A subscriber of on Oracle Cloud Infrastructure (OCI) Notifications service topic complained about not receiving messages from the service. Which of the following options can help you debug this issue? If OCI Notifications service does not receive an acknowledgement from a subscription endpoint, the service tries to redeliver messages for up to two hours. Configure an alarm on the NumberofNotificationFailed metric through the OCI Monitoring service to help debug the issue. If OCI Notifications service does not receive an acknowledgement from a subscription endpoint, the service drops the message. Confirm that the subscriber is always online to receive messages to help debug the issue. If OCI Notifications service does not receive an acknowledgement from a subscription endpoint, the service tries to redeliver messages for up to one day. Make sure that the subscriber is online at least once a day to help debug the Issue If OCI Notifications service does not receive an acknowledgement from a subscription endpoint, check the NumberofNotificationFailed metric through the OCI Monitoring service for failed messages. Copy these messages to an OCI Object Storage bucket. Make sure the subscriber has the required credentials to access this bucket to help debug the Issue.
One of the compute Instances that you have deployed Is malfunctioning. You have created a console connection to remotely troubleshoot.
Which two statements about console connections are true? If you do not disconnect from the session, your serial console connection will automatically be terminated after 24 hours. For security purpose, the console connection will not let you edit system configuration files.
It is not possible to connect to the serial console to an Instance running Microsoft VNC console connection uses SSH port forwarding to create a secure connection from your local system to the VNC server attached to your instance's console. It is not possible to use VNC console connections to connect to Bare Metal Instances. It is not possible to connect to the serial console to an Instance running Microsoft Windows, however VNC console connection can be used.
Several development teams in your company have each been provided with a budget and a dedicated compartment to be used for testing purpose u are asked to help them to control the costs and avoid any overspending.
What should you do? Associate a Budget Tag to each resource with monthly budget amount and use that Information to prepare a weekly report to send to each team Contact Oracle support and ask them to associate the monthly budget with the Service Limits In every region for which your tenancy is subscribed. The tenancy administrator will receive an alert email from Oracle when the limit Is reached. Associate a Budget Tag to each compartment with the monthly budget amount and set an alert rule to notify the developers' teams when they reached a specific percentage of the budget Configure a Quota for each compartment to prevent provisioning of any bare metal instances.
Your company recently adopted a hybrid cloud architecture which requires them to migrate some of their on-premises web applications to Oracle Cloud Infrastructure OCI). You created a Terraform template which automatically provisions OCI resources such as compute instances, load balancer, and a database instance.
After running the stack using the terraform apply command, it successfully launched the compute Instances and the load balancer, but it failed to create a new database Instance with the following error:
Service error:NotAuthorizedOrNotFound. shape VM.Standard2.4 not found, http status code: 404 You discovered that the resource quotas assigned to your compartment prevent you from using VM.Standard2.4 instance shapes available in your tenancy. You edit the Terraform script and replace the shape with VM.Standard2.2.
Which option would you recommend to re-run the terraform command to have required OCI resources provisioned with the least effort? terraform plan -target=oci_database_db_system.db_system terraform apply -target=ocl_database_db_system.db_system terraform apply -auto-approve terraform refresh -target=oci_database_db_system.db_system.
You launched a Linux compute Instance to host the new version of your company website via Apache HTTPS server on HTTPS (port 443).
The Instance is created in a public subnet along with other Instances. The default security list associated to the subnet is (see photo):
You want to allow access to the company website from public Internet without exposing websites eventually hosted on the other instances in the public subnet.
Which actions should you take to accomplish the task?
Create a new security list with a stateful rule to allow ingress access on port 443 and associate it to the public subnet. In default security list, add a stateful rule to allow ingress access on port 443 Create a network security group, add a stateful rule to allow ingress access on port 443 and associate It to the public subnet that host the company website Create a network security group, add a stateful rule to allow ingress access on port 443 and associate it to the instance that host the company website.
Which two statements accurately describe Ansible Modules for Oracle Cloud Infrastructure (OCI)? OCI Ansible Modules represent discrete provisioning tasks or operations that you can not invoke individually from the command line, or else run individually or In sequence from a playbook OCI Ansible Modules are units of organization that allows you to abstract configuration, orchestration, and provisioning tasks into roles that you can save and share among playbooks and other users OCI Ansible Modules represent discrete provisioning tasks or operations that you can invoke individually from the command line, or else run Individually or in sequence from a playbook OCI Ansible Modules enable orchestrating, provisioning, and configuration management tasks on Oracle Cloud Infrastructure OCI Ansible Modules is not able to provide you state control of resources.
Your company has restructured its HR departments. As part of this change, you also need to re- organize compartments within Oracle Cloud Infrastructure (OCI) to align them to the company's new organizational structure. The following change is required:
Comportment Team_x needs to be moved under a new parent compartment, Project_B (see photo)
The tenancy has the following policies defined for compartments Project_A and Project_B:
Policy1 Allow group G1 to manage instance-family in compartment HR:Project_A Policy2 Allow group G2 to manage instance-family in compartment HR:Project_B Which two statements describe the impacts after the compartment Team_x is moved? Group G2 can now manage instance-families in compartment Project_B compartment Project_A and compartment Team_x Group G1 can now manage instance-families in compartment Project_A but not in compartment Team_x Group G1 can now manage instance-families in compartment project_A,compartment project_B and compartment Team_x Group G2 can now manage instance-families in compartment Project_B and compartment Team_x Group G2 can now manage instance-families in compartment Project_A but not in compartment Team_x.
You have deployed a three-tier web application inside an Oracle Cloud Infrastructure (OCI) VCN with a CIDR block of 10.0.0.0/28. You Initially deploy three web servers (VM.Standard2.2), two application servers (VM.Standard2.4), and two servers (VM.Standard2.8) running Oracle database.
The web, application and database servers are deployed across two availability domains in the us-ashburn-1 region.
You also deployed a Public Load Balancer In front of the two web servers. The web traffic gradually Increases In the first few days following the deployment, so you attempt to double the number of instances in each tier of the application to handle the new load. Unfortunately, some of these new Instances fail to launch.
Your tenancy comes with the following set of predefined services limits for the availability domain and compartment where the application is deployed. (see photo)
What is a possible reason for this deployment to fail?
You do not have enough private IP addresses left to launch all of the new compute instances. You do not have sufficient public IP addresses required by the web, application and database servers You do not have sufficient quotas for number of VM.Standard2.2, VM.Standard2.4 and VM.Standard2.8 shapes in the Production compartment in the us-ashburn-1 region You do not have sufficient quotas for number of VM.Standard2.2, VM.Standard2.4 and VM.Standard2.8 shapes in each availability domain in the us-ashburn-1 region.
Which command sample can be used to copy an object from Oracle Cloud Infrastructure (OCI) Object Storage bucket in source region to a bucket in a destination region? A B C D.
In order to manage Alarms In Oracle Cloud Infrastructure (OCI), which three actions can be performed through the OCI Console? View alarm history for last 3 months Manually fire an alarm Update the MQL expression of an alarm. View all the firing alarms Move an alarm to a different compartment Add multiple suppressions for an alarm.
Which two are true for achieving High Availability on Oracle Cloud Infrastructure? (Choose two.) Store your database across multiple regions so that half of the data resides in one region and the other half resides in another region Distribute your application servers across all Availability Domains within a region Store your database files on Object Storage so that they are available in al Availability Domains in all regions Configure your database to have Data Guard in another Availability Domain in Sync mode within a region Attach your block volume form Availability Domain 1 to a compute instance in Availability Domain 2 (and vice versa) so that they are highly available.
You have the following compartment structure within your company's Oracle Cloud Infrastructure (OCI) tenancy:(see photo)
You want to create a policy in the root compartment to allow SystemAdmins to manage VCNs only In CompartmentC.
Which policy is correct?
Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentC Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentB:CompartmentC Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentA:CompartmentB:CompartmentC Allow group SystemAdmins to manage virtual-network-family in compartment Root.
You need to set up daily Incremental backups of your database In Oracle Cloud Infrastructure (OCI) Database Service. The backups need to be retained for at least 50 days.
Which of the following method allows you do accomplish this Is an efficient and cost effective manner? Enable automatic backups and choose the preset retention period of 60 days Enable automatic backups and set the retention period to 50 days Set up a cron job with OCI Database Service CreateBackuP API call to take periodic full-backups to OCI Object Store. Delete backups older than 50 days Use Recovery Manager (RMAN) to take backups to an OCI Object Store bucket. Delete backups older than 50 days.
Which three statements ate true about Object Storage data security and encryption In Oracle Cloud Infrastructure (OCI)? OCI Key Management is used by default to provide data security Client-side encryption is managed by the customer A VPN connection to OCI is required to ensure secure data transfer to an object storage bucket All traffic to and from Object Storage service is encrypted using TLS Server side encryption uses per-object keys which are managed by Oracle.
You have set up threshold alarm for CPU Utilization metric for a value greater than 80 percent. You get a notification email about this alarm.
Which of the following action will help you respond to this notification? Modify the alarm to route notifications to Oracle Cloud Infrastructure Streaming Service (OSS) for later Investigation Modify the alarm to route notifications to an Oracle Cloud Infrastructure Object Storage bucket for later investigation Change at-risk threshold for the CPU utilization metric to a lower number Suppress the alarm notifications temporarily.
You have set an alarm to be generated when the CPU usage of a specified instance is han 10%. In the alarm behavior view below you not that the critical condition happened around 23:30. You were expecting a notification after 1 minute, however, the alarm firing state did not begin until 23:23. (see photo)
What should you change to fix It?
Change the alarm's metric interval to 1 Change the alarm condition to be greater than 3% Change the alarm's trigger delay minutes value to 1 Change the notification topic that you previously associated with the alarm.
An organization wants to extend their existing on-premises data centers to the Oracle Cloud Infrastructure (OC1) us-phoenix-1 region. In order to achieve It, they have created an IPSec VPN connection between their Customer-Premises Equipment(CPE) and Dynamic Routing Gateway(DRG) on How can you make this connection highly available (HA)? Add another Dynamic Routing gateway In a different Availability Domain and create another IPSec VPN connection Add another Customer-Premises Equipment (CPE) and create second IPSec VPN connection with the same Dynamic Routing Gateway (DRG) Create a NAT Gateway and route all traffic through a NAT Gateway, which is highly available component Add another Dynamic Routing Gateway in a different Availability Domain, and create another IPSec VPN connection with another Customer Premises Equipment (CPE).
You are working as a Cloud Operations Administrator for your company. They have different Oracle Cloud Infrastructure (OCI) tenancies for development and production workloads. Each tenancy has resources in two regions - uk-london-1 and eu-frankfurt-1. You are asked to manage all resources and to automate all the tasks using OCI Command Line Interface (CLI).
Which is the most efficient method to manage multiple environments using OCI CLI? Create environment variables for the sets of credentials that align to each combination of tenancy, region, and environment. Use OCI CLI profiles to create multiple set of credentials in your config file, and reference the appropriate profile at runtime Use different bash terminals for each environment Run OCI setup config to create new credentials for each environment every time you want to access the environment.
You want an instance in your compartment to make API calls to other services within Oracle Cloud Infrastructure without storing credentials in a configuration file.
What do you need to do? Create appropriate matching rules in the Dynamic Group to create an Instance Principal Instances cannot access services outside their compartment No action is required. By default, all VM instances are created with an Instance Principal VM instances are treated as users. Create a user and assign the user to that VM instance.
You have shared your Oracle Cloud Infrastructure (OCI) tenancy with a group of developers in your organization by creating a compartment called developer. You are an administrator in the tenancy with privileges to modify IAM policies. Developers need privileges to configure Federation to a Single Sign-On (SSO).
m would you give them permissions to complete their task In the most secure manner? Create a new policy with the following statements:
Allow any-user to manage identity-providers in tenancy a-developer Allow any-user to manage groups in tenancy Create a group called Developers. Set up the following IAM policy:
Allow group Developers to manage identity-providers in compartment a-developer Allow group Developers to manage groups in compartment Create a group called IdPAdmins. Assign the following IAM policy statement: Allow group IdPAdmins to manage identity-providers in compartment
Allow group IdPAdmins to manage groups in compartment Create a group called IdPAdmins. Assign the following IAM policy statement: Allow group IdPAdmins to manage identity-providers in tenancy
Allow group IdPAdmins to manage groups in tenancy
.
Which five are the required parameters to launch an instance in Oracle Cloud Infrastructure? (Choose five.) private IPaddress Virtual Cloud Network host name instance shape image operating system subnet Availability.
At the end of a terraform apply operation, what is the default output? nothing by default the entire state file statistics about what was added, changed, and destroyed, and the values of outputs statistics about what was added, changed, and destroyed.
You have created several block volumes in the us-phoenix-1 region in a specific compartment. The compartment can be identified by the following Oracle Cloud Infrastructure (OCI) unique identifier, or ocid1.compartment.oc1.phx..exampleuniquelD Your manager has asked you to leverage the OCI monitoring service and write a metric query showing all read IOPS at a one-minute interval, filtered to this compartment and aggregated for the maximum.
Which metric query will you create? IopsWrite[lm]{compartmentId=Hocidl.compartment.ocl.phx..exampleuniquelD"}.mean() IopsRead[lm]{compartmentId="ocldl.compartment.ocl.phx..exampleuniquelD"}.max() IopsRead[lm]{compartmentId="ocidl.compartment.ocl.phx..exampleuniquelD"}.grouplng().max() IopsRead[lm]{compartmentId = "odd 1.compartment.ocl.phx..exampleuniquelD"}.grouping().
Which two parameters are required in a back end set's HTTP health check? (Choose two.) timeout response body port status code URL path.
You want an instance in your compartment to make API calls to other services within Oracle Cloud Infrastructure without storing credentials in a configuration file.
What do you need to do? Create appropriate matching rules in the Dynamic Group to create an Instance Principal No action is required. By default, all VM instances are created with an Instance Principal Instances cannot access services outside their compartment VM instances are treated as users. Create a user and assign the user to that VM instance.
Which three must be configured for a load balancer to accept incoming traffic? (Choose three) a back-end server a back end set a listener a security list that is open on a listener port a certificate.
Which two statements are true about the Bulk Export of Oracle Cloud Infrastructure Audit Log Events? You can specify only one region in your bulk export request It will be available immediately after the Bulk Export request Exported logs remain available indefinitely Exported log files list a single audit event per line using csv format Exported logs are available in the object storage buckets in your tenancy.
You are configuring on alarm In Oracle Cloud Infrastructure (OCI) for a compute instance named vision. The metric needs to be triggered when the ingress network rate is greater than 1MB. Which statement will accomplish this? NetworksBytesIn[1MB]{resourceDisplayName - "vision"}.rate() > 1 NetworksBytesIn[1m]{resourceDisplayName - "vision"}.rate() > 1024 {resourceDisplayName = "vision"}(NetworksBytesIn[lm]).rate() > 1024 {resourceDisplayName = Hvision"}(NetworksBytesIn[1MB]).rate() > 1.
As the operations administrator for your company's Oracle Cloud Infrastructure (OCI), you have been entrusted the task of ensuring that data being accessed by the application is encrypted. Your application portfolio Includes both Virtual Machine (VM) and Bare Metal (BM) database systems.
Which method should you use to achieve encryption of data in-transit? Configure backup encryption for RMAN backup sets before transferring data Native Oracle Net Services encryption and integrity capabilities Key Store/Wallet service for on the fly encryption of data in transit Data is encrypted at rest using TDE and no additional encryption is needed.
Your company recently adopted a hybrid cloud architecture which requires them to migrate some of their on-premises web applications to Oracle Cloud Infrastructure OCI). You created a Terraform template which automatically provisions OCI resources such as compute instances, load balancer, and a database instance.
After running the stack using the terraform apply command, it successfully launched the compute Instances and the load balancer, but it failed to create a new database Instance with the following error:
Service error:NotAuthorizedOrNotFound. shape VM.Standard2.4 not found, http status code: 404 You discovered that the resource quotas assigned to your compartment prevent you from using VM.Standard2.4 instance shapes available in your tenancy. You edit the Terraform script and replace the shape with VM.Standard2.2.
Which option would you recommend to re-run the terraform command to have required OCI resources provisioned with the least effort? terraform apply -target=ocl_database_db_system.db_system terraform refresh -target=oci_database_db_system.db_system terraform apply -auto-approve terraform plan -target=oci_database_db_system.db_system.
You have been asked to update the lifecycle policy for object storage using the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI).
Which command can successfully update the policy? oci os object-lifecycle-policy delete -ns <object_storage_namespace> -bn <bucket_name> oci os object-lifecycle-policy put -ns <object_storage_namespace> -bn <bucket_name> -Items
<json_formated_lifecycle_policy> oci os object-lifecycle-policy put -ns <object_storage_namespace> -bn <bucket_name> oci os object-lifecycle-policy get -ns <object_storage_namespace> -bn <bucket_name>.
You are tasked with creating a group called volumeBackcupAdmins to manage only block volume backups.
Which of the following set of policy/policies would you need to write to meet this requirement? A B C D.
Which technique does NOT help you get the optimal performance out of the Oracle Cloud Infrastructure (OC1) File Storage service? Serialize operations to the file system to access consecutive blocks as much as possible Limit access to the same Availability Domain (AD) as the File Storage service where possible Right size compute instances from where file system is accessed based on their network capacity Store files across multiple directories in the file system. Increase concurrency by using multiple threads, multiple clients, and multiple mount targets.
You are system administrator at a retail company. You Just received a ticket stating that the account team is unable to access an internal application. The application is running behind an Oracle Cloud Infrastructure (OCI) Public Load Balancer and is using a compute instance pool with autoscaling enabled. You noticed some deleted items In the Audit Log while troubleshooting.
Which resource deletion could have caused this Issue? NAT Gateway and the Route Table associated with the Virtual Cloud Network (VCN) Internet Gateway and the Route Table associated with the Virtual Cloud Network (VCN) an Object Storage bucket containing transaction log backups the Route Table rules associated with the subnet within the Virtual Cloud Network (VCN).
You are using the Oracle Cloud Infrastructure Command Line Interface to launch a Linux virtual machine.
You enter the following command (with correct values for all parameters): see photo
The command fails.
Which is NOT a valid parameter in this command?
--shape "<shape_name>" -t <tenancy_id> -c <compartment_id> --image-id <image_id> --subnet-id <subnet_id>.
You are a Cloud Operations administrator who has recently joined a new department. You have created 10 Terraform stacks using Oracle Cloud Infrastructure (OCI) resource manager. Each stack creates a different set of resources In OCI for your development team.
What determines the cost of these Terraform stacks? The cost for each stack will be higher for pay as you go (PAYG) than for monthly flex billing. The length of time It takes to build each resource using these Terraform stacks. Resource manager stacks are free but you are charged for the resources they create. The number of lines of text in your Terraform configuration files.
One of your development teams has asked for your help to standardize the creation of several compute instances that must be provisioned each day of the week. You initially write several Command Line Interface (CLI) commands with all appropriate configuration parameters to achieve this task later determining this method lacks flexibility.
Which command generates a JSON-based template that Oracle Cloud Infrastructure (OCI) CLI can use to provision these Instances on a regular basis? oci compute provision-Instance - generate-full-command-Json-lnput oci compute instance create --generate-cll-skeleton oci compute instance launch --generate-cll-skeleton oci compute instance launch --generate-full-command-json-input.
You Saw created a group for several auditors. You assign the following policies to the group: (see photo)
What actions are the auditors allowed to perform within your tenancy?
Auditors are able to view all resources in the compartment. Auditors are able to create new instances in the tenancy. The Auditors can view resources in the tenancy. The Auditors are able to delete resources in the tenancy.
Security testing Policy describes when and how you may conduct certain types of security testing of Oracle Cloud Services, Including vulnerability and penetration tests, as well as tests Involving data scraping tools.
What does Oracle allow as part of this testing? Customers can simulate DoS attack scenarios as long as Its restricted to the customer's own environment. Customers are allowed to test Oracle Cloud Infrastructure (OCI) hardware related to resources in their tenancy Customers are allowed to use their own testing and monitoring tools Customers can validate that their network resources are isolated from other customer resources.
our company will undergo a security audit in one week. Your manager has asked you to download and review recent logs from an Object Storage bucket. The current log archive file is approximately 19 GB In size.
Which command would you run to download the archive file as quickly as possible? oci os object get -ns my-namespace -bn my-bucket --name my-large-object --multipart-download- threshold
2000 --part-size 120 oci os object get -ns my-namespace -bn my-bucket --name my-large-object --multipart-download- threshold
2000 --part-size 128 oci os object put -ns my-namespace -bn my-bucket --name my-large-object --multipart-download- threshold
20000 --part-size 128 oci os object get -ns my-namespace -bn my-bucket --name my-large-object --multipart-download- threshold
20000 --part-size 128.
You launched a Linux compute Instance to host the new version of your company website via Apache HTTPS server on HTTPS (port 443).
The Instance is created in a public subnet along with other Instances. The default security list associated to the subnet is:
(see photo)
You want to allow access to the company website from public Internet without exposing websites eventually hosted on the other instances In the public subnet.
Which two actions should you do? Access the Linux instance via SSH and configure Iptables to allow HTTPS access on port 443. Create a new security list with a stateful rule to allow ingress access on port 443 and associate it to the public subnet In default security list, add a stateful rule to allow ingress access on port 443. Create a network security group, add a stateful rule to allow ingress access on port 443 and associate It to the public subnet that host the company website Create a network security group, add a stateful rule to allow ingress access on port 443 and associate it to the instance that host the company website.
You set up a bastion host in your VCN to only allow your IP address (140.19.2.140) to establish SSH connections to your Compute instances that are deployed private subnet. The Compute instances have an attached Network Security Group with a Source Type: Network security Group (NSG) , Source NSG:
-050504. To secure the bastion host, you added the following ingress rules to its Network Security Group: (see photo)
However, after checking the bastion host logs, you discovered that there are IP addresses other than your own that can access your bastion host.
What is the root cause of this issue?
A netmask of /32 allows all IP address in the 140.19.2.0 network, other than your IP 110.19.2.140 The port 22 provides unrestricted access to 140.19.2.140 and to other IP address All compute instances associated with NSG-050504 are also able to connect to the bastion host. The Security List allows access to all IP address which overrides the Network Security Group ingress rules.
You have been asked to investigate a potential security risk on your company's Oracle Cloud Infrastructure (OCI) tenancy. You decide to start by looking through the audit logs for suspicious activity.
How can you retrieve the audit logs using the OCI Command Line Interface (CLI)? oci audit event list --start-time $start-time --end-time $end-time --compartment-id
$compartment-id oci audit event list --start-time $start-time --end-time $end-time --tenancy-id $tenancy-id oci audit event list --start-time $start-time --compartment-id $compartment-id oci audit event list --end-time $end-time --compartment-id $compartment-id.
You are asked to Implement the disaster recovery (DR) and business continuity requirements for Oracle Cloud Infrastructure (OCI) Block Volumes. Two OCI regions being used: a primary/source region and a DR/destination region.
The requirements are:
There should be a copy of data in the destination region to use If a region-wide disaster occurs in the source region
Minimize costs
Which of the following design will help you meet these requirements? Clone block volumes. Copy block volume clones from source region to destination region at regular intervals Back up block volumes. Use Object Storage lifecycle management to automatically move backup objects to Archive Storage. Copy Archive Storage buckets from source region to destination at regular Intervals Back up block volumes. Copy block volume backups from source region to destination region at regular intervals. Clone block volumes. Use Object Storage lifecycle management to automatically move clone object Archive Storage. Copy Archive Storage buckets from source region to destination at regular intervals.
You have created the following JSON file to specify a lifecycle policy for one of your object storage buckets: (see photo)
How will this policy affect the objects that are stored in the bucket?
Objects containing the name prefix LOGS will be automatically migrated from standard Storage to Archive storage 30 days after the creation date. The objects will be deleted 120 days after creation. Objects containing the name prefix LOGS will automatically be migrated from standard Storage to Archive storage 30 days after the creation date. The objects will be migrated back to standard Storage
120 days after creation. The objects with prefix "LOGS" will be deleted 30 days after creation date. Objects with the prefix "LOGS" will be retained for 120 days and then deleted permanently.
To take advantage of cloud agility and burst computing capability, ABC Automobiles have extended their data center to a Virtual Cloud Network (VCN). In Oracle Cloud Infrastructure's (OCI) us-phoenlx-1 region. They have several members in their Cloud Operations (CloudOps) team that need I access the OCI management console. The security administrator does not want to create new IAM users and credentials that would then need to be distributed to each CloudOps member.
Which option will help solution architect meet the needs for CloudOps? Use an existing SAMAL 2.0 compliant identity provider(IdP) to grant CloudOps members federated access to OCI Console via the OCI single sign-on (SSO) endpoint Use Web Identity Federation to retrieve an AuthToken to enable CloudOps members to sign in to the OCI Console Use OAuth 2.0 to retrieve temporary credentials to enable your CloudOps members to sign in to the OCI Console. Use on-premises SAML2.0 compliant identity provider(IdP) to retrieve an AuthToken to enable CloudOps members to sign in to the OCI Console.
You are using Oracle Cloud Infrastructure (OCI) console to set up an alarm on a budget to track your OCI spending. Which two are valid targets for creating a budget In OCI? Select Tenancy as the type of target for your budget. Select Cost-Tracking Tags as the type of target for your budget. Select Compartment as the type of target for your budget. Select group as the type of target for your budget. Select user as the type of target for your budget.
You are using Oracle Cloud Infrastructure (0C1) services across several regions: us-phoenlx-1, us-ashburn-1, uk-london-1 and ap-tokyo-1. You have created a separate administrator group for each region: PHX-Admins, ASH-Admins, LHR-Admins and NRT-Admins, respectively.
u want to restrict admin access to a specific region. E.g., PHX-Admins should be able to manage all resources in the us-phoenlx-1 region only and riot any other OCI regions.
What IAM policy syntax is required to restrict PHX-Admins to manage OCI resources in the us- phoenix-1 region only? A B C D.
Which three statements are true about Object Storage data security and encryption in Oracle Cloud Infrastructure (OCI)? OCI Key Management is used by default to provide data security. Server side encryption uses per-object keys which are managed by Oracle. All traffic to and from Object Storage service is encrypted using TLS. A VPN connection to OCI is required to ensure security data transfer to an object storage bucket. Client-side encryption is managed by the customer.
You have created an Autonomous Data Warehouse (ADW) service in your company's Oracle Cloud Infrastructure (OCI) tenancy and you now have to load historical data Into It. You have already extracted this historical data from multiple data marts and data warehouses. This data is stored in multiple CSV text files and these file are ranging in size from 25 MB to 20 GB.
Which step Is most efficient and error tolerant method for loading data Into ADW? Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL, using OCI CLI upload the CSV files to an OCI object storage
bucket, create the tables in the ADW database and then execute DBMS_CLOUD.COPY_DATA for each CSV file to copy the contents into the corresponding ADW database table. Create Auth token, use It to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL, using the web console upload the CSV files to an OCI object storage bucket, create the tables in the ADW database and then execute DBMS_CLOUD.COPY_DATA for each CSV file to copy the contents into the corresponding ADW database table Create the tables In the ADW database and then execute SQL*Loader for each CSV file to load the contents Into the corresponding ADW database table. Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL, using OCI CLI upload the CSV files to an OCI object storage bucket, create the tables In the ADW database and then execute Data Pump Import for each CSV file to copy the contents into the corresponding ADW database table.
NO.51 Which two configuration formats does Terraform support? (Choose two.) JSON XML YAML HCL.
You have created a geolocation steering policy in the Traffic Management service, with this configuration. (see photo)
What happens to requests that originate in Africa? The traffic will be forwarded randomly to any of the pools mentioned in the rules. The traffic will be dropped. The traffic will be forwarded to Pool 1. If Pool 1 is not available, then will be forwarded to Pool 2. The traffic will be forwarded at the same time to both Pool 1 and Pool 2.
You deployment platform within Oracle Cloud Infrastructure (OCI) leverages a compute instance with multiple block volumes attached. There are multiple teams that use the same compute instance and have access to these block volumes. You want to ensure that no one accidentally deletes of these block volumes. You have started to construct the following IAM policy but need to determine which permissions should be used. ERASE_VOLUME, ERASE_VOLUME_ATTACHMENT, ERASE_VOLUME_BACKUP DELETE.VOLUME, DELETE_VOLUME_ATTACHMENT, DELETE_VOLUME_BACKUP VOLUME_ERASE, VOLUME_ATTACHMENT_ERASE, VOLUME_BACKUP_ERASE VOLUME_DELETE, VOLUME_ATTACHMENT_DELETE, VOLUME_BACKUP_DELETE.
Recently your e-commerce web application has been receiving significantly more traffic than usual. Users are reporting they often encounter a 903 i when trying to access your site. Sometimes the site is very slow.
You check your instance pool configuration to confirm that the maximum number of instances Is configured to allow 20 compute instances. Currently 14 compute instances have been provisioned by the Instance pool. You also confirm that current CPU utilization across all hosts exceeds the scale- threshold you set in your auto-scaling policy. However, the Instance pool is not provisioning any new instances.
What can you check to determine why the application is NOT functioning properly? Verify that the Quality Assurance team is not currently performing load-testing against production Verify that the compute resource quota has not been exceeded. Verify that the new offer feature code did not introduce any performance bugs. Verify that the database is accessible.
You have been brought In to help secure an existing application that leverages Object Storage buckets to distribute content. The data is currently being shared from public buckets and the security team Is not satisfied with this approach. They have stated that all data must be stored In storage buckets. Your application should be able to provide secure access to the data. The URL that is provided for access to the data must be rotated every 30 days.
Which design option will meet these requirements? Use Pre-Authenticated request, even though there will be multiple URLs this will provide better security Create a private bucket only to share the data Create a new group and map users to this group, create a IAM policy providing access to Object Storage service only to this group. Users can then simply login to OCI console and retrieve needed flies Create multiple bucket and classify them as Public and Private. Use public bucket for non-sensitive.
Which two statements about the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI) are true? You can filter CLI output using the JMESPath query option for JSON. The CLI provides the same core functionality as the Console, plus additional commands. The CLI allows you to use the Python language to Interact with OCI APIs. The CLI provides an automatic way to connect with Instances provisioned on OCI. You can run CLI commands from Inside OCI Regions only.
Multiple teams are sharing a tenancy in Oracle Cloud Infrastructure (OCI). You are asked to figure out an appropriate method to manage OC1 costs.
NOT a valid technique to accurately attribute costs to resources used by each team? Create separate compartment for each team. Use the OCI cost analysis tools to filter costs by compartments. Create a Cost-Tracking tag. Apply this tag to all resources with team Information. Use the OCI cost analysis tools to filter costs by tags. Create an Identity and Access Management (IAM) group for each team. Create an OCI budget for each group to track spending. Define and use tags for resources used by each team. Analyze usage data from the OCI Usage Report which has detailed Information about resources and tags.
You have recently Joined a startup company and quickly find that nobody is tracking the amount of money spent on Oracle Cloud Infrastructure (OCI). Seeing an opportunity to help save money you begin creating a solution to better track the cost of resources provisioned by each individual on the team.
Which option allows you to identify excessive spend across all resources in your tenancy? Use the Python SDK to write a custom application that will monitor the Audit Log. Look for CREATE events and configure the application to send you an email each time a new resource is created. Create a budget for each compartment that will send a notification when monthly spend reaches a pre-defined amount. Create a tag namespace named BILLING with a Tag Key named CostCenter. Tag each of your resources with this Tag Key and the correct value. Use the Events Service and create rules that will act when a new Object Storage bucket or Compute Instance has been created. Have the rule email you each time one of these events occurs.
Which of the following are essential components of the Oracle Cloud Infrastructure Notifications service? An alarm with a name unique across the tenancy, a subscription, and a metric with the measurement of interest. A topic with a name unique across the compartment, a subscription, and a message where content Is published. A topic with a name unique across the tenancy, a subscription, and a message where content is published. An alarm with a name unique across the compartment, a subscription, and a metric with the measurement of interest.
What is a key benefit of using Oracle Cloud Infrastructure's Resource Manager for your Terraform provisioning and management activities? Resource Manager has administrative privileges by design. Even if your IAM user does not have access, you can leverage Resource Manage provision new resources to any compartment in the Tenancy. You can use Resource Manager to identify and maintain an Inventory of all Compute and Database Instances across your tenancy. You can use Resource Manager to apply patches to all existing Oracle Linux Instances In a specified compartment. Resource Manager manages the Terraform state file for your infrastructure and locks the file so that only one Job at a time can run on a given stack.
You have a Linux compute Instance located in a public subnet in a VCN which hosts a web application. The security list attached to subnet containing the compute Instance has the following stateful Ingress rule. (see photo)
Which step will resolve the issue?
In the route table, add a rule for your default traffic to be routed to service gateway. In the security list, add an ingress rule for port 80 (http). In the security list, remove the ssh rule. In the route table, add a rule for your default traffic to be routed to NAT gateway.
Which two statements are true about Oracle Cloud Infrastructure Compute Service? (Choose two.) You cannot launch a bare metal server in Oracle Cloud Infrastructure Compute Service You can attach a block volume in an Availability Domain other than your compute instance You can share custom images across tenancies and regions You can launch a virtual or bare metal instance by using the same Launchlnstance API.
You have created a public subnet in a VCN, and your public subnet has a Route Table, a Security List, and an Internet Gateway. However, none of the compute instances can connect to the Internet.
Which two are possible reasons for the connectivity issue? (Choose two.) The Route Table has no default route for routing traffic to the Internet Gateway There is no stateful ingress rule in the Security List associated with the public subnet There is no Dynamic Routing Gateway (DRG) associated with the VCN There is no stateful egress rule in the Security List associated with the public subnet.
The boot volume on your Oracle Linux instance has run out of space. Your application has crashed due to a lack of swap space, forcing you to Increase the size of the boot volume.
Which step should NOT be Included In the process used to solve the Issue? Resize the boot volume by specifying a larger value than the boot volume's current size. Create a RAID 0 configuration to extend the boot volume file system onto another block volume. Attach the resized boot volume to a second instance as a data volume; Extend the partition and grow the file system on the resized boot volume. Reattach the boot volume and restart the instance. Stop the instance and detach the boot volume.
Your team Implemented a SaaS application that requires a whole system deployment for each new customer.
The Infrastructure provisioning is already automated via Terraform, and now you have been asked to develop an Ansible playbook to centralize configuration file management and deployment.
What Is the most effective way to ensure your playbooks are utilizing up-to-date and accurate Inventory? Implement a Command Line Interface script to list all the resources and run it within Ansible to generate a dynamic inventory list. Export an inventory list using Terraform apply command. Export an inventory list from the Oracle Cloud Infrastructure Web console. Download the dynamic inventory script provided by Oracle Cloud Infrastructure and include It in the playbook Invocation command.
You created an Oracle Linux compute Instance through the Oracle Cloud Infrastructure (OCI) management console then immediately realize you add an SSH key file. You notice that OCI compute service provides instance console connections that supports adding SSH keys for a running Instance. Hence, you created the console connection for your Linux server and activated it using the connection string provided. However, now you get' prompted for a username and password to login. What option should you recommend to add the SSH key to your running Instance, while minimizing the administrative overhead? You need to configure the boot loader to use ttyS0 as a console terminal on the VM. You need to terminate the running instance and recreate it by providing the SSH key file. You need to reboot the instance from the console, boot into the bash shell In maintenance mode,and add SSH keys for the open user You need to modify the serial console connection string to include the identity file flag, -i to specify the SSH key to use.
You have recently been asked to take over management of your company's infrastructure provisioning efforts, utilizing Terraform v0.12 to provision and manage infrastructure resources in Oracle Cloud Infrastructure (OCI). For the past few days the development environments have been failing to Provision. Teraform returns the following error: (see photo)
Which correction should you make to solve this issue?
Replace the curly braces '{ }' in lines 11 and 16 with square braces '[ ]' Modify line 15 to be the following: tcp_options = {min = "22", max = "22) Modify line 15 to be the following: tcp_options { min = "22" max = "22"} Place a command at the end of line 16.
You are asked to deploy a new application that has been designed to scale horizontally. The business stakeholders have asked that the application be deployed In us-phoenlx-1.
Normal usage requires 2 OCPUs. You expect to have few spikes during the week, that will require up to 4 OCPUs, and a major usage uptick at the end of each month that will require 8 OCPUs.
What is the most cost-effective approach to implement a highly available and scalable solution? Create an instance pool with a VM.Standard2.2 shape instance configuration. Setup the autoscaling configuration to use 2 availability domains and have a minimum of 2 instances, to handle the weekly spikes, and a maximum of 4 Instances. Create an instance with 1 OCPU shape. Use a CLI script to clone It when more resources are needed. Create an instance pool with a VM.Standard2.1 shape instance configuration. Setup the autoscaling configuration to use 2 availability domains and have a minimum of 2 instances and a maximum of 8 instances. Create an instance with 1 OCPU shape. Use the Resize Instance action to scale up to a larger shape when more resources are needed.
You have been contracted by a local e-commerce company to assist with enhancing their online shopping application. The application is currently deployed In a single Oracle Cloud Infrastructure (OCI) region. The application utilizes a public load balancer, application servers in a private subnet and a database in a separate, private subnet.
The company would like to deploy another set of similar Infrastructure In a different OCI region that will act as standby site. In the event of a failure at the primary site, all customers should be routed to the failover site automatically.
After deploying the additional infrastructure within the second region, how should you configure automated failover requirements? Create a new A record in DNS that points to the public load balancer at the secondary site. Create a CNAME for the sub-domain failover that will resolve to the new A record. Inform customers to prepend the website URL with failover If the primary site Is unavailable. Create a load balancer policy in the Traffic Management service. Configure one answer for each site.
Set the answer for the primary site with a weight of 10 and the answer for the secondary site with a weight of 100 Create a failover policy in the Traffic Management service. Set the IP address of the public load balancer for the primary site in answer pool 1 Set the IP address of the public load balancer for the secondary site in answer pool 2. Define a health check to monitor both sites. Deploy a new load balancer in the primary region. Create one backend set for the primary application servers and a second backend set for the standby application servers. Create a listener for the primary backend set with a timeout of 3 minutes. Create a listener for the secondary backend set with a timeout of 10 minutes.
Your application is using Object Storage bucket named app-data In the namespace vision, to store both persistent and temporary date. Every week all the temporary data should be deleted to limit the storage consumption.
Currently you need to navigate to the Object Storage page using the web console, select the appropriate bucket to view all the objects and delete the temporary ones.
To simplify the task you have configured the application to save all the temporary data with /temp prefix. You have also decided to use the Command Line Interface (CLI) to perform this operation. What is the command you should use to speed up the data cleanup? A B C D.
You have been tasked with allocating an identity to one of your compute instances that needs to retrieve and process static files that are stored in an Object Storage bucket. After creating a dynamic group with a matching rule that specifies the OCID of the compute instance, you discover the that API calls are failing.
Which step should you take to resolve this issue? Create IAM policies to permit users in these groups to make API calls against Oracle Cloud Infrastructure services. Initial credentials must be initialized using OCI console for the Instance in dynamic group. This can be a bulk operation. Create IAM policies to permit instances in these groups to make API calls against Oracle Cloud Infrastructure services. Once instances are in dynamic group no additional steps are required.
You have a group of developers who launch multiple VM.Standard2.2 compute Instances every day into the compartment Dev. As a result your OCI tenancy quickly hit the service limit for this shape. Other groups can no longer create new instances using VM.Standard2.2 shape.
of this, your company has Issued a new mandate that the Dev compartment must include a quota to allow for use of only 20 VM.Standar2.2 shapes per Availability Domain. Your solution should not affect any other compartment In the tenancy.
Which quota statement should be used to implement this new requirement? A B C D E.
NO.74 An Insurance company has contracted you to help automate their application business continuity plan. They have the application running in eu-frankfurt-1 as the primary site and uk-london-1 as a disaster recovery site.
Normally they have a DNS A record associated with the IP address of the primary endpoint In eu- frankfurt-1.
In the event of a disaster, they use OCI DNS Zone Management to update the A record and replace it with the IP address of the endpoint In uk-london-1.
How can you automate the failover process? Create a Health Check that evaluates both regional endpoints. Create a Traffic Management Steering policy with Failover type and associate it with the Health Check. Create a Traffic Management Steering policy and attach it to a backend set with the backend servers from both eu-frankfurt-1 and uk-london-1 regions. Create a Traffic Management Steering policy with Load Balancer type and add both eu-frankfurt-1 and uk-london-1 endpoints. Attach the Traffic Management Steering policy to the A record. Provision a Load Balancer in Frankfurt and associate it with the A record in DNS. Create a backend set with backend servers from both eu-frankfurt-1 and uk-london-1 regions.
You have received an email from your manager to provision new resources on Oracle Cloud Infrastructure (OCI). When researching OCI y detect that you should use OCI Resource Manager.
Since this is a task that will be done multiple times for development, test, and production need to create a command that can be re-used.
Which CLI command can be used In this situation? A B C D.
|
