Oracle Architect Associate

Choose the prerequisites that must be met before an OCI compute instance can be directly accessed from the Internet. A. It must be created in a public subnet B. It must be created in a private subnet C. The subnet's route table and security list must have appropriate configurations D. The subnet must be located in a VCN with an Internet gateway

A, C, and D

Choose the OCI CIDR range with the largest contiguous IP address space? A. 192.168.0.0/16 B. 10.1.0.1/30 C. 192.168.0.2/255 D. 10.1.0.1/24

A. 192.168.0.0/16

A service gateway allows instances to access OCI services. Choose two statements that are true about a service gateway. A. A service gateway is a regional resource B. A service gateway allows instances to access object storage over the Internet C. A service gateway allows instances to access object storage without traversing the Internet D. A service gateway needs either a NAT or Internet gateway to function

A. A service gateway is a regional resource C. A service gateway allows instances to access object storage without traversing the Internet

Which Oracle Cloud Infrastructure Compute shape does NOT incur instance billing in a STOPPED state? A. Standard B. Dense I/O C. GPI-J D. HPC E. Dedicated virtual host

Answer: A

You have recently provisioned an Autonomous Transaction Processing database to use as the back end for a new e-commerce application. Initial performance tests show slower-than- expected query performance and CPU utilization is consistently above 80%. What steps would you take to improve the performance? A. Log into the OCI Management console, navigate to the Autonomous Transaction Processing page, and use the menu there to increase the CPU core count. B. Log into the OCI Management console, navigate to the Autonomous Transaction Processing page, and use the menu there to increase the amount of RAM allocated to the database. C. Navigate to the Service Console of your Autonomous Transaction Processing instance and use the menu there to increase CPU core count D. Navigate to the Service Console of your Autonomous Transaction Processing instance and use the menu there to increase the number parallel queries that can be executed simultaneously

Answer: A

One of your developers just raised a ticket indicating they are unable to deploy an application within the Functions service. They confirm the following: The first action completed was docker login -u 'tenancy-namespace/user-name' phx.ocir.io. This command completed successfully. Next, they ran fn -v deploy --appl helloworld-app which resulted in an error. You check their permissions and find the following IAM policy associated with their user/group: Allow group DevTeam to manage all-resources in compartment Development. How would you resolve this issue? A. Create a new IAM policy: allow group DevTeam to manage functions-family in tenancy B. Create a new IAM policy: allow group DevTeam to manage repos in tenancy C. Create a new IAM user that will be shared by the development team. Add that user to a new group and assign permissions that allow the group to USE all-resources in tenancy D. Create a new IAM policy: allow any-user to inspect repos in tenancy

Answer: B

Which of the following is the customer responsibility on the Oracle Cloud Infrastructure Database system? A. Installing the operating system, grid infrastructure, and database software B. Choosing when to apply patches to the Database and Operating System C. Creating the first, default database on the system D. Creating ASM disk groups for the datafile and tempfile storage

Answer: B

Which of the following statements is true regarding Oracle Cloud Infrastructure Object Storage Pre-Authenticated Requests? A. It is not possible to create pre-authenticated requests for "archive" storage tier B. Changing the bucket visibility does not change existing pre-authenticated requests C. It is not possible to create pre-authenticated requests for the buckets, but only for the objects D. Pre-authenticated requests don't have an expiration

Answer: B

Which statement is true about the Oracle Cloud Infrastructure File Storage Service Snapshots? A. It is not possible to create snapshots from OCI console, but just the CLI B. Snapshots are created under the root folder of file system, in a hidden directory named .snapshot C. Snapshots are not incremental D. You can restore the whole snapshot, but not individual files

Answer: B

You are asked to configure a VPN connection to connect your on-prem network to OCI VCN. Assuming you already created a VCN, what steps do you need to take on OCI in order to create an IPSec tunnel? A. Create an Internet Gateway (IGW), attach IGW to VCN, update the routing in your route table to use DRG, create a Customer Premise Equipment (CPE) and then configure IGW to open IPSec connection to CPE object B. Create a Dynamic Routing Gateway (DRG), attach DRG to VCN, update the routing in your route table to use DRG, create a Customer Premise Equipment (CPE) and then configure DRG to open IPSec connection to CPE object C. Create an Internet Gateway, Configure Customer Premise Equipment (CPE) and then configure IGW to open IPSec connection D. Create a Dynamic Routing Gateway, Configure Customer Premise Equipment (CPE) and then configure DRG to open IPSec connection

Answer: B

You have two NFS clients running in two different subnets within the same Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN). You have created a shared file system for the two NFS clients who want to connect to the same file system, but you want to restrict one of the clients to have READ access while the other has READ/Write access. Which OCI feature would you leverage to meet this requirement? A. Use VCN security rules to control access for clients B. Use File Storage NFS Export Options to control access for the NFS clients C. Use OCI Identity Access Management to control access for the NFS clients D. Use NFS security to control access for the NFS clients

Answer: B

You need to set up the connection between your on-premises client and Autonomous Data Warehouse (ADW) instance. You also need to ensure that there is no unauthorized access to your ADW instance and that communications between the client and the database are fully encrypted. Which option would satisfy all of these requirements? A. Migrate the client to an instance running on Oracle Cloud Infrastructure and use the NAT Gateway to reach ADW. B. Download the wallet from the console and use it to set up your client. C. Create an IPSec Connection to setup a VPN that will encrypt the communication between your on-premises location and ADW. D. Provision the ADW instance into a private subnet.

Answer: B A - NAT gateway uses public internet, would need to use service gateway C - doesn't address unauthorized access D - doesn't address the communication requirement

You deployed a web server in Oracle Cloud Infrastructure using an Ephemeral Public IP address. While making configuration changes, an admin inadvertently deleted your web server. You redeploy your web server, but many of your LOB apps depend on this web server's public IP address and would need an update. What can you do to prevent this from happening again? A. Create a reserved public IP and associate it with the subnet of your compute instance B. Create a reserved public IP and associate it with the virtual NIC of your compute instance C. Create a reserved public IP and associate it with the hosts file of your web server D. Create a reserved public IP and associate it with the security list for the subnet being used by your compute instance

Answer: B A - subnet has lots of potentially compute instances B - VNIC - assign it to the network interface of the instance - yes C - doesn't solve the problem, no one will know D - no. security list has nothing to do with reserved ips

Your application consists of multiple compute instances, each running a boot volume and several block volumes. Your manager asked you to create backups of these block volumes in the most time-efficient and time-consistent manner. How can you meet his request? A. Use scripts to automate the backup of boot and block volumes B. Group together multiple boot and block volumes in a volume group and create volume group backups C. Create clones of block and boot volumes one at a time D. Create on-demand, on-off backups of booth boot and block volumes

Answer: B C - will take too long D - on-demand doesn't mean automated

Which is the most efficient mechanism to add an OCI Load Balancer to an application deployed to Oracle Container Engine for Kubernetes (OKE)? A. Log into the OCI console. Create a new load balancer with a single backend set. Add each OKE instance to the backend set. Configure each backend to use the port that is used by the pod running your application. B. Run the following command: kubect1 expose deployment my-oke-app - -type=LoadBalancer - -port=80 C. Create a new yaml file that defines a PersistentVolumeClaim. Then run the command: kubect1 create —f pvc_file.yaml D. Run the following command: kubect1 set image deployment/frontend www=lb image:v2

Answer: B Key phrases: must efficent & load balancer a- not most efficient, extra steps b- every load balancer *OKE - 99.9% sure it won't be on test

Which of the following two tasks can be performed in the Oracle Cloud Infrastructure Console for Autonomous Data Warehouse? A. Scale up/down Memory B. Scale up/down CPU C. Increase Storage allocated for Database D. Adjust Network Bandwidth

Answer: B & C A - memory will scale linearly with CPU

Which two characteristics do you need to consider when choosing a method to migrate a database to Oracle Cloud Infrastructure (OCI)? A. On-premises connectivity using remote and local virtual cloud network (VCN) peering B. On-premises host operating system platform and network bandwidth C. On-premises database character set and application version D. On-premises database version and quantity of data, including indexes

Answer: B & D

Which two statements are true about Oracle Cloud Infrastructure (OCI) DB Systems Data Guard service? A. Data guard implementation requires two DB Systems, one running the primary database on a virtual machine and the standby database running on bare metal B. Both DB systems must use the same VCN, and port 1521 must be open C. Data guard configuration on the OCI is limited to a virtual machine only D. Data guard implementation for Bare Metal shapes requires two DB Systems, one containing the primary database and one containing the standby database

Answer: B & D A - DG doesn't have any requirement on what the DB needs to be C - can be BM or VM

Which two statements are true about Autonomous Data Warehouse (ADW) backups? A. Oracle Cloud Infrastructure (OCI) recommends backing up ADW databases manually to on- premises storage devices B. You can backup ADW database only to a standard bucket type in OCI object storage C. You must backup ADW database to object storage bucket named ADW_backup D. You can perform manual backups to OCI object storage in addition to automated backups available on ADW

Answer: B & D C - will be named 'backup_[databasename]' all in lowercase

Your organization is planning on using Oracle Cloud Infrastructure (OCI) File Storage Service (FSS). You will be deploying multiple compute instances in OCI and mounting the file system to these instances. The file system will hold payment data processed by a database instance and utilized by compute instances to create an overall inventory report. You need to restrict access to this data for specific compute instances and must be allowed/blocked per compute instances CIDR block. Which option can you use to secure access? A. Create a new VCN security list, choose SOURCE TYPE as Service and SOURCE SERVICE as FSS. B. Add stateless ingress and egress rules for specific IP address and CIDR blocks. Create and configure OCI Web Application Firewall service with built in DNS based intelligent routing C. Use 'Export Option' feature of FSS to restrict access to the mounted file systems D. Use stateless Security List rule to restrict access from known IP addresses only

Answer: C

OCI DNS service supports an alias record type which is specific to OCI DNS. Which of the following statements is true of this alias record? A. It allows you to specify the mail server responsible for accepting email messages on behalf of a domain name. B. It can be used to map to OCI public endpoints only. The alias record acts in a similar fashion to a PTR record, although the alias record can be at the apex record of a zone and is visible to external resolvers. C. It can be used to map to various OCI or private assets. The alias records act in a similar fashion to a cname record, although the alias record can be at the apex record of a zone and is not visible to external resolvers D. It allows you to secure multiple FQDNs, often needed to secure instances where multiple domains resolve to a single IP address (such as in a shared hosting environment).

Answer: C A - describing an email B - our DNS supports both public and private endpoints D - doesn't describe DSN

You have successfully created a VCN with a 3 public subnets. Each subnet has a security list with the following rules (sorry I can't upload the photo). You deploy several Oracle Linux servers into each subnet, then connect to each server via SSH to install and configure Apache. After verifying on each local system that Apache is configured properly and running, you test the web server from your laptop. The web page fails to load, why? A. In order to deploy a web application, you must also deploy a Load Balancer, then configure each web server as a member of a backend set. B. You must create a stateless, egress rule with a destination CIDR of 0.0.0.0/0, protocol TCP, and destination port of 80. C. You must create a stateless, egress rule with a destination CIDR of 0.0.0.0/0, protocol TCP, and source port of 80. D. You must also create a stateless, ingress rule to allow traffic in on port 443

Answer: C A - load balancer isn't a requirement B - destination port - client side - incorrect D - talks about 443 (this is for HTTPS; 80 is for HTTP) - 443 isn't in the security list

You have two line of business operations (LOBI, LOB2) leveraging Oracle Cloud Infrastructure. LOB1 is deployed in VCN1 in the OCI US East region, while LOB2 is deployed in VCN2 in the US West region. You need to peer VCN1 and VCN2 for disaster recovery and data backup purposes. To ensure you can utilize the OCI Virtual Cloud Network remote peering feature, which CIDR ranges should be used? A. VCN1 (10.0.0.0/16) and VCN2 (10.0.1.0/24) B. VCN1 (192.168.0.0/16) and VCN2 (192.168.1.0/27) C. VCN1 (10.0.0.0/16) and VCN2 (172.16.0.0/16) D. VCN1 (172.16.1.0/24) and VCN2 (172.16.1.0/27)

Can't have overlapping CIDR blocks (a, b, d) Answer: C. VCN1 (10.0.0.0/16) and VCN2 (172.16.0.0/16)

Choose one or more approaches to allow OCI compute instances to access resources on the Internet. A. Configure a service gateway in your VCN B. Set up a local peering gateway to link your VCN to an Internet-enabled VCN C. Set up a remote peering gateway using a DRG to connect to an Internet-enabled region D. Use an Internet gateway so instances in public subnets can access the Internet

D. Use an Internet gateway so instances in public subnets can access the Internet

You have provisioned a new VCN with a public subnet and created a compute instance to serve as a local software repository. The compute instance cannot connect to the Internet to stage software. Choose one of the following steps to enable the instance to access resources on the Internet. A. Configure a service gateway in your VCN B. Set up a local peering gateway to link your VCN to an Internet-enabled VCN C. Set up a remote peering gateway using a DRG to connect to an Internet-enabled region D. Use an Internet gateway so instances in public subnets can access the Internet

D. Use an Internet gateway so instances in public subnets can access the Internet

A subnet is defined with the CIDR 129.18.0.0/25. What IP address range does this describe? A. 129.18.O.O to 129.18.25.0 B. 129.18.O.O to 129.18.0.24 C. 129.18.O.O to 129.18.0.25 D. 129.18.O.O to 129.18.0.255 E. 129.18.0.0 to 129.18.0.127

E. 129.18.0.0 to 129.18.0.127

You have the following compartment structure in your tenancy. Root compartment -> Training -> Training-sub1 -> Training-sub2 You create a policy in the root compartment to allow the default admin for the account (Administrators) to manage block volumes in compartment Training-sub2. What policy would you write to meet this requirement? A. Allow group Administrators to manage volume-family in compartment Training- sub1:Training-sub2 B. Allow group Administrators to manage volume-family in compartment Training-sub2 C. Allow group Administrators to manage volume-family in root compartment D. Allow group Administrators to manage volume-family in compartment Training: Training- sub1: Training-sub2

Key: writing the policy in the root compartment D. Allow group Administrators to manage volume-family in compartment Training: Training- sub1: Training-sub2

You have deployed a compute instance (VM.Standard2.24) to run an Oracle database. With this set up, you run into some performance issues and want to leverage an OCI Dense 10 shape (VM.Dense102.24), with which you get 25.6 TB local NVMe SSD. You do not want to lose the configuration changes you made to the instance. Which of the following TWO steps ARE NOT required to make this transition? A. Terminate the VM.Standard2.24 instance and preserve the boot volume B. Create a new instance using the VM.Dense102.24 shape using the preserved boot volume and move the Oracle Database data to NVMe disks C. Create a new instance using a VM.Dense102.24 shape using the preserved boot volume and move the Oracle Database data to block volumes D. Terminate the VM.Standard2.24 instance and do not preserve the boot volume

Recognize the question is a double negative - "are not required" Answer: C and D because you have to do A and B C - block volume (no), D (SSD, yes)

One of your development teams just completed the design for a new microservices application that will do video transcoding and indexing. Al of the application components will be deployed on Oracle Container Engine for Kubernetes (OKE). One of the applications will utilize Object Storage so you need to create buckets and pre-authenticated requests as part of the deployment process. How would you design you application deployment process to utilize the fewest number of tools while employing security best-practices? A. Add the OCI Service Broker for Kubemetes to your cluster and register with IAM credentials. Include the appropriate service definitions in your application to include creation of object storage buckets and related pre- authenticated requests. B. Install the OCI command line interface (CLI) alongside kubect1. Write a shell script that uses both tools to deploy OKE services and create object storage resources. C. Create a terraform configuration that includes a worker compute instance. Employ a cloud-init script on that instance to provision the appropriate OKE services. Also include the appropriate terraform configuration to create the requisite object storage resources. Use OCI resource manager (ORM) to manage the Terraform actions. D. Associate an instance principal with each worker node in the OKE cluster. Include a startup script in your docker image that checks for the required object storage resources and creates them if they do not already exist.

Answer: A Key phrases: must efficent & load balancer a- not most efficient, extra steps b- every load balancer OKE - 99.9% sure it won't be on test

What are two valid options to migrate your database to Autonomous Data Warehouse (ADW)? A. Oracle export/import B. RMAN duplicate C. Oracle data pump D. DBCLI tool of DB Systems in Oracle Cloud Infrastructure

Answer: A & C B - RMAN duplicate - not possible with autonomous D - not able to access underlying DB System with autonomous

A startup company has contracted you to help scale their web application. It currently runs on a single compute instance but they are expecting significant growth and need more elasticity in the environment. Which two options would solve their growth and elasticity requirements? A. Create a load balancer and provision a second compute instance. Please both compute instances into a backend set within the load balancer. B. Set up a service gateway and configure it as a front-end to the compute instance. C. Provision a second compute instance. Create a load balancer policy within Traffic Management to resolve DNS requests to both compute instance public IP addresses. D. Set up an OCI web application firewall (WAF) behind the compute instance E. Set up two compute instances deployed using resource manager and integrate with OCI Kubernetes Engine.

Answer: A & C B - service gateways don't handle outside traffic D - WAF doesn't apply to the scope of this question it's a way to prevent unwanted traffic not balance the traffic they want E - this is a LB question not a Kubernetes; when they are talking about Kubernetes, it's typically not going to be associated with applications on compute instances it's going to be a containerized approached

Which two statements about FastConnect are true? A. FastConnect provides an un-encrypted, virtual circuit for the transmission of data between the customer-premises and OCI. B. FastConnect with Public Peering allows you to extend the private IP address space of your on-premises, private network to the private network space of the Virtual Cloud Network (VCN). C. A FastConnect virtual circuit is a logical construct that can provide redundant connectivity to OCI. D. A single FastConnect link is fault-tolerant by design. Customers need only provision a single network circuit through their provider to take advantage of this feature.

Answer: A & C b- public peering - never private IP d- not fault tolerant

Which two statements about the dynamic routing gateway (DRG) are accurate? A. A dynamic routing gateway can be re-used by detaching and reattaching the DRG to a different VCN. B. A dynamic routing gateway is created within a compartment and can be concurrently attached to multiple VCNs for re-use of on-premise connectivity across the OCI tenancy. C. A dynamic routing gateway can only be attached to a single VCN and must reside in the same compartment as VCN. D. A dynamic routing gateway represents the virtual router between the customer network and the virtual cloud network. E. For high availability, a hybrid network should have more than one DRG configured.

Answer: A & D C- first part correct, second part incorrect - does not have to be in the same compartment

Which two statements are true regarding cloning a block volume? A. You can change the block volume size when creating a clone B. You can change the block volume performance when creating a clone C. You can clone block volumes across regions D. You can skip block volume encryption when creating a clone

Answer: A and B

Which two Oracle Cloud Infrastructure services use a Dynamic Routing Gateway? A. IPSec VPN Connect B. OCI FastConnect Private Peering C. OCI FastConnect Public Peering D. Local Peering E. Internet Gateway

Answer: A and B (remote peering also requires a DRG, if that were an option)

When creating a subnet, a key decision to be made is whether it will be public or private. Which of the following statements are true? (pick one or more) A. Public IP addresses are prohibited for instances using private subnets. B. Public IP addresses are allowed for instances using private subnets. C. Public subnets allow instances with public IP addresses. D. Private subnets allow instances with public IP addresses.

Answer: A&C A - yes B - no - can't put a private on top of a public subnet C - yes D - no

Which three items must be configured for a load balancer to accept incoming traffic? A. A listener B. A security list that is open on the listener port C. A backend set with at least one backend server D. A route table entry pointing to the listener IP address E. SSL certificate

Answer: A, B, C D - doesn't need to route traffic, it's not going anywhere; its coming into the listener

Which set of prerequisites must be met before an instance can be accessed from the Internet? Choose one or more options. A. The instance must be in a public subnet. B. The instance must be in a private subnet. C. The route table must be configured appropriately. D. The security list must be configured appropriately. E. The VCN must contain a functional Internet gateway. F. The VCN must contain a functional NAT gateway.

Answer: A, C, D, E

An e-commerce startup company has deployed their online shopping application on OCI. The application deployment leverages an instance pool with autoscaling policy for the web tier, an OCI load balancer for the front-end and an OCI Autonomous Transaction Processing (ATP) instance for the back-end. In order to promote their e-commerce platform a 50% discount was announced on all the products for a limited period. During the first 2 hours of the promotional period they observed the application running slowly and company's hotline has been flooded with complaints. Which two scenarios are the most likely cause of this issue? A. The health check on some of the backend servers has failed and the load balancer was rebooting these servers. B. The autoscaling policy has already scaled to the maximum number of instances specified in the instance pool. C. The load balancer shape was automatically scaled to a larger shape to handle more incoming traffic and the system was slow for a short time during this change. D. The health check on some of the backend servers has failed and the load balancer is no longer passing traffic to those instances.

Answer: B and D

Which two statements are true about Oracle Cloud Infrastructure IPSec VPN Connect? A. OCI IPSec VPN can be configured in transport mode only B. OCI IPSec VPN can be configured in tunnel mode only C. OCI IPSec VPN tunnel supports only static routes to route traffic D. Each OCI IPSec VPN consists of multiple redundant IPSec tunnels

Answer: B and D

Which two statements are correct when terminating a compute instance via the Oracle Cloud Infrastructure (OCI) console? A. The boot volume is deleted by default. B. The boot volume is not deleted by default. C. You cannot terminate an instance without stopping it first. D. All attached block volumes will also be deleted if you terminate an instance. E. All attached block volumes will be detached if you terminate an instance.

Answer: B and E

When uploading large (>5GB) objects to Object Storage, which of the following statements are true? A. You can split the objects into smaller parts and upload smaller parts in parallel using the multipart upload utility from the OCI console B. You have to make sure the total size of an object does not exceed 10 TiB C. You can pause and resume in-progress, multi-part uploads D. You may append a part to an object after the upload has been committed E. Multipart upload functionality is supported natively by the Object Storage API

Answer: B and E A is wrong because when using the multipart upload in the console, it automatically does it. You don't have the option to choose multipart upload

Your IT department wants to cut down storage costs, but also meet compliance requirements as set up by the central audit group. You have a legacy bucket with both Word docs (.docx) and Excel files (.xlsx). Your auditors want to retain only Excel files for compliance purposes. Your IT departments wants to keep all other files for 365 days only. What two steps can you take to meet this requirement? A. Create Object Storage Lifecycle rules to archive objects from the legacy bucket after 365 days without any pattern matching B. Create Object Storage Lifecycle rules to delete objects from the legacy bucket after 365 days with a filter type — exclude by pattern: .xlsx C. Create Object Storage Lifecycle rules to delete objects from the legacy bucket after 365 days without any pattern matching D. It is not possible to meet this requirement E. Create Object Storage Lifecycle rules to delete objects from the legacy bucket after 365 days with a filter type — include by pattern: .docx

Answer: B and E key words: include & exclude

After creating a VCN, you plan to create two subnets, one private and one public. Which of the following statements is true? (Choose two.) A. You will need two VCNs, one for each subnet, since you cannot mix private and public subnets in the same VCN B. Public subnets allow instances with public IP addresses C. A single VCN is sufficient, one for each subnet, since you can mix private and public subnets in the same VCN D. A single VCN is sufficient, one for each subnet, and there is no need to worry about overlapping CIDR ranges between the subnets since one is public and the other is private

Answer: B&C A - wrong. We can have private and public subnets in the same region D - CIDR ranges still can't overlap ever

You are running several Linux based operating systems in your on-premises environment that you want to import to OCI as custom images. You can launch your imported images as OCI compute Virtual machines. Which two modes below can be used to launch these imported Linux VMs? A. Native B. Paravirtualized C. Emulated D. Mixed

Answer: B, C A - Linux doesn't support native; Native (Hardware Virtual Machine) images should be built on top of existing Oracle Cloud Infrastructure base images. D - not an option

OCI Traffic Management Steering Policies are a part of OCI DNS services that enable policies to serve context-intelligent responses to DNS queries. Choose all valid traffic management steering policy types. A. Switchover B. Failover C. Geolocation Steering D. Load Balancer

Answer: B, C, D

Choose the OCI storage type that provides a snapshot-based backup mechanism that supports the immediate restoration of files accidently removed due to user error? A. Object storage standard B. Block Volume C. FSS D. Local NVMe

Answer: C

Which Statement Regarding the scope of an OCI subnet is true? A. A subnet is a global construct. B. A subnet is only an AD-Level construct C. A subnet may be either an AD-Level or OCI regional construct D. A subnet is only an OCI regional-level construct

Answer: C

Which of the following is a key benefit of Database as a Service on Oracle Cloud Infrastructure? A. Automatic index creation B. Integration with Identity and Access Management C. Automated backups to Object Storage D. Automatic database indices creation

Answer: C

Your application consists of three Oracle Cloud Infrastructure compute instances running behind a public load balancer. You have configured the load balancer to perform health checks on these instances, but one of the three instances fails to pass the configured health check. Which of the following action will the load balancer perform? A. Terminate the instance that failed health check B. Stop the instances that failed health check C. Stop sending traffic to the instance that failed health check D. Remove the instance that failed the health check from the backend set

Answer: C

You have an application deployed in Oracle Cloud Infrastructure running in the US East region. You have been asked to create a disaster recovery plan that will protect against the loss of critical data. The DR site must be at least a few hundred miles from your primary site and data transfer between the two sites must not traverse the public internet. Which is the lowest latency and lowest cost recommended disaster recovery plan? A. Create a DR environment in the US West region. Associate a Local Peering Gateway with the VCN in each region and create a local peering connection between the two VCNs B. Create a DR environment in the US West region. Associate a Dynamic Routing Gateway (DRG) with the VCN in each region and configure an IPsec VPN connection between the two regions C. Create a DR environment in the US West region. Associate a Dynamic Routing Gateway (DRG) with the VCN in each region and create a remote peering connection between the two VCNs D. Create a DR environment in the US West region and provision a FastConnect virtual circuit using Dynamic Routing Gateways between the regions

Answer: C A - local peering is within a region between ADs B and D - IPsec VPN and FastConnect would traverse the public internet *IPSec and FastConnection - typically used to connect to on-prem *Remote and Local Peering - connecting VCNs / within the cloud

After performing maintenance on several OCI compute resources, you discover that remote SSH access no longer works. When trying to connect, you encounter, "Permission denied (publickey)" and suspect the maintenance may have removed all SSH public keys from the server. How could you troubleshoot the problem? A. Stop the affected compute resource. Detach the boot volume and attach it to a running Linux instance for which you still have remote access. Run mkfs to assign an EXT4 filesystem to the volume, then mount it. Check the authorized_keys and make replace the missing ssh keys. Re-attach to the affected instance and start it back up. B. Stop the affected compute resource. Detach all block storage volumes and attach them to a running Linux instance for which you still have remote access. Mount the block storage volumes, then check the authorized_keys file. Replace any missing keys, then move the block storage volumes and start the affected instance back up. C. Stop the affected compute resource. Detach the boot volume and attach it to a running Linux instance for which you still have remote access. Create a directory and mount the boot volume to this directory. Check the authorized_keys and make replace the missing ssh keys. Re-attach to the affected instance and start it back up. D. Terminate the affected instances and re-create them. There is no way to troubleshoot this issue.

Answer: C A - not taking about a filesystem B - talking about block volumes D - Oracle isn't going to put an answer on the exam that's "hey we can't do it"

Which statement is true about the Oracle Cloud Infrastructure File Storage Service Mount Target? A. Mount target has a public IP address and DNS name B. Mount target lives in a single subnet of your choice, but is not highly available C. You can access multiple file systems through a sin le mount target D. Each mount target requires six internal IP add the subnet to function

Answer: C A - private B - it is highly available C - it requires three

Which is a customer's responsibility on an Oracle Cloud Infrastructure DB System? A. Installing the operating system (OS), Grid Infrastructure, and database software B. Creating the first database on the DB System C. Applying patches to the database and OS D. Creating an ASM diskgroup for data file or temp file storage

Answer: C A, B, D - Oracle's responsibility

You are a network architect of an application running on Oracle Cloud Infrastructure (OCI). Your security team has informed you about a security patch that needs to be applied immediately to one of the backend web servers. What should you do to ensure that the OCI load balancer does not forward traffic to this backend server during maintenance? A. Create another OCI load balancer for the backend web servers, which are active and handling traffic B. Edit the security list associated with the subnet to avoid traffic connectivity to this backend serve C. Drain all existing connections to this backend server and mark the backend web server offline D. Stop the load balancer for maintenance and restart the load balancer after the maintenance is finished

Answer: C Not A - creating another load balancer isn't going to change anything on the backend side Not B - trick answer in reality the SL does not control the way load balancer talks to the backend server Not D - if you stop the load balancer all of the backend servers will stop receiving traffic and your application will go down

Which two resources are considered "Availability-Domain-specific" constructs? A. Virtual Cloud Network B. Load Balancer C. Block Volume D. Security List E. Route Table F. File Storage Service Mount Target

Answer: C and F

The DHCP options available when creating a VCN let you choose which two DNS resolution types? A. Local Nameserver B. DNS Resolver C. Internet and VCN Resolver D. Custom Resolver

Answer: C, D

The Oracle Cloud Infrastructure Block Volume Service lets you expand the size of block and boot volumes. Which three options below can you use to increase the size of your block volumes? A. You can only expand block volumes and not boot volumes B. Expand an existing volume in place with online resizing C. Clone an existing volume to a new, larger volume D. Expand an existing volume in place with offline resizing E. Take a backup of your existing volume and restore from the volume backup to a larger volume.

Answer: C, D, and E A- wrong, you can expand boot

You have provisioned a new VM.DenselO 2.24 compute instance with local NVMe drives. The compute instance is running a production application. This is a write heavy application, with a significant Impact to the business if the application goes down. What should you do to help maintain write performance and protect against NVMe devices failure? A. NVMe drives have built in capability to recover themselves so no other actions are required B. Configure RAID 6 for NVMe devices C. Configure RAID 1 for NVMe devices D. Configure RAID 10 for NVMe devices

Answer: D

Your manager instructed you to re-design the architecture of an HR application to mitigate unnecessary service interruptions. To ensure high availability, you set up the HR application to use Load Balancer Services and distribute the incoming requests across a group of Compute Instances in two Availability Domains. In this scenario, what happens when a Compute instance behind the Load Balancer fails a health check? A. The Compute instance gets terminated automatically by the Load Balancer B. The Compute instance gets quarantined by the Load Balancer for root cause analysis C. The Compute instance is replaced automatically by the Load Balancer D. The Load Balancer stop sending traffic to the Compute Instance

Answer: D

You are designing an application architecture for an Oracle PeopleSoft implementation. The project team has mandated that the database tier must be fault-tolerant. Given the compute-intensive nature of PeopleSoft, the database system must also be able to scale up or down depending upon performance requirements. The project team has also stipulated that a public load balancer Will be required for all user access to the application, and that all database backups should be stored in Object Storage. What is the most cost-effective approach to implementing a scalable, highly-available database solution in this situation? A. Provision a quarter Exadata rack with a minimum Of 42 OCPIJS_ The quarter rack is capable Of scaling up to 84 OCPIJ's and down to 2 OCPIJ's as demand necessitates B. Deploy two VM_Standard2.24 database nodes into separate availability domains and deploy an OCI compute resource into the third availability domain. Install a data replication agent on this compute instance and configure it to pull data from the primary node and insert in the secondary node on 30- minute intervals C. Deploy one VM.Standard2.24 database node. Use the OCI Management Console or API to enable DataGuard in order to create a second VM.Standard2.24 database node as the replication target. Enable automated backups D. Deploy two BM Dense102S2 instances into separate availability domains. using the OCI Management Console or API, enable DataGuard on the all required databases. You Will be able to scale CPU capacity on the primary node when workload demands increase or decrease while capacity of the secondary node may remain minimal

Answer: D A - exadata is expensive, not cost effective B & C - any deployment on VM DBs are difficult to scale

You have been asked to configure Oracle Golden Gate for data replication between your on-premises Database and Autonomous Transaction Processing (ATP) on OCI. Which TNS Name you should use? A. The name you assigned to the ATP instance during the provisioning process B. The predefined TNS name HIGH C. You should create a new A-Record in DNS to be used as the TNS name D. The predefined TNS name LOW

Answer: D memorization; was on a slide in the training. replication requires lower performance

You have created a new compartment called Production to host some production apps. You have also created users in your tenancy and added them to a Group called "production_group". Your users are still unable to access the Production compartment. How can you resolve this situation? A. Your users get automatic access to all compartments, so no further action is needed B. Write an IAM Policy for "production group" granting it access to the production compartment C. Write an IAM Policy for each specific user granting them access to the production compartment D. Every compartment you create comes with a predefined set of policies, so no further action is needed

B. Write an IAM Policy for "production group" granting it access to the production compartment

Which statement regarding the scope of an OCI subnet is true? A. A subnet is only an AD-Ievel construct B. A subnet is a global construct C. A subnet may be either an AD-Ievel or OCI regional construct D. A subnet is only an OCI regional-level construct

C. A subnet may be either an AD-Ievel or OCI regional construct

You have launched a compute instance running Oracle database in a private subnet in the Oracle Cloud Infrastructure US East region. You have also created a Service Gateway to back up the data files to OCI Object Storage in the same region. You have modified the security list associated with the private subnet to allow traffic to the Service Gateway, but your instance still cannot access OCI Object Storage. How can you resolve this issue? A. Add a stateful rule that enables ingress HTTPS (TCP port 443) traffic to OCI Object Storage in the security list associated with the private subnet B. Add a stateful rule that enables egress HTTPS (TCP port 443) traffic to OCI Object Storage in the security list associated with the private subnet C. Add a rule in the Route Table associated with the private subnet with Target type as "Service Gateway" and destination service as "all IAD services in the Oracle Service Network" D. Use the default Security List, which has ports open for OCI Object Storage

C. Add a rule in the Route Table associated with the private subnet with Target type as "Service Gateway" and destination service as "all IAD services in the Oracle Service Network"

Which of the following is NOT a valid IAM policy statement? A. Allow group StorageAdmins to manage file-family in compartment CorpStorage B. Allow group PHX-Admins to manage all-resources in tenancy where request.region 'phx' C. Allow user TenancyAdmin to manage all-resources in tenancy D. Allow dynamic-group AppServers to manage object-family in compartment App_Prod where target.bucket.name '/confidential-*/'

C. Allow user TenancyAdmin to manage all-resources in tenancy

You have an instance running in a development compartment that needs to make API calls against other OCI services, but you do not want to configure user credentials or a store a configuration file on the instance. How can you meet this requirement? A. Instances can automatically make calls to other OCI services B. Instances are secure and cannot make calls to other OCI services C. Create a dynamic group with matching rules to include your instance and write a policy for this dynamic group D. Create a dynamic group with matching rules to include your instance

C. Create a dynamic group with matching rules to include your instance and write a policy for this dynamic group

To allow your customer to share large sensitive datasets. you installed an FTP server on an OCI compute instance created in a public subnet that belongs to a VCN with an Internet Gateway. After providing the FTP credentials to the customer, choose any additional steps that may have to be completed before they can begin uploading files to the FTP server. A. You must allocate an ephemeral public IP address to the instance. B. A NAT gateway must be set up to allow incoming FTP access to the instance. C. The subnet's route table and security list must have appropriate configuration. D. This compute instance will be unreachable from the Internet because it is in a public subnet.

C. The subnet's route table and security list must have appropriate configuration.