OCI Professional Exam
23.You have deployed art application server irt a private Subnet irt your virtual cloud network (VCN). For the database, you have provisioned an Autonomous Transaction Processing (ATP) serverless instance. However, you are unable to connect to the database instance from your application server. Which two steps would you need to enable this connectivity? - Add an internet gateway to your VCN and add a route rule to your private subnet route table. CIDR: 0.0.0.0/0 Target: Internet Gateway - Add a remote peering connection from your VCN to the ATP VCN - Add a stateful egress rule to the security list associated with your private subnet. Destination CIDR: 0.0.0.0/0 Protocols: All Protocols - Create a NAT Gateway and add the following route rule to the route table of private subnet. CIDR: 0.0.0.0/0 Target: NAT Gateway
- Add a stateful egress rule to the security list associated with your private subnet. Destination CIDR: 0.0.0.0/0 Protocols: All Protocols - Create a NAT Gateway and add the following route rule to the route table of private subnet. CIDR: 0.0.0.0/0 Target: NAT Gateway
Which 3 scenarios are suitable for the OCI ATP serverless deployment? A developer working on an internal project needs to use a database during work hours but does not need it during nights or weekends the project budget requires her to keep costs low. A midsize company is considering migrating its legacy on-premises MongoDB database to OCI. The database has significantly higher workloads on weekends than weekdays. A small startup is deploying a new application for e-commerce and it requires the database to store customer's transactions the team b of what the load will look like since it is a new application A well-established, online auction marketplace is running an application where there is database usage 24x7 but also has peaks of activity that are hard to predict when they will happen. The total activities may reach 3x the normal activity level. A manufacturing company is running Oracle EBS application on-p
A developer working on an internal project needs to use a database during work hours but does not need it during nights or weekends the project budget requires her to keep costs low. A small startup is deploying a new application for e-commerce and it requires the database to store customer's transactions the team b of what the load will look like since it is a new application A well-established, online auction marketplace is running an application where there is database usage 24x7 but also has peaks of activity that are hard to predict when they will happen. The total activities may reach 3x the normal activity level.
As part of a migration exercise for an existing on-premises application to OCI, you are required to transfer a 7TB file to OCI Object Storage. You have decided to upload functionality of Object Storage. Which 2 statements are true? Active multipart upload can be checked by listing all parts that have been uploaded, however it is not possible to list information for individual object part in an active multipart upload. It is possible to split this file into multiple parts using the APIs provided by Object Storage. It is possible to split this file into multiple parts using rclone tool provided by Object Storage. After initiating a multipart upload by making a CreateMultiPartUpload REST API call, the upload remains active until you explicitly commit it or abort. Contiguous numbers used to be assigned for each part so that Object Storage constructs the object by ordering part numbers in ascending order
Active multipart upload can be checked by listing all parts that have been uploaded, however it is not possible to list information for individual object part in an active multipart upload. After initiating a multipart upload by making a CreateMultiPartUpload REST API call, the upload remains active until you explicitly commit it or abort.
1. You have an Oracle database system in a virtual cloud network (VCN) that needs to be accessible on port 1521 from your on-premises network CIDR 172.17.0.0/24.You have the following configuration currently.Virtual cloud network (VCD) is associated with a Dynamic Routing Gateway (DRG), and DRG has an active IPSec connection with your on-premises data center. Oracle database system is hosted in a private subnetThe private subnet route table has the following configuration The private subnet route table has following configuration. However, you are still unable to connect to the Oracle Database system. Which action will resolve this issue? - Add an EGRESS rule in private subnet security list as following.Source Port Range: AllDestination Port Range: 1521 - Add an EGRESS rule in network security group as following. - Add an EGRESS rule in private subnet security list as following.Source Port Range: 1521Destination Port
Add an EGRESS rule in private subnet security list as following. Source Port Range: 1521 Destination Port Range: All
You have designed and deployed your ADW such that it is accessible form your on-premises data center and servers running on both private and public networks in OCI. As you are testing the connectivity to your ADW database from the different access paths, you notice that the server on the private network is unable to connect to ADW. Which 2 steps do you need to take to enable connectivity from the server on the private network to ADW? Add an entry in the security list of the ADW allowing ingress traffic for CIDR block 10.2.2.0/24 Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/ 0 target type of NAT Gateway, add a stateful egress rule to the security list (associated with the private subnet) with destination of 0.0.0.0/0 and for all IP protocols Add an entry in the access table list of ADW for CIDR block 10.2.2.0/24 Add an entry in the route table (associated with th
Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/ 0 target type of NAT Gateway, add a stateful egress rule to the security list (associated with the private subnet) with destination of 0.0.0.0/0 and for all IP protocols Add an entry to the access control list of ADW for IP address 129.146.160.11
An OCI public load balancer's SSL certificate is expiring soon. You noticed the load balancer is configured with SSL termination only. When the certificate expires, data traffic can be interrupted and security compromised. What steps do you need to take to prevent this situation? Add the new SSL certificate to the load balancer, update backend servers to work with a new certificate and edit listeners so they can use the new certificate bundle. Add the new SSL certificate to the load balancer, update listeners and backend sets so they can use the new certificate bundle. Add the new SSL certificate to the load balancer and implement end to end SSL so it can encrypt the traffic from clients all the way to the backend servers. Add the new SSL certificate to the load balancer and update backend servers to use the new certificate bundle Add the new SSL certificate to the load balancer and update listener to use the ne
Add the new SSL certificate to the load balancer, update backend servers to work with a new certificate and edit listeners so they can use the new certificate bundle.
1. A cloud consultant is working on implementation project on OCI. As part of the compliance requirements, the objects placed in object storage should be automatically archived first and then deleted. He is testing a Lifecycle Policy on Object Storage and created a policy as below: [("name":"Archive doc", "action":"ARCHIVE", "objectNameFilter":{"inclusionPrefixes":"doc"] "timeAmount":5, "timeunit":"DAYS", "isEnabled":true}, ("name":"Delete_doc", "action":"DELETE", "objectNameFilter":"inclusionPrefixes": {"doc"] 1,"timeAmount":5, "timeunit":"DAYS","isEnabled":true) What will happen after this policy is applied? All the objects having file extension ".doc" will be archived 5 days after object creation All the objects with names starting with "doc" will be archived 5 days after object creation and will be deleted 5 days after archival All objects with names starting with "doc" will be deleted after 5 days of object c
All objects with names starting with "doc" will be deleted after 5 days of object creation
49. A retail company runs their online shopping platform entirely on OCI. This is a 3-tier web application that includes a Mbps load balancer. Virtual Machine instances for web and an Oracle DB systems VM due to unprecedented growth. They noticed an increase in the incoming traffic to their website and all users start getting 503 (Service Unavailable) errors. What is the potential problem in this scenario? The Load Balancer health check status indicates critical situation for half of the backend webservers All the web servers are too busy and not able to answer any request from users The database is down hence users cannot access the website The Traffic Management Policy is not set to load balancer the traffic to the web servers You did not configure a Service Gateway to allow connection between web servers and load balancer
All the web servers are too busy and not able to answer any request from users
A retail company runs their online shopping platform entirely on OCI. This is a 3-tier web application that includes a Mbps load balancer. Virtual Machine instances for web and an Oracle DB systems VM due to unprecedented growth. They noticed an increase in the incoming traffic to their website and all users start getting 503 (Service Unavailable) errors. What is the potential problem in this scenario? The Load Balancer health check status indicates critical situation for half of the backend webservers All the web servers are too busy and not able to answer any request from users The database is down hence users cannot access the website The Traffic Management Policy is not set to load balancer the traffic to the web servers You did not configure a Service Gateway to allow connection between web servers and load balancer
All the web servers are too busy and not able to answer any request from users
You work for a German company as the lead OCI architect. You have designed a high scalable architecture for your company's business critical application which uses the Load Balancer service, auto-scaling configuration for the application servers, and a 2 note VM Oracle RAC database. During the peak utilization period of the application, you noticed that the application is running slow and customers are complaining. This is resulting in support tickets being created for API timeouts and negative sentiment from the customer base. What are 2 possible reasons for this application slowness? Auto-scaling configuration for the application servers didn't happen due to IAM policy that's blocking access to the application server compartment The Load Balancer configuration is not sending traffic to the listener of the application servers Auto-scaling configuration for the application servers didn't happen due to compartment
Auto-scaling configuration for the application servers didn't happen due to compartment quota breach of the shapes used by the application servers Auto-scaling configuration for the application servers didn't happen due to service limit breach of the VM shapes used by the application servers
You are working as a solutions architect for an online retail store in Frankfurt which uses multiple compute instance VMs spread among 3 ADW in the eu-frankfurt-1 region. You noticed the website is having very high traffic, so you enabled auto-scaling to your application but you observed that one of the ADs is not receiving any traffic. What could be wrong in this situation? Auto-scaling only works with single ADs You have to manually add all 3 ADs to your load balancer configuration Auto-scaling can be enabled for multiple ADs only in UK London region Auto-scaling is using an Instance Pool configured to create instances in 2 ADs You forgot to attach a load balancer to your instance pool configuration
Auto-scaling is using an Instance Pool configured to create instances in 2 ADs
A hospital in Austin has hosted its web based medical records portal entirely in OCI using Compute Instances for its web-tier and DB system database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the security professional to check their systems it was found that there are a lot of unauthorized requests coming from a set of IP addresses originating from a country in Southeast Asia. Which option can mitigate this type of attack? Block the attacking IP address by creating a Network Security Group rule to deny access to the compute instance where the web server is running Block the attacking IP address by implementing a OCI Web Application Firewall policy using Access Control Rules Mitigate the attack by changing the route table to redirect the unauthorized traffic to a dummy compute instance Block the attacking IP address by creating a security list rule to den
Block the attacking IP address by implementing a OCI Web Application Firewall policy using Access Control Rules
1. You are working with a customer who needs to attach an Oracle Cloud Infrastructure (OCI) block volume to a VM instance with read/write access type. The customer wants to know if the number of IOPS and throughput performance differs between the following two choices: • Option A: attach a single 1 TB block volume to the VM instance • Option B: attach two separate 500 GB block volumes In a RAID 0 array configuration to the VM instance You can assume that the customer is using iSCSI attachment type to attach the volumes to the instance. In addition, you can assume 1 MB block size for throughput and 4 KB block size for IOPS consideration. How should you respond to the customer? Option A provides better IOPS, but lower throughput performance. Option B provides better IOPS and throughput performance. Both options provide the same number of IOPS and throughput performance. Option B provides higher level of throughput
Both options provide the same number of IOPS and throughput performance.
6. Which of the following is NOT a good use case for using the functionality available in the OCI Events service? Publish all events in a specific compartment to Oracle Streaming service for later analysis Capture Monitoring Alarms and invoke auto-scaling of compute instance Trigger a notification when a function completes its execution Publish a notification when long lived tasks complete, such as OCI Autonomous Database backup completion Trigger a Function using Oracle Functions when new files are uploaded in an OCI Object Storage bucket (no)
Capture Monitoring Alarms and invoke auto-scaling of compute instance
1. Which of the below options is best recommended to suggest to the customer? Change the shape of instance without reboot but stop all the applications running on instance beforehand to prevent data corruption Delete the running instance and spin up a new instance with the desired shape OCI doesn't allow such an operation Change the shape of the virtual machine instance using the Change Shape feature available in the console.
Change the shape of the virtual machine instance using the Change Shape feature available in the console.
14. A customer has a Virtual Machine instance running in their Oracle Cloud Infrastructure tenancy. They realized that they wrongly picked a smaller shape for their compute instance. They are reaching out to you to help them fix the issue. Which of the below options is best recommended to suggest to the customer? OCI doesn't allow such an operation. Change the shape of instance without reboot, but stop all the applications running on instance beforehand to prevent data corruption. Delete the running instance and spin up a new instance with the desired shape. Change the shape of the virtual machine instance using the Change Shape feature available in the console.
Change the shape of the virtual machine instance using the Change Shape feature available in the console.
57. All 3 Data Guard configurations are fully supported on OCI. You want to deploy maximum availability architecture (MAA) for database workload. Which option should you consider while designing your Data Guard configuration to ensure best RTO and RPO without causing any data loss? Configure "Maximum Protection" mode which provides zero data loss if the primary database fails. Configure "Maximum Performance" mode in SYNC mode between 2 ADs (same region) which provides the highest level of data protection that is possible without affecting the performance of the primary database. Configure "Maximum Scalability" mode which provides the highest level of scalability without compromising the availability of the primary database. Configure "Maximum Availability" mode in SYNC mode between 2 ADs (same region) and use the Maximum Availability mode in SYNC mode between 2 regions.
Configure "Maximum Availability" mode in SYNC mode between 2 ADs (same region) and use the Maximum Availability mode in SYNC mode between 2 regions.
You are designing the network infrastructure for 2 application servers: appserver-1 and appserver-2 running in 2 different subnets inside the same VCN in OCI. You have a requirement where your end users will access appserver-1 from the internet and appserver-2 from the on-premises network. The on-premises network is connected to your VCN over a FastConnect virtual circuit. How should you design your routing configuration to meet these requirements? Configure a single routing table (RouteTable-1) that has 2 sets of routes. One that has route to internet via the Internet Gateway and another that propagate specific routes for the on-premises network via the DRG. Associate the routing table with all the VCN subnets. Configure a single routing table (RoutingTable-1) that has 2 sets of rules: one that has route to internet via the Internet Gateway and another that propagates specific routes for the on-premises network via
Configure 2 routing tables: RouteTable-1 that has a route to internet via the Internet Gateway. Associate this route table to the subnet containing appserver-1. RouteTable-2 that propagates specific routes for the on-premises network via the DRG. Associate this route table to subnet containing appserver-2.
You have provisioned a new VM.Desel02.24 compute instance with local NVM3 drives. The compute instance is running production applications. This is a write heavy application, with a significant impact to the business if the application goes down. What should you do to help maintain write performance and protect against NVMe device failures? NVMe drive; have built-in capability to recover themselves so no other actions are required Configure RAID 6 for NVMe devices Configure RAID 1 for NVMe devices Configure RAID 10 for NVMe device
Configure RAID 10 for NVMe device
1. An organization has its IT infrastructure in a hybrid setup with an on-premises environment and an OCI VCN in the us-phoenix-1 region. The on-premises applications communications with compute instances inside the VPN over a hardware VPN connection. They are looking to implement an intrusion detection and prevention (IDS/IPS) system for their OCI environment. This platform should have the ability to scale to thousands of compute instances running inside the VCN. How should they architect their solution on OCI to achieve this goal? There is no need to implement an IPS/IDS system as traffic coming over IPSec VPN tunnels is already encrypted Set up an OCI Private Load Balancer and configure IDS/IPS related health checks at TCP and/or HTTP level to inspect traffic Configure auto-scaling on a compute instance pool and set VNIC to promiscuous mode to called traffic across the VCN and send it to IDS/IPS platform for in
Configure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS platform for inspection
An online stock trading application is deployed to multiple Ads in the us-phoenix-1 region. Considering the high volume of transactions that the trading application handles, the company has hired you to ensure that the data stored by the application available, and disaster resilient. In the event of failure, the recovery time objective (RTO) must be less than 2 hours to meet regulator requirements. Which DR strategy should be used to achieve the RTO requirement in the event of system failure? Configure hourly block volume backups through the Storage Gateway service Configure hourly block volume backups using the OCI CLI Store hourly block volume backups to NVMe device under a compute instance and generate a custom image every 5 minutes Configure your application to use synchronous master slave data replication between ADs.
Configure hourly block volume backups using the OCI CLI
12. An online gaming application is deployed to multiple Availability Domains in the Oracle Cloud Infrastructure (OCI) us-ashburn-1 region. Considering the high volume of traffic that the gaming application handles, the company has hired you to ensure that the data stored by the application is scalable, highly available, and disaster resilient. In the event of failure, the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) must be less than 2 hours. Which Disaster Recovery strategy should be used to achieve the RTO and RPO requirements in the event of a system failure? Configure hourly block volumes backups using the OCI Command Line Interface (CLI). Create a user defined backup policy with a schedule of generating daily backups for block volumes. Configure hourly block volumes backups through the OCI Storage Gateway service. Create a user defined backup policy with a schedule of generating hourly
Configure hourly block volumes backups using the OCI Command Line Interface (CLI).
You are building a highly available and fault tolerant web application deployment for your company. Similar application delayed by competitors experienced website attack including DDoS which resulted in web server failing. You have decided to use Oracle Web Application Firewall (WAF) to implement an architecture which will provide protection against such attacks and ensure additional configuration will you need to implement to make sure WAF is protecting my web application 24x7. Which additional configuration will you need to implement to make sure WAF is protecting my web application 24x7? Configure auto-scaling policy and it to WAF instance. Configure Control Rules to send traffic to multiple web servers. Configure multiple origin servers Configure new rules based on new vulnerabilities and mitigations
Configure multiple origin servers
!!! A digital marketing company is planning to host a website on Oracle Cloud Infrastructure (OCI) and leverage OCI Container Engine for Kubernetes (OKE). The web server will make API calls to access OCI Object Storage to store all images uploaded by users.For security purposes, your manager instructed you to ensure that the credentials used by the web server to allow access not stored locally on the compute instance. What solution results in an Implementation with the least effort for this scenario? Configure the credentials to use Transparent Data Encryption (TDE) which will automatically allow the web server to make API calls to OCl Object Storage. Configure the credentials using Instance Principal to allow the web server to make API calls to OCl Object Storage Configure the credentials using OCI Registry (OC1R) which will automatically connect with OKE allowing the web server to make API calls to OCI Object Stor
Configure the credentials to use Transparent Data Encryption (TDE) which will automatically allow the web server to make API calls to OCl Object Storage.
53. A digital marketing company is planning to host a website on OCI and leverage OCI OKE. The web server will make API calls to access OCI Object Storage to store all images uploaded by users. For security purpose, your manager instructed you to ensure that the credentials used by the web server to allow access not stored locally on the compute instance. What solution results in an implementation with the least effort for this scenario? Configure the credentials using instance principal to allow the web server to make API calls to OCI Object Storage Configure the credentials using OCI Registry (OCIR) which will automatically connect with OKE allowing the web server to make API calls to OCI Object Storage Configure the credentials to use Transparent Data Encryption (TDE) which will automatically allow the web server to make API calls to OCI Object Storage Configure the credentials using OCI Key Management to allo
Configure the credentials using instance principal to allow the web server to make API calls to OCI Object Storage
To serve web traffic for a popular product, your cloud engineer has provisioned 4 BM.Standard2.52 instances, evenly spread across 2 ADs in the us-ashburn-1 region. Load balancer is used to delivery the traffic across instances. After several months, the product grows even more popular and you need additional compute capacity. As a result, an engineer provisioned 2 additional VM.Standard2.8 instances. You register the 2 VM.Standard2.8 instances with your load balancer backend slot and quickly find that the VM.Standard2.8 instances running at 100% of CPU utilization but the BM.Standard2.52 instances have significant CPU capacity that is unused. Which option is the most cost effective and uses instances capacity most effectively? Configure Load Balancer with 2 VM.Standard2.8 instances and use auto-scaling instance pool to add up to 2 additional VM instances. Shut off BM.Standard2.52 instances. Route traffic to BM.Stan
Configure your load balancer with weighted round robin policy to distribute traffic to the compute instances, with more weight assigned to bare metal instances
1. You are working as a solution architect with a global automotive provider who is looking to create a multi-cloud solutionThey want to run their application tier in Microsoft Azure while utilizing the Oracle DB Systems In the Oracle Cloud Infrastructure (OCI). What is the most fault tolerant and secure solution for this customer? Create a VPN connection between the application tie, running in Azure Virtual Network and Oracle Databases running In OCI Virtual Cloud Network (VCN). Use OCI Virtual Cloud Network remote peering connection to create connectivity among application tier running in Microsoft Azure Virtual Network and Oracle Databases running in OCI Virtual Cloud Network(VCN). Create an Oracle database in OCI Virtual Cloud Network (VCN) and connect to the application tier running In Microsoft Azure over the Internet. Create a FastConnect virtual circuit and choose Microsoft Azure from the list of providers a
Create a FastConnect virtual circuit and choose Microsoft Azure from the list of providers available to setup Network connectivity between application tier running in Microsoft Azure Virtual Network and Oracle Databases running In OCI Virtual Cloud (VCN)
Multiple departments in your company use a shared OCI tenancy to implement their projects. You are in charge of managing the cost of OCI resources in the tenancy and need to obtain better insights into department usage. Which 3 options can you implement together to accomplish this? Create a budget that matches your commitment amount and an alert at 100% of the forecast Use the billing cost tracking report to analyze costs Set up consolidated budget tracking tags to analyze costs in granular manner Set up different compartments for each department then track and analyze cost per compartment Set up a tag default that automatically applies tags to all specified resources created in a compartment then use these tags for cost analysis
Create a budget that matches your commitment amount and an alert at 100% of the forecast Set up different compartments for each department then track and analyze cost per compartment Set up a tag default that automatically applies tags to all specified resources created in a compartment then use these tags for cost analysis
1. Your customer recently ordered for a 1-Gbps Fast Connect connection In ap-tokyo-1 region of Oracle Cloud Infrastructure (OCI). They will us this to one Virtual cloud Network (VCN) in their production (OC1) tenancy and VCN In their development OC1 tenancy. As a Solution Architect, how should yon configure and architect the connectivity between on premises and VCNs In OCI? Create two private virtual circuits on the FastConnect link. Create two Dynamic Routing Gateways, one for each VCNs. Attach the virtual circuits to the dynamic routing gateways. Create a single private virtual circuit over FastConnect and attach fastConnect to either of the VCN's Dynamic Routing Gateway. Use Remote Peering to peer production and development VCNs. Create a hub-VCN that uses Dynamic Routing Gateway (DRG) to communicate with on-premises network over FastConnect. Connect the hub-VCN to the production VCN spoke and with development VC
Create a hub-VCN that uses Dynamic Routing Gateway (DRG) to communicate with on-premises network over FastConnect. Connect the hub-VCN to the production VCN spoke and with development VCN spoke, each peered via their respective local Peering Gateway (LPG)
1. A civil engineering company is running an online portal in which engineers can upload their construction photos, videos, and other digital files. There is a new requirement for you to implement: the online portal must offload the digital content to an Object Storage bucket for a period of 72 hours. After the provided time limit has elapsed, the portal will hold all the digital content locally and wait for the next offload period. Which option fulfills this requirement? Create a pre-authenticated URL for the entire Object Storage bucket to read and list the content with an expiration of 72 hours. Create a pre-authenticated URL for each object that is uploaded to the Object Storage bucket with an expiration of 72 hours. Create a Dynamic Group with matching rule for the portal compute instance and grant access to the Object Storage bucket for 72 hours. Create a pre-authenticated URL for the entire Object Storage
Create a pre-authenticated URL for the entire Object Storage bucket to write content with an expiration of 72 hours.
1. An insurance company is storing critical financial data in the OCI block volume. This volume is currently encrypted using Oracle managed keys. Due to regulatory compliance, the customer wants to encrypt the data using the keys that they can control and not the keys which are controlled by Oracle. What of the following series of tasks are required to encrypt the block volume using customer managed keys? Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume Create a master encryption key, create a data encryption key, decrypt the block volume using existing Oracle managed keys, encrypt the block volume using the data encryption key Create a vault, import your master encryption key into the vault, generate data encryption key, assign data encryption key to the block volume Create a master encryption key, create a new version of the encryption key, decry
Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume
1. You have developed an alternative archival solution using OCI that will save the company a significant amount of money on a yearly basis. The solution involves storing data in an OCI Object Storage bucket. After reviewing your solution with the customer, the Global Compliance (GRC) team have highlighted the following security requirements: All data less than 1 year old must be accessible within 2 hours All data must be retained for at least 10 years and be accessible within 48 hours All data must be encrypted at rest No data may be transmitted across the public internet Which 2 options meet the requirements outlined by the customer GRC team? Provision a FastConnect link to the closest OCI region and configure a private peering virtual circuit. Create an OCI Object Storage Standard tier bucket. Configure a lifecycle policy to archive any object that is older than 365 days. Create a VPN connection between your on
Create an OCI Object Storage Standard tier bucket. Configure a lifecycle policy to archive any object that is older than 365 days. Provision a FastConnect link to the closest OCI region and configure a public peering virtual circuit
51. You have multiple IAM users who launch different types of compute instances and block volumes every day. As a result, your OCI tenancy quickly hit the service limit and you can no longer create any new instances. As you are cleaning up an environment, you notice that the majority of the instances and block volumes are untagged. Therefore, it is difficult to pinpoint the owner of these resources verify if they are safe to terminate. Because of this, your company has issued a new mandate, which requires adding compute instances. Which option is the simplest way to implement this new requirement? Create a policy to automatically tag a resource with the username Create a policy using IAM requiring users to tag specific resources. This will allow a user to launch compute instances now if certain tags were defined. Create tag variables to automatically tag a resource with the user name Create a default tag for each
Create tag variables to automatically tag a resource with the user name
8. You are building a demo for a customer that showcases OCI Events service and Oracle Functions. You plan to create an event every time an image is uploaded to an OCI Object Storage bucket. You have also created a function that is listening to the event and processes the image for face recognition. Choose 2 actions from below that are NOT required to run the demo successfully. You must specify an action type while creating an Event service and specify the function you want to trigger You must deploy the function that does facial recognition for the demo to work Creating an event rule is not permitted for OCI Object Storage The function must be deployed only to OKE You have to enable Object Storage buckets to emit events for state changes
Creating an event rule is not permitted for OCI Object Storage The function must be deployed only to OKE
16. You are building a demo for a customer that showcases OCI Events service and Oracle Functions. You plan to create an event every time an image is uploaded to an OCI Object Storage bucket. You have also created a function that is listening to the event and processes the image for face recognition. Choose the 2 actions from below that are NOT required to run the demo successfully. You have to enable Object Storage buckets to emit events for state changes. Creating an event rule is not permitted for OCI Object Storage. You must specify an action type while creating an Event service and specify the function you want to trigger. The function must be deployed only to OKE. You must deploy the function that does facial recognition for the demo to work.
Creating an event rule is not permitted for OCI Object Storage. The function must be deployed only to OKE.
1. Your customer has gone through a recent departmental re structure. As part of this change, they are organizing their Oracle Cloud Infrastructure (OCI) compartment structure to align with the company's new organizational structure.They have made the following change: Compartment X is moved, and its parent compartment is now compartment c. Policy defined in compartment A: Allow group networkadmins to manage subnets in compartment X Policy defined in root compartment: Allow group admins to read subnets in compartment Finance:A:X After the compartment move, which action will provide users of group networkadmins and admins with similar privileges as before the move? Define a policy in compartment HR as follows: Allow group network admins to manage subnets in compartment X. Define a policy in compartment C as follows Allow group admins to read subnets in compartment HR:C:X Define a policy in compartment C as follows: A
Define a policy in Compartment C as follows: Allow group network admins to manage subnets in compartment X.
59. An automobile company wants to deploy their CRM application for Oracle DB on OCI DB systems for one of their major clients. In compliance with the Business Continuity Program of the client, they need to provide a Recovery Point Objective (RPO) of 24 hours and a Recovery Time Objective (RTO) of 1 hour. The CRM application should be available in the event that an entire region is down. Which approach is the most suitable and cost effective configuration for this scenario? Deploy a 1 node VM Oracle DB in one region and replicate the database to a 1 node VM Oracle database in another region using a manual step and configuration of Oracle Data Guard. Deploy a 2 node VM Oracle RAC database in one region and replicate the database to a 2 node VM Oracle RAC database in another region using a manual setup and configuration of Oracle Data Guard. Deploy a 1 node VM Oracle database in one region. Manually configure a Reco
Deploy a 1 node VM Oracle DB in one region and replicate the database to a 1 node VM Oracle database in another region using a manual step and configuration of Oracle Data Guard.
20. An E-Commerce company wants to deploy their web application for Oracle Database on Oracle Cloud Infrastructure (OCIJ DB Systems. In compliance with the business continuity program of the business, they need to provide a Recovery Point Objective (RPO) of 1 hour and a Recovery Time Objective (RTO) of 5 minutes. The web application should be highly available within the region and meet the RTO and RPO requirements in case of a region outage. Which approach is the most suitable and cost effective configuration for this scenario? Deploy a 1 node VM Oracle database in one region and replicate the database to a 1 node VM Oracle database in another region using a manual setup and configuration of Oracle Data Guard. Deploy an Autonomous Transaction Processing (Serverless) database in one region and replicate it to an Autonomous Transaction Processing (Serverless) database in another region using Oracle GoldenGate. Depl
Deploy a 2 node Virtual Machine (VM) Oracle RAC database in one region and replicate the database to a 2 node VM Oracle RAC database in another region using a manual setup and configuration of Oracle Data Guard.
1. You developed a micro-services based application that runs on OKE. It has multiple endpoints that need to be exposed to the public internet. What is the most cost effective way to expose multiple application endpoints without adding complexit to the application? Deploy an ingress controller and use it to expose each endpoint with its own routing endpoint Use separate load balancer instances for each service, but use the 100 Mbps load balancer option Use NodePort service type in Kubernetes for each of your service endpoints and use node's public IP address to access the applications Use ClusterIP service type in Kubernetes for each of your service endpoints and use a load balancer to expose the endpoints.
Deploy an ingress controller and use it to expose each endpoint with its own routing endpoint
50. After performing maintenance on an Oracle Linux compute instance, the system is returned to a running state. You attempt to connect using SSH but are unable to do so. You decided to create an instance console connection to troubleshoot the issue. Which 3 tasks would enable you to connect to the console connection and begin troubleshooting? Use SSH to connect to the public IP address of the compute instance and provide the console connection OCID as the username Upload an API signing key for console connection authentication Edit the Linux boot menu to enable access to console Stop the compute instance using the OCI CLI Use SSH to connect to the service endpoint of the console connection service Reboot the compute instance using the OCI Management Console
Edit the Linux boot menu to enable access to console Use SSH to connect to the service endpoint of the console connection service Reboot the compute instance using the OCI Management Console
1. A new International hacktivfst group based in London, launched a wide scale cyber attacks Including SQL Injection and Cross-Site Scripting (XSS) across multiple websites which are hosted in Oracle Cloud Infrastructure (OCI). As an IT consultant, you must configure a Web Application Firewall (WAF) to protect these website against the attacks. How should you configure your WAF to protect the website against those attacks? Enable an Access Rule to block the IP Address range from London. Enable an Access Rule that contains XSS Filters Categories and SQL Filters Categories. Enable a Protection Rule to block requests that came from London. Enable a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL strings. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.
Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.
1. An OCI Architect is working on a solution consisting of analysis of data from clinical trials of a pharmaceutical company. The data is being stored in OCI ADW having 8 OCPUs and 70TB of storage. The architect is planning to setup auto-scaling to respond to dynamic changes in the workload. Which of the following needs to be considered while configuring auto-scaling? The maximum CPU cores that will be automatically allocated for this database is 16 OCPUs. The database memory SGA and PGA will not be affected by the changes in the number of OCPUs during auto-scaling Enabling auto-scaling does not change the concurrency and parallelism settings Auto-scaling also scales IO throughput along with OCPU
Enabling auto-scaling does not change the concurrency and parallelism settings Auto-scaling also scales IO throughput along with OCPU
A data analytics company has been building its new generation big data and analytics platform on OCI. They need a storage service that provides the scale and performance that their big data applications require such as high throughput to compute nodes with low latency file operations in addition, their data needs to be stored redundantly across multiple nodes in a single AD and allows concurrent connections from multiple compute instances hosted on multiple Ads. Which OCI storage service can you use to meet this requirement? Object Storage File System Storage Archive Storage Block Volume
File System Storage
7. You are tasked with backing up your data using OCI Block Volume service. When you are finalizing your block volume backup schedule, which of the following two are valid considerations for your backup plan? Choose 2. Frequency: How often you want to back up your data Governance: Tagging of backups so you can capture backup related API calls through the Audit service Number of Stored Backups: How many backups you need to keep available and the deletion schedule for those you no longer need Encryption: Whether you use your own key to encrypt your volume backups Location: Determine the Object Store Bucket where the backups are stored
Frequency: How often you want to back up your data Number of Stored Backups: How many backups you need to keep available and the deletion schedule for those you no longer need
1. What is the most cost effective way to expose multiple application endpoints without that needs to be exposed to the public internet? Cluster IP Load Balancer Ingress NodePort
Ingress NodePort
58. A cost conscious fashion design company which sells bags, clothes, and other luxury items has recently decided to move all their on-premises infrastructure to OCI. One of their on-premises applications is running on an NGINX server and the Oracle database is running in a 2 node Oracle RAC configuration. Based on cost considerations, what is an effective mechanism to migrate the customer application to OCI and set up regular automated backups? Launch a compute instance and run an NGINX server to host the application. Deploy a 2 node VM DB systems with Oracle RAC enabled, Import the on-premises database to OCI VM DB systems using data pump, and then enable automatic backup. Also, enable Oracle Data Guard on the database server. Launch a compute instance and run an NGINX server to host the application, deploy a 2 node VM DB systems with Oracle RAC enabled, import the on-premises database to OCI VM DB systems using
Launch a compute instance and run an NGINX server to host the application, deploy a 2 node VM DB systems with Oracle RAC enabled, import the on-premises database to OCI VM DB systems using Oracle Data Pump, and then enable automatic backups.
56. A large London based ecommerce company is running Oracle DB system Virtual RAC database on OCI for their ecommerce application activity. They are launching a new product soon, which is expected to sell in large quantities all over the world. The application architecture should have minimal cost, no data loss, no performance impacts during the database backup window and should have minimal downtime. Launch a new VM RAC database in another AD, launch a compute instance, deploy Oracle GoldenGate on it and then configure it to replace the data from the ecommerce database over to the new RAC database using GoldenGate. Take backups from the new VM RAC database. Turn off automated backups from the ecommerce database, implement Oracle Data Guard with the standby database deployed on another AD, take backups from the standby database. Launch a new VM RAC database in another availability domain, launch a compute instanc
Launch a new VM RAC database in another availability domain, launch a compute instance, deploy Oracle GoldenGate on it and then configure bi-directional replication from the ecommerce database over to the new VM RAC database using GoldenGate. Take backups from the new VM RAC database.
11. You have decided to migrate your application to Oracle Cloud Infrastructure and use Oracle Functions to deploy your microservices. Which monitoring metrics are available to help you calculate your total cost for using Oracle Functions per month? (Choose 2) Amount of RAM used by your functions. Length of time a function runs. Number of times a function is invoked. Amount of storage used by your functions. Network bandwidth used by your functions.
Length of time a function runs. Number of times a function is invoked.
1. An organization has its mission critical application consisting of multiple application servers and databases running inside Virtual Cloud Network (VCN) in uk-london-1 region. Their solution architect wants to further strengthen their architecture by planning for Disaster Recovery (DR) in eu-frankfurt- 1 region. Which two solutions should their architect keep in mind while designing for DR? Load balancer will automatically distribute traffic between both the regions. rsync utility can be used to asynchronously copy file systems or snapshot data to another region. A remote VCN peering connection is required to establish secure and reliable connectivity between different VCNs created in uk-london-1 and eu-frankfurt-1 region. It is not possible to use Active Data Guard to synchronize a database in uk-london-1 region to equivalent database in eu-frankfurt-1 region. The RTO is the acceptable timeframe of lost data tha
Load balancer will automatically distribute traffic between both the regions. A remote VCN peering connection is required to establish secure and reliable connectivity between different VCNs created in uk-london-1 and eu-frankfurt-1 region.
2. Which of the following is NOT a good use case for the OCI Streaming Service? Ingesting metric and log data to help make critical operational data more quickly available for indexing, analysis, and visualization Providing a unified entry point for cloud components to report their lifecycle events for audit, accounting, and related activities Messaging with a pull-based communication model and the ability to feed multiple consumers with the same data independently Meeting compliance requirements for data to remain unchanged over a long time, so that it can be retrieved for audit purposes
Meeting compliance requirements for data to remain unchanged over a long time, so that it can be retrieved for audit purposes
5. You have decided to migrate your application to OCI and use Oracle Functions to deploy your microservices. Which monitoring metrics are available to help you calculate your total cost for using Oracle Functions per month? Choose 2. Number of times a function is invoked Amount of storage used by your functions Length of time a function runs Network bandwidth used by your functions Amount of RAM used by your functions
Number of times a function is invoked Length of time a function runs
1. A customer is in a process of shifting their web based Sales application from their own data center located in US West to OCI India West (Mumbai) region. They want to do it in a controlled manner and initially only 1% of the traffic will be steered to the servers in OCI. After verification of everything is working as expected, the company is gradually planning to increase the ratio until they are comfortable with fully migrating all traffic to OCI. Which of the following solutions can be used in this situation? OCI DNS and Traffic Management with Geolocation Steering Policy OCI DNS and OCI Load Balancer service OCI DNS and Traffic Management with failover steering policy OCI DNS and Traffic Management with load balancer steering policy
OCI DNS and Traffic Management with load balancer steering policy
52. A global retailer is setting up the cloud architecture to be deployed in OCI which will have thousands of users from 2 major geographical regions: North America and Asia Pacific. The requirements of the services are: Service needs to be available 24x7 to avoid any business disruption North American customers should be served by application running in North American regions Asia Pacific customers should be served by applications running in Asia Pacific regions Must be resilient enough to handle the outage of an entire OCI region OCI DNS, Traffic Management with Failover steering policy OCI DNS, Traffic Management with Geo-location steering policy, health checks OCI DNS, Traffic Management with Geo-location steering policy OCI DNS, Traffic Management with Load Balancer steering policy, Health checks
OCI DNS, Traffic Management with Geo-location steering policy, health checks
10.A global media organization is working on a project which lets users upload their videos to the site. After upload is complete, the video should be automatically processed by an Al algorithm. The algorithm will try to recognize certain actions in the videos so that it can be used to show related advertisements in future. The development team wants to focus on writing Al code and not worry about underlying infrastructure for high availability, scalability, security and monitoring. Which Oracle Cloud Infrastructure (OCI) services would meet these requirements? OCI Object Storage, OCI Events service and OCI Functions. Oracle Container Engine for Kubernetes, OCI Notifications and OCI Object Storage. OCI Events, Oracle Container Engine for Kubernetes and OCI Digital Assistant. OCI Resource Manager, OCI Functions and OCI Events service
OCI Object Storage, OCI Events service and OCI Functions.
54. You are working with a social media company as a solution architect. The media company wants to collect and analyze large amounts of data being generated from their websites and social media feeds to gain insights and continuously improve the user experience. In order to meet this requirement, you have developed a micro services application hosted on OKE. The application will process the data and store the result to an ADW instance. Which OCI service can you use to collect and process a large volume of unstructured data in real time? OCI Events OCI Streaming OCI Resource Manager OCI Notifications
OCI Streaming
1. A retailer bank is currently hosting their mission critical customer application on-premises. The application has a standard 3 tier architecture - 4 application servers process the incoming traffic and store application data in an Oracle Exadata Database Server. The bank has recently had service disruption to other internal applications so they are looking to avoid this issue for their mission critical customer application. Which Oracle Cloud Infrastructure services should you recommend as part of the DR solution? OCI DNS service, Public Load Balancer, Oracle Database Cloud Backup Service, Object Storage Service, Oracle Bare Metal Cloud Service, Oracle Bare Metal Cloud Service with GoldenGate, OCI Container Engine for Kubernets, Oracle IPSec VPN OCI Traffic Management, Private Load Balancer, Compute Instances distributed across multiple ADs and/or Fault Domains, Exadata Cloud Service with Data Guard, Oracle Fast
OCI Traffic Management, Public Load Balancer, Compute Instances distributed across multiple ADs and/or Fault Domains, Exadata Cloud Service with Data Guard, Oracle FastConnect, Object Storage, Database Cloud Service Backup module
1. A manufacturing company is planning to migrate their on-premises database to OCI and has hired you for the migration. Customer has provided following information regarding their existing on-premises database: Database version, host OS and version, database character set, storage for data staging, acceptable length of system outage. What additional information do you need from customer in order to recommend a suitable migration method? Choose 2. On-premises host OS and version Elapsed time since database was last patched Number of active connections Data types used in the on-premises database Top 5 longest running queries
On-premises host OS and version Data types used in the on-premises database
48. Your team is conducting a root cause analysis (RCA) following a recent unplanned outage. One of the block volumes attached to your production WebLogic server was deleted and you have tasked with identifying the source of the action. You search the Audit logs and find several Delete actions that occurred the previous 24 hours. <image> Which item from the event log helps you identify the individual or service that initiated the DeleteVolume API call? requestAgent eventSource PrincipalID requestOrigin EventID
PrincipalID
Your team is conducting a root cause analysis (RCA) following a recent unplanned outage. One of the block volumes attached to your production WebLogic server was deleted and you have tasked with identifying the source of the action. You search the Audit logs and find several Delete actions that occurred the previous 24 hours. <image> Which item from the event log helps you identify the individual or service that initiated the DeleteVolume API call? requestAgent eventSource PrincipalID requestOrigin EventID
PrincipalID
!!! You are currently working for a public health care company based in the United Stats. Their existing patient records runs in an on-premises data center and the customer is sending tape backups offsite as part of their recovery planning. You have developed an alternative archival solution using Oracle Cloud Infrastructure (OCI) that will save the company a significant amount of mom on a yearly basis. The solution involves storing data in an OCI Object Storage bucket After reviewing your solution with the customer global Compliance (GRC) team they have highlighted the following security requirements: • All data less than 1-year-old must be accessible within 2 hours.• All data must be retained for at least 10 years and be accessible within 48 hours • AH data must be encrypted at rest• No data may be transmitted across the public Internet Which two options meet the requirements outlined by the customer GRC te
Provision a FastConnect link to the closest OCI region and configure a public peering virtual circuit Create an OCI Object Storage Standard tier bucket Configure a lifecycle policy to archive any object that Is older than 365 days
4. Which of the following is NOT a good use case for the volume backup feature of the OCI Block Volume service? Rapidly duplicate an environment in seconds to test configuration changes without impacting your production environment. Retain a copy of data in a volume, so that you can duplicate an environment later or preserver the data for future use. Support business continuity requirements of reducing the risk of outages or data mutation over time. Meet compliance and regulatory requirements for data to remain unchanged over time, so that it can be retrieved for audit purposes.
Rapidly duplicate an environment in seconds to test configuration changes without impacting your production environment.
You are working as a solution architect for an online retail store to create a portal to allow the users to pay for their groceries using credit cards. Since the application is not fully compliant with the Payment Cared Industry Data Security Standard (PCI DSS), your company is looking to use a third party payment service to process credit card payments. The third party service allows a maximum of Spelunk IP addresses 5 public IP addresses at a time. However your website is using OCI instance pool auto-scaling policy to create up to 15 instances during peak traffic demand, which are launched in VCN private subnets and attached to an OCI public load balancer. Upon user payment, the portal connects to the payment service over the internet to complete the transaction. What solution can you implement to make sure that all compute instances can connect to the third party system to process the payments for peak traffic dem
Route payment request from the compute instances through the OCI load balancer, which will then be routed to the third party service.
22. You have been asked to create a mobile application which will be used for submitting orders by users of a popular E-Commerce site. The application is built to work with Autonomous Transaction Processing - Serverless (ATP-S) database as the backend and HTML5 on Oracle Application Express as the front end. During the peak usage of the application you notice that the application response time is very slow. ATP-S database is deployed with 3 CPU cores and 1 TB of memory. Which two options are expensive or impractical ways to improve the application response times? Identify the maximum memory capacity needed for peak times and scale the memory for the ATPS database to that number. ATP-S will scale the memory down when not needed. Use the Machine Learning (ML) feature of the ATP-S database iteratively to tune the SQL queries used by the application. Scale up CPU core count and memory during peak times. Enable auto
Scale up CPU core count and memory during peak times. Identify the maximum CPU capacity needed for peak times and scale the CPU core count for the ATP-S database to that number. ATP-S will scale the CPU core count down when not needed.
1. You are tasked with migrating an online shopping website to OCI and decide to use a Load Balancer. You have configured the backend set with the round robin policy. During the testing phase, you noticed that users are losing items from their shopping carts when they navigate to different pages. How should you implement a solution to this problem? Set up a Traffic Management Steering Policy to redirect traffic to a different backend set that is deployed exclusively for the purpose of holding all items placed in the shopping cart. Configure a set of path rules that will route to different backend sets based on the URI requested by the customer's browser. Set up session persistence at the Load Balancer backend set. Replace the round robin policy with least connections policy at the backend set.
Set up session persistence at the Load Balancer backend set.
1. You are working as a security consultant with a global insurance organization which is using Microsoft Azure AD as their identity provider to manage user login/passwords. When a user logs in to OCI console, it should get authenticated by Azure AD. Which set of steps are required to configure at OCI side in order to get it enabled? Setup Azure AD as an identity provider, import users and groups from Azure AD to OCI, setup IAM polices to govern access to Azure AD groups Setup Azure AD as an Enterprise Application, map Azure AD users and groups and policies to OCI groups and users Setup Azure AD as an identity provider, map Azure AD groups to OCI groups, setup the IAM polices to govern access to Azure AD groups Setup Azure AD as an Enterprise Application, configure OCI for SSO, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups You are currently working for a public he
Setup Azure AD as an identity provider, map Azure AD groups to OCI groups, setup the IAM polices to govern access to Azure AD groups
A retail company has recently adopted a hybrid architecture. They have the following requirements for their end-to-end connectivity model between their on-premises data center and OCI region. Highly available connection with service level redundancy Dedicated network bandwidth with low latency Which connectivity setup is the most cost effective solution for this scenario? Setup IPsec VPN as your primary connection, and a FastConnect virtual circuit as a backup connection. Use separate edge devices in your on-premises data center for each connection from your edge devices, advertise more specific routes IPSec VPN, and specific routes through the backup FastConnect virtual circuit. Setup FastConnect virtual circuit as your primary connection, and a second FastConect virtual circuit as a backup connection. Use separate edge devices in your FastConnect physical connectivity is redundant. Use a single edge device in you
Setup FastConnect virtual circuit as your primary connection, and an IPSec VPN as a backup connection. Use separate edge devices in your on-premises data center for each connection. From your edge devices, advertise more specific routes through FastConnect virtual circuit, and more specific routes through the backup IPSec VPN path.
!!! A retail company has recently adopted a hybrid architecture. They have the following requirements for their end-to-end Connectivity model between their on-premises data center and Oracle Cloud Infrastructure (OC1) region* Highly available connection with service level redundancy* Dedicated network bandwidth with low latency Which connectivity setup is the most cost effective solution for this scenario? Setup IPSec VPN as your primary connection, and a second IPSec VPN as a backup connection. Use separate edge devices in your on p data center for each connection. From your edge devices, advertise more specific routes via primary IPSec VPN. and less specific rod the backup IPSec VPN. Setup FastConnect virtual circuit as your primary connection, and a second FastConnect virtual circuit as a backup connection. Use separate edge devices in your FastConnect physical connectivity is redundant Use a single edge device i
Setup IPSec VPN as your primary connection, and a second IPSec VPN as a backup connection. Use separate edge devices in your on p data center for each connection. From your edge devices, advertise more specific routes via primary IPSec VPN. and less specific rod the backup IPSec VPN.
You are a solutions architect for a global health care company which has numerous data centers around the globe. Due to the ever growing data that your company is storing, you were instructed to set up a durable, cost effective solution to archive your data from your existing on-premises tape based backup infrastructure to OCI. What is the most effective mechanism to implement this requirement? Setup an on-premises OCI Storage Gateway which will back up your data to OCI Object Storage standard tier. Use Object Storage lifecycle policy management to move any data older than 30 days from Standard to Archive tier. Setup FastConnect to connect your on-premises network to your OCI VCN and use rsync tool to copy your data to OCI Object Storage Archive tier. Use the File Storage Service in OCI and copy the data from your existing tape based backup to the shared file system Setup an on-premises OCI Storage Gateway which w
Setup an on-premises OCI Storage Gateway which will back up your data to OCI Object Storage Archive tier.
60. You are working as a cloud consultant for a major media company in the US and your client requested to consolidate all of their log streams, access logs, application logs, and security logs into a single system., The client wants to analyze all of their logs in real-time based on heuristics and the result should be validated as well. This validation process requires going back to data samples extracted from the last 8 hours. What approach should you take for this scenario? Create an auto-scaling pool of syslog-enabled servers using compute instances which will store the logs in Object Storage, then use map reduce jobs to extract logs from Object Storage, and apply heuristics on the logs. Create a bare-metal instance big enough to host a syslog enabled server to process the logs and store logs on the locally attached NVMe SSDs for rapid retrieval of logs when needed. Set up an OCI Audit service and ingest all t
Stream all the logs and cloud events of Events serve to Oracle Streaming Service. Build a client process that will apply heuristics on the logs and store them in an Object Storage.
1. You are working as a cloud consultant for a major media company. In the US and your client requested to consolidate all of their log streams, access logs, application logs, and security logs into a single system. The client wants to analyze all of their logs In real-time based on heuristics and the result should be validated as well. This validation process requires going back to data samples extracted from the last 8 hours. What approach should you take for this scenario? Stream all the logs and cloud events of Events service to Oracle Streaming Service. Build a client process that will apply heuristics on the logs and store them in an Object Storage. Create an auto scaling pool of syslog-enabled servers using compute instances which will store the logs In Object storage, then use map reduce jobs to extract logs from Object storage, and apply heuristics on the logs. Create a bare-metal instance big enough to hos
Stream all the logs and cloud events of Events service to Oracle Streaming Service. Build a client process that will apply heuristics on the logs and store them in an Object Storage.
You have deployed a multi-tier application with multiple compute instances in OCI. You want to back up these volumes and have decided to use Volume Group's feature. The Block Volume and Compute Instances exist in different compartments within your tenancy. Periodically, a few child compartments are moved under different parent compartments, and you notice that sometimes volume group backup fails. What could be the cause? You have the same block volume attached go multiple compute instances: If these compute instances are in different compartments then all concerned compartments must be moved at the same time. You are exceeding your volume group backup quota configured. The IAM policy allowing backup failed to move when the compartment was moved. Compute instance with multiple block volumes attached cannot move when a compartment is moved.
The IAM policy allowing backup failed to move when the compartment was moved.
21. You have configured backups for your Oracle Cloud Infrastructure (OCI) 2-node RAC DB systems on virtual machines. In the console, the database backup displays a Failed status. Which of the following options is the most likely reason for this backup issue? The master key stored in OCI Key Management for encryption and decryption of data in the database is not accessible to the backup service. The allocated storage on the OCI File Storage service file system attached with the database is full. The auth token being used by the Object Store Swift endpoint is incorrect. The RMAN backup agent is not compatible with the version of database being used.
The auth token being used by the Object Store Swift endpoint is incorrect.
1. An upcoming e-commerce company has deployed their online shopping application on OCI. The application was deployed on compute instances with auto-scaling configuration for application servers fronted by a load balancer and OCI ATP in the backend. In order to promote their e-commerce platform 50% discount was announced on all the products for a limited period. During the day 1 of promotional period it was observed that the application is running slow and company's hotline is flooded with complaints. What could be 2 possible reasons for this situation? The health check on some of the backend servers has failed and the load balancer was rebooting these servers. The auto-scaling has already scaled to the maximum number of instances specified in the configuration and there is no room for scaling As part of auto-scaling, the load balancer shape has dynamically changed to a larger shape to handle more incoming traffic
The auto-scaling has already scaled to the maximum number of instances specified in the configuration and there is no room for scaling The health check on some of the backend servers has failed and the load balancer has taken those servers temporarily out of rotation.
You want to move a compute instance that is in 'Compute' compartment to 'SysTes-Team'. You login to your OCI account and use the 'Move Resource' option. What will happen when you attempt moving the compute resource? The move will fail and you will be prompted to move the VCN first. Once VCN is moved to the target compartment, the Compute Instance can be moved. The move will be successful through Compute Instance and it's Public and Private IP address will stay the same. The Compute Instance VNIC will need to be moved separately. The Compute Instance will still be associated with the original VCN. The move will be successful through Compute Instance and its Public and Private IP address will stay the same. The Compute Instance will still be associated with the original VCN. The move will be successful through Compute instance Public and Private IP address changed, and it will be associated o the last VCN in the ta
The move will be successful through Compute Instance and its Public and Private IP address will stay the same. The Compute Instance will still be associated with the original VCN.
3. Which of the following options is true regarding OCI's load balancing service? When you create a private load balancer, the service requires 2 or more subnets to host both the primary and standby load balancers. The public load balancer applies a floating public IP address to the primary load balancer. You can dynamically change the load balancer shape to handle more incoming traffic. A public load balancer is Availability Domain specific in scope.
The public load balancer applies a floating public IP address to the primary load balancer.
An online registration system is currently hosted on one large OCI Bare Metal compute instance with attached block volume to store the users data. The registration system accepts the info from the user, including documents and photos then performs automated verification and processing to check if the user is eligible for registration. The registration system becomes unavailable at times when there is a surge of users using the system. The existing architecture needs improvement as it takes a long time for the system to complete the processing and the attached block volumes are not large enough to use data being uploaded by the users. What is the most effective option to achieve a highly scalable solution? Attach more block volumes as the data volume increases, use Oracle Notification Service (ONS) to distribute tasks to a pool of compute instances working in parallel, and auto-scaling to dynamically size the pool of
Upgrade your architecture to use more block volumes as the data volume increases. Replace the single bare metal instance with a group of compute instances with auto-scaling to dynamically increase or decrease the compute instance pools depending on the traffic.
9. You want to automate the processing of new image files to generate thumbnails. The expected rate is 10 new files every hour. Which of the following is the most cost effective option to meet this requirement in OCI? Upload files to an OCI Object Storage bucket. Every time a file is uploaded, an event is emitted. Write a rule to filter these events with an action to trigger a function in Oracle Functions. The function processes the image in the file and stores the thumbnails back in an Object Storage bucket. Upload files to an OCI Object Storage bucket. Every time a file is uploaded, trigger an event with an action to provision a compute instance with a cloud-init script to access the file, process it and store it back in an Object Storage bucket. Terminate the instance using Autoscaling policy after the processing is finished. Build a web application to ingest the files and save them to a NoSQL database. Configu
Upload files to an OCI Object Storage bucket. Every time a file is uploaded, an event is emitted. Write a rule to filter these events with an action to trigger a function in Oracle Functions. The function processes the image in the file and stores the thumbnails back in an Object Storage bucket.
1. Your organization is planning on using OCI File Storage Service. You will be deploying multiple compute instances on OCI and mounting the file system to these compute instances. The file system will hold payment data processed by a Database instance and utilized by compute instances to create an overall inventory report. You need to restrict access to this data for specific compute instances and must be allowed/blocked per compute instance's CIDR block. Which option can you use to secure access? Use stateless Security List rule to restrict access from known IP addresses only. Create and configure OCI Web Application Firewall service with built-in DNS based intelligent routing. Create a new VCN security list, choose SOURCE TYPE as service and SOURCE SERVICE as FSS. Add stateless ingress and egress rules for specific IP addresses and CIDR blocks. Use "Export option" feature of FSS to restrict access to the mount
Use "Export option" feature of FSS to restrict access to the mounted file system.
17. You have been asked to implement a bespoke financial application in Oracle Cloud Infrastructure using virtual machine instances controlled by Autoscaling across multiple Availability Domains. The application stores transaction logs, intermediate transaction data, and audit data and needs to store this on a persistent, durable data store accessible from all of the application servers. The application requires the file system to be mounted in the /audit folder on the Linux file system. The system needs to tolerate the failure of two or more Fault Domains and still maintain data integrity. The solution should be as low maintenance as possible. What storage architecture should you suggest? Use locally attached NVMe instances and configure RAID 0 replication between servers. Store the data on Oracle Object Storage mounted at the /audit mount point on all the Linux instances using the default mount options. Impleme
Use File Storage Service(FSS). Configure FSS to operate from all Availability Domains the application servers operate in and mount the file system in the /audit folder.
1. You are part of a project team working in the development environment created in OCI. You have realized that the CIDR block specified for one of the subnet in a VCN is not correct and want to delete the subnet. While deleting you are getting an error indicating that there are still resources that you must delete first. The error includes the OCID of the VNIC that is in the subnet. Which of the following action will you take to troubleshoot this issue? Use OCI CLI to delete the subnet using --force option Copy and paste OCID of the VNIC in the search box of the OCI console to find out the parent resource of the VNIC Use OCI CLI to delete the VNIC first and then delete the subnet Use OCI CLI to call "GetVnic" operation to find out the parent resource of the VNIC
Use OCI CLI to call "GetVnic" operation to find out the parent resource of the VNIC
18. You are part of a project team working in the development environment created in Oracle Cloud Infrastructure (OCI). You realize that the CIDR block specified for one of the subnets in a Virtual Cloud Network (VCN) is not correct and want to delete the subnet. While deleting you get an error indicating that there are still resources that you must delete first. The error includes the OCID of the VNIC that is in the subnet. Which of the following action you will take to troubleshoot this issue? Use OCI CLI to call "network vnic" and "compute vnic-attachment" operations to find out the parent resource of the VNIC. Use OCI CLI to delete the VNIC first and then delete the subnet. Use OCI CLI to delete the subnet using -force option. Copy and paste OCID of the VNIC in the search box of the OCI Console to find out the parent resource of the VNIC.
Use OCI CLI to call "network vnic" and "compute vnic-attachment" operations to find out the parent resource of the VNIC.
!!! You are working as a cloud engineer for an IoT startup company which is developing a health monitoring pet collar for dogs and cats. The company collects biometric Information of the pet every second and then sends it to Oracle Cloud Infrastructure (OCI)Your task is to come up with an architecture which will accept and process the monitoring data as well as provide complete trends and health reports to the pet owners. The portal should be highly available, durable, and scalable with an additional feature for showing real time biometric data analytics. Which architecture will help you meet this requirement? Create an OCI Object Storage bucket to collect the incoming biometric data from the smart pet collar Fetch the data horn OC\ Object storage to OCI Autonomous Data Warehouse (ADW) every day and run analytics Jobs with it Launch an open source Hadoop cluster to collect the Incoming biometrics data Use an Open so
Use OCI Streaming Service to collect the incoming biometric data. Use Oracle Functions to process the date and show the results on a real-time dashboard and store the results lo OCI Object Storage Store the data In OCI Autonomous Data warehouse (ADW) to handle analytics.
55. You are working as a cloud engineer for an IoT startup company which is developing a health monitoring pet collar for dogs and cats. The company collects biometric information of the pet every second and then sends it to OCI. Your task is to come up with an architecture which will accept and process the monitoring data as well as provide complete trends and health reports to the pet owners. The portal should be highly available, durable, and scalable with an additional feature for showing real-time biometric data analytics. Which architecture will help you meet this requirement? Use OCI Streaming Service to collect the incoming biometric data. Use Oracle Functions to process the date and show the results on a real-time dashboard and store the results in 10 OCI Object Storage buckets. Store the data in OCI ADW to handle analytics. Launch an open source Hadoop cluster to collect the incoming biometrics data. Use
Use OCI Streaming Service to collect the incoming biometric data. Use an open source Hadoop cluster to analyze the data from streaming service. Store the results in OCI ADW to handle complex analytics.
A large financial company has a web application hosted in their on-premises data center. They are migrating their application to OCI and require no downtime while the migration is on-going. In order to achieve this, they have decided to divert only 30% and if the application works fine, they will divert all traffic to OCI. As a solution architect working with this customer, which suggestion should you provide them? Use OCI Traffic Management with failover steering policy and distribute the traffic between OCI and on-premises infrastructure. Use OCI Traffic Management with Load Balancing steering policy and distribute the traffic between OCI and on-premises infrastructure Use an OCI Load Balancer and distribute the traffic between OCI and on-premises infrastructure. Use VPN connectivity between on-premises infrastructure and OCI, and create routing tables to distribute the traffic between them.
Use OCI Traffic Management with Load Balancing steering policy and distribute the traffic between OCI and on-premises infrastructure
1. A global media organization is working on a project which lets users upload their videos on their site. After upload is complete, the video should be automatically processed by an AI algorithm. The algorithm will try to recognize actions in the video so that it can be used to show related advertisements in the future. The development team wants to focus on writing AI code and doesn't want to worry about underlying infrastructure for high-availability, scalability, security, and monitoring. Which OCI services should you recommend for this project? Use OCI Events service for triggering automatic processing of video, Oracle Container Engine for Kubernetes (OKE) and OCI Digital Assistant. Use Oracle Container Engine for Kubernetes (OKE) for deployment of AI code, OCI Notifications, and Object Storage Use OCI Resource Manager to manage the underlying infrastructure, OCI Functions, and OCI Events service. Use Object
Use Object Storage for storing videos. OCI Evens service and OCI Functions.
1. A FinTech startup is developing a new blockchain based application to provide Smart Contracts using micro-services architecture. The development team is planning to deploy the application using containers and looking for a reliable way to build, deploy, and manage their cloud-native application. Additionally, they need an easy way to store, share, and manage their application artifacts. Which option should you recommend for this applicaiton? Use Oracle Container Engine for Kubernetes (OKE) to manage the deployment environment and OCI Functions for application artifacts. Install and manage a Kubernetes cluster on OCI compute instances and use OCI Resource Manager for management of application artifacts Use Oracle Container Engine for Kubernetes (OKE) to manage of cloud-native applications and OCI Registry for application artifacts. Use an OCI Resource Manager to manage cloud-native application and make the appl
Use Oracle Container Engine for Kubernetes (OKE) to manage of cloud-native applications and OCI Registry for application artifacts.
1. A global retailer has decided to redesign its e-commerce platform to have a microservices architecture. They would like to decouple application architecture into smaller, independent services using Oracle cloud application instances. They have decided to use both containers and servers technologies to run these application instances. Which option should you recommend to build this new platform? Install a Kubernetes cluster on OCI and use OCI Event Service Use Oracle Container Engine for Kubernetes (OKE), OCI Registry, and OCI Functions Use OCI Resource Manager to automate compute instances provisioning and use OCI streaming service Use OCI Functions, OCI Object Storage, and OCI Event Service
Use Oracle Container Engine for Kubernetes (OKE), OCI Registry, and OCI Functions
You are responsible for migrating your on-premises legacy databases on 11.2.0.4 version to ATP Dedicated in OCI. As a solution architect, you need to plan your migration approach. Which 2 options do you need to implement together to migrate your on-premises databases to OCI? Use Oracle Data Guard to keep on-premises database always active during migration Retain changes to Oracle shipped privileges, stored procedures or views in the on-premises databases Use Oracle GoldenGate replication to keep on-premises databases online during migration Convert on-premises databases to PDB, upgrade to 19c, and encrypt migration Retain all legacy structures and unsupported features (eg taw U>Bs) in the on-premises databases for migration
Use Oracle GoldenGate replication to keep on-premises databases online during migration Convert on-premises databases to PDB, upgrade to 19c, and encrypt migration
The Finance department of your company has reached out to you. They have customer sensitive data on compute instances in OCI which they want to store in OCI Storage for long-term retention and archival. To meet security requirements they want to ensure this data is NOT transferred over public internet, even if encrypted which they want to store in OCI Object Storage fit long term retention and archival. Which option meets these requirements? Configure a NAT instance and all traffic between compute in private subnet should use this NAT instance with private IPs as the route target. Use NAT gateway with appropriate route table when transferring data. Then use NAT gateways toggle (on/off) once data transfer is complete. Use Service Gateway with appropriate route table. Use Storage Gateway with appropriate firewall.
Use Service Gateway with appropriate route table.
A company that has an urgent requirement to migrate 300 TB of data to OCI in 2 weeks. Their data center has been recently struck by a massive hurricane and the building has been badly damaged, although still operational. They have a 100 Mbps internet line but the connection is intermittent due to the damages caused to the electrical grid in this scenario, what is the most effective service to use to migrate the data to OCI given the time constraints? Setup an OCI Storage Gateway to connect your data center and your VCN. Once the connection has been established, upload all data to OCI using OCI Storage Gateway Cloud Sync Tool. Setup a hybrid network by launching a 1Gbps FastConnect virtual circuit between your data center and OCI. Use OCI Object Storage multi-part upload tool to automate the migration of your data to OCI. Use multiple OCI Data Transfer Appliances to transfer data to OCI. Upload the data to OCI usi
Use multiple OCI Data Transfer Appliances to transfer data to OCI.
1. You are running a legacy applica3tion In a compute Instance on Oracle Cloud Infrastructure (OCI). To provide enough space for it to store internal data, a block volume is attached to the instance in paravirtualized mode. Your application is not resilient to crash-consistent backup. What should you do to securely backup the block volume? Before creating a backup, save your application data and detach the block volume. Use the block volume clone feature to save cost and speed up the backup process. Create a backup, detach the block volume and save your application data. Create a volume group, add the block volume and boot volume and then run the volume group backup.
Use the block volume clone feature to save cost and speed up the backup process.
1. You are trying to delete a compartment. The delete operation is falling and you need to troubleshoot the problem. Which step should NOT be considered when troubleshooting this issue? Verify that you have removed all resources from the compartment. Make sure you have at least one more compartment in your tenancy other than the root compartment. Search for resources in the compartment for each region that your tenancy is subscribed to. Verify that there are no policies in the root compartment that reference the compartment you are trying to delete.
Verify that there are no policies in the root compartment that reference the compartment you are trying to delete.
1. Your security team has informed you that there are a number of malicious requests for your application coming from a set of IP addresses originating from a country in Europe. Which of the following methods can be used to mitigate these types of unauthorized requests? Delete Internet Gateway from VCN Deny rules in VCN Security Group for the specific set of IP addresses Deny rules in VCN Security Lists for the specific set of IP addresses Web Application Firewall policy using access control rules
Web Application Firewall policy using access control rules
Your company will soon start moving critical systems into OCI platform. These systems will reside in the us-phoenix-1 and us-ashburn-1 regions. As part of the migration planning, you are reviewing the company's existing security policies and written guidelines for the OCI platform usage within the company. Which 2 options ensure compliance with this policy? When you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option You do not need to perform any additional actions because the OCI Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption When you create a new compute instance through OCI console, you use the default shape to speed up the process to create this compute instance. When you create a new block volume through OC
When you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option When you create a new block volume through OCI console, select Encrypt using Key Management checkbox and use encryption keys generated and stored in OCI Key Management Service
15.You are trying to troubleshoot the configuration of your Oracle Cloud Infrastructure (OCI) Load Balancing service. You have a backend HTTP service for which you have created a backend set in the load balancer. You have configured health checks for the backend set. Although the health checks appear good, customers sometimes experience transaction failures. Which of the following options will definitely lead to this problem? You are NOT using regional subnets in your Virtual Cloud Network. With Availability Domain (AD) specific subnet. the compute instances of the backend service running in the subnet have issues when the AD is down. You are using OCI Domain Name System. You have misconfigured the 'A' record with the wrong IP address leading to requests not getting routed correctly. You are running a TCP-level health check against your HTTP service. The TCP handshake can succeed and indicate that the service is
You are running a TCP-level health check against your HTTP service. The TCP handshake can succeed and indicate that the service is up even when the HTTP service has issues.
19. You are a solution architect working with a startup that has decided to move their workload to Oracle Cloud Infrastructure. Since their workload is small, upon architecting, you decide its sufficient to use 8 compute instances to run their workload. The company wants to use a common storage for their instances. So, you propose the idea of attaching a block volume to multiple instances to provide a common storage. Which of the below option is NOT true for such a solution? If the block volume is already attached to an instance as read/write non-shareable you can't attach it to another instance until you detach it from the first instance. Block volumes attached as read-only are configured as shareable by default. You can delete a block volume from one instance without detaching it from all other instances there by keeping other instance's storage intact. Once you attach a block volume to an instance as read-onl
You can delete a block volume from one instance without detaching it from all other instances there by keeping other instance's storage intact.
You have deployed a web application targeting a global audience across multiple OCI regions. You decided to use Traffic Management Geo-Location based Steering Policy to serve web requests to users from the region closest to the user. Within each region, you have deployed a public load balancer with 4 servers in a backend set. During a DR test, you disable all web servers in one of the regions. However, Traffic Management does not automatically direct all users to the other region. Which 2 are possible causes? You did not correctly setup the Load Balancer HTTP health check policy associated with the backend set One of the 2 working web servers in the other region did not pass its HTTP health check You did not setup a route table associated with the Load Balancer's subnet You did not setup an HTTP Health Check associated with the Load Balancer public IP in the disabled region Rather than using Geo-Location based St
You did not correctly setup the Load Balancer HTTP health check policy associated with the backend set You did not setup an HTTP Health Check associated with the Load Balancer public IP in the disabled region
13. You are working as a solution architect for a customer in Frankfurt, which uses multiple compute instance VMs spread among three Availability Domains in the Oracle Cloud Infrastructure (OCI) eufrankfurt-1 region. The compute instances do not have public IP addresses and are running in private subnets inside a Virtual Cloud Network (VCN). You have set up OCI Autoscaling feature for the compute instances, but find out that instances cannot be auto scaled. You have enabled monitoring on the instances. What could be wrong in this situation? You need to assign a reserved public IP address to the compute instances. Autoscaling only works for instances with public IP addresses. You need to set up a Service Gateway to send metrics to the OCI Monitoring service. Autoscaling only works with single availability domains.
You need to set up a Service Gateway to send metrics to the OCI Monitoring service.
A large financial services company has used 2 types of Oracle DB systems in OCI to store user data. One is running on a VM.Standard2.8 shape and the other on a VM.Standard2.4 shape. As business grows, data is growing rapidly on both the databases and performance is also degrading. The company wants to address this problem with a viable and economical solution. As the solution architect for that company you have suggested that they move their databases to ATP serverless database. What 2 factors should you consider before you arrived at that recommendation? You verified that ATP S supports the database features and options currently being used by the 2 databases Validate that ATP S will support the storage and processing requirements for the 2 databases over the lifecycle of the business applications. Confirm that ATP S allows customers to compress tablespaces to reduce storage costs Upon provisioning, ATP S automa
You verified that ATP S supports the database features and options currently being used by the 2 databases Validate that ATP S will support the storage and processing requirements for the 2 databases over the lifecycle of the business applications.
1. You are creating an OCI Dynamic Group. To determine the members of this group you are defining a set of matching rules. Which of the following are the supported variables to define conditions in the matching rules? Choose 2. tag.<tagnamespace>.<tagkey>value - the tag namespace and tag key instance.tenancy.id - the OCID of the tenancy where the instance resides instance-compartmentid - the OCID of the compartment where the instance resides iam.policy.id - the OCID of the IAM policy to apply to the group
tag.<tagnamespace>.<tagkey>value - the tag namespace and tag key instance-compartmentid - the OCID of the compartment where the instance resides
