Which Identity and Access Management component helps to organize multiple users into a

team?
Compartments
Dynamic Groups
Groups (*)
Policies
Incorrect. In OCI IAM, groups are used to group users that serve a common purpose or belong to
the same team. This allows policies to be applied at the group level, rather than individually.

2. Which statement about OCI compartments is NOT true?

Compartments help to isolate and control access to resources.
A compartment is a logical collection of related resources.
It is a best practice to create all your resources in the root compartment. (*)
Compartments can be nested.
Correct. It is not a best practice to create all resources in the root compartment. Compartments
are used to organize and isolate resources to provide a finer level of access control.

How is a resource in OCI identified?

With OCID (*)
With Tenancy ID
With Username
With Compartment Name
Incorrect. Each resource in OCI is assigned a unique Oracle Cloud Identifier (OCID), which is
used to identify the resource.

4. Which statement about OCI Identity and Access Management is true?

It enables authentication for devices only
It enables you to control access for a group of users. (*)
It enables authorization for on-premises users only
It is used to protect information on devices.
Correct. OCI Identity and Access Management (IAM) service allows you to control who has
access to your cloud resources. It can be used to group users and specify their permissions to
provide controlled access to resources.

Which is NOT a component of OCI Identity and Access Management?

Principals
Federation
Network Security Group (*)
Policies
Incorrect. The Network Security Group is a component of OCI Networking, not IAM. IAM in
OCI consists of Principals, Policies, Federation, and a few other components.

1. Which OSI layer traffic is supported by the OCI Network Load Balancer?
Layer 2 (data link)
Layer 7 (application)
Layer 4 (transport) (*)
Layer 5 (session)
Incorrect. OCI Network Load Balancer operates at layer 4 (transport layer) of the OSI model. It
distributes traffic among instances within its backend set based on TCP or UDP protocols.

2. Which statement about a Virtual Cloud Network (VCN) is true?

A VCN can span OCI regions.
A VCN can be used with only one instance.
A VCN can have only one public subnet and more than one private subnet.
A VCN can reside only in a single region but can span multiple availability domains. (*)
Incorrect. A VCN is a virtual, private network that you set up in Oracle data centers in a single
OCI region. It resembles a traditional network, with firewall rules and specific types of
communication gateways that you can choose to use. A VCN spans all the availability domains
in the region.
3. Which component is NOT created by default with the creation of a Virtual Cloud Network?
Default DHCP Options
Default Local Peering Gateway (*)
Default Route Table
Default Security List
Correct. When you create a VCN, a default route table, security list, and DHCP options are
created automatically, but a Local Peering Gateway (LPG) is not created by default. LPGs are
used to connect two VCNs in the same region.

4. Which statement about Virtual Cloud Network (VCN) peering between two VCNs is NOT
valid?
Peered VCNs can exist in the same OCI region.
Peered VCNs cannot have overlapping CIDRs.
A VCN peering connection is a VPN-based connection. (*)
Peered VCNs can exist in different OCI regions.
Incorrect. VCN peering is not a VPN-based connection; instead, it is a networking connection
between two VCNs that enables traffic routing between the VCNs using private IP addresses.
Peer VCNs must not have overlapping CIDRs. VCNs can be peered in the same region or
different regions through a DRG.

5. Which VCN component blocks inbound traffic, but enables outbound traffic to the internet?
Service Gateway
Internet Gateway
Dynamic Routing Gateway
NAT Gateway (*)
Correct. A NAT Gateway in a VCN enables instances in a private subnet to initiate connections
to the internet but prevents unsolicited inbound connections from the internet.
1. Which processor type is NOT available for the OCI Compute service?
AMD
Intel
Snapdragon (*)
Ampere
Correct. The OCI Compute service offers instances powered by various processor types,
including AMD, Intel, and Ampere. However, Snapdragon, which is a processor type commonly
used in mobile devices, is not available for OCI Compute.
2. What is the primary purpose of Oracle Cloud Infrastructure Functions?
To provide a managed database service
To deploy and manage virtual machines
To store and manage files
To execute code in response to events or HTTP requests (*)
Correct. The primary purpose of OCI Functions is to execute code in response to events or HTTP
requests. Functions provide a serverless computing platform that allows developers to build,
deploy, and run applications without the need to manage the underlying infrastructure.

3. Which statement about the working of autoscaling in an instance pool is true?

It can perform only schedule-based autoscaling.
It can perform only metric-based autoscaling.
It automatically changes the shape of the compute instance to increase the number of OCPU
count and memory.
It automatically provisions and removes instances in an instance pool. (*)
Incorrect. Autoscaling in an instance pool within the OCI Compute service automatically
provisions and removes instances based on specific conditions or schedules. It does not change
the shape of the compute instance, nor is it limited to only metric-based or schedule-based
autoscaling. Instead, autoscaling can be driven by both metric-based and schedule-based policies,
offering a more dynamic and flexible scaling solution.

4. Which type of storage is associated with instances in the OCI Compute service?
Block Storage (*)
File Storage
Archive Storage
Object Storage
Correct. Block storage is the type of storage associated with instances in the OCI Compute
service. It provides low-latency, high-performance storage volumes that can be attached to
instances to store data and applications.

5. Which two parameters can be customized when creating a flexible shape compute instance?
Number of OCPUs (*)
Amount of memory (*)
Number of virtual NICs
Number of physical NICs
Correct. When creating a flexible shape compute instance in OCI, users can customize the
number of Oracle Cloud Processor Units (OCPUs) and the amount of memory allocated to the
instance. The number of virtual NICs and physical NICs are not customizable parameters for
flexible shape compute instances.
1. You have created an Object Storage bucket of Archive tier. Which statement is NOT valid for
the Archive Storage tier?
The default time available to download an object after restoration is 24 hours.
The minimum duration to store objects is 90 days.
The Archive storage bucket can be upgraded to Standard storage. (*)
From the time a restore request is made, it takes at most an hour to read the data.
Incorrect. An existing standard Object Storage bucket cannot be downgraded to the Archive
Storage tier and an Archive Storage bucket cannot be upgraded to the standard Object Storage
tier. Other statements are correct. The minimum duration to store objects in the Archive tier is 90
days. Objects in the Archive Storage tier cannot be accessed directly. Instead, you need to restore
the object to the Standard tier before reading it. From the time a restore request is made, it takes
at most an hour to read the data. You can specify a duration time from 1 to 240 hours that the
restored data is accessible for download on the Object Storage tier. If you do not explicitly set a
duration time, data is available for download for 24 hours by default.

2. What feature of the Oracle Cloud Infrastructure Block Volume service ensures data durability
and protection against hardware failures?
Replication (*)
Deduplication
Encryption
Compression
Correct. The OCI Block Volume service uses replication to ensure data durability and protection
against hardware failures. Data is automatically replicated across multiple storage devices within
the same availability domain, which helps maintain data integrity and availability in case of
hardware issues.

3. You want to store the backup of a database in cloud storage for an extended period at the
lowest storage cost. Which object storage tier would you use for storing these backup files?
Standard
Infrequent Access
Premium
Archive (*)
Correct. Archive tier is designed for storing data that is rarely accessed and requires long
retention periods. It provides a low-cost storage solution for retaining data that is seldom
retrieved. It is ideal for use cases such as long-term data retention and archival, including
database backups.

4. In the Oracle Cloud Infrastructure Object Storage Service, what is the primary purpose of a
pre-authenticated request URL?
To enable automatic transition of objects between storage tiers
To track and monitor object access and usage
To provide temporary and secure access to a specific object (*)
To enable public read access to a specific object
Correct. A pre-authenticated request URL is a feature in the OCI Object Storage service that
provides temporary and secure access to a specific object. It enables users to generate a unique
URL with a predefined expiration time, allowing external users to access the object without
requiring authentication or authorization through OCI Identity and Access Management.
5. You have an extremely high performance database workload that requires at least 90 IOPS/GB
and 90,000 IOPS per volume. Which OCI Block Volume performance level can be used to meet
this requirement?
Lower Cost
Ultra High Performance (*)
Balanced
Higher Performance
Incorrect. The Ultra High Performance tier in OCI Block Volume service can provide up to 225
IOPS/GB, to a maximum of 300,000 IOPS per volume. The Ultra High Performance level is
recommended for workloads with the highest I/O requirements, requiring the best possible
performance, such as large databases. Other tiers such as Balanced, Higher Performance, and
Lower Cost cannot deliver this level of performance.

1. In the context of Oracle Autonomous Database, what does the self-repairing feature ensure?
Automatic database recovery in case of failures (*)
Automatic application of security patches
Automatic database tuning
Automatic scaling of resources based on workload
Correct. The self-repairing feature of Oracle Autonomous Database ensures automatic database
recovery in case of failures. It detects and corrects issues in the database infrastructure, including
hardware, software, and human errors, helping to maintain high availability and protect against
data loss.

2. How does MySQL HeatWave enable accelerated query performance?

By partitioning the data into smaller subsets
By replicating data across multiple databases
By using in-memory data storage (*)
By compressing the data for faster retrieval
Incorrect. MySQL HeatWave uses an in-memory data storage mechanism to provide high-
performance query execution. It achieves this by storing the data in a columnar format in-
memory, which allows for faster access and processing of data during query execution,
especially for OLAP workloads.

3. Which is NOT a supported workload type for Oracle Autonomous Database?

MySQL (*)
JSON
Transaction Processing
Data Warehouse
Incorrect. Oracle Autonomous Database supports various workload types like Autonomous Data
Warehouse (ADW) for high-performance analytics, Autonomous Transaction Processing (ATP)
for high-performance transactional workloads, APEX for low-code application development, and
JSON for JSON document storage and querying. However, MySQL is a different type of
database system and not a workload type supported within Oracle Autonomous Database. Oracle
does provide a separate managed service for MySQL in the Oracle Cloud, but it is not a
workload type under the Autonomous Database offering.

4. Which feature of Oracle Autonomous Database enables automatic database optimizations

without manual intervention?
Self-driving (*)
Autoscaling
Self-securing
Self-repairing
Incorrect. The self-driving feature of Oracle Autonomous Database enables automatic database
optimizations without manual intervention. It uses machine learning and automation to perform
tasks such as provisioning, patching, tuning, and backup, which helps reduce the need for manual
database administration and maintenance.

5. Which type of processing does MySQL HeatWave primarily enable MySQL to handle
efficiently?
Online Transaction Processing (OLTP)
Data lake processing
Data warehouse processing
Online Analytical Processing (OLAP) (*)
Incorrect. MySQL HeatWave is an integrated query accelerator for the MySQL Database service
in Oracle Cloud Infrastructure. It significantly boosts the performance of MySQL, enabling it to
efficiently run OLAP (Online Analytical Processing) queries, which are complex queries that
analyze large amounts of data to uncover business insights.
1. What is the main advantage of using OCI Security Zones when deploying resources in your
cloud environment?
Load balancing across multiple instances
Streamlining application deployment
Ensuring adherence to security best practices and policies (*)
Automatic resource scaling
Correct. The main advantage of using OCI Security Zones when deploying resources in your
cloud environment is to ensure adherence to security best practices and policies. Security Zones
help maintain a strong security posture by automatically enforcing predefined security policies
within designated compartments, preventing the creation of non-compliant resources.

2. What is the primary purpose of the Oracle Cloud Infrastructure Vault service?
To detect, assess, and remediate security risks in your cloud infrastructure
To enforce security best practices in designated compartments
To store and manage encryption keys and secrets (*)
To provide security recommendations and insights for your cloud infrastructure
Incorrect. The primary purpose of the OCI Vault service is to store and manage encryption keys
and secrets. The Vault service helps you to securely store, manage, and control access to
encryption keys, secrets, and certificates, ensuring the protection of sensitive data.

3. Which option is NOT a component of Oracle Cloud Guard?

Detectors
Targets (*)
Responders
Problems
Correct. Oracle Cloud Guard has three main components – detectors, problems, and responders.
Detectors continuously monitor your infrastructure, looking for potential issues. Problems are the
security risks and issues that detectors identify. Responders are the automatic or manual actions
taken to address the identified problems. Targets are not a component of Oracle Cloud Guard.

4. In the OCI shared security responsibility model, who is responsible for securing the
underlying cloud infrastructure?
Oracle (*)
The customer
Government agencies
Third-party vendors
Correct. In the OCI shared security responsibility model, Oracle is responsible for securing the
underlying cloud infrastructure. This includes securing the physical data centers, network
infrastructure, and hardware that support the cloud services, ensuring a secure and reliable
environment for customers to deploy their applications and store data.

5. Which of the following is NOT a component of the Oracle Cloud Infrastructure Vault service?
Master encryption key
Database backup (*)
Secret
Vault
Incorrect. OCI Vault is composed of various components including master encryption keys,
secrets, and vaults. A vault in OCI is a logical entity where you can centrally manage and store
your encryption keys and secrets. A secret is a resource that helps manage credentials needed to
access OCI resources. A master encryption key is a key that OCI uses to encrypt the encryption
keys that you create in the vault (these are customer managed). Database backup is not a
component of OCI Vault; it is a functionality associated with the OCI Database service.

1. Which is NOT a factor that influences pricing in Oracle Cloud Infrastructure?

Data transfer
Services consumed
Choice of OCI region (*)
Type of resource
Correct. OCI maintains the same pricing across all regions, so the choice of OCI region does not
directly influence pricing. The primary factors that influence pricing in OCI include data transfer
costs, the specific services consumed, and the specific type of resource utilized.

2. Which is NOT a supported Oracle Cloud Infrastructure pricing model?

Oracle Universal Credits
Pay As You Go
Bring Your Own License (BYOL)
Sovereign subscriptions (*)
Correct. The supported pricing models in OCI include Pay As You Go, Oracle Universal Credits,
and Bring Your Own License (BYOL). Sovereign subscriptions is not a known pricing model in
OCI.

3. In Oracle Cloud Infrastructure, what is the key difference between service limits and
compartment quotas?
Service limits are user-defined for compartments, while compartment quotas are set by Oracle
for a tenancy or region.
Both apply only to specific compartments and can be modified only by the user.
Both are set and can be modified only by Oracle.
Service limits are set by Oracle for a tenancy or region, while compartment quotas are user-
defined for specific compartments. (*)
Correct. Service limits are the upper bounds placed by Oracle on the number of resources you
can create in a region or tenancy, while compartment quotas are the upper bounds defined by the
users for resource usage within specific compartments. The distinction is that service limits are
set by Oracle and apply to a tenancy in a region, while compartment quotas are set by the users
and apply to specific compartments.

4. In Oracle Cloud Infrastructure, what can you set up to receive notifications when budget
thresholds are reached?
SMS notifications
Email alerts (*)
Pager alerts
Push notifications
Correct. In Oracle Cloud Infrastructure, you can set up email alerts to receive notifications when
budget thresholds are reached. These alerts help customers stay informed about their spending
and take appropriate actions to manage their costs.

5. Which type of traffic is charged under data transfer costs in Oracle Cloud Infrastructure?
Egress and ingress are both charged to and from the internet.
Ingress is charged between two availability domains.
Ingress and egress are charged between instances in different availability domains.
Egress to the internet is charged. (*)
Incorrect. In OCI, ingress data transfer (data coming into OCI from the internet) is typically free.
However, egress data transfer (data going out from OCI to the internet) is chargeable after the
first 10 TB/month, depending on the specific region and destination.