policy, you should use Failover Policy Type to serve traffic

You did not correctly setup the Load Balancer HTTP health check policy associated with the backend set You did not setup an HTTP Health Check associated with the Load Balancer public IP in the disabled region

13. You are working as a solution architect for a customer in Frankfurt, which uses multiple compute instance VMs spread among three Availability Domains in the Oracle Cloud Infrastructure (OCI) eufrankfurt-1 region. The compute instances do not have public IP addresses and are running in private subnets inside a Virtual Cloud Network (VCN). You have set up OCI Autoscaling feature for the compute instances, but find out that instances cannot be auto scaled. You have enabled monitoring on the instances. What could be wrong in this situation? You need to assign a reserved public IP address to the compute instances. Autoscaling only works for instances with public IP addresses. You need to set up a Service Gateway to send metrics to the OCI Monitoring service. Autoscaling only works with single availability domains.

You need to set up a Service Gateway to send metrics to the OCI Monitoring service.

A large financial services company has used 2 types of Oracle DB systems in OCI to store user data. One is running on a VM.Standard2.8 shape and the other on a VM.Standard2.4 shape. As business grows, data is growing rapidly on both the databases and performance is also degrading. The company wants to address this problem with a viable and economical solution. As the solution architect for that company you have suggested that they move their databases to ATP serverless database. What 2 factors should you consider before you arrived at that recommendation? You verified that ATP S supports the database features and options currently being used by the 2 databases Validate that ATP S will support the storage and processing requirements for the 2 databases over the lifecycle of the business applications. Confirm that ATP S allows customers to compress tablespaces to reduce storage costs Upon provisioning, ATP S automatically scales up to CPU to meet the application's processing requirements

You verified that ATP S supports the database features and options currently being used by the 2 databases Validate that ATP S will support the storage and processing requirements for the 2 databases over the lifecycle of the business applications.

1. You are creating an OCI Dynamic Group. To determine the members of this group you are defining a set of matching rules. Which of the following are the supported variables to define conditions in the matching rules? Choose 2. tag.<tagnamespace>.<tagkey>value - the tag namespace and tag key instance.tenancy.id - the OCID of the tenancy where the instance resides instance-compartmentid - the OCID of the compartment where the instance resides iam.policy.id - the OCID of the IAM policy to apply to the group

tag.<tagnamespace>.<tagkey>value - the tag namespace and tag key instance-compartmentid - the OCID of the compartment where the instance resides