Which two statements are TRUE about Object Storage data security and encryption in Oracle Cloud Infrastructure
(OCI)? (Choose two.)
A. Client-side encryption is managed by the customer.
B. Data needs to be decrypted on the client side before retrieving it.
C. OCI Vault Management is used by default to provide data security.
D. All traffic to and from Object Storage service is encrypted using TLS.
E. A VPN connection to OCI is required to ensure secure data transfer to an object storage bucket.
Answer:
A,D
You have the following compartment structure within your company's Oracle Cloud Infrastructure (OCI) tenancy:
You want to create a policy in the root compartment to allow SystemAdmins to manage VCNS only in CompartmentC.
Which policy is correct? (Choose the best answer.)
A. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentB:CompartmentC
B. Allow group SystemAdmins to manage virtual-network-family in compartment Root
C. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentA:CompartmentB:CompartmentC
D. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentC
Answer:
C
Which option contains the essential components of the Oracle Cloud Infrastructure Notifications service? (Choose the best answer.)
A. An ALARM with a name unique across the tenancy, a SUBSCRIPTION, and a METRIC with the measurement of interest.
B. A TOPIC with a name unique across the tenancy, a SUBSCRIPTION, and a MESSAGE where content is published.
C. A TOPIC with a name unique across the compartment, a SUBSCRIPTION, and a MESSAGE where content is published.
D. An ALARM with a name unique across the compartment, a SUBSCRIPTION, and a METRIC with the measurement of interest.
Answer:
B
You run a large global application with 90% of customers based in the US and Canada. You want
to be able to test a new feature and allow a small percentage of users to access the new version of
your application.
What Oracle Cloud Infrastructure Traffic Management steering policy should you utilize? (Choose
the best answer.)
A. Load Balancer
B. IP Prefix steering
C. ASN steering
D. Geolocation steering
Answer:
A
You launched a Linux compute instance to host the new version of your company website via Apache Httpd server on HTTPS (port 443). The instance is created in a public subnet along with other instances. The default security list associated to the subnet is:
Which action would you take to accomplish the task? (Choose the best answer.)
A. Create a network security group, add a stateful rule to allow ingress access on port 443 and associate it to the public subnet that hosts the company website.
B. In default security list, add a stateful rule to allow ingress access on port 443.
C. Create a new security list with a stateful rule to allow ingress access on port 443 and associate it to the public subnet.
D. Create a network security group, add a stateful rule to allow ingress access on port 443 and associate it to the instance that hosts the company website.
Answer:
D
Answer:
C,D
Answer:
B
Your company has restructured its HR departments. As part of this change, you also need to re-
organize compartments within Oracle Cloud Infrastructure (OCI) to align them to the company's new
organizational structure. The folowing change is required:
Compartment Team_x needs to be moved under a new parent compartment, Project_8
The tenancy has the following policies defined for compartments Project_A and Project_B:
Policyl: Allow group G1 to manage instance-family in compartment HR:Project_A
Policy2: Allow group 62 to manage instance-family in compartment HR:Project_8
Which two statements describe the impacts after the compartment Team_x is moved?
(Choose Two)
A. Group G2 can now manage instance-families in compartment Project_B and compartment Team_X
B. Group G1 can now manage instance-families in compartment Project_A, compartment Project_B and compartment Team_X
C. Group G1 can now manage instance-families in compartment Project_A but not in compartment Team_x
D. Group G2 can now manage instance-families in compartment Project_A but not in compartment Team_x
E. Group G2 can now manage instance-families in compartment Project_B, compartment Project_A and compartment Team_X
Answer:
A,C
Answer:
C
You have recently been asked to take over management of your company's infrastructure provisioning
efforts, utilizing Terraform v0.12 to provision and manage infrastructure resources in Oracle CloudInfrastructure (OCI). For the past few days the development environments have been failing to
provision. Terraform returns the following error:
You locate the related code block in the Terraform config and find the following:
Answer:
C
Here is a partial code from a Terraform template written for Oracle Cloud Infrastructure (OCI):
What operation(s) does it perform? (Choose the best answer.)
A. Provides object read and write access for an OCI Object Storage bucket.
B. Creates a pre-authenticated request for objects in an OCI Object Storage bucket.
C. Creates a URL to provide access to an OCI Object Storage bucket for managing objects.
D. Creates a lifecycle policy for an OCI Object Storage bucket for moving data to Archival storage at a
specified time.
Answer:
B
Your customer is running a set of compute instances inside a private subnet to manage their workloads
on Oracle Cloud Infrastructure (OCI) tenancy. You have set up auto scaling feature to provide
consistent performance to their end users during period of high demand. Which step should be met for
auto scaling to work? (Choose the best answer.)
A. OS Management Service agent (osms) must be installed on the instances.
B. Audit logs for the instances should be enabled.
C. Service gateway should be setup to allow instances to send metrics to monitoring service.
D. Monitoring for the instances should not be enabled.
Answer:
C
You are working with Terraform on your laptop and have been tasked with spinning up multiple
compute instances in Oracle Cloud Infrastructure (OCI) for a project. In addition, you are also
required to collect IP addresses of provisioned instances and write them to a file and save it in your
laptop.
Which specific Terraform functionality can help accomplish this task? (Choose the best answer.)
A. Terraform modules
B. Terraform remote state
C. Terraform local-exec
D. Terraform remote-exec
Answer:
D
You have created a geolocation steering policy in the Oracle Cloud Infrastructure (OCI) Traffic
Management service, with this configuration:
Answer:
C
One of your development teams has asked for your help to standardize the creation of several compute instances that
must be provisioned each day of the week. You initially write several Command Line Interface (CLI) commands with all
appropriate configuration parameters to achieve this task later determining this method lacks flexibility.
Which command generates a JSON-based template that Oracle Cloud Infrastructure (OCI) CLI can use to provision
these instances on a regular basis? (Choose the best answer.)
A. oci compute instance create--generate-cli-skeleton
B. oci compute instance launch--generate-cli-skeleton
C. oci compute provision-instance--generate-ful-command-json-input
D. oci compute instance launch--generate-full-command-json-input
Answer:
D
A developer has created a file system in Oracle Cloud Infrastructure (OCI) File Storage service. She launches an Oracle
Linux compute instance and successfully mounts the file system from the instance.
She then tries writing to the file system from the compute instance using the following command:
touch /mnt/yourmountpoint/helloworld
But gets an error messag
touch: cannot touch '/mnt/yourmountpoint/helloworrld': Permission denied
Which is a reason for this error? (Choose the best answer.)
A. "touch' command is not available in Oracle Linux by default.
B. Service limits or quota for file system writes have been breached.
C. User is not part of any OCI Identity and Access Management group with write permissions to File Storage service.
D. User is connecting as the default Oracle Linux user 'opc' instead of 'root' user.
Answer:
D
You have recently joined a startup company and quickly find that nobody is tracking the amount of money spent on Oracle Cloud Infrastructure (OCI). Seeing an opportunity to help save money you begin creating a solution to better track the cost of resources provisioned by everyone on the team.
Which option allows you to identify excessive spend across all resources in your tenancy? (Choose the best answer.)
A. Use the Python SDK to write a custom application that will monitor the Audit log. Look for CREATE events and configure the application to send you an email each time a new resource is created.
B. Create a tag namespace named BILLING with a Tag Key named CostCenter. Tag each of your resources with this Tag Key and the correct value.
C. Use the Events Service and create rules that will act when a new Object Storage bucket or Compute Instance has been created. Have the rule email you each time one of these events occurs.
D. Create a budget for each compartment that will send a notification when monthly spend reaches a pre-defined amount.
Answer:
B
You have been asked to review a network design for Oracle Cloud Infrastructure (OCI) by a major client. The client's IT team needs to provision two Virtual Cloud Networks (VCNS) for a major application. The application uses a large number of virtual machine instances. Additionally, in the future, a VCN peering will be required to allow connectivity between the VCNS. Which of the following are valid IP ranges to consider? (Choose the best answer.)
A. 10.0.0.0/30 and 192.168.0.0/30
B. 10.0.0.0/8 and 11.0.0.0/8
C. 10.0.8.0/21 and 10.0.16.0/22
D. 10000/16 and 10 0 64 0/24
Answer:
C
You have created the following JSON file to specify a lifecycle policy for one of your object storage buckets:
How will this policy affect the objects that are stored in the bucket? (Choose the best answer.)
A. Objects with the prefix "LOGS" will be retained for 120 days and then deleted permanently.
B. Objects containing the name prefix LOGS will be automatically migrated from standard Storage to Archive storage 30 days after the creation date. The object will be deleted 120 days after creation.
C. The objects with prefix "LOGS" will be deleted 30 days after creation date.
D. Objects containing the name prefix LOGSS will be automatically migrated from standard Storage to Archive storage 30 days after the creation date. The object will be migrated back to standard Storage 120 days after creation.
Answer:
B
You have set an alarm to be generated when the CPU usage of a specified instance is greater than 10%. In the
alarm behavior view below you notice that the critical condition happened around 23:30. You were expecting a
notification after 1 minute, however, the alarm firing state did not begin until 23:33.
What should you change to fix it? (Choose the best answer.)
A. Change the alarm's metric interval to 1.
B. Change the alarm condition to be grater than 3%.
C. Change the notification topic that you previously associated with the alarm.
D. Change the alarm's trigger delay minutes value to 1.
Answer:
D
You have been asked to ensure that in-transit communication between an Oracle Cloud Infrastructure (OCI) compute instance and an on-premises server (192.168.10.10/32) is encrypted. The instances communicate using HTTP. The OCI Virtual Cloud Network (VCN) is connected to the on-premises network by two separate connections: a Dynamic IPsec VPN tunnel and a FastConnect virtual circuit. No static configuration has been added.
What solution should you recommend? (Choose the best answer.)
A. The instances will communicate by default over IPsec VPN, which ensures data is encrypted in-transit.
B. Advertise a 192.168.10.10/32 route over the VPN.
C. Advertise a 192.168.10.10/32 router over the FastConnect.
D. The instances will communicate by default over the FastConnect private virtual circuit, which
E. ensures data is encrypted in-transit.
Answer:
B
You have created a group for several auditors. You assign the following policies to the group:
What actions are the auditors allowed to perform within your tenancy? (Choose the best answer.)
A. The Auditors can view resources in the tenancy.
B. Auditors are able to create new instances in the tenancy.
C. The Auditors are able to delete resource in the tenancy.
D. Auditors are able to view all resources in the compartment.
Answer:
A
You have a web application running on Oracle Cloud Infrastructure (OCI) that lets users log in with a username and password. You notice that an attacker has tried to use SQL comment -" to alter the database query, remove the password check and log in as a user. You decide to prevent any future attacks.
Which of the following OCI services or features would you choose to safeguard your application?
(Choose the best answer.)
A. Network Security Group
B. Data Safe
C. Web Application Firewall (WAF)
D. Vault
Answer:
C
One of the compute instances that you have deployed on Oracle Cloud Infrastructure (OCI) is malfunctioning. You have created a console connection to remotely troubleshoot it.
Which two statements about console connections are TRUE? (Choose two.)
A. It is not possible to use VNC console connections to connect to Bare Metal Instances.
B. VNC console connection uses SSH port forwarding to create a secure connection from your local system to the VNC server attached to your instance's console.
C. It is not possible to connect to the serial console to an instance running Microsoft Windows however VNC console connection can be used.
D. For security purpose, the console connection will not let you edit system configuration files.
E. If you do not disconnect from the session, your serial console connection will automatically be terminated after 24 hours.
Answer:
B,E
You have created an Autonomous Data Warehouse (ADW) service in your company's Oracle Cloud Infrastructure (OCI) tenancy, and you now have to load historical data into it. You have already extracted this historical data from multiple data marts and data warehouses. This data is stored in multiple CSV text files and these files are ranging in size from 25 MB to 20 GB.
Which is the most efficient and error tolerant method for loading data into ADw? (Choose the best answer.)
A. Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL, using the web console upload the CsV files to an OCI object storage bucket, create the tables in the ADW database and then execute DBMS_CLOUD.COPY_DATA for each CSV file to copy the contents into the corresponding ADW database table.
B. Create the tables in the ADW database and then execute SQL*Loader for each CSV file to load the contents into the corresponding ADW database table.
C. Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL, using OCI CLI upload the CSV files to an OCI object storage bucket, create the tables in the ADW database and then execute Data Pump Import for each CSV file to copy the contents into the corresponding ADW database table.
D. Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL, using OCI CLI upload the CSV files to an OCI object storage bucket, create the tables in the ADW database and then execute DBMS_CLOUD.COPY DATA for each CSV file to copy the contents into the corresponding ADW database table.
Answer:
D
You are using the Oracle Cloud Infrastructure Command Line Interface to launch a Linux virtual machine. You enter the following command (with correct values for all parameters):
The command fails.
Which is NOT a valid parameter in this command? (Choose the best answer.)
A. -t <tenancy_id>
B. --image-id <image_id>
C. --shape "<shape_name>"
D. -c <compartment_id>
E. --subnet-id <subnet_id>
Answer:
A
You have received an email from your manager to provision new resources on Oracle Cloud Infrastructure (OCI). When researching OCI, you determined that you should use OCI Resource Manager. Since this is a task that will be done multiple times for development, test, and production. You will need to create a command that can be re-used.
Which CLI command can be used in this situation? (Choose the best answer.)
a. oci resource-manager stack create -tenancy-id <tenancy_OCID> \
-config-source prod.zip -variables fil/variables.json I
-display-name Production stack build \
-description Creating new Production environment
b. oci resource-manager stack update -compartment-id <compartment_OCID> \
-config-source prod.zip -variables fil//variables.json \
-display-name "Production stack build" |
-description Creating new Production environment
c. oci resource-manager stack create -compartment-id <compartment_OCID> \
-config-source prod.zip -variables fil/variables.json \
-display-name Production stack build \
-description Creating new Production environment
d. oci resource-manager stack update -tenancy-id <tenancy_OCID> \
-config-source prod.zip -variables fil//variables.json \
-display-name "Production stack build" \
-description Creating new Production environment
Answer:
B
You are asked to deploy a new application that has been designed to scale horizontally. The business
stakeholders have asked that the application be deployed in us-phoenix-1.
Normal usage requires 2 OCPUS. You expect to have few spikes during the week, that will require up to 4 OCPUS, and a major usage uptick at the end of each month that will require 8 OCPUS.
What is the most cost-effective approach to implement a highly available and scalable solution? (Choose the best answer.)
A. Create an instance pool with a VM.Standard2.2 shape instance configuration. Setup the autoscaling configuration to use 2 availability domains and have a minimum of 2 instances, to handle the weekly spikes, and a maximum of 4 instances.
B. Create an instance with 1 OCPU shape. Use the Resize Instance action to scale up to a larger shape when more resources are needed.
C. Create an instance with 1 OCPU shape. Use a CLI script to clone it when more resources are needed.
D. Create an instance pool with a VM.Standard2.1 shape instance configuration. Setup the autoscaling configuration to use 2 availability domains and have a minimum of 2 instances and a maximum of 8 instances.
Answer:
D
You have been asked to set up connectivity between a client's on-premises network and Oracle Cloud Infrastructure (OCI).
The requirements are:
- Low latency: The applications are financial and require low latency connectivity into OCI.
- Consistency: The application isn't tolerant of performance variation.
- Performance: The communications link needs to support up to 1.25 Gbps.
- Encryption: The communications link needs to encrypt any data in transit between the on-premises network and OCI Virtual Cloud Network (VCN).
The client wants to implement the above with as low a cost as possible, while meeting all of the requirements. What should
you suggest? (Choose the best answer.)
A. Provision FastConnect with a single private virtual circuit and run an IPsec VPN tunnel over the top of this virtual circuit.
B. Provision FastConnect with a single public virtual circuit.
C. Provision a site-to-site IPsec VPN between your on-premises network and your virtual cloud network (VCN) using VPN Connect.
D. Provision FastConnect with a single private virtual circuit.
E. Provision FastConnect with a single public virtual circuit and run an IPsec VPN tunnel over the top of this virtual circuit.
Answer:
E
Which two statements about the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI)
are TRUE? (Choose two.)
A. You can run CLI commands from inside OCI Regions only.
B. You can filter CLI output using the JMESPath query option for JSON.
C. The CLI provides an automatic way to connect with instances provisioned on OCI.
D. The CLI allows you to use the Python language to interact with OCI APIS.
E. The CLI provides the same core functionality as the Console, plus additional commands.
Answer:
B,E
You have a Linux compute instance located in a public subnet in a VCN which hosts a web application. The security list attached to subnet containing the compute instance has the following stateful ingress rule.
The Route table attached to the Public subnet is shown below. You can establish an SSH connection into the compute instance from the internet. However, you are not able to connect to the web server using your web browser.
Which step will resolve the issue? (Choose the best answer.)
A. In the route table, add a rule for your default traffic to be routed to NAT gateway.
B. In the security list, add an ingress rule for port 80 (http).
C. In the security list, remove the ssh rule.
D. In the route table, add a rule for your default traffic to be routed to service gateway.
Answer:
B
Your company recently adopted a hybrid cloud architecture which requires them to migrate some of their on-premises web applications to Oracle Cloud Infrastructure (OCI). You created a Terraform template which automatically provisions OCI resources such as compute instances, load balancer, and a database instance. After running the stack using the terraform apply command, it successfully launched the compute instances and the load balancer, but it failed to create a new database instance with the following error:
Service error: NotAuthorizedOrNotFound. shape VM.Standard2.4 not found. http status code: 404
You discovered that the resource quotas assigned to your compartment prevent you from using VM.Standard2.4 instance shapes available in your tenancy. You edit the Terraform script and replace the shape with VM.Standard2.2
Which option would you recommend to re-run the terraform command to have required OCI resources provisioned with the least effort? (Choose the best answer.)
A. terraform plan -target=Doci_database_db_system.db_system
B. terraform apply-auto-approve
C. terraform refresh -target=Doci_database_db_system.db_system
D. terraform apply-targetoci_database_db_system.db_system
Answer:
B
You have been monitoring your company's applications running in Oracle Cloud Infrastructure (OCI) and notice that the application is using OCI Traffic Management service. This service uses a traffic steering policy to distribute the DNS traffic based on subnet addresses in a rule set.
Which steering policy is in use in this case? (Choose the best answer.)
A. Load Balancing policy
B. Geolocation steering
C. ASN steering policy
D. IP Prefix steering
Answer:
D
You are working as a Cloud Operations Administrator for your
company. They have different Oracle
Cloud Infrastructure (OCI) tenancies for development and
production workloads. Each tenancy has resources in two regions-uk-london-1 and
eu-frankfurt-1. You are asked to manage all resources and to automate all the
tasks using OCI Command Line Interface (CLI).
Which is the most efficient method to manage multiple
environments using OCI CLI?
A.
Create environment variables for the sets of
credentials that align to each combination of tenancy, region, and environment.
B.
Use OCI CLI profiles to create multiple
sets of credentials in your config file, and reference the appropriate profile
at runtime.
C.
Run oci setup config to create new credentials
for each environment every time you want to access the environment.
D.
Use different bash terminals for each
environment.
Answer
B
Recently, your e-commerce web application has been receiving
significantly more traffic than usual. Users are reporting they often encounter
a 503 Service Error when trying to access your site. Sometimes the site is very
slow.
You check your instance pool configuration to confirm that
the maximum number of instances is configured to allow 20 compute instances.
Currently, 14 compute instances have been provisioned by the instance pool. You
also confirm that current CPU utilization across all hosts exceeds the scale-out
threshold you set in your auto-scaling policy.
However, the instance pool is not provisioning any new
instances.
What can you check to determine why the application is NOT functioning
properly?
A.
verify that the new offer feature code did not
introduce any performance bugs.
B.
Verify that the Quality Assurance team is not
currently performing load-testing against production.
C.
Verify that the database is accessible.
D.
Verify that the compute resource quota
has not been exceeded.
Answer
D
Which technique does NOT help you get the optimal
performance out of the Oracle Cloud Infrastructure (OCI) File Storage service?
A.
Limit access to the sarme Availability Domain
(AD) as the File Storage service where possible.
B.
Right size compute instances from where file system
is accessed based on their network capacity.
C.
Increase concurrency by using multiple threads,
multiple clients, and multiple mount targets.
D.
Serialize operations to the file system
to access consecutive blocks as much as possible.
Answer
D
You are using Oracle Cloud Infrastructure (OCI) console to
set up an alarm on a budget to track your OCI spending.
Which two are valid targets for creating a budget in OCI?
(Choose all correct answers)
A.
Select Compartment as the type of target
for your budget.
B.
Select user as the type of target for your
budget.
C.
Select Cost-Tracking Tags as the type of target
for your budget.
D.
Select group as the type of target for your
budget.
E.
Select Tenancy as the type of target for your
budget.
Answer
A,C
You are asked to implement the disaster recovery (DR) and
business continuity requirements for Oracle Cloud Infrastructure (OCI) Block
Volumes. Two OCI regions being used: a primary/source region and a
DR/destination region. The requirements are:
• There should be a
copy of data in the destination region to use if a region-wide disaster occurs
in the source region
• Minimize costs
Which design will help you meet these requirements?
A.
Clone block volumes. Copy block volume clones
from source region to destination region at regular intervals.
B.
Clone block volumes. Use Object Storage
lifecycle management to automatically move clone objects to Archive Storage
Copy Archive Storage buckets from source region to destination at regular
intervals.
C.
Back up block volumes. Use Object Storage
lifecycle management to automatically move backup objects to Archive Storage.
Copy Archive Storage buckets from source region to destination at regular
intervals.
D.
Back up block volumes. Copy block volume backups
from source region to destination region at regular intervals.
Answer
C
You are launching a Windows server in your Oracle Cloud
Infrastructure (OCI) tenancy. You
provided a startup script during instance initialization, but it was not
executed successfully.
What is a possible reason for this error?
A.
Wrote a custom script which tried to install GPU
drivers.
B.
Specified a #directive on the first line of your
script.
C.
Didn't include anything in user_data.
D.
Ran a cloudbase-init Script instead of
cloud-init.
Answer
D
The boot volume on your Oracle Linux instance has run out of
space. Your application has crashed due to a lack of swap space, forcing you to
increase the size of the boot volume.
Which step should NOT be included in the process used to
solve the issue?
A.
Reattach the boot volume and restart the
instance.
B.
Create a RAID O configuration to extend
the boot volume file system onto another block volume.
C.
Attach the resized boot volume to a second instance
as a data volume: extend the partition and grow the file system on the resized
boot volume.
D.
Resize the boot volume by specifying a larger
value than the boot volume's current size.
E.
Stop the instance and detach the boot volume.
Answer
B
Which statement about Oracle Cloud Infrastructure
paravirtualized block volume attachments is TRUE?
A.
Paravirtualized volumes may reduce the
maximum IOPS performance for larger block volumes.
B.
Paravirtualized is required to manage ISCSI
configuration for virtual machine instances.
C.
Paravirtualized volumes become immediately
available on bare metal compute instances.
D.
Paravirtualization utilizes the internal storage
stack of compute instance OS and network hardware virtualization to access block
volumes.
Answer
A
You created an Oracle Linux compute instance through the
Oracle Cloud Infrastructure (OCI)
management console then immediately realize you forgot to add an SSH key file.
You notice that OCI compute service provides instance console connections that
supports adding SSH keys for a running instance. Hence, you created the console
connection for your Linux server and activated it using the connection string
provided. However, now you get prompted for a username and password to login.
What option should you recommend to add the SSH key to your
running instance, while minimizing the administrative overhead?
A.
You need to configure the boot loader to use ttyS0
as a console terminal on the VM.
B.
You need to reboot the instance from the console,
boot into the bash shell in maintenance mode, and add SSH keys for the opc
user.
C.
You need to modify the serial console connection
string to include the identity file flag, -i to specify the SSH key to use.
D.
You need to terminate the running instance and recreate
it by providing the SSH key file.
Answer
B
You have created several block volumes in the us-phoenix-1
region in a specific compartment. The compartment can be identified by the
following Oracle Cloud Infrastructure (OCI) unique identifier, or OCID:
ocidl.compartment.ocl.phx..exampleuniqueID
Your manager has asked you to leverage the OCI monitoring service
and write a metric query showing all read IOPS at a one-minute interval,
filtered to this compartment and aggregated for the maximum.
Which metric query will you create?
A.
lopsWrite(1m}{compartmentid="ocid1.compartment.oc1.phx.exampleuniquelD").mean)
B.
lopsRead[1m{compartmentid="ocid1.compartment.oct.phx.exampleuniquelD")-grouping().max()
C.
lopsRead[1m}{compartmentid="ocid1.compartment.oct.phx.exarmpleuniquelD").max()
D.
lopsRead[1m}{compartmentid="ocid1.compartment.oct.phx.exarmpleuniquelD").grouping().mean()
Answer
B
You are a Cloud Operations administrator who has recently
joined a new department. You have created 10 Terraform stacks using Oracle
Cloud Infrastructure (OCI) resource manager. Each stack creates a different set
of resources in OCI for your development team.
What determines the cost of these Terraform stacks?
A.
The number of lines of text in your Terraform configuration
files.
B.
The length of time it takes to build each
resource using these Terraform stacks.
C.
Resource manager stacks are free but you
are charged for the resources they create.
D.
The cost for each stack will be higher for pay
as you go (PAYG) than for monthly flex billing.
Answer
C
You have been brought in to help secure an existing application
that leverages Object Storage buckets to distribute content. The data is
currently being shared from public buckets and the security team is not
satisfied with this approach. They have stated that all data must be stored in
object storage buckets. Your application should be able to provide secure
access to the data. The URL that is provided for access to the data must be
rotated every 30 days.
Which design option will meet these requirements?
A.
Create a private bucket only to share the data.
B.
Create multiple buckets and classify them as
Public and Private. Use public bucket for non-sensitive data and private bucket
for sensitive data.
C.
Create a new group and map users to this group.
create a IAM policy providing access to Object Storage service only to this group.
Users can then simply login to OCI console and retrieve needed files.
D.
Use pre-Authenticated request, even
though there will be multiple URLs this
will provide better security.
Answer
D
You have been asked to update the lifecycle policy for
object storage using the Oracle Cloud Infrastructure (OCI) Command Line
Interface (CLI).
Which command can successfully update the policy?
A.
oci os object-lifecycle-policy put-ns
<object storage namespace -bn <bucket name> -items <json formatted_lifecycle_policy>
B.
oci os object-lifecycle policy put -ns
<object_storage namespace bn <bucket_name>
C.
oci os object-lifecycle policy delete -ns
<object storage_namespace -bn <bucket_name>
D.
oci os object-lifecycle-policy get-ns <object
storage_namespace -bn <bucket_name>
Answer
A
Several development teams in your company have each been
provided with a budget and a dedicated compartment to be used for testing
purpose. You are asked to help them to control the costs and avoid any overspending.
What should you do?
A.
Configure a Quota for each compartment to
prevent provisioning of any bare metal instances.
B.
Associate a Budget Tag to each resource
with monthly budget amount and use that information to prepare a weekly report
to send to each team.
C.
Contact Oracle support and ask them to associate
the monthly budget with the Service Limits in every region for which your tenancy
is subscribed. The tenancy administrator will receive an alert email from Oracle
when the limit is reached.
D.
Associate a Budget Tag to each compartment with
the monthly budget amount and set an alert rule to notify the developers teams
when they reached a specific percentage of the budget.
Answer
B
You have ordered two FastConnect connections that provide a
high availability connection architecture between your on-premises data center
and Oracle Cloud Infrastructure (OCI). You want to run these connections in an ACTIVE/PASSIVE
architecture.
How can you accomplish this?
A.
Adjust one of the connections to have a higher
ASN.
B.
Enable BGP on the FastConnect that you want as
the ACTIVE connection.
C.
Use AS PATH prepending with your routes.
D.
Decrease the prefix length of AS for the
FastConnect you want to use as PASSIVE connection.
Answer
C
The tenancy has the following policies defined for
compartments Project A and Project B:
Policy1: Allow group
G1 to manage instance-family in compartment HR: Project A
Policy2: A1low group G2 to manage instance-family in
compartment HR: Project B
Which two statements describe the impacts after the
compartment Team_x is moved?
A.
Group G1 can now manage instance families in
compartment Project A, compartment Project and compartment Team_x
B.
Group G2 can now manage instance-families in
compartment Project_B. compartment Project A and compartment Team_x
C.
Group G2 can now manage instance-families in
compartment Project_A but not in compartment Team X
D.
Group G1 can now manage instance-families
in compartment Project_A but not in compartment Team_X
E.
Group G2 can now manage instance families
in compartment Project_B and compartment Team_X
Answer
D,E
Security Testing Policy describes when and how you may
conduct certain types of security testing of Oracle Cloud Services, including
vulnerability and penetration tests, as well as tests involving data scraping
tools.
What does Oracle allow as part of this testing?
A.
Customers are allowed to use their own
testing and monitoring tools.
B.
Customers can simulate DoS attack scenarios as
long as it's restricted to the customer's own environment.
C.
Customers can validate that their network
resources are isolated from other customer resources.
D.
Customers are allowed to test Oracle Cloud
Infrastructure (OCI) hardware related to resources in their tenancy.
Answer
A
You have a 750 MIB file in an Oracle Cloud Infrastructure
(OCI) Object Storage bucket. You want to download the file in multiple parts to
speed up the download using the OCI CLI, You also want to configure each part
size to be 128 MIB.
Which is the correct OCI CLI command for this operation?
A.
oci on object download -ns my namespace -bn my
bucket-name my-large-object -reaume-put-- multipart-download-threshold 500
-part-size 128
B.
oci os object get -n my-name apace -bn
mybucket ame my-larqe-object --multipart-download-threehold 500 –part-size 128
C.
oci os object download -ns my-namespace -bn
my-bucket-name my-large-object-multipart-download threshold
750-parallel-download-count 128
D.
oci os object get na my-namespace -bn my bucket
-- name my-large-object-multipart-download threshold 750
--parallel-download-count 128
Answer
B
An insurance company has contracted you to help automate
their application business continuity plan. They have the application running
in eu-frankfurt-1 as the primary site and uk-london-1 as a disaster recovery
site. Normally they have a DNS A record associated with the IP address of the
primary endpoint in eu-frankfurt-1. In the event of a disaster, they use OCI
DNS Zone Management to update the A record and replace it with the IP address
of the endpoint in uk-london-1.
How can you automate the failover process?
A.
Create a Traffic Management Steering policy and
attach it to a backend set with the backend servers from both eu frankfurt and
uk-london-1 regions
B.
Create a Health Check that evaluates both
regional endpoints. Create a Traffic Management Steering pacy with Failover
type and associate it with the Health Check.
C.
Provision a Load Balancer in Frankfurt and
associate it with the A record in DNS, Create a backend set with backend
servers from both eu-frankfurt-1 and uk-london-1 regions.
D.
Create a Traffic Management Steering policy with
Load Balancer type and add both eu-frankfurt-1 and uk london-1 endpoints.
Attach the Traffic Management Steering policy to the A record.
Answer
B
Multiple teams are sharing a tenancy in Oracle Cloud
Infrastructure (OCI). You are asked to figure out an appropriate method to
manage OCI costs.
Which is NOT valid technique to accurately attribute costs
to resources used by each team?
A.
Define and use tags for resources used by each
team. Analyze usage data from the OCI Usage Report which has detailed information
about resources and tags.
B.
Create a Cost-Tracking tag. Apply this tag to
all resources with team information. Use the OCI cost analysis tools to filter
costs by tags.
C.
create separate compartment for each team. Use
the OCI cost analysis tools to filter costs by compartments.
D.
Create an identity and Access Management
(IAM) group for each team. Create an OCI budget for each group to track
spending.
Answer
D
You have a group of developers who launch multiple
VM.Standard2.2 compute instances every day into the compartment Dev. As a
result, your OCI tenancy quickly hit the service limit for this shape. Other
groups can no longer create new instances using VM.Standard2.2 shape.
Because of this, your company has issued a new mandate that
the Dev compartment must include a quota to allow for use of only 20
VM.Standard2.2 shapes per Availability Domain. Your solution should not affect
any other compartment in the tenancy.
Which quota statement should be used to implement this new
requirement?
A.
set compute quota vm-standard2-2-count to 20 in
compartment dey where request.regionas-phoenix-1
B.
set compute quota vm-atandard2-2-count to
20 in compartment dev
C.
zero compute quotas in tenancy at compute quota
v-atandard2-2-count to 20 in compartment dev
D.
zero compute quotas an tenancy set compute quota
vi standard2-2-count to 20 in tenancy dev.
Answer
B
A subscriber of an Oracle Cloud Infrastructure (OCI)
Notifications service topic complained about not receiving messages from the
service.
Which option can help you debug this issue?
A.
if OCI Notifications service does not receive an
acknowledgement from a subscriptiorn endpoint, the service tries to redeliver messages
for up to one day. Make sure that the subscriber is online at least once a day
to help debug the issue.
B.
If OCI Notifications service does not receive an
acknowledgement from a subscription endpoint, check the Number of
NotificationFailed metric through the OC Monitoring service for failed
messages. Copy these messages to an OC Object Storage bucket. Make sure the
subscriber has the required credentials to access this bucket to help debug the
issue.
C.
If OCI Notifications service does not
receive an acknowledgement from a subscription endpoint, the service tries to
redeliver messages for up to two hours. Configure an alarm on the
sumberOfNotification failed metric through the OC) Monitoring service to help
debug the issue.
D.
If OCI Notifications service does not receive an
acknowledgement from a subscription endpoint, the service drops the message.
Confirm that the subscriber is always online to receive messages to help debug
the issue.
Answer
C
Your team implemented a Saas application that requires a
whole system deployment for each new customer. The infrastructure provisioning
is already automnated via Terraform, and now you have been asked to develop an
Ansible playbook to centralize configuration file managerment and deployment.
What is the most effective way to ensure your playbooks are
utilizing up-to-date and accurate inventory?
A.
Export an inventory list from the Oracle Cloud
Infrastructure Web console.
B.
Implement a Command Line Interface script to
list all the resources and run it within Ansible to generate a dynamic
inventory list.
C.
Export an inventory list using Terraform apply
command.
D.
Download the dynamic inventory script
provided by Oracle Cloud Infrastructure and include it in the playbook
invocation command.
Answer
D
You are using Oracle Cloud Infrastructure (OCI) services
across several regions: us phoenix-1, us-ashburn-1, uk-london-1 and ap-tokyo-1.
You have created a separate administrator group for each region: PHX-Admins,
ASH-Admins, LHR-Admins and NRT-Admins, respectively.
You want to restrict admin access to a specific region.
E.g., PHX-Admins should be able to manage all resources in the us-phoenix-1
region only and not any other OCI regions.
What IAM policy syntax is required to restrict PHX-Admins to
manage OCI resources in the us-phoenix-1 region only?
A.
Allow group PHX-Admins to manage all-resources
in tenancy where request. location=’phx’
B.
Allow group PHX-Admine to manage all-resources
in tenancy where request.permission=’phx’
C.
Allow group PEX-Admins to manage all-resourcer
in tenancy where requeat.target=’phx’
D.
Allow group PHX-Admins to manage
all-resources in tenancy where request.region=’phx’
Answer
D
Your deployment platform within Oracle Cloud Infrastructure
(OCI) leverages a compute instance with multiple block volumes attached. There
are multiple tearns that use the same compute instance and have access to these
block volumes. You want to ensure that no one accidentally deletes any of these
block volumes. You have started to construct the following IAM policy but need
to determine which permissions should be used.
allow group Deploymentusers to manage volume-family where
ANY { request.permission 1= <???>, raquest-permi ssion 1= <???>,
request.perission 1= <???> )
Which permissions can you use in place of <777> in
this policy?
A.
VOLUME DELETE, VOLUME ATTACHMENT_DELETE,
VOLUME BACKUP DELETE
B.
VOLUME ERASE, VOLUME ATTACHMENT ERASE, VOLUME
BACKUP ERASE
C.
DELETE VOLUME DELETE VOLUME ATTACHMENT. DELETE
VOLUME BACKUP
D.
ERASE VOLUME, ERASE VOLUME ATTACHMENT, FRASE
VOLUME BACKUP
Answer
A
You set up a bastion host in your VCN to only allow your IP
address (140.19.2.140) to establish SSH connections to your Compute instances
that are deployed in a private subnet. The Compute instances have an attached
Network Security Group with a Source TypeNotwork Security Group (NIG), Source
NSGaNBG-050504. To secure the bastion host, you added the following ingress
rules to its Network Security Group:
Type: All TCP
Protocol: TrCP
Port Range: 22
Source: 140.19.2.140/32
Type: All TCP
Protocol: TCP
Port Range: 22
Source: NSG-050504
However, after checking the bastion host logs, you
discovered that there are IP addresses other than your own that can access your
bastion host.
What is the root cause of this issue?
A.
The port 22 provides unrestricted access to
140.19.2.140 and to other IP address.
B.
The Security List allows access to all IP
address which overrides the Network Security Group ingress rules.
C.
All compute instances associated with
NSG-050504 are also able to connect to the bastion host.
D.
A netmask of/32 allows all IP address in the
140.19.2.0 network, other than your IP 149.19.2.140
Answer
C
What is a key benefit of using Oracle Cloud Infrastructure's
Resource Manager for your Terraform provisioning and management activities?
A.
Resource Manager has administrative privileges
by design. Even if your IAM user does not have access, you can leverage Resource
Manager to provision new resources to any compartment in the Tenancy.
B.
You can use Resource Manager to apply
patches to all existing Oracle Linux instances in a specified compartment.
C.
You can use Resource Manager to identify and
maintain an inventory of all Compute and Database instances across your tenancy.
D.
Resource Manager manages the Terraform state
file for your infrastructure and locks the file so that only one job at a time
can run on a given stack.
Answer
B
I hope it's helpful for you. If you have any queries, don't hesitate to contact me.
0 comments:
Post a Comment
If you have any doubts, please let me know. I will help you.