Which two statements are true about private IP objects? Each instance receives a primary private IP object and a secondary private IP object at launch. Secondary private IPs must be manually deleted when you terminate the mapped instance. You can add a secondary private IP to either the primary VNIC or a secondary VNIC of an instance after it's launched. A private IP can have a public IP assigned to it.
When changing the performance level of boot volumes, which two performance levels can you select? Lower cost Balanced High performance Ultra-high performance.
You want to make a point-in-time snapshot of the data on a block volume. Under which condition can you make a block volume backup? When it is attached to an instance or while it is detached OCI does not provide point-in-time backup of data on a block volume. Only when it is detached from all instances Only when it is attached to an instance.
When you create a block volume, what is its default performance level? Balanced Ultra-high performance Lower cost High performance.
What happens to traffic if there is no route rule that matches the network traffic you intend to route outside the VCN? It is sent over the NAT gateway. It is sent over the Internet gateway. It is sent over FastConnect. It is dropped. .
You have two objects in a bucket: Object X and Object Y. Object X was last modified 14 months ago and Object Y was last modified 3 months ago. You create a retention rule with a duration of 1 year. Which two statements are true? Object Y can be modified or deleted immediately. Object Y cannot be modified or deleted for the next 9 months. Object X cannot be modified or deleted for the next 2 months. Object X can be modified or deleted immediately. .
Which two conditions must be met for an instance to communicate directly with the Internet? Instance must be in a private subnet. Public subnet must have route tables without any security lists. Instance must have a public IP address. Instance's VCN must have an Internet gateway. .
At which layer of the OSI model does a web application firewall help to filter traffic? Transport layer Application layer Datalink layer Presentation layer.
Which autonomous database type specializes in developing NoSQL-style applications that use JavaScript Object Notation documents? Autonomous Data Warehouse Autonomous JSON Database Autonomous Transaction Processing Oracle APEX Application Development.
Which two statements are true about security lists? They are applied to a group of VNICs of your choice instead of all the VNICs in a given subnet. The default security list allows TCP traffic on destination port 22 (SSH) from authorized source IP addresses and any source port. Each subnet can have only one security list associated with it. The default security list does not include a rule to allow ping requests. .
You want to forbid the creation of public buckets in Object Storage. Which OCI security feature can you use to achieve this? Event notifications and topics Triggers and procedure Roving Edge infrastructure and data sets Security zone and security zone recipe .
At which level are retention rules configured? Object level Compartment level Bucket level Namespace level.
Your application or workload includes big data, analytics, media processing, or content management. You require Portable Operating System Interface (POSIX)-compliant file system access semantics and concurrently accessible storage. Which storage service must you use? File Storage Vault Storage Object Storage Block Storage.
Which two statements are true about the OS Management service? If the OS Management service fails while updating a package, you must contact Oracle Support to identify the cause of failure.
Actions such as installing or removing updates are synchronous and do not initiate work requests. It allows you to specify a date and time when a managed instance will be updated If a managed instance is terminated, the OS Management service will automatically remove it from the managed instance list.
An instance running in a development compartment needs to make API calls to other OCI services. How can you achieve this without configuring user credentials or setting up a configuration file? Create a dynamic group with matching rules to include your instance and write a policy for this dynamic group. Create a dynamic group with matching rules to include your instance. The requirement cannot be achieved by configuring user credentials or setting up a configuration file. Instances can automatically make calls to other OCI services; hence, no configuration is needed.
Which two statements are true about local VCN peering? It uses an Internet gateway. The two VCNs must have overlapping CIDRs. The VCNs can be in different Oracle Cloud Infrastructure tenancies but in the same region. You can use a single DRG for local peering. .
Which Traffic Management Steering policy distributes DNS traffic to different endpoints based on the location of the end user? IP prefix steering Geolocation steering ASN steering Load balancer.
What is the allowable VCN size range? /0 through /32 /8 through /24 /8 through /16 /16 through /30.
Which two statements are true about NoSQL Cloud Service? Storage capacity is managed in each NoSQL cluster. It interoperates with NoSQL Database Enterprise edition through a single programmatic interface with no application code modification. Throughput capacity is measured in write units and read units. Database deployment can be at on-premises data centers, or BYOL with Oracle Cloud or other cloud vendors.
Which three statements are true about compartments? You cannot control the type of resources that can be created within a compartment. You can set a budget on a compartment so that you are notified as soon as the budget is exceeded. One compartment can have resources from multiple regions. Multiple compartments can share a single resource. Compartments can be nested. .
Which block volume performance level is recommended for throughput-intensive workloads with large sequential I/O, such as streaming, log processing, and data warehouses? High performance Balanced Lower cost Ultra-high performance.
Which three security services provide infrastructure protection? WAF DDoS Protection Key Vault Security Lists Cloud Guard.
Examine this policy:
Allow group GroupMgr to manage volumes in tenancy where request.permission != 'VOLUME_DELETE'
Which three actions can a user belonging to the GroupMgr group perform? Delete volumes. Move volumes Update volumes. Create volumes. .
Which three components, other than raw data points and timestamp-value pairs, are emitted as metrics to the Monitoring service? Attribute Namespace Metadata Data Dimension .
Database admins and app developers want to run OLTP and OLAP workloads directly from their MySQL database, eliminating the need for complex, time-consuming, and expensive data movement and integration with a separate analytics database. Which feature of MySQL database service enables this? Automatic Memory Management Exalogic ElastiCache Heatwave .
Which type of logs are emitted by API gateways, events, and Object Storage? Audit logs Service logs Archive logs Custom logs.
Compartment A is a child compartment of root.
Compartment B is a child compartment of Compartment A.
Compartment C is a child compartment of Compartment B.
You have attached the following policy to Compartment A:
Allow group NetworkAdmins to manage virtual-network-family in Compartment A.
For which compartments can a user of the NetworkAdmin group manage VCNs? Compartment B and Compartment C only Compartment A only Compartment A, Compartment B, and Compartment C only Root compartment, Compartment A, Compartment B, and Compartment C.
Which OCI networking method must you use to divide your network into multiple VCNs based on departments, with each VCN having direct, private access to the others while avoiding traffic flowing over the Internet or through your on-premises network? VCN peering
FastConnect NAT gateway Site-to-site VPN.
Which two statements are true about Object Storage? It is a regional service and is not tied to any specific compute instance Archive is the default tier for Object Storage buckets. It supports private access from Oracle Cloud Infrastructure resources in a VCN through a service gateway. You can back up a DB system to Object Storage only via the Internet.
Which network security service allows you to separate the VCN's subnet architecture from your application security requirements? Security lists Flow logs Network security group Access control.
What is used to specify the actions that Cloud Guard can take when detectors identify problems? Threshold Alarms Responder Metrics.
Which cloud solution in Oracle Cloud Infrastructure lets you index, enrich, aggregate, explore, search, analyze, correlate, visualize, and monitor all log data from your applications and system infrastructure? Correlated analytics Logging analytics Service analytics Monitoring analytics.
For which two types of workloads must you use a bare metal compute instance? Performance-sensitive workloads Workloads that do not require a BYO image Virtualized workloads Workloads that require a specific hypervisor .
When triggered, an alarm sends an alarm message to the configured topic. In which service is the topic configured? Synchronization Management Notification Monitoring.
You want users of the NetworkAdmin group to manage a cloud network in any compartment of a tenancy. What must you allow the NetworkAdmin group to do? Use virtual-network-family in compartment XYZ. Manage network-catalog-listing in tenancy. Manage instance-family in compartment ABC. Manage virtual-network-family in tenancy. .
Which policy is automatically applied when you create a cloud account? Allow Group Administrator to manage all-resources in regions Allow Group Administrator to manage all-resources in tenancy Allow Group Administrator to manage all-resources in all-domains Allow Group Administrator to manage all-resources in all-compartments.
Which two statements are true about auth tokens? They expire after 14 days by default. They can be used to authenticate third-party APIs. Every user can generate up to two auth tokens. They make use of a public key/private key pair.
Which two statements are true about cloning a file system? You can clone a parent file system, but you cannot create a clone of a clone. You can create multiple clones of a parent file system in the same availability domain. File system properties, such as compartment, tags, display name, keys, and mount target export information, are not copied over from the parent. All snapshots that exist in the parent file system are inherited by the clone, up to and including the snapshot that is used as the source of the clone. .
Which three components are managed by the customer and not by Oracle in a shared security model of OCI? Data Application Physical hosts Accounts and identities Physical networks.
Examine these two policies.
Allow group GroupAdmins to manage groups in tenancy where all {target.group.name=/A-*/,target.group.name!='A-Admins'}
Allow group GroupAdmins to inspect groups in tenancy
Which statement is true with regard to the preceding policies? GroupAdmins can create, update, or delete any groups whose names start with "A-", except for the A-Admins group. GroupAdmins can create, update, or delete any groups whose names start with "A." GroupAdmins can create, update, or delete any groups whose names start with "A." GroupAdmins can create, update, or delete any groups whose names end with "A-", except for the A-Admins group.
For maximum cost efficiency, when launching compute instances, which capacity type must you select for workloads that run periodically or for short periods of time and don’t require continuous availability? Reserved capacity Dedicated capacity Pre-emptible capacity On-demand capacity.
Which four types of images can be used in Oracle Cloud Infrastructure? Oracle-provided Linux images Oracle-provided Solaris images Custom images created from existing images in Oracle-provided Windows images Prebuilt application images from Oracle available in the OCI Marketplace .
When you enable auto tiering, objects larger than 1 MiB are automatically moved from the Standard tier to which tier? Infrequent Access tier Archive tier Backup tier Redundancy tier.
Which two connectivity options can you use to give your virtual cloud network (VCN) access to the Internet? FastConnect Internet gateway NAT gateway Service gateway.
You have enabled versioning for a bucket. What happens when you upload an object with the same name as an existing object? The object is overwritten and the overwritten object is not retained or recoverable. The existing object becomes a previous version and the newly uploaded object becomes the latest version. The existing object is moved to a different bucket which has been marked for archival. It returns an error.
Which Oracle Database edition is required to deploy a two-node Oracle RAC DB system? Enterprise Edition Enterprise Edition - Extreme Performance Standard Edition Enterprise Edition - High Performance.
You want a specific set of users, who do not have IAM user credentials, to access a bucket for a duration of 2 days. Which mechanism can help you achieve this? Creating an auto config file Moving the bucket to an archive tier Converting the bucket to a public bucket Raising pre-authenticated requests .
Which Oracle-defined backup policy includes weekly incremental backups that run on Sunday, also includes a full backup that runs yearly during the first part of January, and is retained for five years? Gold policy Bronze policy Silver policy Platinum policy.
Which OCI security feature can you use to ensure that unwanted bots are mitigated while desirable bots are allowed to enter? Web application firewall Cloud Guard Data Vault Security zone.
Which co-managed database service applies the combined power of Exadata and Oracle Cloud Infrastructure while enabling you to meet your organization's data residency requirements? Autonomous Database Exadata Cloud Service Exadata Cloud@Customer Bare metal and virtual machine DB systems.
Which gateway allows resources within a VCN to communicate with the Internet but prevents any inbound traffic? Service gateway NAT gateway Internet gateway Dynamic routing gateway.
Which two statements are true about site-to-site VPN? You need a dynamic routing gateway when you are trying to connect your VCN to the Internet by using site-to-site VCN. You cannot use multiple site-to-site connections between your on-premises network and virtual cloud network (VCN). It encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives. It provides a site-to-site IPSec connection between your on-premises network and your virtual cloud network (VCN). .
Which two statements are true about boot volumes? When you terminate your instance, you can keep the associated boot volume and use it to launch a new instance, but it must be of the same shape and size as the original instance. When you terminate the instance, you can preserve the boot volume and its data. When you launch a virtual machine (VM) or bare metal instance based on a platform image or custom image, a new boot volume for the instance is created in the same compartment. You cannot group boot volumes with block volumes into the same volume group.
Which Object Storage tier would you use for data that you need to access quickly, immediately, and frequently? Archive tier Infrequent access tier Standard tier Ultra-high performance tier High performance tier.
Which four layers of access control are used by the File Storage service? Oracle Cloud Infrastructure (OCI) policy NFS v.3 UNIX security NFS export option Network security Key management Web application firewall.
Which protocol is used by FastConnect? DNS routing OSPF IPSec BGP .
Which three encryption algorithms are supported by OCI Vault? ECDSA HMAC IDEA AES RSA .
Which type of load balancer distributes traffic based on IP address and destination ports only? Layer-7 Layer-2 Layer-6 Layer-4.
Which two statements are true about application-based load balancers? They are based on IP address and destination ports only. They perform content-based routing They support both HTTP and HTTPS. They act only on the TCP layer variables.
Which two statements are true about autoscaling? Each instance pool can have only one autoscaling configuration An autoscaling configuration can include one or more autoscaling policies. For autoscaling to work, you must configure a load balancer. Metric-based autoscaling relies on performance metrics that are collected by the Tracking service.
Which two statements are true about a block volume clone? It makes use of Object Storage. You can clone a volume group. It creates a single point-in-time copy of a volume without having to go through the backup and restore process. It is slower than a block volume backup.
Which three statements are true about a master encryption security key protected by software? It is stored in a server. It cannot be exported from HSM. Cryptographic operations are allowed on clients. It is stored in an HSM device. It can be exported from a server. .
|
