- Barajar
ActivarDesactivar
- Alphabetizar
ActivarDesactivar
- Frente Primero
ActivarDesactivar
- Ambos lados
ActivarDesactivar
- Leer
ActivarDesactivar
Leyendo...
Cómo estudiar sus tarjetas
Teclas de Derecha/Izquierda: Navegar entre tarjetas.tecla derechatecla izquierda
Teclas Arriba/Abajo: Colvea la carta entre frente y dorso.tecla abajotecla arriba
Tecla H: Muestra pista (3er lado).tecla h
Tecla N: Lea el texto en voz.tecla n
Boton play
Boton play
145 Cartas en este set
- Frente
- Atrás
You have been asked to ensure that in-transit communication between an Oracle Cloud Infrastructure (OCI) compute instance and an on-premises server (192.168.10.10/32) is encrypted. The instances communicate using HTTP. The OCI Virtual Cloud Network (VCN) is connected to the on-premises network by two separate connections: a Dynamic IPsec VPN tunnel and a FastConnect virtual circuit. No static configuration has been added.
What solution should you recommend? (Choose the best answer.) A. The instances will communicate by default over IPsec VPN, which ensures data is encrypted in-transit. B. Advertise a 192.168.10.10/32 route over the VPN. C. Advertise a 192.168.10.10/32 router over the FastConnect. D. The instances will communicate by default over the FastConnect private virtual circuit, which ensures data is encrypted in-transit. |
Correct Answer: B
Reference: Creo que es B, otros ponen D On FastConnect, the transit data is not encrypted...Question is that the data has to be encrypted during the transit.. Also it is said that no static routes are added. So with both the FC and the IPSec VPN being in place, the FC will overtake the IPSec VPN because there are no static routes provided. So,if you provide a static route to the IPSec connection, the traffic flows thru the IPSec VPN in which the data in transit is encrypted by default. Hence, answer is B. https://www.oracle.com/cloud/networking/fastconnect-faq.html https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/transitrouting.htm Can I use FastConnect and an IPsec VPN to the same VCN simultaneously? Yes. You can provision FastConnect and an IPSec VPN simultaneously. Typically, you would set up FastConnect as the primary path and the IPSec VPN as a backup path via the internet. The FastConnect path will always be preferred when available, unless you add more |
You have created a group for several auditors. You assign the following policies to the group:
What actions are the auditors allowed to perform within your tenancy? (Choose the best answer.) A. The Auditors can view resources in the tenancy. B. Auditors are able to create new instances in the tenancy. C. The Auditors are able to delete resource in the tenancy. D. Auditors are able to view all resources in the compartment. |
Correct Answer: A
Reference: https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policies.htm#Verbs https://docs.oracle.com/en-us/iaas/Content/Identity/policyreference/auditpolicyreference.htm#Details_for_the_Audit_Service https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/commonpolicies.htm#top |
You have a web application running on Oracle Cloud Infrastructure (OCI) that lets users log in with a username and password. You notice that an attacker has tried to use SQL comment `--" to alter the database query, remove the password check and log in as a user. You decide to prevent any future attacks.
Which of the following OCI services or features would you choose to safeguard your application? (Choose the best answer.) A. Network Security Group B. Data Safe C. Web Application Framework (WAF) D. Vault |
Correct Answer: D
Reference: WAF is web Application Firewall NOT Framework Si en el examen pone Web Application Firewall la correcta sería la C |
One of the compute instances that you have deployed on Oracle Cloud Infrastructure (OCI) is malfunctioning. You have created a console connection to remotely troubleshoot it.
Which two statements about console connections are TRUE? (Choose two.) A. It is not possible to use VNC console connections to connect to Bare Metal Instances. B. VNC console connection uses SSH port forwarding to create a secure connection from your local system to the VNC server attached to your instance’s console. C. It is not possible to connect to the serial console to an instance running Microsoft Windows, however VNC console connection can be used. D. For security purpose, the console connection will not let you edit system configuration files. E. If you do not disconnect from the session, your serial console connection will automatically be terminated after 24 hours. |
Correct Answer: B, E
Reference: https://docs.oracle.com/en-us/iaas/Content/Compute/References/serialconsole.htm |
You have created an Autonomous Data Warehouse (ADW) service in your company’s Oracle Cloud Infrastructure (OCI) tenancy and you now have to load historical data into it. size from ..... (1)
A. Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL, using the web console upload the CSV files to an OCI object storage bucket, create the tables in the ADW database and then execute DBMS_CLOUD.COPY_DATA .. B. Create the tables ........ C. Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL, using OCI CLI upload the CSV files to an OCI object storage bucket, create the tables in the ADW database and then execute Data Pump Import ... D. Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL, using OCI CLI upload the CSV files to an OCI object storage bucket, create the tables in the ADW database and then execute DBMS_CLOUD.COPY_DATA for |
Correct Answer: D
Reference: https://docs.oracle.com/en-us/iaas/Content/Object/Tasks/usingmultipartuploads.htm Create Credentials and Copy Data into an Existing Table (oracle.com) Load Data from Local Files Using SQL*Loader (oracle.com) Create Credentials and Load Data Pump Dump Files into an Existing Table (oracle.com) |
You are using the Oracle Cloud Infrastructure Command Line Interface to launch a Linux virtual machine. You enter the following command (with correct values for all parameters):
The command fails. Which is NOT a valid parameter in this command? (Choose the best answer.) A. -t <tenancy_id> B. --image-id <image_id> C. -- shape “<shape_name>” D. -c <compartment_id> E. -- subnet-id <subnet_id> |
(Esta pregunta tiene un trocito de código)
Correct Answer: A Reference: https://docs.oracle.com/en-us/iaas/tools/oci-cli/3.0.5/oci_cli_docs/cmdref/compute/instance/launch.html Getting Started with the Command Line Interface (oracle.com) oci compute instance launch --availability-domain "<availability_domain_name>" -c <compartment_id> --shape "<shape_name>" --display-name "<instance_display_name>" --image-id <image_id> --ssh-authorized-keys-file "<path_to_authorized_keys_file>" --subnet-id <subnet_id> |
You have received an email from your manager to provision (...) be re-used.
Which CLI command can be used in this situation? (Choose the best answer.) A. oci resource-manager stack create --tenancy-id <tenancy_OCID> \ --config-source prod.zip --variables file://variables.json \ --display-name Production stack build \ --description Creating new Production environment B. oci resource-manager stack update --compartment-id <compartment_OCID> \ --config-source prod.zip --variables file://variables.json \ --display-name €Production stack build€ \ --description Creating new Production environment C. oci resource-manager stack create --compartment-id <compartment_OCID> \ --config-source prod.zip --variables file://variables.json \ --display-name Production stack build \ --description Creating new Production environment D. oci resource-manager stack update --tenancy-id <tenancy_OCID> \ --config-source prod.zip --variables file://variables.json \ --display-name €Production stack build€ \ --descr |
Correct Answer: C
Reference: https://docs.oracle.com/en-us/iaas/tools/oci-cli/3.0.2/oci_cli_docs/cmdref/resource-manager/stack/create.html A y D no son correctas porque –tenancy-id no es un parámetro válido Command indicated with option B is wrong as oci resource-manager stack update requires to provide mandatory --stack-id argument. |
You are asked to deploy a new application that has been designed to scale horizontally. The business stakeholders have asked that the application be deployed in us-phoenix-1.
Normal usage requires 2 OCPUs. You expect to have few spikes during the week, that will require up to 4 OCPUs, and a major usage uptick at the end of each month that will require 8 OCPUs. (Choose the best answer.) A. Create an instance pool with a VM.Standard2.2 shape instance configuration. Setup the autoscaling configuration to use 2 availability domains and have a minimum of 2 instances, to handle the weekly spikes, and a maximum of 4 instances. B. Create an instance with 1 OCPU shape. Use the Resize Instance action to scale up to a larger shape when more resources are needed. C. Create an instance with 1 OCPU shape. Use a CLI script to clone it when more resources are needed. D. Create an instance pool with a VM.Standard2.1 shape instance configuration. Setup the autoscaling configuration to use 2 availability |
Correct Answer: D
Reference: Creo que la A es menos “cost-effective” porque un mínimo de 2 instances en una VM.Standard 2.2 son 4 OCPUs y normalmente sólo requiere 2 OCPUs. VM.Standard2.1 has 1 OCPU VM.Standard2.2 has 2 OCPUs Compute Shapes (oracle.com) |
You have been asked to set up connectivity between a client’s on-premises network and Oracle Cloud Infrastructure (OCI). The requirements are:
✑ Low latency: The applications are financial and require low latency connectivity into OCI. ✑ Consistency: The application isn’t tolerant of performance variation. The client wants to implement the above with as low a cost as possible, while meeting all of the requirements. What should you suggest? (Choose the best answer.) A. Provision FastConnect with a single private virtual circuit, and run an IPsec VPN tunnel over the top of this virtual circuit. B. Provision FastConnect with a single public virtual circuit. C. Provision a site-to-site IPsec VPN between your on-premises network and your virtual cloud network (VCN) using VPN Connect. D. Provision FastConnect with a single private virtual circuit. E. Provision FastConnect with a single public virtual circuit, and run an IPsec VPN tunnel over the top of this virtual circuit |
Correct Answer: E (No la D)
Reference: Highly voted E https://docs.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/encrypted-fastconnect-public-peering.pdf https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/fastconnectoverview.htm |
Which two statements about the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI) are TRUE? (Choose two.)
A. You can run CLI commands from inside OCI Regions only. B. You can filter CLI output using the JMESPath query option for JSON. C. The CLI provides an automatic way to connect with instances provisioned on OCI. D. The CLI allows you to use the Python language to interact with OCI APIs. E. The CLI provides the same core functionality as the Console, plus additional commands. |
Correct Answer: B, E
Reference: B: Formatting and filtering OCI CLI output – DBA Blog (christian-gohmann.de) D: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/cliconcepts.htm |
You have a Linux compute instance located in a public subnet in a VCN which hosts a web application. The security list attached to subnet containing the compute instance has the following stateful ingress rule.
The Route table attached to the Public subnet is shown below. You can establish an SSH connection into the compute instance from the internet. However, you are not able to connect to the web server using your web browser. Which step will resolve the issue? (Choose the best answer.) A. In the route table, add a rule for your default traffic to be routed to NAT gateway. B. In the security list, add an ingress rule for port 80 (http). C. In the security list, remove the ssh rule. D. In the route table, add a rule for your default traffic to be routed to Service Gateway. |
Correct Answer: B (No la D)
Reference: https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securityrules.htm Gateways In OCI: Internet Gateway, Service Gateway, NAT Gateway, DRG (k21academy.com) B is correct Answer because of Web Browser. You need to add a rule in the security list table to allow access to web application. Web applications are usually exposed over port 80 (HTTP), therefore answer B makes sense here. The answer is D totally incorrect. The Service Gateway is for internal communications of services, for example, going from a VCN to Object Storage, without going to the internet. |
Your company recently adopted a hybrid cloud architecture which requires them to migrate some of their on-premises web applications to Oracle Cloud Infrastructure (OCI). You created a Terraform template which automatically provisions OCI resources such as compute instances, load balancer, and a database instance. (....) following error:
Service error: NotAuthorizedOrNotFound. shape VM.Standard2.4 not found. http status code: 404 (....)VM.Standard2.4 instance shapes available in your tenancy. You edit the Terraform script and replace the shape with VM.Standard2.2 Which option would you recommend to re-run the terraform command to have required OCI resources provisioned with the least effort? (Choose the best answer.) A. terraform plan -target=oci_database_db_system.db_system B. terraform apply -auto-approve C. terraform refresh -target=oci_database_db_system.db_system D. terraform apply -target=oci_database_db_system.db_system |
Correct Answer: B
D: no existe opción -target para apply https://www.terraform.io/docs/cli/commands/apply.html Command: refresh The terraform refresh command is used to reconcile the state Terraform knows about (via its state file) with the real-world infrastructure. This can be used to detect any drift from the last-known state, and to update the state file. This does not modify infrastructure, but does modify the state file. If the state is changed, this may cause changes to occur during the next plan or apply. Command: plan The terraform plan command is used to create an execution plan. Terraform performs a refresh, unless explicitly disabled, and then determines what actions are necessary to achieve the desired state specified in the configuration files. This command is a convenient way to check whether the execution plan for a set of changes matches your expectations without making any changes to real resources or to the state. Command: apply The terraform apply command is used |
You have been monitoring your company’s applications running in Oracle Cloud Infrastructure (OCI) and notice that the application is using OCI Traffic Management service. This service uses a traffic steering policy to distribute the DNS traffic based on subnet addresses in a rule set.
Which steering policy is in use in this particular case? (Choose the best answer.) A. Load Balancing policy B. Geolocation steering C. ASN steering policy D. IP Prefix steering |
Correct Answer: D
Reference: https://docs.oracle.com/en-us/iaas/Content/TrafficManagement/Tasks/trafficmanagement.htm Traffic Management in Oracle Cloud (OCI) 1Z0-997 (k21academy.com) |
You have the following compartment structure within your company’s Oracle Cloud Infrastructure (OCI) tenancy:
You want to create a policy in the root compartment to allow SystemAdmins to manage VCNs only in CompartmentC. Which policy is correct? (Choose the best answer.) A. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentB:CompartmentC B. Allow group SystemAdmins to manage virtual-network-family in compartment Root C. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentA:CompartmentB:CompartmentC D. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentC |
(Esta pregunta tiene como una pantallita)
Correct Answer: C Reference: https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policies.htm Correct is 'C' because you need to apply at root level (tenancy) |
Which option contains the essential components of the Oracle Cloud Infrastructure Notifications service? (Choose the best answer.)
A. An ALARM with a name unique across the tenancy, a SUBSCRIPTION, and a METRIC with the measurement of interest. B. A TOPIC with a name unique across the tenancy, a SUBSCRIPTION, and a MESSAGE where content is published. C. A TOPIC with a name unique across the compartment, a SUBSCRIPTION, and a MESSAGE where content is published. D. An ALARM with a name unique across the compartment, a SUBSCRIPTION, and a METRIC with the measurement of interest. |
Correct Answer: B
Reference: https://docs.oracle.com/en-us/iaas/Content/Notification/Tasks/managingtopicsandsubscriptions.htm |
You run a large global application with 90% of customers based in the US and Canada. You want to be able to test a new feature and allow a small percentage of users to access the new version of your application.
What Oracle Cloud Infrastructure Traffic Management steering policy should you utilize? (Choose the best answer.) A. Load Balancer B. IP Prefix steering C. ASN steering D. Geolocation steering |
Correct Answer: A
Reference: B podría ser también https://docs.oracle.com/en-us/iaas/Content/TrafficManagement/Tasks/trafficmanagement.htm Traffic Management | Oracle Traffic Management in Oracle Cloud (OCI) 1Z0-997 (k21academy.com) Correct is 'B' because you re asked to do a Canary Testing so IP Prefix is the right choose Correct A: With IP Prefix you need to indicate the IP prefix of the originating request, you can't indicate a percentage of the total requests. A, Load Balancer allows you to steer a small amount of traffic.. |
Which two statements are TRUE about Object Storage data security and encryption in Oracle Cloud Infrastructure (OCI)? (Choose two.)
A. Client-side encryption is managed by the customer. B. Data needs to be decrypted on the client side before retrieving it. C. OCI Vault Management is used by default to provide data security. D. All traffic to and from Object Storage service is encrypted using TLS. E. A VPN connection to OCI is required to ensure secure data transfer to an object storage bucket. |
Correct Answer: A, D
Reference: B and C are false https://www.oracle.com/a/ocom/docs/cloud/security-overview-100.pdf |
You are using Oracle Cloud Infrastructure (OCI) console to set up an alarm on a budget to track your OCI spending.
Which two are valid targets for creating a budget in OCI? (Choose two.) A. Select group as the type of target for your budget. B. Select Tenancy as the type of target for your budget. C. Select user as the type of target for your budget. D. Select Cost-Tracking Tags as the type of target for your budget. E. Select Compartment as the type of target for your budget. |
Correct Answer: D, E
Reference: https://docs.oracle.com/en-us/iaas/Content/Billing/Concepts/budgetsoverview.htm |
Your application is using an Object Storage bucket named app-data in the namespace vision, to store both persistent and temporary data. Every week all the temporary data should be deleted to limit the storage consumption.
Currently you need to navigate to the Object Storage page using the web console, select the appropriate bucket to view all the objects and delete the temporary ones. To simplify the task you have configured the application to save all the temporary data with /temp prefix. You have also decided to use the Command Line Interface (CLI) to perform this operation. What is the command you should use to speed up the data cleanup? (Choose the best answer.) A. oci os object delete -ns vision -bn app-data --prefix /temp B. oci os object bulk-delete -ns vision -bn app-data --prefix /temp --force C. oci objectstorage bulk-delete -ns vision -bn app-data --prefix /temp --force D. oci os object delete app-data in vision where prefix = /temp |
Correct Answer: B
Reference: https://docs.oracle.com/en-us/iaas/tools/oci-cli/3.0.2/oci_cli_docs/cmdref/os/object/bulk-delete.html oci os object bulk-delete -ns mynamespace -bn mybucket --prefix level1/level2/ --prefix myprefix |
Your company has restructured its HR departments. As part of this change, you also need to re-organize Compartment Team_x needs to be moved under a new parent compartment, Project_B
(....) Policy1: Allow group G1 to manage instance-family in compartment HR:Project_A Policy2: Allow group G2 to manage instance-family in compartment HR:Project_B Which two statements describe the impacts after the compartment Team_x is moved? (Choose two.) A. Group G2 can now manage instance-families in compartment Project_B and compartment Team_X B. Group G1 can now manage instance-families in compartment Project_A, compartment Project_B and compartment Team_X C. Group G1 can now manage instance-families in compartment Project_A but not in compartment Team_x D. Group G2 can now manage instance-families in compartment Project_A but not in compartment Team_x E. Group G2 can now manage instance-families in compartment Project_B, compartment Project_A and compartment Team_X |
(Esta pregunta lleva dos dibujos)
Correct Answer: A, C Reference: |
You have been contracted by a local e-commerce company to assist with enhancing their online shopping application. (...) (Choose the best answer.)
A. Create a load balancer policy in the Traffic Management service. Configure one answer for each site. Set the answer for the primary site with a weight of 10 and the answer for the secondary site with a weight of 100. B. Create a new A record in DNS that points to the public load balancer at the secondary site. Create a CNAME for the sub-domain failover that will resolve to the new A record. Inform customers to prepend the website URL with failover if the primary site is unavailable. C. Create a failover policy in the Traffic Management service. Set the IP address of the public load balancer for the primary site in answer pool 1. Set the IP address of the public load balancer for the secondary site in answer pool 2. Define a health check to monitor both sites. D. Deploy a new load balancer in the primary region. Create one backend set for |
Correct Answer: C (No la D)
Reference: Highly Voted: C https://blogs.oracle.com/cloud-infrastructure/post/setting-up-active-failover-with-oci-traffic-management-steering |
You have recently been asked to take over management of your company’s infrastructure provisioning efforts, utilizing Terraform v0.12 to provision and manage infrastructure resources in Oracle Cloud Infrastructure (OCI). For the past few days the development environments have been failing to provision. Terraform returns the following error:
You locate the related code block in the Terraform config and find the following: Which correction should you make to solve this issue? (Choose the best answer.) A. Place a command at the end of line 16 B. Modify line 15 to be the following: tcp_options = {min = "22”, max = “22”) C. Modify line 15 to be the following: tcp_options { min = “22” max = “22” } D. Replace the curly braces ‘{ }’ in lines 11 and 16 with square braces ‘[ ]’ |
(Esta pregunta tiene dos partes de código)
Correct Answer: C Reference: https://oracle-base.com/articles/misc/terraform-oci-vcn |
Here is a partial code from a Terraform template written for Oracle Cloud Infrastructure (OCI):
What operation(s) does it perform? (Choose the best answer.) A. Provides object read and write access for an OCI Object Storage bucket. B. Creates a pre-authenticated request for objects in an OCI Object Storage bucket. C. Creates a URL to provide access to an OCI Object Storage bucket for managing objects. D. Creates a lifecycle policy for an OCI Object Storage bucket for moving data to Archival storage at a specified time. |
(Esta pregunta tiene dos partes grandes de código)
Correct Answer: B (no la A) Reference: https://docs.oracle.com/en-us/iaas/tools/terraform-provider-oci/4.56.0/docs/r/objectstorage_preauthrequest.html |
Your customer is running a set of compute instances inside a private subnet to manage their workloads on Oracle Cloud Infrastructure (OCI) tenancy. You have set up auto scaling feature to provide consistent performance to their end users during period of high demand.
Which step should be met for auto scaling to work? (Choose the best answer.) A. OS Management Service agent (OSMS) must be installed on the instances. B. Audit logs for the instances should be enabled. C. Service Gateway should be setup to allow instances to send metrics to monitoring service. D. Monitoring for the instances should not be enabled. |
Correct Answer: C
Reference: https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/autoscalinginstancepools.htm#threshold https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/enablingmonitoring.htm#Enabling_Monitoring_for_Compute_Instances |
You are working with Terraform on your laptop and have been tasked with spinning up multiple compute instances in Oracle Cloud Infrastructure (OCI) for a project. In addition, you are also required to collect IP addresses of provisioned instances and write them to a file and save it in your laptop.
Which specific Terraform functionality can help accomplish this task? (Choose the best answer.) A. Terraform modules B. Terraform remote state C. Terraform local-exec D. Terraform remote-exec |
Correct Answer: D
Reference: Duda C or D C https://www.terraform.io/docs/language/resources/provisioners/local-exec.html resource "aws_instance" "web" { # ... provisioner "local-exec" { command = "echo ${self.private_ip} >> private_ips.txt" } } D The local-exec run script in the machine running Terraform and not to remote resource. The answer should be remote-exec https://www.terraform.io/docs/language/resources/provisioners/remote-exec.html |
You have created a geolocation steering policy in the Oracle Cloud Infrastructure (OCI) Traffic Management service, with this configuration:
What happens to requests that originate in Africa? (Choose the best answer.) A. The traffic will be forwarded at the same time to both Pool 1 and Pool 2. B. The traffic will be dropped. C. The traffic will be forwarded randomly to any of the pools mentioned in the rules. D. The traffic will be forwarded to Pool 1. If Pool 1 is not available, then it will be forwarded to Pool 2. |
(esta pregunta tiene como un pantallazo con algo de Asia)
Correct Answer: C Reference: pg.20 https://www.oracle.com/a/ocom/docs/cloud/traffic-management-100.pdf |
One of your development teams has asked for your help to standardize the creation of several compute instances that must be provisioned each day of the week.
You initially write several Command Line Interface (CLI) commands with all appropriate configuration parameters to achieve this task later determining this method lacks flexibility. Which command generates a JSON-based template that Oracle Cloud Infrastructure (OCI) CLI can use to provision these instances on a regular basis? (Choose the best answer.) A. oci compute instance create --generate-cli-skeleton B. oci compute instance launch --generate-cli-skeleton C. oci compute provision-instance --generate-full-command-json-input D. oci compute instance launch --generate-full-command-json-input |
Correct Answer: D
Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliusing.htm https://docs.oracle.com/en-us/iaas/tools/oci-cli/3.3.3/oci_cli_docs/cmdref/compute/instance/launch.html https://docs.oracle.com/en-us/iaas/tools/oci-cli/3.0.5/oci_cli_docs/oci.html#cmdoption-generate-full-command-json-input |
A developer has created a file system in Oracle Cloud Infrastructure (OCI) File Storage service. She launches an Oracle Linux compute instance and successfully mounts the file system from the instance.
She then tries writing to the file system from the compute instance using the following command: touch /mnt/yourmountpoint/helloworld But gets an error message: touch: cannot touch ‘/mnt/yourmountpoint/helloworrld’: Permission denied Which is a reason for this error? (Choose the best answer.) A. ‘touch’ command is not available in Oracle Linux by default. B. Service limits or quota for file system writes have been breached. C. User is not part of any OCI Identity and Access Management group with write permissions to File Storage service. D. User is connecting as the default Oracle Linux user ‘opc’ instead of ‘root’ user. |
Correct Answer: D
Reference: https://docs.oracle.com/en-us/iaas/Content/File/Troubleshooting/cannotwrite.htm |
You have recently joined a startup company and quickly find that nobody is tracking the amount of money spent on Oracle Cloud Infrastructure (OCI). Seeing an opportunity to help save money you begin creating a solution to better track the cost of resources provisioned by each individual on the team.
Which option allows you to identify excessive spend across all resources in your tenancy? (Choose the best answer.) A. Use the Python SDK to write a custom application that will monitor the Audit log. Look for CREATE events and configure the application to send you an email each time a new resource is created. B. Create a tag namespace named BILLING with a Tag Key named CostCenter. Tag each of your resources with this Tag Key and the correct value. C. Use the Events Service and create rules that will act when a new Object Storage bucket or Compute Instance has been created. Have the rule email you each time one of these events occurs. D. Create a budget for each compartment that will send a |
Correct Answer: B
Reference: B or D? B, la más votada D: A budget can be used to set soft limits on your Oracle Cloud Infrastructure spending. You can set alerts on your budget to let you know when you might exceed your budget, and you can view all of your budgets and spending from one single place in the Oracle Cloud Infrastructure console. Budgets are set on cost-tracking tags or on compartments (including the root compartment) to track all spending in that cost-tracking tag or for that compartment and its children. https://blogs.oracle.com/cloud-infrastructure/how-to-get-control-of-your-spending-in-oracle-cloud-infrastructure Track and Manage Usage and Cost (oracle.com) |
You have been asked to review a network design for Oracle Cloud Infrastructure (OCI) by a major client. The client’s IT team needs to provision two Virtual Cloud Networks (VCNs) for a major application. The application uses a large number of virtual machine instances. Additionally, in the future, a VCN peering will be required to allow connectivity between the VCNs.
Which of the following are valid IP ranges to consider? (Choose the best answer.) A. 10.0.0.0/30 and 192.168.0.0/30 B. 10.0.0.0/8 and 11.0.0.0/8 C. 10.0.8.0/21 and 10.0.16.0/22 D. 10.0.0.0/16 and 10.0.64.0/24 |
Correct Answer: C
Reference: A? Best option is A, as VCN peering required. Correct answer is C. IP do not overlap in this case. Answer A could have been also correct but it does not provide huge range of IP. Setting Up a Virtual Cloud Network (VCN) in Oracle Cloud Infrastructure |
You have created the following JSON file to specify a lifecycle policy for one of your object storage buckets:
How will this policy affect the objects that are stored in the bucket? (Choose the best answer.) A. Objects with the prefix ‘LOGS’ will be retained for 120 days and then deleted permanently. B. Objects containing the name prefix LOGS will be automatically migrated from standard Storage to Archive storage 30 days after the creation date. The object will be deleted 120 days after creation. C. The objects with prefix €LOGS€ will be deleted 30 days after creation date. D. Objects containing the name prefix LOGS will be automatically migrated from standard Storage to Archive storage 30 days after the creation date. The object will be migrated back to standard Storage 120 days after creation. |
(Esta pregunta tiene tres trozos de códigos bastante grandes)
Correct Answer: B Reference: https://docs.oracle.com/en-us/iaas/Content/Object/Tasks/usinglifecyclepolicies.htm#namefilters |
You have set an alarm to be generated when the CPU usage of a specified instance is greater than 10%. In the alarm behavior view below you notice that the critical condition happened around 23:30. You were expecting a notification after 1 minute, however, the alarm firing state did not begin until 23:33.
What should you change to fix it? (Choose the best answer.) A. Change the alarm’s metric interval to 1. B. Change the alarm condition to be greater than 3%. C. Change the notification topic that you previously associated with the alarm. D. Change the alarm’s trigger delay minutes value to 1. |
(Esta pregunta tiene un gráfico en línea)
Correct Answer: D Reference: https://medium.com/@harjulthakkar/part-2-basic-operational-tasks-performance-monitoring-alert-notification-8b201f3d3ac9 |
You have ordered two FastConnect connections that provide a high availability connection architecture between your on-premises data center and Oracle Cloud Infrastructure (OCI). You want to run these connections in an ACTIVE/PASSIVE architecture.
How can you accomplish this? (Choose the best answer.) A. Decrease the prefix length of AS for the FastConnect you want to use as PASSIVE connection. B. Enable BGP on the FastConnect that you want as the ACTIVE connection. C. Use AS PATH prepending with your routes. D. Adjust one of the connections to have a higher ASN. |
Correct Answer: C
Reference: https://docs.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/connectivity-redundancy-guide.pdf Routing Details for Connections to Your On-Premises Network (oracle.com) |
The boot volume on your Oracle Linux instance has run out of space. Your application has crashed due to a lack of swap space, forcing you to increase the size of the boot volume.
Which step should NOT be included in the process used to solve the issue? (Choose the best answer.) A. Reattach the boot volume and restart the instance. B. Attach the resized boot volume to a second instance as a data volume; extend the partition and grow the file system in the resized boot volume. C. Stop the instance and detach the boot volume. D. Resize the boot volume by specifying a larger value than the boot volume’s current size. E. Create a RAID 0 configuration to extend the boot volume file system onto another block volume. |
Correct Answer: E
Reference: Resizing a Volume (oracle.com) |
You launched a Linux compute instance to host the new version of your company website via Apache Httpd server on HTTPS (port 443). The instance is created in a public subnet along with other instances. The default security list associated to the subnet is:
(...) Which action would you take to accomplish the task? (Choose the best answer.) A. Create a Network Security Group, add a stateful rule to allow ingress access on port 443 and associate it to the public subnet that hosts the company website. B. In default security list, add a stateful rule to allow ingress access on port 443. C. Create a new security list with a stateful rule to allow ingress access on port 443 and associate it to the public subnet. D. Create a Network Security Group, add a stateful rule to allow ingress access on port 443 and associate it to the instance that hosts the company website. |
Correct Answer: D
Reference: https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/networksecuritygroups.htm Correct answer is D. Since we want to avoid exposing other instances in the same public subnet to the internet, Network Security Groups (NSG) must be used instead of Security Lists. NSG are attached to the VNIC of the instance and not to the subnet |
You are using Oracle Cloud Infrastructure (OCI) services across several regions: us-phoenix-1, us-ashburn-1, uk-london-1 and ap-tokyo-1. You have create a separate administrator group for each region: PHX-Admins, ASH-Admins, LHR-Admins and NRT-Admins, respectively.
You want to restrict admin access to a specific region. E.g., PHX-Admins should be able to manage all resources in the us-phoenix-1 region only and not any other OCI regions. What IAM policy syntax is required to restrict PHX-Admins to manage OCI resources in the us-phoenix-1 region only? (Choose the best answer.) A. Allow group PHX-Admins to manage all-resources in tenancy where request.region= ‘phx’ B. Allow group PHX-Admins to manage all-resources in tenancy where request.permission= ‘phx’ C. Allow group PHX-Admins to manage all-resources in tenancy where request.target= ‘phx’ D. Allow group PHX-Admins to manage all-resources in tenancy where request.location= ‘phx’ |
Correct Answer: A
Reference: https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/commonpolicies.htm#restrict-admin-to-specific-region |
You created an Oracle Linux compute instance through the Oracle Cloud Infrastructure (OCI) management console then immediately realize you forgot to add an SSH key file. You notice that OCI compute service provides instance console connections that supports adding SSH keys for a running instance. Hence, you created the console connection for your Linux server and activated it using the connection string provided. However, now you get prompted for a username and password to login.
(...)(Choose the best answer.) A. You need to configure the boot loader to use ttyS0 as a console terminal on the VM. B. You need to terminate the running instance and recreate it by providing the SSH key file. C. You need to reboot the instance from the console, boot into the bash shell in maintenance mode, and add SSH keys for the opc user. D. You need to modify the serial console connection string to include the identity file flag, -i to specify the SSH key to use. |
Correct Answer: C
Reference: Troubleshooting Instances Using Instance Console Connections (oracle.com) Connecting to an Instance (oracle.com) |
You are launching a Windows server in your Oracle Cloud Infrastructure (OCI) tenancy. You provided a startup script during instance initialization, but it was not executed successfully.
What is a possible reason for this error? (Choose the best answer.) A. Didn’t include anything in user_data. B. Wrote a custom script which tried to install GPU drivers. C. Ran a cloudbase-init script instead of cloud-init. D. Specified a #directive on the first line of your script. |
Correct Answer: D
Reference: Voy con la D porque no sé a que se puede referir “user_data”, si fuera el nombre del script quizá sea la A la correcta. Windows Custom Startup Scripts and Cloud-Init on Oracle Cloud Infrastructure https://cloudbase-init.readthedocs.io/en/latest/userdata.html#batch Answer is D. The Sysnative parameter is required and must be on the first line Selected Answer: A I vote for A. The answer must be a reason that explain why the script does not produce expected results. B is not correct, because there is no reason to prevent installation of GPU drivers. C is not correct because the instance did run cloudbase-init instead of cloud-init, which is exactly what one would expect on a windows instance. D is also not correct because either "#directive" does not make sense or "# directive" (that is a directive starting with pound '#') would be correct (e.g. @ps1_sysnative as someone else has already commented). To recap the only reason that may be actually the |
You have been asked to update the lifecycle policy for object storage using the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI).
Which command can successfully update the policy? (Choose the best answer.) A. oci os object-lifecycle-policy delete -ns <object_storage_namespace> -bn <bucket_name> B. oci os object-lifecycle-policy put -ns <object_storage_namespace> -bn <bucket_name> C. oci os object-lifecycle-policy put -ns <object_storage_namespace> -bn <bucket_name> --items <json_formatted_lifecycle_policy> D. oci os object-lifecycle-policy get -ns <object_storage_namespace> -bn <bucket_name> |
Correct Answer: C
Reference: https://docs.oracle.com/en-us/iaas/Content/Object/Tasks/usinglifecyclepolicies.htm https://docs.oracle.com/en-us/iaas/tools/oci-cli/2.9.5/oci_cli_docs/cmdref/os/object-lifecycle-policy/put.html |
Which statement about Oracle Cloud Infrastructure paravirtualized block volume attachments is TRUE? (Choose the best answer.)
A. Paravirtualized volumes may reduce the maximum IOPS performance for larger block volumes. B. Paravirtualized is required to manage iSCSI configuration for virtual machine instances. C. Paravirtualized volumes become immediately available on bare metal compute instances. D. Paravirtualization utilizes the internal storage stack of compute instance OS and network hardware virtualization to access block volumes. |
Correct Answer: A
Reference: https://docs.oracle.com/en-us/iaas/Content/Block/Concepts/overview.htm#Paravirtualized |
Multiple teams are sharing a tenancy in Oracle Cloud Infrastructure (OCI). You are asked to figure out an appropriate method to manage OCI costs.
Which is NOT a valid technique to accurately attribute costs to resources used by each team? (Choose the best answer.) A. Create a Cost-Tracking tag. Apply this tag to all resources with team information. Use the OCI cost analysis tools to filter costs by tags. B. Create separate compartment for each team. Use the OCI cost analysis tools to filter costs by compartment. C. Create an Identity and Access Management (IAM) group for each team. Create an OCI budget for each group to track spending. D. Define and use tags for resources used by each team. Analyze usage data from the OCI Usage Report which has detailed information about resources and tags. |
Correct Answer: C
Reference: Budgets are set on cost-tracking tags or on compartments not by user groups |
You have been asked to investigate a potential security risk on your company’s Oracle Cloud Infrastructure (OCI) tenancy. You decide to start by looking through the audit logs for suspicious activity.
How can you retrieve the audit logs using the OCI Command Line Interface (CLI)? (Choose the best answer.) A. oci audit event list --end-time $end-time --compartment-id $compartment-id B. oci audit event list --start-time $start-time --compartment-id $compartment-id C. oci audit event list --start-time $start-time --end-time $end-time --compartment-id $compartment-id D. oci audit event list --start-time $start-time --end-time $end-time --tenancy-id $tenancy-id |
Correct Answer: C
Reference: https://docs.oracle.com/en-us/iaas/tools/oci-cli/3.4.0/oci_cli_docs/cmdref/audit/event/list.html |
Your deployment platform within Oracle Cloud Infrastructure (OCI) leverages a compute instance with multiple block volumes attached. There are multiple teams that use the same compute instance and have access to these block volumes. You want to ensure that no one accidentally deletes any of these block volumes.
You have started to construct the following IAM policy but need to determine which permissions should be used. allow group DeploymentUsers to manage volume-family where ANY { request.permission != <???>, request.permission != <???>, request.permission != <???> } Which permissions can you use in place of <???> in this policy? (Choose the best answer.) A. VOLUME_DELETE, VOLUME_ATTACHMENT_DELETE, VOLUME_BACKUP_DELETE B. VOLUME_ERASE, VOLUME_ATTACHMENT_ERASE, VOLUME_BACKUP_ERASE C. ERASE_VOLUME, ERASE_VOLUME_ATTACHMENT, ERASE_VOLUME_BACKUP D. DELETE_VOLUME, DELETE_VOLUME_ATTACHMENT, DELETE_VOLUME_BACKUP |
Correct Answer: A
Reference: https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policyadvancedfeatures.htm https://docs.oracle.com/en-us/iaas/Content/Identity/Reference/corepolicyreference.htm#Core VOLUME_xxx ERASE |
You have a group of developers who launch multiple VM.Standard2.2 compute instances every day into the compartment dev. As a result, your OCI tenancy quickly hit the service limit for this shape. Other groups can no longer create new instances using VM.Standard2.2 shape.
Because of this, your company has issued a new mandate that the Dev compartment must include a quota to allow for use of only 20 VM.Standard2.2 shapes per Availability Domain. Your solution should not affect any other compartment in the tenancy. Which quota statement should be used to implement this new requirement? (Choose the best answer.) A. set compute quota vm-standard2-2count to 10 in compartment dev where request.region = us-phoenix-1 B. set compute quota vm-standard2-2-count to 20 in compartment dev C. zero compute quotas in tenancy set compute quota vm-standard2-2-count to 20 in compartment dev D. zero compute quotas in tenancy set compute quota vm-standard2-2-count to 20 in tenancy dev |
Correct Answer: B
Reference: https://docs.oracle.com/en-us/iaas/Content/General/Concepts/resourcequotas.htm#two |
You set up a bastion host in your VCN to only allow your IP address (140.19.2.140) to establish SSH connections to your Compute Instances that are deployed in a private subnet. The Compute Instances have an attached Network Security Group with a Source Type: Network Security Group (NSG), Source NSG: NSG-050504. (...)
However, after checking the bastion host logs, you discovered that there are IP addresses other than your own that can access your bastion host. What is the root cause of this issue? (Choose the best answer.) A. The Security List allows access to all IP address which overrides the Network Security Group ingress rules. B. All compute instances associated with NSG-050504 are also able to connect to the bastion host. C. The port 22 provides unrestricted access to 140.19.2.140 and to other IP address. D. A netmask of /32 allows all IP address in the 140.19.2.0 network, other than your IP 140.19.2.140 |
(Esta pregunta tiene dos trocitos de codificación)
Correct Answer: B Reference: https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/networksecuritygroups.htm https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/securityrules.htm#use_both |
You are asked to implement the disaster recovery (DR) and business continuity requirements for Oracle (...). Two OCI regions being used: a primary/source region and a DR/destination region. The requirements are:
• There should be a copy of data in the destination region to use if a region-wide disaster occurs in the source region • Minimize costs Which design will help you meet these requirements? (Choose the best answer.) A. Clone block volumes. Use Object Storage lifecycle management to automatically move clone objects to Archive Storage. Copy Archive Storage buckets from source region to destination at regular intervals. B. Clone block volumes. Copy block volume clones from source region to destination region at regular intervals. C. Back up block volumes. Copy block volume backups from source region to destination region at regular intervals. D. Back up block volumes. Use Object Storage lifecycle management to automatically move backup objects to Archive Storage. Copy Archive Stora |
Correct Answer: C
Reference: https://www.oracle.com/explore/oci/best-practices-recovery https://docs.oracle.com/en-us/iaas/Content/Block/Concepts/blockvolumebackups.htm |
A subscriber (...) (1)
A. If OCI Notifications service does not receive an acknowledgement from a subscription endpoint, the service drops the message. Confirm that the subscriber is always online to receive messages to help debug the issue. B. If OCI Notifications service does not receive an acknowledgement from a subscription endpoint, check the NumberOfNotificationFailed metric through the OCI Monitoring service for failed messages. Copy these messages to an OCI Object Storage bucket. Make sure the subscriber has the required credentials to access this bucket to help debug the issue. C. If OCI Notifications service does not receive an acknowledgement from a subscription endpoint, the service tries to redeliver messages for up to one day. Make sure that the subscriber is online at least once a day to D. If OCI Notifications service does not receive an acknowledgement from a subscription endpoint, the service tries to redeliver messages for up to two hours. Configure an alarm on the |
Correct Answer: D
Reference: https://www.oracle.com/devops/notifications/faq/ |
Which technique does NOT help you get the optimal performance out of the Oracle Cloud Infrastructure (OCI) File Storage service? (Choose the best answer.)
A. Limit access to the same Availability Domain (AD) as the File Storage service where possible. B. Serialize operations to the file system to access consecutive blocks as much as possible. C. Right size compute instances from where file system is accessed based on their network capacity. D. Increase concurrency by using multiple threads, multiple clients, and multiple mount targets. |
Correct Answer: B
Reference: https://www.oracle.com/a/ocom/docs/cloud/file-storage-performance-guide.pdf |
What is a key benefit of using Oracle Cloud Infrastructure’s Resource Manager for your Terraform provisioning and management activities? (Choose the best answer.)
A. You can use Resource Manager to apply patches to all existing Oracle Linux interfaces in a specified compartment. B. Resource Manager has administrative privileges by design. Even if your IAM user does not have access, you can leverage Resource Manager to provision new resources to any compartment in the Tenancy. C. You can use Resource Manager to identify and maintain an inventory of all Compute and Database instances across your tenancy. D. Resource Manager manages to Terraform state file for your infrastructure and locks the file so that only one job at a time can run on a given stack. |
Correct Answer: D
Reference: https://docs.oracle.com/en-us/iaas/Content/ResourceManager/Concepts/samplecomputeinstance.htm Resource Manager and Terraform (oracle.com) |
Recently, your e-commerce web application has been receiving significantly more traffic than usual. Users are reporting they often encounter a 503 Service Error when trying to access your site. Sometimes the site is very slow.
(...)configured to allow 20 compute instances. Currently, 14 compute instances have been provisioned by the instance pool. You also confirm that current CPU utilization across all hosts exceeds the scale-out threshold you set in your auto-scaling policy. However, the instance pool is not provisioning any new instances. What can you check to determine why the application is NOT functioning properly? (Choose the best answer.) A. Verify that the new offer feature code did not introduce any performance bugs. B. Verify that the database is accessible. C. Verify that the compute resource quota has not been exceeded. D. Verify that the Quality Assurance team is not currently performing load-testing against production. |
Correct Answer: C
|
You have a 750 MIB file in an Oracle Cloud Infrastructure (OCI) Object Storage bucket. You want to download the file in multiple parts to speed up the download using the OCI CLI. You also want to configure each part size to be 128 MIB.
Which is the correct OCI CLI command for this operation? (Choose the best answer.) A. oci os object get -ns my-namespace -bn my-bucket --name my-large-object --multipart-download-threshold 750 -- parallel-download-count 128 B. oci os object download -ns my-namespace -bn my-bucket --name my-large-object --multipart-download-threshold 750 -- parallel-download-count 128 C. oci os object download -ns my-namespace -bn my-bucket --name my-large-object --resume-put --multipart-download- threshold 500 --part-size 128 D. oci os object get -ns my-namespace -bn my-bucket --name my-large-object --multipart-download-threshold 500 --part- size 128 |
Correct Answer: D
Reference: Using the CLI (oracle.com) https://docs.oracle.com/en-us/iaas/tools/oci-cli/3.4.0/oci_cli_docs/cmdref/os/object.html |
Security Testing Policy describes when and how you may conduct certain types of security testing of Oracle Cloud Services, including vulnerability and penetration tests, as well as tests involving data scraping tools.
What does Oracle allow as part of this testing? (Choose the best answer.) A. Customers are allowed to use their own testing and monitoring tools. B. Customers can simulate DoS attack scenarios as long as it’s restricted to the customer’s own environment. C. Customers can validate that their network resources are isolated from other customer resources. D. Customers are allowed to test Oracle Cloud Infrastructure (OCI) hardware related to resources in their tenancy. |
Security Testing Policy describes when and how you may conduct certain types of security testing of Oracle Cloud Services, including vulnerability and penetration tests, as well as tests involving data scraping tools.
What does Oracle allow as part of this testing? (Choose the best answer.) A. Customers are allowed to use their own testing and monitoring tools. B. Customers can simulate DoS attack scenarios as long as it’s restricted to the customer’s own environment. C. Customers can validate that their network resources are isolated from other customer resources. D. Customers are allowed to test Oracle Cloud Infrastructure (OCI) hardware related to resources in their tenancy. Correct Answer: A Reference: https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_testing-policy.htm |
You are working as a Cloud Operations Administrator for your company. They have different Oracle Cloud Infrastructure (OCI) tenancies for development and production workloads. Each tenancy has resources in two regions - uk-london-1 and eu-frankfurt-1. You are asked to manage all resources and to automate all the tasks using OCI Command Line Interface (CLI).
Which is the most efficient method to manage multiple environments using OCI CLI? (Choose the best answer.) A. Use OCI CLI profiles to create multiple sets of credentials in your config file, and reference the appropriate profile at runtime. B. Create environment variables for the sets of credentials that align to each combination of tenancy, region, and environment. C. Run oci setup config to create new credentials for each environment every time you want to access the environment. D. Use different bash terminals for each environment. |
Correct Answer: A
Reference: https://docs.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsconfigureocicli.htm https://docs.oracle.com/en-us/iaas/Content/API/Concepts/sdkconfig.htm |
Your team implemented a SaaS application that requires a whole system deployment for each new customer. The infrastructure provisioning is already automated via Terraform, and now you have been asked to develop an Ansible playbook to centralize configuration file management and deployment.
What is the most effective way to ensure your playbooks are utilizing up-to-date and accurate inventory? (Choose the best answer.) A. Export an inventory list from the Oracle Cloud Infrastructure Web console. B. Export an inventory list using Terraform apply command. C. Implement a Command Line Interface script to list all the resources and run it within Ansible to generate a dynamic inventory list. D. Download the dynamic inventory script provided by Oracle Cloud Infrastructure and include it in the playbook invocation command. |
Correct Answer: D
Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/ansibleinventoryscript.htm Using the Dynamic Inventory Script (oracle.com) |
An insurance company has contracted you to help automate their application business continuity plan. They have the application running in eu-frankfurt-1 (...)How can you automate the failover process? (Choose the best answer.)
A. Create a Health Check that evaluates both regional endpoints. Create a Traffic Management Steering policy with Failover type and associate it with the Health Check. B. Create a Traffic Management Steering policy with Load Balancer type and add both eu-frankfurt-1 and uk-london-1 endpoints. Attach the Traffic Management Steering policy to the A record. C. Provision a Load Balancer in Frankfurt and associate it with the A record in DNS. Create a backend set with backend servers from both eu-frankfurt-1 and uk- london-1 regions. D. Create a Traffic Management Steering policy and attach it to a backend servers from both eu-frankfurt-1 and uk-london-1 regions. |
Correct Answer: A
Reference: https://docs.oracle.com/en-us/iaas/Content/TrafficManagement/Tasks/trafficmanagement.htm |
You are a Cloud Operations administrator who has recently joined a new department. You have created 10 Terraform stacks using Oracle Cloud Infrastructure (OCI) resource manager. Each stack creates a different set of resources in OCI for your development team.
What determines the cost of these Terraform stacks? A. The cost for each stack will be higher for pay as you go (PAYG) than for monthly flex billing. B. The length of time it takes to build each resource using these Terraform stacks. C. Resource manager stacks are free but you are charged for the resources they create. D. The number of lines of text in your Terraform configuration files. |
Correct Answer: C
Reference: https://www.oracle.com/cloud/systems-management/resource-manager/ https://www.oracle.com/devops/resource-manager/faq/ |
Several development teams in your company have each provided with a budget and a dedicated compartment to be used for testing purpose you are asked to help them to control the cost and avoid any overspending.
What should you do? A. Configure a quota for each compartment to prevent provisioning of any bare metal instance. B. Contact Oracle support and ask them to associate the monthly budget with the Service Limits in every region for which your tenancy is subscribed. The tenancy administrator will receive an alert email from Oracle when the limit is reached. C. Associate a Budget Tag to each resource with monthly budget amount and use that information to prepare a weekly report to send to each team. D. Associate a Budget Tag to each compartment with the monthly budget amount and set an alert rule to notify the developer’s teams when they reached a specific percentage of the budget |
Correct Answer: D
Reference: Explanation Budgets are set on cost-tracking tags or on compartments (including the root compartment) to track all spending in that cost-tracking tag or for that compartment and its children. The following concepts are essential to working with budgets: BUDGET A monthly threshold you define for your Oracle Cloud Infrastructure spending. Budgets are set on cost-tracking tags or compartments and track all spending in the cost-tracking tag or compartment and any child compartments. Note: the budget tracks spending in the specified target compartment, but you need to have permissions to manage budgets in the root compartment of the tenancy to create and use budgets. ALERT You can define email alerts that get sent out for your budget. You can send a customized email message body with these alerts. Alerts are evaluated every 15 minutes, and can be triggered when your actual or your forecasted spending hits either a percentage of your budget or a specified set amo |
You have created several block volumes in the us-phoenix-1 region in a specific compartment. The compartment can be identified by the following Oracle Cloud Infrastructure (OCI) unique identifier, or ocid1.compartment.oc1.phx..exampleuniquelD. Your manager has asked you to leverage the OCI monitoring service and write a metric query showing all read IOPS at a one-minute interval, filtered to this compartment and aggregated for the maximum.
Which metric query will you create? A. IopsWrite[lm]{compartmentId=Hocidl.compartment.ocl.phx..exampleuniquelD"}.mean() B. IopsRead[lm]{compartmentId="ocldl.compartment.ocl.phx..exampleuniquelD"}.max() C. IopsRead[lm]{compartmentId="ocidl.compartment.ocl.phx..exampleuniquelD"}.grouplng().max() D. IopsRead[lm]{compartmentId = "odd 1.compartment.ocl.phx..exampleuniquelD"}.grouping().mean() |
Correct Answer: C
Reference: Example, the following query returns the maximum (max()) IopsRead metric data at a one-minute interval, filtered to a compartment, with all results aggregated. IopsRead[1m]{compartmentID = "<compartment_OCID>"}.grouping().max() https://docs.cloud.oracle.com/en-us/iaas/Content/Monitoring/Tasks/buildingqueries.htm |
You have been brought In to help secure an existing application that leverages Object Storage buckets to distribute content. (...)data must be rotated every 30 days.
Which design option will meet these requirements? A. Use Pre-Authenticated request, even though there will be multiple URLs this will provide better security. B. Create a private bucket only to share the data. C. Create a new group and map users to this group, create a IAM policy providing access to Object Storage service only to this group. Users can then simply login to OCI console and retrieve needed flies. D. Create multiple bucket and classify them as Public and Private. Use public bucket for non-sensitive data and private bucket for sensitive data. |
Correct Answer: A
Pre-authenticated request has expiration date and can generate new unique URL every 30 days |
You are system administrator at a retail company. You Just received a ticket stating that the
account team is unable to access an internal application. The application is running behind an Oracle Cloud Infrastructure (OCI) Public Load Balancer and is using a compute instance pool with autoscaling enabled. You noticed some deleted items In the Audit Log while troubleshooting. Which resource deletion could have caused this Issue? A. The Route Table rules associated with the subnet within the Virtual Cloud Network (VCN) B. An Object Storage bucket containing transaction log backups C. NAT Gateway and the Route Table associated with the Virtual Cloud Network (VCN) D. Internet Gateway and the Route Table associated with the Virtual Cloud Network (VCN) |
Correct Answer: A
To delete a route table Prerequisite: To delete a route table, it must not be associated with a subnet yet. You can't delete the default route table in a VCN. To delete an internet gateway Prerequisite: The internet gateway does not have to be disabled, but there must not be a route table that lists it as a target. Each VCN automatically comes with a default route table that has no rules. If you don't specify otherwise, every subnet uses the VCN's default route table. When you add route rules to your VCN, you can simply add them to the default table if that suits your needs. However, if you need both a public subnet and a private subnet (for example, see Scenario C: Public and Private Subnets with a VPN), you instead create a separate (custom) route table for each subnet. Each subnet in a VCN uses a single route table. When you create the subnet, you specify which one to use. You can change which route table the subnet uses at any time. You can also edit a route table |
You have been tasked with allocating an identity to one of your compute instances that needs to
retrieve and process static files that are stored in an Object Storage bucket. After creating a dynamic group with a matching rule that specifies the OCID of the compute instance, you discover that the API calls are failing. Which step should you take to resolve this issue? A. Create IAM policies to permit users in these groups to make API calls against Oracle Cloud Infrastructure services. B. Initial credentials must be initialized using OCI console for the Instance in dynamic group. This can be a bulk operation. C. Create IAM policies to permit instances in these groups to make API calls against Oracle Cloud Infrastructure services. D. Once instances are in dynamic group no additional steps are required. |
Correct Answer: C
https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingdynamicgroups.htm |
To take advantage of cloud agility and burst computing capability, ABC Automobiles have
extended their data center to a Virtual Cloud Network (VCN). In Oracle Cloud Infrastructure's (OCI) us-phoenlx-1 region. They have several members in their Cloud Operations (CloudOps) team that need I access the OCI management console. The security administrator does not want to create new IAM users and credentials that would then need to be distributed to each CloudOps member. Which option will help solution architect meet the needs for CloudOps? A. Use an existing SAML 2.0 compliant identity provider (IdP) to grant CloudOps members federated access to OCI Console via the OCI single sign-on (SSO) endpoint. B. Use Web Identity Federation to retrieve an AuthToken to enable CloudOps members to sign into the OCI Console. C. Use OAuth 2.0 to retrieve temporary credentials to enable your CloudOps members to sign into the OCI Console. D. Use on-premises SAML2.0 compliant identity provider (IdP) to retriev |
Correct Answer: A
Oracle Cloud Infrastructure supports federation with Oracle Identity Cloud Service and Microsoft Active Directory (via Active Directory Federation Services (AD FS)), Microsoft Azure Active Directory, Okta, and other identity providers that supports the Security Assertion Markup Language (SAML) 2.0 protocol. Federated users choose which identity provider to use for sign-in, and then they're redirected to that identity provider's sign-in experience for authentication. After entering their login and password, they are authenticated by the IdP and redirected back to the Oracle Cloud Infrastructure Console. by this way, you don't need to create IAM user in OCI console for each operation user and can use their credentials in identity provider and user SSO to login to OCI console |
As the operations administrator for your company's Oracle Cloud Infrastructure (OCI), you have
been entrusted the task of ensuring that data being accessed by the application is encrypted. Your application portfolio Includes both Virtual Machine (VM) and Bare Metal (BM) database systems. Which method should you use to achieve encryption of data in-transit? A. Configure backup encryption for RMAN backup sets before transferring data B. Native Oracle Net Services encryption and integrity capabilities C. Key Store/Wallet service for on the fly encryption of data in transit D. Data is encrypted at rest using TDE and no additional encryption is needed |
Correct Answer: B
In Oracle Database Cloud Service databases, data security is provided for data in transit and data at rest. Security of data in transit is achieved through network encryption. Security of data at rest is achieved through encryption of data stored in database data files and backups. To secure connections to your Oracle Database Cloud Service databases, you can use native Oracle Net Services encryption and integrity capabilities. Encryption of network data provides data privacy so that unauthorized parties are not able to view data as it passes over the network. In addition, integrity algorithms protect against data modification and illegitimate replay. |
An organization wants to extend their existing on-premises data centers to the Oracle Cloud
Infrastructure (OC1) us-phoenix-1 region. In order to achieve It, they have created an IPSec VPN connection between their Customer-Premises Equipment (CPE) and Dynamic Routing Gateway (DRG) on. How can you make this connection highly available (HA)? A. Add another Dynamic Routing gateway In a different Availability Domain and create another IPSec VPN connection. B. Add another Customer-Premises Equipment (CPE) and create second IPSec VPN connection with the same Dynamic Routing Gateway (DRG). C. Create a NAT Gateway and route all traffic through a NAT Gateway, which is highly available component. E. Add another Dynamic Routing Gateway in a different Availability Domain, and create another IPSec VPN connection with another Customer Premises Equipment (CPE). |
Correct Answer: B
IPSec VPN Best Practices Configure all tunnels for every IPSec connection: Oracle deploys multiple IPSec head ends for all your connections to provide high availability for your mission-critical workloads. Configuring all the available tunnels is a key part of the "Design for Failure" philosophy. (Exception: Cisco ASA policy-based configuration, which uses a single tunnel.) Have redundant CPEs in your on-premises locations: Each of your sites that connects with IPSec to Oracle Cloud Infrastructure should have redundant CPE devices. You add each CPE to the Oracle Cloud Infrastructure Console and create a separate IPSec connection between your dynamic routing gateway (DRG) and each CPE. For each IPSec connection, Oracle provisions two tunnels on geographically redundant IPSec headends. Oracle may use any tunnel that is "up" to send traffic back to your on-premises network. For more information, see Routing for the Oracle IPSec VPN. Consider backup aggregate routes: If |
1. Where are the Oracle Cloud Infrastructure block volume backups stored?
A. In a File Storage B. In another block volume in a different region C. In the Object Storage D. In another block volume in the same region |
Correct: C
|
2. You are using Terraform to create a sandbox environment for the development team. This environment consists of an Oracle Cloud Infrastructure virtual cloud network, two compute resources, and a database instance. As part of the Terraform configuration, you need to run a script on the two compute instances that will configure the connection to the database. Which Terraform feature should you leverage to accomplish this task?
A. The instance data source B. The local-exec provisioner C. The Oracle Cloud Infrastructure provider D. The remote-exec provisioner |
Correct: D
|
3. Which two statements are true about Object Storage replication?
(Choose all correct answers) A. After a replication policy is created, the destination bucket is read/write by default. B. Replication overwrites any object in the destination bucket that has the same name as an object in the source bucket. C. It protects from regional outages and helps in disaster recovery. D. Objects uploaded to a source are synchronously replicated to the destination bucket. |
Correct: B, C
|
4. What is the Oracle Cloud Infrastructure Command Line Interface used for?
A. automating simple, repeatable actions B. managing application configuration C. creating complex application architecture D. managing application deployment |
Correct: A
|
5. Which Oracle Cloud Infrastructure Service allows customers to configure routing policies for serving intelligent responses to DNS queries?
A. Route Tables B. Health Check C. Load Balancer D. Traffic Management |
Correct: D
|
6. Which three are valid use cases for using Oracle Cloud Infrastructure cost-tracking tags? (Choose all correct answers)
A. set up budgets based on resources grouped by tags B. set up autoscaling policies based on tags C. filter projected costs based on tags D. track resource usage based on tags |
Correct: A, C, D
|
7. The backups for a block volume are triggered every week and retained for four weeks. Additional ones are created every month, which are retained for twelve months. Which Automated policy is configured for this backup?
A. Gold B. Bronze C. Custom D. Silver |
Correct: D
|
8. Which statement is FALSE regarding multipart uploads?
A. Multipart uploads are initiated by making a CreateMultipart Upload REST API call. B. A commit is performed after all object parts are uploaded. C. Uploads cannot be restarted if they fail due to a network issue. D. Multipart uploads are performed to upload objects larger than 100 MiB |
Correct: C
|
9. How can you provide user access to an existing compartment in Oracle Cloud Infrastructure?
A. by adding users to a compartment. All users in the compartment will have access to the resources in the compartment B. by granting access directly to the user when the user is created C. by granting users access to the compartment when the compartment is created D. by adding users to a group and defining a policy to provide group access to the compartment |
Correct: D
|
10. Which service intercepts HTTP/S traffic and passes them through a set of filters and rules to protect against attack streams?
A. Vault B. WAF C. IAM D. Cloud Guard |
Correct: B
|
11. Which three can leverage the Oracle Cloud Infrastructure Traffic Management Service?
(Choose all correct answers) A. Controlled migration from a data center to Oracle Cloud Infrastructure B. Steering traffic to other cloud providers and enterprise data centers C. Steering internal traffic between two Virtual Cloud Networks D. Serving different responses for internal users and external users |
Correct: A, B, D
|
12. Which three tasks can be done using Ansible?
(Choose all correct answers) A. Audit B. Workflow automation C. Analytics D. Application deployment |
Correct: A, B, D
|
13. A working Linux instance stops responding. Which is the correct way to troubleshoot the issue?
A. Terminate the instance. B. Change the ssh keys. C. Create an instance console connection and check the console logs D. Check query performance. |
Correct: C
|
14. Which statement is true about the Oracle Cloud Infrastructure audit logs retention period?
A. You can configure log retention for up to 365 days. B. The log retention duration cannot be changed. C. You can configure log retention for 60 days. D. You can configure log retention for any duration of time. |
Correct: A
|
15. If the traffic does not flow correctly, which three might cause issues in the IPSec connection?
(Choose all correct answers) A. Incorrect protocol configured for the listener B. Overlapping CIDRs C. Multiple SPIs with policy-based tunnels D. An inconsistent ping result from on-premises to the Oracle Cloud Infrastructure device |
Correct: B, C, D
|
16. Which action do you need to perform to push a new image to the Oracle Cloud Infrastructure (OCI) Registry?
A. Generate a public private key pair to authenticate via Docker CLI. B. Generate an API signing key to complete the authentication via Docker CLI. C. Generate an auth token to complete the authentication via Docker CLI. D. Assign an OCI-defined tag via OCI CLI to the image. |
Correct: C
|
17. All the backend server health status indicators report OK, but the load balancer does not pass traffic on a listener. What are two possible causes of this issue?
(Choose all correct answers) A. The compute instance does not have the correct ssh-key assigned. B. Health check is misconfigured. C. Listeners are configured to listen on the wrong port. D. Listeners are using the wrong protocol. |
Correct: C, D
|
18. Which Traffic Management Steering Policy dynamically routes traffic requests based on the originating IP prefix?
A. DNS Steering B. IP Prefix Steering C. Failover D. Geolocation |
Correct: B
|
19. What is the default location of the file created to organize the servers managed by Ansible?
A. /etc/ansible/config/hosts B. /etc/ansible/hosts C. /etc/ansible/systems D. /etc/hosts |
Correct: B
|
20. You have created the following JSON file to '[
{ ""action"": ""ARCHIVE"", ""is-enabled"": true, ""name"": ""ArchiveAfter30Days"", ""object-name-filter"": { ""inclusion-prefixes"": [ ""documents"" ] }, ""time-amount"": 30, (,,,,,,,,,) A. Objects containing the name prefix “documents” will automatically be moved from Standard Object Storage to Archive Storage 30 days after the date of creation, but because of policy error will have to be manually deleted after 180 days. B. Objects containing the name prefix “documents” will automatically be moved from Standard Object Storage to Archive Storage 30 days after the date of creation. C. Objects containing the name prefix “documents” will automatically be moved from Standard Object Storage to Archive Storage 30 days after the date of creation. Other objects will be deleted after 180 days. D. Objects containing the name prefix “documents” will automatically be moved from Standard Object Storage to Archive Storage after 30 days and then dele |
Correct: D
|
21. What is used to automate copying block volume backups from one region to another seamlessly?
A. Silver backup policy B. User-defined backup policy C. Bronze backup policy D. Gold backup policy |
Correct: B
|
22. Which Oracle Cloud Infrastructure Service monitors endpoints across a hybrid infrastructure?
A. Health Checks B. Monitoring C. Notifications D. Logging |
Correct: A
|
23. Which three are components of a Monitoring Query Language expression?
(Choose all correct answers) A. alarm B. metric C. interval D. statistics |
Correct: B, C, D
|
24. Which three SDKs are supported on Oracle Cloud Infrastructure?
(Choose all correct answers) A. Go B. Java C. TypeScript D. C# E. R |
Correct: A, B, C
|
25. Which three are typical responses from WAF?
(Choose all correct answers) A. Audit log the request B. An error page due to a blocked request C. Allow the request to pass D. Redirect the request |
Correct: A, B, C
|
26. Which alarm state is seen if the alarm metric is no longer being emitted?
A. Cancelled B. Suspended C. Reset D. Firing |
Correct: C
|
27. What is the most secure place to store secret keys on Oracle Cloud Infrastructure?
A. Cloud Guard B. Vault C. Config files D. Code Files |
Correct: B
|
28. A user is unable to mount a file system to access the data from a local data center via VPN.
What is causing the issue? A. The instance is in a different region. B. A mount point has been created. C. Port 111 is allowed as a stateful ingress rule. D. The NFS client is installed. |
Correct: A
|
29. What is the difference between service limits and compartment quotas?
A. Both service limits and compartment quotas are identical. B. Service limits can be increased by administrators, while compartment quotas cannot C. Service limits are set by Oracle, while compartment quotas are set by administrators. D. Service limits are the limits on the overall billing, while compartment quotas are limits for a specific resource. |
Correct: C
|
30. Which two statements are true about the Oracle Cloud Infrastructure Cost Analysis Tool?
(Choose all correct answers) A. Costs can be filtered by Compartment, Date, and Service Limit. B. Costs can be filtered by Date, Tags, and Compartments. C. The tool can be accessed by all users. D. The tool can only be accessed by members of the ADMINISTRATOR group. |
Correct: B, D
|
31. What is the measurement related to the health, capacity, or performance of a given resource called?
A. Metadata B. Metric C. Dimension D. Namespace |
Correct: B
|
32. Which three Terraform actions can be executed against a Stack in the Resource Manager?
(Choose all correct answers) A. Destroy B. Plan C. Create D. Apply |
Correct: A, B, D
|
33. Which Oracle Cloud Infrastructure service enables you to set up communication channels to publish messages using topics and subscriptions?
A. Alarm B. Notification C. Broadcast D. Monitoring |
Correct: B
|
34. Which two options show the correct scope for setting up Oracle Cloud Infrastructure budgets?
(Choose all correct answers) A. Namespace B. Compartment C. User-defined tag D. Tenancy E. Cost-tracking tag |
Correct: B, E
|
35. Which three algorithms are supported by Vault?
(Choose all correct answers) A. ECDSA B. RSA C. EDSCA D. AES |
Correct: A, B, D
|
36. To better manage resource utilization in your environment, you have decided to create alerts that notify your team each time a new compute instance is created. Which two resources do you need to create to accomplish this task?
(Choose all correct answers) A. Create a new subscription in the Notification Service to subscribe to all Event Service rules. B. Create a new metrics query in the Monitoring Service with the metric namespace “oci_computeagent” and the dimension name “resourceId”. C. Create a new topic in the Notifications Service and subscribe your email address to the topic. D. Create a rule in the Event Service that is activated by the Instance - Launch End event type. E. Create a new instance pool and assign an autoscaling policy to create additional instances when the aggregate CPU utilization exceeds 80%. |
Correct: C, D
|
37. You are an admin for an Oracle Cloud Infrastructure tenancy and you are using the Monitoring Service to monitor your team’s cloud resource usage.
Which is true regarding the Monitoring Service? A. Metric and alarm data are accessible via the Console only. B. You can publish only default metrics to the Monitoring Service and not the custom metrics. C. You cannot create alarms with nested queries. D. The Monitoring Service uses metrics to monitor resources and alarms to notify about metrics. |
Correct: D
|
1. You recently joined the Site Reliability team at a new company and found out that their most heavily used application uses immutable instances within the Web tier. During a cursory review of the monitoring dashboard, you notice that 1 of the 11 instances appears to be unhealthy.
Which action would you perform first to resolve this issue? A. Connect to the server via SSH and view the contents of the /var/log/messages file. B. Stop the instance, wait for 5 minutes, and then start the instance back up. C. Create a clone of the instance. D. Terminate the instance and replace it using the appropriate image. |
Correct: D
|
2. Which statements are true about using Ansible on OCI? (Choose three)
(Choose all correct answers) A. The task sequence in your Ansible Playbook does not matter. B. You can use Ansible to create and destroy OCI resources, such as compute instances and load balancers. C. Ansible will evaluate dependencies and execute tasks in the most effective sequence. D. You can use Ansible to collect billing and usage data for your OCI tenancy. E. You can use Ansible to execute a shell command on a collection of hosts. F. You can use Ansible to restart Apache on all web servers as defined in inventory. |
Correct: B, E, F
|
3. Which is NOT a supported SDK on Oracle Cloud Infrastructure?
A. Ruby SDK B. PHP SDK C. Python SDK D. Java SDK E. Go SDK |
Correct: B
|
4. Examine the command:
oci os ns get Why would you need to execute this command? A. to check the connectivity to OCI B. to configure the OCI CLI C. to display the operating system details D. to configure the cloud shell |
Correct: A
|
5. Your team recently deployed a custom Java application to a collection of 10 OCI Compute instances. The application is used only for 10 hours each day. To save money, you devise a plan to stop the instances at the end of the day when they are no longer needed, and start them each morning shortly before they will be used.
Which would be the easiest method to implement this plan? A. Use Terraform. B. Start and stop resources in the OCI Management Console each day. C. Write a custom application using the Java SDK. D. Use the OCI Command Line Interface. |
Correct: D
|
1. Which statement is true about Object Storage replication?
A. Replication creates a copy of any object with the same name in the destination bucket. B. Objects uploaded to a source are synchronously replicated. C. After the replication is enabled, the destination bucket becomes read-only. D. Replication is not supported in the object storage. |
Correct: C
|
2. Which statement is true about attaching a volume to multiple instances?
A. It can be attached to up to 16 instances in read-only mode. B. It does not provide coordination for concurrent reads. C. It can be attached only to up to eight instances in read/write mode. D. It can be attached to multiple instances in read-only mode only. E. It can be attached only in read-only or read/write mode; cannot be changed once attached. |
Correct: B
|
3. At which level is versioning defined in object storage?
A. Availability Domain level B. visibility level C. fault domain level D. bucket level |
Correct: D
|
4. You are managing two applications that consist of multiple compute instances with multiple block volumes. You want to create backups of block volumes efficiently.
How would you do this? A. Create on-demand backups of the block volumes. B. Group together multiple block volumes into a volume group and create volume group backups. C. Create clones of block volumes. D. Create scripts to automate the backup of block volumes. |
Correct: B
|
5. What are the advantages of using OS Management Service? (Choose two)
(Choose all correct answers) A. It enables you to manage updates and patches for the operating system on OCI instances. B. It manages only Linux-based instances. C. It removes common vulnerabilities. D. It enables you to manage the instances of different operating systems in a group. |
Correct: A, C
|
1. In which scenarios does the load balancer health status prove helpful? (Choose two)
(Choose all correct answers) A. VCN network security groups or security list blocks traffic. B. IPSec or FastConnect connection is not configured properly. C. Route tables are not configured properly to connect to a compute. D. VCN is not configured properly. |
Correct: A, C
|
2. Which is a common error when connecting to a compute using SSH at the client side?
A. permission error for the private key B. password mismatch C. VCN not configured properly D. permission error for the public key |
Correct: A
|
3. Which are the types of instance console connections? (Choose two)
(Choose all correct answers) A. Remote console connections B. OCI console connections C. Serial console connections D. VNC console connections |
Correct: C, D
|
4. What are the various statuses returned by Health check? (Choose two)
(Choose all correct answers) A. CONNECT_FAILED B. CONNECTION_FAILED C. IO_CONNECT_ERROR D. INVALID_STATUS_CODE |
Correct: A, D
|
5. Which is a common error during block storage multi attach?
A. Block volume is shared by more than eight instances. B. Block volume is not configured in shareable mode. C. Block volume is configured in read/write mode. D. Block boot volume is configured as non-shareable. |
Correct: B
|
1. Which statements are true about OCI Audit service? (Choose three)
A. It retains the audit logs by default for 365 days. B. It logs all calls to API endpoints. C. It is supported by all OCI services. D. It records only the API activity. E. It records only the action and response of the API activity. |
Correct: A, B, C
|
2. What is the retention period for Audit logs by default?
A. 60 days B. 180 days C. 90 days D. 365 days |
Correct: D
|
3. Which resources can be managed by using the OCI Vault service? (Choose three)
backup files A. keys B. vaults C. secrets D. audit logs |
Correct: A, B, C
|
4. Which are the various algorithms supported by OCI Vault Service? (Choose three)
A. ECDSA B. PKCS1 C. RSAES D. RSA E. AES |
Correct: A, D, E
|
5. Which statements are true about Web Application Firewall (WAF)? (Choose two)
A. It blocks HTTPS requests only and responds with an error page. B. It intercepts HTTP/S traffic and passes it through a set of rules. C. It intercepts HTTP traffic only and filters it against the set rules applied. D. It protects from attacks over the web application. |
Correct: B, D
|
1. Which are the various alarm states of the alarm feature in the Monitoring service? (Choose three)
A. Suspended B. Snooze C. Triggered D. Firing E. Reset F. Ringing |
Correct: A, D, E
|
2. In which scenarios can OCI Notifications service be used? (Choose three)
A. to get notified when alarms are fired B. to get notified of the resources consumed in the tenancy C. to publish a message D. to get notified when event rules are triggered E. to get notified of unauthorized login or access |
Correct: A, C, D
|
3. Which are the different ways to access monitoring service? (Choose four)
A. OCI Resource Manager B. REST API C. SDK D. Terraform E. Ansible F. OCI Console |
Correct: B, C, D, F
|
4. Which statement is true about the Monitoring service?
A. You cannot create alarms with nested queries. B. The Monitoring service uses metrics to monitor resources and alarms to notify about metrics. C. Metric and alarm data is accessible only via the Console. D. You can publish only default metrics to the Monitoring service, not custom metrics. |
Correct: B
|
5. Which statements are true about the OCI Notifications service? (Choose two)
A. It enables you to set up communication channels for publishing messages. B. It uses metrics to broadcast notifications to subscribers. C. It broadcasts messages to distributed components in a publish-subscribe pattern. D. It monitors resources and sends notification alerts to subscribers. |
Correct: A, C
|
1. Which can be used for setting up Oracle Cloud Infrastructure (OCI) budgets? (Choose two)
A. cost-tracking tag B. user-defined tag C. namespace D. tenancy E. compartment |
Correct: A, E
|
2. Which reports would you use to analyze the spending in the Oracle Cloud Infrastructure tenancy?
A. Cost reports B. Spend reports C. OCI Consumption reports D. Usage reports |
Correct: D
|
3. Which of the following are covered in end-to-end SLAs? (Choose three)
A. availability B. manageability C. performance D. support E. reliability |
Correct: A, B, C
|
4. Which are the different Pricing models available? (Choose three)
A. License Included B. Yearly Flex C. Monthly Flex D. Pay As You Go E. Bring Your Own License |
Correct: C, D, E
|
5. Which are the various factors that impact pricing? (Choose three)
A. services consumed B. data transfer C. selection of the OCI region D. type of resource E. selection of Availability Domains for high availability |
Correct: A, B, D
|
Which function CANNOT be performed using Terraform in OCI?
A. Provisioning B. Multicloud C. Monitoring D. Destroy E. Manage |
Correct: C
|
You have been hired to manage OCI. One of the first tasks is to launch new instances at scale. This can be done form the console, however you want to replicate this to multiple regions. What process would help this task?
A. Launch a VM shape form the console, and then an create instance configuration. B. Create script using OCI CLI that will launch an instance, create the instance configuration, and then migrate the image to the secondary region. C. Launch a VM shape from the console, and create a custom image. D. Clone the block volume of the current VM shape |
Correct: B
Reference: Option A, if you read the question carefully, there was a hint. That's this can be done from the console. However, so maybe we are looking for some alternate, right? Let's look at choice B. Create a script using OCI CLI-- so OCI CLI we know is for a repetitive task-- that will launch an instance, create the instance configuration, and then migrate the image to a secondary region. That seems like a very good choice, but we can't choose it yet. We got to go to other options. C, launch a VM shape from the console and create a custom image. But then it stops short of then what to do with the image. Clone the block volume. Well, there are a lot of other things in an instance other than the block volume, like boot volume. So this is not a complete answer. So the best answer over here is B. Because we want to replicate it to multiple regions, that means repetitions. And that's where infrastructure as a code comes in. that's where the client utilities come in. Because all |
Q3: Performance Tuning and Troubleshooting
Identify the requirement for implementing Block storage Multi Attach feature in OCI? A. Configure Service gateway B. All volume attachments must be configured as exclusive C. Compute instances must be in same availability domain D. All volume attachment must be configured as read-write |
Correct: C
Reference: Choice A, Service gateway is something that gives us private connectivity to Oracle's services like Object Storage. The question is on Block Storage. A's out. B. Multi-attach has to be shared. So we can eliminate that. C. That could be the answer, but let's look at at D. D. Well, that's a very tricky answer. The options when we are configuring is read-write, which is for a single instance. It has to be read-write shareable or read-only. So as you can see, we are going on a deep dive over here. We are looking for multi-attach. So read-write is for a single instance. If it's a multi-attach, it has to be read-write shareable. So that leaves us with one choice, and that's number C, computer instances must be in the same availability domain. |
A VCN has four instances in one of its public subnet and all four instances can access the internet. You create another public subnet, associate it with the same security list as the other public subnet, and create an instance in the subnet. Upon testing, you are not able to access the new instance via SSH from the public internet. Which of the following is the most likely reason?
A. You need to attach a NAT Gateway to this subnet. B. Create a service gateway to allow traffic connectivity with the internet. C. Associate the route table with its default route to the internet gateway of your VCN. D. Associate the route table with its default route to the service gateway. |
Correct: C
Reference: VCN has four instances in one of its public subnet and all four instances can access the internet. Public subnet, four instances, internet. Those are the keywords. A, folks, is when we want one-way private access to the internet. We can eliminate that. B, Service gateway is private to services like object storage. We can eliminate B, left with two. And that leaves us with C, and that is the right answer, because what is failing is SSH from public internet. |
Q5: Managing Cost
How will you control and monitor how much block storage can be consumed in a compartment, control and monitor? A. Use the right IAM policies. B. Use Limits and Quotas. C. Configure the max size for block volumes. D. Set up security zones. |
Correct: B
Reference: Well, when we talk about IAM policies, that's basically who can create and who can manage. It's not about control and monitor. B, that's a much better choice than A. C. Can't remember such feature. I believe there's a max size of block volume, but I don't think that's part of configuration. Security zones is what activities we don't want to permit. So it has not to do with consumption. It has to do with what you are not allowed. So if I don't want to permit a public bucket, I can set up security zones. So I need to choose between A and B. So control and monitor, if we set our limits and quotas, then we can monitor to see how much is left. So B is a much better answer for controlling and monitoring, and that's the right answer. |
Q6: Managing Cost
One of the new projects at the company has been going over budget every month. You have been tasked with creating an alert and reducing cost on this project. When looking in OCI, you notice that the test environment is running VM standard2.24. Per CPU usage, you find it's only at 10%. First thing you do is tell the developers to reduce the shape. Then you set the quota limits in the account. What would the quota policy look like to lock this compartment to only smaller shapes? A. zero compute quotas in tenancy, set compute quota vm-standard2-4-count to 10 in tenancy. B. set compute quota vm-2-4-count to 10 in compartment test. C. zero computer quotas in tenancy, set compute quota vm-standard2-1-count to 10 in compartment test where request.region = us-phoenix-1. D. zero compute quotas in tenancy, set compute quota vm-standard2-1-count to 10 in compartment.name = test. |
Correct: B
Reference: B, I like that one better than A, because the focus is not tenancy, it's just compartment test. C, zero computer quotas in tenancy, C, There was nothing in the question about Phoenix. Still, I'll go with B. D, There's a problem with that syntax right there, compartment.name = test, that is not how we write policy with the compartment. |
Q7: Security and Compliance
Identify the two correct statements when moving compartments to another compartment in OCI? A. The destination compartment must have the same levels. B. The destination parent compartment must be empty. C. The destination compartment cannot have pre-existing child compartment with the same name. D. Policy statements can be edited by OCI automatically under certain conditions. E. All policies have to be dropped and recreated after a move is successful. |
Correct: C, D
Reference: A and B, but I don't think that's true. C, Well, that sounds like a reasonable correct statement. Because look at any application. When you are even moving your file, if there is a duplicate name, moving into a subdirectory, you can't do that. So I like C. D, there are cases when we move a compartment from one compartment to another, the policies automatically get transferred, and that's what under certain conditions are. So it seems like C and D are the right answers. |
Q8: Security and Compliance
Identify the three core functionality of OCI Audit service? A. Automatically record calls to OCI service API endpoints. B. Stops unauthorized actions by users. C. Terraform and Ansible calls are not audited. D. Create audit logs to perform diagnostics. E. Log retention is changeable. |
Correct: A, D, E
Reference: A, That’s looks good. B, Auditing never stops anybody. It audits everyone. It audits what you can do and audits what you cannot do, because the whole idea is to capture the rogue actors. So A is good, D is good. B, we eliminated. E, You can change it, I believe, from 90 days, whatever the default is, to some other value. So that means we are left with three correct answers, A, D, and E. And I remember there is something that's not audited, but that's SSH call, not Terraform and Ansible. API calls are audited. But if you are doing SSH calls, they are not audited. So sometimes things ring a bell, and that's the reason we have to listen and watch the modules very carefully. |
Q9: Monitoring and Alerting
Identify which component is optional part of MQL expression for monitoring service in OCI? A. Metric B. Interval C. Grouping function D. Statistics |
Correct: C
Reference: Metrics are derived from statistics. So if we don't have statistics, we can't have metrics. So now we need to choose between interval and grouping function, which could be optional. Grouping function does some kind of summary. So interval is how often. So grouping function is the one I think could be optional, and that is correct. So when we are writing an MQL expression, grouping function can be added, but it's not mandatory. |
Q10: Monitoring and Alerting
After creating a new three-tier web application, you want to gain insight into performance. You have decided to implement monitoring on the application. The first one that is set up is for oCPU of the VM shape. The alarm states >60% CPU notify PagerDuty + Email for 1 minute. You start seeing emails filling up your inbox. What is the first step to take to stop this? A. Delete the alarm as it is sending too many emails. B. Adjust the alarm threshold to >80%CPU and remove PagerDuty + Email. C. Delete the alarm and create a new one with >70%CPU D. First suppress the alarm and then make adjustments to the configuration. |
Correct: D
Reference: The first step, delete the alarm as it is sending too many emails. Maybe that's what I need to do, but let's look at other options. So B and C, we are kind of changing the rules that were set up for the one end, so I don't know if that's going to be the first step, or maybe we need to have a meeting, and we can do it after that. So let's hold on to that. Let's look at D. Folks, that is what sounds like real one, OK? Because the email is filling up, so if I suppress the alarm, I'm not changing anything. And I'm taking the first step to stop this problem, and D is the right answer. |
Q11: Data Retention and Archival
A third party has requested access to Audit logs from OCI for the last one month. How will you fulfill this request without granting direct access to audit logs in OCI? A. You can export these logs to a zip file and then give it to the auditors. B. You have to submit a service request to Oracle Support. C. You can export these logs to object storage and then grant access to object storage. D. Auditors can use REST APIs for these logs which bypasses authentication. |
Correct: B
Reference: D, So I would discard that, because REST APIs, they don't bypass authentication. Everything gets authenticated. It could be using Auth Token or some other method. C sounds like a reasonable option, but the truth is that you cannot do that. You cannot export these logs. You have to submit a service request, and B is the right answer. |
Q12: Data Retention and Archival
A third party has requested access to data stored in OCI Object Storage Bucket so your Object Storage administrator creates a pre-authenticated request (PAR) for it. Which two statements about PAR are correct? A. PARs have expiration date which determines the length of the time the PAR stays active. Once a PAR expires, it can no longer be used. B. You cannot delete a bucket that has PAR associated with it. C. If permissions of the user who creates the PAR change - such that they no longer have access to the bucket - it will not affect the functionality of the PAR. D. You can extend the expiration date of PAR. E. You will not be able to create a PAR on the public bucket. |
Correct: A, B
Reference: PARs have expiration date which determines the length of the time the PAR stays active. Once a PAR expires, it can no longer be used. That is correct. D, that's not possible. E, that's also not correct. So permissions of the user who creates the PAR changes. I don't think that should impact the PAR. Maybe in the future they cannot create a PAR, right? So there is a trick in C, if permission of the user who creates the PAR changes. So the correct answers are A and B. So that's the reason I'm reading the question is very important. So if these were permissions of the user who is trying to access them, we could be looking at a different scenario. But this was the user who created the PAR. So A and B are the two statements that are correct about the PAR. |
Q13: Designing for Cloud-Scale Agility
You have been asked to design and manage a three-tier web application. The application will need to scale to meet the customer’s needs as they regular release promotions on the site. What are the service or features you will need to create the setup? A. Custom image, Load Balancer, and Instance configuration. B. Autoscaling, Instance configuration, and Load Balancer. C. Instance and Load Balancer. D. Autoscaling and VM shape. |
Correct: B
Reference: So the key here is the application will need to scale. The DBA and the developer is not scaling, the application will need to scale. A, I'll discard it because of custom image. B, sounds like a very good choice, but let's look at C. C, It's a subset of B, so I'll still go with B. |
Q14: Designing for Cloud-Scale Agility
Which three features in an OCI can help with application performance in Hybrid Cloud configurations? A. Load Balancers. B. FastConnect. C. Archive Object Storage. D. Number of instances. E. IAM policy. |
Correct: A, B, D
Reference: Hybrid cloud configuration could be multicloud, this could be on-premise, an Oracle Cloud, Roving Edge. So hybrid cloud is pretty wide in terms of what we can accomplish here. A, Load Balancers. We are looking for three features. B, FastConnect. Yes, that is for on-premise to cloud connectivity, or even multicloud connectivity. So A and B look like two good features. C, Archive object storage-- is not even object storage, archive object storage. Have nothing to do with application performance, as compared to FastConnect and Load Balancers. D, Number of instances, yes. So if one instance goes down, the other one can function. It both are available; we can do load balancing through Load Balancers. So definitely, D looks like a good choice. So very simple question, folks. We have two distractors. Archive object storage and IAM policy have nothing to do with performance. IAM policy's for authentication and authorization. So Load Balancers, FastConnect, and num |