1Z0-1072-20 Updated

Oracle
1Z0-1072-20 Exam
Oracle Cloud Infrastructure 2020 Architect Associate
Questions & Answers PDF
Questions: 239
Question: 1
You have an Oracle Cloud Infrastructure (OCI) load balancer distributing traffic via an evenly-
weighted round robin policy to your back-end web servers. You notice that one of your web servers is
receiving more traffic than other web servers.
How can you resolve this to make sure traffic is evenly distributed across all back-end webservers?
A. Disable cookie-based session persistence on your backend set.

B. Change keep-alive setting between the load balancer and backend server.
C. Disable SSL configuration associated with your backend set.
D. Create separate listeners for each backend web server.
Answer: D
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Balance/Concepts/balanceoverview.htm
Question: 2
Which two are Regional resources in Oracle Cloud Infrastructure? (Choose two.)
A. Ephemeral public IPs

B. Compartments
C. Compute images
D. Dynamic groups
E. Block volume backups
Answer: BD
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm
Question: 3
An Oracle Cloud Infrastructure tenancy administrator is not able to delete a user in the tenancy.
To get Oracle Vouchers at discount contact the Admin/Owner of the telegram group named
Oracle Certification Vouchers. To join click on the link https://t.me/OracleCertificationExams
What can cause this issue?
A. User has multi-factor authentication (MFA) enabled.

B. User is member of an Identity and Access Management (IAM) group.
C. Users can be blocked but not deleted.
D. User needs to be deleted from federation Identity Provider (IdP) before deleting from IAM.
Answer: A
Question: 4
You are a system administrator of your company and you are asked to manage updates and patches
across all your compute instances running Oracle Linux in Oracle Cloud Infrastructure (OCI). As part of
your task, you need to apply all the latest kernel security updates to all instances.
Which OCI service will allow you to complete this task?
A. Resource Manager
B. OS Management
C. Storage Gateway
D. Streaming
E. Registry
Answer: B
Explanation:
Reference:
https://blogs.oracle.com/cloud-infrastructure/os-management-with-oracle-cloud-infrastructure
Question: 5
Which of the following statements is true about the Oracle Cloud Infrastructure (OCI) Object Storage
serverside encryption?
A. Encryption of data encryption keys with a master encryption key is optional.

B. Customer-provided encryption keys are always stored in OCI Vault service.
C. Encryption is enabled by default and cannot be turned off.
D. Each object in a bucket is always encrypted with the same data encryption key.
Answer: B
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Object/Tasks/usingyourencryptionkeys.htm
Question: 6
You need to set up instance principals so that an application running on an instance can call Oracle
Cloud Infrastructure (OCI) public services, without the need to configure user credentials.
A developer in your team has already configured the application built using an OCI SDK to
authenticate using the instance principals provider.
Which is NOT a necessary step to complete this set up?
A. Create a dynamic group with matching rules to specify which instances you want to allow to make
API calls against services.
B. Generate Auth Tokens to enable instances in the dynamic group to authenticate with APIs.
C. Create a policy granting permissions to the dynamic group to access services in your compartment
or tenancy.
D. Deploy the application and the SDK to all the instances that belong to the dynamic group.
Answer: D
Explanation:
Reference:
https://blogs.oracle.com/cloud-infrastructure/announcing-instance-principals-for-identity-
andaccess-management
Question: 7
You have been asked to create an Identity and Access Management (IAM) user that will authenticate
to Oracle Cloud Infrastructure (OCI) API endpoints. This user must not be given credentials that
would allow them to log into the OCI console.
Which two authentication options can you use? (Choose two.)
A. SSL certificate
B. API signing key
C. SSH key pair
D. PEM Certificate file
E. Auth token
Answer: BE
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Tasks/managingcredentials.htm
Question: 8
You work for a health insurance company that stores a large number of patient health records in an
Oracle Cloud Infrastructure (OCI) Object Storage bucket named "HealthRecords".

Each record needs to be securely stored for a period of 5 years for regulatory compliance purposes
and
cannot be modified, overwritten or deleted during this time period.
What can you do to meet this requirement?
A. Create an OCI Object Storage Lifecycle Policies rule to archive objects in the HealthRecords bucket
for five years.
B. Create an OCI Object Storage time-bound Retention Rule on the HealthRecords bucket for five
years.
Enable Retention Rule Lock on this bucket.
C. Enable encryption on the HealthRecords bucket using your own vault master encryption keys.
D. Enable versioning on the HealthRecords bucket.
Answer: B
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Object/Tasks/usingretentionrules.htm
Question: 9
Which two components cannot be deleted in your Oracle Cloud Infrastructure Virtual Cloud
Network? (Choose two.)
A. Service gateway
B. Default security list
C. Routing gateway
D. Default route table
E. Default subnet
Answer: BD
Explanation:
Reference:
https://www.oracle.com/a/ocom/docs/vcn-deployment-guide.pdf (4)
Question: 10
A financial firm is designing an application architecture for its online trading platform that must have
high availability and fault tolerance.
Their solutions architect configured the application to use an Oracle Cloud Infrastructure Object
Storage bucket located in the US West (us-phoenix-1) region to store large amounts of financial dat
a. The stored financial data in the bucket must not be affected even if there is an outage in one of the
Availability Domains or a complete region.
What should the architect do to avoid any costly service disruptions and ensure data durability?
A. Create a new Object Storage bucket in another region and configure lifecycle policy to move data
every 5 days.
B. Create a lifecycle policy to regularly send data from Standard to Archive storage.
C. Copy the Object Storage bucket to a block volume.
D. Create a replication policy to send data to a different bucket in another OCI region.
Answer: A
Question: 11
As a solution architect, you are showcasing the Oracle Cloud Infrastructure (OCI) Object Storage
feature about Object Versioning to a customer.
Which statement is true in regards to OCI Object Storage Versioning?
A. Object versioning does not provide data protection against accidental or malicious object update,
overwrite, or deletion.
B. By default, object versioning is disabled on a bucket.
C. A bucket that is versioning-enabled can have only and always will have a latest version of the
object in the bucket.
D. Objects are physically deleted from a bucket when versioning is enabled.
Answer: A
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Object/Tasks/usingversioning.htm
Question: 12
You created a public subnet and an internet gateway in your virtual cloud network (VCN) of Oracle
Cloud Infrastructure. The public subnet has an associated route table and security list. However, after
creating several compute instances in the public subnet, none can reach the Internet.
Which two are possible reasons for the connectivity issue? (Choose two.)
A. The route table has no default route for routing traffic to the internet gateway.
B. There is no stateful egress rule in the security list associated with the public subnet.
C. There is no dynamic routing gateway (DRG) associated with the VCN.
D. There is no stateful ingress rule in the security list associated with the public subnet.
E. A NAT gateway is needed to enable the communication flow to internet.
Answer: AB
Explanation:
An internet gateway as an optional virtual router that connects the edge of the VCN with the
internet. To use the gateway, the hosts on both ends of the connection must have public IP addresses
for routing. Connections that originate in your VCN and are destined for a public IP address (either
inside or outside the VCN) go through the internet gateway. Connections that originate outside the
VCN and are destined for a public IP address inside the VCN go through the internet gateway.
Working with Internet Gateways
You create an internet gateway in the context of a specific VCN. In other words, the internet gateway
is automatically attached to a VCN. However, you can disable and re-enable the internet gateway at
any time. Compare this with a dynamic routing gateway (DRG), which you create as a standalone
object that you then attach to a particular VCN. DRGs use a different model because they're intended
to be modular building blocks for privately connecting VCNs to your on-premises network.
For traffic to flow between a subnet and an internet gateway, you must create a route rule
accordingly in the subnet's route table (for example, destination CIDR = 0.0.0.0/0 and target =
internet gateway). If the internet gateway is disabled, that means no traffic will flow to or from the
internet even if there's a route rule that enables that traffic. For more information, see Route Tables.
For the purposes of access control, you must specify the compartment where you want the internet
gateway to reside. If you're not sure which compartment to use, put the internet gateway in the
same compartment as the cloud network. For more information, see Access Control.
You may optionally assign a friendly name to the internet gateway. It doesn't have to be unique, and
you can change it later. Oracle automatically assigns the internet gateway a unique identifier called
an Oracle Cloud ID (OCID). For more information, see Resource Identifiers.
To delete an internet gateway, it does not have to be disabled, but there must not be a route table
that lists it as a target.
AS per compute instances can connect to the Internet so you use egress no ingress
Question: 13
You are designing a lab exercise for your team that has a large number of graphics with large file
sizes. The application becomes unresponsive if the graphics are embedded in the application. You
have uploaded the graphics to Oracle Cloud Infrastructure and only added the URL in the application.
You need to ensure these graphics are accessible without requiring any authentication for an
extended period of time.
How can you achieve these requirements?
A. Create pre-authenticated requests (PAR) and specify 00:00:0000 as the expiration time.
B. Make the object storage bucket private and all objects public and use the URL found in the Object
“Details”.
C. Make the object storage bucket public and use the URL found in the Object “Details”.
D. Create PARs and do not specify an expiration date.
Answer: C
Explanation:
Pre-authenticated requests provide a way to let you access a bucket or an object without having your
own credentials. For example, you can create a request that lets you upload backups to a bucket
without owning API keys.
When you create a bucket, the bucket is considered a private bucket and the access to the bucket
and bucket contents requires authentication and authorization. However, Object Storage supports
anonymous, unauthenticated access to a bucket. You make a bucket public by enabling read access
to the bucket.
pre-authenticated requests have to select expiration date
Question: 14
You have setup your environment as shown below with the Mount Target "MT" successfully mounted
on both compute instances CLIENT-X and CLIENT-Y.
For security reasons you want to control the access to the File System A in such a way that CLIENT-X
has READ/WRITE and CLIENT-Y has READ only permission.
What you should do?
A. Update the OS firewall in CLIENT-X to allow READ/WRITE access.

B. Update the security list TWO to restrict CLIENT-Y access to read-only.
C. Update the mount target export options to restrict CLIENT-Y access to read-only.
D. Update the security list ONE to restrict CLIENT-Y access to read only.
Answer: D
Question: 15
Which two methods are supported for migrating your on-premises Oracle database to an Oracle
Autonomous Transaction Processing (ATP) database in Oracle Cloud Infrastructure? (Choose two.)
A. Load text files into ATP using SQL Developer.

B. Use RMAN duplicate.
C. Use Oracle Data Pump.
D. Transfer the physical database files and re-create the database.
E. Use database backup and restore.
Answer: CD
Explanation:
Reference:
https://docs.oracle.com/en/solutions/migrate-to-atp/index.html#GUID-28E5A683-6DC6-4A07-
BB1C-55F020D4C1CD
Question: 16
Which statement is NOT true about the Oracle Cloud Infrastructure Object Storage service?
A. Object storage resources can be shared across tenancies.

B. Immutable option for data stored in the Object Storage can be set via retention rules.
C. Object versioning is enabled at namespace level.
D. Object lifecycle rules can be used to either archive or delete objects.
Answer: B
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Object/Tasks/usingversioning.htm
Question: 17
You are about to upload log file (5 TiB size) to Oracle Cloud Infrastructure object storage and have
decided to use multipart upload capability for a more efficient and resilient upload.
Which two statements are true about multipart upload? (Choose two.)
A. Individual object parts can be as small as 10 MiB or as large as 50 GiB

B. While a multipart upload is still active, you cannot add parts even if the total number of parts is
less than 10,000
C. The maximum size for an uploaded object is 10 TiB
D. You do not have to commit the upload after you have uploaded all the object parts
Answer: A,C
Explanation:
With multipart upload, you split the object you want to upload into individual parts. Individual parts
can be as large as 50 GiB or as small as 10 MiB. (Object Storage waives the minimum part size
restriction for the last uploaded part.) Decide what part number you want to use for each part. Part
numbers can range from 1 to 10,000. You do not need to assign contiguous numbers, but Object
Storage constructs the object by ordering part numbers in ascending order.

The maximum size for an uploaded object is 10 TiB
While a multipart upload is still active, you can keep adding parts as long as the total number is less
than 10,000.
https://docs.cloud.oracle.com/en-us/iaas/Content/Object/Tasks/usingmultipartuploads.htm
Question: 18
You are running an online gaming application hosted on a VM.Standard2.1 instance shape in Oracle
Cloud Infrastructure. As the game becomes popular, you identify network throughput as a bottleneck
on your instance when uploading user data.
Though you want to resolve the issue, you want to observe the demand for a week before adding
new
application instances.
Which action is the most efficient way to resolve this issue?
A. Add a secondary virtual network interface card (VNIC).

B. Change shape of the instance to a higher network bandwidth instance.
C. Delete the instance while preserving boot volume and spin up a new higher network bandwidth
instance with this boot volume.
D. Change the performance tier of attached block volume to High Performance.
Answer: B
Question: 19
You have an AI/ML application running on Oracle Cloud Infrastructure. You identified that the
application needs GPU and at least 20Gbps Network throughput.
The application is currently using a VM.Standard2.1 compute without any block storage attached to
it.
Which two options allow you to get your required performance for your application? (Choose two.)
A. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the BM.GPU2.2 shape using the boot volume preserved, but no block volume attached.
B. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the VM.Standard2.2 shape using the boot volume preserved, but no block volume attached.
C. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the VM.GPU3.4 shape using the boot volume preserved and use the NVMe devices to host
your application.
D. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the BM.HPC2.36 shape using the boot volume preserved and use the NVMe devices to host
your application.
E. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the BM.GPU2.2 shape using the boot volume preserved and attach a new block volume to host
your application.
Answer: DE
Question: 20
Which option is NOT a valid action within the Oracle Cloud Infrastructure (OCI) Block Volume service?
A. Clone an existing volume to a new, larger volume.

B. Restore from a volume backup to a larger volume.
C. Shrink an existing volume in place with offline resizing.
D. Expand an existing volume in place with offline resizing.
Answer: C
Question: 21
You deployed a database on a Standard Compute instance in Oracle Cloud Infrastructure (OCI) due to
cost concerns. The database requires additional storage with high I/O and you decided to use OCI
Block Volume service for it.
With this requirement in mind, which elastic performance option should you choose for the Block
Volume?
A. Balanced Performance
B. Higher performance
C. Extreme performance
D. Lower cost
Answer: B
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Block/Concepts/blockvolumeperformance.htm
Question: 22
You have created a virtual cloud network (VCN) with three private subnets. Two of the subnets
contain application servers and the third subnet contains a DB System. The application requires a
shared file system so you have provisioned one using the file storage service (FSS). You also created
the corresponding mount target in one of the application subnets. The VCN security lists are properly
configured so that both application servers and the DB System can access the file system. The
security team determines that the DB System should have read-only access to the file system.
What change would you make to satisfy this requirement?
A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of
the DB System subnet.

B. Connect via SSH to one of the application servers where the file system has been mounted. Use
the Unix command chmod to change permissions on the file system directory, allowing the database
user read only access.
C. Modify the security list associated with the subnet where the mount target resides. Change the
ingress rules corresponding to the DB System subnet to be stateless.
D. Create an instance principal for the DB System. Write an Identity and Access Management (IAM)
policy that allows the instance principal read-only access to the file storage service.
Answer: A
Explanation:
NFS export options enable you to create more granular access control than is possible using just
security list rules to limit VCN access. You can use NFS export options to specify access levels for IP
addresses or CIDR blocks connecting to file systems through exports in a mount target.
Question: 23
Your company uses the Oracle Cloud Infrastructure (OCI) Object Storage service to share large data
sets with its data science team. The data science team consists of 20 people who work from offices in
Washington, D.C., and Tokyo. While working in these offices, employees are assigned an IP address
from the public IP range 129.146.31.0/27
Which two steps should you take to ensure that the Object Storage bucket used in this scenario was
only accessible from these office locations? (Choose two.)
A. Write an IAM policy that includes the conditional statement where request.networkSource.name
=CorpNet
B. Set the bucket visibility to public and only share the URL with the data science team via email
C. Create a pre-authenticated request for each data set and only share with the data science team via
email
D. Create a Network Source named CorpNetwork with a CIDR block of 129.146.31.0/27
E. Create a Network Source named CorpNetwork with a CIDR block of 129.146.0.0/16
F. Write an IAM policy that includes the conditional statement where request.region =
129.146.31.0/27
Answer: CE
Question: 24
Which statement Is true about Data Guard implementation in Oracle Cloud Infrastructure (OCI) bare
metal and virtual machine database systems?
A. Primary and standby databases must be in the same OCI region.

B. Both database systems must be in the same compartment.
C. Database systems need not be the same shape type (e.g, primary database can be a virtual
machine, and standby database a bare metal shape, and vice versa).
D. Primary and standby database versions and editions need not be Identical.
Answer: B
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Database/Tasks/exausingdataguard.htm
Question: 25
Which two resources reside exclusively in a single Oracle Cloud Infrastructure Availability Domain?
(Choose two.)
A. Identity and Access Management Groups

B. Object Storage
C. Web Application Firewall policy
D. Block volume
E. Compute instance
Answer: DE
Explanation:
Availability Domain-Specific Resources
DB Systems
ephemeral public IPs
instances: They can be attached only to volumes in the same availability domain.
subnets: When you create a subnet, you choose whether it is regional or specific to an availability
domain. Oracle recommends using regional subnets.
volumes: They can be attached only to an instance in the same availability domain.
Question: 26
Your company has been running several small applications in Oracle Cloud Infrastructure and is
planning a proof-of-concept (POC) to deploy PeopleSoft.
If your existing resources are being maintained in the root compartment, what is the recommended
approach for defining security for the upcoming POC?
A. Create a new compartment for the POC and grant appropriate permissions to create and manage
resources within the compartment.
B. Provision all new resources into the root compartment. Grant permissions that only allow for
creation and management of resources specific to the POC.
C. Provision all new resources into the root compartment. Use defined tags to separate resources
that belong to different applications.
D. Create a new tenancy for the POC. Provision all new resources into the root compartment. Grant
appropriate permissions to create and manage resources within the root compartment.
Answer: A
Explanation:
If your organization is small, or if you are still in the proof-of-concept stage of evaluating Oracle
Cloud Infrastructure, consider placing all of your resources in the root compartment (tenancy). This
approach makes it easy for you to quickly view and manage all your resources. You can still write
policies and create groups to restrict permissions on specific resources to only the users who need
access.
If you plan to maintain all your resources in the root compartment, we recommend setting up a
separate sandbox compartment to give users a dedicated space to try out features. In the sandbox
compartment, you can grant users permissions to create and manage resources, while
maintaining stricter permissions on the resources in your tenancy (root) compartment.
https://www.oracle.com/a/ocom/docs/best-practices-for-iam-on-oci.pdf
Question: 27
Which two statements about Oracle Cloud Infrastructure File Storage Service are accurate? (Choose
two.)
A. Customer can encrypt the communication to a mount target via export options.
B. Mount targets use Oracle-managed keys by default.
C. File systems use Oracle-managed keys by default.
D. Customer can encrypt data in their file system using their own Vault encryption key.
E. Communication with file systems in a mount target is encrypted via HTTPS.
Answer: BD
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/File/Concepts/filestorageoverview.htm
Question: 28
When you try to create an instance on Oracle Cloud Infrastructure (OCI), what are three valid sources
to choose the image from?
A. Dedicated VM Host
B. Object Storage
C. Bare Metal Instance
D. Platform Images
E. Custom Image
F. Partner Images
G. Instance Pools
Answer: DEF
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Compute/Tasks/launchinginstance.htm
Question: 29
Which two statements are true about Oracle Cloud Infrastructure storage services?
A. You can move Object Storage buckets, Block Volumes and File Storage mount targets between
compartments.
B. File storage mount target does not provide a private IP address, while the Object Storage bucket
provides one.
C. File Storage uses the network file system (NFS) protocol, whereas Block Volume uses ISCSI.
D. Block Volume service scales to Exabytes per Instance, while File Storage service offers unlimited
scalability.
E. You can take Incremental snapshots of Block Volumes, File Storage file systems and Object Storage
buckets.
Answer: A, C
Question: 30
With regard to Oracle Cloud Infrastructure Load Balancing service, which two actions will occur when
a backend server that is registered with a backend set is marked to drain connections?
A. All existing connections to this backend sever will be immediately closed.

B. Requests to this backend server are redirected to a user-defined error page.
C. All new connections to this backend server are disallowed.
D. Connections to this backend server will remain open until all in-flight requests are completed.
E. All connections to this backend server are forcibly closed after a timeout period.
Answer: C, D
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Balance/Reference/sessionpersistence.htm
Question: 31
You deployed an Oracle Cloud Infrastructure (OCI) compute instance (VM.Standard2.16) to run a SQL
database. After a few weeks, you need to increase disk performance by using NVMe disks but
keeping the same number of CPUs. As a first step, you terminate the instance and preserve the boot
volume.
What is the next step?
A. Create a new instance using a VM.DenseIO2.16 shape using the preserved boot volume and move
the SQL Database data to block volume
B. Create a new instance using a VM.DenseIO2.8 shape using the preserved boot volume and move
the SQL Database data to NVMe disks

C. Create a new instance using a VM.Standard1.16 shape using the preserved boot volume and move
the SQL Database data to NVMe disks
D. Create a new instance using a VM.DenseIO2.16 shape using the preserved boot volume move the
SQL Database data to NVMe disks
Answer: D
Explanation:
to Increase disk performance by using NVMe disks you can use Dense IO Shape also as the number
of CPUs will not change so we should VM.DenseIO2.16
Question: 32
Your company decided to move a few applications to Oracle Cloud Infrastructure (OCI) in the US West
(us-phoenix-1) region.
You need to design a cloud-based disaster recovery (DR) solution with a requirement to deploy the
DR resources in the US East (us-ashburn-1) region to minimize network latency.
What is the recommended deployment?
A. Deploy production and DR applications in two separate virtual cloud networks (VCNs), each in
different regions, and then use VCN local peering gateways for connectivity.
B. Deploy production and DR applications in two separate VCNs, each in different regions. Connect
them using a VCN remote peering connection.
C. Deploy production and DR applications in the same VCN. Create production subnets in one AD,
and DR subnets in another AD (assume a multi-AD region).
D. Deploy production and DR applications in two separate VCNs in different availability domains
(ADs) within the primary region, and then use a VCN remote peering connection for connectivity.
Answer: A
Explanation:
Remote VCN peering is the process of connecting two VCNs in different regions
The peering allows the VCNs' resources to communicate using private IP addresses without routing
the traffic over the internet or through your on-premises network.
Question: 33
You are designing a networking infrastructure in multiple Oracle Cloud Infrastructure regions and
require connectivity between workloads in each region. You have created a dynamic routing gateway
(DRG) and a remote peering connection. However, your workloads are unable to communicate with
each other.
What are two reasons for this? (Choose two.)
A. The security lists associated with subnets in each virtual cloud network (VCN) do not have the
appropriate ingress rules
B. Identity and Access Management (IAM) policies have not been defined to allow connectivity
across the two VCNs in different regions

C. A local peering gateway needs to be created in each VCN with a default route rule added in the
route table forwarding the traffic to the local peering gateway
D. An Internet gateway needs to be created in each VCN with a default route rule added in the route
table forwarding the traffic to the Internet Gateway
E. The route table associated with subnets in each VCN do not have a route rule defined to forward
the traffic to their respective DRGs
Answer: A,E
Explanation:
Setting Up a Remote Peering
Create the RPCs: Each VCN administrator creates an RPC for their own VCN's DRG.
Share information: The administrators share the basic required information.
Set up the required IAM policies for the connection: The administrators set up IAM policies to enable
the connection to be established.
Establish the connection: The requestor connects the two RPCs (see Important Remote Peering
Concepts for the definition of the requestor and acceptor).
Update route tables: Each administrator updates their VCN's route tables to enable traffic between
the peered VCNs as desired.
Update security rules: Each administrator updates their VCN's security rules to enable traffic
between the peered VCNs as desired.
Question: 34
Which two statements below are correct with respect to adding secondary Virtual Network Interface
Cards
(VNICs) to an existing compute instance in Oracle Cloud Infrastructure? (Choose two.)
A. The secondary VNIC is required to be in the same Virtual Cloud Network (VCN), but can be in
different
subnet, as the primary VNIC.
B. The primary and secondary VNIC association can be in different virtual cloud networks (VCNs).
C. You cannot assign an Ephemeral Public IP to a secondary VNIC.
D. The primary and secondary VNIC association must be in the same availability domain.
E. You can remove the primary VNIC after the secondary VNIC's attachment is complete.
Answer: BD
Explanation:
“You can add secondary VNICs to an instance after it’s launched. Each secondary VNIC can be in a
subnet in the same VCN as the primary VNIC, or in a different subnet that is either in the same VCN
or a different one. However, all the VNICs must be in the same availability domain as the instance.”
https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/managingVNICs.htm
Question: 35
You provisioned an Oracle Autonomous Data Warehouse (ADW) on Oracle Cloud Infrastructure (OCI)
and imported data into ADW.
You want to give your business analyst the ability to connect to the ADW database and run queries.
Which two actions can help you meet this requirement? (Choose two.)
A. Create a database user account for the business analyst.

B. Grant the predefined database role DWROLE to the database user.
C. Grant unlimited tablespace privilege to the database user.
D. Grant the predefined database role DWADW to the database user.
E. Grant the predefined database role DWUSER to the database user.
Answer: BC
Explanation:
Reference:
https://oracle.github.io/learning-library/oci-library/L100-
LAB/Autonomous_Data_Warehouse/ADW_HOL.html
Question: 36
Which statement is true about interconnecting Virtual Cloud Network (VCN)?
A. VCNs support transitive peering.

B. Peering VCNs should not have overlapping CIDR blocks.
C. VCNs must be in the same tenancy to be peered.
D. The only way to interconnect VCNs is through peering.
Answer: B
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/remoteVCNpeering.htm (note)
Question: 37
Which two statements are true about restoring a volume from a block volume backup in Oracle
Cloud Infrastructure Block Volume service?
A. You can restore a volume from any full volume backup but not from an Incremental backup.
B. You can only restore a volume to the same availability domain in which the original block volume
resides.
C. You can restore a block volume backup to a larger volume size.
D. You can restore a volume to any availability domain within the same region where the backup is
stored.
E. You can restore only one volume from a manual block volume backup.
Answer: CD
Explanation:
Reference https://docs.cloud.oracle.com/en-
us/iaas/Content/Block/Tasks/restoringavolumefromabackup.htm
Question: 38
You are running a mission-critical database application in Oracle Cloud Infrastructure (OCI). You take
regular backups of your DB system to OCI object storage. Recently, you notice a failed database
backup status in the console.
What step can you take to determine the cause of the backup failure?
A. Ensure that your database host can connect to OCI object storage.
B. Ensure the database archiving mode is set to NOARCHIVELOG.
C. Make sure that the database is not active and running while the backup is in progress.
D. Don't restart the dcsagent program even if it has a status of stop/waiting.
Answer: A
Explanation:
Database backups can fail for various reasons. Typically, a backup fails because either the database
host cannot access the object store, or there are problems on the host or with the database
configuration.
First need to determining the Problem
In the Console, a failed database backup either displays a status of Failed or hangs in the Backup in
Progress or Creating state. If the error message does not contain enough information to point you to
a solution, you can use the database CLI and log files to gather more data. Then, refer to the
applicable section in this topic for a solution.
Database Service Agent Issues
Your Oracle Cloud Infrastructure Database makes use of an agent framework to allow you to manage
your database through the cloud platform. Occasionally you might need to restart the dcsagent
program if it has the status of stop/waiting to resolve a backup failure.
Object Store Connectivity Issues
Backing up your database to Oracle Cloud Infrastructure Object Storage requires that the host can
connect to the applicable Swift endpoint. You can test this connectivity by using a Swift user.
Host Issues
One or more of the following conditions on the database host can cause backups to fail:
- Interactive Commands in the Oracle Profile
- The File System Is Full
- Incorrect Version of the Oracle Database Cloud Backup Module
- Changes to the Site Profile File (glogin.sql)
Database Issues
An improper database state or configuration can lead to failed backups.
- Database Not Running During Backup
- Archiving Mode Set to NOARCHIVELOG (When you provision a new database, the archiving mode is
set to ARCHIVELOG by default. This is the required archiving mode for backup operations)
- Stuck Database Archiver Process and Backup Failures

- Temporary Tablespace Errors
- RMAN Configuration and Backup Failures
- RMAN Retention Policy and Backup Failures
- Loss of Objectstore Wallet File and Backup Failures
TDE Wallet and Backup Failures
- Incorrect TDE Wallet Location Specification
- Incorrect State of the TDE Wallet
- Incorrect Configuration Related to the TDE Wallet
- Missing TDE Wallet File
As this is not new provisioned database and already in the ARCHIVELOG , regular backups of DB
system to OCI object storage in places, so the best answers are,
- Ensure that your database host can connect to the OCI object storage
- Restart the database service agent
Question: 39
Which two statements are true about an Oracle Cloud Infrastructure (OCI) virtual cloud network
(VCN)?
(Choose two.)
A. To delete a VCN, its subnets must contain no resources.

B. A VCN can have multiple CIDR blocks associated with it.
C. In regions with multiple Availability Domains (AD), each AD should have their own VCN assigned
to it.
D. If you own a block of public IPs, you can assign it to one of your VCNs.
E. A VCN covers a single, contiguous IPv4 CIDR block of your choice.
Answer: AE
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/managingVCNs.htm
Question: 40
What happens after you successfully run the following command on your Oracle Cloud Infrastructure
Container Engine for Kubernetes (OKE) using the YAML file defined below?
kubectl create -f definition.yml
YAML file – definition.yml
A. A single Pod with a single container is created.

B. Two Pods with a container each are created.
C. A single Pod with two containers is created.
D. No Pod gets created.
Answer: C
Question: 41
You create an autoscaling configuration of Linux compute instances in Oracle Cloud Infrastructure
(OCI). You noticed that your application is running slow.
After checking your compute instances, you noticed that autoscaling is not launching additional
instances,
even though the existing compute instances already have high memory usage.
How can you resolve this issue?
A. Modify the scaling policy to monitor memory usage and scale up the number of instances when it
meets the threshold.
B. Modify the scaling policy to monitor CPU usage and scale up the number of instances when it
meets the threshold.
C. Install the monitoring agent to all compute instances which will trigger the autoscaling group.
D. Install OCI SDK in all compute instances and create a script that will trigger the autoscaling event if
there is high memory usage.
Answer: B
Question: 42
You developed a microservices based application that runs on Oracle Cloud Infrastructure (OCI)
Container Engine for Kubernetes (OKE). You want to provide access to this cluster to other team
members.
What should you do to provide access to this cluster using as fewest steps as possible?
A. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to
the OKE cluster. Other team members should use OCI Cloud Shell to generate the kubeconfig into
their own cloud shell environment and access the cluster using kubectl from cloud shell.
B. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to
the OKE cluster. Create individual users and access token for each team member. Other team
members should use OCI Cloud Shell to generate the kubeconfig into their own cloud shell
environment and access the cluster using kubectl from cloud shell.
C. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to
the OKE cluster. Create a cluster role and cluster role binding to provide access to the cluster for each
team member. Other team members should install oci cli and kubectl locally on their laptop. Use the
oci cli to generate the kubeconfig and use kubectl to access the cluster.
D. Create a group in OCI Infrastructure Access Management (IAM). Create a policy to grant access to
the OKE cluster. Other team members should install oci cli and kubectl locally on their laptop. Use the
oci cli to generate the kubeconfig and use kubectl to access the cluster.
Answer: B
Question: 43
You have been notified of an application failure indicating that one or more of the Oracle Cloud
Infrastructure (OCI) resources have become unavailable. After scanning the Compute and Database
consoles, you notice that one of the DB Systems is missing.
What would you do to identify the reason for this missing resource?
A. Navigate to the Audit console and search the previous 24 hours for all DELETE request actions to
get a list of any resource that was deleted in the past 24 hours.
B. Navigate to the Audit console and search the previous 24 hours for all the GET request actions to
get a list of every event that occurred in the past 24 hours.
C. View the service limits associated with your account to ensure that you have not exceeded the
allowable number of DB Systems in your tenancy.
D. Create a serial console connection to the DB System that does not appear in the management
console. Connect to the serial console connection, and then review the system logs under
/var/log/messages.
Answer: A
Explanation:
You can filter results by request actions to zero in on only the events with operations that interest
you. For example, say that you only want to know about instances that were deleted during a specific
time frame. Select a delete request action filter to see only the events with delete operations
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/GSG/Tasks/usingaudit.htm
Question: 44
Which two statements are true when Oracle Data Guard is configured (using the Console) between
two Virtual Machine DB Systems deployed in Oracle Cloud Infrastructure? (Choose two.)
A. Primary is a 1-node RAC DB system and Standby is a 2-node RAC DB system.

B. Primary is a 2-node RAC DB system and Standby is a 2-node RAC DB system.
C. Primary is a 1-node RAC DB system and Standby is a 1-node RAC DB system.
D. Primary is a 2-node RAC DB system and Standby is a 1-node RAC DB system.
E. Primary is a Bare Metal DB system and Standby is a 1-node RAC DB system.
Answer: AC
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Database/Concepts/overview.htm
Question: 45
You are deploying a highly available web application In Oracle Cloud Infrastructure and have decided
to use a public load balancer. The back-end web servers will be distributed across all three availability
domains (ADs).
How many subnets should you create to deliver a secure, highly available application?
A. two subnets in total; one regional private subnet to host your back-end web servers and one
regional public subnet to host your public load load balancer.
B. two subnets in total; one regional public subnet to host your back-end web servers and one
regional private subnet to host your public load load balancer.
C. three subnets in total; one regional public subnet to host your back-end web servers and two AD
specific private subnets to host your private load load balancer.
D. one subnet in total; one regional private subnet to host your back-end web servers and your
public load balancer.
Answer: A
Explanation:
To accept traffic from the internet, you create a public load balancer. The service assigns it a public IP
address that serves as the entry point for incoming traffic. You can associate the public IP address
with a friendly DNS name through any DNS vendor.
A public load balancer is regional in scope. If your region includes multiple availability domains, a
public load balancer requires either a regional subnet (recommended) or two availability domain-
specific (AD-specific) subnets, each in a separate availability domain. With a regional subnet, the
Load Balancing service creates a primary load balancer and a standby load balancer, each in a
different availability domain, to ensure accessibility even during an availability domain outage. If you
create a load balancer in two AD-specific subnets, one subnet hosts the primary load balancer and
the other hosts a standby load balancer. If the primary load balancer fails, the public IP address
switches to the secondary load balancer. The service treats the two load balancers as equivalent and
you cannot specify which one is "primary".
Whether you use regional or AD-specific subnets, each load balancer requires one private IP address
from its host subnet. The Load Balancing service supplies a floating public IP address to the primary
load balancer. The floating public IP address does not come from your backend subnets.
You cannot specify a private subnet for your public load balancer.
The backend servers (Compute instances) associated with a backend set can exist anywhere, as long
as the associated network security groups (NSGs), security lists, and route tables allow the intended
traffic flow.
Oracle recommends that you create your load balancer in a regional subnet.
Oracle recommends that you distribute your backend servers across all availability domains within
the region.
Question: 46
You have hired a new employee to run reports from the Autonomous Data Warehouse (ADW) and
are not confident in their SQL writing ability.
Into which consumer group will you assign this individual to minimize the impact of their code?
A. Lowest
B. Medium
C. Highest
D. High
E. Low
Answer: E
Explanation:
in ADW, The tnsnames.ora file provided with the credentials zip file contains three database service
names identifiable as high, medium, and low. The predefined service names provide different levels
of performance and concurrency for Autonomous Data Warehouse.
high: The High database service provides the highest level of resources to each SQL statement
resulting in the highest performance, but supports the fewest number of concurrent SQL statements.
Any SQL statement in this service can use all the CPU and IO resources in your database. The number
of concurrent SQL statements that can be run in this service is 3, this number is independent of the
number of OCPUs in your database.
medium: The Medium database service provides a lower level of resources to each SQL statement
potentially resulting a lower level of performance, but supports more concurrent SQL statements.
Any SQL statement in this service can use multiple CPU and IO resources in your database. The
number of concurrent SQL statements that can be run in this service depends on the number of
OCPUs in your database.
low: The Low database service provides the least level of resources to each SQL statement, but
supports the most number of concurrent SQL statements. Any SQL statement in this service can use a
single CPU and multiple IO resources in your database. The number of concurrent SQL statements
that can be run in this service can be up to 300 times the number of OCPUs.
The predefined service names provide different levels of performance and concurrency for
Autonomous DB
Choose whichever database service offers the best balance of performance and concurrency.
Use the low database service name. to minimize the impact of their SQLs to by low consumer group
Question: 47
You are managing a tier-1 OLTP application on an Autonomous Transaction Processing (ATP)
database. Your business needs to run hourly batch processes on this ATP database that may consume
more CPUs than what is available on the server.
How can you limit these batch processes to not interfere with the OLTP transactions?
A. Configure ATP resource management rules to change CPU/IO shares for the consumer group of
batch
processes.
B. Copy OLTP data into new tables in a new table space and run batch processes against these new
tables.
C. Disable automated backup during the batch process operations.
D. ATP is designed for OLTP workload only, you cannot run batch processes on ATP.
Answer: A
Explanation:
Autonomous Transaction Processing comes with predefined CPU/IO shares assigned to different
consumer groups. You can modify these predefined CPU/IO shares if your workload requires
different CPU/IO resource allocations.
By default, the CPU/IO shares assigned to the consumer groups TPURGENT, TP, HIGH, MEDIUM, and
LOW are 12, 8, 4, 2, and 1, respectively. The shares determine how much CPU/IO resources a
consumer group can use with respect to the other consumer groups. With the default settings the
consumer group TPURGENT will be able to use 12 times more CPU/IO resources compared to LOW,
when needed. The consumer group TP will be able to use 4 times more CPU/IO resources compared
to MEDIUM, when needed.
Question: 48
Which two tagging related items are valid attributes that may be included in payload of an audit log
event? (Choose two.)
A. Predefined values
B. Free-form tags
C. Tag variables
D. Defined tags
E. Cost-tracking tags
F. Default tags
Answer: BD
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Audit/Reference/logeventreference.htm#payload
Question: 49
You are a network architect and have designed the network infrastructure of a three-tier application
on Oracle Cloud Infrastructure (OCI). In the architecture, back-end DB servers are in a private subnet.
One of your DB administrators requests to have access to OCI object storage service.
How can you meet this requirement?
A. Add a new route rule to the private subnet route table to route default traffic to the internet
gateway.
B. Attach a public IP address to the instances in the private subnet, and then add a new route rule to
the
private subnet route table to route default traffic to the internet gateway.
C. Create a dynamic routing gateway (DRG) and attach it to your virtual cloud network (VCN). Add a
default route rule to the private subnets route table and set the target as DRG.
D. Create a service gateway, add a new route rule to the private subnet route table that uses object
storage as target type.
Answer: D
Explanation:
A service gateway lets resources in your VCN privately access specific Oracle services, without
exposing the data to an internet gateway or NAT. The resources in the VCN can be in a private subnet
and use only private IP addresses. The traffic from the VCN to the service of interest travels over the
Oracle network fabric and never traverses the internet.
To give your VCN access to a given service CIDR label, you must enable that service CIDR label for the
VCN's service gateway. You can do that when you create the service gateway, or later after it's
created. You can also disable a service CIDR label for the service gateway at any time.
For traffic to be routed from a subnet in your VCN to a service gateway, you must add a rule
accordingly to the subnet's route table. The rule must use the service gateway as the target.
Reference:
https://blogs.oracle.com/cloud-infrastructure/connect-private-instances-with-oracle-
servicesthrough-an-oracle-cloud-infrastructure-service-gateway
Question: 50
A customer has launched a compute Instance in the Virtual Cloud Network (VCN), which has an
Internet gateway, a service gateway, a default security lists and a default route table. Customer has
opened up Port 22 in the security lists attached to the compute instance subnet, however is still
unable to connect to compute instances using ssh.
Which option would remedy this situation?
A. Modify the route table associated with the VCN subnet in which the instance resides. Add a
following route to the route table.
Destination CIDR: 0.0.0.0/0
Target: Internet Gateway (IGW)
B. Modify the security list associated with the VCN subnet in which the instance resides. Add a
stateful egress rule to allow icmp traffic in addition to the port 22.
C. Modify the route table associated with the VCN subnet in which the instance resides. Add a
Target: Dynamic Routing Gateway (DRG)
D. Modify the route table associated with the VCN subnet in which the instance resides. Add a
Target: Service Gateway (SGW)
Answer: A
Explanation:
You create an internet gateway in the context of a specific VCN. In other words, the internet gateway
is automatically attached to a VCN. However, you can disable and re-enable the internet gateway at
any time.
For traffic to flow between a subnet and an internet gateway, you must create a route rule
accordingly in the subnet's route table (for example, destination CIDR = 0.0.0.0/0 and target =
internet gateway). If the internet gateway is disabled, that means no traffic will flow to or from the
internet even if there's a route rule that enables that traffic.
For the purposes of access control, you must specify the compartment where you want the internet
gateway to reside. If you're not sure which compartment to use, put the internet gateway in the
same compartment as the cloud network.
Question: 51
Your customer is using an Oracle Cloud Infrastructure (OCI) compartment named Production that
hosts
several resources such as compute instances, DB Systems and File Systems. Each resource in the
Production compartment is tagged.
The customer's security team wants to restrict access to DB Systems to only the authorized group of
DBAs.
Which OCI Tagging capability can be used to meet this requirement?
A. Tags Defaults with predefined values

B. Tag Defaults
C. Cost-Tracking Tags
D. Tag-based Access Control
Answer: D
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Tagging/Tasks/
managingaccesswithtags.htm#about
Question: 52
You have multiple applications installed on a compute instance and these applications generate a
large amount of log files. These log files must reside on the boot volume for a minimum of 15 days
and must be retained for at least 60 days. The 60-day retention requirement is causing an issue with
available disk space.
What are the two recommended methods to provide additional boot volume space for this compute
instance? (Choose two.)
A. Terminate the instance while preserving the boot volume. Create a new instance from the boot
volume and select a DenseIO shape to take advantage of local NVMe storage.
B. Create an object storage bucket and use a script that runs daily to move log files older than 15
days to the bucket.
C. Create and attach a block volume to the compute instance and copy the log files.
D. Create a custom image and launch a new compute instance with a larger boot volume size.
E. Write a custom script to remove the log files on a daily basis and free up the space on the boot
volume.
Answer: B,D
Explanation:
These log files must reside on the boot volume for a minimum of 15 days so you have to increase the
boot Volume
Question: 53
You have an application server running in a public subnet on a compute instance in US West (us-
phoenix-1) region of Oracle Cloud Infrastructure (OCI). The data sitting on this instance needs to be
copied to OCI Object storage bucket available in the same region without traversing over the
internet. To enable the connectivity between the instance and Object Storage, you created a service
gateway with service CIDR of all Object Storage in us-phoenix-1 enabled. You also modified the
security rules to allow the desired traffic.
However, when you tried sending the data to the Object Storage bucket, you notice that the data is
going over the internet and not via the service gateway.
What could be the possible reason for this behavior?
A. The route table associated with the subnet has no route rule where the destination is object
storage service
B. The service gateway created in the VCN resides in a different availability domain
C. The security list associated with the subnet has an egress rule that allows all traffic to be
forwarded to a destination CIDR 0.0.0.0/0
D. Identity and Access Management (IAM) policies restrict the access to the object storage bucket
Answer: A
Question: 54
Which two choices are true for Oracle Autonomous Database with Shared Exadata Infrastructure?
A. Billing for storage usage continues when autonomous database is stopped.

B. Billing stops for both CPU and storage usage when autonomous database is stopped.
C. Billing for compute usage stops when autonomous database is stopped.
D. Autonomous database does not support per-second billing.
E. Billing does not stop when autonomous database is terminated.
Answer: A, C
Question: 55
You are responsible for creating and maintaining an enterprise application that consists of multiple
storage volumes across multiple compute instances in Oracle Cloud Infrastructure (OCI).
The storage volumes include boot volumes and block volumes for your data storage. You need to
create
backups of these storage volumes in the most time-efficient manner.
How can you meet this requirement?
A. Create clones of all boot volumes and block volumes one at a time.
B. Create on-demand full backups of boot volumes, and copy data in block volumes to Object Storage
using OCI CLI.
C. Create on-demand full backups of block volumes, and create custom images from the boot
volumes.
D. Group together multiple storage volumes in a volume group and create volume group backups.
Answer: D
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Block/Concepts/volumegroups.htm
Question: 56
As an Oracle Cloud Infrastructure tenancy administrator, you created predefined lists of values and
associated them with tag key definitions.
One of the users in your tenancy complains that she cannot see these predefined values.
What is causing this issue?
A. The user is trying to use free-form tags.

B. Some of the predefined values are null.
C. The user is not part of an Identity and Access Management group that gives access to tagging.
D. The user has breached either the quota or service limit for using tags.
Answer: A
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Tagging/Tasks/usingpredefinedvalues.htm
Question: 57
You have compartments C and D under the root compartment in your Oracle Cloud Infrastructure
(OCI) tenancy; compartment C contains a sub-compartment also named D. You are trying to move
this sub-compartment D to the parent compartment D like shown in the picture, but the move fails.
What is the reason for this error?
A. You need to move all the compartments in the hierarchy to the new parent compartment.
B. You cannot move a subcompartment to another parent compartment.

C. Both parent and child compartments cannot have the same name.
D. Sub-compartment D needs to be empty before it can be moved.
Answer: C
Explanation:
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Tasks/managingcompartments.htm
(restriction on moving compartments)
Question: 58
You are working for a financial institution that is currently running two web applications in Oracle
Cloud
Infrastructure (OCI). All resources were created in the root compartment.
Your manager asked you to deploy new resources to support a proof-of-concept (PoC) for Oracle
FlexCube.
You must ensure that the FlexCube resources are secured and cannot be affected by the team that
manages the two web applications.
Which two tasks should you complete to ensure the required security of your resources? (Choose
two.)
A. Create a new compartment for the two web applications and move the existing resources into the
compartment. Deploy the FlexCube application into the root compartment. Create a new policy in
the root
compartment that gives the FlexCube project team the ability to manage all resources in the tenancy.
B. Create a new policy in the root compartment for the FlexCube project team. Assign a policy
statement that grants the FlexCube project team the ability to manage all resources in the tenancy,
where a specific tag key and tag value are present.
C. Create a Tag Default within the root compartment with a default value of ${iam.principle.name} so
that each new resource created is tagged with the name of the person who created it. Create a new
IAM
policy that allows users to only modify resources they created.
D. Create a new compartment for the two web applications and move the existing resources into this
compartment. Modify the existing policy for the team that manages these applications so that the
scope of access is defined as this new compartment.
E. Create a new compartment for the FlexCube application deployment. Create a policy in this
compartment for the project team that gives them the ability to manage all resources within the
scope of this
compartment.
Answer: CD
Question: 59
Which two parameters are required in a back end set’s HTTP health check? (Choose two.)
A. response body
B. URL path
C. timeout
D. port
E. status code
Answer: BD
Explanation:
https://docs.cloud.oracle.com/iaas/Content/GSG/Tasks/loadbalancing.htm#Create
Enter the Health Check details.
Load Balancing automatically checks the health of the instances for your load balancer. If it detects
an unhealthy instance, it stops sending traffic to the instance and reroutes traffic to healthy instances.
In this step, you provide the information required to check the health of servers in the backend set
and ensure that they can receive data traffic.
Protocol: Select HTTP.
Port: Enter 80
URL Path (URI): Enter /
The rest of the fields are optional and can be left blank for this tutorial.
Click Create.
Question: 60
Which two are true for achieving High Availability on Oracle Cloud Infrastructure? (Choose two.)
A. Store your database across multiple regions so that half of the data resides in one region and the
other half resides in another region.
B. Attach your block volume form Availability Domain 1 to a compute instance in Availability Domain
2 (and vice versa) so that they are highly available.
C. Configure your database to have Data Guard in another Availability Domain in Sync mode within a
region.
D. Store your database files on Object Storage so that they are available in all Availability Domains in
all regions.
E. Distribute your application servers across all Availability Domains within a region.
Answer: C,E
Question: 61
Which two configuration formats does Terraform support? (Choose two.)
A. YAML
B. JSON
C. HCL
D. XML
Answer: B,C
Explanation:
References:
Terraform configuration files can use either of two formats: Terraform domain-specific language
(HashiCorp Configuration Language format [HCL]), which is the recommended approach, or JSON
format if the files need to be machine-readable.
Question: 62
At the end of a terraform apply operation, what is the default output?
A. nothing by default
B. statistics about what was added, changed, and destroyed
C. the entire state file
D. statistics about what was added, changed, and destroyed, and the values of outputs
Answer: D
Question: 63
You want an instance in your compartment to make API calls to other services within Oracle Cloud
Infrastructure without storing credentials in a configuration file.
What do you need to do?
A. No action is required. By default, all VM instances are created with an Instance Principal.
B. Instances cannot access services outside their compartment.
C. VM instances are treated as users. Create a user and assign the user to that VM instance.
D. Create appropriate matching rules in the Dynamic Group to create an Instance Principal.
Answer: D
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingdynamicgroups.htm
Question: 64
Which three must be configured for a load balancer to accept incoming traffic? (Choose two.)
A. a listener
B. a back-end server
C. a back end set
D. a security list that is open on a listener port
E. a certificate
Answer: ABC
Explanation:
https://docs.cloud.oracle.com/iaas/Content/Balance/Tasks/managingloadbalancer.htm?tocpath=Ser
vices%7CLoad%20Balancing%7C 5
The essential components for load balancing include:
• A load balancer with pre-provisioned bandwidth.
• A backend set with a health check policy. See Managing Backend Sets.
• Backend servers for your backend set. See Managing Backend Servers.
• One or more listeners . See Managing Load Balancer Listeners.
• Load balancer subnet security rules to allow the intended traffic. To learn more about these rules,
see Security Rules.
• Optionally, you can associate your listeners with SSL server certificate bundles to manage how your
system handles SSL traffic. See Managing SSL Certificates
Question: 65
Which two statements are true about Oracle Cloud Infrastructure Compute Service? (Choose two.)
A. You can launch a virtual or bare metal instance by using the same LaunchInstance API.
B. You cannot launch a bare metal server in Oracle Cloud Infrastructure Compute Service.
C. You can attach a block volume in an Availability Domain other than your compute instance.
D. You can share custom images across tenancies and regions.
Answer: A,D
Explanation:
References:
Regions and Availability Domains
Volumes are only accessible to instances in the same availability domain . You cannot move a volume
between availability domains or regions.
FYI: https://docs.cloud.oracle.com/iaas/Content/Block/Concepts/overview.htm
Question: 66
Which five are the required parameters to launch an instance in Oracle Cloud Infrastructure? (Choose
five.)
A. subnet
B. Availability Domain
C. Virtual Cloud Network
D. host name
E. instance shape
F. image operating system
G. private IP address
Answer: A,B,C,E,F
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/Compute/Concepts/computeoverview.htm
Question: 67
Which DNS resource record type is used to point a host name to an IPv4 address?
A. ALIAS
B. A
C. CNAME
D. AAAA
Answer: B
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/DNS/Reference/supporteddnsresource.htm?tocpath=Se
rvices%7CDNS%7C 2
Question: 68
Which three can you achieve by using Terraform? (Choose three.)
A. Create resources in the right order without regard to the order in the terraform plan file.
B. Automatically re-provision the resources that are tainted or whose configuration has changed.
C. Automatically translate a deployed infrastructure and create a plan.
D. Automatically destroy all the resources that are in tenancy.
E. Continuously maintain the configuration files in an instance.
Answer: A,B,D
Question: 69
Your application front end consists of several Oracle Cloud Infrastructure compute instances behind a
public load balancer. You have configured the load balancer to perform health checks on these
instances.
What will happen if an instance fails to pass the configured health checks?
A. The instance is replaced automatically by the load balancer.

B. The instance is terminated automatically by the load balancer.
C. The instance is taken out of the back end set by the load balancer.
D. The load balancer stops sending traffic to that instance.
Answer: D
Explanation:
One or more of the backend servers reports as unhealthy.
A backend server might be unhealthy or the health check might be misconfigured.
Question: 70
Which statement is true about cloning a volume?
A. You need to detach a volume before cloning from it.

B. A cloned volume is the same as a snapshot that has a dependency on the source volume.
C. You can change the block volume size when cloning a volume.
D. You can create a clone for a volume across regions.
Answer: C
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/Block/Tasks/cloningavolume.htm?tocpath=Services%7C
Block%20Volume%7C 14
Question: 71
Which scaling option does Database Cloud Service (DBCS) on Bare Metal Shape offer?
A. network bandwidth
B. CPU
C. storage
D. memory
Answer: B
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/managingDBsystem.htm
Question: 72
Which statement is true about Oracle Cloud Identifiers (OCID)?
A. mytenancy.oc.ocid is a valid OCID.

B. If you delete a user, and them create a new user with the same name, the user will be considered
a different user because of different OCIDs.
C. Users can customize OCIDs for all the resources in their compartments.
D. If you delete a user, and then create a new user with the same name, the new user will be
assigned the exact same OCIDs as the system remembers.
Answer: B
Explanation:
References:
Question: 73
Which three types of credentials are used to manage Oracle Cloud Infrastructure Identity and Access
Management (IAM)? (Choose three.)
A. Windows Password
B. API Signing Key
C. Swift Password
D. SSH Key
E. Console Password
Answer: B,C,E
Explanation:
References:
https://cloud.oracle.com/iaas/whitepapers/best-practices-for-iam-on-oci.pdf
You manage the following types of credentials with Oracle Cloud Infrastructure IAM:
Console password: For signing in to the Console, which is the user interface for interacting with
Oracle Cloud Infrastructure
API signing key (in PEM format): For sending API requests, which require authentication
Swift password: For using a Swift client with Recovery Manager (RMAN) to back up an Oracle
Database System (DB System) database to Object Storage
Question: 74
Which two are true for Oracle Cloud Infrastructure DNS? (Choose two.)
A. It can function only as a primary DNS.

B. It supports other cloud providers such as AWS and Azure.
C. It supports segregation of traffic by using the private pool.
D. It does not provide DDoS protection.
Answer: B,C
Explanation:
References:
B – Support for Oracle Cloud Infrastructure, other Cloud provider endpoints (AWS, Azure) and private
assets, including Cloud, CDNs and Data Centers
C – Customers may purchase Oracle Cloud Infrastructure Private Pool and Vanity Nameserver to have
their Domain Names and Zones under a private IP pool with dedicated nameservers to segregate
from those of other customers in order to reduce the risk of external issues affecting their websites.
https://www.oracle.com/cloud/networking/dns-faq.html
Question: 75
Which service is NOT supported by Oracle Cloud Infrastructure CLI?
A. load balancer
B. compute
C. database
D. block volumes
Answer: D
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/API/Concepts/cliconcepts.htm#services
Question: 76
In which language are Terraform and Terraform providers written?
A. Python
B. Go
C. C
D. Ruby
Answer: B
Explanation:
References:
https://www.terraform.io/docs/extend/writing-custom-providers.html
Question: 77
Given: When creating multiple subnets within a Virtual Cloud Network (VCN), security lists are often
made to group common services, for example, SSH and RDP (remote access), 80 and 443 (HTTP), and
so on.
By default, what is the maximum number of security lists that can be associated with a subnet upon
creation?
A. 4
B. 2
C. 5
D. 3
Answer: C
Question: 78
Why are two subnets required to create a public load balancer when additional subnets are often
used for back-end servers? (Choose two.)
A. Routing is simpler when the load balancer is not in the same subnet as the back-end server.
B. Performance is higher when more subnets are used.
C. Additional subnets for back-end servers allow for separate route tables for these servers.
D. Additional subnets for back-end servers allow for separate security lists for these servers.
Answer: B,D
Explanation:
References:
http://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/ocis/load-balancer/load-
balancer.html
Question: 79
Which certificate format is used with the load balancer?
A. PFX
B. PEM
C. PKCS12
D. CRT
Answer: B
Explanation:
https://docs.cloud.oracle.com/iaas/Content/Balance/Tasks/managingcertificates.htm
Question: 80
A new employee has just started working for your company. You create an Oracle Cloud
Infrastructure user account for this employee, following which they are able to log in, but still cannot
create any resources.
What should you do to resolve this?
A. Send the employee API Signing Keys to log in.

B. Delete the account and create another one.
C. Make sure that the employee is logging in to the Oracle Cloud Infrastructure account from your
corporate network only.
D. Add the employee to a group with policies to grant access to relevant resources.
Answer: D
Question: 81
Which two statements are true about subnets within a VCN? (Choose two.)
A. You can have multiple subnets in an Availability Domain for a given VCN.
B. Private and Public subnets cannot reside in the same Availability Domain for a given VCN.
C. Subnets can have their IP addresses overlap with other subnets in another network for a given
VCN.
D. Instances obtain their private IP and the associated security list from their subnets.
Answer: A,D
Explanation:
References:
https://cloud.oracle.com/en_US/bare-metal-network/vcn/faq
Question: 82
Which resource is required when connecting to your on-premise network from your Virtual Cloud
Network (VCN) via IPSec VPN or FastConnect?
A. Internet Gateway (IGW)

B. Dynamic Routing Gateway (DRG)
C. local peering gateway
D. NAT
Answer: B
Explanation:
References:
https://cloud.oracle.com/networking/vcn/faq
Question: 83
Which two resources are availability domain constructs? (Choose two.)
A. VCN
B. Groups
C. Block Volume
D. Compute Instance
E. Object Storage
Answer: C,D
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#one
Question: 84
What is the default backup location for database backup on Database Cloud Service (DBCS)?
A. Object Storage on Oracle Cloud Infrastructure

B. ASM diskgroup
C. block volume
D. locally attached NVMe on Virtual Machine
Answer: A
Explanation:
References:
https://docs.oracle.com/en/cloud/paas/database-dbaas-cloud/csdbi/backing.html
Question: 85
Which statement is true about restoring a block volume from a manual or policy-based block volume
backup?
A. It can be restored as new volumes to any Availability Domain within the same region.
B. It must be restored as new volumes to the same Availability Domain on which the original block
volume backup resides.
C. It can be restored as new volumes to any Availability Domain across different regions.
D. It can be restored as new volumes with different sizes from the backups.
Answer: A
Explanation:
References:
Question: 86
Which three are valid Terraform configuration components? (Choose three.)
A. variable
B. region
C. metadata
D. instance
E. resource
F. data source
Answer: A,E,F
Question: 87
Which three components can you configure in Oracle Infrastructure Identity and Access
Management? (Choose three.)
A. Groups
B. Users
C. Instances
D. Policies
E. VCNs
Answer: A,B,D
Explanation:
References:
https://cloud.oracle.com/governance/identity/faq
Question: 88
Which two are NOT an image source when launching a new compute instance? (Choose two.)
A. boot volume
B. custom image
C. Object Storage
D. bare metal instance
Answer: CD
Question: 89
Where is the tenancy Oracle Cloud Identifier (OCID) located?
A. given by support on account creation

B. at the bottom of every console page
C. on the Identity – Users page
D. contained within the compartment OCID
Answer: D
Explanation:
Identity > Compartments >(The root Compartment of the tenancy)
Question: 90
Which two features are offered natively on Oracle Cloud Infrastructure Database Cloud Service
(DBCS)? (Choose two.)
A. Data Guard in Async mode within a region

B. GoldenGate replication between two regions
C. Data Guard in Maximum Protection mode
D. backup to Object Storage
Answer: A,D
Explanation:
Data Guard in Maximum Performance protection mode is supported not simply Maximum Protection
mode, however, you can configure additional protection modes and transport types by logging on to
the DB system and accessing Data Guard command-line interface( DGMGRL).
Question: 91
What happens when you run terraform plan?
A. It configures, reconfigures, and instantiates resources and their dependencies.

B. It shows the operator the course of action that would be taken if a change is applied.
C. It deletes all existing resources and re-creates them.
D. It shows a dependency graph.
Answer: B
Explanation:
References:
The terraform plan command is used to create an execution plan. Terraform performs a refresh,
unless explicitly disabled, and then determines what actions are necessary to achieve the desired
state specified in the configuration files.
This command is a convenient way to check whether the execution plan for a set of changes matches
your expectations without making any changes to real resources or to the state. For example,
terraform plan might be run before committing a change to version control, to create confidence that
it will behave as expected.
Question: 92
When creating a subnet, one or more placeholder security lists are often associated with the subnet.
Why?
A. Each operator needs its own security list.

B. Each protocol needs its own security list.
C. Each network endpoint or instance in the subnet needs its own security list.
D. It is not possible to add or remove security lists after a subnet is created.
Answer: C
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/securitylists.htm?tocpath=Services
%7CNetworking%7CAccess%20and%20Security%7C 3
Question: 93
When terminating a compute instance, you want to preserve the boot volume and its data.
Which step will you need to perform?
A. You cannot preserve the boot volume; it will always be deleted when you terminate the instance.
B. Reboot the instance first, and then terminate the instance.
C. Disable the default option to delete the boot volume when terminating an instance.
D. Before terminating the instance, you must detach the boot volume.
Answer: C
Explanation:
References:
The dialog will show you when you terminate the instance. If you want to preserve the boot volume
associated with the instance, uncheck Permanently delete the attached Boot Volume.
https://docs.cloud.oracle.com/iaas/Content/Compute/Tasks/terminatinginstance.htm
Question: 94
An instance is launched with a primary VNIC that is created during instance launch.
Which two operations are true when you add secondary VNICs to an existing instance? (Choose two.)
A. You can remove the primary VNIC after the secondary VNIC’s attachment is complete.
B. You can remove the secondary VNIC later if it is not needed.
C. The primary and secondary VNIC association should be within the same Availability Domain.
D. It is not possible to connect two VNICs to an instance.
Answer: B,C
Explanation:
https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/managingVNICs.htm
Question: 95
Which does NOT set a variable in Terraform?
A. Passing the variable with a var statement to Terraform

B. Setting the variable as key value pairs in a file in a subdirectory named tfvar
C. A default value in the variable declaration within a TF plan file
D. Setting the environment variable using a TF_VAR_ predicate in front of the variable name
Answer: B
Question: 96
Which two are required to create an IPSec VPN connection? (Choose two.)
A. security list
B. static route CIDR
C. name
D. compute instance
Answer: A,B
Question: 97
When deploying a highly available, Internet-facing, 2-tier web application on Oracle Cloud
Infrastructure (OCI), which design option would you use?
A. Deploy all web servers into one Availability Domain and behind a public load balancer, and deploy
two single-node OCI database systems in the same Availability Domain with Data Guard enabled.
B. Deploy all web servers into multiple Availability Domains and behind a public load balancer, and
deploy two single-node OCI database systems across two Availability Domains with Data Guard
enabled.
C. Deploy all web servers into multiple Availability Domains and behind a private load balancer, and
deploy two single-node OCI database systems across two Availability Domains with Data Guard
enabled.
D. Deploy all web servers into one Availability Domain, and deploy a single-node OCI database
system into a different Availability Domain.
Answer: B
Question: 98
Which two identity providers can your administrator federate with Oracle Cloud Infrastructure?
(Choose two.)
A. Microsoft Active Directory

B. Oracle Identity Cloud Services
C. AWS Directory Services
D. Google Directory Federation Services
Answer: A,B
Explanation:
References:
Oracle Cloud Infrastructure supports federation with Oracle Identity Cloud Service and Microsoft
Active Directory (via Active Directory Federation Services (AD FS)), and any identity provider that
supports the Security Assertion Markup Language (SAML) 2.0 protocol.
Question: 99
What is the maximum CIDR range that can be assigned when configuring a Virtual Cloud Network?
A. /16
B. /26
C. /24
D. /8
Answer: A
Question: 100
Which two tools would you use to manage Database Cloud Service (DBCS)? (Choose two.)
A. psql
B. Oracle Swingbench
C. SQL Developer
D. Oracle Enterprise Manager
Answer: C,D
Question: 101
A customer wants to do development on premise while leveraging services such as Java Cloud,
Mobile Developer Cloud, and App Builder Services. The customer would also like to scale out the
application, stretching from on-premises to the cloud by using a common API.
Which two Infrastructure options can the customer leverage to do this? (Choose two.)
A. Oracle Cloud at Customer

B. Oracle Cloud Infrastructure Classic
C. Oracle Cloud Ravello service
D. Oracle Cloud Infrastructure
Answer: A,D
Question: 102
Which statement is true about a pre-authenticated request in Oracle Cloud Infrastructure Object
Storage?
A. You can create only 1, 000 pre-authenticated requests per bucket.

B. You can create a pre-authenticated request only for public buckets.
C. You cannot retire a pre-authenticated request before it expires.
D. You cannot extend the expiration date on a pre-authenticated request.
Answer: D
Explanation:
https://docs.cloud.oracle.com/iaas/Content/Object/Tasks/usingpreauthenticatedrequests.htm
You can create an unlimited number of pre-authenticated requests.
You can’t edit a pre-authenticated request. If you want to change user access options in response to
changing requirements, you must create a new pre-authenticated request.
URL: https://docs.cloud.oracle.com/iaas/Content/Object/Tasks/managingbuckets.htm
You can change a bucket’s access from public to private or from private to public. Changing the type
of access doesn’t affect existing pre-authenticated requests. Existing pre-authenticated requests still
work.
Question: 103
Which statement is true about Oracle Cloud Infrastructure Object Storage Service?
A. An Archive Object Storage tier bucket can be upgraded to the Standard Object Storage tier.
B. You cannot directly download an object from an Archive Object Storage bucket.
C. An existing Standard Object Storage tier bucket can be downgraded to the Archive Object Storage
tier.
D. Data retrieval in Archive Object Storage is instantaneous.
Answer: B
Question: 104
For a compute instance that is launched in a private subnet in a Virtual Cloud Network (VCN), which
action needs to be performed to connect to the Internet, assuming that the required security list is
properly set up?
A. Assign a Public IP address to the compute instance.

B. Create and configure Network Address Translation (NAT) in a public subnet and route all traffic to
it.
C. There is no way for an instance in a private subnet to connect to the Internet.
D. Create a default route entry in the route table to forward all traffic to the Internet gateway.
Answer: D
Question: 105
Which two are valid options when migrating a database from on-premise to Oracle Cloud
Infrastructure? (Choose two.)
A. snapping or cloning storage form on-premise to Oracle Cloud Infrastructure

B. performing a backup to Oracle Cloud Infrastructure Object Storage, and then restoring to a
database server on Oracle Cloud Infrastructure
C. performing RMAN backup to an on-premise storage device, and then shipping to Oracle Cloud
Infrastructure
D. converting the Oracle database to a NoSQL database and migrating to Oracle Cloud Infrastructure
by using rsync file copy
Answer: A,C
Question: 106
You are responsible for setting up access for all the cloud users of a large enterprise. You log in to the
Phoenix region and start creating users and policies. You then realize that some users might be
creating resources in the Ashburn region.
Which step should you perform to enable those users?
A. You can assign a region to each of the users at the time of creation.
B. IAM users are global and non-admin users can add resources to any region by default.
C. You need to log in to each region separately to create users for that particular region.
D. IAM users are global. As an administrator, make sure that you subscribe to the Ashburn region.
Answer: D
Question: 107
Your company has decided to move a few applications to Oracle Cloud and you have been asked to
design it for both High Availability (HA) and Disaster Recovery (DR).
Which two should you consider while designing your Oracle Cloud Infrastructure architecture?
(Choose two.)
A. Region
B. Instance Shape
C. Compartments
D. Availability Domain
Answer: A,D
Explanation:
References:
https://blogs.oracle.com/cloud-infrastructure/migration-and-disaster-recovery-in-the-oracle-cloud-
with-rackware
Question: 108
Which three are capabilities of the dbaascli utility? (Choose three.)
A. Patching the primary database deployment

B. Open port 1521 in the VCN to allow for traffic to the listener
C. Start and open the database instance
D. Switchover and failover in an Oracle Guard configuration
E. Clone a DB
Answer: A,C,D
Explanation:
https://docs.oracle.com/en/cloud/paas/database-dbaas-cloud/csdbi/dbaascli.html
Using the dbaascli utility, you can:
Change the password of a database user.
Start and stop a database.
Start and stop the Oracle Net listener
Check the status of the Oracle Data Guard configuration.
Perform switchover and failover in an Oracle Data Guard configuration.

Patch the database deployment.
Perform database recovery.
Rotate the master encryption key.
https://docs.oracle.com/en/cloud/paas/database-dbaas-cloud/csdbi/dbaascli.html
Question: 109
You have one database-style application that frequently makes many random reads and writes across
the dataset.
Which storage offering supports this application?
A. Object Storage Service

B. Archive Storage Service
C. File Storage Service
D. Block Storage Service
Answer: D
Question: 110
You create a public Load Balancer instance and configure a back end set “BES1” with one back end
server running a service on port 80. You also create a listener on port 80 and configure that listener
to use the back end set “BES1”. A client makes one HTTP request to the Load Balancer with the
correct protocol and port.
How many connections does the Load Balancer maintain?
A. 1
B. 2
C. 4
D. 3
Answer: B
Question: 111
Which three actions are required to configure a highly available and secure hybrid network between
Oracle Cloud and your data center? (Choose three.)
A. Define a non-overlapping IP Address Space between the data center and the cloud.
B. Configure each of the CPEs to leverage each of the IPSec Tunnels created by the connection
process.
C. Create two or more CPEs that map to the private IP addresses of the customer routers used in the
IPSec VPN Tunnel.
D. Define a default route table entry for the VCN that directs all traffic to the data center network to a
single DRG.
E. Create dynamic routing gateways in more than one AD within your region.
Answer: ABC
Explanation:
https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/configuringCPE.htm
Question: 112
Which tool can automatically install Oracle Cloud Infrastructure CLI?
A. Python
B. RPM
C. APT
D. PIP
Answer: D
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/climanualinst.htm
Question: 113
Which two statements are true about the Oracle Cloud Infrastructure Object Storage Service?
(Choose two.)
A. It provides higher IOPS than Block Storage.

B. It can be directly attached or detached from a compute instance.
C. Data is stored redundantly only in a single AD.
D. Data is stored redundantly across multiple availability domains (ADs) in a multi-AD region.
E. It provides strong consistency.
Answer: D,E
Explanation:
STRONG CONSISTENCY
When a read request is made, Object Storage always serves the most recent copy of the data that
was written to the system.
DURABILITY
Object Storage is a regional service. Data is stored redundantly across multiple storage servers.
Object Storage actively monitors data integrity using checksums and automatically detects and
repairs corrupt data. Object Storage actively monitors and ensures data redundancy. If a redundancy
loss is detected, Object Storage automatically creates more data copies. For more details about
Object Storage durability, see the Oracle Cloud Infrastructure Object Storage FAQ.
CUSTOM METADATA
You can define your own extensive metadata as key-value pairs for any purpose. For example, you
can create descriptive tags for objects, retrieve those tags, and sort through the data. You can assign
custom metadata to objects and buckets using the Oracle Cloud Infrastructure CLI or SDK. See
Software Development Kits and Command Line Interface for details.
ENCRYPTION
Object Storage employs 256-bit Advanced Encryption Standard (AES-256) to encrypt object data on
the server. Each object is encrypted with its own key. Data encryption keys are encrypted with a
master encryption key that is frequently rotated. Encryption is enabled by default and cannot be
turned off.
Question: 114
What does Terraform use to create, manage, and manipulate infrastructure resources?
A. resources
B. provisioner
C. instances
D. provider
Answer: D
Explanation:
The Oracle Cloud Infrastructure provider is used to interact with the many resources supported by
the Oracle Cloud Infrastructure. The provider needs to be configured with credentials for the Oracle
Cloud Infrastructure account.
Question: 115
Which deployment architecture is offered when you deploy the Platform Service Manager based
Database Cloud Service (DBCS) onto Oracle Cloud Infrastructure?
A. Two node Primary RAC database leveraging ACFS for the shared file system
B. Single Instance database with a Single Instance Data Guard in Maximum Performance mode
C. Single Instance database with a Single Instance Data Guard in Maximum Protection mode
D. Two node Primary RAC database with a two node RAC Data Guard Standby in Maximum
Performance mode
Answer: D
Question: 116
Which three load-balancing policies can be used with a back end set? (Choose three.)
A. Throughput
B. IP Hash
C. Weighted Round Robin
D. CPU Utilization
E. Least Connections
Answer: B,C,E
Explanation:
References:
After you create a load balancer, you can apply policies to control traffic distribution to your backend
servers. The Load Balancing service supports three primary policy types:
Round Robin
Least Connections
IP Hash
Question: 117
You are in the process of setting up a highly available student registration website on Oracle Cloud
Infrastructure (OCI). You use a load balancer and a database service on OCI. You launch two compute
instances each in a different subnet and add them to the back end set of a public load balancer. The
load balancer is configured correctly and working. You then deploy the student registration
application on these two compute instances. The application can communicate with the database
service. However, when you type the URL of this student registration application in your browser, no
web page appears.
What could be the cause?
A. The security lists of the subnets on which the two instances are located do not have “allow” rules
for port 80 and 443.
B. The load balancer performed a health check on the application and found that compute instances
were not in a healthy state and terminated the instances.
C. The client requested https access to the application and the load balancer service does not
support end-to-end SSL from the client to the listener to the back-end set.
D. The Dynamic Routing Gateway is preventing the client traffic from your data center network from
reaching the public IP of the load balancer.
Answer: A
Question: 118
Which two actions will occur when a back-end server that is registered with a backend set is marked
to drain connections? (Choose two.)
A. It disallows new connections to that backend server.

B. It keeps the connections to that instance open and attempts to complete any in-flight requests.
C. It redirects the requests to a user-defined error page.
D. It immediately closes all existing connections to that instance.
E. It forcibly closes all connections to that instance after a timeout period.
Answer: A,B
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/Balance/Reference/sessionpersistence.htm
The Load Balancing service considers a server marked drain available for existing persisted sessions.
New requests that are not part of an existing persisted session are not sent to that server.
Question: 119
You have a shared file system between two web servers using File Storage Service (FSS) and you were
tasked to create a backup plan for this environment to protect the data placed into the shared file
system.
What is the recommended approach to create this backup using FSS features?
A. Implement a backup policy to execute a snapshot of the shared volume.

B. Implement a backup policy to copy data from the shared volume to object storage.
C. Compress the data that is in the shared volume and copy it into a different folder on the boot
volume disk.
D. Use the rsync tool to send data from the shared volume to a boot volume disk.
E. Use the rsync tool to send data from the shared volume to a block volume.
Answer: A
Question: 120
Which storage would you use if your big data workload requires shared access and an NFS based
interface?
A. File Storage
B. Storage Software Cloud Appliance
C. Object Storage
D. Archive Storage
E. Block Volume
Answer: A
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/File/Concepts/filestorageoverview.htm
The File Storage service is designed to meet the needs of applications and users that need an
enterprise file system across a wide range of use cases, including the following:
General Purpose File Storage: Access to an unlimited pool of file systems to manage growth of
structured and unstructured data.
Big Data and Analytics: Run analytic workloads and use shared file systems to store persistent data.
Lift and Shift of Enterprise Applications: Migrate existing Oracle applications that need NFS storage,
such as Oracle E-Business Suite and PeopleSoft.

Databases and Transactional Applications: Run test and development workloads with Oracle, MySQL,
or other databases.
Backups, Business Continuity, and Disaster Recovery: Host a secondary copy of relevant file systems
from on premises to the cloud for backup and disaster recovery purposes.
MicroServices and Docker: Deliver stateful persistence for containers. Easily scale as your container-
based environments grow.
Question: 121
You need to transfer over 12 TB of data from on-premises to your cloud account. You started copying
this data over the internet and noticed that it will take too long to complete.
Without increasing the costs of your subscription, what is the recommended way to send this
amount of data to your cloud account?
A. Use Data Transfer Service to send your data.

B. Split the data into multiple parts and use the multipart tool.
C. Use a 10 GB FastConnect line to send the data.
D. Send the data over a VPN IPsec tunnel.
E. Compress the data and use the multipart tool.
Answer: A
Explanation:
References:
Overview of Data Transfer Service
Oracle offers offline data transfer solutions that let you migrate data to Oracle Cloud Infrastructure.
Moving data over the public internet is not always feasible due to high network costs, unreliable
network connectivity, long transfer times, and security concerns. Our transfer solutions address
these pain points, are easy to use, and provide significantly faster data upload compared to over-the-
wire data transfer.
https://docs.cloud.oracle.com/iaas/Content/DataTransfer/Concepts/overview.htm
Question: 122
Which two statements are true about encryption on Oracle Cloud Infrastructure (OCI)? (Choose two.)
A. By default, object storage and block storage are encrypted at rest.

B. A customer is responsible for data encryption in all services of OCI.
C. By default, DB Systems offers an encrypted database.
D. By default, NVMe drives are encrypted but the block volume service is not.
Answer: A,C
Explanation:
References:
https://cloud.oracle.com/storage/object-storage/features
Question: 123
You are the Cloud Architect of a company, and are designing a solution on Oracle Cloud Infrastructure
where you want to have all your compute instances resistant to hardware failure.
Which two are recommended best practices to achieve the requirement on Oracle Cloud
Infrastructure? (Choose two.)
A. Create a custom image of your system drive each time you change the image.
B. Attach block volumes from different Availability Domains to compute instances in different
Availability Domains for high availability.
C. Design your system with redundant compute modes in different Availability Domains to support
the failover capability.
D. Create backups of your block volumes that are associated with compute instances in different
regions.
Answer: A,C
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/Compute/References/bestpracticescompute.htm
System Resilience
Oracle Cloud Infrastructure runs on Oracle’s high-quality Sun servers. However, any hardware can
experience a failure. Follow industry-wide hardware failure best practices to ensure the resilience of
your solution. Some best practices include:
Design your system with redundant compute nodes in different availability domains to support fail-
over capability.
Create a custom image of your system drive each time you change the image.
Back up your data drives, or sync to spare drives, regularly.
If you experience a hardware failure and have followed these practices, you can terminate the failed
instance, launch your custom image to create a new instance, and then apply the backup data.
Question: 124
For what business need should you use Database Cloud Service (DBCS) instead of Oracle database on
a compute instance?
A. to bring your own license on a compute service

B. to lower license and infrastructure cost
C. to implement Oracle RAC for high availability
D. to build an Oracle database on a compute service
Answer: C
Question: 125
You need to create a high performance shared file system, and have been advised to use file storage
service (FSS). You have logged into the Oracle Cloud Infrastructure console, created a file system, and
followed the steps to mount the shared file system on your Linux instance. However, you are still
unable to access the shared file system from your Linux instance.
What is the likely reason for this?
A. There are no security list rules for mount target traffic

B. There is no internet gateway (IGW) set up for mount target traffic
C. There is no Identity and Access Management (IAM) policies set up to allow you to access the
mount target
D. There is no route in your virtual cloud network’s (VCN) route table for mount target traffic
Answer: A
Explanation:
Virtual firewall rules for your VCN. Your VCN comes with a default security list, and you can add
more. These security lists provide ingress and egress rules that specify the types of traffic allowed in
and out of the instances. You can choose whether a given rule is stateful or stateless. Security list
rules must be set up so that clients can connect to file system mount targets. For more information
about how security lists work in Oracle Cloud Infrastructure, see Security Lists in the Networking
documentation. For information about setting up specific security list rules required for mount target
traffic, see Configuring VCN Security List Rules for File Storage. About Security explains how security
lists interact with other types of security in your file system.
https://docs.cloud.oracle.com/iaas/Content/File/Concepts/filestorageoverview.htm
Question: 126
Which two statements define the types of DNS resolvers that exist? (Choose two.)
A. A custom resolver allows instances to use the host names of the hosts in your on-prem network
that are connected to your VCN by an IPSec VPN connection.
B. A VCN resolver allows instances to use the host names of the hosts in your on-prem network that
are connected to your VCN by an IPSec VPN connection.
C. A VCN resolver allows instances to use host names to communicate with instances on other VCNs
in your tenancy.
D. An Internet resolver allows instances to use the host names that are published on the Internet.
Answer: A,D
Explanation:
https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/dns.htm
This is an Oracle-provided option that includes two parts:
Internet Resolver: Lets instances resolve hostnames that are publicly published on the internet. The
instances do not need to have internet access by way of either an internet gateway or a connection
to your on-premises network (such as an IPSec VPN connection through a DRG ).
VCN Resolver: Lets instances resolve hostnames (which you can assign) of other instances in the
same VCN. For more information, see About the DNS Domains and Hostnames.
By default, new VCNs you create use the Internet and VCN Resolver. If you’re using the Networking
API, this choice refers to the VcnLocalPlusInternet enum in the DhcpDnsOption object.
The Internet and VCN Resolver does not let instances resolve the hostnames of hosts in your on-
premises network connected to your VCN by IPSec VPN connection or FastConnect. Use your own
custom DNS resolver to enable that.
https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/dns.htm?Highlight=DNS%20resolve
r#About
Question: 127
What is a “transfer package” when transferring data to OCI via the OCI Data Transfer Service?
A. A transfer package is the logical representation of the physical shipment containing the HDD
transfer devices that you ship to Oracle to upload to OCI.
B. A transfer package is the software Oracle provides for you to prepare transfer devices for shipment
to Oracle
C. A transfer package contains the physical devices.
D. A transfer package is the archive file that the Data Transfer Service Utility (dts) writes to the
transfer device.
Answer: A
Explanation:
References:
https://blogs.oracle.com/cloud-infrastructure/introducing-oracle-cloud-infrastructure-data-transfer-
service
Question: 128
How can you provide users access to an existing compartment?
A. by granting users access to a compartment when the compartment is created

B. by adding users to a group and defining a policy to provide the group access to the compartment
C. by adding users to a compartment. All users in the compartment will have access to the objects in
the compartment.
D. by granting access directly to the user when the user is created
Answer: B
Explanation:
A policy is a document that specifies who can access which Oracle Cloud Infrastructure resources that
your company has, and how. A policy simply allows a group to work in certain ways with specific
types of resources in a particular compartment
In general, here’s the process an IAM administrator in your organization needs to follow:
Define users, groups, and one or more compartments to hold the cloud resources for your
organization.
Create one or more policies, each written in the policy language.
Place users into the appropriate groups depending on the compartments and resources they need to
work with.
Provide the users with the one-time passwords that they need in order to access the Console and
work with the compartments. For more information,
Question: 129
You are the Solutions Architect of a large company and are tasked with migrating all your services to
Oracle Cloud Infrastructure. As part of this, you first design a Virtual Cloud Network (VCN) with a
public subnet and a private subnet. Then in order to provide Internet connectivity to the instances in
your private subnet, you create an Oracle Linux instance in your public subnet and configure NAT on
it. However, even after adding all related security list rules and routes in the Route Table, your
private subnet instances still cannot connect to the Internet.
Which action should you perform to enable Internet connectivity?
A. Disable “Source and Destination Check” on the VNIC of your Linux instance.
B. There is no way that a private subnet can connect to the Internet.
C. Create a Dynamic Routing Gateway (DRG) and route your private IP traffic to the DRG.
D. Restart the NAT instance.
Answer: A
Explanation:
https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/managingVNICs.htm#Source/D
By default, every VNIC performs the source/destination check on its network traffic. The VNIC looks
at the source and destination listed in the header of each network packet. If the VNIC is not the
source or destination, then the packet is dropped.
If the VNIC needs to forward traffic (for example, if it needs to perform Network Address Translation
(NAT)), you must disable the source/destination check on the VNIC. For instructions, see To update
an existing VNIC. For information about the general scenario, see Using a Private IP as a Route Target.
Question: 130
When terminating a compute instance, which statement is true?
A. The instance needs to be stopped first, and then terminated.

B. The boot volume is always deleted.
C. All block volumes attached to the instance are terminated.
D. Users can preserve the boot volume associated with the instance.
Answer: D
Explanation:
You can permanently terminate (delete) instances that you no longer need. Any attached VNICs and
volumes are automatically detached when the instance terminates. Eventually, the instance's public
and private IP addresses are released and become available for other instances. By default, the
instance's boot volume is deleted when you terminate the instance, however you can preserve the
boot volume associated with the instance, so that you can attach it to a different instance as a data
volume, or use it to launch a new instance.
Question: 131
There are multiple options of migrating Oracle Databases from on-premises to Oracle Cloud
Infrastructure.
Which two characteristics do you need to consider when choosing a migration method? (Choose
two.)
A. On-premises database character set and application version

B. On-premises database version and quantity of data, including indexes
C. On-premises host operating system platform and network bandwidth
D. On-premises connectivity using remote and local VCN peering
Answer: B,C
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/migrating.htm
Some of the characteristics and factors to consider when choosing a migration method are:
On-premises database version
Database service database version
On-premises host operating system and version
On-premises database character set
Quantity of data, including indexes
Data types used in the on-premises database
Storage for data staging
Acceptable length of system outage
Network bandwidth
Question: 132
Within your tenancy you have a compute instance with a boot volume and a block volume attached.
The boot volume contains the OS and the attached block volume contains the instance’s important
dat
a. Logs on the boot volume have filled the boot volume and are causing issues with the OS.
What should you do to resolve this situation?
A. Stop the instance that is full. Create a manual backup of the block storage before making changes.
Detach the block volume, create a new instance of the same shape with a larger custom boot volume
and attach the block volume to the new instance. Configure the OS and any related application(s) to
access the block volume under the same mount point as before.
B. Create a new instance with a larger boot volume size as well a new block volume which is the
same size or larger than the one attached to the full instance. rsync the state of the boot volume and
the state of the block volume between the two instances.
C. Detach the block volume from the full instance. Create a new instance of the same shape with a
larger boot volume and rsync the state of the boot volume between the instances. Attach the block
volume to the new instance.
D. Create a manual backup of the block storage instance. Create a custom image of the full instance.
Once that completes deploy the custom image to a new instance.
Answer: A
Explanation:
https://docs.cloud.oracle.com/en-us/iaas/Content/Block/Tasks/resizingavolume.htm
Question: 133
Which two resources are available by default when your Oracle Cloud Infrastructure tenancy is
provisioned?
A. an NVMe SSD boot disk for each instance, whose size is determined by the image and shape of the
instance
B. a range of public IP addresses that are reserved for your tenancy
C. a set of images, where each image is a template of a virtual hard drive that consists of the OS and
installed software and applications
D. a variety of shapes, where each shape determines the number of CPUs and memory allocated to
an instance.
Answer: CD
Question: 134
Your company is moving an Internet-facing, 2-tier web application into Oracle Cloud Infrastructure.
The application must have a highly available architecture.
Which two design options would you consider? (Choose two.)
A. Configure a Dynamic Route Gateway in your VCN and make it highly available.
B. Configure a NAT instance in your Virtual Cloud Network (VCN). Create a route rule by using the
private IP of the NAT instance as a route target for all the private subnets in your VCN.
C. Create an Internet Gateway and attach it to your VCN. Deploy public load balancer nodes into two
Available Domains.
D. Place all web servers behind a public load balancer.
Answer: CD
Question: 135
Which two statements are true about Database Cloud Service (DBCS)? (Choose two.)
A. Data Guard as a Service is offered among regions.

B. You have full control over backup schedule and retention.
C. You can manage Oracle parameters at a global system level.
D. You cannot manage the database as sys/sysdba.
Answer: BC
Explanation:
References:
https://cloud.oracle.com/database/faq#backup
Can I set up Data Guard across Availability Domains?
Yes, you can set up Data Guard in the same or different Availability Domains in a region. However,
Oracle recommends that you set up your Data Guard configuration across Availability Domains.
Can I set up Data Guard across Oracle Cloud Infrastructure regions?
Yes, you can set up Data Guard across regions,
“but the Database Cloud Service Data Guard feature currently does not support it. ”
You can manually set up Data Guard across regions by logging on to your host and using DGMGRL.
You must enable an internet gateway on the primary and standby DB system VCN for Data Guard to
transport logs across regions. Learn more about DGMGRL.
To configure a Data Guard system across regions or between on-premises and Oracle Cloud
Infrastructure DB systems, you must access the database host directly and use the DGMGRL utility.
https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/usingdataguard.htm
Question: 136
You are an administrator with an application running on OCI. The company has a fleet of OCI
compute virtual instances behind an OCI Load Balancer. The OCI Load Balancer Backend Set health
check API is providing a ‘Critical’ level warning. You have confirmed that your application is running
healthy on the backend servers.
What is the possible reason for this ‘Critical’ warning?
A. A user does not have correct IAM credentials on the Backend Servers.
B. The Backend Server VCN’s Route Table does not include the route for OCI LB.
C. OCI Load Balancer Listener is not configured correctly.
D. The Backend Server VCN’s Security List does not include the IP range for the source of the health
check requests.
Answer: D
Explanation:
References:
“In this case, your security rules might not include the IP range for the source of the health check
requests. You can find the health check source IP on the Details page for each backend server. You
can also use the API to find the IP in the sourceIpAddress field of the HealthCheckResult object.”
https://docs.cloud.oracle.com/iaas/Content/Balance/Tasks/editinghealthcheck.htm#health-status
Question: 137
Your company has decided to move a few applications to Oracle Cloud Infrastructure and you have
been asked to design it for Disaster Recovery (DR). One of the items of your design is to deploy the
DR at least 300 miles from the home site and minimize the network latency as much as possible.
Based on that, what will be the recommended deployment?
A. Deploy applications in two separated VCNs in different Availability Domains and use VCN Remote
Peering
B. Deploy applications in different regions and have them connected using VCN Remote Peering
C. Deploy applications in two separated VCNs in different regions and use VCN Local Peering
D. Deploy applications on the same region splitting workloads across Availability Domains.
Answer: B
Question: 138
Which three methods can you use to manage Oracle Cloud Infrastructure services? (Choose three.)
A. Oracle Cloud Infrastructure Desktop Client

B. Oracle Cloud Infrastructure Console
C. SSH or RDP
D. Command-line Interface
E. REST API
Answer: BDE
Explanation:
https://docs.cloud.oracle.com/iaas/Content/GSG/Concepts/baremetalintro.htm
Question: 139
Which is a customer’s responsibility on an Oracle Cloud Infrastructure database?
A. patching the database and OS

B. creating the first default database on the DBCS server
C. creating an ASM diskgroup for data file or temp file storage
D. installing the operating system (OS), Grid Infrastructure, and database software
Answer: A
Explanation:
On autonomous there’s no patching needed. But on the regular DB Cloud services you need to patch
the DB and the OS. During the creation on the OCDB the first DB is created automatically
Oracle automatically takes care of Operating system Installation/Configuration, Grid Infrastructure,
ASM diskgroup Creation/Configuration , and database software Installation and first database on the
DB System. that's all when Creating DB Systems. and then the customer responsible to apply the
patches to the database and OS
Question: 140
Which three are default Virtual Cloud Network (VCN) components? (Choose three.)
A. Security List
B. Dynamic Routing Gateway
C. DHCP options
D. Internet Gateway
E. Route Table
Answer: A,C,E
Explanation:
References:
(1) => Populated by Default
(0) => Not Populated by Default
Resources
==========
Subnets (0)
Route Tables (1)
Internet Gateways (0)
Dynamic Routing Gateways (0)
Network Security Groups (0)
Security Lists (1)
DHCP Options (1)
Local Peering Gateways (0)
NAT Gateways (0)
Service Gateways (0)
Question: 141
Which option lists Virtual Cloud Networks (VCNs) that can be peered?
A. VCN A (172.16.0.0/24) and VCN B (172.16.0.0/28)

B. VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16)
C. VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25)
D. VCN A (10.0.0.0/16) and VCN B (10.0.16.0/24)
Answer: B
Question: 142
Which two statements are true about an Oracle Cloud Infrastructure Virtual Cloud Network (VCN)?
(Choose two.)
A. A VCN can reside in multiple Oracle Cloud Infrastructure regions and Availability Domains.
B. A VCN covers a single contiguous IPv4 CIDR block of your choice.
C. An allowable VCN size range is: /16 to /30.
D. A VCN creates the dynamic routing gateway by default.
Answer: B,C
Explanation:
VCN resides in a single Oracle Cloud Infrastructure region and covers a single, contiguous IPv4 CIDR
block of your choice. The allowable VCN size range is /16 to /30
Question: 143
Which three actions need to be performed before attempting a data transfer service job?
A. Obtain an available host machine which can run the dts utility on-premise with SATA or USB drives
attached for the transfer job.
B. Get access to a high-speed internet connection
C. Data Transfer Service and Storage Service Limits should be checked and raised if required.
D. Set up SSH access to a host on OCI to coordinate the transfer job.
E. Create an object bucket to receive the job.
Answer: A,C,E
Question: 144
Which two statements about the Oracle File Storage Service (FSS) Security are accurate? (Choose
two.)
A. Oracle IAM controls which filesystems are mountable by which instances.

B. Security lists can be used as a virtual firewall to prevent an instance from mounting an FSS mount
target within a subnet.
C. Encryption of file storage in FSS is optional.
D. Data in transit to an FSS mount target is encrypted.
E. FSS leverages UNIX user group and permission checking for file access security.
Answer: DE
Explanation:
All data is encrypted at rest. and In-transit encryption provides a way to secure your data between
instances and mounted file systems using TLS v. 1.2 (Transport Layer Security) encryption.
File Storage service supports the AUTH_UNIX style of authentication and permission checking for
remote NFS client requests.
Question: 145
Which two statements are true about policies?
A. You can use read, write, manage, and inspect as verbs for defining a policy.
B. A policy is a document that specifies who can access which Oracle Cloud Infrastructure resources
that your company has, and how.
C. Users need not do anything but still have to be added to a group with appropriate policies defined.
D. You can deny access to a group via policies.
Answer: B,C
Question: 146
Which storage service is used on OCI for a Data Transfer Service job?
A. An instance with enough storage to accommodate the job

B. An object bucket
C. A File System service instance
D. Block Volume
Answer: B
Explanation:
https://docs.cloud.oracle.com/en-us/iaas/Content/DataTransfer/Concepts/overview.htm
Question: 147
You had an outage in your application caused by the loss of a shared volume provisioned by File
Storage Service (FSS). At this point, you need to restore the data from a snapshot you created of the
FSS.
What are the steps to restore the data?
A. Access the directory where the shared volume is mounted, then cd into .snapshot folder, find the
snapshot folder you want to recover and use cp or rsync tool to copy the files to the original location.
B. Open OCI Console, select File Storage Service, find the shared storage, then click on snapshot and
restore.
C. Open OCI Console, select File Storage Service, find the snapshot you created and click restore.
D. Access the directory, where you mounted the shared volume, then cd into .snapshot folder and
find the snapshot folder you want to recover and rename that folder to the original folder name.
Answer: B
Question: 148
Which two are required parameters to create a public load balancer instance? (Choose two.)
A. certificate
B. load balancer name
C. listener
D. back end set
E. two public subnets
Answer: CD
Explanation:
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/GSG/Tasks/loadbalancing.htm
Question: 149
Which two Oracle Cloud Infrastructure database services allow you to dynamically both scale CPU
and storage? (Choose two.)
A. bare metal DB system

B. virtual machine DB system
C. Autonomous Data Warehouse (ADW)
D. Autonomous Transaction Processing (ATP)
Answer: CD
Explanation:
If a bare metal DB system requires more compute node processing power, you can scale up (increase)
the number of enabled CPU cores in the system without impacting the availability of that system but
you can't increase the storage
If the original DB system VM shape uses a single node, running databases on the DB system nodes
are sequentially stopped and then restarted on the new shape so not dynamic
Question: 150
You want an Oracle Cloud Infrastructure (OCI) compute instance in your compartment to make API
calls to other services within OCI without storing credentials in a configuration file.
What do you need to do?
A. Create a dynamic group with appropriate matching rules to include the instance, and reference
this group in your IAM policy statement
B. Instances cannot access services outside their compartment
C. VM instances are treated as users. Create a user, assign the user to that VM instance, and
reference the instance in your Identity and Access Management (IAM) policy statement
D. By default, all VM instances are created with an instance principal. Reference this instance
principal in your IAM policy statement
Answer: A
Question: 151
What is a valid option when exporting a custom image?
A. object storage URL

B. archive storage URL
C. file storage service
D. block volume
Answer: A
Explanation:
You can use the Console or API to export images, and the exported images are stored in the Oracle
Cloud Infrastructure Object Storage service. To perform an image export, you need write access to
the Object Storage bucket for the image.
Question: 152
Your organization has deployed a large, complex application across multiple compute instances in
Oracle Cloud Infrastructure (OCI). These compute instances also have block volume storage attached
to them. You want to create a time consistent backup of these block volume storage.
Which implementation strategy should be used?
A. Create a manual backup of each volume

B. Use scripts available in OCI to backup block volume storage
C. Group volumes in a volume group first and then use available scripts in OCI
D. Group volumes in a volume group and create a manual backup of the volume group
Answer: D
Explanation:
The Oracle Cloud Infrastructure Block Volume service provides you with the capability to group
together multiple volumes in a volume group. A volume group can include both types of volumes,
boot volumes, which are the system disks for your Compute instances, and block volumes for your
data storage. You can use volume groups to create volume group backups and clones that are point-
in-time and crash-consistent.
This simplifies the process to create time-consistent backups of running enterprise applications that
span multiple storage volumes across multiple instances. You can then restore an entire group of
volumes from a volume group backup.
To create a backup of the volume group
Open the navigation menu. Under Core Infrastructure, go to Block Storage and click Volumes Groups.
In the Volume Groups list, click Create Volume Group Backup in the Actions menu for the volume
group you want to create a backup for.
Question: 153
Where are DB Systems backups stored by default?
A. ASM disk group

B. locally attached NVMe on virtual machine
C. block volume
D. object storage on Oracle Cloud Infrastructure
Answer: D
Question: 154
You have an Oracle Cloud Infrastructure (OCI) load balancer distributing traffic via an evenly-
weighted round robin policy to your backend web servers. You notice that one of your web servers is
receiving more traffic than other web servers.
How can you resolve this imbalance?
A. Check security lists and route tables of your virtual cloud network (VCN) and fix any issues
associated with the rules
B. Create separate listeners for each backend web server
C. Delete and re-create your OCI load balancer
D. Disable session persistence on your backend set
Answer: D
Explanation:
Session persistence is a method to direct all requests originating from a single logical client to a
single backend web server. Backend servers that use caching to improve performance, or to enable
log-in sessions or shopping carts, can benefit from session persistence
Question: 155
You have provisioned an Autonomous Data Warehouse (ADW) database with 16 enabled OCPUs and
need to configure the consumer group for your application.
Which two are true when deciding the number of sessions for each application? (Choose two.)
A. The MEDIUM and LOW consumer group can run up to 16 concurrent SQL statements if HIGH
consumer group has 0 SQL statements
B. The HIGH consumer group can run up to 16 concurrent SQL statements as long as MEDIUM and
LOW consumer groups have 0 SQL statements
C. The MEDIUM consumer group can run 20 concurrent SQL statements when HIGH consumer group
has 0 SQL statements
D. The HIGH consumer group can run up to 16 concurrent SQL statements in addition to 32
concurrent SQL statements in MEDIUM and LOW consumer group each

E. The HIGH consumer group can run 3 concurrent SQL statements when MEDIUM consumer group
has 0 SQL statements
Answer: C,E
Explanation:
References:
https://docs.oracle.com/en/cloud/paas/autonomous-data-warehouse-cloud/user/connect-
predefined.html#GUID-9747539B-FD46-44F1-8FF8-F5AC650F15BE
Question: 156
You are implementing Oracle Cloud Infrastructure (OCI) FastConnect to access OCI public access
points (e.g. – object storage). You want other Internet traffic from your on-premises environment to
use your existing connection with your ISP.
What is the correct way to establish OCI FastConnect to access these OCI public endpoints?
A. Configure private peering on your FastConnect link. Redistribute BGP routes learned into your
existing routing table and advertise a default from your network infrastructure to OCI.
B. Configure private peering on your FastConnect link with a static route that points to OCI object
storage service.
C. Configure public peering on your FastConnect link with a static route that points to OCI object
storage service.
D. Configure public peering on your FastConnect link. Redistribute BGP routes learned into your
existing routing table and advertise a specific route for your network infrastructure to OCI.
Answer: D
Explanation:
https://www.oracle.com/a/ocom/docs/connectivity-fast-connect-200.pdf
Question: 157
You deployed a web server in Oracle Cloud Infrastructure using an ephemeral public IP. After a few
changes in your web server configuration, you rebooted the server and a new public IP was
associated to your instance.
What should you do to prevent this from happening again?
A. Create a reserved public IP and associate it with the security list that your complete instance is
using
B. Create a reserved public IP and associate it with the subnet of your compute instance
C. Create a reserved public IP and associate it with the VNIC of your compute instance
D. Create a reserved public IP and associate it with the hosts file of your web server
Answer: C
Explanation:
A public IP address is an IPv4 address that is reachable from the internet. If a resource in your
tenancy needs to be directly reachable from the internet, it must have a public IP address.
Depending on the type of resource, there might be other requirements.
There are two types of public IPs:
Ephemeral: Think of it as temporary and existing for the lifetime of the instance.
Reserved: Think of it as persistent and existing beyond the lifetime of the instance it's assigned to.
You can unassign it and then reassign it to another instance whenever you like. Exception: reserved
public IPs on public load balancers.
To create a new reserved public IP in your pool
Confirm you're viewing the region and compartment where you want to create the reserved public
IP.
Open the navigation menu. Under Core Infrastructure, go to Networking and click Public IPs.
Click Create Reserved Public IP.
Enter the following:
Name: An optional friendly name for the reserved public IP. The name doesn't have to be unique,
and you can change it later. Avoid entering confidential information.
Compartment: Leave as is.
Tags:Optionally, you can apply tags. If you have permissions to create a resource, you also have
permissions to apply free-form tags to that resource. To apply a defined tag, you must have
permissions to use the tag namespace. For more information about tagging, see Resource Tags. If
you are not sure if you should apply tags, skip this option (you can apply tags later) or ask your
administrator.
Click Create Reserved Public IP.
To assign a reserved public IP to a private IP
Prerequisite: The private IP must not have an ephemeral or reserved public IP already assigned to it.
If it does, first delete the ephemeral public IP, or unassign the reserved public IP.
Confirm you're viewing the compartment that contains the instance with the private IP you're
interested in.
Open the navigation menu. Under Core Infrastructure, go to Compute and click Instances.
Click the instance to view its details.
Under Resources, click Attached VNICs.
The primary VNIC and any secondary VNICs attached to the instance are displayed.
Click the VNIC you're interested in.
Under Resources, click IP Addresses.
The VNIC's primary private IP and any secondary private IPs are displayed.
For the private IP you're interested in, click the Actions icon (three dots), and then click Edit.
In the Public IP Address section, for Public IP Type, select the radio button for Reserved Public IP.
Enter the following:
Compartment: The compartment that contains the reserved public IP you want to assign.
Reserved Public IP: The reserved public IP you want to assign. You have three choices:
Create a new reserved public IP. You may optionally provide a friendly name for it. The name doesn't
have to be unique, and you can change it later. Avoid entering confidential information.
Assign a reserved public IP that is currently unassigned.
Move a reserved public IP from another private IP.
Click Update.
Question: 158
You currently manage an e-commerce application that utilizes 25 identical compute resources to
handle customer traffic. The stakeholders have asked you to create another 25 identical compute
resources in order to deploy and test a new version of the software?
What is the most efficient process to create 25 additional compute resources that are identical to the
first 25?
A. Create a custom image from 1 of the 25 servers. Use this custom image to provision 25 more
servers
B. Create a manual backup of each boot volume belonging to the 25 servers. Restore each backup to
create 25 new boot volumes, from which you will provision 25 more servers
C. Provision a new server and configure it to be identical to the first 25. Create a custom image from
the new server, then use the custom image to provision 24 more servers
D. Clone the boot volume of 1 of the 25 servers. Use the boot volume clone to provision 25 more
servers
Answer: A
Question: 159
Which two statements are true about restoring a block volume from a manual or policy-based block
volume backup? (Choose two.)
A. It can be restored as new volumes with different sizes from the backups
B. It can be restored as a new volume to any AD across different regions
C. It must be restored as a new volume to the same availability domain (AD) on which the original
block volume backup resides
D. It can be restored as a new volume to any AD in the same region
Answer: A,D
Explanation:
A – Backups are encrypted and stored in Oracle Cloud Infrastructure Object Storage, and can be
restored as new volumes to any availability domain within the same region they are stored.
D- You can restore a block volume backup to a larger volume size. To do this, check Custom Block
Volume Size (GB), and then specify the new size. You can only increase the size of the volume, you
cannot decrease the size.
Question: 160
You are about to deploy an e-business application on Oracle Cloud Infrastructure and one of the
requirements is to use a shared file system that supports the NFS protocol.
Which storage service would meet this requirement?
A. object storage
B. block volume
C. data transfer appliance
D. file storage
Answer: D
Explanation:
Use the File Storage service when your application or workload includes big data and analytics,
media processing, or content management, and you require Portable Operating System Interface
(POSIX)-compliant file system access semantics and concurrently accessible storage. The File Storage
service is designed to meet the needs of applications and users that need an enterprise file system
across a wide range of use cases, including the following:
General Purpose File Storage: Access to an unlimited pool of file systems to manage growth of
structured and unstructured data.
Big Data and Analytics: Run analytic workloads and use shared file systems to store persistent data.
Lift and Shift of Enterprise Applications: Migrate existing Oracle applications that need NFS storage,
such as Oracle E-Business Suite and PeopleSoft.
Databases and Transactional Applications: Run test and development workloads with Oracle, MySQL,
or other databases.
Backups, Business Continuity, and Disaster Recovery: Host a secondary copy of relevant file systems
from on premises to the cloud for backup and disaster recovery purposes.
MicroServices and Docker: Deliver stateful persistence for containers. Easily scale as your container-
based environments grow.
Question: 161
You are deploying a highly available web application in Oracle Cloud Infrastructure and have decided
to use a public load balancer. The back-end web servers will be distributed across all three availability
domains (ADs).
How many subnets should you create to deliver a secure highly available application?
A. three subnets in total; one subnet in each AD

B. five subnets in total; two subnets each in the first and second AD with a single subnet in the third
AD
C. six subnets in total; two subnets in each AD; one for the load balancer and one for the web servers
D. four subnets in total; one subnet in each AD for the web servers and a single subnet in any one AD
for the load balancer
Answer: C
Question: 162
You have just created an Autonomous Data Warehouse (ADW) and you want to connect to the ADW
using SQL Developer.
What three items are needed to connect to the ADW using SQL Developer? (Choose three.)
A. the keystore password

B. a security list with an ingress rule for TCP port 1521
C. the client credentials file
D. the public IP address of the ADW server
E. the admin password
Answer: A,C,E
Explanation:
https://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/adwc/OBE_Provisioning_Auto
nomous_Data_Warehouse_Cloud_bak/provisioning_autonomous_data_warehouse_cloud.html
Question: 163
You are planning to deploy a multi-region web application in Oracle Cloud Infrastructure (OCI). You
have customers in North America, Asia and Europe who will access the application.
What service is available in OCI to help you choose the regions the lowest latency to these markets?
A. Internet Intelligence
B. FastConnect
C. IPsec VPN
D. DNS Zone Management
Answer: A
Question: 164
Which two options are valid for loading data directly into Autonomous Data Warehouse (ADW)?
(Choose two.)
A. Data Integrator
B. Data Pump
C. Data Transfer Service
D. SQL *Loader
Answer: B,D
Explanation:
References:
Question: 165
Where do you find the tnsnames.ora for your Autonomous Data Warehouse (ADW) database?
A. You can download tnsnames.ora from Oracle Cloud Infrastructure web console under ADW details
page
B. The tnsnames.ora file is included in credentials.zip file that you download from service console of
ADW
C. The ADW database will place the tnsnames.ora file in an object storage bucket
D. You are automatically prompted to download the tnsnames.ora file upon creation of the ADW
database
Answer: B
Explanation:
https://docs.oracle.com/en/cloud/paas/autonomous-data-warehouse-cloud/user/connect-
intorduction.html#GUID-CD4C10A6-1C1E-4969-8F67-1433B6CE626A
To download client credentials from the Autonomous Transaction Processing Service Console:
- From the Service Console click the Administration link.
- Click Download Client Credentials (Wallet).
- On the Download Client Credentials (Wallet) page, enter a wallet password in the Password field
and confirm the password in the Confirm Password field. The password must be at least 8 characters
long and must include at least 1 letter and either 1 numeric character or 1 special character. This
password protects the downloaded Client Credentials wallet.
- Click Download to save the client security credentials zip file. By default the filename is:
Wallet_databasename.zip. You can save this file as any filename you want. You must protect this file
to prevent unauthorized database access.
The zip file includes the following:
tnsnames.ora and sqlnet.ora: Network configuration files storing connect descriptors and SQL*Net
client side configuration.
cwallet.sso and ewallet.p12: Auto-open SSO wallet and PKCS12 file. PKCS12 file is protected by the
wallet password provided in the UI.
keystore.jks and truststore.jks: Java keystore and truststore files. They are protected by the wallet
password provided while downloading the wallet.
ojdbc.properties: Contains the wallet related connection property required for JDBC connection. This
should be in the same path as tnsnames.ora.
Question: 166
A customer has established an Oracle Cloud Infrastructure (OCI) FastConnect connection to OCI. The
virtual circuit is up and routes are being advertised from the customer’s end, however the customer
is unable to ping from compute instances inside the virtual cloud network (VCN) to servers residing
in its on-premises data center.

Which two options on OCI would remedy this situation? (Choose two.)
A. Modify the route table associated with the VCN subnet in which the instance resides. Add a route
to the customer’s on-premises network via the Dynamic Routing Gateway (DRG).
B. Modify the security list associated with the VCN subnet in which the instance resides. Add a
stateful egress rule to allow ICMP traffic to the customer’s on-premises network.
C. Modify the security list associated with the VCN subnet in which the instance resides. Add a
stateful ingress rule to allow ICMP traffic from anywhere.
D. Modify the default VCN route table to add a route back to the customer’s on-premises network via
the DRG.
Answer: AB
Question: 167
Which service would you use if your big data workload required shared access and NFS-based
connectivity?
A. block volume
B. archive storage
C. object storage
D. file storage
Answer: D
Question: 168
Your company is developing a new database application in Oracle Cloud Infrastructure. You need to
test application functionality including a hardware failure scenario. Since the application is still in the
development phase, you want to minimize infrastructure costs.
Which database service deployment option meets this requirement?
A. two node real application cluster (RAC) system

B. Autonomous Data Warehouse (ADW) system as it provides auto fail over functionality
C. two node bare metal system with data guard enabled
D. single node bare metal system
Answer: A
Question: 169
Your on-premises hosted application uses Oracle database server. Your database administrator must
have access to the database server for managing the application. Your database server is sized for
seasonal peak workloads, which results in high licensing costs. You want to move your application to
Oracle Cloud Infrastructure (OCI) to take advantage of CPU scaling options.
Which database offering on OCI would you select?
A. bare metal DB systems

B. VM DB systems
C. Autonomous Transactions Processing (ATP)
D. Autonomous Data Warehouse (ADW)
Answer: A
Explanation:
- In, Oracle Autonomous Database, Customers are not given OS logons or SYSDBA privileges to
prevent phishing attacking.
- If a bare metal DB system requires more compute node processing power, you can scale up
(increase) the number of enabled CPU cores in the system without impacting the availability of that
system.
You cannot change the number of CPU cores for a virtual machine DB system in the same way as
metal DB system. Instead, you must change the shape to one with a different number of OCPUs
Changing the shape does not impact the amount of storage available to the DB system. However, the
new shape can have different memory and network bandwidth characteristics, and you might need
to reapply any customizations to these aspects after the change.
Question: 170
You have an application running on Oracle Cloud Infrastructure. You identified that the read and
write operations are slowing your application down enough to impair user access. The application is
currently using a VM.Standard 1.2 compute without any block storage attached to it.
Which two options allow you to increase disk performance? (Choose two.)
using a VM Dense IO shape using the boot volume preserved.
using a VM Standard shape and attach a new block volume to host your application.
C. Create a backup of the boot volume. Create a new compute instance using a VM Dense IO shape
and restore the backup.
D. Terminate the compute instance and create a backup of the boot volume. Create a new compute
instance using a VM Dense IO shape and restore the backup.
Answer: A,B
Explanation:
You can permanently terminate (delete) instances that you no longer need.By default, the instance's
boot volume is deleted when you terminate the instance, however you can preserve the boot
volume associated with the instance, so that you can attach it to a different instance as a data
You can use a boot volume backup to create an instance or you can attach it to another instance as a
data volume. However before you can use a boot volume backup, you need to restore it to a boot
volume.
Question: 171
You have an application deployed in Oracle Cloud Infrastructure running only in the Phoenix region.
You were asked to create a disaster recovery (DR) plan that will protect against the loss of critical dat
a. The DR site must be at least 500 miles from your primary site and data transfer between the two
sites must not traverse the public Internet.
Which is the recommended disaster recovery plan?
A. Create a new virtual cloud network (VCN) in the Phoenix region and create a subnet in one
availability domain (AD) that is not currently being used by your production systems. Establish VCN
peering between the production and DR sites.
B. Create a DR environment in Ashburn. Associate a DRG with the VCN in each region and create a
remote peering connection between the two VCNs.
C. Create a DR environment in Ashburn and provision a FastConnect virtual circuit using DRG
between the regions.
D. Create a DR environment in Ashburn. Associate a dynamic routing gateway (DRG) with the VCN in
each region and configure an IPsec VPN connection between the two regions.
Answer: B
Explanation:
Remote VCN peering is the process of connecting two VCNs in different regions (but the
same tenancy ). The peering allows the VCNs' resources to communicate using private IP addresses
without routing the traffic over the internet or through your on-premises network. Without peering,
a given VCN would need an internet gateway and public IP addresses for the instances that need to
communicate with another VCN in a different region.
At a high level, the Networking service components required for a remote peering include:
- Two VCNs with non-overlapping CIDRs, in different regions that support remote peering. The VCNs
must be in the same tenancy.
- A dynamic routing gateway (DRG) attached to each VCN in the peering relationship. Your VCN
already has a DRG if you're using an IPSec VPN or an Oracle Cloud Infrastructure FastConnect private
virtual circuit.
A remote peering connection (RPC) on each DRG in the peering relationship.
A connection between those two RPCs.
Supporting route rules to enable traffic to flow over the connection, and only to and from select
subnets in the respective VCNs (if desired).
Supporting security rules to control the types of traffic allowed to and from the instances in the
subnets that need to communicate with the other VCN.
Question: 172
Which two statements about file storage service (FSS) are accurate? (Choose two.)
A. FSS leverages UNIX user group and permission checking for file access security
B. Encryption of file system in FSS is optional
C. Identity and Access Management (IAM) controls which file systems are mountable by which
instances
D. Security lists can be used as a virtual firewall to prevent an instance from mounting an FSS mount
target within the same subnet
E. Data in transit to an FSS mount target is encrypted
Answer: A,E
Explanation:
All data is encrypted at rest. and In-transit encryption provides a way to secure your data between
instances and mounted file systems using TLS v. 1.2 (Transport Layer Security) encryption.
File Storage service supports the AUTH_UNIX style of authentication and permission checking for
remote NFS client requests.
Question: 173
You are designing a two-tier web application in Oracle Cloud Infrastructure (OCI). Your clients want to
access the web servers from anywhere, but want to prevent access to the database servers from the
Internet.
Which is the recommended way to design the network architecture?
A. Create public subnets for web servers and private subnets for database servers in your virtual
cloud network (VCN), and associate separate internet gateways for each subnet.
B. Create public subnets for web servers and associate a dynamic routing gateway with that subnet,
and a private subnet for database servers with no association to dynamic gateway.
C. Create public subnets for web servers and private subnets for database servers in your VCN, and
associate separate security lists and route tables for each subnet.
D. Create a single public subnet for your web servers and database servers, and associate only your
web servers to internet gateway.
Answer: C
Explanation:
When you create a subnet, by default it's considered public, which means instances in that subnet
are allowed to have public IP addresses. Whoever launches the instance chooses whether it will have
a public IP address. You can override that behavior when creating the subnet and request that it be
private, which means instances launched in the subnet are prohibited from having public IP
addresses. Network administrators can therefore ensure that instances in the subnet have no
internet access, even if the VCN has a working internet gateway, and security rules and firewall rules
allow the traffic.
There are two optional gateways (virtual routers) that you can add to your VCN depending on the
type of internet access you need:
Internet gateway: For resources with public IP addresses that need to be reached from the internet
(example: a web server) or need to initiate connections to the internet.
NAT gateway: For resources without public IP addresses that need to initiate connections to the
internet (example: for software updates) but need to be protected from inbound connections from
the internet.
Just having an internet gateway alone does not expose the instances in the VCN's subnets directly to
the internet. The following requirements must also be met:
The internet gateway must be enabled (by default, the internet gateway is enabled upon creation).
The subnet must be public.
The subnet must have a route rule that directs traffic to the internet gateway.
The subnet must have security list rules that allow the traffic (and each instance's firewall must allow
the traffic).
The instance must have a public IP address.
Question: 174
Which two statements are true about an Oracle Cloud Infrastructure object storage bucket? (Choose
two.)
A. You can associate a bucket with multiple compartments

B. You cannot change a bucket from private to public after it is created
C. You can associate a bucket with only a single compartment
D. You cannot edit or append data to an object, but you can replace the entire object
Answer: C,D
Explanation:
A bucket is associated with a single compartment.
You can't edit or append data to an object, but you can replace the entire object.
Question: 175
You are designing a high bandwidth, redundant connection between your data center and Oracle
Cloud Infrastructure (OCI). While researching for OCI FastConnect locations, you notice that you are
co-located with Oracle at one of the Oracle FastConnect locations in the Ashburn region.
What is the recommended design in this scenario?
A. Create a cross-connect group and have two or more cross-connects in that group. Create an IPsec
VPN connection on this group.
B. Setup two IPsec connections between your data center and OCI Ashburn region. Create a OCI load
balancer to distribute the traffic across the two connections.
C. Create a cross-connect group and have at least two or more cross-connects in that group. Create at
least two or more virtual circuits in the group.
D. Create a cross-connect group and have at least one cross-connect in that group. Create at least
one virtual circuit in the group.
Answer: C
Explanation:
You could have multiple private virtual circuits, for example, to isolate traffic from different parts of
your organization (one virtual circuit for 10.0.1.0/24; another for 172.16.0.0/16), or to provide
redundancy.
Question: 176
As the Cloud Architect for your company, you have been tasked with designing a high performance
(HPC) cluster in Oracle Cloud Infrastructure (OCI). The following requirements have been defined:
The cluster must be a minimum of three nodes, but may increase to six nodes when demand
requires.
The cluster must be resilient to any potential infrastructure failures.
To minimize latency, all nodes must be deployed within the same availability domain (AD).
Adding or replacing nodes within the cluster should take no more than 30 minutes.
Which two steps should be performed to satisfy these requirements in OCI? (Choose two.)
A. Deploy the cluster in a single AD with a shared file system that leverages the file storage service
(FSS). Deploy a standby cluster in another AD and configure it to use the same shared file system.
B. Deploy the cluster in a single AD. Place each of the nodes in one of the three different fault
domains in that AD.
C. Create a backup of your HPC node compute instance boot volume. Launch new compute instances
directly from the backup reduce provisioning time.
D. Create a custom image of your HPC node compute instance. Launch new compute instances using
this image to reduce provisioning time.
E. Deploy the cluster in a single AD. Place each of the nodes in a different virtual cloud network (VCN)
subnet.
Answer: BD
Explanation:
A fault domain is a grouping of hardware and infrastructure within an availability domain. Each
availability domain contains three fault domains. Fault domains provide anti-affinity: they let you
distribute your instances so that the instances are not on the same physical hardware within a single
availability domain. A hardware failure or Compute hardware maintenance event that affects one
fault domain does not affect instances in other fault domains. In addition, the physical hardware in a
fault domain has independent and redundant power supplies, which prevents a failure in the power
supply hardware within one fault domain from affecting other fault domains.
To control the placement of your compute instances, bare metal DB system instances, or virtual
machine DB system instances, you can optionally specify the fault domain for a new instance or
instance pool at launch time. If you don't specify the fault domain, the system selects one for you.
Oracle Cloud Infrastructure makes a best-effort anti-affinity placement across different fault domains,
while optimizing for available capacity in the availability domain. To change the fault domain for an
instance, terminate it and launch a new instance in the preferred fault domain.
Use fault domains to do the following things:
Protect against unexpected hardware failures or power supply failures.
Protect against planned outages because of Compute hardware maintenance.
Question: 177
Which statement is true about Oracle Cloud Infrastructure FastConnect?
A. For private peering, FastConnect extends your existing infrastructure to allow you to consume
object storage from your on-premises data center
B. For private peering, FastConnect extends your existing infrastructure to a virtual cloud network
C. The FastConnect provider network offers only 1 Gbps port connection speed increments
D. For public peering, a dynamic routing gateway must be configured and attached to the virtual
cloud network (VCN)
Answer: B
Explanation:
With FastConnect, you can choose to use private peering, public peering, or both.
Private peering: To extend your existing infrastructure into a virtual cloud network (VCN) in Oracle
Cloud Infrastructure (for example, to implement a hybrid cloud, or a lift and shift scenario).
Communication across the connection is with IPv4 private addresses (typically RFC 1918).
Public peering: To access public services in Oracle Cloud Infrastructure without using the internet. For
example, Object Storage, the Oracle Cloud Infrastructure Console and APIs, or public load balancers
in your VCN. Communication across the connection is with IPv4 public IP addresses. Without
FastConnect, the traffic destined for public IP addresses would be routed over the internet.
Question: 178
What is true about data guard set up with fast-start failover (FSFO) in Oracle Cloud Infrastructure
(OCI)?
A. The best practice for high availability and durability is to run the primary, standby, and observer in
separate availability domains (ADs).
B. When you configure data guard using OCI console, the default mode is set to maxprotection.
C. You cannot create the standby DB system in a different AD from the primary DB system.
D. You cannot use database command line interface (CLI) to set up data guard with FSFO.
Answer: A
Explanation:
References:
The best practice for high availability and durability is to run the primary, standby, and observer in
separate availability domains. The observer determines whether or not to failover to a specific target
standby database
https://docs.cloud.oracle.com/en-
us/iaas/Content/Database/Tasks/usingDG.htm#ConfiguringObserverOptional
Question: 179
Which two choices are true for Autonomous Data Warehouse (ADW)? (Choose two.)
A. Billing stops only when the ADW is terminated

B. Billing stops for both CPU usage and storage usage when ADW is stopped
C. Billing for compute stops when ADW is stopped
D. Billing for storage continues when ADW is stopped
Answer: C,D
Explanation:
When Autonomous Databas instance is stopped,
CPU billing is halted based on full-hour cycles of usage
Billing for storage continues as long as the service instance exists.
and When Autonomous Database instance is started, the CPU billing is initiated
Question: 180
A company currently uses Microsoft Active Directory as its identity provider. The company recently
purchased Oracle Cloud Infrastructure (OCI) to leverage the cloud platform for its test and
development operations. As the administrator, you are now tasked with giving access only to
developers so that they can start creating resources in their OCI accounts.
Which step will you perform to achieve this requirement?
A. Create a group for developers on OCI and map the group to a similar group in Microsoft Active
Directory during the federation process.
B. Federate all Microsoft Active Directory groups with OCI to allow users to use their existing
credentials.
C. Create a new user account for each user, and then create policies to provide access to developers.
D. Create a group for developers on OCI, export all the developers from Microsoft Active Directory,
and then import them into the Identity and Access Management (IAM) group.
Answer: A
Question: 181
Which two are a valid image source when launching a new compute instance? (Choose two.)
A. bare metal instance

B. object storage
C. custom image
D. boot volume
Answer: CD
Explanation:
https://docs.cloud.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/deploying-
custom-os-images.pdf
A template of a virtual hard drive that determines the operating system and other software for an
instance. For details about Oracle Cloud Infrastructure platform images, see Oracle-Provided Images.
You can also launch instances from:
Trusted third-party images published by Oracle partners from the Partner Image catalog. For more
information about partner images, see Overview of Marketplace and Working with Listings.
Pre-built Oracle enterprise images and solutions enabled for Oracle Cloud Infrastructure
Custom images, including bring your own image scenarios.
Boot Volumes.
Question: 182
What is the maximum number of security lists that can be associated with a subnet?
A. four
B. three
C. five
D. two
Answer: C
Explanation:
you may optionally specify one or more security lists for the subnet to use (up to five). If you don’t
specify any, the subnet uses the cloud network’s default security list. You can change which security
list the subnet uses at any time.
https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/managingVCNs.htm
Question: 183
You have an external facing web server running in the Oracle Cloud Infrastructure (OCI) London
region. You are notified that customers in North America and Australia are facing high latency while
connecting to your web server.
Which services are available on OCI that can help you get current latency statistics to your web server
from these markets?
A. Use DNS Zone Management service to check latency over that connection
B. Setup an IPsec VPN with customers in those markets and check latency over that connection
C. Use the Internet Intelligence tool. Run tests using the web server’s public IP address and review
traceroute details from different vantage points
D. Setup a FastConnect with customers in those markets and check latency over that connection
Answer: C
Explanation:
The second tool, OCI IP Troubleshooting, helps troubleshoot issues with public facing IP addresses.
This feature is also part of our Internet Intelligence toolset, providing analytical insight to help
network operations teams reduce the time it takes to troubleshoot an issue by providing awareness
of availability and latency across the Internet.
Ref: https://blogs.oracle.com/cloud-infrastructure/internet-intelligence,-now-available-in-the-
oracle-cloud-infrastructure-console
Question: 184
Which statement is true regarding Autonomous Transaction Processing (ATP)?
A. A database name cannot be used concurrently for both an Autonomous Data Warehouse (ADW)
and an ATP database
B. After terminating a database, the database name is available for immediate reuse
C. A maximum of 8 cores can be enabled for an ATP database
D. A maximum of 2 TB of storage can be enabled for an ATP database
Answer: A
Explanation:
The database name must be unique among all Autonomous Data Warehouses and Autonomous
Databases in your tenancy in the same region.
Terminating an Autonomous Transaction Processing database permanently deletes the instance and
removes all automatic backups. You cannot recover a terminated database.

the maximum number of CPUs and maximum storage capacity that can be provisioned in Oracle
Autonomous Database In the current release up to 128 CPUs and 128TB can be provisioned from the
cloud console. Customers requiring more resources need to call their Oracle account team
Question: 185
You have been tasked with creating one virtual cloud network (VCN) each for two line of business
(LOB) applications. LOB A and LOB B will need to communicate with each other. To ensure that you
can utilize VCN peering, which network CIDR ranges should be used?
A. VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16)

B. VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25)
C. VCN A (10.0.0.0/16) and VCN B (10.0.16.0/24)
D. VCN A (172.16.0.0/24) and VCN B (172.16.0.0/28)
Answer: A
Explanation:
VCN A (10.0.0.0/16) will use a range of IPS from 10.0.0.0 to 10.0.255.255 and VCN B (10.1.0.0/16)
will use a range of IPS from 10.1.0.0 to 10.1.255.255 so will not be any Overlap between 2 VCNs
Question: 186
Which two options are true for Autonomous Transaction Processing (ATP) database? (Choose two.)
A. You can add/remove Diskgroup in ATP

B. You can scale storage up or down in ATP
C. You can scale CPU up or down in ATP
D. You can add more Pluggable Database for consolidating multiple databases in ATP
E. You can add new ORACLE_HOME for bringing older versions of on-premises databases to ATP
Answer: B, C
Explanation:
You can scale up/down your Autonomous Database to scale both in terms of compute and storage
only when needed, allows people to pay per use.
Oracle allows you to scale compute and storage independently, no need to do it together. these
scaling activities fully online (no downtime required)
in Details page Autonomous Database click Scale Up/Down. Click on arrow to select a value for CPU
Core Count or Storage (TB).
Or Select auto scaling to allow the system to automatically use up to three times more CPU and IO
resources to meet workload demand, compared to the database operating with auto scaling
disabled.
Question: 187
In which two ways does Oracle Cloud Infrastructure (OCI) file storage (FSS) differ from OCI object
storage and block volume services? (Choose two.)
A. Block volume service is NVMe based, while FSS is not

B. Object storage and block volume services offer default encryption, but FSS does not
C. A file system is created within an availability domain, whereas object storage buckets exist at the
region level
D. FSS uses the network file system (NFS) protocol, whereas block volume uses iSCSI
Answer: C,D
Question: 188
Your Operations team has recently created a new, standard image that will be used to launch all new
application servers in the Finance compartment. The custom image currently exists in the Operations
compartment. You have access to manage all-resources in the Finance compartment and do not have
access to the Operations compartment.
Which two methods would make the new image available for you to use when deploying new
servers in the Finance compartment? (Choose two.)
A. Instruct the Operations team to reassign the custom image to the Finance compartment so you
can select it from a drop-down list when launching new compute resources.
B. Instruct the Operations team to export the image to an object storage bucket, create a pre-
authenticated request (PAR), and provide you with the URL. Download the custom image to your
laptop and import it as a custom image in the Finance compartment.
C. Instruct the Administrators team to grant you access to use instance-images in the Operations
compartment. Use the Oracle Cloud Identifier (OCID) of the custom image when launching new
compute resources in the Finance compartment.
D. Instruct the Operations team to export the image to an object storage bucket, create a PAR, and
provide you with the URL. Use that URL as the source when importing a custom image. Import the
custom image into the Finance compartment.
E. Instruct the Operations team to export the image to an object storage bucket. Instruct the
Administrators team to grant you access to the object storage bucket where the custom image is
stored. Use the download URL of the custom image as the image source when launching new
compute resources in the Finance compartment.
Answer: C,E
Question: 189
Which two use Oracle dynamic routing gateway (DRG) for connectivity? (Choose two.)
A. Remote virtual cloud network (VCN) peering across region

B. Oracle IPsec VPN
C. Local VCN peering
D. Oracle Cloud Infrastructure FastConnect public peering
Answer: A,B
Explanation:
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Concepts/fastconnectoverview.htm
You use a DRG when connecting your existing on-premises network to your virtual cloud network
(VCN) with one (or both) of these:
IPSec VPN
Oracle Cloud Infrastructure FastConnect
You also use a DRG when peering a VCN with a VCN in a different region:
Remote VCN Peering (Across Regions)
Question: 190
Which statement is true about Oracle Cloud Infrastructure (OCI) object storage support for server-
side encryption?
A. You must manually enable server-side encryption for each object as you upload to OCI object
storage
B. Objects are automatically encrypted as they are uploaded to object storage and decrypted upon
retrieval
C. You must manually decrypt the data when retrieving from OCI object storage
D. Only the object data is encrypted and the user-defined metadata that is associated with the object
is not encrypted
Answer: B
Explanation:
References:
https://www.oracle.com/cloud/storage/object-storage-faq.html
- Oracle Object Storage supports server-side encryption. All data stored in Oracle Object Storage is
automatically encrypted
- Encryption is automatically enabled for all data with no action required on the part of customers.
- Oracle encrypt both the object data and the user-defined metadata associated with the object.
Question: 191
Which two statements are true about data guard service on DB Systems in Oracle Cloud
Infrastructure (OCI)? (Choose two.)
Questions & Answers PDF P-90
A. Data guard implementation requires two DB Systems, one running the primary database on a
virtual machine and the standby database running on bare metal
B. Data guard configuration on the OCI is limited to one standby database per primary database
C. Data guard configuration on the OCI is limited to a virtual machine only
D. Data guard implementation requires two DB Systems, one containing the primary database and
one containing the standby database
Answer: B,D
Question: 192
Which two statements about fault domains are true? (Choose two.)
A. A fault domain is a grouping of hardware and infrastructure within an availability domain

B. Each availability domain contains three fault domains
C. A failed instance in a fault domain is automatically relaunched
D. A fault domain is selected automatically based on usage data
Answer: A,B
Explanation:
References:
A fault domain is a grouping of hardware and infrastructure within an availability domain. Each
availability domain contains three fault domains. Fault domains provide anti-affinity: they let you
distribute your instances so that the instances are not on the same physical hardware within a single
availability domain.
Question: 193
You are asked to create a user that will access programmatic endpoints in Oracle Cloud
Infrastructure. The user must not be allowed to authenticate by username and password.
Which two authentication options can you use? (Choose two.)
A. PEM Certificate file

B. Auth tokens
C. API signing key
D. Windows password
E. SSH key pair
Answer: B,C
Question: 194
Which two options are available when setting up DNS for your bare metal and virtual machine DB
Systems? (Choose two.)
A. Internet and custom resolver

B. Google DNS servers
C. custom resolver
D. Internet and virtual cloud network (VCN) resolver
Answer: C,D
Question: 195
You are designing a shared storage solution for your company in Oracle Cloud Infrastructure. The
proposed storage solution should allow users to create a hierarchical structure (similar to the
directory structure in Linux or Windows based systems). The solution should provide data encryption
and a large amount of storage space.
Which would be the best implementation strategy?
A. Use block storage. Create and attach a large block storage volume to one compute instance.
Assign a public IP to the compute instance. Store data on the block storage and access it by
connecting to the compute instance.
B. Use object storage. Create a single namespace and multiple buckets to create the hierarchical
directory structure.
C. Use object storage. Create multiple namespaces with one bucket each. Make the buckets publicly
accessible.
D. Use file storage service. Create a file system and a mount target. Share the private IP of the mount
target.
Answer: D
Question: 196
You have successfully configured identity federation between Oracle Cloud Infrastructure (OCI) and
Oracle Identity Cloud Services (IDCS). A new project manager wants access to OCI for her team and
provides the name of an existing group within IDCS to use when granting access.
How do you configure federation to allow the project team access to OCI resources?
A. Create a new IAM group in OCI and map it to the existing IDCS group. Create a new policy in IDCS
and reference the name of the IAM group.
B. Create a new Identity and Access Management (IAM) policy in OCI and reference the name of the
IDCS group in each policy statement.
C. Create a new compartment in OCI with the same name as the existing IDCS group. Create an IAM
policy that references the new compartment and the name of the IDCS group.
D. Create a new IAM group in OCI and map it to the existing IDCS group. Create a new IAM policy and
reference the name of the IAM group in each policy statement.
Answer: D
Explanation:
When working with your IdP, your administrator defines groups and assigns each user to one or more
groups according to the type of access the user needs. Oracle Cloud Infrastructure also uses the
concept of groups (in conjunction with IAM policies) to define the type of access a user has. As part
of setting up the relationship with the IdP, your administrator can map each IdP group to a similarly
defined IAM group, so that your company can re-use the IdP group definitions when authorizing user
access to Oracle Cloud Infrastructure resources. Here's a screenshot from the mapping process:
Question: 197
You must implement a backup solution for your Autonomous Data Warehouse (ADW) that will enable
you to restore data as old as one year with a recovery point objective (RPO) of 10 days.
Which database backup strategy would you select?
A. Take weekly manual backups to supplement the automated backups and preserve them for 12
months.
B. Use the automated backups.
C. Take monthly manual backups to supplement the automated backups and preserve them for 12
months.
D. Take quarterly manual backups to supplement the automated backups and preserve them for 12
months.
Answer: B
Explanation:
Oracle Cloud Infrastructure automatically backs up your Autonomous Databases and retains these
backups for 60 days. Automatic backups are weekly full backups and daily incremental backups. You
can also create manual backups to supplement your automatic backups. Manual backups are stored
in an Object Storage bucket that you create, and are retained for 60 days
The retention period for manual backups is the same as automatic backups which is 60 days. So we
cannot preserve the backup for 12 months
https://docs.oracle.com/en/cloud/paas/autonomous-data-warehouse-cloud/user/backup-
manual.html#GUID-D95E5D6A-C470-4A68-9545-CC99D937E7D1
Question: 198
You have five different company locations spread across the US. For a proof-of-concept (POC) you
need to setup secure and encrypted connectivity to your workloads running in a single virtual cloud
network (VCN) in the Oracle Cloud Infrastructure Ashburn region from all company locations.
What would meet this requirement?
A. Create five internet gateways in your VCN and have separate route table for each internet
gateway.
B. Create five virtual circuits using FastConnect for each company location and terminate those
connections on a single dynamic routing gateway (DRG). Attach that DRG to your VCN.
C. Create five IPsec connections with each company location and terminate those connections on a
single DRG. Attach that DRG to your VCN.
D. Create five IPsec VPN connections with each company location and terminate those connections
on five separate DRGs. Attach those DRGs to your VCN.
Answer: C
Explanation:
Access to Your On-Premises Network
There are two ways to connect your on-premises network to Oracle Cloud Infrastructure:
VPN Connect: Offers multiple IPSec tunnels between your existing network's edge and your VCN, by
way of a DRG that you create and attach to your VCN.
Oracle Cloud Infrastructure FastConnect: Offers a private connection between your existing network's
edge and Oracle Cloud Infrastructure. Traffic does not traverse the internet. Both private peering and
public peering are supported. That means your on-premises hosts can access private IPv4 addresses
in your VCN as well as regional public IPv4 addresses in Oracle Cloud Infrastructure (for example,
Object Storage or public load balancers in your VCN).
You can use one or both types of the preceding connections. If you use both, you can use them
simultaneously, or in a redundant configuration. These connections come to your VCN by way of a
single DRG that you create and attach to your VCN. Without that DRG attachment and a route rule for
the DRG, traffic does not flow between your VCN and on-premises network. At any time, you can
detach the DRG from your VCN but maintain all the remaining components that form the rest of the
connection. You could then reattach the DRG again, or attach it to another VCN.
Question: 199
You have provisioned an Autonomous Transaction Processing (ATP) database and logged into the ATP
service console.
What are three abilities that can be performed from this service console? (Choose three.)
A. scale up/down the CPUs

B. create ATP database users
C. reset the admin password
D. set resource management rules
E. monitor database activity and SQL queries
Answer: C,D,E
Explanation:
In ATP Service Console,
In the activity screen allows you to perform some basic monitor database activity and SQL queries
In the administration screen allows you to perform some basic administration of the service, like
reset the admin password and set resource management rules
Question: 200
You are tasked with creating a highly available clustered application on Oracle Cloud Infrastructure
consisting of three nodes. The round-trip latency between nodes must be less than 500 µs (micro-
seconds) and your cluster should be resilient to hardware failure.
What is the recommended deployment strategy?
A. Deploy the cluster nodes in a single region and deploy each node into a different AD. Select the
same fault domain in each AD to ensure consistency.
B. Deploy the cluster nodes in two separate regions and take advantage of multiple availability
domains (ADs) in each region.
C. Deploy the cluster nodes in a single region and deploy each node into a different AD.
D. Deploy the cluster nodes in a single region and deploy each node in different fault domains within
a single AD.
Answer: D
Question: 201
Which two options are available when configuring DNS resolution for your virtual cloud network?
(Choose two.)
A. Internet and custom resolver

B. Google DNS servers
C. custom resolver
D. Internet and virtual cloud network (VCN) resolver
Answer: C,D
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/launchingDB.htm
Question: 202
Which two statements are true about data guard service on DB Systems in Oracle Cloud
Infrastructure (OCI)?
A. Data guard implementation requires two DB Systems, one running the primary database on a
virtual machine and the standby database running on bare metal.
B. Data guard implementation requires two DB Systems, one containing the primary database and
one containing the standby database.
C. Data guard configuration on the OCI is limited to a virtual machine only.
D. Both DB Systems must use the same VCN, and port 1521 must be open.
Answer: B,D
Question: 203
You are running your warehouse using Autonomous Data Warehouse (ADW) service and you noticed
that a newly configured batch job is always running in serial even through nothing else is running in
the database. All your jobs are configured to run with parallelism enabled.
What could be the reason for this batch job to run in serial?
A. The batch job depends on only one table and parallelism cannot be enabled on single-table
queries.
B. The parallelism of batch job depends on the number of ADW databases involved in the query.
C. The new batch job is connected to LOW consumer group.
D. The new batch job runs on database tables that are not enable for parallel execution.
E. Parallelism on the database is controlled by the application, not the database.
Answer: C
Question: 204
Which statement is true about DB Systems?
A. Data Guard as a Service is offered between regions.

B. You cannot manage the database as sys/sysdba.
C. You have full control over the automatic backup schedule and retention periods.
D. You can manage Oracle database initialization parameters at a global level.
Answer: B,C
Question: 205
What is the maximum IP address size range that you can have in a Virtual Cloud Network?
A. /16
B. /26
C. /24
D. /8
Answer: A
Explanation:
When you create your VCN, you assign a contiguous IPv4 CIDR block of your choice. VCN sizes
ranging from /16 (65,533 IP addresses) to /30 (1 IP address) are allowed. Example: 10.0.0.0/16,
192.168.0.0/24.
Question: 206
Which two statements are true about Oracle Cloud Infrastructure (OCI) DB Systems?
A. Customers have no control over database patching.

B. The database and backups are encrypted by default.
C. Customers can consolidate multiple database homes on a single virtual machine database host.
D. Customers can manage the TDE Wallet after DB Systems is provisioned.
Answer: B, D
Explanation:
All databases created in Oracle Cloud Infrastructure are encrypted using transparent data encryption
(TDE).
Oracle Cloud Infrastructure encrypts all managed backups in the object store. Oracle uses the
Database Transparent Encryption feature by default for encrypting the backups. and the customers
can manage the TDE Wallet after DB Systems are provisioned.
Question: 207
A company currently uses Microsoft Active Directory as its identity provider. The company recently
subscribed to Oracle Cloud Infrastructure (OCI) to leverage the cloud platform for test and
development. As the administrator, you configured the OCI tenancy to be federated with Microsoft
Active Directory. Now you need to give access to developers so that they can start creating resources
in their OCI accounts.
To get Oracle Vouchers at discount contact the Admin/Owner of the telegram

group named Oracle Certification Vouchers. To join click on the link
https://t.me/OracleCertificationExams
Which step will you perform to make sure you are not duplicating user creation inside of OCI
tenancy?
A. Create a group for developers on OCI and map the group to a similar group in Microsoft Active
Directory during the federation process.
B. Create a new user account in OCI for each user, and then create policies to provide access to
developers.
C. Create a group for developers on OCI, export all the developers from Microsoft Active Directory,
and then import them into the Identity and Access Management (IAM) group.
D. Create a single user account in OCI, and then create policies to provide access to developers to
this single account.
Answer: A
Explanation:
When working with your IdP, your administrator defines groups and assigns each user to one or more
groups according to the type of access the user needs. Oracle Cloud Infrastructure also uses the
concept of groups (in conjunction with IAM policies) to define the type of access a user has. As part
of setting up the relationship with the IdP, your administrator can map each IdP group to a similarly
defined IAM group, so that your company can re-use the IdP group definitions when authorizing user
access to Oracle Cloud Infrastructure resources.
Question: 208
You have an application running on Oracle Cloud Infrastructure. You Identified that the read and
write operations are slowing your application down enough to impair user access. The application is
currently using a VM.Standard2.1 compute without any block storage attached to it.
Which two options allow you to increase disk IOPS performance?
using the VM.DenseI02.8 shape using the boot volume preserved and use the NVMe devices to host
your application.
using the VM.Standard2.2 shape using the boot volume preserved and attach a new block volume to
host your application.
C. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the VM.Standard2.2 shape using the boot volume preserved, but no block volume attached.
D. Terminate the compute instance preserving the boot volume. Create a new compute instance
using the BM.GPU2.2 shape using the boot volume preserved, but no block volume attached.
Answer: AD
Question: 209
You are an administrator with an application running in Oracle Cloud Infrastructure (OCI). The
company has a fleet of OCI compute virtual instances behind an load balancer. The load balancer
backend set health check API is providing a 'Critical' level warning. You have confirmed that your
application Is running healthy on the backend servers. What Is the possible reason for this 'Critical'
warning?
A. The load balancer listener is not configured correctly.

B. The security list associated with the subnet In which the backend server is provisioned does not
include the IP range for the source of the health check requests.
C. A user does not have correct Identity and Access Management (IAM) credentials on the backend
servers.
D. The route table associated with the subnet in which the backend server is provisioned does not
include the route for the OCI load balancer.
Answer: B
Question: 210
Which statement is true about Data Guard Implementation in DB systems?
A. Both DB systems must be in the same compartment, and they must be the same shape
B. You can define the backup window and set custom backup retention period for the automatic
database backup schedule.
D. You cannot manage Oracle database initialization parameters at a global level.
D. You cannot manage the database as sys/sysdba.
Answer: A
Explanation:
An Oracle Data Guard implementation requires two DB systems, one containing the primary
database and one containing the standby database. When you enable Oracle Data Guard for a virtual
machine DB system database, a new DB system with the standby database is created and associated
with the primary database. For a bare metal DB system, the DB system with the database that you
want to use as the standby must already exist before you enable Oracle Data Guard.
Requirement details are as follows:
- Both DB systems must be in the same compartment.
- The DB systems must be the same shape type (for example, if the shape of the primary database is
a virtual machine, then the shape of the standby database can be any other virtual machine shape).
- If your primary and standby databases are in different regions, then you must peer the virtual cloud
networks (VCNs) for each database. See Remote VCN Peering (Across Regions).
- Configure the security list ingress and egress rules for the subnets of both DB systems in the Oracle
Data Guard association to enable TCP traffic to move between the applicable ports. Ensure that the
rules you create are stateful (the default).
Question: 211
In what two ways does Oracle Cloud Infrastructure (OCI) file storage service differ from OCI object
storage and block volume services?
A. You can move object storage buckets, block volumes and file storage mount targets between
compartments.
B. File Storage uses the network file system (NFS) protocol, whereas block volume uses iSCSI.
C. Block volume service Is NVMe based, while file storage service is not.
D. File storage mount target does not provide a private IP address, while the object storage bucket
provides one.
Answer: AB
Explanation:
The mount target provides the IP address or DNS name that is used together with a unique export
path to mount the file system.
You can move mount targets from one compartment to another.
Question: 212
Which two options are necessary for achieving high availability on Oracle Cloud Infrastructure?
A. Store your database across multiple regions so that half of the data resides in one region and the
other half resides in another region.
B. Attach your block volume form Availability Domain 1 to a compute instance in Availability Domain
2 (and vice versa) so that they are highly available.
C. Configure your database to have Data Guard in another Availability Domain in Sync mode within a
region.
D. Store your database files on Object Storage so that they are available in all Availability Domains in
all regions.
E. Distribute your application servers across all Availability Domains within a region.
Answer: C, E
Explanation:
All details can find in "Best Practices for Deploying High Availability Architecture on Oracle Cloud
Infrastructure"
https://docs.cloud.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/best-practices-
deploying-ha-architecture-oci.pdf
Question: 213
The Oracle Cloud Infrastructure Block Volume service lets you expand the size of block and boot
volumes. Which three options below can you use to increase the size of your block volumes?
A. Clone an existing volume to a new, larger volume

B. You can only expand block volumes and not boot volumes
C. Expand an existing volume in place with offline resizing

D. Take a backup of your existing volume and restore from the volume backup to a larger volume
E. Expand an existing volume in place with online resizing
Answer: ACD
Explanation:
The Oracle Cloud Infrastructure Block Volume service lets you expand the size of block volumes and
boot volumes. You have three options to increase the size of your volumes:
Expand an existing volume in place with offline resizing. See Resizing a Volume Using the Console for
the steps to do this.
Restore from a volume backup to a larger volume. See Restoring a Backup to a New
Volume and Restoring a Boot Volume.
Clone an existing volume to a new, larger volume. See Cloning a Volume and Cloning a Boot Volume.
Question: 214
Which two statements are true regarding cloning a block volume?
A. You can change the block volume performance when creating a clone
B. You can clone block volumes across regions
C. You can change the block volume size when creating a clone
D. You can skip block volume encryption when creating a clone
Answer: AC
Explanation:
You can create a clone from a volume using the Block Volume service. Cloning enables you to make a
copy of an existing block volume without needing to go through the backup and restore process.
A cloned volume is a point-in-time direct disk-to-disk deep copy of the source volume, so all the data
that is in the source volume when the clone is created is copied to the clone volume.
You can only create a clone for a volume within the same region, availability domain and tenant. You
can create a clone for a volume between compartments as long as you have the required access
permissions for the operation.
during create a clone you can do the following
If you want to clone the block volume to a larger size volume, check Custom Block Volume Size
(GB) and then specify the new size. You can only increase the size of the volume, you cannot
decrease the size. If you clone the block volume to a larger size volume, you need to extend the
volume's partition. See Extending the Partition for a Block Volume for more information.
If you want to change the elastic performance setting when cloning the volume, check Custom Block
Volume Performance and select the elastic performance setting you want the volume clone to use.
See Block Volume Elastic Performance for more information. You can also change the elastic
performance setting after you have cloned the volume, see Block Volume Elastic Performance. If you
leave Custom Block Volume Performance unchecked, the cloned volume will use the same elastic
performance setting as the source volume.
Question: 215
You have deployed a compute instance (VM.Standard2.24) to run an Oracle database. With this set
up, you run into some performance issues and want to leverage an OCI Dense IO shape
(VM.DenseIO2.24), with which you get 25.6 TB local NVMe SSD. You do not want to lose the
configuration changes you made to the instance. Which of the following TWO steps ARE NOT
required to make this transition?
A. Terminate the VM.Standard2.24 instance and do not preserve the boot volume
B. Create a new instance using the VM.Dense102.24 shape using the preserved boot volume and
move the Oracle Database data to NVMe disks
C. Terminate the VM.Standard2.24 instance and preserve the boot volume
D. Create a new instance using a VM.DenseIO2.24 shape using the preserved boot volume and move
the Oracle Database data to block volumes
Answer: AD
Explanation:
You can permanently terminate (delete) instances that you no longer need. Any attached VNICs and
volumes are automatically detached when the instance terminates. Eventually, the instance's public
and private IP addresses are released and become available for other instances. By default, the
instance's boot volume is deleted when you terminate the instance, however you can preserve the
boot volume associated with the instance, so that you can attach it to a different instance as a data
Dense I/O Shapes Designed for large databases, big data workloads, and applications that require
high-performance local storage. DenseIO shapes include locally-attached NVMe-based SSDs.
so once you create the VM.DenseIO you need to moce the Database to locally-attached NVMe-based
SSDs
Question: 216
You are running several Linux based operating systems in your on .premises environment that you
want to import to OCI as custom images. You can launch your imported images as OCI compute
Virtual machines. Which two modes below can be used to launch these imported Linux VMs?
A. Native
B. Mixed
C. Paravirtualized
D. Emulated
Answer: CD
Explanation:
You can use the Console or API to import exported images from Object Storage. To import an image,
you need read access to the Object Storage object containing the image.
during the Import you can select the Launch mode:
For custom images where the image format is .oci, Oracle Cloud Infrastructure selects the applicable
launch mode based on the launch mode for the source image.
For custom images exported from Oracle Cloud Infrastructure where the image type is QCOW2,
select Native Mode.
To import other custom images select Paravirtualized Mode or Emulated Mode. For more
information, see Bring Your Own Image (BYOI).
Question: 217
Which two statements are true about Oracle Cloud Infrastructure IPSec VPN Connect?
A. Each OCI IPSec VPN consists of multiple redundant IPSec tunnels
B. OCI IPSec VPN tunnel supports only static routes to route traffic
C. OCI IPSec VPN can be configured in tunnel mode only
D. OCI IPSec VPN can be configured in trans port mode only
Answer: AC
Explanation:
VPN Connect provides a site-to-site IPSec VPN between your on-premises network and your virtual
cloud network (VCN). The IPSec protocol suite encrypts IP traffic before the packets are transferred
from the source to the destination and decrypts the traffic when it arrives.
On general, IPSec can be configured in the following modes:
Transport mode: IPSec encrypts and authenticates only the actual payload of the packet, and the
header information stays intact.
Tunnel mode (supported by Oracle): IPSec encrypts and authenticates the entire packet. After
encryption, the packet is then encapsulated to form a new IP packet that has different header
information.
Oracle Cloud Infrastructure supports only the tunnel mode for IPSec VPNs.
Each Oracle IPSec VPN consists of multiple redundant IPSec tunnels. For a given tunnel, you can use
either Border Gateway Protocol (BGP) dynamic routing or static routing to route that tunnel's traffic.
More details about routing follow.
IPSec VPN site-to-site tunnels offer the following advantages:
Public internet lines are used to transmit data, so dedicated, expensive lease lines from one site to
another aren't necessary.
The internal IP addresses of the participating networks and nodes are hidden from external users.
The entire communication between the source and destination sites is encrypted, significantly
lowering the chances of information theft.
Question: 218
Which two Oracle Cloud Infrastructure services use a Dynamic Routing Gateway?
A. OCI FastConnect Public Peering
B. Local Peering
C. OCI FastConnect Private Peering
D. Internet Gateway
E. OCI IPSec VPN Connect
Answer: CE
Explanation:
You can think of a DRG as a virtual router that provides a path for private traffic (that is, traffic that
uses private IPv4 addresses) between your VCN and networks outside the VCN's region.
You use a DRG when connecting your existing on-premises network to your virtual cloud network
(VCN) with one (or both) of these:
IPSec VPN
Oracle Cloud Infrastructure FastConnect (Private Only)
You also use a DRG when peering a VCN with a VCN in a different region:
Remote VCN Peering (Across Regions)
Question: 219
You have an instance running in a development compartment that needs to make API calls against
other OCI services, but you do not want to configure user credentials or a store a configuration file on
the instance. How can you meet this requirement?
A. Create a dynamic group with matching rules to include your instance
B. Instances can automatically make calls to other OCI services
C. Instances are secure and cannot make calls to other OCI services
D. Create a dynamic group with matching rules to include your instance and write a policy for this
dynamic group
Answer: D
Explanation:
Dynamic groups allow you to group Oracle Cloud Infrastructure computer instances as "principal"
actors (similar to user groups).
When you create a dynamic group, rather than adding members explicitly to the group, you instead
define a set of matching rules to define the group members. For example, a rule could specify that all
instances in a particular compartment are members of the dynamic group. The members can change
dynamically as instances are launched and terminated in that compartment.
A dynamic group has no permissions until you write at least one policy that gives that dynamic group
permission to either the tenancy or a compartment. When writing the policy, you can specify the
dynamic group by using either the unique name or the dynamic group's OCID. Per the preceding
note, even if you specify the dynamic group name in the policy, IAM internally uses the OCID to
determine the dynamic group.
Question: 220
You have the following compartment structure in your tenancy. Root compartment->Training-
>Training-subl ->Training-sub2 You create a policy in the root compartment to allow the default
admin for the account (Administrators) to manage block volumes in compartment Training-sub2.
What policy would you write to meet this requirement?
A. Allow group Administrators to manage volume-family in root compartment
B. Allow group Administrators to manage volume-family in compartment Training-sub1 :Training-

sub2
C. Allow group Administrators to manage volume-family in compartment Training: Training-sub 1

:Training-sub2
D. Allow group Administrators to manage volume-family in compartment Training-sub2
Answer: C
Explanation:
a policy statement must specify the compartment for which access is being granted (or the tenancy).
Where you create the policy determines who can update the policy. If you attach the policy to the
compartment or its parent, you can simply specify the compartment name. If you attach the policy
further up the hierarchy, you must specify the path. The format of the path is each compartment
name (or OCID) in the path, separated by a colon:

<compartment_level_1>:<compartment_level_2>: . . . <compartment_level_n>
For example, assume you have a three-level compartment hierarchy, shown here:
You want to create a policy to allow NetworkAdmins to manage VCNs in CompartmentC. If you want
to attach this policy to CompartmentC or to its parent, CompartmentB, write this policy statement:
Allow group NewtworkAdmins to manage virtual-network-family in compartment CompartmentC
However, if you want to attach this policy to CompartmentA (so that only administrators of
CompartmentA can modify it), write this policy statement that specifies the path:
Allow group NewtworkAdmins to manage virtual-network-family in compartment
CompartmentB:CompartmentC
To attach this policy to the tenancy, write this policy statement that specifies the path from
CompartmentA to CompartmentC:
Allow group NewtworkAdmins to manage virtual-network-family in compartment
CompartmentA:CompartmentB:CompartmentC
Question: 221
You have created a new compartment called Production to host some production apps. You have also
created users in your tenancy and added them to a Group called "production group". Your users are
still unable to access the Production compartment. How can you resolve this situation?
A. Every compartment you create comes with a predefined set of policies, so no further action is
needed
B. Your users get automatic access to all compartments, so no further action is needed
C. Write an IAM Policy for each specific user granting them access to the production compartment
D. Write an IAM Policy for "production_group" granting it access to the production compartment
Answer: D
Explanation:
When creating a compartment, you must provide a name for it (maximum 100 characters, including
letters, numbers, periods, hyphens, and underscores) that is unique within its parent compartment.
You must also provide a description, which is a non-unique, changeable description for the
compartment, from 1 through 400 characters.
After creating a compartment, you need to write at least one policy for it, otherwise no one can
access it (except administrators or users who have permissions set at the tenancy level). When
creating a compartment inside another compartment, the compartment inherits access permissions
from compartments higher up its hierarchy.
When you create an access policy, you need to specify which compartment to attach it to. This
controls who can later modify or delete the policy. Depending on how you've designed your
compartment hierarchy, you might attach it to the tenancy, a parent, or to the specific compartment
itself.
Question: 222
You have two line of business operations (LOB1, LOB2) leveraging Oracle Cloud Infrastructure. LOB1
is deployed in VCN1 in the OCI US East region, while LOB2 is deployed in VCN2 in the US West region.
You need to peer VCN1 and VCN2 for disaster recovery and data backup purposes. To ensure you can
utilize the OCI Virtual Cloud Network remote peering feature, which CIDR ranges should be used?
A. VCN1 (10.0.0.0/16) and VCN2 (10.0.1.0/24)
B. VCN1 (10.0.0.0/16) and VCN2 (172.16.0.0/16)

C. VCN1 (172.16.1.0/24) and VCN2 (172.16.1.0/27)
D. VCN1 (192.168.0.0/16) and VCN2 (192.168.1.0/27)
Answer: B
Explanation:
VCN1 (10.0.0.0/16) will use the IP Range from 10.0.0.0 to 10.0.255.255 and the VNC 2
(172.16.0.0/16) will use the IP Range from 172.16.0.0 to 172.16.255.255 the will not be overlap
between the 2 VCN
Question: 223
You have launched a compute instance running Oracle database in a private subnet in the Oracle
Cloud Infrastructure US East region. You have also created a Service Gateway to back up the data files
to OCI Object Storage in the same region. You have modified the security list associated with the
private subnet to allow traffic to the Service Gateway, but your instance still cannot access OCI Object
Storage. How can you resolve this issue?
A. Add a stateful rule that enables ingress HTTPS (TOP port 443) traffic to 001 Object Storage in the
security list associated with the private subnet
B. Add a stateful rule that enables egress HTTPS (TCP port 443) traffic to OCI Object Storage in the
security list associated with the private subnet
C. Add a rule in the Route Table associated with the private subnet with Target type as "Service
Gateway" and destination service as all IAD services in the Oracle Service Network.'
D. Use the default Security List, which has ports open for OCI Object Storage
Answer: C
Explanation:
A service gateway lets your virtual cloud network (VCN) privately access specific Oracle services
without exposing the data to the public internet. No internet gateway or NAT is required to reach
those specific services. The resources in the VCN can be in a private subnet and use only private IP
addresses. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and
never traverses the internet.
The service gateway is regional and enables access only to supported Oracle services in the same
region as the VCN.
For traffic to be routed from a subnet in your VCN to a service gateway, you must add a rule
accordingly to the subnet's route table. The rule must use the service gateway as the target. For the
destination, you must use the service CIDR label that is enabled for the service gateway. This means
that you don't have to know the specific public CIDRs, which could change over time.
Question: 224
You are a network architect of an application running on Oracle Cloud Infrastructure (OCI). Your
security team has informed you about a security patch that needs to be applied immediately to one
of the backend web servers. What should you do to ensure that the OCI load balancer does not
forward traffic to this backend server during maintenance?
A. Drain all existing connections to this backend server and mark the backend web server offline
B. Create another OCI load balancer for the backend web servers, which are active and handling
traffic
C. Edit the security list associated with the subnet to avoid traffic connectivity to this backend serve
D. Stop the load balancer for maintenance and restart the load balancer after the maintenance is
finished
Answer: A
Explanation:
A load balancer improves resource utilization, facilitates scaling, and helps ensure high
availability. You can configure multiple load balancing policies and application-specific health
checks to ensure that the load balancer directs traffic only to healthy instances. The load
balancer can reduce your maintenance window by draining traffic from an unhealthy
application server before you remove it from service for maintenance.
The Load Balancing service considers a server marked drain available for existing persisted
sessions. New requests that are not part of an existing persisted session are not sent to that
server.
Edit Drain State: Opens a dialog box in which you can change the drain state.
If you set the server's drain status to true, the load balancer stops forwarding
new TCP connections and new non-sticky HTTP requests to this backend server.
This setting allows an administrator to take the server out of rotation for
maintenance purposes.
e. Edit Offline State: Opens a dialog box in which you can change the offline
status.
If you set the server's offline status to true, the load balance forwards no ingress
traffic to this backend server.
Question: 225
Your application consists of three Oracle Cloud Infrastructure compute instances running behind a
public load balancer. You have configured the load balancer to perform health checks on these
instances, but one of the three instances fails to pass the configured health check. Which of the
following action will the load balancer perform?
A. Stop sending traffic to the instance that failed health check
B. Terminate the instance that failed health check
C. Stop the instances that failed health check
D. Remove the instance that failed the health check from the backend set
Answer: A
Explanation:
health check A test to confirm the availability of backend servers. A health check can be a request or
a connection attempt. Based on a time interval you specify, the load balancer applies the health
check policy to continuously monitor backend servers. If a server fails the health check, the load
balancer takes the server temporarily out of rotation. If the server subsequently passes the health
check, the load balancer returns it to the rotation.
You configure your health check policy when you create a backend set. You can configure TCP-level or
HTTP-level health checks for your backend servers.
- TCP-level health checks attempt to make a TCP connection with the backend servers and validate
the response based on the connection status.
- HTTP-level health checks send requests to the backend servers at a specific URI and validate the
response based on the status code or entity data (body) returned.
The service provides application-specific health check capabilities to help you increase availability
and reduce your application maintenance window.
Question: 226
Your IT department wants to cut down storage costs, but also meet compliance requirements as set
up by the central audit group. You have a legacy bucket with both Word does (*.docx) and Excel files
(*.xlsx). Your auditors want to retain only Excel files for compliance purposes. Your IT departments
wants to keep all other files for 365 days only. What two steps can you take to meet this
requirement?
A. Create Object Storage Lifecycle rules to archive objects from the legacy bucket after 365 days
without any pattern matching
B. Create Object Storage Lifecycle rules to delete objects from the legacy bucket after 365 days with a
filter type - include by pattern: ''.docx
C. It is not possible to meet this requirement
D. Create Object Storage Lifecycle rules to delete objects from the legacy bucket after 365 days with a
filter type - exclude by pattern: ''.xlsx"
E. Create Object Storage Lifecycle rules to delete objects from the legacy bucket after 365 days
without any pattern matching
Answer: BD
Explanation:
Object Lifecycle Management lets you automatically manage the archiving and deletion of objects.
By using Object Lifecycle Management to manage your Object Storage and Archive Storage data, you
can reduce your storage costs and the amount of time you spend managing data.
Use object name filters to specify which objects the lifecycle rule applies to.
You can add object filters in any order. Object Lifecycle Management evaluates the precedence of the
rules as follows:
Pattern exclusions
Pattern inclusions
Prefix inclusions
Question: 227
You have a working application in the US East region. The app is a 3-tier app with a database backend
- you take regular backups of the database into OCI Object Storage in the US East region. For Business
continuity; you are leveraging OCI Object Storage cross-region copy feature to copy database backups
to the US West region. Which of the following three steps do you need to execute to meet your
requirement?
A. Write an IAM policy and authorize the Object Storage service to manage objects on your behalf
B. Specify an existing destination bucket
C. Specify the bucket visibility for both the source and destination buckets
D. Provide a destination object name
E. Provide an option to choose bulk copying of objects
F. Choose an overwrite rule
Answer: ABF
Explanation:
You can copy objects to other buckets in the same region and to buckets in other regions.
You must have the required access to both the source and destination buckets when performing an
object copy. You must also have permissions to manage objects in the source and destination
buckets.
Because Object Storage is a regional service, you must authorize the Object Storage service for each
region carrying out copy operations on your behalf. For example, you might authorize the Object
Storage service in region US East (Ashburn) to manage objects on your behalf. Once you authorize
the Object Storage service, you can copy an object stored in a US East (Ashburn) bucket to a bucket in
another region.
You can use overwrite rules to control the copying of objects based on their entity tag (ETag) values.
Specify an existing target bucket for the copy request. The copy operation does not automatically
create buckets.
Question: 228
Which of the following statement is true regarding Oracle Cloud Infrastructure Object Storage Pre-
Authenticated Requests?
A. It Is not possible to create pre-authenticated requests for "archive" storage tier
B. Changing the bucket visibility does not change existing pre-authenticated requests
C. It is not possible to create pre-authenticated requests for the buckets, but only for the objects
D. Pre-authenticated requests don't have an expiration
Answer: B
Explanation:
Pre-authenticated requests provide a way to let users access a bucket or an object without having
their own credentials, as long as the request creator has permissions to access those objects. For
example, you can create a request that lets an operations support user upload backups to a bucket
without owning API keys. Or, you can create a request that lets a business partner update shared
data in a bucket without owning API keys.
When you create a pre-authenticated request, a unique URL is generated. Anyone you provide this
URL to can access the Object Storage resources identified in the pre-authenticated request, using
standard HTTP tools like curl and wget.
Understand the following scope and constraints regarding pre-authenticated requests:
Users can't list bucket contents.
You can create an unlimited number of pre-authenticated requests.
There is no time limit to the expiration date that you can set.
You can't edit a pre-authenticated request. If you want to change user access options in response to
changing requirements, you must create a new pre-authenticated request.
The target and actions for a pre-authenticated request are based on the creator's permissions. The
request is not, however, bound to the creator's account login credentials. If the creator's login
credentials change, a pre-authenticated request is not affected.
You cannot delete a bucket that has a pre-authenticated request associated with that bucket or with
an object in that bucket.
Understand the following scope and constraints regarding public access:
Changing the type of access is bi-directional. You can change a bucket's access from public to private
or from private to public.
Changing the type of access doesn't affect existing pre-authenticated requests. Existing pre-
authenticated requests still work.
Question: 229
You have two NFS clients running in two different subnets within the same Oracle Cloud
Infrastructure (OCI) Virtual Cloud Network (VCN). You have created a shared file system for the two
NFS clients who want to connect to the same file system, but you want to restrict one of the clients to
have READ access while the other has READ/Write access. Which OCr feature would you leverage to
meet this requirement?
A. Use VCN security rules to control access for the NFS clients
B. Use OCI Identity Access Management to control access for the NFS clients
C. Use File Storage NFS Export Options to control access for the NFS clients
D. Use NFS security to control access for the NES clients
Answer: C
Explanation:
Oracle Cloud Infrastructure File Storage service provides a durable, scalable, secure, enterprise-grade
network file system. You can connect to a File Storage service file system from any bare metal, virtual
machine, or container instance in your Virtual Cloud Network (VCN). You can also access a file system
from outside the VCN using Oracle Cloud Infrastructure FastConnect and Internet Protocol security
(IPSec) virtual private network (VPN).
EXPORT
Exports control how NFS clients access file systems when they connect to a mount target. File
systems are exported (made available) through mount targets. Each mount target maintains an
export set which contains one or many exports. A file system must have at least one export in one
mount target in order for instances to mount the file system. The information used by an export
includes the file system OCID, mount target OCID, export set OCID, export path, and client export
options. For more information, see Managing Mount Targets.
EXPORT SET
Collection of one or more exports that control what file systems the mount target exports using
NFSv3 protocol and how those file systems are found using the NFS mount protocol. Each mount
target has an export set. Each file system associated with the mount target has at least one export in
the export set.
EXPORT PATH
A path that is specified when an export is created. It uniquely identifies the file system within the
mount target, letting you associate up to 100 file systems to a single mount target. This path is
unrelated to any path within the file system itself, or the client mount point path.
EXPORT OPTIONS
NFS export options are a set of parameters within the export that specify the level of access granted
to NFS clients when they connect to a mount target. An NFS export options entry within an export
defines access for a single IP address or CIDR block range. For more information, see Working with
NFS Export Options.
Question: 230
Which statement is true about the Oracle Cloud Infrastructure File Storage Service Mount Target?
A. You can access multiple file systems through a single mount target
B. Mount target has a public IP address and DNS name
C. Mount target lives in a single subnet of your choice, but is not highly available
D. Each mount target requires six internal IP addresses in the subnet to function
Answer: A
Explanation:
A mount target is an NFS endpoint that lives in a VCN subnet of your choice and provides network
access for file systems. The mount target provides the IP address or DNS name that is used together
with a unique export path to mount the file system. A single mount target can export many file
systems. Typically, you create your first mount target and export when you create your first file
system. The mount target maintains an export set which contains all of the exports for its associated
file systems.
Limitations and Considerations
Each availability domain is limited to two mount targets by default. However, you can export up to
100 file systems through each mount target.
See Service Limits for a list of applicable limits and instructions for requesting a limit increase.
Each mount target requires three internal IP addresses in the subnet to function. Two of the IP
addresses are used during mount target creation. The third IP address must remain available for the
mount target to use for high availability failover.
The File Storage service doesn't "reserve" the third IP address required for high availability failover.
Use care when designing your subnets and file systems to ensure that sufficient IP addresses remain
available for your mount targets.
Question: 231
Which statement is true about the Oracle Cloud Infrastructure File Storage Service Snapshots?
A. Snapshots are created under the root folder of file system, in a hidden directory named .snapshot
B. Snapshots are not incremental
C. You can restore the whole snapshot, but not the individual files
D. It Is not possible to create snapshots from OCI console, but just the CLI
Answer: A
Explanation:
The File Storage service supports snapshots for data protection of your file system. Snapshots are a
consistent, point-in-time view of your file systems. Snapshots are copy-on-write, and scoped to the
entire file system. The File Storage service encrypts all file system and snapshot data at rest. You can
take as many snapshots as you need.
Data usage is metered against differentiated snapshot data. If nothing has changed within the file
system since the last snapshot was taken, the new snapshot does not consume more storage
Snapshots are accessible under the root directory of the file system at .snapshot/name. For data
protection, you can use a tool that supports NFSv3 to copy your data to a different availability
domain, region, file system, object storage, or remote location.
Question: 232
Which two statements are true about Oracle Cloud Infrastructure (OCI) DB Systems Data Guard
service?
A. Both DB systems must use the same VCN, and port 1521 must be open
B. Data guard configuration on the OCI is limited to a virtual machine only
C. Data guard implementation for Bare Metal shapes requires two DB Systems, one containing the
primary database and one containing the standby database.
D. Data guard implementation requires two DB Systems, one running the primary database on a
virtual machine and the standby database running on bare metal.
Answer: AC
Explanation:
An Oracle Data Guard implementation requires two DB systems, one containing the primary
database and one containing the standby database. When you enable Oracle Data Guard for a virtual
machine DB system database, a new DB system with the standby database is created and associated
with the primary database. For a bare metal DB system, the DB system with the database that you
want to use as the standby must already exist before you enable Oracle Data Guard.
Requirement details are as follows:
- Both DB systems must be in the same compartment.
- The DB systems must be the same shape type (for example, if the shape of the primary database is
a virtual machine, then the shape of the standby database can be any other virtual machine shape).
- If your primary and standby databases are in different regions, then you must peer the virtual cloud
networks (VCNs) for each database.
- Configure the security list ingress and egress rules for the subnets of both DB systems in the Oracle
Data Guard association to enable TCP traffic to move between the applicable ports. Ensure that the
rules you create are stateful (the default).
Question: 233
Which two options are available within the service console of Autonomous Transaction Processing?
A. Monitor the health of the database server including CPU, memory and query performance
B. Configure resource management rules and reset the admin password
C. Perform a manual backup of the ATP database
D. Fine tune a long running query using optimizer hints
Answer: AB
Explanation:
Question: 234
Which of the following two tasks can be performed in the Oracle Cloud Infrastructure Console for
Autonomous Data Warehouse?
A. Adjust Network Bandwidth

B. Scale up/down Memory
C. Increase Storage allocated for Database

D. Scale up/down CPU
Answer: CD
Explanation:
You can scale up/down your Autonomous Database to scale both in terms of compute (CPU) and
storage only when needed, allows people to pay per use.
Oracle allows you to scale compute and storage independently, no need to do it together. these
scaling activities fully online (no downtime required)
in Details page Autonomous Database in OCI console, click Scale Up/Down. Click on arrow to select a
value for CPU Core Count or Storage (TB).
Or Select auto scaling to allow the system to automatically use up to three times more CPU and IO
resources to meet workload demand, compared to the database operating with auto scaling
disabled.
Question: 235
Which two statements are true about Autonomous Data Warehouse (ADW) backup?
A. You can perform manual backups to OCI object storage in addition to automated backups available
on ADW
B. You can backup ADW database only to a standard bucket type in OCI object storage
C. Oracle Cloud Infrastructure (OCI) recommends backing up ADW databases manually to on-
premises storage devices
D. You must backup ADW database to object storage bucket named ADW_backup
Answer: AB
Explanation:
Autonomous Database automatically backs up your database for you.In addition to automatic
backups Autonomous Database also allows you take manual backups to your Oracle Cloud
Infrastructure Object Storage. for example if you want to take a backup before a major change to
make restore and recovery faster.
Also, Manual backups are only supported with buckets created in the standard storage tier
if you provision an Autonomous Data Warehouse instance named ADWC1, the bucket name should
be backup_adwc1 (the bucket name is lowercase)
Question: 236
You created a public subnet and an internet gateway in your virtual cloud network (VCN) of Oracle
Cloud Infrastructure. The public subnet has an associated route table and security list. However, after
creating several compute instances In the public subnet, none can reach the Internet.
Which two are possible reasons for the connectivity Issue?
A. A NAT gateway is needed to enable the communication flow to internet.

B. There Is no stateful egress rule In the security list associated with the public subnet.
C. There Is no dynamic routing gateway (DRG) associated with the VCN.
D. The route table has no default route for routing traffic to the internet gateway.
E. There is no stateful ingress rule in the security list associated with the public subnet.
Answer: B, D
Question: 237
Which three load-balancing policies can be used with a backend set?
A. throughput
B. least connections
C. IP hash
D. CPU utilization
E. weighted round robin
Answer: B, C, E
Question: 238
Which two resources reside exclusively in a single Oracle Cloud Infrastructure Availability Domain?
A. Identity and Access Management Groups

B. Web Application Firewall policy
C. Block volume
D. Compute Instance
E. Object Storage
Answer: C, D
Explanation:
https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#one
Question: 239
In Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE), what does a Replica Set do?
A. It provides declarative updates for Pods.

B. It maintains a stable set of replica Pods running at any given time.
C. It ensures that all Nodes run a copy of a Pod.
D. It exposes an application running on a set of Pods.
Answer: D
Thank You for Purchasing 1Z0-1072-20

1Z0-1072-20 Updated

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1Z0-1072-20 Updated

Uploaded by

Copyright:

Available Formats

Oracle

A. Disable cookie-based session persistence on your backend set.

A. Ephemeral public IPs

What can cause this issue?

A. User has multi-factor authentication (MFA) enabled.

A. Encryption of data encryption keys with a master encryption key is optional.

Oracle Cloud Infrastructure (OCI) Object Storage bucket named "HealthRecords".

What you should do?

A. Update the OS firewall in CLIENT-X to allow READ/WRITE access.

A. Load text files into ATP using SQL Developer.

A. Object storage resources can be shared across tenancies.

A. Individual object parts can be as small as 10 MiB or as large as 50 GiB

Storage constructs the object by ordering part numbers in ascending order.

A. Add a secondary virtual network interface card (VNIC).

A. Clone an existing volume to a new, larger volume.

the DB System subnet.

A. Primary and standby databases must be in the same OCI region.

A. Identity and Access Management Groups

A. All existing connections to this backend sever will be immediately closed.

the SQL Database data to NVMe disks

across the two VCNs in different regions

A. Create a database user account for the business analyst.

A. VCNs support transitive peering.

- Stuck Database Archiver Process and Backup Failures

A. To delete a VCN, its subnets must contain no resources.

A. A single Pod with a single container is created.

A. Primary is a 1-node RAC DB system and Standby is a 2-node RAC DB system.

Which option would remedy this situation?

A. Tags Defaults with predefined values

A. Billing for storage usage continues when autonomous database is stopped.

A. The user is trying to use free-form tags.

What is the reason for this error?

B. You cannot move a subcompartment to another parent compartment.

Which two configuration formats does Terraform support? (Choose two.)

A. The instance is replaced automatically by the load balancer.

A. You need to detach a volume before cloning from it.

A. mytenancy.oc.ocid is a valid OCID.

A. It can function only as a primary DNS.

A. Send the employee API Signing Keys to log in.

A. Internet Gateway (IGW)

A. Object Storage on Oracle Cloud Infrastructure

A. given by support on account creation

A. Data Guard in Async mode within a region

A. It configures, reconfigures, and instantiates resources and their dependencies.

A. Each operator needs its own security list.

A. Passing the variable with a var statement to Terraform

A. Microsoft Active Directory

A. Oracle Cloud at Customer

A. You can create only 1, 000 pre-authenticated requests per bucket.

A. Assign a Public IP address to the compute instance.

A. snapping or cloning storage form on-premise to Oracle Cloud Infrastructure

A. Patching the primary database deployment

Perform switchover and failover in an Oracle Data Guard configuration.

A. Object Storage Service

A. It provides higher IOPS than Block Storage.

A. It disallows new connections to that backend server.

A. Implement a backup policy to execute a snapshot of the shared volume.

such as Oracle E-Business Suite and PeopleSoft.

A. Use Data Transfer Service to send your data.

A. By default, object storage and block storage are encrypted at rest.

A. to bring your own license on a compute service

A. There are no security list rules for mount target traffic