1072 Udemy110

5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Question 1: Correct
Your company has been running several small applications in Oracle Cloud Infrastructure and is
planning a proof of concept (POC) to deploy PeopleSoft. If your existing resources are being
maintained In the root compartment, what is the recommended approach for defining security
for the upcoming POC ?
Provision all new resources into the root compartment. Use

defined tags to separate resources that belong to different
applications.
Create a new tenancy tor the POC. Provision all new

resources Into the root compartment. Grant appropriate
permissions to create and manage resources within the root
compartment
Provision all new resources Into the root compartment.

Grant permissions that only allow for creation and
management of resources specific to the POC.
Create a new compartment for the POC and

grant appropriate permissions to create and (Correct)
manage resources within the compartment.
Explanation
as per You already had existing resources are being maintained In the root compartment
so is the recommended approach for defining security for the upcoming POC to Create a new
compartment for the POC and grant appropriate permissions to create and manage resources within
the compartment.
Question 2: Incorrect
Which two statements about file storage service (FSS) are accurate? (Choose two.)
Data in transit to an FSS mount target is

(Incorrect)
encrypted
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 1/29
Security lists can be used as a virtual firewall to

prevent an instance from mounting an FSS (Correct)
mount target within the same subnet
Identity and Access Management (IAM)

controls which file systems are mountable by (Incorrect)
which instances
FSS leverages UNIX user group and permission

(Correct)
checking for file access security
Encryption of file system in FSS is optional (Incorrect)
Explanation
All data is encrypted at rest. and In-transit encryption provides a way to secure your data between
instances and mounted file systems using TLS v. 1.2 (Transport Layer Security) encryption.
File Storage service supports the AUTH_UNIX style of authentication and permission checking for
remote NFS client requests.
after double-checking this Question we found the below

1- Data in transit to an FSS mount target is encrypted is not the most correct answer which Data in-
transit encryption is not enabled by default and you have to install oci-fss-utils package in the
Instance
Reference: https://docs.cloud.oracle.com/en-us/iaas/Content/File/Tasks/intransitencryption.htm?
Highlight=oci-fss-utils
2- Answer # 4 Should be correct which you have to configure the Security rules and list even if they
Mount Target and instance in same subnet
Reference: https://docs.cloud.oracle.com/en-us/iaas/Content/File/Tasks/securitylistsfilestorage.htm
You have been notified of an application failure indicating that one or more of the Oracle Cloud
Infrastructure (0C1) resources have become unavailable. After scanning the Compute and
Database consoles, you notice that one of the DD Systems is missing.
What would you do to identify the reason for this missing resource?
Create a serial console connection to the DB System that

does not appear in the management console. Connect to
the serial console connection, and then review the system
logs under /var/log/messages
Navigate to the Audit console and search the

previous 24 hours for all Delete actions to get a
(Correct)
list of any resource that was deleted in the past
24 hours
Navigate to the Audit console and search the

previous 24 hours for all List actions to get a
(Incorrect)
list of every event that occurred in the past 24
hours.
View the service limits associated with your account to

ensure that you have not exceeded the allowable number of
DB Systems in your tenancy
Explanation
You can filter results by request actions to zero in on only the events with operations that interest you.
For example, say that you only want to know about instances that were deleted during a specific time
frame. Select a delete request action filter to see only the events with delete operations.
You are deploying a highly available web application in Oracle Cloud Infrastructure and have
decided to use a public load balancer. The back end web servers will be distributed across all
three availability domains (ADS).
How many subnets should you create to deliver a secure, highly available application?
three subnets in total; one regional public subnet to host

your back-end web servers and two AD specific private
subnets to host your private load toad balancer
two subnets in total; one regional public

subnet to host your back-end web servers (Incorrect)
and one regional private subnet to host your
public load load balancer
two subnets in total; one regional private

subnet to host your back-end web servers and
(Correct)
one regional public subnet to host your public
load load balancer
one subnet In total; one regional private subnet to host

your back-end web servers and your public load balancer.
Explanation
To accept traffic from the internet, you create a public load balancer. The service assigns it a public IP
address that serves as the entry point for incoming traffic. You can associate the public IP address
with a friendly DNS name through any DNS vendor.
A public load balancer is regional in scope. If your region includes multiple availability domains, a
public load balancer requires either a regional subnet (recommended) or two availability domain-
specific (AD-specific) subnets, each in a separate availability domain. With a regional subnet, the
Load Balancing service creates a primary load balancer and a standby load balancer, each in a
different availability domain, to ensure accessibility even during an availability domain
outage. If you create a load balancer in two AD-specific subnets, one subnet hosts the primary load
balancer and the other hosts a standby load balancer. If the primary load balancer fails, the public IP
address switches to the secondary load balancer. The service treats the two load balancers as
equivalent and you cannot specify which one is "primary".
Whether you use regional or AD-specific subnets, each load balancer requires one private IP address
from its host subnet. The Load Balancing service supplies a floating public IP address to the primary
load balancer. The floating public IP address does not come from your backend subnets.
You cannot specify a private subnet for your public load balancer.
The backend servers (Compute instances) associated with a backend set can exist anywhere, as long
as the associated network security groups (NSGs), security lists, and route tables allow the intended
traffic flow.
Oracle recommends that you create your load balancer in a regional subnet.
Oracle recommends that you distribute your backend servers across all availability domains within the
region.
Question 5: Skipped
Which two statements ate true about restoring a block volume from a manual or policy based
block volume backup?
It can be restored as a new volume to any AD across

different regions
It can be restored as new volumes with

(Correct)
different sizes from the backups
It must be restored as a new volume to the same availability

domain (AD) on which the original block volume backup
resides
It can be restored as a new volume to any AD

(Correct)
in the same region
Explanation
When you restour the backup you select a name for the block volume and choose the availability
domain in which you want to restore it.
You can restore a block volume backup to a larger volume size. To do this, check Custom Block
Volume Size (GB), and then specify the new size.
Question 6: Skipped
You must implement a backup solution for your Autonomous Data Warehouse (ADW) that will
enable you to restore data as old as one year with a recovery point objective (RPO) of 10 days.
Which database backup strategy would you select?
Take weekly manual backups to supplement the automated

backups and preserve them for 12 months.
Take quarterly manual backups to supplement the

automated backups and preserve them for 12 months
Use the automated backups (Correct)
Take monthly manual backups to supplement the

automated backups and preserve them for 12 months
Explanation
Oracle Cloud Infrastructure automatically backs up your Autonomous Databases and retains these
backups for 60 days. Automatic backups are weekly full backups and daily incremental backups. You
can also create manual backups to supplement your automatic backups. Manual backups are stored
in an Object Storage bucket that you create, and are retained for 60 days
The retention period for manual backups is the same as automatic backups which is 60 days. So we
cannot preserve the backup for 12 months
https://docs.oracle.com/en/cloud/paas/autonomous-data-warehouse-cloud/user/backup-
manual.html#GUID-D95E5D6A-C470-4A68-9545-CC99D937E7D1
Question 7: Skipped
Which statement is true regarding Autonomous Transaction Processing (ATP)?
A maximum of 8 cores can be enabled for an ATP database
A maximum of 2 TB of storage can be enabled for an ATP

database
After terminating a database, the database name is available

for immediate reuse
A database name cannot be used concurrently

for both an Autonomous Data Warehouse (Correct)
(ADW) and an ATP database
Explanation
The database name must be unique among all Autonomous Data Warehouses and Autonomous
Databases in your tenancy in the same region.
Terminating an Autonomous Transaction Processing database permanently deletes the instance and
removes all automatic backups. You cannot recover a terminated database.
the maximum number of CPUs and maximum storage capacity that can be provisioned in Oracle
Autonomous Database In the current release up to 128 CPUs and 128TB can be provisioned from the
cloud console. Customers requiring more resources need to call their Oracle account team
Question 8: Skipped
Which two options are available when setting up DNS for your bare metal and virtual machine
DB Systems? (Choose two.)
Internet and virtual cloud network (VCN)

(Correct)
resolver
Internet and custom resolver
Google DNS servers
custom resolver (Correct)
Explanation
Choices for DNS in Your VCN
DEFAULT CHOICE: INTERNET AND VCN RESOLVER
CUSTOM RESOLVER
Question 9: Skipped
You have been tasked with creating one virtual cloud network (VCN) each for two line of
business (LOB) applications. LOB A and LOB B will need to communicate with each other. To
ensure that you can utilize VCN peering, which network CIDR ranges should be used
VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25)
VCN A (172.16.0.0/24) and VCN B (172.16.0.0/28)
VCN A (10.0.0.0/16) and VCN B (10.0.16.0/24)
VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16) (Correct)
Explanation
VCN A (10.0.0.0/16) will use a range of IPS from 10.0.0.0 to 10.0.255.255 and VCN B (10.1.0.0/16) will
use a range of IPS from 10.1.0.0 to 10.1.255.255 so will not be any Overlap between 2 VCNs
Question 10: Skipped
Which two Oracle Cloud Infrastructure database services allow you to dynamically scale CPU
and storage? (Choose two.)
Autonomous Transaction Processing (ATP) (Correct)
Autonomous Data Warehouse (ADW) (Correct)
virtual machine DB system
bare metal DB system
Explanation
If a bare metal DB system requires more compute node processing power, you can scale up (increase)
the number of enabled CPU cores in the system without impacting the availability of that system but
you can't increase the storage
If the original DB system VM shape uses a single node, running databases on the DB system nodes
are sequentially stopped and then restarted on the new shape so not dynamic
You have created a virtual cloud network (VCN) with three private subnets. Two of the subnets
contain application servers and the third subnet contains a DB System. The application requires
a shared file system so you have provisioned one using the file storage service (FSS). You also
created the corresponding mount target in one of the application subnets. The VCN security
lists are properly configured so that both application servers and the DB System can access the
file system. The security team determines that the DB System should have read-only access to
the file system.
What change would you make to satisfy this requirement?
Create an NFS export option that allows

READ_ONLY access where the source is the (Correct)
CIDR range of the DB System subnet
A. Connect via SSH to one of the application servers where

the file system has been mounted. Use the Unix command
chmod to change permissions on the file system directory,
allowing the database user
read-only access
Modify the security list associated with the subnet where

the mount target resides. Change the ingress rules
corresponding to the DB System subnet to be stateless.
Create an instance principal for the DB System. Write an

Identity and Access Management (IAM) policy that allows
the instance principal read-only access to the file storage
service
Explanation
NFS export options enable you to create more granular access control than is possible using just
security list rules to limit VCN access. You can use NFS export options to specify access levels for IP
addresses or CIDR blocks connecting to file systems through exports in a mount target.
What is true about data guard set up with fast-start failover (FSFO) in Oracle Cloud
Infrastructure (OCI)?
You cannot create the standby DB system in a different AD

from the primary DB system.
When you configure data guard using OCI console, the

default mode is set to maxprotection.
You cannot use database command line interface (CLI) to

set up data guard with FSFO.
The best practice for high availability and

durability is to run the primary, standby, and (Correct)
observer in separate availability domains (ADs).
Explanation
The best practice for high availability and durability is to run the primary, standby, and observer in
separate availability domains. The observer determines whether or not to failover to a specific target
standby database
https://docs.cloud.oracle.com/en-
us/iaas/Content/Database/Tasks/usingDG.htm#ConfiguringObserverOptional
Which two actions will occur when a back-end server that is registered with a backend set is
marked to drain connections? (Choose two.)
It immediately closes all existing connections to that

instance
instance
It keeps the connections to that instance open

and attempts to complete any in-flight (Correct)
requests
It redirects the requests to a user-defined error page.
It forcibly closes all connections to that instance after a

timeout period
It disallows new connections to that backend

(Correct)
server
Explanation
if you set the server's drain status to true, the load balancer stops forwarding new TCP connections
and new non-sticky HTTP requests to this backend server. This setting allows an administrator to take
the server out of rotation for maintenance purposes.
You deployed a compute instance (VM.Standard2.16) to run a SQL database. After a few weeks,
you need to increase disk performance by using NVMe disks; the number of CPUs will not
change. As a first step you terminate the instance and preserve the boot volume.
What is the next step?
Create a new instance using a VM.DenseIO2.16

shape using the preserved boot volume move (Correct)
the SQL Database data to NVMe disks
Create a new instance using a VM.DenseIO2.16 shape using

the preserved boot volume and move the SQL Database
data to block volume
Create a new instance using a VM.DenseIO2.8 shape using

data to NVMe disks
Create a new instance using a VM.Standard1.16 shape using

data to NVMe disks
Explanation
to Increase disk performance by using NVMe disks you can use Dense IO Shape also as the number
of CPUs will not change so we should VM.DenseIO2.16
Where do you find the tnsnames.ora for your Autonomous Data Warehouse (ADW) database?
You are automatically prompted to download the

tnsnames.ora file upon creation of the ADW database
The ADW database will place the tnsnames.ora file in an

object storage bucket
The tnsnames.ora file is included in

credentials.zip file that you download from (Correct)
service console of ADW
You can download tnsnames.ora from Oracle Cloud

Infrastructure web console under ADW details page
Explanation
To download client credentials from the Autonomous Transaction Processing Service Console:
- From the Service Console click the Administration link.

- Click Download Client Credentials (Wallet).
- On the Download Client Credentials (Wallet) page, enter a wallet password in the Password field and
confirm the password in the Confirm Password field. The password must be at least 8 characters long
and must include at least 1 letter and either 1 numeric character or 1 special character. This password
protects the downloaded Client Credentials wallet.
- Click Download to save the client security credentials zip file. By default the filename is:
Wallet_databasename.zip. You can save this file as any filename you want. You must protect this file to
prevent unauthorized database access.
The zip file includes the following:

tnsnames.ora and sqlnet.ora: Network configuration files storing connect descriptors and SQL*Net
client side configuration.
cwallet.sso and ewallet.p12: Auto-open SSO wallet and PKCS12 file. PKCS12 file is protected by the
wallet password provided in the UI.
keystore.jks and truststore.jks: Java keystore and truststore files. They are protected by the wallet
password provided while downloading the wallet.
ojdbc.properties: Contains the wallet related connection property required for JDBC connection. This
should be in the same path as tnsnames.ora.
You have multiple applications installed on a compute Instance and these applications generate
a large amount of log files. These log files must reside on the boot volume for a minimum of 15
days. Any files over 15 days do not have to reside on boot volume but still must be retained for
at least 60 days. The 60-day retention requirement Is causing an Issue with available disk space.
What are the two recommended methods to provide additional boot volume space for this
compute instance?
Create and attach a block volume to the compute instance

and copy the log files
Create a custom image and launch a new

compute instance with a larger boot volume (Correct)
size
Write a custom script to remove the log files on a daily basis

and free up the space on the boot volume
Create an object storage bucket and use a

script that runs daily to move log files older (C )
script that runs daily to move log files older (Correct)
than 15 days to the bucket
Terminate the instance while preserving the boot volume.

Create a new instance from the boot volume and select a
DenseIO shape to take advantage of local NVMe storage.
Explanation
These log files must reside on the boot volume for a minimum of 15 days so you have to increase
the boot Volume
Which two statements are true about adding secondary VNICs to an existing compute
instance? (Choose two.)
The primary and secondary VNIC association

(Correct)
must be in the same availability domain
You can assign an Ephemeral Public IP to a secondary VNIC
You can remove the primary VNIC after the secondary

VNIC’s attachment is complete
The primary and secondary VNIC association

can be in different virtual cloud networks (Correct)
(VCNs)
Explanation
Each secondary VNIC can be in a subnet in the same VCN as the primary VNIC, or in a different
subnet that is either in the same VCN or a different one. However, all the VNICs must be in the
same availability domain as the instance.
Ephemeral Public IP To a VNIC's primary private IP only
You are about to upload a large log file (5 TiB size) to Oracle Cloud Infrastructure object
storage and have decided to use multipart upload capability for a more efficient and resilient
upload.
Which two statements are true about multipart upload? (Choose two.)
You do not have to commit the upload after you have

uploaded all the object parts
The maximum size for an uploaded object is 10

(Correct)
TiB
While a multipart upload is still active, you cannot add parts

even if the total number of parts is less than 10,000
Individual object parts can be as small as 10

(Correct)
MiB or as large as 50 GiB
Explanation
With multipart upload, you split the object you want to upload into individual parts. Individual parts
can be as large as 50 GiB or as small as 10 MiB. (Object Storage waives the minimum part size
restriction for the last uploaded part.) Decide what part number you want to use for each part. Part
numbers can range from 1 to 10,000. You do not need to assign contiguous numbers, but Object
Storage constructs the object by ordering part numbers in ascending order.
The maximum size for an uploaded object is 10 TiB
While a multipart upload is still active, you can keep adding parts as long as the total number is less
than 10,000.
Which two use Oracle dynamic routing gateway (DRG) for connectivity? (Choose two.)
Oracle Cloud Infrastructure FastConnect public peering
Remote virtual cloud network (VCN) peering

(Correct)
across region
Oracle IPsec VPN (Correct)
Local VCN peering
Explanation
You use a DRG when connecting your existing on-premises network to your virtual cloud network
(VCN) with one (or both) of these:
IPSec VPN
Oracle Cloud Infrastructure FastConnect

You also use a DRG when peering a VCN with a VCN in a different region:
Remote VCN Peering (Across Regions)
Which two statements about fault domains are true? (Choose two.)
A fault domain is selected automatically based on usage

data
A failed instance in a fault domain is automatically

relaunched
Each availability domain contains three fault

(Correct)
domain
A fault domain is a grouping of hardware and

(Correct)
infrastructure within an availability domain
infrastructure within an availability domain
Explanation
A fault domain is a grouping of hardware and infrastructure within an availability domain. Each
availability domain contains three fault domains. Fault domains provide anti-affinity: they let you
distribute your instances so that the instances are not on the same physical hardware within a single
availability domain.
You have provisioned an Autonomous Transaction Processing (ATP) database and logged into
the ATP service console.
What are three abilities that can be performed from this service console? (Choose three.
monitor database activity and SQL queries (Correct)
set resource management rules (Correct)
scale up/down the CPUs
create ATP database users
reset the admin password (Correct)
Explanation
In ATP Service Console,
In the activity screen allows you to perform some basic monitor database activity and SQL queries
In the administration screen allows you to perform some basic administration of the service, like reset
the admin password and set resource management rules
You are running a mission-critical database application in Oracle Cloud Infrastructure (OCI). You
take regular backups of your DB system to OCI object storage. Recently, you notice a failed
database backup status in the console.
What two steps can you take to determine the cause of the backup failure? (Choose two.)
Ensure the database archiving mode is set to

NOARCHIVELOG
Ensure that your database host can connect to

(Correct)
the OCI object storage
Restart the dcsagent program if it has a status

(Correct)
of stop or waiting
Make sure that the database is not active and running while
the backup is in progress
Explanation
Database backups can fail for various reasons. Typically, a backup fails because either the database
host cannot access the object store, or there are problems on the host or with the database
configuration.
First need to determining the Problem
In the Console, a failed database backup either displays a status of Failed or hangs in the Backup in
Progress or Creating state. If the error message does not contain enough information to point you to
a solution, you can use the database CLI and log files to gather more data. Then, refer to the
applicable section in this topic for a solution.
Database Service Agent Issues

Your Oracle Cloud Infrastructure Database makes use of an agent framework to allow you to manage
your database through the cloud platform. Occasionally you might need to restart the dcsagent
program if it has the status of stop/waiting to resolve a backup failure.
Object Store Connectivity Issues
Backing up your database to Oracle Cloud Infrastructure Object Storage requires that the host can
connect to the applicable Swift endpoint. You can test this connectivity by using a Swift user.
Host Issues
One or more of the following conditions on the database host can cause backups to fail:
- Interactive Commands in the Oracle Profile

- The File System Is Full
- Incorrect Version of the Oracle Database Cloud Backup Module

- Changes to the Site Profile File (glogin.sql)
Database Issues
An improper database state or configuration can lead to failed backups.

- Database Not Running During Backup
- Archiving Mode Set to NOARCHIVELOG (When you provision a new database, the archiving mode is
set to ARCHIVELOG by default. This is the required archiving mode for backup operations)
- Stuck Database Archiver Process and Backup Failures
- Temporary Tablespace Errors

- RMAN Configuration and Backup Failures
- RMAN Retention Policy and Backup Failures

- Loss of Objectstore Wallet File and Backup Failures
TDE Wallet and Backup Failures
- Incorrect TDE Wallet Location Specification

- Incorrect State of the TDE Wallet
- Incorrect Configuration Related to the TDE Wallet

- Missing TDE Wallet File
As this is not new provisioned database and already in the ARCHIVELOG , regular backups of DB
system to OCI object storage in places, so the best answers are,
- Ensure that your database host can connect to the OCI object storage
- Restart the database service agent
Your company has decided to move a few applications to Oracle Cloud Infrastructure (OCI) and
you have been asked to design a cloud-based disaster recovery (DR) solution. One of the
requirements is to deploy the DR resources at least 300 miles from the home OCI region and
minimize the network latency.
What will be the recommended deployment?
Deploy production and DR applications in two

separate VCNs, each in different regions.
(Correct)
Connect them using a VCN remote peering
connection
Deploy production and DR applications in the same VCN.

Create production subnets in one AD, and DR subnets in
another AD.
Deploy production and DR applications in two separate

VCNs in different availability domains (ADs) within your
home region, and then use a VCN remote peering
connection for connectivity
Deploy production and DR applications in two separate

virtual cloud networks (VCNs), each in different regions, and
then use VCN local peering gateways for connectivity
Explanation
Remote VCN peering is the process of connecting two VCNs in different regions
The peering allows the VCNs' resources to communicate using private IP addresses without routing
the traffic over the internet or through your on-premises network.
In what two ways does Oracle Cloud Infrastructure (OCI) file storage service differ from OCI
object storage and block volume services?
You can move object storage buckets, block

volumes and file storage mount targets (Correct)
between compartments
File storage mount target does not provide a private IP

address, while the object storage bucket provides one
Block volume service is NVMe based, while file storage

service is not.
File Storage uses the network file system (NFS)

(Correct)
protocol, whereas block volume uses ISCSI
Explanation
The mount target provides the IP address or DNS name that is used together with a unique export
path to mount the file system.
You can move mount targets from one compartment to another.
You are designing a high bandwidth, redundant connection between your data center and
Oracle Cloud Infrastructure (OCI). While researching for OCI FastConnect locations, you notice
that you are co-located with Oracle at one of the Oracle FastConnect locations in the Ashburn
region.
What is the recommended design in this scenario?
Create a cross-connect group and have at least

two or more cross-connects in that group.
(Correct)
Create at least two or more virtual circuits in
the group.
Create a cross-connect group and have two or more cross-

connects in that group. Create an IPsec VPN connection on
this group.
Create a cross-connect group and have at least one cross-

connect in that group. Create at least one virtual circuit in
the group
Setup two IPsec connections between your data center and

OCI Ashburn region. Create an OCI load balancer to
distribute the traffic across the two connections
distribute the traffic across the two connections
Explanation
You could have multiple private virtual circuits, for example, to isolate traffic from different parts of
your organization (one virtual circuit for 10.0.1.0/24; another for 172.16.0.0/16), or to provide
redundancy.
Which statement is true about Oracle Cloud Infrastructure FastConnect?
For private peering, FastConnect extends your

existing infrastructure to a virtual cloud (Correct)
network
For public peering, FastConnect extends your existing

infrastructure to a virtual cloud network
For public peering, a dynamic routing gateway must be

configured and attached to the virtual cloud network (VCN)
For private peering, FastConnect extends your existing

infrastructure to allow you to consume object storage from
your on-premises data center
Explanation
With FastConnect, you can choose to use private peering, public peering, or both.
Private peering: To extend your existing infrastructure into a virtual cloud network (VCN) in Oracle
Cloud Infrastructure (for example, to implement a hybrid cloud, or a lift and shift scenario).
Communication across the connection is with IPv4 private addresses (typically RFC 1918).
Public peering: To access public services in Oracle Cloud Infrastructure without using the internet.
For example, Object Storage, the Oracle Cloud Infrastructure Console and APIs, or public load
balancers in your VCN. Communication across the connection is with IPv4 public IP addresses.
Without FastConnect, the traffic destined for public IP addresses would be routed over the internet.
Which two statements are true about encryption on Oracle Cloud Infrastructure (OCI)?
By default, object storage and block storage

(Correct)
are encrypted at rest.
By default, NVMe drives are encrypted but the block volume

service is not
A customer is responsible for data encryption in all services

of OCI
By default, DB Systems offers an encrypted

(Correct)
database.
You are designing a lab exercise for your team that has a large number of graphics with large
file sizes. The application becomes unresponsive if the graphics are embedded in the
application. You have uploaded the graphics to Oracle Cloud Infrastructure and only added the
URL in the application. You need to ensure these graphics are accessible without requiring any
authentication for an extended period of time.
How can you achieve these requirements?
Make the object storage bucket public and use

(Correct)
the URL found in the Object “Details"
Make the object storage bucket private and all objects

public and use the URL found in the Object “Details”
Create PARs and do not specify an expiration date
Create pre authenticated requests (PAR) and specify

Create pre-authenticated requests (PAR) and specify
00:00:0000 as the expiration time.
Explanation
Pre-authenticated requests provide a way to let you access a bucket or an object without having your
own credentials. For example, you can create a request that lets you upload backups to a bucket
without owning API keys.
When you create a bucket, the bucket is considered a private bucket and the access to the bucket and
bucket contents requires authentication and authorization. However, Object Storage supports
anonymous, unauthenticated access to a bucket. You make a bucket public by enabling read access
to the bucket.
pre-authe
nticated requests have to select expiration date
You have hired a new employee to run reports from the Autonomous Data Warehouse (ADW)
and are not confident in their SQL writing ability. Into which consumer group will you assign
this Individual to minimize the impact of their code?
Lowest
Low (Correct)
Medium
High
Highest
Explanation
in ADW, The tnsnames.ora file provided with the credentials zip file contains three database service
names identifiable as high, medium, and low. The predefined service names provide different levels of
performance and concurrency for Autonomous Data Warehouse.
high: The High database service provides the highest level of resources to each SQL statement
resulting in the highest performance, but supports the fewest number of concurrent SQL statements.
Any SQL statement in this service can use all the CPU and IO resources in your database. The number
of concurrent SQL statements that can be run in this service is 3, this number is independent of the
number of OCPUs in your database.
medium: The Medium database service provides a lower level of resources to each SQL statement
potentially resulting a lower level of performance, but supports more concurrent SQL statements. Any
SQL statement in this service can use multiple CPU and IO resources in your database. The number of
concurrent SQL statements that can be run in this service depends on the number of OCPUs in your
database.
low: The Low database service provides the least level of resources to each SQL statement, but
supports the most number of concurrent SQL statements. Any SQL statement in this service can use a
single CPU and multiple IO resources in your database. The number of concurrent SQL statements
that can be run in this service can be up to 300 times the number of OCPUs.
The predefined service names provide different levels of performance and concurrency for
Autonomous DB
Choose whichever database service offers the best balance of performance and concurrency.
Use the low database service name. to minimize the impact of their SQLs to by low consumer group
Which two resources reside exclusively in a single availability domain?
Web Application Firewall Policy
object storage
block volume (Correct)
compute instance (Correct)
groups
Explanation
Availability Domain-Specific Resources
DB Systems
ephemeral public IPs

instances: They can be attached only to volumes in the same availability domain.
subnets: When you create a subnet, you choose whether it is regional or specific to an availability
domain. Oracle recommends using regional subnets.
volumes: They can be attached only to an instance in the same availability domain.
Which service would you use if your big data workload required shared access and NFS-based
connectivity ?
archive storage
file storage (Correct)
object storage
block volume
Explanation
The File Storage service is designed to meet the needs of applications and users that need an
enterprise file system across a wide range of use cases, including the following:
General Purpose File Storage: Access to an unlimited pool of file systems to manage growth of
structured and unstructured data.
Big Data and Analytics: Run analytic workloads and use shared file systems to store persistent data.
Lift and Shift of Enterprise Applications: Migrate existing Oracle applications that need NFS
storage, such as Oracle E-Business Suite and PeopleSoft.
Databases and Transactional Applications: Run test and development workloads with Oracle,
MySQL, or other databases.
Backups, Business Continuity, and Disaster Recovery: Host a secondary copy of relevant file
systems from on premises to the cloud for backup and disaster recovery purposes.
MicroServices and Docker: Deliver stateful persistence for containers. Easily scale as your container-
based environments grow.
You have an application running on Oracle Cloud Infrastructure. You identified that the read
and write operations are slowing your application down enough to impair user access. The
application is currently using a VM.Standard1.2 compute without any block storage attached to
it.
Which two options allow you to increase disk performance? (Choose two.)
Terminate the compute instance preserving the

boot volume. Create a new compute instance
(Correct)
using a VM Standard shape and attach a new
block volume to host your application.
Create a backup of the boot volume. Create a new compute

instance using a VM Dense IO shape and restore the backup
Terminate the compute instance preserving the

boot volume. Create a new compute instance
(Correct)
using a VM Dense IO shape using the boot
volume preserved
Terminate the compute instance and create a backup of the

boot volume. Create a new compute instance using a VM
Dense IO shape and restore the backup
Explanation
You can permanently terminate (delete) instances that you no longer need.By default, the instance's
boot volume is deleted when you terminate the instance, however you can preserve the boot volume
associated with the instance, so that you can attach it to a different instance as a data volume, or use
it to launch a new instance.
You can use a boot volume backup to create an instance or you can attach it to another instance as a
data volume. However before you can use a boot volume backup, you need to restore it to a
boot volume.
Question 1: Skipped
You are designing a two-tier web application in Oracle Cloud Infrastructure (OCI). Your clients
want to access the web servers from anywhere, but want to prevent access to the database
servers from the Internet.
Which is the recommended way to design the network architecture?
Create public subnets for web servers and

private subnets for database servers in your
(Correct)
VCN, and associate separate security lists and
route tables for each subnet
Create a public subnet for web servers and associate a

dynamic routing gateway with that subnet, and a private
subnet for database servers with no association to dynamic
routing gateway
Create public subnets for web servers and private subnets

for database servers in your virtual cloud network (VCN),
and associate separate internet gateways for each subnet
Create a single public subnet for your web servers and

database servers, and associate only your web servers to
internet gateway
Explanation
When you create a subnet, by default it's considered public, which means instances in that subnet are
allowed to have public IP addresses. Whoever launches the instance chooses whether it will have a
public IP address. You can override that behavior when creating the subnet and request that it be
private, which means instances launched in the subnet are prohibited from having public IP
addresses. Network administrators can therefore ensure that instances in the subnet have no internet
access, even if the VCN has a working internet gateway, and security rules and firewall rules allow the
traffic.
There are two optional gateways (virtual routers) that you can add to your VCN depending on the
type of internet access you need:
Internet gateway: For resources with public IP addresses that need to be reached from the internet
(example: a web server) or need to initiate connections to the internet.
NAT gateway: For resources without public IP addresses that need to initiate connections to the
internet (example: for software updates) but need to be protected from inbound connections from
the internet.
Just having an internet gateway alone does not expose the instances in the VCN's subnets directly to
the internet. The following requirements must also be met:
The internet gateway must be enabled (by default, the internet gateway is enabled upon creation).
The subnet must be public.

The subnet must have a route rule that directs traffic to the internet gateway.
The subnet must have security list rules that allow the traffic (and each instance's firewall must allow
the traffic).
The instance must have a public IP address.
Question 2: Skipped
You are about to deploy an e-business application on Oracle Cloud Infrastructure and one of
the requirements is to use a shared file system that supports the NFS protocol.
Which storage service would meet this requirement?
object storage
file storage (Correct)
block volume
data transfer appliance
Explanation
Use the File Storage service when your application or workload includes big data and analytics, media
processing, or content management, and you require Portable Operating System Interface (POSIX)-
compliant file system access semantics and concurrently accessible storage. The File Storage service is
designed to meet the needs of applications and users that need an enterprise file system across a
wide range of use cases, including the following:
General Purpose File Storage: Access to an unlimited pool of file systems to manage growth of
structured and unstructured data.
Big Data and Analytics: Run analytic workloads and use shared file systems to store persistent data.
Lift and Shift of Enterprise Applications: Migrate existing Oracle applications that need NFS
storage, such as Oracle E-Business Suite and PeopleSoft.
Databases and Transactional Applications: Run test and development workloads with Oracle,
MySQL, or other databases.
Backups, Business Continuity, and Disaster Recovery: Host a secondary copy of relevant file
systems from on premises to the cloud for backup and disaster recovery purposes.
MicroServices and Docker: Deliver stateful persistence for containers. Easily scale as your container-
based environments grow.
Question 3: Skipped
You are managing a tier-1 OLTP application on an Autonomous Transaction Processing (ATP)
database. Your business needs to run hourly batch processes on this ATP database that may
consume more CPUs than what is available on the server.
How can you limit these batch processes to not interfere with the OLTP transactions?
Configure ATP resource management rules to

manage runtime and IO consumption for the (Correct)
consumer group of batch processes
Disable automated backup during the batch process

operations
Copy OLTP data into new tables in a new table space and
run batch processes against these new tables
ATP is designed for OLTP workload only; you should not run
batch processes on ATP
Explanation
Autonomous Transaction Processing comes with predefined CPU/IO shares assigned to different
consumer groups. You can modify these predefined CPU/IO shares if your workload requires different
CPU/IO resource allocations.
By default, the CPU/IO shares assigned to the consumer groups TPURGENT, TP, HIGH, MEDIUM, and
LOW are 12, 8, 4, 2, and 1, respectively. The shares determine how much CPU/IO resources a
consumer group can use with respect to the other consumer groups. With the default settings the
consumer group TPURGENT will be able to use 12 times more CPU/IO resources compared to LOW,
when needed. The consumer group TP will be able to use 4 times more CPU/IO resources compared
to MEDIUM, when needed.
Question 4: Skipped
Which two statements are true about an Oracle Cloud Infrastructure (OCI) virtual cloud
network (VCN)?
The allowable VCN size range is:/16 to /30 (Correct)
A VCN covers a single, contiguous IPv4 CIDR

(Correct)
block of your choice
A VCN creates the dynamic routing gateway by default
A VCN can reside In multiple OCI regions and availability

domains
Explanation
VCN resides in a single Oracle Cloud Infrastructure region and covers a single, contiguous IPv4 CIDR
block of your choice.The allowable VCN size range is /16 to /30
Question 5: Skipped
Which three load-balancing policies can be used with a backend set? (Choose three.)
IP hash (Correct)
least connections (Correct)
throughput
CPU utilization
weighted round robin (Correct)
Explanation
you can apply policies to control traffic distribution to your backend servers. The Load Balancing
service supports three primary policy types:
Round Robin
Least Connections
IP Hash
Question 6: Skipped
You are a network architect and have designed the network infrastructure of a three-tier
application on Oracle Cloud Infrastructure (OCI). In the architecture, back-end DB servers are in
a private subnet. One of your DB administrators requests to have access to OCI object storage
service.
How can you meet this requirement?
Create a service gateway, add a new route rule

to the private subnet route table that uses (Correct)
storage as your service gateway target type
Attach a public IP address to the instances in the private

subnet, and then add a new route rule to the private subnet
route table to route default traffic to the internet gateway
Create a dynamic routing gateway (DRG) and attach it your

Create a dynamic routing gateway (DRG) and attach it your
virtual cloud network (VCN). Add a default route rule to the
private subnets route table and set the target as DRG
Add a new route rule to the private subnet route table to

route default traffic to the internet gateway
Explanation
A service gateway lets resources in your VCN privately access specific Oracle services, without
exposing the data to an internet gateway or NAT. The resources in the VCN can be in a private subnet
and use only private IP addresses. The traffic from the VCN to the service of interest travels over the
Oracle network fabric and never traverses the internet.
To give your VCN access to a given service CIDR label, you must enable that service CIDR label for the
VCN's service gateway. You can do that when you create the service gateway, or later after it's
created. You can also disable a service CIDR label for the service gateway at any time.
For traffic to be routed from a subnet in your VCN to a service gateway, you must add a rule
accordingly to the subnet's route table. The rule must use the service gateway as the target.
Question 7: Skipped
How can you provide users access to an existing compartment?
by adding users to a group and defining a

policy to provide the group access to the (Correct)
compartment
A. by adding users to a compartment; all users in the

compartment will have access to the objects in the
compartment.
by granting users access to a compartment when the

compartment is created
by granting access directly to the user when the user is

created
Explanation
A policy is a document that specifies who can access which Oracle Cloud Infrastructure resources that
your company has, and how. A policy simply allows a group to work in certain ways with specific
types of resources in a particular compartment
In general, here’s the process an IAM administrator in your organization needs to follow:
Define users, groups, and one or more compartments to hold the cloud resources for your
organization.
Create one or more policies, each written in the policy language.

Place users into the appropriate groups depending on the compartments and resources they need to
work with.
Provide the users with the one-time passwords that they need in order to access the Console and
work with the compartments. For more information,
Question 8: Skipped
A company currently uses Microsoft Active Directory as its identity provider. The company
recently purchased Oracle Cloud Infrastructure (OCI) to leverage the cloud platform for its test
and development operations. As the administrator, you are now tasked with giving access only
to developers so that they can start creating resources in their OCI accounts.
Which step will you perform to achieve this requirement?
Create a group for developers on OCI and map

the group to a similar group in Microsoft Active (Correct)
Directory during the federation process
Federate all Microsoft Active Directory groups with OCI to

allow users to use their existing credentials
Create a new user account for each user, and then create
policies to provide access to developers
Create a group for developers on OCI, export all the

developers from Microsoft Active Directory, and then
p y,
import them into the Identity and Access Management

(IAM) group
Explanation
When working with your IdP, your administrator defines groups and assigns each user to one or more
groups according to the type of access the user needs. Oracle Cloud Infrastructure also uses the
concept of groups (in conjunction with IAM policies) to define the type of access a user has. As part of
setting up the relationship with the IdP, your administrator can map each IdP group to a similarly
defined IAM group, so that your company can re-use the IdP group definitions when authorizing user
access to Oracle Cloud Infrastructure resources.
Question 9: Skipped
What is a valid option when exporting a custom image?
file storage service
object storage URL (Correct)
archive storage URL
block volume
Explanation
You can use the Console or API to export images, and the exported images are stored in the Oracle
Cloud Infrastructure Object Storage service. To perform an image export, you need write access to the
Object Storage bucket for the image.
Which statement is true about Data Guard Implementation in DB systems?
You can define the backup window and set custom backup
retention period for the automatic database backup
retention period for the automatic database backup
schedule
You cannot manage the database as ays/sysdba
You cannot manage Oracle database Initialization

parameters at a global level
Both DB systems must be in the same

compartment, and they must be the same (Correct)
shape
Explanation
An Oracle Data Guard implementation requires two DB systems, one containing the primary database
and one containing the standby database. When you enable Oracle Data Guard for a virtual machine
DB system database, a new DB system with the standby database is created and associated with the
primary database. For a bare metal DB system, the DB system with the database that you want to use
as the standby must already exist before you enable Oracle Data Guard.
Requirement details are as follows:
- Both DB systems must be in the same compartment.

- The DB systems must be the same shape type (for example, if the shape of the primary database is a
virtual machine, then the shape of the standby database can be any other virtual machine shape).
- If your primary and standby databases are in different regions, then you must peer the virtual cloud
networks (VCNs) for each database. See Remote VCN Peering (Across Regions).
- Configure the security list ingress and egress rules for the subnets of both DB systems in the Oracle
Data Guard association to enable TCP traffic to move between the applicable ports. Ensure that the
rules you create are stateful (the default).
Which two options ate necessary for achieving high availability on Oracle Cloud Infrastructure?
Store your database across multiple regions so that half of

the data resides in one region and the other half resides in
5/7/2020
g Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
another region
Distribute your application servers across all

(Correct)
Availability Domains within a region
Store your database files on Object Storage so that they are

available in all Availability Domains in all regions
Configure your database to have Data Guard in

another Availability Domain in Sync mode (Correct)
within a region
Attach your block volume form Availability Domain 1 to a

compute instance in Availability Domain 2 (and vice versa)
so that they are highly available.
Explanation
All details can find in "Best Practices for Deploying High Availability Architecture on Oracle Cloud
Infrastructure"
https://docs.cloud.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/best-practices-
deploying-ha-architecture-oci.pdf
When terminating a compute instance, which statement is true?
All block volumes attached to the instance are terminated
The boot volume is always deleted
The instance needs to be stopped first, and then terminated
Users can preserve the boot volume associated

(Correct)
with the instance
Explanation
You can permanently terminate (delete) instances that you no longer need. Any attached VNICs and
volumes are automatically detached when the instance terminates. Eventually, the instance's public
and private IP addresses are released and become available for other instances. By default, the
instance's boot volume is deleted when you terminate the instance, however you can preserve the
boot volume associated with the instance, so that you can attach it to a different instance as a data
volume, or use it to launch a new instance.
You need to create a high performance shared file system, and have been advised to use file
storage service (FSS). You have logged into the Oracle Cloud Infrastructure console, created a
file system, and followed the steps to mount the shared file system on your Linux instance.
However, you are still unable to access the shared file system from your Linux instance.
What is the likely reason for this?
There is no Identity and Access Management (IAM) policy

set up to allow you to access the mount target
There is no route in your virtual cloud network’s (VCN) route

table for mount target traffic
There is no internet gateway set up for mount target traffic
There are no security list rules for mount target

(Correct)
traffic
Explanation
to have access to file system At least one Virtual Cloud Network (VCN) in a compartment.
Correctly configured security rules for the file system mount target. Security rules can be created in
the security list for the mount target subnet, or in a Network Security Group (NSG) that you add the
mount target to. See Security Rules for information about how security rules work in Oracle Cloud
Infrastructure. Use the instructions in Configuring VCN Security Rules for File Storage to set up
security rules correctly for your file systems
Your organization has deployed a large, complex application across multiple compute instances
in Oracle
Cloud Infrastructure (OCI). These compute instances also have block volume storage attached
to them. You want to create a time consistent backup of this block volume storage.
Which implementation strategy should be used?
Use scripts available in OCI to backup block volume storag
Group volumes in a volume group and create a

(Correct)
manual backup of the volume group
Create a manual backup of each volume
Group volumes in a volume group first and then use

available scripts in OCI
Explanation
The Oracle Cloud Infrastructure Block Volume service provides you with the capability to group
together multiple volumes in a volume group. A volume group can include both types of volumes,
boot volumes, which are the system disks for your Compute instances, and block volumes for your
data storage. You can use volume groups to create volume group backups and clones that are point-
in-time and crash-consistent.
This simplifies the process to create time-consistent backups of running enterprise applications that
span multiple storage volumes across multiple instances. You can then restore an entire group of
volumes from a volume group backup.
To create a backup of the volume group
Open the navigation menu. Under Core Infrastructure, go to Block Storage and click Volumes

Groups.
In the Volume Groups list, click Create Volume Group Backup in the Actions menu for the volume
group you want to create a backup for.
Your application front end consists of several Oracle Cloud Infrastructure compute instances
behind a load balancer. You have configured the load balancer to perform health checks on
these instances.
If an instance fails to pass the configured health checks, what will happen?
The instance is taken out of the back end set by the load
balancer
The instance is replaced automatically by the load balancer
The load balancer stops sending traffic to that

(Correct)
instance
The instance is terminated automatically by the load

balancer
Explanation
One or more of the backend servers reports as unhealthy.
A backend server might be unhealthy or the health check might be misconfigured.
Which two choices are true for Autonomous Data Warehouse (ADW)? (Choose two.)
Billing for storage continues when ADW is

(Correct)
stopped
stopped
Billing for compute stops when ADW is

(Correct)
stopped
Billing stops for both CPU usage and storage usage when
ADW is stopped
Billing stops only when the ADW is terminated
Explanation
When Autonomous Databas instance is stopped,
CPU billing is halted based on full-hour cycles of usage
Billing for storage continues as long as the service instance exists.
and When Autonomous Database instance is started, the CPU billing is initiated
You have created a public subnet in a VCN, and your public subnet has a Route Table, a Security
List, and an Internet Gateway. However, none of the compute instances can connect to the
Internet.
Which two are possible reasons for the connectivity issue? (Choose two.)
There is no stateful ingress rule in the Security List

associated with the public subnet
The Route Table has no default route for

(Correct)
routing traffic to the Internet Gateway
There is no Dynamic Routing Gateway (DRG) associated with

the VCN.
There is no stateful egress rule in the Security

(Correct)
List associated with the public subnet
Explanation
An internet gateway as an optional virtual router that connects the edge of the VCN with the internet.
To use the gateway, the hosts on both ends of the connection must have public IP addresses for
routing. Connections that originate in your VCN and are destined for a public IP address (either inside
or outside the VCN) go through the internet gateway. Connections that originate outside the VCN
and are destined for a public IP address inside the VCN go through the internet gateway.
Working with Internet Gateways

You create an internet gateway in the context of a specific VCN. In other words, the internet gateway
is automatically attached to a VCN. However, you can disable and re-enable the internet gateway at
any time. Compare this with a dynamic routing gateway (DRG), which you create as a standalone
object that you then attach to a particular VCN. DRGs use a different model because they're intended
to be modular building blocks for privately connecting VCNs to your on-premises network.
For traffic to flow between a subnet and an internet gateway, you must create a route rule accordingly
in the subnet's route table (for example, destination CIDR = 0.0.0.0/0 and target = internet gateway).
If the internet gateway is disabled, that means no traffic will flow to or from the internet even if
there's a route rule that enables that traffic. For more information, see Route Tables.
For the purposes of access control, you must specify the compartment where you want the internet
gateway to reside. If you're not sure which compartment to use, put the internet gateway in the same
compartment as the cloud network. For more information, see Access Control.
You may optionally assign a friendly name to the internet gateway. It doesn't have to be unique, and
you can change it later. Oracle automatically assigns the internet gateway a unique identifier called an
Oracle Cloud ID (OCID). For more information, see Resource Identifiers.
To delete an internet gateway, it does not have to be disabled, but there must not be a route table
that lists it as a target.
AS per compute instances can connect to the Internet so you use egress no ingress
You have successfully configured identity federation between Oracle Cloud Infrastructure (OCI)
and Oracle Identity Cloud Services (IDCS). A new project manager wants access to OCI for her
team and provides the name of an existing group within IDCS to use when granting access.
How do you configure federation to allow the project team access to OCI resources?
Create a new IAM group in OCI and map it to the existing

IDCS group. Create a new policy in IDCS and reference the
name of the IAM group.
Create a new Identity and Access Management (IAM) policy

in OCI and reference the name of the IDCS group in each
policy statement.
Create a new IAM group in OCI and map it to

the existing IDCS group. Create a new IAM
(Correct)
policy and reference the name of the IAM
group in each policy statement.
Create a new compartment in OCI with the same name as

the existing IDCS group. Create an IAM policy that
references the new compartment and the name of the IDCS
group
Explanation
When working with your IdP, your administrator defines groups and assigns each user to one or more
groups according to the type of access the user needs. Oracle Cloud Infrastructure also uses the
concept of groups (in conjunction with IAM policies) to define the type of access a user has. As part of
setting up the relationship with the IdP, your administrator can map each IdP group to a similarly
defined IAM group, so that your company can re-use the IdP group definitions when authorizing user
access to Oracle Cloud Infrastructure resources. Here's a screenshot from the mapping process:
Your on-premises hosted application uses Oracle database server. Your database administrator
must have access to the database server for managing the application. Your database server is
sized for seasonal peak workloads, which results in high licensing costs. You want to move your
application to Oracle Cloud Infrastructure (OCI) to take advantage of CPU scaling options.
Which database offering on OCI would you select?
VM DB systems
Autonomous Data Warehouse (ADW)
Autonomous Transactions Processing (ATP)
bare metal DB systems (Correct)
Explanation
- In, Oracle Autonomous Database, Customers are not given OS logons or SYSDBA privileges to
prevent phishing attacking.
- If a bare metal DB system requires more compute node processing power, you can scale up
(increase) the number of enabled CPU cores in the system without impacting the availability of that
system.
You cannot change the number of CPU cores for a virtual machine DB system in the same way as
metal DB system. Instead, you must change the shape to one with a different number of OCPUs
Changing the shape does not impact the amount of storage available to the DB system. However, the
new shape can have different memory and network bandwidth characteristics, and you might need to
reapply any customizations to these aspects after the change.
You have one database style application that frequently makes many random reads and writes
across the dataset Which storage offering supports this application?
block volume service (Correct)
archive storage service
object storage service
file storage service
Explanation
The Oracle Cloud Infrastructure Block Volume service lets you dynamically provision and
manage block storage volumes . You can create, attach, connect, and move volumes, as well as
change volume performance, as needed, to meet your storage, performance, and application
requirements. After you attach and connect a volume to an instance, you can use the volume like a
regular hard drive. You can also disconnect a volume and attach it to another instance without the
loss of data.
As the Cloud Architect for your company, you have been tasked with designing a high
performance (HPC) cluster in Oracle Cloud Infrastructure (OCI). The following requirements
have been defined :
* The cluster must be a minimum of three nodes, but may increase to six nodes when
demand requires.
* The cluster must be resilient to any potential infrastructure failures.

* To minimize latency, all nodes must be deployed within the same availability domain (AD).
* Adding or replacing nodes within the cluster should take no more than 30 minutes.
Which two steps should be performed to satisfy these requirements in OCI? (Choose two.)
Create a custom image of your HPC node

compute instance. Launch new compute
(Correct)
instances using this image to reduce
provisioning time
Deploy the cluster in a single AD with a shared file system

that leverages the file storage service (FSS). Deploy a
standby cluster in another AD and configure it to use the
same shared file system
Create a backup of your HPC node compute instance boot

volume. Launch new compute instances directly from the
backup reduce provisioning time
Deploy the cluster in a single AD. Place each of

the nodes in one of the three different fault (Correct)
domains in that AD.
Deploy the cluster in a single AD. Place each of the nodes in

a different virtual cloud network (VCN) subnet.
Explanation
A fault domain is a grouping of hardware and infrastructure within an availability domain. Each
availability domain contains three fault domains. Fault domains provide anti-affinity: they let you
distribute your instances so that the instances are not on the same physical hardware within a single
availability domain. A hardware failure or Compute hardware maintenance event that affects one fault
domain does not affect instances in other fault domains. In addition, the physical hardware in a fault
domain has independent and redundant power supplies, which prevents a failure in the power supply
hardware within one fault domain from affecting other fault domains.
To control the placement of your compute instances, bare metal DB system instances, or virtual
machine DB system instances, you can optionally specify the fault domain for a new instance or
instance pool at launch time. If you don't specify the fault domain, the system selects one for you.
Oracle Cloud Infrastructure makes a best-effort anti-affinity placement across different fault domains,
while optimizing for available capacity in the availability domain. To change the fault domain for an
instance, terminate it and launch a new instance in the preferred fault domain.
Use fault domains to do the following things:

Protect against unexpected hardware failures or power supply failures.
Protect against planned outages because of Compute hardware maintenance.
You are designing a networking infrastructure in multiple Oracle Cloud Infrastructure regions
and require connectivity between workloads in each region. You have created a dynamic
routing gateway (DRG) and a remote peering connection. However, your workloads are unable
to communicate with each other. What are two reasons for this?
The security lists associated with subnets in

each virtual cloud network (VCN) do not have (Correct)
the appropriate ingress rules
Identity and Access Management (IAM) policies have not

been defined to allow connectivity across the two VCNs in
different regions
An Internet gateway needs to be created in each VCN with a

default route rule added in the route table forwarding the
traffic to the Internet Gateway
The route table associated with subnets in each

VCN do not have a route rule defined to (Correct)
forward the traffic to their respective DRGs
A local peering gateway needs to be created in each VCN

with a default route rule added in the route table
forwarding the traffic to the local peering gateway
Explanation
Setting Up a Remote Peering
Create the RPCs: Each VCN administrator creates an RPC for their own VCN's DRG.
Share information: The administrators share the basic required information.

Set up the required IAM policies for the connection: The administrators set up IAM policies to
enable the connection to be established.
Establish the connection: The requestor connects the two RPCs (see Important Remote Peering

Conceptsfor the definition of the requestor and acceptor).
Update route tables: Each administrator updates their VCN's route tables to enable traffic between
the peered VCNs as desired.
Update security rules: Each administrator updates their VCN's security rules to enable traffic
between the peered VCNs as desired.
You have an application deployed in Oracle Cloud Infrastructure running only in the Phoenix
region. You were asked to create a disaster recovery (DR) plan that will protect against the loss
of critical data. The DR site must be at least 500 miles from your primary site and data transfer
between the two sites must not traverse the public Internet.
Which is the recommended disaster recovery plan?
Create a DR environment in Ashburn. Associate a dynamic

routing gateway (DRG) with the VCN in each region and
configure an IPsec VPN connection between the two
regions.
Create a new virtual cloud network (VCN) in the Phoenix

region and create a subnet in one availability domain (AD)
that is not currently being used by your production systems.
Establish VCN peering between the production and DR sites.
Create a DR environment in Ashburn. Associate

a DRG with the VCN in each region and create
(Correct)
a remote peering connection between the two
VCNs.
Create a DR environment in Ashburn and provision a

FastConnect virtual circuit using DRG between the regions.
Explanation
Remote VCN peering is the process of connecting two VCNs in different regions (but the
same tenancy ). The peering allows the VCNs' resources to communicate using private IP addresses
without routing the traffic over the internet or through your on-premises network. Without peering, a
given VCN would need an internet gateway and public IP addresses for the instances that need to
communicate with another VCN in a different region.
Summary of Networking Components for Remote Peering
At a high level, the Networking service components required for a remote peering include:
Two VCNs with non-overlapping CIDRs, in different regions that support remote peering. The VCNs
must be in the same tenancy.
A dynamic routing gateway (DRG) attached to each VCN in the peering relationship. Your VCN already
has a DRG if you're using an IPSec VPN or an Oracle Cloud Infrastructure FastConnect private virtual
circuit.
A remote peering connection (RPC) on each DRG in the peering relationship.
A connection between those two RPCs.

Supporting route rules to enable traffic to flow over the connection, and only to and from select
subnets in the respective VCNs (if desired).
Supporting security rules to control the types of traffic allowed to and from the instances in the
subnets that need to communicate with the other VCN.
You want an Oracle Cloud Infrastructure (OCI) compute instance in your compartment to make
API calls to other services within OCI without storing credentials in a configuration file.
What do you need to do?
By default, all VM instances are created with an instance

principal. Reference this instance principal in your IAM
policy statement
VM instances are treated as users. Create a user, assign the

user to that VM instance, and reference the instance in your
Identity and Access Management (IAM) policy statement
Create a dynamic group with appropriate

matching rules to include the instance, and
(Correct)
reference this group in your IAM policy
statement
Instances cannot access services outside their compartment
You have an Oracle Cloud Infrastructure (OCI) load balancer distributing traffic via an evenly-
weighted round robin policy to your backend web servers. You notice that one of your web
servers is receiving more traffic than other web servers.
How can you resolve this imbalance?
Disable session persistence on your backend

(Correct)
set
Create separate listeners for each backend web server
Delete and re-create your OCI load balancer
Check security lists and route tables of your virtual cloud

network (VCN) and fix any issues associated with the rules
Explanation
Session persistence is a method to direct all requests originating from a single logical client to a
single backend web server. Backend servers that use caching to improve performance, or to enable
log-in sessions or shopping carts, can benefit from session persistence
Which two options are true for Autonomous Transaction Processing (ATP) database? (Choose
two.)
You can add/remove Diskgroup in ATP
You can scale CPU up or down in ATP (Correct)
You can add new ORACLE_HOME for bringing older versions

of on-premises databases to ATP
You can add more Pluggable Databases for consolidating

multiple databases in ATP
You can scale storage up or down in ATP (Correct)
Explanation
You can scale up/down your Autonomous Database to scale both in terms of compute and storage
only when needed, allows people to pay per use.
Oracle allows you to scale compute and storage independently, no need to do it together. these
scaling activities fully online (no downtime required)
in Details page Autonomous Database click Scale Up/Down. Click on arrow to select a value for CPU
Core Count or Storage (TB).
Or Select auto scaling to allow the system to automatically use up to three times more CPU and IO
resources to meet workload demand, compared to the database operating with auto scaling disabled.
You are an administrator with an application running on OCI. The company has a fleet of OCI
compute virtual instances behind an OCI Load Balancer. The OCI Load Balancer Backend Set
health check API is providing a ‘Critical’ level warning. You have confirmed that your
application is running healthy on the backend servers.
What is the possible reason for this ‘Critical’ warning?
A user does not have correct IAM credentials on the

Backend Servers
The Backend Server VCN’s Route Table does not include the
route for OCI LB
OCI Load Balancer Listener is not configured correctly
The Backend Server VCN’s Security List does

not include the IP range for the source of the (Correct)
health check requests
Explanation
A SECURITY RULE IS MISCONFIGURED. Health status indicators help you diagnose two cases of
misconfigured security rules: l All entity health status indicators report OK, but traffic does not flow (as
with misconfigured listeners). If the listener is not at fault, check the security rule configuration. l All
entity health statuses report as unhealthy. You have checked your health check configuration and
your services run properly on your backend servers. In this case, your security rules might not include
the IP range for the source of the health check requests. You can find the health check source IP on
the Details page for each backend server. You can also use the API to find the IP in the
sourceIpAddress field of the HealthCheckResult object
Which two statements are true about DB Systems in Oracle Cloud Infrastructure? (Choose two.)
Customers can manage the TDE Wallet after DB

(Correct)
Systems are provisioned
Customers have no control over database patching
The database and backups are encrypted by

(Correct)
default
Customers can consolidate multiple database homes on a

single virtual machine database host
Explanation
All databases created in Oracle Cloud Infrastructure are encrypted using transparent data encryption
(TDE).
Oracle Cloud Infrastructure encrypts all managed backups in the object store. Oracle uses the
Database Transparent Encryption feature by default for encrypting the backups. and the customers
can manage the TDE Wallet after DB Systems are provisioned.
Which two are a valid image source when launching a new compute instance? (Choose two.)
bare metal instance
boot volume (Correct)
custom image (Correct)
object storage
Explanation
A template of a virtual hard drive that determines the operating system and other software for an
instance. For details about Oracle Cloud Infrastructure platform images, see Oracle-Provided Images.
You can also launch instances from:
Trusted third-party images published by Oracle partners from the Partner Image catalog. For more
information about partner images, see Overview of Marketplace and Working with Listings.
Pre-built Oracle enterprise images and solutions enabled for Oracle Cloud Infrastructure
Custom images, including bring your own image scenarios.

Boot Volumes.
Which statement is true about Oracle Cloud Infrastructure (OCI) object storage support for
server-side encryption?
You must manually enable server-side encryption for each

object as you upload to OCI object storage
Only the object data is encrypted and the user-defined

metadata that is associated with the object is not encrypted
Objects are automatically encrypted as they are

uploaded to object storage and decrypted (Correct)
upon retrieval
You must manually decrypt the data when retrieving from

OCI object storage
Explanation
- Oracle Object Storage supports server-side encryption. All data stored in Oracle Object Storage is
automatically encrypted
- Encryption is automatically enabled for all data with no action required on the part of customers.
- Oracle encrypt both the object data and the user-defined metadata associated with the object.
Ref : https://www.oracle.com/cloud/storage/object-storage-faq.html
Which two statements are true about an Oracle Cloud Infrastructure object storage bucket?
(Choose two.)
You can associate a bucket with multiple compartments
You can associate a bucket with only a single

(Correct)
compartment
You cannot change a bucket from private to public after it is

created
You cannot edit or append data to an object,

(Correct)
but you can replace the entire object
Explanation
A bucket is associated with a single compartment.
You can't edit or append data to an object, but you can replace the entire object.
Which two statements are true regarding cloning a block volume?
You can clone block volumes across regions
You can change the block volume size when

(Correct)
creating a clone
You can skip block volume encryption when creating a clone
You can change the block volume performance

(Correct)
when creating a clone
Explanation
You can create a clone from a volume using the Block Volume service. Cloning enables you to make a
copy of an existing block volume without needing to go through the backup and restore process.
A cloned volume is a point-in-time direct disk-to-disk deep copy of the source volume, so all the data
that is in the source volume when the clone is created is copied to the clone volume.
You can only create a clone for a volume within the same region, availability domain and tenant. You
can create a clone for a volume between compartments as long as you have the required access
permissions for the operation.
during create a clone you can do the following
If you want to clone the block volume to a larger size volume, check Custom Block Volume Size
(GB) and then specify the new size. You can only increase the size of the volume, you cannot decrease
the size. If you clone the block volume to a larger size volume, you need to extend the volume's
partition. See Extending the Partition for a Block Volume for more information.
If you want to change the elastic performance setting when cloning the volume, check Custom Block
Volume Performance and select the elastic performance setting you want the volume clone to use.
See Block Volume Elastic Performance for more information. You can also change the elastic
performance setting after you have cloned the volume, see Block Volume Elastic Performance. If you
leave Custom Block Volume Performanceunchecked, the cloned volume will use the same elastic
performance setting as the source volume.
Question 2: Skipped
You have created a new compartment called Production to host some production apps. You
have also created users in your tenancy and added them to a Group called "production group".
Your users are still unable to access the Production compartment. How can you resolve this
situation?
Your users get automatic access to all compartments, so no

further action is needed
Every compartment you create comes with a predefined set

of policies, so no further action is needed
Write an IAM Policy for "production_group"

granting it access to the production (Correct)
compartment
Write an IAM Policy for each specific user granting them

access to the production compartment
Explanation
When creating a compartment, you must provide a name for it (maximum 100 characters, including
letters, numbers, periods, hyphens, and underscores) that is unique within its parent compartment.
You must also provide a description, which is a non-unique, changeable description for the
compartment, from 1 through 400 characters.
After creating a compartment, you need to write at least one policy for it, otherwise no one can
access it (except administrators or users who have permissions set at the tenancy level). When
creating a compartment inside another compartment, the compartment inherits access permissions
from compartments higher up its hierarchy.
When you create an access policy, you need to specify which compartment to attach it to. This
controls who can later modify or delete the policy. Depending on how you've designed your
compartment hierarchy, you might attach it to the tenancy, a parent, or to the specific compartment
itself.
Question 3: Skipped
Which two options are available within the service console of Autonomous Transaction
Processing?
Fine tune a long running query using optimizer hints
Perform a manual backup of the ATP database
Monitor the health of the database server

(Correct)
including CPU, memory and query performance
Configure resource management rules and

(Correct)
reset the admin password
Explanation
Question 4: Skipped
You are running several Linux based operating systems in your on .premises environment that
you want to import to OCI as custom images. You can launch your imported images as OCI
compute Virtual machines. Which two modes below can be used to launch these imported
Linux VMs?
Emulated (Correct)
Paravirtualized (Correct)
Mixed
Native
Explanation
You can use the Console or API to import exported images from Object Storage. To import an image,
you need read access to the Object Storage object containing the image.
during the Import you can select the Launch mode:
For custom images where the image format is .oci , Oracle Cloud Infrastructure selects the
applicable launch mode based on the launch mode for the source image.
For custom images exported from Oracle Cloud Infrastructure where the image type is QCOW2,
select Native Mode.
To import other custom images select Paravirtualized Mode or Emulated Mode. For more

information, see Bring Your Own Image (BYOI).
Question 5: Skipped
You have an application deployed in Oracle Cloud Infrastructure running in the US East region.
You have been asked to create a disaster recovery plan that will protect against the loss of
critical data. The DR site must be at least a few hundred miles from your primary site and data
transfer between the two sites must not traverse the public Internet. Which is the lowest
latency and lowest cost recommended disaster recovery plan?
Create a DR environment in the US West region. Associate a

Local Peering Gateway with the VCN in each region and
create a local peering connection between the two VCNs
Create a DR environment in the US West

region. Associate a Dynamic Routing Gateway
(DRG) with the VCN in each region and create a (Correct)
remote peering connection between the two
VCNs
Create a DR environment in the US West region and

provision a FastConnect virtual circuit using Dynamic
Routing Gateways between the regions
Create a DR environment in the US West region. Associate a

Dynamic Routing Gateway (DRG) with the VCN in each
region and configure an IPsec VPN connection between the
two regions
Explanation
Remote VCN peering is the process of connecting two VCNs in different regions (but the
same tenancy ). The peering allows the VCNs' resources to communicate using private IP addresses
without routing the traffic over the internet or through your on-premises network. Without peering, a
given VCN would need an internet gateway and public IP addresses for the instances that need to
communicate with another VCN in a different region.
At a high level, the Networking service components required for a remote peering include:
- Two VCNs with non-overlapping CIDRs, in different regions that support remote peering. The VCNs
must be in the same tenancy.
- A dynamic routing gateway (DRG) attached to each VCN in the peering relationship. Your VCN
already has a DRG if you're using an IPSec VPN or an Oracle Cloud Infrastructure FastConnect private
virtual circuit.
A remote peering connection (RPC) on each DRG in the peering relationship.
A connection between those two RPCs.

Supporting route rules to enable traffic to flow over the connection, and only to and from select
subnets in the respective VCNs (if desired).
Supporting security rules to control the types of traffic allowed to and from the instances in the
subnets that need to communicate with the other VCN.
Question 6: Skipped
Which three items must be configured for a load balancer to accept incoming traffic?
A security list that is open on the listener port (Correct)
SSL certificate
A backend set with at least one backend server (Correct)
A route table entry pointing to the listener IP address
A listener (Correct)
Explanation
The essential components for load balancing include:
1- A load balancer with pre-provisioned bandwidth.
2- A backend set with a health check policy. See Managing Backend Sets.

3- Backend servers for your backend set. See Managing Backend Servers.
4- One or more listeners . See Managing Load Balancer Listeners.

5- Load balancer subnet security rules to allow the intended traffic. To learn more about these rules,
see Security Rules.
Optionally, you can associate your listeners with SSL server certificate bundles to manage how your
system handles SSL traffic.
Question 7: Skipped
Which is a customer's responsibility on an Oracle Cloud Infrastructure DB System?
Creating an ASM diskgroup for data file or temp file storage
Applying patches to the database and OS (Correct)
Installing the operating system (OS), Grid Infrastructure, and

database software
Creating the first database on the DB System
Explanation
Oracle automatically takes care of Operating system Installation/Configuration, Grid Infrastructure,
ASM diskgroup Creation/Configuration , and database software Installation and first database on the
DB System. that's all when Creating DB Systems. and then the customer responsible to apply the
patches to the database and OS
Question 8: Skipped
Which two statements are true about Oracle Cloud Infrastructure IPSec VPN Connect?
OCI IPSec VPN tunnel supports only static routes to route

traffic
OCI IPSec VPN can be configured in tunnel

(Correct)
mode only
Each OCI IPSec VPN consists of multiple

(Correct)
redundant IPSec tunnels
OCI IPSec VPN can be configured in trans port mode only
Explanation
VPN Connect provides a site-to-site IPSec VPN between your on-premises network and your virtual
cloud network (VCN). The IPSec protocol suite encrypts IP traffic before the packets are transferred
from the source to the destination and decrypts the traffic when it arrives.
On general, IPSec can be configured in the following modes:

Transport mode: IPSec encrypts and authenticates only the actual payload of the packet, and the
header information stays intact.
Tunnel mode (supported by Oracle): IPSec encrypts and authenticates the entire packet. After
encryption, the packet is then encapsulated to form a new IP packet that has different header
information.
Oracle Cloud Infrastructure supports only the tunnel mode for IPSec VPNs.
Each Oracle IPSec VPN consists of multiple redundant IPSec tunnels. For a given tunnel, you can use
either Border Gateway Protocol (BGP) dynamic routing or static routing to route that tunnel's
traffic. More details about routing follow.
IPSec VPN site-to-site tunnels offer the following advantages:

Public internet lines are used to transmit data, so dedicated, expensive lease lines from one site to
another aren't necessary.
The internal IP addresses of the participating networks and nodes are hidden from external users.
The entire communication between the source and destination sites is encrypted, significantly
lowering the chances of information theft.
Question 9: Skipped
Which two Oracle Cloud Infrastructure services use a Dynamic Routing Gateway?
Internet Gateway
OCI FastConnect Public Peering
OCI IPSec VPN Connect (Correct)
Local Peering
OCI FastConnect Private Peering (Correct)
Explanation
You can think of a DRG as a virtual router that provides a path for private traffic (that is, traffic that
uses private IPv4 addresses) between your VCN and networks outside the VCN's region.
You use a DRG when connecting your existing on-premises network to your virtual cloud network
(VCN) with one (or both) of these:
IPSec VPN
Oracle Cloud Infrastructure FastConnect (Private Only)

You also use a DRG when peering a VCN with a VCN in a different region:
Remote VCN Peering (Across Regions)
A customer has launched a compute instance In the Virtual Cloud Network (VCN), which has an
internet gateway, a service gateway, a default security lists and a default route table. Customer
has opened up Port 22 In the security lists attached to the compute Instance subnet, however is
still unable to connect to compute Instances using ssh.
Which option would remedy this situation?
Modify the route table associated with the VCN

subnet in which the instance resides. Add a
following route to the route table. (Correct)
Destination CIDB: 0.0.0.0/0 Target: Internet
Gateway <"GM)
Modify the route table associated with the VCN subnet In

which the Instance resides. Add a following route to the
route table.
Destination CIDR: 0.0.0.0/0 Target: Service Gateway (SGW)
Modify the security list associated with the VCN subnet In

hi h th I t id Add t t f l l t
which the Instance resides. Add a stateful egress rule to
allow ichp traffic in addition to the port 22
Modify the route table associated with the VCN subnet in

which the instance resides. Add a following route to the
route table.
Destination CIDP: 0.0.0.0/0
Target: Dynamic Routing Gateway (ORG)
Explanation
You create an internet gateway in the context of a specific VCN. In other words, the internet gateway
is automatically attached to a VCN. However, you can disable and re-enable the internet gateway at
any time.
For traffic to flow between a subnet and an internet gateway, you must create a route rule accordingly
in the subnet's route table (for example, destination CIDR = 0.0.0.0/0 and target = internet gateway).
If the internet gateway is disabled, that means no traffic will flow to or from the internet even if
there's a route rule that enables that traffic.
For the purposes of access control, you must specify the compartment where you want the internet
gateway to reside. If you're not sure which compartment to use, put the internet gateway in the same
compartment as the cloud network.
You have two NFS clients running in two different subnets within the same Oracle Cloud
Infrastructure (OCI) Virtual Cloud Network (VCN). You have created a shared file system for the
two NFS clients who want to connect to the same file system, but you want to restrict one of
the clients to have READ access while the other has READ/Write access. Which OCr feature
would you leverage to meet this requirement?
Use File Storage NFS Export Options to control

(Correct)
access for the NFS clients
Use VCN security rules to control access for the NFS clients
Use OCI Identity Access Management to control access for

the NFS clients
Use NFS security to control access for the NES clients
Explanation
Oracle Cloud Infrastructure File Storage service provides a durable, scalable, secure, enterprise-grade
network file system. You can connect to a File Storage service file system from any bare metal, virtual
machine, or container instance in your Virtual Cloud Network (VCN). You can also access a file system
from outside the VCN using Oracle Cloud Infrastructure FastConnect and Internet Protocol security
(IPSec) virtual private network (VPN).
EXPORT
Exports control how NFS clients access file systems when they connect to a mount target. File systems
are exported (made available) through mount targets. Each mount target maintains an export set
which contains one or many exports. A file system must have at least one export in one mount target
in order for instances to mount the file system. The information used by an export includes the file
system OCID, mount target OCID, export set OCID, export path, and client export options. For more
information, see Managing Mount Targets.
EXPORT SET
Collection of one or more exports that control what file systems the mount target exports using
NFSv3 protocol and how those file systems are found using the NFS mount protocol. Each mount
target has an export set. Each file system associated with the mount target has at least one export in
the export set.
EXPORT PATH
A path that is specified when an export is created. It uniquely identifies the file system within the
mount target, letting you associate up to 100 file systems to a single mount target. This path is
unrelated to any path within the file system itself, or the client mount point path.
EXPORT OPTIONS
NFS export options are a set of parameters within the export that specify the level of access granted
to NFS clients when they connect to a mount target. An NFS export options entry within an export
defines access for a single IP address or CIDR block range. For more information, see Working with
NFS Export Options.
Which two statements are true about the Oracle Cloud Infrastructure object storage service?
It provides strong consistency (Correct)
It provides higher lOPS than block storage.
It can be directly attached to or detached from a compute

instance
Data is stored redundantly across multiple

(Correct)
availability domains (ADs) in a multi-AD region
Explanation
Object Storage provides the following features:
STRONG CONSISTENCYWhen a read request is made, Object Storage always serves the most recent
copy of the data that was written to the system.DURABILITYObject Storage is a regional service. Data
is stored redundantly across multiple storage servers. Object Storage actively monitors data integrity
using checksums and automatically detects and repairs corrupt data. Object Storage actively monitors
and ensures data redundancy. If a redundancy loss is detected, Object Storage automatically creates
more data copies. For more details about Object Storage durability, see the Oracle Cloud
Infrastructure Object Storage FAQ.CUSTOM METADATAYou can define your own extensive metadata
as key-value pairs for any purpose. For example, you can create descriptive tags for objects, retrieve
those tags, and sort through the data. You can assign custom metadata to objects and buckets using
the Oracle Cloud Infrastructure CLI or SDK. See Software Development Kits and Command Line
Interface for details.ENCRYPTIONObject Storage employs 256-bit Advanced Encryption Standard
(AES-256) to encrypt object data on the server. Each object is encrypted with its own data encryption
key. Data encryption keys are always encrypted with a master encryption key that is assigned to the
bucket. Encryption is enabled by default and cannot be turned off. By default, Oracle manages the
master encryption key. However, you can optionally configure a bucket so that it's assigned an Oracle
Cloud Infrastructure Vault master encryption key that you control and rotate on your own schedule.
You deployed a web server in Oracle Cloud Infrastructure using an Ephemeral Public IP address.
While making configuration changes, an admin inadvertently deleted your web seNer. You
redeploy your web server, but many of your LOB apps depend on this web server's public IP
address and would need an update. What can you do to prevent this from happening again?
Create a reserved public IP and associate it with the subnet

of your compute instance
Create a reserved public IP and associate it with

(Correct)
the virtual NIC of your compute instance
Create a reserved public I P and associate it with the hosts

file of your web server
Create a reserved public IP and associate it with the security

list for the subnet being used by your compute instance
Explanation
A public IP address is an IPv4 address that is reachable from the internet. If a resource in your tenancy
needs to be directly reachable from the internet, it must have a public IP address. Depending on the
type of resource, there might be other requirements.
There are two types of public IPs:

Ephemeral: Think of it as temporary and existing for the lifetime of the instance.
Reserved: Think of it as persistent and existing beyond the lifetime of the instance it's assigned to.
You can unassign it and then reassign it to another instance whenever you like. Exception: reserved
public IPs on public load balancers.
To create a new reserved public IP in your pool

Confirm you're viewing the region and compartment where you want to create the reserved public IP.
Open the navigation menu. Under Core Infrastructure, go to Networking and click Public IPs.
Click Create Reserved Public IP.
Enter the following:

Name: An optional friendly name for the reserved public IP. The name doesn't have to be unique, and
you can change it later. Avoid entering confidential information.
Compartment: Leave as is.
Tags:Optionally, you can apply tags. If you have permissions to create a resource, you also have
permissions to apply free-form tags to that resource. To apply a defined tag, you must have
permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you
are not sure if you should apply tags, skip this option (you can apply tags later) or ask your
administrator.
Click Create Reserved Public IP.
To assign a reserved public IP to a private IP

Prerequisite: The private IP must not have an ephemeral or reserved public IP already assigned to it. If
it does, first delete the ephemeral public IP, or unassign the reserved public IP.
Confirm you're viewing the compartment that contains the instance with the private IP you're
interested in.
Open the navigation menu. Under Core Infrastructure, go to Compute and click Instances.
Click the instance to view its details.

Under Resources, click Attached VNICs.
The primary VNIC and any secondary VNICs attached to the instance are displayed.
Click the VNIC you're interested in.
Under Resources, click IP Addresses.

The VNIC's primary private IP and any secondary private IPs are displayed.
For the private IP you're interested in, click the Actions icon (three dots), and then click Edit.
In the Public IP Address section, for Public IP Type, select the radio button for Reserved Public IP.
Enter the following:

Compartment: The compartment that contains the reserved public IP you want to assign.
Reserved Public IP: The reserved public IP you want to assign. You have three choices:
Create a new reserved public IP. You may optionally provide a friendly name for it. The name doesn't
have to be unique, and you can change it later. Avoid entering confidential information.
Assign a reserved public IP that is currently unassigned.

Move a reserved public IP from another private IP.
Click Update.
Which statement is true about the Oracle Cloud Infrastructure File Storage Service Snapshots?
Snapshots are created under the root folder of

file system, in a hidden directory named (Correct)
.snapshot
You can restore the whole snapshot, but not the individual
files
Snapshots are not incremental
It Is not possible to create snapshots from OCI console, but

just the CLI
Explanation
The File Storage service supports snapshots for data protection of your file system. Snapshots are a
consistent, point-in-time view of your file systems. Snapshots are copy-on-write, and scoped to the
entire file system. The File Storage service encrypts all file system and snapshot data at rest. You can
take as many snapshots as you need.
Data usage is metered against differentiated snapshot data. If nothing has changed within the file
system since the last snapshot was taken, the new snapshot does not consume more storage
Snapshots are accessible under the root directory of the file system at .snapshot/name . For data
protection, you can use a tool that supports NFSv3 to copy your data to a different availability
domain, region, file system, object storage, or remote location.
You have five different company locations spread across the US. For a proof-of-concept (POC)
you need to setup secure and encrypted connectivity to your workloads running in a single
virtual cloud network (VCN) in the Oracle Cloud Infrastructure Ashburn region from all
company locations.
What would meet this requirement?
Create five IPsec VPN connections with each company

location and terminate those connections on five separate
DRGs. Attach those DRGs to your VCN
Create five internet gateways in your VCN and have

separate route table for each internet gateway.
Create five IPsec connections with each

company location and terminate those
connections on a single DRG. Attach that DRG (Correct)
to your VCN.
Create five virtual circuits using FastConnect for each

company location and terminate those connections on a
single dynamic routing gateway (DRG). Attach that DRG to
your VCN
Explanation
Access to Your On-Premises Network
There are two ways to connect your on-premises network to Oracle Cloud Infrastructure:
VPN Connect: Offers multiple IPSec tunnels between your existing network's edge and your VCN, by
way of a DRG that you create and attach to your VCN.
Oracle Cloud Infrastructure FastConnect: Offers a private connection between your existing network's
edge and Oracle Cloud Infrastructure. Traffic does not traverse the internet. Both private peering and
public peering are supported. That means your on-premises hosts can access private IPv4 addresses
in your VCN as well as regional public IPv4 addresses in Oracle Cloud Infrastructure (for example,
Object Storage or public load balancers in your VCN).
You can use one or both types of the preceding connections. If you use both, you can use them
simultaneously, or in a redundant configuration. These connections come to your VCN by way of a
single DRG that you create and attach to your VCN. Without that DRG attachment and a route rule for
the DRG, traffic does not flow between your VCN and on-premises network. At any time, you can
detach the DRG from your VCN but maintain all the remaining components that form the rest of the
connection. You could then reattach the DRG again, or attach it to another VCN.
The Oracle Cloud Infrastructure Block Volume service lets you expand the size of block and
boot volumes. Which three options below can you use to increase the size of your block
volumes?
Clone an existing volume to a new, larger

(Correct)
volume
You can only expand block volumes and not boot volumes
Expand an existing volume in place with online resizing

Take a backup of your existing volume and

restore from the volume backup to a larger (Correct)
volume
Expand an existing volume in place with offline

(Correct)
resizing
Explanation
The Oracle Cloud Infrastructure Block Volume service lets you expand the size of block volumes and
boot volumes. You have three options to increase the size of your volumes:
Expand an existing volume in place with offline resizing. See Resizing a Volume Using the
Console for the steps to do this.
Restore from a volume backup to a larger volume. See Restoring a Backup to a New
Volumeand Restoring a Boot Volume.
Clone an existing volume to a new, larger volume. See Cloning a Volume and Cloning a Boot Volume.
Which two statements are true about Autonomous Data Warehouse (ADW) backup
You can backup ADW database only to a

(Correct)
standard bucket type in OCI object storage
Oracle Cloud Infrastructure (OCI) recommends backing up

ADW databases manually to on-premises storage devices
You must backup ADW database to object storage bucket

named ADW_backup
You can perform manual backups to OCI object

storage in addition to automated backups (Correct)
available on ADW
Explanation
Autonomous Database automatically backs up your database for you.In addition to automatic
backups Autonomous Database also allows you take manual backups to your Oracle Cloud
Infrastructure Object Storage. for example if you want to take a backup before a major change to
make restore and recovery faster.
Also, Manual backups are only supported with buckets created in the standard storage tier
if you provision an Autonomous Data Warehouse instance named ADWC1, the bucket name should
be backup_adwc1 (the bucket name is lowercase)
You have an instance running in a development compartment that needs to make API calls
against other OCI services, but you do not want to configure user credentials or a store a
configuration file on the instance. How can you meet this requirement?
Instances can automatically make calls to other OCI services
Create a dynamic group with matching rules to include your

instance
Instances are secure and cannot make calls to other OCI

services
Create a dynamic group with matching rules to

include your instance and write a policy for this (Correct)
dynamic group
Explanation
Dynamic groups allow you to group Oracle Cloud Infrastructure computer instances as "principal"
actors (similar to user groups).
When you create a dynamic group, rather than adding members explicitly to the group, you instead
define a set of matching rules to define the group members. For example, a rule could specify that all
instances in a particular compartment are members of the dynamic group. The members can change
dynamically as instances are launched and terminated in that compartment.
A dynamic group has no permissions until you write at least one policy that gives that dynamic group
permission to either the tenancy or a compartment. When writing the policy, you can specify the
dynamic group by using either the unique name or the dynamic group's OCID. Per the preceding
note, even if you specify the dynamic group name in the policy, IAM internally uses the OCID to
determine the dynamic group.
Which of the following two tasks can be performed in the Oracle Cloud Infrastructure Console
for Autonomous Data Warehouse?
Adjust Network Bandwidth
Scale up/down Memory
Scale up/down CPU (Correct)
Increase Storage allocated for Database (Correct)
Explanation
You can scale up/down your Autonomous Database to scale both in terms of compute (CPU) and
storage only when needed, allows people to pay per use.
Oracle allows you to scale compute and storage independently, no need to do it together. these
scaling activities fully online (no downtime required)
in Details page Autonomous Database in OCI console, click Scale Up/Down. Click on arrow to select a
value for CPU Core Count or Storage (TB).
Or Select auto scaling to allow the system to automatically use up to three times more CPU and IO
resources to meet workload demand, compared to the database operating with auto scaling disabled.
Which two characteristics do you need to consider when choosing a method to migrate a
database to Oracle Cloud Infrastructure (OCI)?
On-premises connectivity using remote and local virtual

cloud network (VCN) peering
On-premises host operating system platform

(Correct)
and network bandwidth
On-premises database version and quantity of

(Correct)
data, including indexes
On-premises database character set and application version
Explanation
You can migrate your on-premises Oracle Database to an Oracle Cloud Infrastructure Database
service database using a number of different methods that use several different tools. The method
that applies to a given migration scenario depends on several factors, including the version, character
set, and platform endian format of the source and target databases.
Choosing a Migration Method
Not all migration methods apply to all migration scenarios. Many of the migration methods apply
only if specific characteristics of the source and destination databases match or are compatible.
Moreover, additional factors can affect which method you choose for your migration from among the
methods that are technically applicable to your migration scenario.
Some of the characteristics and factors to consider when choosing a migration method are:
On-premises database version
Database service database version

On-premises host operating system and version
On-premises database character set

Quantity of data, including indexes
Data types used in the on-premises database

Storage for data staging
Acceptable length of system outage
Network bandwidth
To determine which migration methods are applicable to your migration scenario, gather the
following information.
1) Database version of your on-premises database:
Oracle Database 12c Release 2 version 12.2.0.1

Oracle Database 12c Release 1 version 12.1.0.2 or higher
Oracle Database 12c Release 1 version lower than 12.1.0.2

Oracle Database 11g Release 2 version 11.2.0.3 or higher
Oracle Database 11g Release 2 version lower than 11.2.0.3
2) For on-premises Oracle Database 12c Release 2 and Oracle Database 12c Release 1 databases, the
architecture of the database:
Multitenant container database (CDB)
Non-CDB
3) Endian format (byte ordering) of your on-premises database’s host platform

Some platforms are little endian and others are big endian. Query V$TRANSPORTABLE_PLATFORM to
identify the endian format, and to determine whether cross-platform tablespace transport is
supported.
The Oracle Cloud Infrastructure Database uses the Linux platform, which is little endian.
4) Database character set of your on-premises database and the Oracle Cloud Infrastructure Database
database.
Some migration methods require that the source and target databases use compatible database
character sets.
5) Database version of the Oracle Cloud Infrastructure Database database you are migrating to:
Oracle Database 12c Release 2

Oracle Database 12c Release 1
Oracle Database 11g Release 2

Oracle Database 12c Release 2 and Oracle Database 12c Release 1 databases created on the Database
service use CDB architecture. Databases created using the Enterprise Edition software edition are
single-tenant, and databases created using the High Performance or Extreme Performance software
editions are multitenant.
You have launched a compute instance running Oracle database in a private subnet in the
Oracle Cloud Infrastructure US East region. You have also created a Service Gateway to back up
the data files to OCI Object Storage in the same region. You have modified the security list
associated with the private subnet to allow traffic to the Service Gateway, but your instance
still cannot access OCI Object Storage. How can you resolve this issue?
Add a stateful rule that enables ingress HTTPS (TOP port

443) traffic to 001 Object Storage in the security list
associated with the private subnet
Use the default Security List, which has ports open for OCI
Object Storage
Add a rule in the Route Table associated with

the private subnet with Target type as "Service
(Correct)
Gateway" and destination service as all IAD
services in the Oracle Service Network.'
Add a stateful rule that enables egress HTTPS (TCP port 443)
traffic to OCI Object Storage in the security list associated
with the private subnet
Explanation
A service gateway lets your virtual cloud network (VCN) privately access specific Oracle services
without exposing the data to the public internet. No internet gateway or NAT is required to reach
those specific services. The resources in the VCN can be in a private subnet and use only private IP
addresses. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and
never traverses the internet.
The service gateway is regional and enables access only to supported Oracle services in the same
region as the VCN.
For traffic to be routed from a subnet in your VCN to a service gateway, you must add a rule
accordingly to the subnet's route table. The rule must use the service gateway as the target. For the
destination, you must use the service CIDR label that is enabled for the service gateway. This means
that you don't have to know the specific public CIDRs, which could change over time.
You have the following compartment structure in your tenancy. Root compartment->Training-
>Training-subl ->Training-sub2 You create a policy in the root compartment to allow the
default admin for the account (Administrators) to manage block volumes in compartment
Training-sub2. What policy would you write to meet this requirement?
Allow group Administrators to manage volume-family in

compartment Training-sub2

root compartment
Allow group Administrators to manage

volume-family in compartment Training: (Correct)
Training-sub 1 :Training-sub2

compartment Training-sub1 :Training-sub2
Explanation
a policy statement must specify the compartment for which access is being granted (or the tenancy).
Where you create the policy determines who can update the policy. If you attach the policy to the
compartment or its parent, you can simply specify the compartment name. If you attach the policy
further up the hierarchy, you must specify the path. The format of the path is each compartment
name (or OCID) in the path, separated by a colon:
<compartment_level_1>:<compartment_level_2>: . . . <compartment_level_n>
For example, assume you have a three-level compartment hierarchy, shown here:
You want to create a policy to allow NetworkAdmins to manage VCNs in CompartmentC. If you want
to attach this policy to CompartmentC or to its parent, CompartmentB, write this policy statement:
Allow group NewtworkAdmins to manage virtual-network-family in compartment CompartmentC
However, if you want to attach this policy to CompartmentA (so that only administrators of
CompartmentA can modify it), write this policy statement that specifies the path:
Allow group NewtworkAdmins to manage virtual-network-family in compartment CompartmentB
To attach this policy to the tenancy, write this policy statement that specifies the path from
CompartmentA to CompartmentC:
Allow group NewtworkAdmins to manage virtual-network-family in compartment CompartmentA
Which statement is true about the Oracle Cloud Infrastructure File Storage Service Mount
Target?
Mount target has a public IP address and DNS name
Each mount target requires six internal IP addresses in the

subnet to function
Mount target lives in a single subnet of your choice, but is

not highly available
You can access multiple file systems through a

(Correct)
single mount target
Explanation
A mount target is an NFS endpoint that lives in a VCN subnet of your choice and provides network
access for file systems. The mount target provides the IP address or DNS name that is used together
with a unique export path to mount the file system. A single mount target can export many file
systems. Typically, you create your first mount target and export when you create your first file
system. The mount target maintains an export set which contains all of the exports for its associated
file systems.
Limitations and Considerations
Each availability domain is limited to two mount targets by default. However, you can export up to
100 file systems through each mount target.
See Service Limits for a list of applicable limits and instructions for requesting a limit increase.
Each mount target requires three internal IP addresses in the subnet to function. Two of the IP
addresses are used during mount target creation. The third IP address must remain available for the
mount target to use for high availability failover.
The File Storage service doesn't "reserve" the third IP address required for high availability failover.
Use care when designing your subnets and file systems to ensure that sufficient IP addresses remain
available for your mount targets.
Your IT department wants to cut down storage costs, but also meet compliance requirements
as set up by the central audit group. You have a legacy bucket with both Word does (*.docx)
and Excel files (*.xlsx). Your auditors want to retain only Excel files for compliance purposes.
Your IT departments wants to keep all other files for 365 days only. What two steps can you
take to meet this requirement?
Create Object Storage Lifecycle rules to delete

objects from the legacy bucket after 365 days (Correct)
with a filter type - exclude by pattern: ''.xlsx"
Create Object Storage Lifecycle rules to delete

objects from the legacy bucket after 365 days (Correct)
with a filter type - include by pattern: ''.docx
Create Object Storage Lifecycle rules to archive objects from

the legacy bucket after 365 days without any pattern
matching
It is not possible to meet this requirement

Create Object Storage Lifecycle rules to delete objects from

the legacy bucket after 365 days without any pattern
matching
Explanation
Object Lifecycle Management lets you automatically manage the archiving and deletion of objects. By
using Object Lifecycle Management to manage your Object Storage and Archive Storagedata, you can
reduce your storage costs and the amount of time you spend managing data.
Use object name filters to specify which objects the lifecycle rule applies to.
You can add object filters in any order. Object Lifecycle Management evaluates the precedence of the
rules as follows:
Pattern exclusions
Pattern inclusions
Prefix inclusions
You have a working application in the US East region. The app is a 3-tier app with a database
backend - you take regular backups of the database into OCI Object Storage in the US East
region. For Business continuity; you are leveraging OCI Object Storage cross-region copy
feature to copy database backups to the US West region. Which of the following three steps do
you need to execute to meet your requirement?
Provide an option to choose bulk copying of objects
Specify the bucket visibility for both the source and

destination buckets
Choose an overwrite rule (Correct)
Provide a destination object name
Write an IAM policy and authorize the Object

Write an IAM policy and authorize the Object
Storage service to manage objects on your (Correct)
behalf
Specify an existing destination bucket (Correct)
Explanation
You can copy objects to other buckets in the same region and to buckets in other regions.
You must have the required access to both the source and destination buckets when performing an
object copy. You must also have permissions to manage objects in the source and destination
buckets.
Because Object Storage is a regional service, you must authorize the Object Storage service for each
region carrying out copy operations on your behalf. For example, you might authorize the Object
Storage service in region US East (Ashburn) to manage objects on your behalf. Once you authorize
the Object Storage service, you can copy an object stored in a US East (Ashburn) bucket to a bucket in
another region.
You can use overwrite rules to control the copying of objects based on their entity tag (ETag) values.
Specify an existing target bucket for the copy request. The copy operation does not automatically
create buckets.
You have deployed a compute instance (VM.Standard2.24) to run an Oracle database. With this
set up, you run into some performance issues and want to leverage an OCI Dense IO shape
(VM.DenseIO2.24), with which you get 25.6 TB local NVMe SSD. You do not want to lose the
configuration changes you made to the instance. Which of the following TWO steps ARE
NOT required to make this transition?
Create a new instance using the VM.Dense102.24 shape

using the preserved boot volume and move the Oracle
Database data to NVMe disks
Terminate the VM.Standard2.24 instance and

(Correct)
do not preserve the boot volume
Terminate the VM.Standard2.24 instance and preserve the

boot volume
Create a new instance using a VM.DenseIO2.24

shape using the preserved boot volume and
(Correct)
move the Oracle Database data to block
volumes
Explanation
Question is "ARE NOT"
You can permanently terminate (delete) instances that you no longer need. Any attached VNICs and
volumes are automatically detached when the instance terminates. Eventually, the instance's public
and private IP addresses are released and become available for other instances. By default, the
instance's boot volume is deleted when you terminate the instance, however you can preserve the
boot volume associated with the instance, so that you can attach it to a different instance as a data
volume, or use it to launch a new instance.
Dense I/O Shapes Designed for large databases, big data workloads, and applications that require
high-performance local storage. DenseIO shapes include locally-attached NVMe-based SSDs.
so once you create the VM.DenseIO you need to moce the Database to locally-attached NVMe-
based SSDs
You are a network architect of an application running on Oracle Cloud Infrastructure (OCI).
Your security team has informed you about a security patch that needs to be applied
immediately to one of the backend web servers. What should you do to ensure that the OCI
load balancer does not forward traffic to this backend server during maintenance?
Create another OCI load balancer for the backend web

servers, which are active and handling traffic
Edit the security list associated with the subnet to avoid

traffic connectivity to this backend serve
Drain all existing connections to this backend

(Correct)
server and mark the backend web server offline
St th l db l f i t d t t th l d
Stop the load balancer for maintenance and restart the load
balancer after the maintenance is finished
Explanation
A load balancer improves resource utilization, facilitates scaling, and helps ensure high
availability. You can configure multiple load balancing policies and application-specific health
checks to ensure that the load balancer directs traffic only to healthy instances. The load
balancer can reduce your maintenance window by draining traffic from an unhealthy
application server before you remove it from service for maintenance.
The Load Balancing service considers a server marked drain available for existing persisted
sessions. New requests that are not part of an existing persisted session are not sent to that
server.
Edit Drain State: Opens a dialog box in which you can change the drain state.
If you set the server's drain status to true, the load balancer stops forwarding
new TCP connections and new non-sticky HTTP requests to this backend server.
This setting allows an administrator to take the server out of rotation for
maintenance purposes.
e. Edit Offline State: Opens a dialog box in which you can change the offline
status.
If you set the server's offline status to true, the load balance forwards no ingress
traffic to this backend server.
You have two line of business operations (LOB1, LOB2) leveraging Oracle Cloud Infrastructure.
LOB1 is deployed in VCN1 in the OCI US East region, while LOB2 is deployed in VCN2 in the US
West region. You need to peer VCN1 and VCN2 for disaster recovery and data backup purposes.
To ensure you can utilize the OCI Virtual Cloud Network remote peering feature, which CIDR
ranges should be used?
VCN1 (172.16.1.0/24) and VCN2 (172.16.1.0/27)
VCN1 (10.0.0.0/16) and VCN2 (172.16.0.0/16) (Correct)
VCN1 (192.168.0.0/16) and VCN2 (192.168.1.0/27)
VCN1 (10.0.0.0/16) and VCN2 (10.0.1.0/24)
Explanation
VCN1 (10.0.0.0/16) will use the IP Range from 10.0.0.0 to 10.0.255.255 and the VNC 2 (172.16.0.0/16)
will use the IP Range from 172.16.0.0 to 172.16.255.255 the will not be overlap between the 2 VCN
Which of the following statement is true regarding Oracle Cloud Infrastructure Object Storage
Pre-Authenticated Requests?
It Is not possible to create pre-authenticated requests for

"archive" storage tier
Changing the bucket visibility does not change

(Correct)
existing pre-authenticated requests
Pre-authenticated requests don't have an expiration
It is not possible to create pre-authenticated requests for

the buckets, but only for the objects
Explanation
Pre-authenticated requests provide a way to let users access a bucket or an object without having
their own credentials, as long as the request creator has permissions to access those objects. For
example, you can create a request that lets an operations support user upload backups to a bucket
without owning API keys. Or, you can create a request that lets a business partner update shared data
in a bucket without owning API keys.
When you create a pre-authenticated request, a unique URL is generated. Anyone you provide this
URL to can access the Object Storage resources identified in the pre‑authenticated request, using
standard HTTP tools like curl and wget.
Understand the following scope and constraints regarding pre-authenticated requests:
Users can't list bucket contents.

You can create an unlimited number of pre-authenticated requests.
There is no time limit to the expiration date that you can set.
You can't edit a pre-authenticated request. If you want to change user access options in response to
changing requirements, you must create a new pre‑authenticated request.
The target and actions for a pre-authenticated request are based on the creator's permissions. The
request is not, however, bound to the creator's account login credentials. If the creator's login
credentials change, a pre-authenticated request is not affected.
You cannot delete a bucket that has a pre-authenticated request associated with that bucket or with
an object in that bucket.
Understand the following scope and constraints regarding public access:
Changing the type of access is bi-directional. You can change a bucket's access from public to private
or from private to public.
Changing the type of access doesn't affect existing pre-authenticated requests. Existing pre-
authenticated requests still work.
Which two statements are true about Oracle Cloud Infrastructure (OCI) DB Systems Data Guard
service?
Data guard implementation for Bare Metal

shapes requires two DB Systems, one
(Correct)
containing the primary database and one
containing the standby database.
Data guard implementation requires two DB Systems, one

running the primary database on a virtual machine and the
standby database running on bare metal.
Data guard configuration on the OCI is limited to a virtual

machine only
machine only
Both DB systems must use the same VCN, and

(Correct)
port 1521 must be open
Explanation
An Oracle Data Guard implementation requires two DB systems, one containing the primary database
and one containing the standby database. When you enable Oracle Data Guard for a virtual machine
DB system database, a new DB system with the standby database is created and associated with the
primary database. For a bare metal DB system, the DB system with the database that you want to use
as the standby must already exist before you enable Oracle Data Guard.
Requirement details are as follows:
- Both DB systems must be in the same compartment.

- The DB systems must be the same shape type (for example, if the shape of the primary database is a
virtual machine, then the shape of the standby database can be any other virtual machine shape).
- If your primary and standby databases are in different regions, then you must peer the virtual cloud
networks (VCNs) for each database.
- Configure the security list ingress and egress rules for the subnets of both DB systems in the Oracle
Data Guard association to enable TCP traffic to move between the applicable ports. Ensure that the
rules you create are stateful (the default).
Your application consists of three Oracle Cloud Infrastructure compute instances running
behind a public load balancer. You have configured the load balancer to perform health checks
on these instances, but one of the three instances fails to pass the configured health check.
Which of the following action will the load balancer perform?
Remove the instance that failed the health check from the
backend set
Stop sending traffic to the instance that failed

(Correct)
health check
Terminate the instance that failed health check
Stop the instances that failed health check
Explanation
health check A test to confirm the availability of backend servers. A health check can be a request or a
connection attempt. Based on a time interval you specify, the load balancer applies the health check
policy to continuously monitor backend servers. If a server fails the health check, the load balancer
takes the server temporarily out of rotation. If the server subsequently passes the health check, the
load balancer returns it to the rotation.
You configure your health check policy when you create a backend set. You can configure TCP-level or
HTTP-level health checks for your backend servers.
- TCP-level health checks attempt to make a TCP connection with the backend servers and validate
the response based on the connection status.
- HTTP-level health checks send requests to the backend servers at a specific URI and validate the
response based on the status code or entity data (body) returned.
The service provides application-specific health check capabilities to help you increase availability and
reduce your application maintenance window.

1072 Udemy110

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1072 Udemy110

Uploaded by

Copyright:

Available Formats

5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy

Provision all new resources into the root compartment. Use

Create a new tenancy tor the POC. Provision all new

Provision all new resources Into the root compartment.

Create a new compartment for the POC and

Data in transit to an FSS mount target is

Security lists can be used as a virtual firewall to

Identity and Access Management (IAM)

FSS leverages UNIX user group and permission

Encryption of file system in FSS is optional (Incorrect)

after double-checking this Question we found the below

Create a serial console connection to the DB System that

Navigate to the Audit console and search the

Navigate to the Audit console and search the

View the service limits associated with your account to

three subnets in total; one regional public subnet to host

two subnets in total; one regional public

two subnets in total; one regional private

one subnet In total; one regional private subnet to host

Question 5: Skipped

It can be restored as a new volume to any AD across

It can be restored as new volumes with

It must be restored as a new volume to the same availability

It can be restored as a new volume to any AD

Question 6: Skipped

Take weekly manual backups to supplement the automated

Take quarterly manual backups to supplement the

automated backups and preserve them for 12 months

Use the automated backups (Correct)

Take monthly manual backups to supplement the

Question 7: Skipped

Which statement is true regarding Autonomous Transaction Processing (ATP)?

A maximum of 8 cores can be enabled for an ATP database

A maximum of 2 TB of storage can be enabled for an ATP

After terminating a database, the database name is available

A database name cannot be used concurrently

Question 8: Skipped

Internet and virtual cloud network (VCN)

Internet and custom resolver

Google DNS servers

custom resolver (Correct)

Question 9: Skipped

VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25)

VCN A (172.16.0.0/24) and VCN B (172.16.0.0/28)

VCN A (10.0.0.0/16) and VCN B (10.0.16.0/24)

VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16) (Correct)

Question 10: Skipped

Autonomous Transaction Processing (ATP) (Correct)

Autonomous Data Warehouse (ADW) (Correct)

virtual machine DB system

bare metal DB system

Question 11: Skipped

What change would you make to satisfy this requirement?

Create an NFS export option that allows

A. Connect via SSH to one of the application servers where

Modify the security list associated with the subnet where

Create an instance principal for the DB System. Write an

Question 12: Skipped

You cannot create the standby DB system in a different AD

When you configure data guard using OCI console, the

You cannot use database command line interface (CLI) to

The best practice for high availability and

Question 13: Skipped