A tenancy administrator in Oracle Cloud Intrastructure is unable to delete a user in the tenancy. What can be the possible root cause for this ussue? User has enabled multi-factor authentication User cannot be deleted but can only be blocked User is a member of an Identity and Access Management (IAM) group Only tenancy administrator who added the user can remove the user.
Which statement is INCORRECT about OCI Object Storage? Lifecyle rules can be applied to delete or archive objects Using retentition rules immutable option for data stored can be set Object storage resources can be shared across tenancies Versioning of objects is enabled at namespace level.
Identify INCORRECT policy syntax for OCI Identity and Access Management (IAM)? Allow dynamic group BackEnd to manage instance family in compartment Prod Allow all-groups to inspect user in tenancy Allow group C Admins to manage all resources in compartment Prod Allow any-user to inspect user in tenancy.
Solution Arachitect needs to peer two Virtual Cloud Network (VCN). Which TWO statements are CORRECT? VCNs Peering must have overlappings CIDRs VCNs Peering may exist in the same OCI region VCNs Peering may exist in different OCI region VCNs Peering needs to be part of same Tenancy.
Which statement is true in regards to OCI Object Storage Versioning? Object versionning is disable on a bucket by default Object versioning doesn't protect data against accidential deletion or overwriting of objects Object are physically deleted from a bucket when versioning is enabled Enabling versioning will ensure that only latest version of the object is always preserverd.
A company uploaded graphics to OCI object storage bucket and added URL paths for each objects separately.
As a Solution Architect, you need to ensure that these graphics are accessible without requiring any authentication for extended period of time. Create pre-authenticated request without specifying expiration time Create pre-authenticated request with expiration time set to Make Object storage bucket private and objects containing it as public Make Object storage bucket public and use URL path for each objects.
To identify potential issues, fixing issues and detect anomalies of log data so as to perform advanced analysis, which service should you use to monitor ? Monitoring Logging Analytics OCI Analytics OCI Machine Learning .
Which statement is CORRECT regarding Object Storage ? Objects in the buckets are always encrypted with same encryption key OCI vault service stores customer-provided encryption keys Encryption is turned on by default and cannot be turned off Encryption of data encryption keys with master encryption key is not mandatory.
Which THREE components cannot be deleted from Virtual Cloud Network ( VCN ) in OCI ? Default Subnet Default Security List Default Route Table Default set of DHCP options .
Which TWO resources are availability domain specific ( reside exclusively in a single OCI availability domain ) ? Object Storage Block Volume Virtual Cloud Network ( VCN ) Compute Instance.
A company has configured load balancers to perform health check on compute instances. What will happen if an instance doesn't pass the configured health checks ? The instance is deleted automatically by the load balancer Old instance is replaced by a healthy instance automatically by the load balancer The load balancer stops sending traffic to the instance Instance is moved out of the backend set by the load balancer .
In shared security model of OCI, which components are NOT managed by Oracle ?
Select THREE correct answers. Data Account & Identities Physical security of data center premises Application .
Which VCN size range is allowed in OCI ? /8 through /16 /O through /32 /16 through /30 /8 through /24 .
What is the maximum number of security lists by default that can be associated with a subnet while creating in OCI? 0 1 6 5.
Which THREE tasks can a user who belongs to the GroupAdmin group perform if the policy is associated with it as follows :
Allow group GroupAdmin to manage volumes in tenancy where request.permission != 'VOLUME_DELETE' Create Volume Delete Volume Move Volume Update Volume .
In OCI, which type of logs is emitted by Object Storage, VCN Flow logs, Functions and API Gateways ? Audit Logs Custom Logs Service Logs None of these .
Retention rules are configured at which level for OCI Object Storage ? Namespace Level Tenant Level Compartment Level Bucket Level.
Which encryption algorithm is supported by OCI Vault Service ?
Select THREE correct answers. Rivest-Shamir-Adleman (RSA) Advanced Encryption Standard (AES) Elliptic Sine Digital Signature Algorithm (ESDSA) Elliptic Curve Digital Signature Algorithm (ECDSA) .
A company wants to implement Data Guard in OCI virtual machine and bare metal database systems.
Which statement is CORRECT.
Primary and standby database versions and editions need to be different Both DB systems must reside in the same compartment Primary and standby databases should be in the same OCI region Database systems should have different shape type .
A company needs to implement Big Data workload for shared access and NFS-based connectivity.
Which storage service should the company use ? Object Storage Block Volume File Storage FastConnect.
Which statements are CORRECT about OCI VCN Peering ?
Select TWO correct answers. Both VCNs should have operlapping CIDRs A single DRG can be used for local peering Internet Gateway is required VCN should reside in same region but can be in different OCI tenancies .
Which Load Balancer can distribute traffic based on destination port and IP address ? Layer-7(HTTP) Layer-2 Layer-3 Layer-4 ( TCP/UDP/ICMP ).
As a solution architect, how can you prevent unwanted bots while desirable bots are allowed to enter ? Data Guard Vault Compartments Web Application Firewall ( WAF ) .
A company needs to distribute DNS traffic to separate endpoints based on the location of the end user.
Which traffic management steering policy should the company use ? IP prefix steering Geolocation Steering Failover ASN steering .
As a solution architect, you need to make sure that the instances can communicate directly with the internet.
Which TWO statements can fulfill the above requirement ? Instances should reside in a private subnet VCN of the instance should have an Internet Gateway VCN of the instance should have a Dynamic Routing Gateway ( DRG ) Instances should have a public IP address.
Audit team need access to a bucket for a duration of 1 day for auditing purpose who don't have IAM user credentials.
As a solution architect, what can be done to meet the requirement ? Delete the bucket so that audit team will postpone the audit to a future date Make the bucket public for I day Pre-authenticated request ( PAR ) Archiving the data in the bucket.
As a solution architect, you need to divide your network into multiple VCNs such that the traffic shouldn't flow over the internet or via on-prem network so that each VCN can have private and direct access.
Which Networking method should you use ? NAT Gateway Service Gateway FastConnect VCN Peering .
Development team in a company use JavaScript Object Notation Documents for developing NOSQL-styIe applications.
Which database type can be used by the development team ? Terraform SQL Server 2012 Autonomous Data Warehouse Autonomous JSON Database .
A developer in your team uploaded an object with the same name as a previously existing object. As a solution architect, you have enabled versioning on this bucket.
What will be the impact of uploading an object by the developer with the same name ? Existing object is moved to archive storage whereas new object remains on standard storage Throws an error message, "Cannot copy object. Object already exists" Existing object is overwritten which is unrecoverable New object becomes the current version whereas existing object becomes previous version .
Which statements are TRUE about OCI Compartments ?
Select THREE correct statements. One Compartment can reside inside another compartment One compartment can have resources from multiple OCI regions Single resource can be shared by multiple compartments Budget on a compartment can be set such that if a budget exceeds then a notification will be sent .
What is the default performance level when a block volume is created in OCI ? Archive Balanced Higher Performance Ultra-High Performance .
Which statements are CORRECT about OCI Object Storage ? Two. They are not tied to any specific compute instance and are regional service Private access is supported via service gateway for OCI resources Default tier is archive Data is not durable .
In OCI File Storage, which four layers of access control are used ? OCI Policy Network Security Key Management NFS v.3 Unix Security NFS export option .
A company wants to run online transactional processing (OLTP) and online analytical processing (OLAP) workloads directly from a MySQL database without any changes to the applications so that there is no need for separate analytics database.
Which MySQL Database feature will help you to achieve this ? Heatwave Redis Memcached Oracle Exalogic .
A company has two objects in a OCI bucket : ObjectA and ObjectB. ObjectA was modifed 17 months ago and Object B was modified 5 months ago. As a solutions architect, you created a retention rule for 12 months.
Which TWO statements are true ? ObjectA can be deleted or modified immediately ObjectA cannot be deleted or modified for next 5 months ObjectB can be deleted or modified immediately ObjectB cannot be deleted or modified for next 7 months.
In which language Terraform providers and Terraform written ? Python C# Scala Go.
Select the CORRECT statements about Oracle Vulnerability Scanning which it can identify.
Select THREE correct answers. Potential OS configurations which hackers might exploit Ports which are left open SQL Injection OS packages that require patches to tackle vulterabilities.
A company needs to access data immediately, fast and frequently.
Which Object Storage tier should the company use ? Archive Infrequent Access Standard High Performance .
Select TWO CORRECT statements about OCI Block Volume Clone. It is possible to clone a volume group Block Volume backup is faster than block volume clone Single-in-time copy of a volume can be created without the need for backup and restore process Block Volume clone works only with object storage .
Select TWO CORRECT statements about Site-to-Site-VPN It is impossible to use multiple site-to-site connections between on-prem and VCN IP Traffic is decrypted when it arrives and encrypted before packets are transferred DRG is required when trying to connect a VCN to the internet by using site-to-site VCN On-prem and VCN is provided a site-to-site IPSec connection .
Which statement is CORRECT about Pre-Authenticated Requests ? Pre-authenticated requests don't need to have an expiration time Changing the bucket visibility doesn't change existing pre-authenticated requests It is impossible to create pre-authenticated requests for archive object storage tier Only individual objects inside the bucket can have pre-authenticated. It is impossible to create pre-authenticated requests for the entire bucket. .
What is the advantage of Database as a Service in OCI ? Automated index creation Integration with Identity and Access Management ( IAM ) Automated backups to File Storage Automated backups to Object Storage .
Which TWO statements are CORRECT about Data Guard in OCI ? Data Guard can be configurated for virtual machines only Port 1521 must be open and both DB systems must reside in the same VCN Implementing Data Guard requires two DB systems. Primary database on virtual machine and standby database running on bare metal Implementing Data Guard for Bare Metal requires two DB systems. One for Primary database
and another for standby database.
Which statement is CORRECT about File Storage in OCI ? Incremental snapshots are not allowed Snapshots can be created just from CLI and not from OCI console Entire snapshot can be restored but not the individual files Snapshots are created in a hidden directory named .snapshot under the root folder of the file system .
If no route rule matches the network traffic you intend to route outside the VCN, what happens to the traffic ? Traffic is sent over to My Oracle Support ( MOS ) Traffic is dropped Traffic is sent over to Service Gateway Traffic is sent over to Internet Gateway .
Compartment X is a child compartment of root. Compartment Y is a child compartment of compartment X. Compartment Z is a child compartment of compartment Y.
Allow group NetworkAdmin to manage virtual-network-family in compartment X
Which compartments can a user of the NetworkAdmin group manage VCNs ? Compartment X only Compartment Y and compartment Z only Root compartment, Compartment X, Compartment Y, Compartment Z Compartment X, Compartment Y and Compartment Z only .
As a solutions architect you have enabled auto tiering to reduce costs. Object larger than I Mebibyte (MiB) are automatically to which tier from standard tier ? Archive Objects are not moved. They remain in standard tier until automation script is invoked Redundancy Infrequent Access.
FastConnect uses which protocol ? IPSec Open Shortest Path First ( OSPF ) DNS Routing BGP .
Web Application Firewall ( WAF ) operates at which layer of OSI Model ? Application Layer Transport Layer Datalink Layer Presentation Layer .
Which TWO statements are CORRECT about application load balancers ? Application Load Balancer works only for TCP layer variables Application Load Balancer performs content-based routing Application Load Balancer are based on destination ports and IP address only Application Load Balancer supports both HTTP and HTTPS .
As a solution architect, you have enabled versioning for a bucket in OCI.
What will happen when you try to upload an object with the same name as an existing name ? It will throw an error as the object with same name already exists. Existing object will become the previous version and newly uploaded object becomes the latest version Old object is overwritten and becomes unrecoverable Existing object is moved to archive tier whereas new object remains in standard tier .
OCI supports which FOUR types of images ? Linux Images provided by Oracle Windows Images provided by Oracle Solaris Images provided by Oracle Prebuilt application images from OCI marketplace Custom Images created from existing images in OCI.
As a solution architect, you want to grant your Virtual Cloud Network ( VCN ) to access the internet.
Which TWO connectivity options will help you achieve this ? Service Gateway NAT Gateway FastConnect Internet Gateway .
As a solution architect, you want to upload a huge log file ( 7 TiB size ) to OCI object storage and have decided to use multipart upload feature for more efficient upload.
Select THREE CORRECT statement about multipart upload. Maximum object size should be 10 TiB After you have uploaded all the object parts, you cannot commit the upload Maximum number of parts in a multipart upload should be 10,000 Maximum object part size in a multipart upload should be 50 GiB .
A company is migrating a database to Oracle Cloud Infrastructure ( OCI ).
Which TWO characteristics you need to consider as a Solution Architect during this migration ? On-Prem connectivity using Local Virtual Cloud Network ( VCN ) and remote peering On-Prem host network bandwidth and operating system platform On-Prem database version and amount of data including indexes On-Prem database character set and application version.
Which TWO statements are CORRECT about boot volumes ? Grouping of boot volumes with block volumes into same volume group is not possible After terminating an instance, you can reuse the boot volume but the instance must be of same size and shape as the original instance After teminating an instance, you can preserve the data and the boot volume After launching a VM or baremetal instance based on a custom image or platform image, a new boot volume for the instance is created in the same compartment.
Identify the CORRECT statement after a solution architect has applied the below polices :
Allow group GroupAdmins to manage groupss in tenancy where all target.group.name!='Z-Admins')
Allow group GroupAdmins to inspect groups in tenancy GroupAdmins can delete, update or create any group whose name starts with "Z" GroupAdmins can delete, update or create any group whose name starts with "B" GroupAdmins can delete, update or create any group whose name end with "Z-", except for Z-Admins group GroupAdmins can delete, update or create any group whose name starts with "Z-", except for Z-Admins group.
What can be used to define the actions that Cloud Guard can take when a detector has identified a problem ? Metrics Alarm Responder Threshold .
You want to increase disk performance ofVM.Standard2.16 by using NVMe disks but the number of CPUs should be same. As a solutions architect, you terminated the instance and preserved the boot volume.
What should be the next step ? Create a new instance using a VM.Dense102Ashape using the preserved boot volume and move the SQL Database data to NVMe disks Create a new instance using a VM.Standard1.8 shape using the preserved boot volume and move the SQL Database data to NVMe disks Create a new instance using a VM.Dense102.16 shape using the preserved boot volume and move the SQL Database data to block volume Create a new instance using a VM.Dense102.16 shape using the preserved boot volume and move the SQL Database data to NVMe disks .
Which TWO performance levels can you select when changing the performance level of boot volumes ? Balanced Lower Cost Ultra-High Performance High Performance .
An e-commerce company configured the website to use an OCI object storage bucket located in US East ( us-ashburn-l ) region to store huge amount of e-commerce data. E-commerce data stored should not be affected during an outage in one of the Availability Domain or a complete region. What should be done for data durability and avoid any costly service distruption? Create a new Object Storage bucket in US-Phoenix region and move the data every 7 days. Create a replication policy to send the data to a different bucket in US-Phoenix region Automate using CLI to move the data from Standard to Archive tier Copy data from Object storage to block volume .
An Artificial Intelligence company is running it's application on VM.Standard2.1 instance shape. Due to increasing customer base, the company faces serious challenge dealing with network throughput on the instance when customer uploads user data.
As a solutions architect, what should you recommend to resolve this issue in ? Secondary VNIC should be added Change the attached block volume to NVMe disk Terminate VM.Standard2.1 preserving the boot volume and spin up a higher network bandwidth instance with the preserved boot volume Change the shape of instance to higher network bandwidth instance.
What is the purpose of Replica Set in OCI Container Engine for Kubernetes ( OKE ) ? Maintain a stable set of replica Pods running at any given time It helps to copy data to Object storage Copy of pod is maintained for all nodes Set of pods running on applications is exposed .
As a solutions architect, you need to advice operations admin to apply latest security patches and manage packages to reduce the complexity and error while delivering these patches.
Which OCI service will you use ? Web Application Firewall ( WAF ) Storage Gateway OCI Bastion OS Management .
Which THREE default components cannot be deleted in OCI ? Default set of DHCP options Default security list Default Subnet Default route table .
As a solutions architect, you have configured the load balancer to perform health checks on 7 instances. After some time, one of the seven instances fails to pass the health check.
Which of the following action will the load balancer perform ? Terminate the instance that failed health Gheck Stop the instance that failed health check Remove the instance that failed health check and replace with a new healthy instance Stop sending traffic to the instance that failed health check .
In shared responsibility model, which of the following is customer's responsibility on OCI DB System ? Creating first database on DB system Applying patches to OS Installing the OS Create temp file storage or ASM diskgroup for data .
Which statements are CORRECT about block volume cloning ?
Select TWO correct statements. Block volume encyption can be skipped while creating a clone Block Volume size can be changed while creating a clone Performance of block volume can be changed while creating a clone Block volume can be cloned across multiple regions .
Which THREE items must be configured for OCI load balancer to accept incoming traffic ? A listener A backend set with at least one backend server A security list that is open on the listener port A route table entry for listener IP address .
Dynamic Routing Gateway ( DRG ) is used by which OCI services ?
Select TWO correct answers Local Peering IPSec VPN Connect OCI FastConnect Public Peering OCI FastConnect Private Peering .
A company has implemented load balancer for backend servers in its architecture, you notice that one of the web servers is receiving more traffic than other web servers.
As a solutions architect, what should you recommend to make sure that the traffic is evenly distributed across all back-end webservers ? Cookie-based session persistence should be disabled for backend webserver Keep-alive setting between the load balancer and backend server should be changed SSL configuration associated with backend servers should be disabled Separate listeners for each backend web server should be created.
Audit team needs access to a bucket for a duration of 3 days, who do not have IAM user credentials.
How can you grant access audit team to achieve this ? Move the entire bucket to archive tier Pre-Authenticated Requests ( PAR ) Copy the data to block volume from the bucket Load the data to a data transfer appliance and then ship to audit team's location .
A global automobile company wants to set up durable, cost-effective solution to archive data from on-premises to OCI.
What is most feasible way to meet the requirement ? Use File Storage to copy data from on-premise to OCI Setup FastConnect and use rsync tool to copy data to OCI Object Storage Archive Tier Setup on-premise storage gateway which will back up data to OCI Object Storage Standard tier Setup on-premise storage gateway which will back up data to OCI Object Storage Archive tier .
A global web series company wants to focus on Al code without worrying about underlying infrastructure for scalability, high-availability, monitoring and security. Users are allowed to upload videos on their website for making reviews.
Which OCI services should you recommend ? OCI Functions, OCI Event Service and Object Storage for storing videos OCI Object Storage, OCI Notifications and OKE for deployment of Al Code OCI Functions, OCI Event Service and OCI Resource Manager to manage infrastructure OCI Event Service for videos and OKE for application development .
Select TWO CORRECT statements about OCI File Storage Service. File systems in a mount target is encrypted via HTTP By default file systems use Oracle-managed keys By default mount targets use Oracle-managed keys Using own vault encryption key, a customer can encrypt data in their file system .
Which TWO resources are regional in OCI ? Compute images Dynamic group Compartments Block Volume Backup .
A company needs Network File System ( NFS ) and Portable Operating System Interface ( POSIX ) compliant file system access concurrently and semantics accessible storage.
As a solution architect, which storage service should you recommend ? Object Storage Standard tier Object Storage Archive tier Block Storage File Storage.
If a backend set of a load balancer is registered to mark to drain connections.
Which TWO actions will occur with regard to OCI Load Balancer ? The backend server will quickly close all existing connections Backend server will not allow new connections Backend server requests will be redirected to a user-defined error page Backend server connections will remain open until all in-flight requests are finished.
With regard to OCI storage services which TWO statements are correct ? Block Volume uses iSCSl and file storage leverages Network File Storage ( NFS ) Incremental snapshots can be taken for object storage, file storage and block volumes Object storage provides private IP address whereas file storage provides a private IP address Mount targets of file storage and block volumes can be moved between compartments.
Identify the tasks which can be performed by OCI Autonomous Data Warehouse.
Select TWO CORRECT answers ? Scale up/down memory Scale up/down CPU Network Bandwidth can be adjusted Storage allocated for database can be increased .
What is the availability of private DNS in OCI ? OCI doesn't support private DNS OCI Private DNS is available in all Regions and OCI Realms OCI Private DNS is available only available in United Kingdom and United States currently OCI Private DNS is available in any compartments .
Which of the statement is INCORRECT about OCI Block Volume ? Block volume can be attached to an instance in different region Block volume can be restored to a larger volume Existing block volume can be expanded with offline resizing Existing block volume can be cloned to larger new volume .
Which of the statement is INCORRECT about Virtual Cloud Network (VCN ) ? Plan to reserve some IP addresses for future use while allocating IP addresses within a VCN It is recommended to have separate route tables for private subnets to control traffic outside or within same VCN Make sure to overlap VCN CIDR with other VCN within your organizations VCN resources should be tagged so that all resources can be tracked and are following naming conventions.
A company requires high I/O with higher performance for its OCI block volume.
As a solutions architect, which elastic performance option should you recommend for block volume ? Extreme Balanced Lower Cost Higher Performance .
With regard to delegating domain to OCI DNS, which of the statement is CORRECT ? Domains can be delegated to OCI DNS from OCI Marketplace Domains can be delegated to OCI DNS from the Domain Registrar's self-service portal Domains can be delegated to OCI DNS from My Oracle Support ( MOS ) Domains can be delegated to OCI DNS using other cloud providers.
A company needs throughput-intensive workloads with large sequential I/O, such as data warehouses and log processing which should involve no additional VPU cost.
Which block volume performance level is recommended for such workloads ? Ultra-High Performance Higher Performance Balanced Lower Cost .
When connecting to OCI Autononous Data Warehouse ( ADW ), which TWO predefined database service names can be used ? High for highest level of resources to each SQL statement TRP for a lower level of resources to each SQL statement Low for least level of resources to each SQL statement TPFast for blazing fast level of resources to each SQL statement .
A company has numerous compute instances, each of which consists of a boot volume and several block volumes. As a solutions architect, you need to create backups of these block volumes as quickly as possible in an efficient manner.
How can you fulfill this requirement ? Create clones of boot and block volumes one at a time Use data transfer appliance to create the back up of boot and block volumes Use CLI to automate the backup of block and boot volumes Group together multiple block and boot volumes in a volume group and create volume group backups .
As a solutions architect, you want operations team users who belongs to NetworkAdmin group to manage network resources in any compartment of a tenancy.
Which policy will allow NetworkAdmin group to achieve this ? Manage virtual-network-family in tenancy Manage instance-family in compartment ASD Manage network-catalog-listing in compartment ABC Use virtual-network-family in compartment QWE.
With regard to Private IP address in OCI which TWO statements are correct ? A private IP address can have an optional public IP address assigned to it Only one private IP address can be assigned to a VNIC The primary VNIC of an instance in a subnet has one primary private IP address and one secondary private IP address by default Each VNIC has a primary private IP address, and you can add and remove secondary private IP addresses .
|
