option
Questions
ayuda
daypo
CREATE TEST
search.php

1Z0-1124-25

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
1Z0-1124-25

Description:
Oracle Cloud Infrastructure 2025 Networking

Creation Date: 2025/09/09

Category: Others

Number of questions: 73

Rating:(7)
Share the Test:
Nuevo ComentarioNuevo Comentario
New Comment
tanks, great test
Answer
What is your score?
END OF LIST
Content:

1. You are enabling access to the Oracle Services Network from your on-premises environment by using a transitive routing design. All components have been configured properly except the services gateway (SGW). After you create the SGW, what is the proper configuration to allow devices from the Oracle Services Network (OSN) to communicate with devices in your on-premises data center?. Go to your SGW and create a new routing table with a destination of 172.16.0.0/16 and a target of the DRG. Click Enable. Create a new routing table in your VCN with a destination of 172.16.0.0/16 and a target of the DRG. Associate this routing table to your SGW. Go to your DRG and export the routes from your on-premises network to your SGW dynamically by using BGP.

2. Your customer is a large company with different departments, each with their own Virtual Cloud Network (VCN). Your on-premises network needs access to the different VCNs, but you don't want the administration overhead of maintaining a secure connection from each VCN to the on-premises network. Instead, you want to use a single FastConnect or Site-to-Site VPN, To accomplish this (as shown in the diagram), you use transi routing over a hub-and-spoke design to force traffic through a packet inspection device in the hub VCN Which three must you configure for this to work properly?. Create a static route in the dynamic routing gateway pointing to your on-premises network. Set up rules in the hub VCN route tables that will direct traffic from each local peering gateway (LPG) on the hub VCN to the dynamic routing gateway (DRG), and from the DRG to cach LPG. Establish a connection between each spoke VCN and the hub VCN. Assign the Network Security Group to the local peering gateway. Associate VCN route tables from the hub VCN with the hub VCN's local peering gateways and dynamic routing gateway attachment.

3. A company has deployed two FastConnect circuits. One FastConnect Circuit terminates in the Oracle Cloud Infrastructure (OCI) Montreal region and the other FastConnect circuit terminates in the OCI Toronto region. A Remote Peering Connection (RPC) has been established between the OCI Montreal and OCI Toronto regions. What needs to happen in order to leverage the Montreal FastConnect circuit to access resources in the OCI Toronto region? abe The circuit providing connectivity to the OCI Toronto region goes down. The company now wants to utilize the FastConnect circuit that terminates into the Montreal region to connect to the resources in the Toronto region while they work on bringing the failed circuit up. Leverage the existing Remote Peering Connection between the OCI Toronto Region and the OCI Montreal Region. On the Montreal region's DRG. Import the Montreal FastConnect attachment for the DRG Route Table used by the RPC. Import the RPC attachment into the DRG Route Table used by the Montreal FastConnect circuit. Ensure the on-premises router is accepting the Toronto CIDR. When provisioning the single Toronto and single Montreal FastConnect circuits, ensure they are operating in a LAG, with one circuit going from the data center to Montreal and the other circuit going to Toronto. This way, if one circuit goes down, the LAG is still up and traffic won't be affected. Ensure the on-premises router is accepting the Montreal CIDR. Leverage the existing Remote Peering Connection between the OCI Toronto Region and the OCI Montreal Region. On the Toronto region's DRG, Import the Toronto FastConnect attachment for the DRG Route Table used by the RPC. Import the RPC attachment into the DRG Route Table used by the Toronto FastConnect circuit. Ensure the on-premises router is accepting the Montreal CIDR. When provisioning the single Toronto and single Montreal FastConnect circuits, ensure they are operating in a LAG, with one circuit going from the data center to Montreal and the other circuit going to Toronto. This way, if one circuit goes down, the LAG is still up and traffic won't be affected. Ensure the on-premises router is accepting the Toronto CIDR.

4. Consider the following scenario: You have an on-premises application in which you want to upload files directly to Oracle Object Storage over an existing Oracle FastConnect. Which two routing table entries would ensure that your on-premises devices can transit your Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) to reach Object Storage in the Oracle Services Network?. For DRG-VCN Attached Routing Table Destination-All Services in Oracle Services Network Target - SGW. For SGW attached Routing Table Destination - Use VCN routing table Target - SGW. For SGW attached Routing Table Destination-172.16.0.0/16 Target - DRG. For SGW attached Routing Table Destination-172.16.0.0/16 Target-SGW. Routing Table ORG-VCN Attached Use dynamic routing to automatically receive routes from OSN.

5. You work as a Cloud Architect for a consulting firm. Last year, one of your key customers deployed the Oracle Cloud Infrastructure (OCI) to Azure Interconnect in the OCI region us-ashburn-1 to provide connectivity to their split workload located on OCI and Azure. Today, you are informed that a new office is about to be launched in Scottsdale, Arizona. The company has provided a pair of 10 Gbps connections from Scottsdale to the OCI region us-phoenix-1. You are asked to provide connectivity from the Scottsdale office to your Azure resources local to us-ashburn-1 via the Ashburn Interconnect that was put in place last year. Which statement is true about this architecture?. You must conneet the two footprints in Ashburn and Phoenix by using a local peering gateway. When the connection between the two regions is in place, the Interconneet will become available to the users in Scottsdale. To have a working architecture, the customer must have another Interconnect between OCI and Azure in Phoenix. To improve redundancy, it is recommended to have a pair. You must connect the two footprints in Ashburn and Phoenix by using a dynamic routing gateway, Although no remote peering connection is required, when the connection between the two regions is in place, the Interconnect will become available to the users in Scottsdale. You must connect the two footprints in Ashburn and Phoenix by using dynamic routing gateways, and a remote peering connection is required. When the connection between the two regions is in place, the Interconnect will become available to the users in Scottsdale.

6. New CompanyA has recently learned about hub-and-spoke architectures in Oracle Cloud Infrastrucutrue (OCI). Their lead cloud network engineer has decided to adopt this approach and has deployed third-party appliances in the Hub VCN to inspect all traffic between their on-premises data center and the spoke Virtual Cloud Networks (VCNs) in OCI. olt The following configurations have been applied, however, there is no reachability between the on-premises resources and the spoke VCNs. Updated the Security Lists and Network Security Groups Created a VCN Route Table called ven-transit-rt. Created a static route for the spoke CIDRs with a next-hop of the third-party appliance floating IP on the ven-transit-rt Updated Hub VCN route tables to reach the Spoke VCN and on-premises CIDRs via their respective targets. Leverage Dynamic Routing Gateway (DRG) Route Tables and Import Route Distributions to import from the Hub VCN into the Spoke VCNs. Added 0.0.0.0/0 static routes in the Spoke VCN route tables with a next-hop target as the Dynamic Routing Gateway. Leverage DRG Route Tables and Import Route Distributions to import the Spoke VCNs into the Hub VCN Which of the following configuration items must be performed to successfully accomplish this: The third-party appliances are operating in active/active mode. The engineer must use a Network Load Balancer and ven-transit-rt with a next hop of the Network Load Balancer. Ensure the Spoke compute instances are not running firewalld, the configuration steps performed by engineer are correct. Associate the ven-transit-rt VCN route table with the Hub VCN DRG attachment. Create a second Dynamic Routing Gateway and peer it to on-premises. Provision a second fast connect circuit as a hub-and-spoke circuit and re-do the steps listed above.

7. You receive a request from one of your Oracle Cloud Infrastructure (OCI) customers for all Virtual Cloud Network (VCN) Internet traffic to be sent to on-premises using the FastConnect link, and from on-premises to the Internet. In which two ways can you achieve this goal?. Ask the customer to send a default route via BGP and import it in the DRG VCN attachments route table. Create a default route with the Internet gateway as the next hop in the route tables associated with the VCN's subnets. Ask the customer to send specific IP prefixes for Internet destinations via BGP and import them in the DRG VCN attachment route table. Create a default route with the DRG as the next hop in the route tables associated with the VCN's subnets.

8. As a Consultant working for an Oracle partner, you are architecting a nationwide connectivity solution on Oracle Cloud Infrastructure (OCI) for a startup. They currently have two different tenancies for the West Coast and the East Coast of the United States, located in the San Jose, CA and Ashburn, VA regions. The customer has five Virtual Cloud Networks (VCNs) in each region. The primary option being evaluated by the customer is to deploy a dynamic routing gateway (DRG) and connect the VCNs through the construct. Which two statements are true about the proper architecture for this customer?. To have a proper architecture, you will need a DRG in each region. The two DRGs can connect to each other using their RPCs. The VCNs can be located in different tenancies. When interconnecting the two tenancies in each region using enhanced DRG, the Architect still needs to manually configure the IAM policies:. To have a proper architecture, you will need a DRG in each region. The two DRGs can connect to each other using their RPCs. The VCNs on each side must be in the same tenancy or have the same Administration team. Your global connectivity strategy must be consistent across the board. So if you use DRG to connect their San Jose and Ashburn footprints, you cannot use LPGs for connectivity between their VCNs in each region.

9. As a Senior Cloud Engineer, you are architecting a low-latency application on Oracle Cloud Infrastructure (OCI). You are evaluating local Virtual Cloud Network (VCN) peering by using local peering gateways (LPG). The new application will be used not just by your own company but also a subsidiary that your business acquired last year. Various components of the application stack are in different VCNs owned by the two parts of the business. The two parts have separate tenancies on OCI and, for now, each tenancy and their resources are managed by the respective IT teams. However, in certain cases like this architecture, a joined effort is required. Which statement is NOT true about a working architecture?. Using LPGs would enable the architect to connect VCNs in the same or different regions. The resources attached to peered VCNs using LPGs can communicate by using private IP addresses without routing the traffic over the Internet. Using LPGs would enable the architect to connect VCNs in the same or different tenancies. Compared to using a DRG for connecting the VCNs, using LPGs to connect the VCNs is a better option for ultra low-latency architectures.

10. Your organization has recently acquired another organization. The acquired organization is also having their workload deployed on Oracle Cloud Infrastructure (OCI) in Tenancy 2. Your workload is deployed in Tenancy 1. You want to ensure inter-tenancy connectivity between both the organizations workloads for seamless communication between the applications. Consider the following architecture diagram: Which policy is part of the group of the identity polices needed at the Requestor side to create a cross-tenancy VCN peering using a remote peering connection?. Admit group <acceptor-group-name> of the tenancy Acceptor to manage remote-peering-to in the compartment <<acceptor-compartment-name. Allow group <requestor-group-name> to manage remote-peering-from in the compartment <<requestor-compartment-name>>. Endorse group <requestor-group-name to manage remote-peering-from in the tenancy Acceptor.

11. You have deployed a workload both on-premises and in an Oracle Cloud Infrastructure (OCI) region. The host computer in your on-premises network is not able to connect with the application deployed in OCI. You have heard about an OCI service, Network Path Analyzer in the Network Command Center, which is used to identify and resolve these kinds of issues faster. Which three statements are true about OCI Network Path Analyzer?. It significantly increases the mean time to resolution (MTTR) caused by configuration issues. It is a tool to perform on-demand validation of the logical network path to match a desired intent. It is capable of only unidirectional path analysis between a pair of endpoints. It is capable of both unidirectional and bidirectional path analysis between a pair of endpoints. It can troubleshoot reachability issues caused by misconfigurations and determine the reason for an outage between two endpoints. It is a free service that comes with the overhead of transmitting actual application traffic to troubleshoot reachability issues.

12. Your organization has a public-facing load balancer with a web server back end serving a publicly accessible HTTP web application. You must identify any potential anomalies and malicious behavior. To detect if any web shell is being uploaded, you decide to mirror all the HTTP traffic in both directions by using the Oracle Cloud Infrastructure (OCI) service Virtual Test Access Point (VTAP). You have configured all the required routes and security lists to mirror the traffic for analysis. In which three ways can you configure VIAP?. Configure the VTAP source as the back-end web server and the VTAP destination as the load balancer listening on TCP Port 4789. Create a Capture Filter to include ingress and egress rules with source port as 80. Configure the VTAP source as Network Load Balancer and the VTAP destination as the load balancer listening on UDP port 4789. Configure the VTAP source as the load balancer and the VTAP destination as Network Load Balancer listening on UDP port 4789. Create a Capture Filter to include egress and ingress rule with destination port as 80.

13. You are hired to move 28 applications along with their databases and storage to Oracle Cloud Infrastructure (OCI) from a physical data center. This project will take 21 months and, during this time, you will need a high-bandwidth, low-latency connection between your physical data center in San Jose and OCI. Your initial discovery reveals that you are in the same data center as Oracle, You plan to use the OCI San Jose region and will have a pair of FastConnect links between your environment and OCI, where you will 12 VCNS. Which statement is NOT true about the FastConnect links?. Although MDS for BGP can be configured between your router and OCI, it is an optional setting. If you need fast BGP convergence, you can use 6 to 60 seconds for keep-alive, and 18 to 180 seconds for hold time. The maximum MTU size of 9000B is supported over both FastConnect links regardless of their bandwidth. For private virtual circuits, you can advertise up to 100 1Pv4 prefixes. When the maximum is reached the BGP session will reset.

14. After deploying four FastConnect links (1 Gbps each) between your environment and Oracle Cloud Infrastructure (OCI), you want to monitor the health and performance of those connections by using OCI metrics. All four links are placed in a single cross-connect link aggregation group (LAG). erate Which two statements are true about the two metrics ConnectionState and PacketsError?. For a cross-connect group (LAG), the value of the Packets Error metrie is the greatest number of errors detected on any member of the group. This is to identify the least healthy link, to be repaired by the operator as soon as possible. ConnectionState shows the overall operational state of the cross-connects participating in the LAG. As long as one of the four links is up, this value is up (1). This helps acknowledge a minimum availability situation,. ConnectionState shows the overall operational state of the cross-connects participating in the LAG. If one link is down, this value is down (0). This helps identify reduced capacity LAGS. For a cross-connect group (LAG), the value of the PacketsError metric is the sum across all cross-connects in the group. This is to measure the overall health and performance of the LAG.

15. Which statement is true about Oracle Cloud Infrastructure (OCI) private endpoints?. They provide access to all Oracle services or just Object Storage. The consumer can initiate a connection to the service, but a service can't initiate a connection to the consumer private network. Destination service IP address is a private IP address within the customer subnet.

16. You must manage all the certificates associated with the applications deployed in your Oracle Cloud Infrastructure (OCI) tenancy. You suspect that the private key used for Root Certificate Authority creation is compromised. You need to resolve the issue immediately to avoid a data leak and service disruption. Which two options will resolve the issue?. Use software-protected keys to create CAs and certificates, because they can be quickly copied and distributed anywhere. You must revoke all the subordinate CAs and certificates and replace them. Use separate Hardware Security Module (HSM) keys to create CAs, so that the compromise can be contained to one segment of your CA hierarchy. You must revoke only the compromised certificate and replace it. Use the same Hardware Security Module (HSM) key for multiple CAs and certificates to save certificate management time.

17. Your e-commerce website hosted on Oracle Cloud Infrastructure (OCI) experiences sudden spikes in traffic, which you suspect could be due to a distributed denial-of-service (DDoS) attack. You want to mitigate the impact of these traffic spikes while ensuring legitimate users can access the site. What feature of OCI Web Application Firewall (WAF) can help address this situation?. Rate limiting to restrict the number of requests from a single IP. Network Address List (NAL) for authorized users. CAPTCHA challenge to all incoming traffic.

18. You are architecting a secure networking solution for an Oracle Cloud Infrastructure (OCI) customer. Their goal is to inspect every inbound and outbound session in and out of their Virtual Cloud Network (VCN). To accommodate the design requirements, in addition to the production subnets used for your application servers, you also create a private subnet for your third-party firewall appliance and deploy two firewalls in high availability (HA) on the right compute shape. The firewall is supposed to be in-line between the applications subnet and the Internet gateway. Which options lists the steps to perform to create such an architecture?. Update the firewall's subnet to point everything to the Internet gateway. The routing between the firewall subnet and application servers will be done by manually adding a route to the applications subnet routing table and pointing everything to the firewall. The routing between the Internet gateway and firewall will be handled by VCN local routing. perate subnet to point. Update the route table of the Internet gateway to point to the virtual firewall appliance. Update the firewall's everything to the Internet gateway. The routing between the firewall subnet and application servers will be done automatically by VCN local routing. Update the route table of the Internet gateway to point to the virtual firewall appliance. Update the firewall's subnet to point everything to the Internet gateway. The routing between the firewall subnet and application servers will be done by manually adding a route to the applications subnet routing table and pointing everything to the firewall.

19. A company has deployed a multi-tier application in Oracle Cloud Infrastructure (OCI) with web servers in a public subnet and database servers in a private subnet. The database servers need to access data from OCI Object Storage. and the company wants to ensure that this communication is secure and not exposed to the public Internet. Which OCI feature should you use to meet this requirement?. NAT gateway to enable access to Object Storage. Service gateway to enable access to Object Storage. Private endpoint to enable access Object Storage.

20. You are setting up a new Virtual Cloud Network (VCN) in Oracle Cloud Infrastructure for a company's multi-tiered application deployment. The company plans to host web servers, application servers, and database servers within the VCN The cloud resources will be spread across different subnets for segregation and security reasons. Initially, the company expects 70 web servers, 25 application servers, and 8 database servers, assuming an increase of 5 times in the future. Considering the current and projected requirements, which is the most suitable VCN CIDR block?. 23 CIDR block to provide sufficient address space for the initial resources, considering future scalability by resizing the VCN. 20 CIDR block to accommodate all current and future resources with ample room for expansion. 22 CIDR block, because it provides a balanced address space for the current and anticipated resources.

21. As an Oracle Cloud Infrastructure (OCI) Consultant working for an Oracle partner, you are presenting the OCI-Azure Interconnect to a customer. If the customer wants to deploy the Interconnect in the London region between their Microsoft Azure and OCI footprints, which aspect would they have to manage by themselves?. Cross-connects between Microsoft and OCI routers used by the customer through an LOA process. Encryption of data between the two public clouds. Any additional redundancy between the Microsoft and OCI routers.

22. As a senior Network Cloud Engineer working for a large insurance company, you are designing a split workload solution between Oracle Cloud Infrastructure (OCI) and Microsoft Azure by using the Interconnect service. The Chief Information Security Officer (CISO) of the insurance company has raised questions about the confidentiality of data between the two providers. Which statement is true about the connection? further if needed. The connection between OCI and Microsoft Azure provides native MACSec encryption. The customer can encrypt the link encryption. The customer can encrypt the link further if needed. The connection between OCI and Microsoft Azure provides native IPSec encryption. The customer can encrypt the link encryption. The customer can encrypt the link further if needed. The connection between OCI and Microsoft Azure offers no native encryption. However, the customer can implement their own encryption strategy between their workloads.

23. You have deployed a Virtual Cloud Network (VCN) in the Oracle Cloud Infrastructure (OCI) Ashburn region for production workloads. You have also deployed another VCN in the Phoenix region for disaster recovery. You have created a network connection between the two VCNs by using the Remote Peering Connection (RPC) service in the dynamic routing gateway (DRG). After you finish the configuration of routing and security policies, you observe that pinging to IPs works but you are unable to resolve host names from the other region. Which is the best way to enable DNS resolution between the two regions?. Go to one region and export the DNS zone of the VCN. Go to the other region and import the zone. Repeat the steps in the other direction. Go to the regional DNS settings and enable cross-region resolution. Create manual entries in the hosts file of each compute for systems deployed in the other region. Deploy two DNS resolver endpoints, one forwarding and one listening, in each VCN. Create DNS forwarding rules from each VCN to the other VCN's listener for the remote VCN DNS zone.

24. As a Cloud Network Engineer working for a startup, you are running your popular website on Oracle Cloud Infrastructure (OCI) on two compute instances with public IP addresses. One node is used for production workloads and the other is allocated to development workloads. When trying to connect to shop.example.com, you want your clients to land on the Production compute and the developers working in your office to land on the Development compute. What type of Traffic Management Steering Policy would help in this scenario?. Role-based. IP Prefix. Geolocation.

25. You are a security administrator tasked with granting temporary access to a developer for troubleshooting a production issue on a virtual machine (VM) in Oracle Cloud Infrastructure (OCI). Which feature of Oracle Bastion allows you to provide this temporary access securely?. Bastion role-based access control. Bastion ephemeral access. Bastion MFA authentication. Bastion session recording.

26. You have an Oracle Enterprise Linux-based instance running in a private subnet. Which three actions must you perform to enable connectivity to this instance from your IP address using the OCI Bastion service? be. Add a rule in the private subnet security list to allow ingress from your IP address. Allow SSH for the private subnet from the Bastion private endpoint IP address. Add your IP address in the Bastion CIDR block allowlist. Create a Managed SSH session to the target VM with your public key. Create an SSH port forwarding session to the target VM with your public key.

27. Your Sales team is dealing with a potential multinational customer from South Africa that wants to migrate their existing three-tier architecture from on-premises to OCI's Johannesburg region. They intend to use their own /24 IPv4 CIDR block. They own several, awarded to them by different Regional Internet Registries (RIR). Which three RIRs are supported by OCI?. Asia Pacific Network Information Centre (APNIC). Réseaux IP Européens Network Coordination Centre (RIPE NCC). American Registry for Internet Numbers (ARIN). African Network Information Centre (AFRINIC). Latin America and Caribbean Network Information Centre (LACNIC).

28. You are an OCI Architect, and your Network Administrator has notice that a compute instance for a web server has the Ephemeral public IP address: 144.24.49.193. However, according to the architecture diagram, the web server needs to use the public IP address: 129.146.146.70, which is a reserved IP address in OCI. The administrator has asked you to make the change. Moit Which option lists the steps to perform to make this change?. In the OCI Console under Compute, open the compute instance with the public IP address 144.24.49.193. In the VNIC, change the Public IP Type field to No Public IP and Update. Edit the VNIC again and change the Public IP Type field to Reserved Public IP. Select the IP address 129.146.146.70 and update. In the OCI Console under Compute, open the compute instance with the public IP address 144.24.49.193. In the VNIC, change the Public IP Type field to Reserved Public IP. Select the IP address 129.146.146.70 and update,. In the OCI Console under Compute, open the compute instance with the public IP address 144.24.49.193. Under More Actions, select Edit. Find the Public IP Address field and select Reserved Public IP. Select the IP address 129 146.146.70 and update.

29. A service provides a unique, isolated endpoint for your tenancy and prevents interference from other customers. It ensures you have a separate access point to your Object Storage Buckets and tenant isolation. Identify the service. Cloud Shell Ephemeral type while in the home tenancy. Object Storage Dedicated Endpoint. Object Storage Private Endpoint. VCN Services Gateway.

30. You are working as a senior architect for a large financial organization. Because you have extensively deployed Oracle Cloud Infrastructure (OCI) security lists, your new hire-a junior engineer-asks you about their functionality. Which statement is true about security lists in OCI?. They are stateful unless they are turned stateless via the command line. They could be either stateless or stateful. They are stateless unless they are turned stateful via the command line. They are always stateless.

31. You are presenting a multicloud solution to an Oracle Cloud Infrastructure (OCI) customer. Their goal is to mirror their Microsoft Azure environment on OCI. They are aware that there are multiple different ways to achieve the goal, including deploying a dedicated Interconnect between OCI and Azure, as well as the traditional IPSec VPN solution. During your presentation, which two statements would you use to describe the OCI and Azure Interconnect?. It always provides higher availability. It is likely to provide less packet loss. It always provides lower cost. It is likely to provide lower latency.

32. A consulting company that employs Oracle Cloud Infrastructure (OCI) Architects has successfully completed resource migration from Microsoft Azure to OCI, and no longer requires the Oracle FastConnect circuit to Azure. The Project Manager has asked you to delete all resources involved in this cross-cloud connectivity. From the Azure side, you delete the Resource Group. After a while, you notice that all Azure resources have been deleted, except for the Azure ExpressRoute What could be the reason for this issue?. You need to remove all routes that point to the cross-cloud connection on both OCI and Azure before you can delete the circuit. Your bill from the OCI side needs to be paid in full before you can remove the Azure ExpressRoute circuit. You need to remove the Azure Express Route partner service key from the Oracle FastConneet circuit, and then you can delete the Express Route virtual circuit. You need to first delete the Oracle FastConnect circuit for the Express Route circuit to be decommissioned, and then you can delete the Express Route virtual circuit.

33. To access two Oracle Data Safe services from your physical data center as well as from within your Virtual Cloud Network (VCN), you have deployed a private endpoint. To obtain the last approval from the Chief Information Security Officer (CISO), you are preparing to present the final architecture. Private endpoints were chosen because they provide a secure, high-throughput, low-latency path away from the Internet to the Oracle service. Which statement is true about your architecture that should be presented to the CISO?. All Oracle private endpoints support transit routing; hence, this service can be accessed from on-premises over FastConnect but not VPN. All Oracle private endpoints support transit routing; hence, this service can be accessed from on-premises over Site-to-Site VPN and FastConnect. Data Safe is the only service that does not support transit routing: hence, it cannot be accessed from on-premises regardless of the connectivity method.

34. These records are added at your DNS domain registrar or other parent zone and contain the cryptographic digest of your Key Signing Key. Just as the Name Server records added in your domain's parent zone "glue" the DNS together, they help connect the chain of trust from the trust anchor at the root of the DNS into your zone. Select the record that matches this definition. ZSK Records. RRSet: Records. DS Records. DNSKEY Records.

35. As a Cloud Architect working for an Oracle partner, you are helping a customer design their multicloud strategy in the Oracle Cloud Infrastructure (OCI) Ashburn region. Currently, they have two main critical applications running on Microsoft Azure along with their databases. Their goal is to move the databases fully to OCI by the end of the year and pursue a split workload architecture. Which is a valid suggestion for their proof-of-concept (POC) efforts?. Obtain the latency between OCI and Azure from the OCI official documentation as an estimate, but measure the latency in their environment with all the components deployed between the application and its databases. Make sure the application can perform when the production environment is implemented with that latency. Obtain the latency between OCI and Azure from the OCI official documentation as an estimate, but also measure the latency in their environment at least between the application and its databases. Make sure the application can perform when the production environment is implemented with that latency. Open a service request with Oracle Support and provide the exact region and availability domain information where the databases will be located. OCI will work with Azure teams to determine the best- and worst-case scenarios and make recommendations. This recommendation will be valid for 30 days. Obtain the minimum latency between OCI and Azure from the OCI official documentation and make sure the application can perform when this latency is introduced.

36. You have decided to move your workload from another Cloud Service Provider (CSP) to Oracle Cloud Infrastructure (OCI). You started by delegating your DNS public zone to OCI and it is live now pointing to the app hosted on the other CSP. What is a good strategy for moving the service to OCI without service interruption and minimizing any possible impact on the user experience?. To lerverage the OCI Traffic Management Steering Load Balancing policy redirecting small amounts of traffic to OCI while monitoring that the application and user experience is performing as it should, and then increasing the amount until migration is complete. To leverage the OCI HTTP Redirect service for redirecting small amounts of traffic to OCI while monitoring that the application and user experience is performing as it should, and then increasing the amount until migration is complete. To leverage the OCI Load Balancer, adding the servers from the other CSP as backends in the backend set and use Round Robin as the Load Balancer Policy. Start replacing the other servers with servers from OCI gradually while monitoring that the application and user experience is performing as it should, until migration is complete.

37. A service. XYZ, is scheduled for decommissioning. It is catered by a group of five instances hosted in a private subnet, 10.20.30.0/29. The Virtual Cloud Network also has a public subnet, 10.20.30.16/29. You are tasked with checking for important data on these instances and backing it up before the decommission. You are Which three methods can you use to access these instances?. OCI Bastion service. Cloud Shell Ephemeral network. Instance in the public subnet with Internet access. On-premises machine using a VPN connection. Personal machine using PuTTY.

38. Your customer is using the Oracle Cloud Infrastructure (OCI) to Azure interconnection, and they contact you with a spec request. They want to create a Site-to-Site VPN connection between the two cloud service providers and exclusively advertise it over Σ new Virtual Cloud Network (VCN) that they will attach to the dynamic routing gateway (DRG). The Site-to-Site VPN will be configured with static routing. How many private ASNs will Oracle prepend to the private path to ensure VPN preference on the DRG for this new VCN?. Oracle prepends no ASNs to the routes that your CPE advertises, for a total AS path length of 1. Oracle prepends a single private ASN on all the routes that your edge device advertises over Site-to-Site VPN with BGP, for a total AS path length of 2. Oracle prepends three private ASNs on the static routes that you've provided. This results in a total AS path length of 3. AS path lengt.

39. A customer is using an Oracle Cloud Network Load Balancer (NLB) and wants to allow all TCP/UDP balanced by the network load balancer What is the correct way to allow all ports on an NLB?. Select the All ports configuration option. Configure the NLB listener to allow ports 1-65535. Select the Use any port option to listen for all ports on the NLB listener.

40. A rental car company is planning to launch an online website in the us-ashburn-1 region to allow customers to rent vehicles online. The website will have multiple web servers connecting to an Oracle Database. The website should be highly available 24/7 and fault tolerant. Which option provides the most fault-tolerant architecture that meets this requirement?. Deploy the website across three availability domains, configure an auto-scaling policy, set up a load balancer, and use Autonomous Transaction Processing (Serverless). Deploy the website across three availability domains, configure an auto-scaling policy, set up a load balancer pointing to a Traffic Management Steering Policy with a failover policy type, and use Autonomous Transaction Processing (Serverless). Deploy the website across two availability domains, configure an auto-scaling policy, set up a load balancer, and use Autonomous Database Warehouse (Serverless).

41. A Cloud Engineer needs to enable routing between two Virtual Cloud Networks (VCN) from their tenancy. The VCNs are in the same region but in different compartments. After reviewing the IPv4 CIDR prefixes of the two VCNs, the engineer notices that there are no overlapping CIDR blocks. Which three are valid Oracle Cloud Infrastructure (OCT) options for connecting and routing between the two VCNS?. Add an LPG to each of the VCNs. In one of the LPGs, establish a peering connection to the other LPG, In each of the VCNs' route table, add a route rule to the other VCN using the LPG as the next hop. Create a dynamic routing gateway (DRG) in the tenancy, add the two VCNs as VCN attachments, and add routes in each of the VCNeroute VC route tables with the DRG as the next hop for the CIDR prefix of the other VCN. Create a dynamic routing gateway (DRG) in the tenancy, add the two VCNs as VCN attachments, and create custom DRG routes with the DRG as the next hop for the CIDR prefix of the other VCN. Create two DRGs in the tenancy, Attach one VCN to one of the DRGs; attach the other VCN to the second DRG. In each of the DRGs, create a remote peering connection (RPC). Establish a connection from one RPC to the other. In each of the VCNs route table, add a route rule to the other VCN using the DRG as the next hop. Create a DRG in the tenaney, add one of the VCNs as a VCN attachment. In the other VCN, create a local peering gateway (LPG), Peer the DRG to the LPG. In the VCN attached to the DRG, add a route rule in the route table that points to the DRG as the next hop. In the other VON add a route rule in the route table that points to the LPG as the next hop.

42. A global company is migrating its applications to Oracle Cloud Infrastructure (OCI). The company has over 15 business units. Each business unit designs and maintains applications that are hosted in its own OCI tenancies in separate application Virtual Cloud Networks (VCNs) in the same OCI region. Each business unit's applications are designed to get data from a central shared-services VCN. The company wants the network connectivity architecture to provide granular security controls. The architecture must also be able to scale as more business units may be added in the future. Which solution meets these requirements in the most scalable manner?. Create VCN peering connections between the central shared-services VCN and each application VCN in each business unit's OCI tenancy by using a local peering gateway in the shared services VON for each business unit. Create a dynamic routing gateway. Create a cross-tenancy VCN attachment to each application VCN. Modify the routing tables of each attachment to import the shared-services VCN. Create a dynamic routing gateway. Create an IPSec attachment to each application a VPN connection from each CN. Create VCN to the shared services VCN. Provide full mesh connectivity among all the VCNs. Traffic will be encrypted end to end from the application to the shared services VCN.

43. You are creating an IPSec tunnel for one of your Oracle Cloud Infrastructure (OCI) customers. All the IPSec parameters for both phase 1 and phase 2 exactly match between the OCI Site-to-Site native VPN and the on-premises CPE. The route-based IPSec tunnel is used, and VPN Connection has been configured between the CPE and OCI Site-to-Site VPN service. What is the root cause for the IPSec tunnel not reaching the UP state?. OCI Site-to-Site VPN is using IKEv1 and the CPE is using IKEv2. The IKE identity does not match between the two peers. OCI Site-to-Site was configured for Diffie-Hellman Group 5 and the CPE for Group 20.

44. You just attached an active IPSec tunnel to a dynamic routing gateway (DRG). You then checked that the route autogenerated DRG route table for VCN attachments were automatically populated with a route to the IPSec tunnels. However, you notice that the route status for one of the IPSec tunnels has the conflict status, while the other one is set to Active because the destination CIDR is the same. This indicates that the IPSec CIDR conflict will prevent the DRG from routing to the tunnel with the Conflict status. The conflicted route is less preferred and will become active only in some situations. In which two situations will it become active?. You change the Next Hop Attachment Type for the tunnel with the Conflict status. You specify a different DRG route table for VCN attachments for each of the tunnels. Equal-cost multi-path routing is enabled. The primary tunnel goes down.

45. Which three types of traffic to core Oracle infrastructure services hosted on link-local (169.254.0.0/16) IP addresses do not appear in flow logs?. ARP. TCP. DHCP. Block Storage. IPV6-ICMP.

46. What is a valid way to troubleshoot the traffic in and out of your VNIC?. Harden the security rules in the NSG and/or security list associated to your VNICS. Set up Network etwork Pat Path Analyzer. Set up VCN flow logs.

47. Identify the attachment without which direct traffic between a virtual circuit attachment and an IPSec tunnel attachment is not allowed. Cross-Tenancy attachments. MACsec Encryption attachments. RPC attachment. Loopback Attachments.

48. Which two of the options are evaluated in addition to Oracle Cloud Infrastructure (OCI) Zero Trust Packet Routing (ZPR) policies?. VLANS. Security Zones. Network Security Groups. Routing Tables. Security List.

49. You have deployed a payroll web application on a public subnet inside Oracle Cloud Infrastructure (OCI). Company employees can access the public as well as private web pages from the internal network, whereas external users can access only public pages. The web application is hosted with the FQDN/DNS entry as my.webapp.com and private pages are my.webapp.com/internal. accessed with the entry The public web application URL my.webapp.com is configured with the URL list name Main-URL, and the sensitive pages' URLmy.webapp.com/internal is configured with the URL list name Internal-URL Which Network Firewall policy rules will allow the intended traffic?. Rulel Source: Any, Destination: WebApp Subnet, Application List: 80, URL: Any URL, Action: Allow Traffic Rule2 - Source: Any Destination: WebApp Subnet, Application List: 80, URL: Internal-URL, Action: Drop Traffic Rule3 Source: Internal Subnet, Destination: WebApp Subnet, Application List: 80, URL: Internal-URL, Action: Allow Traffic. Rulel-Source: Internal Subnet, Destination: WebApp Subnet, Application List: 80, URL: Any URL, Action: Allow Traffic Rule2 Source: Any, Destination WebApp Subnet, Application List: 80, URL: Internal-URL, Action: Drop Traffic Rule3 Source: Any, Destination: WebApp Subnet, Application List: 80, URL: Main-URL, Action: Allow Traffic. Rulel-Source: Any, Destination: Web App Subnet, Application List: 80, URL: Internal-URL, Action: Drop Traffic Rule2 - Source: Internal Subnet, Destination: WebApp Subnet, Application List: 80, URL: Main-URL, Action: Allow Traffic Rule3 - Source: Internal Subnet. Destination: WebApp Subnet. Application List: 80, URL: Internal-URL, Action: Allow Traffic.

50. As a Cloud Architect, you are designing a firewall solution on Oracle Cloud Infrastructure (OCI) for a small software company. Currently, they have one Virtual Cloud Network (VCN) in which they have created two subnets for the applications and their load balancers, as well as another subnet for the third-party network appliance that they are trying to deploy. The web application will receive traffic from the Internet through an internet gateway (IGW). The Design team plans to deploy the firewall in-path between the IGW and the applications subnet. Once fully deployed, the web traffic will enter the IGW with the public IP address of the firewall, and be processed by the firewall and sent to the load balancers' subnet after being source network address translated (SNAT). Which design challenge is NOT expected by the architect?. The firewall NAT tables could be maxed out. Performing NAT on the firewall could impact its overall performance. The number of network interfaces supported by the firewall might not be enough.

51. Which statement describes the purpose of route distributions in the context of working with dynamic routing gateway (DRG) route tables and route distribution?. Route distributions specify how routes are imported from or exported to a DRG attachment. Route distributions control the allocation of IP addresses to subnets within a Virtual Cloud Network (VCN). Route distributions manage the assignment of default route tables to DRG attachments. Route distributions determine the physical path that packets take within a Virtual Cloud Network (VCN) attachment.

52. Which two types of configurations can a private partner FastConnect virtual circuit support?. IPSec over FastConnect traffic. Inter Tenancy traffic. All Traffic. Bidirectional forwarding detection (BFD). MACsec traffic.

53. Which network resource is not supported on the Oracle Cloud Terraform provider?. FastConnect over 10G. Enhanced dynamic routing gateway. Network Visualizer. Virtual Cloud Network.

54 You are presenting Oracle Cloud Infrastructure (OCI) databases to an existing Microsoft Azure customer with a small OCI compute footprint. They are interested in a multicloud architecture and have been evaluating OCI and Azure Interconnect as well as Oracle Database Service for Azure (ODSA) sold Microsoft few weeks now. The customer wants ful control over the routing using BGP between the two cloud providers. Which solution would you advise the customer to select to achieve their goals?. Interconnect because it offers full control over the routing process as well as higher availability. ODSA because it offers full control over the routing process with similar availability as the interconnect service. Interconnect because it offers full control over the routing process with similar availability as ODSA. ODSA because it offers full control over the routing process as well as higher availability.

55. You are architecting a proof of concept (PoC) for a major Oracle Cloud Infrastructure (OCI) customer, in the PoC architecture, the customer has one large Virtual Cloud Network (VCN) hosting multiple subnets, including an applications subnet where they have 72 web servers. To provide access to OCI bucket storage from the servers, you deploy a service gateway The Chief Information Security Officer (CISO) raises security concerns that although the bucket storage content is controlled by the company, the service gateway trafic between their cloud footprint and the buckets needs to be fully inspected. chamel Which architecture provides a valid solution to the issue raised by the Security team?. Deploy a third-party firewall appliance in a separate private subnet and update the route table on the service gateway to first send the inbound trafic to the private IP address of the firewall. No changes are required to the applications subnet. Deploy a third-party firewall appliance in a separate private subnet and update the route table on the service gateway to first send the inbound traffic to the private IP address of the firewall. The routing table of the applications subnet must be manually updated. Have the OCI service gateway perform in depth and Layer 3 and 7 security inspections, and provide the documentation to the CISO for their approval.

56. You are an Administrator responsible for monitoring and troubleshooting network activities in your Oracle Cloud Infrastructure (OCI) environment. You have enabled Virtual Cloud network (VCN) flow logs and now need to investigate a specific network flow. The flow log data for the connection sas follows: ACCEPT TCP 172.21.2.185 Port 43360 -> 129.146.13.236 Port 443 Bytes 10515 Packets 19 Based on this flow log data, what can you infer about the network flow?. The connection was initiated from 172.21.2.185 to 129.146.13.236 over TCP port 443. The data transferred was 10,515 bytes spread across 19 packets. The connection was rejected from 172.21.2.185 to 129.146.13.236 over TCP port 443. The data transferred was 10,515 bytes The da spread across 19 packets. The connection was initiated from 129.146.13.236 to 172.21.2.185 over TCP port 443. The data transferred was 5.548 bytes spread across 19 packets.

57. A company is planning to use Oracle Cloud Infrastructure (OCI) Object The data is currently stored in an on-premises data center. The data needs to be stored in two OCI region, Phoenix and Ashburn. It cannot be transported over the public Internet and must be encrypted in transit. Storage to archive financial data. Which two options will meet these requirements?. Create a remote peering connection (RPC) between the two OCI regions, create a Virtual Cloud Network (VCN) attachment. and leverage a service gateway to access the Object Storage endpoint, in the VCN route table attached to the dynamic routing gateway (DRG), create a route entry for the Object Storage in Ashburn via the service gateway. Create an IPSec connection from the on-premises data center to Phoenix. Create a Virtual Cloud Network (VCN) attachment and leverage a service gateway to access the Object Storage ernidpoint. Announce the Object Storage routes from Phoenix to the VPN tunnel. Enable HTTPS on the Object Storage service. Create a remote peering connection (RPC) between the two OCI regions, create a Virtual Cloud Network (VCN) attachment, and leverage a service gateway to access the Object Storage endpoint. In the VCN route table attached to the dynamic routing gateway (DRG), create a route entry for the Object Storage im Ashburn via the Internet gateway. Create an IPSec connection from the on-premises data center to Phoenix. Create an attachment to the Virtual Cloud Network (VCN) and leverage a service gateway to access the Object Storage endpoint. Announce the all-services routes from Phoenix to the VPN tunnel. The Object Storage service uses HTTPS for communication.

58. A customer wants to inspect all traffic that enters and leaves their hub Virtual Cloud Network (VCN) in Oracle Cloud Infrastructure (OCI) with an OCI Network Firewall. This will require them to use a hub-and-spoke transit routing design. In terms of the transit routing configuration on the dynamic routing gateway (DRG), what is the best option for selecting a VCN route table to the DRG attachment?. Create a new route table on the DRG and direct routes to the private IP of the OCI Network Firewall. Use the default route table, which is present in the hub VCN, and direct traffic to the private IP of the OCI Network Firewall. Create a new route table in the hub VCN and direct routes to the private IP of the OCI Network Firewall.

59. You have deployed a workload in the Oracle Cloud Infrastructure (OCI) Phoenix region. You want to configure patches and updates to Virtual Machines (VMs) in a private subnet from Oracle YUM repositories. OCI resources are deployed in their respective subnets, as shown in the diagram. You suspect that outbound traffic can lead to data exfiltration. What is the correct way to configure the network, so that VMs in the private subnet can do patching and updates, preventing data exfiltration?. Configure a route rule for the private subnet with the destination CIDR as 0.0.0.0/0 and the next hop as 10.0.1.100. hel Configure a route rule for the firewall subnet with the destination CIDR as 0.0.0.0/0 and the next hop as the NAT gateway. Configure and associate the route rule for the NAT gateway with the destination CIDR as 10.0.0.0/24 and the next hop as 10.0.1.100. Configure the Network Firewall policy to allow traffic with URL filtering to Oracle YUM servers from the private subnet. Configure a route rule for the private subnet with the destination CIDR as 0.0.0.0/0 and the next hop as 10.0.0.100. Configure a route rule for the firewall subnet with the destination CIDR as 0.0.0.0/0 and the next hop as the NAT gateway. Configure and associate the route rule for the NAT gateway with the destination CIDR as 10.0.0.0/24 and the next hop as 10.0.0.100. Configure a security list or network security groups with URL filtering to Oracle YUM servers from the private subnet. Configure a route rule for the private subnet with the destination CIDR as 0.0.0.0/0 and the next hop as 10.0.1.100. Configure a route rule for the firewall subnet with the destination CIDR as 0.0.0.0/0 and the nest hop as the Internet gateway. Configure and associate the route rule for the Internet gateway with the destination CIDR as 0.0.0.0/0 and the next hop as 10.0.1.100. Configure the Network Firewall policy to allow traffic with URL Filtering to Oracle YUM servers from the private subnet.

60. Your company has decided to use OCI DNS servers for the mycompany.com domain that it owns. It is currently using a third-party DNS server. You create a public mycompany.com zone, copy the existing records, and also add a record pointing to the IP of new app that you are deploying on Oracle Cloud Infrastructure (OCI). While testing the new record, you receive a "host not found" message. You double-check and the record is in the zone and the zone was published without any errors. What could be the reason for this message?. You need a security list allowing DNS traffic to the OCI DNS servers. Along with the zone creation on OCI DNS, the registrar should point to OCI DNS name servers. The DNS did not propagate. You can query and find the new record only after the DNS records have been propagated.

61. Which statement is true about the default IPv6 security list in your IPv6-enabled VCN?. There is a default rule that allows IPv6 TCP traffic on destination port 22 (SSH) from source::/0 and any source port. There is a default rule that allows IPv6 TCP traffic on destination port 3389 (RDP) from source::/0 and any source port. There is a default rule that allows ICMPv6 traffic type 2 code 0 (Packet Too Big) from source::/0 and any source port below 32768.

62. You need to enable an Oracle Analytics Cloud (OAC) instance located in the Oracle Services Network (OSN) to initiate a connection to a Database that is running in your customer's on-premises data center and that is resolving with the customer's own FQDN. You are in the process of designing a transitive routing configuration for enabling the OAC to reach the Database What Oracle Cloud Infrastructure (OCI) service and feature will allow you to complete this task?. The OCI Private Endpoint with reverse connection functionality. The Dynamic Routing Gateway with a Loopback attachment. The Oracle Services Gateway with an associated route table.

63. You have been tasked with setting up a Virtual Test Access Point (VTAP) for monitoring and troubleshooting network traffic in your organization's cloud environment. You want to create a capture filter that includes all traffic from a specific source IP range (10.20.30.0/24) while excluding a single IP address (10.20.30.5). Which sequence of rules should you define in the capture filter to achieve this goal?. Source CIDR: 10.20.30.0/24, Exclude Source CIDR: 10.20.30.5/32, Include. Source CIDR: 10.20.30.5/32, Exclude Source CIDR: 10.20.30.0/24, Include. Source CIDR 10.20.30.5/32, Include Source CIDR: 10.20.30.0/24, Exclude. Source CIDR: 10.20.30.0/24, Include Source CIDR: 10.20.30.5/32, Exclude.

64. An enterprise company is transitioning to an IPv6-enabled environment in Oracle Cloud Infrastructure (OCI). The application must be redundant and an OCI Public Load Balancer will be used. ? How can you achieve the desired IPv6 path?. Tatenon configure the Enable IPv4 on the OCI Load IPv4 to IPv6 conversion, configure the application servers with IPv6 addresses acting as back-end servers, and run the traffic between the OCI Load Balancer listener and application servers by using IPv6 addresses. Enable IPv4 on the OCI Load Balancer listener, configure the IPv4 to IPv6 conversion, configure the application servers with IPv4 addresses acting as back-end servers, and run the traffic between the OCI Load Balancer listener and application servers by using IPv4 addresses. Enable IPv6 on the OCI Load Balancer listener, configure the application servers with IPv4 addresses acting as back-end servers, and run the traffic between the load balancer application servers by using IPv4 addresses. Enable IPv6 on the OCI Load Balancer listener, configure the application servers with IPv6 addresses acting as back-end servers, and run the traffic between the load balancer application servers by using IPv4 addresses.

65. An Oracle Cloud Infrastructure (OCI) Load Balancer is configured with three listeners and one path route set: Listener 1 Virtual host name: none Default back-end set: A Path route set: PathRouteSet 1 Listener 2 Virtual host name: captive.com Default back-end set: B Path route set: PathRouteSet1 Listener 3 Virtual host name: wild.com Default back-end set: C Path route set: Path RouteSet 1 Path Route Set Path route set name: PathRouteSet T Exact match on path string/tome/routes to backend set B Exact match on path string/feral/routes to backend set C You need to validate the destination for each of the following URLs: U1: http://captive.com/ U2: http://wild.com/tome/ Which statement is true?. Ul and UZ will be routed to back-end set A. Ul and U2 will be routed to back-end set B. Ul will be routed to back-end set 8 and U2 will be routed to back-end set C.

66. You must manage certificates to secure your organization's web traffic. Oracle Cloud Infrastructure (OCI) Certificates helps to automate the certificate management for you. Which two options are are correct for creating certificates using OCI Certificate Service?. Import an existing certificate and manage it yourself. OR bring and manage your own certificate,. Manage the certificate's private key yourself without submitting a Certificate Signing Request to OCI Certificates Authority to issue a certificate. Import an existing certificate and existing ce manage it. manage it by using OCI Certificates. OR bring your own certificate and OCI Certificate will manager it. Manage the certificates private key yourself, and submit a Certificate Signing Request to OCI Certificate Authority to issue the certificate. Create public certificate issued by internal Certificate Authority.

67. Which statement is true about Oracle Cloud Infrastructure (OCI) private endpoints?. They provide access to all Oracle services or just Object Storage. The consumer can initiate a connection to the service, but a service can't initiate a connection to the consumer private network. Destination service IP address is a private IP address within the customer subnet.

68. Bringing an IPv6 prefix to Oracle Cloud Infrastructure (OCI) involves several steps to ensure the proper validation and import of the prefix. Which step is NOT part of this process?. Update Your Domain Name Registrar (DNR): Add the verification token and details about the IPv6 prefix to your DNR service. Obtain a Verification Token: OCI will issue the token. Create Route Origin Authorization (ROA): In the ROA, provide the Oracle BGP Autonomous System Number (ASN) specific to your region. Prepare the IPv6 prefix: Ensure that you own the IPv6 prefix you want to import, and that it meets the necessary criteria. Request import in OCI: Within your OCI tenancy, request to import the IPv6 prefix that you own.

69. Your company's on-premises environment is connected to Oracle Cloud Infrastructure (OCI) using FastConnect private peering. You have a DNS server running on your on-premises Active Directory server and want your application instances ONLY in the OCI environment to be able to query names there. The instances must not have direct access to the on-premises DNS server. How do you achieve this?. Create a listening endpoint and a rule that has a condition set to the CIDR of your subnet. Create a forwarding endpoint and a rule that has a condition set to the CIDR of your VCN. Create a forwarding endpoint and a rule that has a condition set to the CIDR of the application subnet.

70. To implement your DNS strategy, you created a DNS Custom Private View in Oracle Cloud Infrastructure (OCI), You also created your own DNS zone, example.com, inside Custom View Next, you created an A record for web.example.com. When you try to resolve web.example.com from a compute instance deployed inside one of your Virtual Cloud Networks (VCNs), you notice that the DNS resolution fails. Which step could have been missed during the setup process?. The VCN resolver needs a forwarding rule for the zone oxample.com. The Private View needs to be associated with the VCN DNS resolver. The private zone, example.com, must also be added to the VCN Default Private View. The zone example.com needs correct NS records in the registrar.

71.Which set of health checks does the Oracle Cloud Network Load Balancer support to monitor the back-end instances?. ICMP, HTTPS, and SSL. TCP, UDP, HTTP, and HTTPS. UDP, ICMP, and TCP.

72. Your company's on-premises environment is connected to Oracle Cloud Infrastructure (OCI) using FastConnect private peering. You have a DNS server running on your on-premises Active Directory server and want your application instances ONLY in the OCl environment to be able to query names on that sever for the db.mycorp.local zone. How do you achieve this?. Create a forwarding endpoint and a rule that has a condition set to the db.mycorp.local zone, and limit access to the on-premises DNS server by using security lists. Create a forwarding endpoint and a rule that has a condition set to the db.mycorp.local zone. Create a forwarding endpoint and a rule that has a condition set to the CIDR of the application subnet and the db.mycorp.local zone.

73. A company is deploying a new application in Oracle Cloud Infrastructure (OCI). The company wants a highly available web server that will sit behind a load balancer. The load balancer will route requests to multiple back ends based on the URL in the request. All traffic must use HTTPS. TLS processing must be offloaded to the load balancer. The web server must know the user's IP address so that the company can keep accurate logs for security purposes. Which solution meets these requirements?. Deploy a load balancer with an HTTPS listener and create host names for each domain. Use a rule set and create a request header rule to remove the X-Forwarded-For request header. This will ensure that the original IP address information of the requester will reach the back end. Deploy a load balancer with an HTTPS listener and create host names for each domain. Create a back-end set for each domain and add all the web servers, IP address, and TCP port 80 as back ends. Use routing policy rules to forward the traffic to the correct back-end set for each domain. Include the X-Forwarded-For request header with traffic to the targets. Deploy a load balancer with an HTTPS listener for each domain. Create a back-end set and add all the web servers, IP address, and TCP port 443 as back ends. Use routing policy rules to forward the traffic to the correct back-end set for each domain. Include the X-Forwarded-For request header with traffic to the targets.
Report abuse