You have an Oracle Cloud Infrastructure (OCI) load balancer distributing traffic via an evenly-weighted round robin policy to your back-end web servers. You notice that one of your web servers is receiving more traffic than other web servers.
How can you resolve this to make sure traffic is evenly distributed across all back-end webservers? A. Disable cookie-based session persistence on your backend set. B. Change keep-alive setting between the load balancer and backend server. C. Disable SSL configuration associated with your backend set. D. Create separate listeners for each backend web server.
Which two are Regional resources in Oracle Cloud Infrastructure? (Choose two.) A. Ephemeral public IPs B. Compartments C. Compute images D. Dynamic groups E. Block volume backups.
An Oracle Cloud Infrastructure tenancy administrator is not able to delete a user in the tenancy.
What can cause this issue? A. User has multi-factor authentication (MFA) enabled. B. User is member of an Identity and Access Management (IAM) group. C. Users can be blocked but not deleted. D. User needs to be deleted from federation Identity Provider (IdP) before deleting from IAM.
You are a system administrator of your company and you are asked to manage updates and patches across all your compute instances running Oracle Linux in
Oracle Cloud Infrastructure (OCI). As part of your task, you need to apply all the latest kernel security updates to all instances.
Which OCI service will allow you to complete this task? A. Resource Manager B. OS Management C. Storage Gateway D. Streaming E. Registry.
Which of the following statements is true about the Oracle Cloud Infrastructure (OCI) Object Storage server-side encryption? A. Encryption of data encryption keys with a master encryption key is optional. B. Customer-provided encryption keys are always stored in OCI Vault service. C. Encryption is enabled by default and cannot be turned off. D. Each object in a bucket is always encrypted with the same data encryption key.
You need to set up instance principals so that an application running on an instance can call Oracle Cloud Infrastructure (OCI) public services, without the need to configure user credentials.
A developer in your team has already configured the application built using an OCI SDK to authenticate using the instance principals provider.
Which is NOT a necessary step to complete this set up? A. Create a dynamic group with matching rules to specify which instances you want to allow to make API calls against services. B. Generate Auth Tokens to enable instances in the dynamic group to authenticate with APIs. C. Create a policy granting permissions to the dynamic group to access services in your compartment or tenancy. D. Deploy the application and the SDK to all the instances that belong to the dynamic group.
You have been asked to create an Identity and Access Management (IAM) user that will authenticate to Oracle Cloud Infrastructure (OCI) API endpoints. This user must not be given credentials that would allow them to log into the OCI console.
Which two authentication options can you use? (Choose two.) A. SSL certificate B. API signing key C. SSH key pair D. PEM Certificate file E. Auth token.
You work for a health insurance company that stores a large number of patient health records in an Oracle Cloud Infrastructure (OCI) Object Storage bucket named "HealthRecords".
Each record needs to be securely stored for a period of 5 years for regulatory compliance purposes and cannot be modified, overwritten or deleted during this time period.
What can you do to meet this requirement? A. Create an OCI Object Storage Lifecycle Policies rule to archive objects in the HealthRecords bucket for five years. B. Create an OCI Object Storage time-bound Retention Rule on the HealthRecords bucket for five years. Enable Retention Rule Lock on this bucket. C. Enable encryption on the HealthRecords bucket using your own vault master encryption keys. D. Enable versioning on the HealthRecords bucket.
Which two components cannot be deleted in your Oracle Cloud Infrastructure Virtual Cloud Network? (Choose two.) A. Service gateway B. Default security list C. Routing gateway D. Default route table E. Default subnet.
A financial firm is designing an application architecture for its online trading platform that must have high availability and fault tolerance.
Their solutions architect configured the application to use an Oracle Cloud Infrastructure Object Storage bucket located in the US West (us-phoenix-1) region to store large amounts of financial data. The stored financial data in the bucket must not be affected even if there is an outage in one of the Availability Domains or a complete region.
What should the architect do to avoid any costly service disruptions and ensure data durability? A. Create a new Object Storage bucket in another region and configure lifecycle policy to move data every 5 days. B. Create a lifecycle policy to regularly send data from Standard to Archive storage. C. Copy the Object Storage bucket to a block volume. D. Create a replication policy to send data to a different bucket in another OCI region.
In Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE), what does a Replica Set do? A. It provides declarative updates for Pods. B. It maintains a stable set of replica Pods running at any given time. C. It ensures that all Nodes run a copy of a Pod. D. It exposes an application running on a set of Pods.
As a solution architect, you are showcasing the Oracle Cloud Infrastructure (OCI) Object Storage feature about Object Versioning to a customer.
Which statement is true in regards to OCI Object Storage Versioning? A. Object versioning does not provide data protection against accidental or malicious object update, overwrite, or deletion. B. By default, object versioning is disabled on a bucket. C. A bucket that is versioning-enabled can have only and always will have a latest version of the object in the bucket. D. Objects are physically deleted from a bucket when versioning is enabled.
You created a public subnet and an internet gateway in your virtual cloud network (VCN) of Oracle Cloud Infrastructure. The public subnet has an associated route table and security list. However, after creating several compute instances in the public subnet, none can reach the Internet.
Which two are possible reasons for the connectivity issue? (Choose two.) A. The route table has no default route for routing traffic to the internet gateway. B. There is no stateful egress rule in the security list associated with the public subnet. C. There is no dynamic routing gateway (DRG) associated with the VCN. D. There is no stateful ingress rule in the security list associated with the public subnet. E. A NAT gateway is needed to enable the communication flow to internet.
You are designing a lab exercise with an application that includes a large number of graphics with large file sizes. The application becomes unresponsive if the graphics are embedded in the application. You have uploaded the graphics to Oracle Cloud Infrastructure Object Storage bucket and added the URL paths for the individual objects in the application. You need to ensure these graphics are accessible without requiring any authentication for an extended period of time.
How can you achieve these requirements? A. Create pre-authenticated requests (PAR) and do not specify any expiration time. B. Make the Object Storage bucket private, make all objects public, and use the URL found in the object "Details". C. Make the Object Storage bucket public and use the URL path for the individual objects. D. Create pre-authenticated requests (PAR) and specify 00:00:0000 as the expiration time.
You have setup your environment as shown below with the Mount Target "MT" successfully mounted on both compute instances CLIENT-X and CLIENT-Y.
For security reasons you want to control the access to the File System A in such a way that CLIENT-X has READ/WRITE and CLIENT-Y has READ only permission. A. Update the OS firewall in CLIENT-X to allow READ/WRITE access. B. Update the security list TWO to restrict CLIENT-Y access to read-only. C. Update the mount target export options to restrict CLIENT-Y access to read-only. D. Update the security list ONE to restrict CLIENT-Y access to read only.
Which two methods are supported for migrating your on-premises Oracle database to an Oracle Autonomous Transaction Processing (ATP) database in Oracle
Cloud Infrastructure? (Choose two.) A. Load text files into ATP using SQL Developer. B. Use RMAN duplicate. C. Use Oracle Data Pump. D. Transfer the physical database files and re-create the database. E. Use database backup and restore.
Which statement is NOT true about the Oracle Cloud Infrastructure Object Storage service? A. Object storage resources can be shared across tenancies. B. Immutable option for data stored in the Object Storage can be set via retention rules. C. Object versioning is enabled at namespace level. D. Object lifecycle rules can be used to either archive or delete objects.
You are about to upload a large log file (5 TIB size) to Oracle Cloud Infrastructure object storage and have decided to use multipart upload capability for a more efficient and resilient upload.
Which two statements are true about multipart upload? (Choose two.) A. The maximum size for an uploaded object is 10 TiB. B. You do not have to commit the upload after you have uploaded all the object parts. C. Individual object parts can be as small as 10 MiB or as large as 50 GiB. D. While a multipart upload is still active, you cannot add parts even if the total number of parts is less than 10,000.
You are running an online gaming application hosted on a VM.Standard2.1 instance shape in Oracle Cloud Infrastructure. As the game becomes popular, you identify network throughput as a bottleneck on your instance when uploading user data.
Though you want to resolve the issue, you want to observe the demand for a week before adding new application instances.
Which action is the most efficient way to resolve this issue? A. Add a secondary virtual network interface card (VNIC). B. Change shape of the instance to a higher network bandwidth instance. C. Delete the instance while preserving boot volume and spin up a new higher network bandwidth instance with this boot volume. D. Change the performance tier of attached block volume to High Performance.
You have an AI/ML application running on Oracle Cloud Infrastructure. You identified that the application needs GPU and at least 20Gbps Network throughput.
The application is currently using a VM.Standard2.1 compute without any block storage attached to it.
Which two options allow you to get your required performance for your application? (Choose two.) A. Terminate the compute instance preserving the boot volume. Create a new compute instance using the BM.GPU2.2 shape using the boot volume preserved, but no block volume attached. B. Terminate the compute instance preserving the boot volume. Create a new compute instance using the VM.Standard2.2 shape using the boot volume preserved, but no block volume attached. C. Terminate the compute instance preserving the boot volume. Create a new compute instance using the VM.GPU3.4 shape using the boot volume preserved and use the NVMe devices to host your application. D. Terminate the compute instance preserving the boot volume. Create a new compute instance using the BM.HPC2.36 shape using the boot volume preserved and use the NVMe devices to host your application. E. Terminate the compute instance preserving the boot volume. Create a new compute instance using the BM.GPU2.2 shape using the boot volume preserved and attach a new block volume to host your application.
Which option is NOT a valid action within the Oracle Cloud Infrastructure (OCI) Block Volume service? A. Clone an existing volume to a new, larger volume. B. Restore from a volume backup to a larger volume. C. Shrink an existing volume in place with offline resizing. D. Expand an existing volume in place with offline resizing.
You deployed a database on a Standard Compute instance in Oracle Cloud Infrastructure (OCI) due to cost concerns. The database requires additional storage with high I/O and you decided to use OCI Block Volume service for it.
With this requirement in mind, which elastic performance option should you choose for the Block Volume? A. Balanced Performance B. Higher performance C. Extreme performance D. Lower cost.
You created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain application servers and the third subnet contains a DB System.
The application requires a shared file system so you have provisioned one using the file storage service (FSS).
You also created the corresponding mount target in one of the application subnets. The VCN security lists are properly configured so that both application servers and the DB system can access the file system. The security team determines that the DB System should have read-only access to the file system.
What change should you make to satisfy this requirement? A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet. B. Modify the security list associated with the subnet where the mount target resides. Change the ingress rules corresponding to the DB System subnet to be stateless. C. Create an instance principal for the DB System. Write an Identity and Access Management (IAM) policy that allows the instance principal read-only access to the file storage service. D. Connect via SSH to one of the application servers where the file system has been mounted. Use the Unix command chmod to change permissions on the file system directory, allowing the database user read only access.
Your company uses the Oracle Cloud Infrastructure (OCI) Object Storage service to share large data sets with its data science team. The data science team consists of 20 people who work from offices in Washington, D.C., and Tokyo. While working in these offices, employees are assigned an IP address from the public IP range 129.146.31.0/27
Which two steps should you take to ensure that the Object Storage bucket used in this scenario was only accessible from these office locations? (Choose two.) A. Write an IAM policy that includes the conditional statement where request.networkSource.name = CorpNet B. Set the bucket visibility to public and only share the URL with the data science team via email C. Create a pre-authenticated request for each data set and only share with the data science team via email D. Create a Network Source named CorpNetwork with a CIDR block of 129.146.31.0/27 E. Create a Network Source named CorpNetwork with a CIDR block of 129.146.0.0/16 F. Write an IAM policy that includes the conditional statement where request.region = 129.146.31.0/27.
Which statement is true about Data Guard implementation in Oracle Cloud Infrastructure (OCI) bare metal and virtual machine database systems? A. Both database systems must be in the same compartment. B. Primary and standby database versions and editions need not be identical. C. Primary and standby databases must be in the same OCI region. D. Database systems need not be the same shape type (e.g., primary database can be a virtual machine, and standby database a bare metal shape, and vice versa).
Which two resources reside exclusively in a single Oracle Cloud Infrastructure Availability Domain? (Choose two.) A. Identity and Access Management Groups B. Object Storage C. Web Application Firewall policy D. Block volume E. Compute instance.
Your application front end consists of several Oracle Cloud Infrastructure compute instances behind a public load balancer. You have configured the load balancer to perform health checks on these instances.
What will happen if an instance fails to pass the configured health checks? A. The instance is terminated automatically by the load balancer. B. The load balancer stops sending traffic to that instance. C. The instance is replaced automatically by the load balancer. D. The instance is taken out of the backend set by the load balancer.
Your company has been running several small applications in Oracle Cloud Infrastructure and is planning a proof-of-concept (POC) to deploy Oracle PeopleSoft.
If your existing resources are being maintained in the root compartment, what is the recommended approach for defining security for the upcoming POC? A. Create a new compartment for the POC and grant appropriate permissions to create and manage resources within the compartment. B. Create a new tenancy for the POC and provision all new resources into the root compartment. Grant appropriate permissions to create and manage resources within the root compartment. C. Provision all new resources into the root compartment. Use defined tags to separate resources that belong to different applications. D. Provision all new resources into the root compartment. Grant permissions that only allow for creation and management of resources specific to the POC.
Which two statements about Oracle Cloud Infrastructure File Storage Service are accurate? (Choose two.) A. Customer can encrypt the communication to a mount target via export options. B. Mount targets use Oracle-managed keys by default. C. File systems use Oracle-managed keys by default. D. Customer can encrypt data in their file system using their own Vault encryption key. E. Communication with file systems in a mount target is encrypted via HTTPS.
When you try to create an instance on Oracle Cloud Infrastructure (OCI), what are three valid sources to choose the image from? (Choose three.) A. Dedicated VM Host B. Object Storage C. Bare Metal Instance D. Platform Images E. Custom Image F. Partner Images G. Instance Pools.
Which two statements are true about Oracle Cloud Infrastructure storage services? (Choose two.) A. You can take incremental snapshots of Block Volumes, File Storage file systems and Object Storage buckets. B. You can move Object Storage buckets, Block Volumes and File Storage mount targets between compartments. C. File Storage uses the network file system (NFS) protocol, whereas Block Volume uses iSCSI. D. Block Volume service scales to Exabytes per instance, while File Storage service offers unlimited scalability. E. File storage mount target does not provide a private IP address, while the Object Storage bucket provides one.
With regard to Oracle Cloud Infrastructure Load Balancing service, which two actions will occur when a backend server that is registered with a backend set is marked to drain connections? (Choose two.) A. All connections to this backend server are forcibly closed after a timeout period. B. Requests to this backend server are redirected to a user-defined error page. C. All existing connections to this backend sever will be immediately closed. D. All new connections to this backend server are disallowed. E. Connections to this backend server will remain open until all in-flight requests are completed.
You deployed an Oracle Cloud Infrastructure (OCI) compute instance (VM.Standard2.16) to run a SQL database. After a few weeks, you need to increase disk performance by using NVMe disks but keeping the same number of CPUs. As a first step, you terminate the instance and preserve the boot volume.
What is the next step? A. Create a new instance using a VM.Standard1.16 shape using the preserved boot volume and move the SQL Database data to NVMe disks. B. Create a new instance using a VM.DenseIO2.8 shape using the preserved boot volume and move the SQL Database data to NVMe disks. C. Create a new instance using a VM.DenseIO2.16 shape using the preserved boot volume and move the SQL Database data to block volume. D. Create a new instance using a VM.DenseIO2.16 shape using the preserved boot volume and move the SQL Database data to NVMe disks.
Your company decided to move a few applications to Oracle Cloud Infrastructure (OCI) in the US West (us-phoenix-1) region.
You need to design a cloud-based disaster recovery (DR) solution with a requirement to deploy the DR resources in the US East (us-ashburn-1) region to minimize network latency.
What is the recommended deployment? A. Deploy production and DR applications in two separate virtual cloud networks (VCNs), each in different regions, and then use VCN local peering gateways for connectivity. B. Deploy production and DR applications in two separate VCNs, each in different regions. Connect them using a VCN remote peering connection. C. Deploy production and DR applications in the same VCN. Create production subnets in one AD, and DR subnets in another AD (assume a multi-AD region). D. Deploy production and DR applications in two separate VCNs in different availability domains (ADs) within the primary region, and then use a VCN remote peering connection for connectivity.
You are designing a networking infrastructure in multiple Oracle Cloud Infrastructure regions and require connectivity between workloads in each region. You have created a dynamic routing gateway (DRG) and a remote peering connection. However, your workloads are unable to communicate with each other.
What are two reasons for this? (Choose two.) A. A local peering gateway needs to be created in each VCN with a default route rule added in the route table forwarding the traffic to the local peering gateway. B. The route table associated with subnets in each VCN do not have a route rule defined to forward the traffic to their respective DRGs. C. Identity and Access Management (IAM) policies have not been defined to allow connectivity across the two VCNs in different regions. D. The security lists associated with subnets in each virtual cloud network (VCN) do not have the appropriate ingress rules. E. An internet gateway needs to be created in each VCN with a default route rule added in the route table forwarding the traffic to the internet gateway.
Which two statements below are correct with respect to adding secondary Virtual Network Interface Cards (VNICs) to an existing compute instance in Oracle
Cloud Infrastructure? (Choose two.) A. The secondary VNIC is required to be in the same Virtual Cloud Network (VCN), but can be in different subnet, as the primary VNIC. B. The primary and secondary VNIC association can be in different virtual cloud networks (VCNs). C. You cannot assign an Ephemeral Public IP to a secondary VNIC. D. The primary and secondary VNIC association must be in the same availability domain. E. You can remove the primary VNIC after the secondary VNIC's attachment is complete.
You provisioned an Oracle Autonomous Data Warehouse (ADW) on Oracle Cloud Infrastructure (OCI) and imported data into ADW.
You want to give your business analyst the ability to connect to the ADW database and run queries.
Which two actions can help you meet this requirement? (Choose two.) A. Create a database user account for the business analyst. B. Grant the predefined database role DWROLE to the database user. C. Grant unlimited tablespace privilege to the database user. D. Grant the predefined database role DWADW to the database user. E. Grant the predefined database role DWUSER to the database user.
Which statement is true about interconnecting Virtual Cloud Network (VCN)? A. VCNs support transitive peering. B. Peering VCNs should not have overlapping CIDR blocks. C. VCNs must be in the same tenancy to be peered. D. The only way to interconnect VCNs is through peering.
Which two statements are true about restoring a volume from a block volume backup in Oracle Cloud Infrastructure Block Volume service? (Choose two.) A. You can restore a volume to any availability domain within the same region where the backup is stored. B. You can restore only one volume from a manual block volume backup. C. You can restore a volume from any full volume backup but not from an incremental backup. D. You can restore a block volume backup to a larger volume size. E. You can only restore a volume to the same availability domain in which the original block volume resides.
You are running a mission-critical database application in Oracle Cloud Infrastructure (OCI). You take regular backups of your DB system to OCI object storage.
Recently, you notice a failed database backup status in the console.
What step can you take to determine the cause of the backup failure? A. Ensure that your database host can connect to OCI object storage. B. Ensure the database archiving mode is set to NOARCHIVELOG. C. Make sure that the database is not active and running while the backup is in progress. D. Don't restart the dcsagent program even if it has a status of stop/waiting.
Which two statements are true about an Oracle Cloud Infrastructure (OCI) virtual cloud network (VCN)? (Choose two.) A. To delete a VCN, its subnets must contain no resources. B. A VCN can have multiple CIDR blocks associated with it. C. In regions with multiple Availability Domains (AD), each AD should have their own VCN assigned to it. D. If you own a block of public IPs, you can assign it to one of your VCNs. E. A VCN covers a single, contiguous IPv4 CIDR block of your choice.
What happens after you successfully run the following command on your Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) using the YAML file defined below? kubectl create -f definition.yml
YAML file "" definition.yml - A. A single Pod with a single container is created. B. Two Pods with a container each are created. C. A single Pod with two containers is created. D. No Pod gets created.
You create an autoscaling configuration of Linux compute instances in Oracle Cloud Infrastructure (OCI). You noticed that your application is running slow.
After checking your compute instances, you noticed that autoscaling is not launching additional instances, even though the existing compute instances already have high memory usage.
How can you resolve this issue? A. Modify the scaling policy to monitor memory usage and scale up the number of instances when it meets the threshold. B. Modify the scaling policy to monitor CPU usage and scale up the number of instances when it meets the threshold. C. Install the monitoring agent to all compute instances which will trigger the autoscaling group. D. Install OCI SDK in all compute instances and create a script that will trigger the autoscaling event if there is high memory usage.
You developed a microservices based application that runs on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE). You want to provide access to this cluster to other team members.
What should you do to provide access to this cluster using as fewest steps as possible? A. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to the OKE cluster. Other team members should use OCI Cloud Shell to generate the kubeconfig into their own cloud shell environment and access the cluster using kubectl from cloud shell. B. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to the OKE cluster. Create individual users and access token for each team member. Other team members should use OCI Cloud Shell to generate the kubeconfig into their own cloud shell environment and access the cluster using kubectl from cloud shell. C. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to the OKE cluster. Create a cluster role and cluster role binding to provide access to the cluster for each team member. Other team members should install oci cli and kubectl locally on their laptop. Use the oci cli to generate the kubeconfig and use kubectl to access the cluster. D. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to the OKE cluster. Other team members should install oci cli and kubectl locally on their laptop. Use the oci cli to generate the kubeconfig and use kubectl to access the cluster.
You have been notified of an application failure indicating that one or more of the Oracle Cloud Infrastructure (OCI) resources have become unavailable. After scanning the Compute and Database consoles, you notice that one of the DB Systems is missing.
What should you do to identify the reason for this missing resource? A. Navigate to the Audit console and search the previous 24 hours for all DELETE request actions to get a list of any resource that was deleted in the past 24 hours. B. Navigate to the Audit console and search the previous 24 hours for all the GET request actions to get a list of every event that occurred in the past 24 hours. C. View the service limits associated with your account to ensure that you have not exceeded the allowable number of DB Systems in your tenancy. D. Create a serial console connection to the DB System that does not appear in the management console. Connect to the serial console connection, and then review the system logs under /var/log/messages.
Which two statements are true when Oracle Data Guard is configured (using the Console) between two Virtual Machine DB Systems deployed in Oracle Cloud
Infrastructure? (Choose two.) A. Primary is a 1-node RAC DB system and Standby is a 2-node RAC DB system. B. Primary is a 2-node RAC DB system and Standby is a 2-node RAC DB system. C. Primary is a 1-node RAC DB system and Standby is a 1-node RAC DB system. D. Primary is a 2-node RAC DB system and Standby is a 1-node RAC DB system. E. Primary is a Bare Metal DB system and Standby is a 1-node RAC DB system.
You are deploying a highly available web application in Oracle Cloud Infrastructure and have decided to use a public load balancer. The back-end web servers will be distributed across all three availability domains (ADs).
How many subnets should you create to deliver a secure, highly available application? A. two subnets in total; one regional private subnet to host your back-end web servers and one regional public subnet to host your public load load balancer. B. one subnet in total; one regional private subnet to host your back-end web servers and your public load balancer. C. three subnets in total; one regional public subnet to host your back-end web servers and two AD specific private subnets to host your private load load balancer. D. two subnets in total; one regional public subnet to host your back-end web servers and one regional private subnet to host your public load load balancer.
You hired a new employee to run reports from the Oracle Autonomous Data Warehouse (ADW) and are not confident in their SQL writing ability.
Into which consumer group will you assign this individual to minimize the impact of their code? A. Lowest B. Highest C. Medium D. Low E. High.
You are managing a tier-1 OLTP application on an Oracle Autonomous Transaction Processing (ATP) database. Your business needs to run hourly batch processes on this ATP database that may consume more CPUs than what is available on the server.
How can you limit these batch processes to not interfere with the OLTP transactions? A. Configure ATP resource management rules to change CPU/IO shares for the consumer group of batch processes. B. Copy OLTP data into new tables in a new table space and run batch processes against these new tables. C. Disable automated backup during the batch process operations. D. ATP is designed for OLTP workload only, you cannot run batch processes on ATP.
Which two tagging related items are valid attributes that may be included in payload of an audit log event? (Choose two.) A. Predefined values B. Free-form tags C. Tag variables D. Defined tags E. Cost-tracking tags F. Default tags.
As a solution architect, you designed the network infrastructure of a three-tier web application on Oracle Cloud Infrastructure (OCI) and the back-end database servers are put in a private subnet. One of your database administrators requests to have private access to OCI object storage service.
How should you fulfill this request? A. Add a new route rule to the private subnet route table to route default traffic to the internet gateway. B. Attach a public IP address to the instances in the private subnet, and then add a new route rule to the private subnet route table to route default traffic to the internet gateway. C. Create a dynamic routing gateway (DRG) and attach it to your virtual cloud network (VCN). Add a default route rule to the private subnets route table and set the target as DRG. D. Create a service gateway, add a new route rule to the private subnet route table that uses object storage as target type.
A customer launched a compute instance in the Virtual Cloud Network (VCN), which has an internet gateway, a service gateway, a default security lists and a default route table. The customer opened up Port 22 in the security lists attached to the compute instance subnet, however is still unable to connect to compute instances using SSH.
Which action can resolve this issue? A. Modify the security list associated with the VCN subnet in which the instance resides. Add a stateful egress rule to allow ICMP traffic in addition to the port 22. B. Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table: Destination CIDR: 0.0.0.0/0 Target: Service Gateway (SGW) C. Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table: Destination CIDR: 0.0.0.0/0 Target: Dynamic Routing Gateway (DRG) D. Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table: Destination CIDR: 0.0.0.0/0 Target: Internet Gateway (IGW).
Your customer is using an Oracle Cloud Infrastructure (OCI) compartment named Production that hosts several resources such as compute instances, DB
Systems and File Systems. Each resource in the Production compartment is tagged.
The customer's security team wants to restrict access to DB Systems to only the authorized group of DBAs.
Which OCI Tagging capability can be used to meet this requirement? A. Tags Defaults with predefined values B. Tag Defaults C. Cost-Tracking Tags D. Tag-based Access Control.
You have multiple applications installed on a compute instance and these applications generate a large amount of log files. These log files must reside on the boot volume for a minimum of 15 days.
Any log files age over 15 days shouldn't be on boot volume but still must be retained for at least 60 days. The 60-day retention requirement is causing an issue with available disk space.
What are two Oracle recommended methods to retain the log files for 60 days without filling up the boot volume? (Choose two.) A. Terminate the instance while preserving the boot volume. Create a new instance from the boot volume and select a DenseIO shape to take advantage of local NVMe storage. B. Resize the boot volume of the instance. C. Create and attach a block volume to the compute instance and copy the log files. D. Create an object storage bucket and use a script that runs daily to move log files older than 15 days to the bucket. E. Write a custom script to remove the log files on a daily basis and free up the space on the boot volume.
You have an application server running in a public subnet on a compute instance in US West (us-phoenix-1) region of Oracle Cloud Infrastructure (OCI). The data sitting on this instance needs to be copied to OCI Object storage bucket available in the same region without traversing over the internet. To enable the connectivity between the instance and Object Storage, you created a service gateway with service CIDR of all Object Storage in us-phoenix-1 enabled. You also modified the security rules to allow the desired traffic.
However, when you tried sending the data to the Object Storage bucket, you notice that the data is going over the internet and not via the service gateway.
What could be the possible reason for this behavior? A. Identity and Access Management (IAM) policies restrict the access to the object storage bucket. B. The service gateway created in the VCN resides in a different availability domain. C. The security list associated with the subnet has an egress rule that allows all traffic to be forwarded to a destination CIDR 0.0.0.0/0. D. The route table associated with the subnet has no route rule where the destination is object storage service.
Which two choices are true for Oracle Autonomous Database with Shared Exadata Infrastructure? (Choose two.) A. Autonomous database does not support per-second billing. B. Billing for compute usage stops when autonomous database is stopped. C. Billing for storage usage continues when autonomous database is stopped. D. Billing stops for both CPU and storage usage when autonomous database is stopped. E. Billing does not stop when autonomous database is terminated.
You are responsible for creating and maintaining an enterprise application that consists of multiple storage volumes across multiple compute instances in Oracle
Cloud Infrastructure (OCI).
The storage volumes include boot volumes and block volumes for your data storage. You need to create backups of these storage volumes in the most time- efficient manner.
How can you meet this requirement? A. Create clones of all boot volumes and block volumes one at a time. B. Create on-demand full backups of boot volumes, and copy data in block volumes to Object Storage using OCI CLI. C. Create on-demand full backups of block volumes, and create custom images from the boot volumes. D. Group together multiple storage volumes in a volume group and create volume group backups.
As an Oracle Cloud Infrastructure tenancy administrator, you created predefined lists of values and associated them with tag key definitions.
One of the users in your tenancy complains that she cannot see these predefined values.
What is causing this issue? A. The user is trying to use free-form tags. B. Some of the predefined values are null. C. The user is not part of an Identity and Access Management group that gives access to tagging. D. The user has breached either the quota or service limit for using tags.
You have compartments C and D under the root compartment in your Oracle Cloud Infrastructure (OCI) tenancy; compartment C contains a sub-compartment also named D. You are trying to move this sub-compartment D to the parent compartment D like shown in the picture, but the move fails. A. You need to move all the compartments in the hierarchy to the new parent compartment. B. You cannot move a subcompartment to another parent compartment. C. Both parent and child compartments cannot have the same name. D. Sub-compartment D needs to be empty before it can be moved.
You are working for a financial institution that is currently running two web applications in Oracle Cloud Infrastructure (OCI). All resources were created in the root compartment.
Your manager asked you to deploy new resources to support a proof-of-concept (PoC) for Oracle FlexCube. You must ensure that the FlexCube resources are secured and cannot be affected by the team that manages the two web applications.
Which two tasks should you complete to ensure the required security of your resources? (Choose two.) A. Create a new compartment for the two web applications and move the existing resources into the compartment. Deploy the FlexCube application into the root compartment. Create a new policy in the root compartment that gives the FlexCube project team the ability to manage all resources in the tenancy. B. Create a new policy in the root compartment for the FlexCube project team. Assign a policy statement that grants the FlexCube project team the ability to manage all resources in the tenancy, where a specific tag key and tag value are present. C. Create a Tag Default within the root compartment with a default value of ${iam.principle.name} so that each new resource created is tagged with the name of the person who created it. Create a new IAM policy that allows users to only modify resources they created. D. Create a new compartment for the two web applications and move the existing resources into this compartment. Modify the existing policy for the team that manages these applications so that the scope of access is defined as this new compartment. E. Create a new compartment for the FlexCube application deployment. Create a policy in this compartment for the project team that gives them the ability to manage all resources within the scope of this compartment.
|
