1. You are working as a security consultant with a global insurance organization which is using Microsoft Azure Active Directory as an identity provider to manage user login/passwords. When a user logs in to Oracle Cloud Infrastructure (OCI) console, it should get authenticated by Azure AD.
Which set of steps are required to be configured in OCI to meet this requirement?
Ans: Setup Azure AD as an Identity Provider, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups.
2. A global media organization is working on a project which lets users upload their videos to the site. After upload is complete, the video should be automatically processed by an AI algorithm. The algorithm will try to recognize certain actions in the videos so that it can be used to show related advertisements in future. The development team wants to focus on writing AI code and not worry about underlying infrastructure for high availability, scalability, security and monitoring.
Which Oracle Cloud Infrastructure (OCI) services would meet these requirements?
Ans: OCI Object Storage, OCI Events service and OCI Functions.
3. An online gaming application is deployed to multiple Availability Domains in the Oracle Cloud Infrastructure (OCI) us-ashburn-1 region. Considering the high volume of traffic that the gaming application handles, the company has hired you to ensure that the data stored by the application is scalable, highly available, and disaster resilient. In the event of failure, the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) must be less than 2 hours.
Which Disaster Recovery strategy should be used to achieve the RTO and RPO requirements in the event of a system failure?
Ans: Configure hourly block volumes backups using the OCI Command Line Interface (CLI).
4. A fast growing E-commerce company has deployed their online shopping application on Oracle Cloud Infrastructure. The application was deployed on compute instances with Autoscaling configuration for application servers fronted by a load balancer and OCI Autonomous Transaction Processing (ATP) in the backend. In order to promote their e-commerce platform 50% discount was announced on all the products for a limited period. During the day 1 of promotional period it was observed that the application is running slow and company’s hotline is flooded with complaints.
What could be two possible reasons for this situation?
Ans: Autoscaling has already scaled to the maximum number of instances specified in the configuration and there is no room for scaling further.
The health check on some of the backend servers has failed and the load balancer has taken those servers temporarily out of rotation.
5. You are responsible for migrating your on-premises legacy databases on 11.2.0.4 version to Autonomous Transaction Processing - Dedicated (ATP-D) in Oracle Cloud Infrastructure (OCI). As a solution architect, you need to plan your migration approach.
Which three options do you need to implement together to migrate your on-premises databases to OCI?
Ans: Launch Autonomous Transaction Processing – Dedicated database in OCI.
Use Oracle GoldenGate replication to keep on-premises database online during migration.
Convert on-premises databases to PDB, upgrade to 19c, and encrypt.
6. An insurance company is storing critical financial data in the Oracle Cloud Infrastructure block volume. This volume is currently encrypted using oracle managed keys. Due to regulatory compliance, the customer wants to encrypt the data using the keys that they can control and not the keys which are controlled by Oracle.
What of the following series of tasks are required to encrypt the block volume using customer managed keys ?
Ans: Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume.
7. Which of the following is NOT a good use case for the Oracle Cloud Infrastructure (OCI) Streaming service?
Ans: Meeting compliance requirements for data to remain unchanged over a long time, so that it can be retrieved for audit purposes.
8. You have been asked to review some network proposals by a major client. The client's IT director needs to provision two Virtual Cloud Network (VCN) for a major application. Both applications use a large number of virtual machine instances, and so will ideally occupy VCNs with as many address spaces as possible. Additionally, in the future, VCN peering will be required to allow communication between the VCNs.
Which of the following are valid IP ranges to consider for the VCNs?
Ans: 10.0.0.0/24 and 10.0.1.0/24
9. Which of the below options for private access to services within Oracle Cloud Infrastructure (OCI) is NOT valid?
Ans: You cannot use the private endpoint for hosts in the on-premises network.
10. As an administrator you want to give users of ObjectWriters group full access to bucket Bucket-A and its objects in compartment comp-images. You want users of ObjectWriters to not be able to access or modify properties of any other buckets and its objects in the compartment comp-images.
Select the statement(s) below that will best define your IAM policies.
Ans: Allow group ObjectWriters to inspect buckets in compartment comp-images
Allow group ObjectWriters to read buckets in compartment comp-images where target.bucket.name='Bucket-A'
Allow group ObjectWriters to manage objects in compartment comp-images where target.bucket.name='Bucket-A'
11. You want to automate the processing of new image files to generate thumbnails. The expected rate is 10 new files every hour.
Which of the following is the most cost effective option to meet this requirement in Oracle Cloud Infrastructure (OCI)?
Ans: Upload files to an OCI Object storage bucket. Every time a file is uploaded, an event is emitted. Write a rule to filter these events with an action to trigger a function in Oracle Functions. The function processes the image in the file and stores the thumbnails back in an Object storage bucket.
12. You have deployed an application server in a private subnet in your virtual cloud network (VCN). For the database, you have provisioned an Autonomous Transaction Processing (ATP) serverless instance. However, you are unable to connect to the database instance from your application server.
Which two steps would you need to enable this connectivity?
Ans: Create a NAT Gateway and add the following route rule to the route table of private subnet.
CIDR: 0.0.0.0/0
Target: NAT Gateway
Add a stateful egress rule to the security list associated with your private subnet.
Destination CIDR: 0.0.0.0/0
Protocols: All Protocols
13. You have an application running in Microsoft Azure and want to use Oracle Autonomous Data warehouse (ADW) instance for running business analytics.
How can you build a secure solution for such a use-case?
Ans: Setup an interconnect between OCI and Microsoft Azure using FastConnect and ExpressRoute. Use a Service Gateway in OCI Virtual Cloud Network to provide connectivity to the Oracle ADW instance for the application in Microsoft Azure VNet.
14. Your customer has gone through a recent reorganization. As part of this change, they are organizing their Oracle Cloud Infrastructure (OCI) compartment structure to align with the company's new organizational structure. (Refer to the exhibit)
exhibit
They have made the following change:
Compartment A is moved, and its new parent compartment is compartment Dev.
Policy defined in compartment A: Allow group G1 to manage instance-family in compartment A
Policy defined in root compartment: Allow group admins to manage instance-family in compartment Ops: Test: A
After the compartment move, which action will provide users of group G1 and admins with similar privileges as before the move?
Ans: Define the following policy in compartment Dev:
Allow group G1 to manage instance-family in compartment A
15. You notice that a majority of your Oracle Cloud Infrastructure (OCI) resources like compute instances, block volumes, and load balancers are not tagged. You have received a mandate from your CIO to add a predefined set of tags to identify owners for respective OCI resources. E.g. if Chris and Larry each create compute instances in a compartment, the instances that Chris creates include tags that contain his name as the value, while the instances that Larry creates have his name.
Which option is the simplest way to implement this new tagging requirement?
Ans: Create tag variables to automatically tag a resource with the user name.
16. A manufacturing company is planning to migrate their on-premises database to Oracle Cloud Infrastructure and has hired you for the migration. Customer has provided following information regarding their existing on-premises database:
Database version, database character set, storage for data staging, acceptable length of system outage.
What additional information do you need from customer in order to recommend a suitable migration method? (Choose Two)
Ans: Data types used in the on-premises database.
On-Premises host operating system and version.
17. You are working on the migration of the web application infrastructure of your company from on-premises to Oracle Cloud Infrastructure. You need to ensure that the DNS cache entries of external clients will not direct them to the on-premises infrastructure after switching to the new infrastructure.
Which of the following options will minimize this problem?
Ans: Reduce the TTL of the DNS records before the switch.
18. As part of planning the network design on Oracle Cloud Infrastructure, you have been asked to create an Oracle Cloud Infrastructure Virtual Cloud Network (VCN) with 3 subnets, one in each Availability Domain. Each subnet needs to have a minimum of 64 usable IP addresses.
What is the smallest subnet and VCN size you should use to implement this design? The requirements are static, so no growth is expected.
Ans: /23 for the VCN; /25 for the subnets
19. A developer is using Oracle Functions to deploy her code as part of an event-driven solution in Oracle Cloud Infrastructure (OCI). When she invokes her function, Oracle Functions returns a FunctionInvokeImageNotAvailable message and a 502 error:
{"code":"FunctionInvokeImageNotAvailable","message":"Failed to pull function image"}
Fn: Error invoking function. status: 502 message: Failed to pull function image
Which of the following options is NOT a plausible reason for this error?
Ans: OCI Events service rule is not configured with the correct location of the function in OCI Registry.
20. You have been asked to implement a bespoke financial application in Oracle Cloud Infrastructure using virtual machine instances controlled by Autoscaling across multiple Availability Domains. The application stores transaction logs, intermediate transaction data, and audit data and needs to store this on a persistent, durable data store accessible from all of the application servers. The application requires the file system to be mounted in the /audit folder on the Linux file system. The system needs to tolerate the failure of two or more Fault Domains and still maintain data integrity. The solution should be as low maintenance as possible.
What storage architecture should you suggest?
Ans: Use File Storage Service(FSS). Configure FSS to operate from all Availability Domains the application servers operate in and mount the file system in the /audit folder.
21. A cloud consultant is working on a implementation project on Oracle Cloud Infrastructure (OCI). As part of the compliance requirements, the objects placed in OCI Object Storage should be automatically archived first and then deleted. He is testing a lifecycle policy on Object Storage and created a policy as below:
[ { "name": “Archive_doc”, "action": "ARCHIVE", "objectNameFilter": { "inclusionPrefixes": [ “doc”] },
"timeAmount": 5, “timeUnit”: “DAYS”, "isEnabled": true },
{ "name": “Delete_doc”, "action": "DELETE", "objectNameFilter": { "inclusionPrefixes": [ “doc”] },
"timeAmount": 5, “timeUnit”: “DAYS”, “isEnabled": true }
]
What will happen after this policy is applied?
Ans: All objects with names starting with “doc” will be deleted after 5 days of object creation.
22. You are creating an Oracle Cloud Infrastructure Dynamic Group. To determine the members of this group you are defining a set of matching rules.
Which of the following are the supported variables to define conditions in the matching rules? (Choose Two)
Ans: tag.<tagnamespace>.<tagkey>.value - the tag namespace and tag key.
instance.compartment.id - the OCID of the compartment where the instance resides.
23. Your organization is planning on using Oracle Cloud Infrastructure (OCI) File Storage Service (FSS). You will be deploying multiple compute instance in Oracle Cloud Infrastructure(OCI) and mounting the file system to these compute instances.
The file system will hold payment data processed by a Database instance and utilized by compute instances to create a overall inventory report. You need to restrict access to this data for specific compute instances and must be allowed/blocked per compute instance’s CIDR block.
Which option can you use to secure access?
Ans: Use ‘Export option’ feature of FSS to restrict access to the mounted file systems.
24. You have created compartment called Dev for developers. There are two IAM groups for developers: group-dev1 and group-dev2. You need to write an Identity and Access Management (IAM) policy to give users in these groups access to manage all resources in the compartment Dev.
Which of the following IAM policy will accomplish this?
Ans: Allow group group-dev1 group-dev2 to manage all resources in compartment Dev
25. Your security team has informed you that there are a number of malicious requests for your web application coming from a set of IP addresses originating from a country in Europe.
Which of the following methods can be used to mitigate these type of unauthorized requests?
Ans: Web Application Firewall policy using access control rules
26. You are a solution architect working with a startup that has decided to move their workload to Oracle Cloud Infrastructure. Since their workload is small, upon architecting, you decide its sufficient to use 8 compute instances to run their workload. The company wants to use a common storage for their instances. So, you propose the idea of attaching a block volume to multiple instances to provide a common storage.
Which of the below option is NOT true for such a solution?
Ans: You can delete a block volume from one instance without detaching it from all other instances there by keeping other instance’s storage intact.
27. An E-commerce company which sells computers, tablets, and other electronics items has recently decided to move all of their on-premises infrastructure to Oracle Cloud Infrastructure (OCI). One of their on-premises application is running on an NGINX server and the Oracle Database is running in a 2 node Oracle Real Application Clusters (RAC) configuration.
They cannot afford to have any application down time when they do the migration.
What is an effective mechanism to migrate the customer application to OCI and set up regular automated backups?
Ans: Launch a compute instance and run an NGINX server to host the application. Deploy a 2 node VM DB Systems with Oracle RAC enabled. Setup Oracle GoldenGate to synchronize data from their on-premises database to OCI VM Database. Export and Import the on-premises database to OCI VM DB Systems using Oracle Data Pump, apply the GoldenGate trail files to sync up the OCI database with the on-premises database. Enable automatic backups for the OCI VM database and then cut over the application from on-premises to OCI.
28. Which of the following is NOT a good use case for using the functionality available in the Oracle Cloud Infrastructure (OCI) Events service?
Ans: Capture Monitoring Alarms and invoke Autoscaling of compute instances.
29. You have decided to migrate your application to Oracle Cloud Infrastructure and use Oracle Functions to deploy your microservices.
Which monitoring metrics are available to help you calculate your total cost for using Oracle Functions per month? (Choose Two)
Ans: Number of times a function is invoked.
Length of time a function runs.
30. An E-Commerce company wants to deploy their web application for Oracle Database on Oracle Cloud Infrastructure (OCI) DB Systems. In compliance with the business continuity program of the business, they need to provide a Recovery Point Objective (RPO) of 1 hour and a Recovery Time Objective (RTO) of 5 minutes. The web application should be highly available within the region and meet the RTO and RPO requirements in case of a region outage.
Which approach is the most suitable and cost effective configuration for this scenario?
Ans: Deploy a 2 node Virtual Machine (VM) Oracle RAC database in one region and replicate the database to a 2 node VM Oracle RAC database in another region using a manual setup and configuration of Oracle Data Guard.
31. You are trying to troubleshoot the configuration of your Oracle Cloud Infrastructure (OCI) Load Balancing service. You have a backend HTTP service for which you have created a backend set in the load balancer. You have configured health checks for the backend set. Although the health checks appear good, customers sometimes experience transaction failures.
Which of the following options will definitely lead to this problem?
Ans: You are running a TCP-level health check against your HTTP service. The TCP handshake can succeed and indicate that the service is up even when the HTTP service has issues.
32. You are part of a project team working in the development environment created in Oracle Cloud Infrastructure (OCI). You realize that the CIDR block specified for one of the subnets in a Virtual Cloud Network (VCN) is not correct and want to delete the subnet. While deleting you get an error indicating that there are still resources that you must delete first. The error includes the OCID of the VNIC that is in the subnet.
Which of the following actions you will take to troubleshoot this issue?
Ans: Use OCI CLI to call “network vnic” and “compute vnic-attachment” operations to find out the parent resource of the VNIC.
33. Design and implement hybrid network architectures to meet high availability, bandwidth and latency requirements
Your Oracle database is deployed on-premises and has produced 100 TB database backup locally. You have a disaster recovery plan that requires you to create redundant database backups in Oracle Cloud Infrastructure (OCI). Once the initial backup is completed, the backup must be available for retrieval in less than 30 minutes to support the Recovery Time Objective (RTO) of your solution.
Which is the most cost effective option to meet these requirements?
Ans: Use OCI Storage Gateway to transfer the backup files to OCI Object Storage Standard tier as the final destination.
34. You have configured backups for your Oracle Cloud Infrastructure (OCI) 2-node RAC DB systems on virtual machines. In the console, the database backup displays a Failed status.
Which of the following options is the most likely reason for this backup issue?
Ans: The auth token being used by the Object Store Swift endpoint is incorrect.
35. Which of the below options is true regarding Oracle Cloud Infrastructure’s load balancing service?
Ans: The public load balancer applies a floating public IP address to the primary load balancer.
36. As a solution architect, you are designing a web application to be deployed across multiple Oracle Cloud Infrastructures (OCI) regions for a global audience. Your goal is that users from each region should access the application web servers deployed in their own geographical OCI location.
Which OCI feature can be used to achieve this?
Ans: OCI Traffic Management GeoLocation steering policy
37. You have to migrate your application to Oracle Cloud Infrastructure (OCI). The database is constantly being updated and needs to be online without interruptions. How can you transition the database to OCI without interrupting its use?
Ans: Use an on-premises database with one-way synchronization to a cloud-based database and allow clients to connect only to the on-premises database until it is synchronized.
38. You are tasked with backing up your data using Oracle Cloud Infrastructure Block Volume service.
When you are finalizing your block volume backup schedule, which of the following two are valid considerations for your backup plan?
Ans: Frequency: How often you want to back up your data.
Number of stored backups: How many backups you need to keep available and the deletion schedule for those you no longer need.
39. An eCommerce company is running on Oracle Cloud Infrastructure (OCI) and many compute instances remain unused for the most part of the year except during Black Friday and Christmas. You suggest them to use OCI’s Autoscaling feature and present them a slide to showcase the features of Autoscaling.
Which option below is inaccurate in your presentation to the customer?
Ans: When an instance pool scales in, instances are terminated in this order: the number of instances is balanced across Availability Domains, and then balanced across Fault Domains. Finally, within a Fault Domain, the newest instance is terminated first.
40. Which of the following is NOT a good use case for the volume backup feature of the Oracle Cloud Infrastructure Block Volume service?
Ans: Rapidly duplicate an environment in seconds to test configuration changes without impacting your production environment.
41. Which of the following features is NOT supported by Oracle Cloud Infrastructure Multi-factor authentication (MFA)?
Ans : Members of the Administrators group can enable MFA for other users.
42. You are working as a solution architect for a customer in Frankfurt, which uses multiple compute instance VMs spread among three Availability Domains in the Oracle Cloud Infrastructure (OCI) eu-frankfurt-1 region. The compute instances do not have public IP addresses and are running in private subnets inside a Virtual Cloud Network (VCN). You have set up OCI Autoscaling feature for the compute instances, but find out that instances cannot be auto scaled. You have enabled monitoring on the instances.
What could be wrong in this situation?
Ans: You need to set up a Service Gateway to send metrics to the OCI Monitoring service.
43. You have deployed a multi-tier application with multiple compute instances in Oracle Cloud Infrastructure. You want to back up these volumes and have decided to use ‘Volume Groups’ feature. The Block volume and Compute instances exist in different compartments within your tenancy.
Periodically, a few child compartments are moved under different parent compartments, and you notice that sometimes volume group backup fails.
What should be the cause ?
Ans: The Identity and Access Management policy allowing backup failed to move when the compartment was moved.
44. Many development engineers are deploying new instances as part of their projects in Oracle Cloud Infrastructure tenancy, but majority of these instances have not been tagged. You as an administrator of this tenancy want to enforce tagging to identify owners who are launching these instances.
Which option below should be used to implement this requirement?
Ans: Create a predefined tag with tag variables to automatically tag a resource with username.
45. You have been asked to create a mobile application which will be used for submitting orders by users of a popular E-Commerce site. The application is built to work with Autonomous Transaction Processing - Serverless (ATP-S) database as the backend and HTML5 on Oracle Application Express as the front end. During the peak usage of the application you notice that the application response time is very slow. ATP-S database is deployed with 3 CPU cores and 1 TB of memory.
Which two options are expensive or impractical ways to improve the application response times?
Ans: Scale up CPU core count and memory during peak times.
Identify the maximum CPU capacity needed for peak times and scale the CPU core count for the ATP-S database to that number. ATP-S will scale the CPU core count down when not needed.
46. You are designing the network infrastructure for an application consisting of a web server (server-1) and a Domain Name Server (server-2) running in two different subnets inside the same Virtual Cloud Network (VCN) in Oracle Cloud Infrastructure (OCI). You have a requirement where your end users will access server-1 from the internet and server-2 from your customer’s on-premises network. The on-premises network is connected to your VCN over a FastConnect virtual circuit.
How should you design your routing configuration to meet these requirements?
Ans: Configure two routing tables: first one with a route to internet via an Internet gateway; associate this route table to the subnet containing server-1.Configure the second route table to propagate specific routes to the on-premises network via a Dynamic Routing Gateway; associate this route table to subnet containing server-2.
47. A customer has a Virtual Machine instance running in their Oracle Cloud Infrastructure tenancy. They realized that they wrongly picked a smaller shape for their compute instance. They are reaching out to you to help them fix the issue.
Which of the below options is best recommended to suggest to the customer?
Ans: Change the shape of the virtual machine instance using the Change Shape feature available in the console.
48. You are building a demo for a customer that showcases Oracle Cloud Infrastructure (OCI) Events service and Oracle Functions. You plan to create an event every time an image is uploaded to an OCI Object Storage bucket. You have also created a function that is listening to the event and processes the image for face recognition.
Choose the two actions from below that are NOT required to run the demo successfully.
Ans: Creating an event rule is not permitted for OCI Object storage.
The function must be deployed only to Oracle Kubernetes Engine (OKE).
49. A company is running High Performance Computing workloads on Oracle Cloud Infrastructure and are using OCI bare metal compute shape. They have decided to create a custom image of the bare metal instance's boot disk and use it to launch other instances.
Which of the following is a NOT a true statement?
Ans: You can create additional custom images of an instance while the instance is engaged in the image creation process.
50. There are two compartments: Networks and DevInstances
There are two groups: NetworkAdmins with a user named Nick, and Devs with a user named Dave
The following IAM policies are being used:
Allow group NetworkAdmins to manage virtual-network-family in compartment Networks
Allow group NetworkAdmins to manage instance-family in compartment Networks
Allow group Devs to use virtual-network-family in compartment Networks
Allow group Devs to manage all-resources in compartment DevInstances
Nick creates a VCN in Networks compartment. Dave creates a VCN in DevInstances compartment.
Which of the following statements is INCORRECT?
Ans: Nick launches instances in Networks using VCN in DevInstances compartment
