OCI Cloud Operations Professional

You run a large global application with 90% of customers based in the US and Canada. You want to be able to test a new feature and allow a small percentage of users to access the new version of your application. What Oracle Cloud Infrastructure Traffic Management steering policy should you utilize?. Load Balancer. Geolocation steering. ASN steering. IP Prefix steering.

You have configured an Alarm Definition in the Oracle Cloud Infrastructure (OCI) Monitoring service to send notifications through email. The alarm should resend notifications at specified intervals if the alarm. continues to be in the firing state. A subscriber in the Notifications Topic complains about not receiving multiple emails upon failures. Which of the following could be the possible cause of this issue. Trigger Condition was not configured. Resending notifications depends on metric streams. OCI Monitoring sends only one notification per alarm condition. Repeat notification was not enabled while creating the Alarm.

Simulation – IAM Policies. Task 1: Allow group Network-Admins to manage virtual-network-family in compartment Network. Task 2: Allow group E-Comm-Admins to manage instance-family in compartment E-Comm Allow group E-Comm-Admins to use virtual-network-family in compartment Network. Task 3: Allow group SCM-Admins to manage volume-family in compartment SCM where request.region=’phx’ Allow group SCM-Admins to manage volume-family in compartment SCM where request.region=’lhr’.

You have a group of developers who launch multiple VM.Standard3.Flex compute in-stances every day into the compartment Dev. As a result, your Oracle Cloud Infrastructure (OCI) tenancy quickly hits the service limit for this shape, and other groups can no longer create new instances using the VM.Standard3.Flex shape. Therefore, your company issues a new mandate that the Dev compartment must include a quota that allows the use of only 20 VM.Standard3.Flex OCPUs per availability domain, without affecting any other compartment in the tenancy. Which quota statement would you use to implement this new requirement?. zero compute-core quotas in tenancy set compute-core quota standard3-core-count to 20 in tenancy dev. zero compute-core quotas in tenancy set compute-core quota standard3-core-count to 20 in compartment dev. set compute-core quota standard3-core-count to 20 in compartment dev. set compute-core quota standard3-core-count to 20 in compartment dev where request.region = us-phoenix-1.

Several development teams in your company have each been provided with a budget and a dedicated compartment to be used for testing purpose u are asked to help them to control the costs and avoid any overspending. What should you do?. Configure a Quota…. Contact Oracle support…. Associate a Budget Tag to each compartment with the monthly budget amount and set an alert rule. Associate a Budget Tag to each resource….

Which option contains the essential components of the Oracle Cloud Infrastructure Notifications service?. Alarm, subscription, metric. Topic (unique tenancy), subscription, and message. Topic (unique compartment), subscription, and message. Alarm, subscription, metric.

One of the compute instances that you have deployed on Oracle Cloud Infrastructure (OCI) is malfunctioning. You have created a console connection to remotely troubleshoot it. Which two statements about console connections are TRUE? (Choose two.). VNC console connection uses SSH port forwarding…. Not possible to use VNC with Bare Metal. Serial console connection auto-terminates after 24h. Cannot edit system config files. Not possible to connect serial console to Windows.

You have been asked to set up connectivity between a client on-premises network and Oracle Cloud Infrastructure (OCI). The requirements are: #Low latency: The applications are financial and require low latency connectivity into OCI.#Consistency: The application is not tolerant of performance variation. #Performance: The communications link needs to support up to 1.25 Gbps. #Encryption: The communications link needs to encrypt any data in transit between the on-premises network and OCI Virtual Cloud Network (VCN). The client wants to implement the above with as low a cost as possible, while meeting all of the requirements. What should you suggest?. Provision FastConnect with a single public virtual circuit, and run an IPsec VPN tunnel over the top of this virtual circuit. Provision FastConnect with a single private virtual circuit, and run an IPsec VPN tunnel over the top of this virtual circuit. Provision FastConnect with a single public virtual circuit. Provision FastConnect with a single private virtual circuit. Provision a site-to-site IPsec VPN between your on-premises network and your virtual cloud network (VCN) using VPN Connect.

You have been asked to review a network design for Oracle Cloud Infrastructure (OCI) by a major client. The client IT team needs to provision two Virtual Cloud Networks (VCNs) for a major application. The application uses a large number of virtual machine instances. Additionally, in the future, a VCN peering will be required to allow connectivity between the VCNs. Which of the following are valid IP ranges to consider?. 10.0.8.0/21 and 10.0.16.0/22. 10.0.0.0/16 and 10.0.64.0/24. 10.0.0.0/8 and 11.0.0.0/8. 10.0.0.0/30 and 192.168.0.0/30.

You have created the following JSON file to specify a lifecycle policy for one of your object storage buckets: Objects containing the name prefix LOGS will be automatically migrated from standard Storage to Archive storage 30 days after the creation date. The object will be mi-grated back to standard Storage 120 days after creation. Objects with the prefix LOGS will be retained for 120 days and then deleted permanently. Objects containing the name prefix LOGS will be automatically migrated from standard Storage to Archive storage 30 days after the creation date. The object will be deleted 120 days after creation. The objects with prefix LOGS will be deleted 30 days after creation date.

Which option is NOT a possible return value for an OCI health check?. UNKNOWN. TIMED_OUT. INVALID_STATUS_CODE. REGEX_MISMATCH. UNREACHABLE.

You have a group pf developers who launch multiple VM.Standard2.2 compute instances every day into the compartment Dev. As a result, your OCI tenancy quickly hit the service limit for this shape. Other groups can no longer create new instances using VM.Standard2.2 shape. Because of this, your company has issued a new mandate that the Dev compartment must include a quota to allow for use of only 20 VM.Standard2.2 shapes per Availability Do-main. Your solution should not affect any other compartment in the tenancy. Which quota statement should be used to implement this new requirement?. zero compute quotas in tenancy set compute quota vm-standard22--count to 20 in tenancy dev. zero compute quotas in tenancy set compute quota vm-standard22--count to 20 in compartment dev. set compute quota vm-standard22--count to 20 in compartment dev. set compute quota vm-standard2-count to 10 in compartment dev where request.region = us-phoenix-01.

You are using the Oracle Cloud Infrastructure Command Line Interface to launch a Linux virtual machine. You enter the following command (with correct values for all parameters): The command fails. Which is NOT a valid parameter in this command?. –shape. -t <tenancy_id>. -c <compartment_id>. --subnet-id. --image-id.

You have created several block volumes in the us-phoenix-1 region in a specific compart-ment. The compartment can be identified by the following Oracle Cloud Infrastructure (OCI) unique identifier, or ocid1. compartment.oc1.phx..exampleuniquelD Your manager has asked you to leverage the OCI monitoring service and write a metric query showing all read IOPS at a one-minute interval, filtered to this compartment and aggregated for the maximum. Which metric query will you create?. IopsRead[lm]{compartmentId = 'odd1.compartment.ocl.phx..exampleuniquelD'}.grouping().mean(). Iop-sWrite[lm]{compartmentId=Hocidl.compartment.ocl.phx..exampleuniquelD'}.mean(). Iop-sRead[lm{compartmentId='ocidl.compartment.ocl.phx..exampleuniquelD'}.grouplng().max(). IopsRead[lm]{compartmentId='ocldl.compartment.ocl.phx..exampleuniquelD'}.max().

The boot volume on your Oracle Linux instance has run out of space. Your application has crashed due to a lack of swap space, forcing you to increase the size of the boot volume. Which step should NOT be included in the process used to solve the issue?. Reattach the boot volume and restart the instance. Attach the resized boot volume to a second instance as a data volume; extend the partition and grow the file system in the resized boot volume. Create a RAID 0 configuration to extend the boot volume file system onto another block volume. Resize the boot volume by specifying a larger value than the boot volume current size. Stop the instance and detach the boot volume.

Which two statements are TRUE about Object Storage data security and encryption in Oracle Cloud Infrastructure (OCI)? (Choose two): A VPN connection to OCI is required to ensure secure data transfer to an object storage bucket. All traffic to and from Object Storage service is encrypted using TLS. Client-side encryption is managed by the customer. OCI Vault Management is used by default to provide data security. Data needs to be decrypted on the client side before retrieving it.

You have been asked to update the lifecycle policy for object storage using the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI). Which command can successful-ly update the policy?. oci os object-lifecycle-policy delete --ns <object_storage_namespace> --bn <buck-et_name>. oci os object-lifecycle-policy put --ns <object_storage_namespace> --bn <bucket_name>. oci os object-lifecycle-policy get --ns <object_storage_namespace> --bn <bucket_name>. oci os object-lifecycle-policy put --ns <object_storage_namespace> --bn <bucket_name> -- --items <json_formatted_lifecycle_policy>.

You have recently joined a startup company and quickly find that nobody is tracking the amount of money spent on Oracle Cloud Infrastructure (OCI). Seeing an opportunity to help save money you begin creating a solution to better track the cost of resources provisioned by each individual on the team. Which option allows you to identify excessive spend across all re-sources in your tenancy?: Use the Events Service and create rules that will act when a new Object Storage bucket or Compute Instance has been created. Have the rule email you each time one of these events occurs. Create a budget for each compartment that will send a notification when monthly spend reaches a pre- defined amount. Create a tag namespace named BILLING with a Tag Key named CostCenter. Tag each of your resources with this Tag Key and the correct value. Use the Python SDK to write a custom application that will monitor the Audit log. Look for CREATE events and configure the application to send you an email each time a new resource is created.

Multiple teams are sharing a tenancy in Oracle Cloud Infrastructure (OCI). You are asked to figure out an appropriate method to manage OC1 costs. Which is NOT a valid technique to accurately attribute costs to resources used by each team?. Create separate compartment for each team. Use the OCI cost analysis tools to filter costs by compartments. Create a Cost-Tracking tag. Apply this tag to all resources with team Information. Use the OCI cost analysis tools to filter costs by tags. Create an Identity and Access Management (IAM) group for each team. Create an OCI budget for each group to track spending. Define and use tags for resources used by each team. Analyze usage data from the OCI Usage Report which has detailed Information about resources and tags.

You are an admin of an OCI tenancy. To save cost, you want to restrict the amount of OCPUs that can be provisioned in each compartment. Which will allow this?. Compartment quotas. Service limits. Budgets. Resource Manager.

In your root compartment, you have two subcompartments, A and B. You have three in-stances in each compartment, including the root (for a total of nine). What does the following metric query return if you use the console to run it in the root compartment? CpuUtiliza-tion[1m].mean(). Three different time series: each time series represents the average CPU utilization of one of the three instances in the root compartment per minute. One number: the average CPU utilization over all nine instances over the last minute. One time series: the average CPU utilization over the three instances in the root compartment per minute. One time series: the average CPU utilization over all nine instances per minute.

You are asked to implement the disaster recovery (DR) and business continuity requirements for Oracle Cloud Infrastructure (OCI) Block Volumes. Two OCI regions being used: a primary/source region and a DR /destination region. The requirements are: There should be a copy of data in the destination regionto use if a region-wide disaster occurs in the source region#Minimize costs Which design will help you meet these requirements? (Choose the best answer.). Clone block volumes. Use Object Storage lifecycle management to automatically move clone objects to Archive Storage. Copy Archive Storage buckets from source region to destination at regular intervals. Back up block volumes. Copy block volume backups from source region to destination region at regular intervals. Clone block volumes. Copy block volume clones from source region to destination region at regular intervals. Back up block volumes. Use Object Storage lifecycle management to automatically move backup objects to Archive Storage. Copy Archive Storage buckets from source region to destination at regular intervals.

A developer has created a file system in the Oracle Cloud Infrastructure (OCI) File Storage service. She then launches an Oracle Linux compute instance and mounts the file system successfully on this instance. The next day, she tries writing to the file system from the compute instance using the following command: touch /mnt /yourmountpoint/helloworld.txt But receives an error message: touch: cannot touch '/mnt/yourmountpoint /helloworld.txt': Permission denied What might be the reason for this error?. Service limits or quota for file system writes have been breached. User is connecting as the default Oracle Linux user opc instead of the root user. The touch command is not available in Oracle Linux, by default. User is not part of any OCI Identity and Access Management (IAM) group with write permissions to the File Storage service.

You use a bucket in Object Storage to store backups of a database. Versioning is enabled on these objects, so that every time you take a new backup, it creates a new version. You add the following life-cycle policy rule: { "action": "DELETE", "is-enabled": true, "name": "Delete-Rule", "object-name-filter": null, "target": "objects", "time-amount": 60, "time-unit": "DAYS" } Which option is true regarding this rule?. Once any specific version is 60 days old, it will be deleted. Deletion will physically delete the data. 60 days after the initial creation, any object will be deleted. Deletion marks the latest version as deleted but does not physically delete it. 60 days after the initial creation, any object will be deleted. Deletion will physically de-lete all versions of the object. If 60 days passes for an object without a new version being created, it will be deleted. Deletion marks the latest version as deleted but does not physically delete it.

You have a web application that is running on compute instances distributed across an availability domain's fault domains. To share state, instances of the application need to read and write to a shared file system that supports concurrent access from multiple instances. Which two can help fulfill this technical requirement?. Attach a block volume to each instance. Enable replication between the block volumes. Create a file system in the File Storage service. Create a mount target and export the file system. Mount the export onto all of the instances. Attach a single block volume in read/write shared mode to all the instances. Enable the cluster plug-in on the Oracle Cloud Agent to coordinate access to the shared volume. Attach a single block volume in read/write shared mode to alt the instances. Use a cluster aware system such as Oracle Cluster File System version 2 (OCFS2) to coordinate access to the shared volume.

You have created an Autonomous Data Warehouse (ADW) service in your company Oracle Cloud Infrastructure (OCI) tenancy and you now have to load historical data into it. You have already extracted this historical data from multiple data marts and data warehouses. This data is stored in multiple CSV text files and these files are ranging in size from 25 MB to 20 GB. Which is the most efficient and error tolerant method for loading data into ADW? (Choose the best answer.). Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL, using OCI CLI upload the CSV files to an OCI object storage bucket, create the tables in the ADW database and then execute Data Pump Import for each CSV file to copy the contents into the corresponding ADW database table. Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD. CREATE_CREDENTIAL, using OCI CLI upload the CSV files to an OCI object storage bucket, create the tables in the ADW database and then execute DBMS_CLOUD.COPY_DATA for each CSV file to copy the contents into the corresponding ADW database table. Create the tables in the ADW database and then execute SQL*Loader for each CSV file to load the contents into the corresponding ADW database table. Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD. CREATE_CREDENTIAL, using the web console upload the CSV files to an OCI object storage bucket, create the tables in the ADW database and then execute DBMS_CLOUD.COPY_DATA for each CSV file to copy the contents into the corresponding ADW database table.

You have set an alarm to be generated when the CPU usage of a specified instance is greater than 10%. In the alarm behavior view below you notice that the critical condition happened around 23:30. You were expecting a notification after 1 minute, however, the alarm firing state did not begin until 23:33. What should you change to fix it? (Choose the best answer.). Change the alarm trigger delay minutes value to 1. Change the notification topic that you previously associated with the alarm. Change the alarm metric interval to 1. Change the alarm condition to be grater than 3%.

When creating an alarm query in Oracle Cloud Infrastructure (OCI) Monitoring, which of the following statement is NOT valid?. You must specify a Metric. You must specify Trigger rule (threshold or absence). You must specify Resource Group. You must specify Statistic. You must specify an interval.

You have a Terraform configuration that includes a VCN and three compute instances in the VCN. The configuration also includes a cloud-init script for each compute instance. You upload the configuration to OCI Resource Manager and run an apply job. Which option correctly describes the order of execution, assuming the configuration does not model explicit dependencies?. Resource Manager provisions the VCN, then all compute instances in parallel. Resource Manager provisions the VCN, then the compute instances one at a time. Terraform waits for the cloud-init script of each instance to complete before proceeding to the next instance. Resource Manager provisions the VCN, then the compute instances one at a time. Terraform does not wait for the cloud-init script of each instance to complete before proceeding to the next instance. Resource Manager provisions the resources from top to bottom in the configuration file.

Cloud-init script example: #cloud-config packages: - httpd runcmd: - systemctl enable httpd - systemctl start httpd - firewall-offline-cmd --add-service=http - systemctl restart firewalld.

You are using Oracle Cloud Infrastructure (OCI) console to set up an alarm on a budget to track your OCI spending. Which two are valid targets for creating a budget in OCI? (Choose two.). Select Cost-Tracking Tags as the type of target for your budget. Select user as the type of target for your budget. Select Compartment as the type of target for your budget. Select Tenancy as the type of target for your budget. Select group as the type of target for your budget.

Which default authentication is used by Ansible modules for Oracle Cloud Infrastructure (OCO for making API requests?. Resource Principal Authentication. Instance principal authentication. API Key Authentication. OAuth Authentication.

You have ordered two FastConnect connections that provide a high availability connection architecture between your on-premises data center and Oracle Cloud Infrastructure (OCI). You want to run these connections in an ACTIVE/PASSIVE architecture. How can you accomplish this? (Choose the best answer.). Enable BGP on the FastConnect that you want as the ACTIVE connection. Decrease the prefix length of AS for the FastConnect you want to use as PASSIVE connection. Adjust one of the connections to have a higher ASN. Use AS PATH prepending with your routes.

CloudOps group policy: As a solution architect of the Oracle Cloud Infrastructure tenancy, you have been asked to provide members of group CloudOps the ability to view and retrieve monitoring metrics, but only for all monitoring-enabled compute instances. Which policy statement will you define to grant this access?. Allow group CloudOps to read metrics in tenancy where tar-get.metrics.monitoring='oci_computeagent'. Restricting monitoring access only to compute instances metrics is not possible. Allow group CloudOps to read metrics in tenancy where tar-get.metrics.namespace=oci_computeagent. Allow group CloudOps to read compute-metrics in tenancy.

You have been asked to review a network design for Oracle Cloud Infrastructure (OCI) by a major client. The client IT team needs to provision two Virtual Cloud Networks (VCNs) for a major application. The application uses a large number of virtual machine instances. Additionally, in the future, a VCN peering will be required to allow connectivity between the VCNs. Which of the following are valid IP ranges to consider? (Choose the best answer.). 10.0.8.0/21 and 10.0.16.0/22. 10.0.0.0/8 and 11.0.0.0/8. 10.0.0.0/30 and 192.168.0.0/30. 10.0.0.0/16 and 10.0.64.0/24.

Terraform rerun after shape change: (CHK) Your company recently adopted a hybrid cloud architecture which requires them to migrate some of their on-premises web applications to Oracle Cloud Infrastructure (OCI). You created a Terraform template which automatically provisions OCI resources such as compute instances, load balancer, and a database instance. After running the stack using the terraform apply command, it successfully launched the compute instances and the load balancer, but it failed to create a new database instance with the following error: Service error: NotAuthorizedOrNotFound. shape VM.Standard2.4 not found. http status code: 404 You dis- covered that the resource quotas assigned to your compartment prevent you from using VM.Standard2.4 instance shapes available in your tenancy. You edit the Terraform script and replace the shape with VM. Standard2.2 Which option would you recommend to re-run the terraform command to have required OCI resources provisioned with the least effort? (Choose the best answer.). terraform plan target=oci_database_db_system.db_system. terraform apply auto-approve. terraform refresh target=oci_database_db_system.db_system. terraform apply target=oci_database_db_system.db_system.

You have been asked to ensure that in-transit communication between an Oracle Cloud Infrastructure (OCI) compute instance and an on-premises server (192.168.10.10/32) is encrypted. The instances communicate using HTTP. The OCI Virtual Cloud Network (VCN) is connected to the on-premises network by two separate connections: a Dynamic IPsec VPN tunnel and a FastConnect virtual circuit. No static configuration has been added. What solution should you recommend? (Choose the best answer.). The instances will communicate by default over IPsec VPN, which ensures data is encrypted in-transit. The instances will communicate by default over the FastConnect private virtual circuit, which ensures data is encrypted in-transit. Advertise a 192.168.10.10/32 route over the VPN. Advertise a 192.168.10.10/32 router over the FastConnect.

You have received an email from your manager to provision new resources on Oracle Cloud Infrastructure (OCI). When researching OCI, you determined that you should use OCI Resource Manager. Since this is a task that will be done multiple times for development, test, and production. You will need to create a command that can be re-used. Which CLI command can be used in this situation? (Choose the best answer.). oci resource-manager stack create --tenancy-id <tenancy_OCID> \ --config-source prod.zip --variables file://variables.json \ --display-name Production stack build \ --description Creating new Production environment. oci resource-manager stack update --compartment-id <compartment_OCID> \ --config-source prod.zip --variables file://variables.json \ --display-name "Production stack build" \ --description Creating new Production environment. oci resource-manager stack update --tenancy-id <tenancy_OCID> \ --config-source prod.zip --variables file://variables.json \ --display-name "Production stack build" \ --description Creating new Production environment. oci resource-manager stack create --compartment-id <compartment_OCID> \ --config-source prod.zip --variables file://variables.json \ --display-name "Production stack build" \ --description Creating new Production environment.

Your team implemented a SaaS application that requires a whole system deployment for each new customer. The infrastructure provisioning is already automated via Terraform, and now you have been asked to develop an Ansible playbook to centralize configuration file management and deployment. What is the most effective way to ensure your playbooks are utilizing up-to-date and accurate inventory? (Choose the best answer.). Export an inventory list from the Oracle Cloud Infrastructure Web console. Implement a Command Line Interface script to list all the resources and run it within Ansible to generate a dynamic inventory list. Download the dynamic inventory script provided by Oracle Cloud Infrastructure and include it in the playbook invocation command. Export an inventory list using Terraform apply command.

One of the compute instances that you have deployed on Oracle Cloud Infrastructure (OCI) is malfunctioning. You have created a console connection to remotely troubleshoot it. Which two statements about console connections are TRUE? (Choose two.). It is not possible to connect to the serial console to an instance running Microsoft Windows, however VNC console connection can be used. For security purpose, the console connection will not let you edit system configuration files. If you do not disconnect from the session, your serial console connection will automatically be terminated after 24 hours. VNC console connection uses SSH port forwarding to create a secure connection from your local system to the VNC server attached to your instance's console. It is not possible to use VNC console connections to connect to Bare Metal Instances.

Your deployment platform within Oracle Cloud Infrastructure (OCI) leverages a compute instance with multiple block volumes attached. There are multiple teams that use the same compute instance and have access to these block volumes. You want to ensure that no one accidentally deletes any of these block volumes. You have started to construct the following IAM policy but need to determine which permissions should be used. allow group DeploymentUsers to manage volume-family where ANY { request.permission != <???>, request.permission != <???>, request.permission != <???> } Which permissions can you use in place of <???> in this policy? (Choose the best answer.). VOLUME_DELETE, VOLUME_ATTACHMENT_DELETE, VOL-UME_BACKUP_DELETE. ERASE_VOLUME, ERASE_VOLUME_ATTACHMENT, ERASE_VOLUME_BACKUP. DELETE_VOLUME, DELETE_VOLUME_ATTACHMENT, DE-LETE_VOLUME_BACKUP. VOLUME_ERASE, VOLUME_ATTACHMENT_ERASE, VOL-UME_BACKUP_ERASE.

As a solutions architect of the Oracle Cloud Infrastructure (OCI) tenancy, you have been asked to provide members of the CloudOps group the ability to view and retrieve monitoring metrics, but only for all monitoring-enabled compute instances. Which policy statement would you define to grant this access?. Allow group CloudOps to read metrics in tenancy where tar-get.metrics.namespace='oci_computeagent'. Restricting monitoring access only to compute instances metrics is not possible. Allow group CloudOps to read compute-metrics in tenancy. Allow group CloudOps to read metrics in tenancy where tar-get.metrics.monitoring='oci_computeagent'.

You have a group pf developers who launch multiple VM.Standard2.2 compute instances every day into the compartment Dev. As a result, your OCI tenancy quickly hit the service limit for this shape. Othergroups can no longer create new instances using VM.Standard2.2 shape. Because of this, your company has issued a new mandate that the Dev compartment must include a quota to allow for use of only 20 VM.Standard2.2 shapes per Availability Do-main. Your solution should not affect any other compartment in the tenancy. Which quota statement should be used to implement this new requirement? (Choose the best answer.). zero compute quotas in tenancy set compute quota vm#€"standard22--count to 20 in tenancy dev. set compute quota vm-standard22--count to 20 in compartment dev. zero compute quotas in tenancy set compute quota vm#€"standard22--count to 20 in compartment dev. set compute quota vm-standard2-count to 10 in compartment dev where request.region = us-phoenix-01.

You have a Linux compute instance located in a public subnet in a VCN which hosts a web application. The security list attached to subnet containing the compute instance has the following stateful ingress rule. The Route table attached to the Public subnet is shown below. You can establish an SSH connection into the compute instance from the internet. However, you are not able to connect to the web server using your web browser. Which step will resolve the issue? (Choose the best answer.). In the route table, add a rule for your default traffic to be routed to NAT gateway. In the security list, remove the ssh rule. In the security list, add an ingress rule for port 80 (http). In the route table, add a rule for your default traffic to be routed to service gateway.

You set up a bastion host in your VCN to only allow your IP address (140.19.2.140) to establish SSH connections to your Compute Instances that are deployed in a private subnet. The Compute Instances have an attached Network Security Group with a Source Type: Network Security Group (NSG), Source NSG: NSG-050504. To secure the bastion host, you added the following ingress rules to its Network Security Group: However, after checking the bastion host logs, you discovered that there are IP addresses other than your own that can access your bastion host. What is the root cause of this issue? (Choose the best answer.). All compute instances associated with NSG-050504 are also able to connect to the bastion host. The Security List allows access to all IP address which overrides the Network Security Group ingress rules. A netmask of /32 allows all IP address in the 140.19.2.0 network, other than your IP 140.19.2.140. The port 22 provides unrestricted access to 140.19.2.140 and to other IP address.

NOT a valid cost attribution technique: Separate compartments. Cost-tracking tag. IAM groups + budgets per group. Tags + usage report.

An organization wants to extend their existing on-premises data centers to the Oracle Cloud Infrastructure (OC1) us-phoenix-1 region. In order to achieve It, they have created an IPSec VPN connection between their Customer-Premises Equipment(CPE) and Dynamic Routing Gateway(DRG) on How can you make this connection highly available (HA)?. Add another Dynamic Routing gateway In a different Availability Domain and create another IPSec VPN connection. Add another Customer-Premises Equipment (CPE) and create second IPSec VPN connection with the same Dynamic Routing Gateway (DRG). Create a NAT Gateway and route all traffic through a NAT Gateway, which is highly available component. Add another Dynamic Routing Gateway in a different Availability Domain, and create another IPSec VPN connection with another Customer Premises Equipment (CPE).

An organization wants to extend their existing on-premises data centers to the Oracle Cloud Infrastructure (OC1) us-phoenix-1 region. In order to achieve It, they have created an IPSec VPN connection between their Customer-Premises Equipment(CPE) and Dynamic Routing Gateway(DRG) on How can you make this connection highly available (HA)?. Add another Dynamic Routing gateway In a different Availability Domain and create another IPSec VPN connection. Add another Customer-Premises Equipment (CPE) and create second IPSec VPN connection with the same Dynamic Routing Gateway (DRG). Create a NAT Gateway and route all traffic through a NAT Gateway, which is highly available component. Add another Dynamic Routing Gateway in a different Availability Domain, and create another IPSec VPN connection with another Customer Premises Equipment (CPE).

You have the following compartment structure within your company's Oracle Cloud Infrastructure (OCI) tenancy: -root -CompartmentA -CompartmentB -CompartmentC You want to create a policy in the root compartment to allow SystemAdmins to manage VCNs only In CompartmentC. Which policy is correct?. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentC. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentB:CompartmentC. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentA:CompartmentB:CompartmentC. Allow group SystemAdmins to manage virtual-network-family in compartment Root.

You have received an email from your manager to provision new resources on Oracle Cloud Infrastructure (OCI). When researching OCI y detect that you should use OCI Resource Manager. Since this is a task that will be done multiple times for development, test, and production need to create a command that can be re-used. Which CLI command can be used In this situation?. oci resource-manager stack update --compartment-id ... oci resource-manager stack create --compartment-id ... oci resource-manager stack create --tenancy-id ... oci resource-manager stack update --tenancy-id ...