Wednesday, December 29, 2021

Oracle 1Z0-1067-21 OCI Cloud Operations Associate 2021


Oracle 1Z0-1067-21 OCI Cloud Operations Associate 2021

  Which two statements are TRUE about Object Storage data security and encryption in Oracle Cloud Infrastructure

(OCI)? (Choose two.)

A. Client-side encryption is managed by the customer.

B. Data needs to be decrypted on the client side before retrieving it.

C. OCI Vault Management is used by default to provide data security.

D. All traffic to and from Object Storage service is encrypted using TLS.

E. A VPN connection to OCI is required to ensure secure data transfer to an object storage bucket.


Answer:

A,D


You have the following compartment structure within your company's Oracle Cloud Infrastructure (OCI) tenancy:

You want to create a policy in the root compartment to allow SystemAdmins to manage VCNS only in CompartmentC.

Which policy is correct? (Choose the best answer.)

A. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentB:CompartmentC

B. Allow group SystemAdmins to manage virtual-network-family in compartment Root

C. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentA:CompartmentB:CompartmentC

D. Allow group SystemAdmins to manage virtual-network-family in compartment CompartmentC


Answer:

C


Which option contains the essential components of the Oracle Cloud Infrastructure Notifications service? (Choose the best answer.)

A. An ALARM with a name unique across the tenancy, a SUBSCRIPTION, and a METRIC with the measurement of interest.

B. A TOPIC with a name unique across the tenancy, a SUBSCRIPTION, and a MESSAGE where content is published.

C. A TOPIC with a name unique across the compartment, a SUBSCRIPTION, and a MESSAGE where content is published.

D. An ALARM with a name unique across the compartment, a SUBSCRIPTION, and a METRIC with the measurement of interest.


Answer:

B


You run a large global application with 90% of customers based in the US and Canada. You want

to be able to test a new feature and allow a small percentage of users to access the new version of

your application.

What Oracle Cloud Infrastructure Traffic Management steering policy should you utilize? (Choose

the best answer.)

A. Load Balancer

B. IP Prefix steering

C. ASN steering

D. Geolocation steering


Answer:

A


You launched a Linux compute instance to host the new version of your company website via Apache Httpd server on HTTPS (port 443). The instance is created in a public subnet along with other instances. The default security list associated to the subnet is:







You want to allow access to the company website from public internet without exposing websites eventually hosted on the other instances in the public subnet.
 
Which action would you take to accomplish the task? (Choose the best answer.)
A. Create a network security group, add a stateful rule to allow ingress access on port 443 and associate it to the public subnet that hosts the company website.
 
B. In default security list, add a stateful rule to allow ingress access on port 443.
 
C. Create a new security list with a stateful rule to allow ingress access on port 443 and associate it to the public subnet.
 
D. Create a network security group, add a stateful rule to allow ingress access on port 443 and associate it to the instance that hosts the company website.

Answer:

D


You are using Oracle Cloud Infrastructure (OCI) console to set up an alarm on a budget to track your 

OCI spending. 

Which two are valid targets for creating a budget in OCI? (Choose two.) 

A. Select group as the type of target for your budget. 

B. Select Tenancy as the type of target for your budget. 

C. Select user as the type of target for your budget. 

D. Select Cost-Tracking Tags as the type of target for your budget. E. Select Compartment as the type of target for your budget. 

Answer:

C,D

Your application is using an Object Storage bucket named app-data in the namespace vision, to store 

both persistent and temporary data. Every week all the temporary data should be deleted to limit the 

storage consumption. 

Currently you need to navigate to the Object Storage page using the web console, select the appropriate 

bucket to view all the objects and delete the temporary ones. 

To simplify the task you have configured the application to save all the temporary data with /temp 

prefix. You have also decided to use the Command Line Interface (CLI) to perform this operation.What 
is the command you should use to speed up the data cleanup? (Choose the best answer.) 
A. oci os object delete -ns vision-bn app-data-prefix /temp 
B. oci os object bulk-delete-ns vision-bn app-data-prefix /temp-force 
C. oci objectstorage bulk-delete-ns vision-bn app-data-prefix /temp-force 
E. oci os object delete app-data in vision where prefix /temp 

Answer:

B


Your company has restructured its HR departments. As part of this change, you also need to re-

organize  compartments within Oracle Cloud Infrastructure (OCI) to align them to the company's new 

organizational structure. The folowing change is required: 

Compartment Team_x needs to be moved  under a new parent compartment, Project_8 

The tenancy has the following policies defined for  compartments Project_A and Project_B: 

Policyl: Allow group G1 to manage instance-family in  compartment HR:Project_A 

Policy2: Allow group 62 to manage instance-family in compartment  HR:Project_8 

 Which two statements describe the impacts after the compartment Team_x is moved? 

(Choose Two) 

A. Group G2 can now manage instance-families in compartment Project_B and compartment Team_X 

B. Group G1 can now manage instance-families in compartment Project_A, compartment Project_B and compartment Team_X 

C. Group G1 can now manage instance-families in compartment Project_A but not in compartment Team_x 

D. Group G2 can now manage instance-families in compartment Project_A but not in compartment Team_x 

 E. Group G2 can now manage instance-families in compartment Project_B, compartment Project_A and compartment Team_X


Answer:

A,C


You have been contracted by a local e-commerce company to assist with enhancing their online 

 shopping application. The application is currently deployed in a single Oracle Cloud Infrastructure 

(OCI) region. The application utilizes a public load balancer, application servers in a private subnet, 

and a database in a separate, private subnet.

The company would like to deploy another set of similar infrastructure in a different OCI region that 

will act as standby site. In the event of a failure at the primary site, all customers should be routed to 

the failover site automatically.

After deploying the additional infrastructure within the second region, how should you configure 

automated failover requirements? (Choose the best answer.)

A. Create a load balancer policy in the Traffic Management service. Configure one answer for each 

site.  Set the answer for the primary site with a weight of 10 and the answer for the secondary site with 

a weight of 100. 

B. Create a new A record in DNS that points to the public load balancer at the secondary site. Create a 

CNAME for the sub-domain failover that will resolve to the new A record. Inform customers to 

prepend  the website URL with failover if the primary site is unavailable. 

C. Create a failover policy in the Traffic Management service. Set the IP address of the public 

load  balancer for the primary site in answer pool 1. Set the IP address of the public load 

balancer for the secondary site in answer pool 2. Define a health check to monitor both sites. 

D. Deploy a new load balancer in the primary region. Create one backend set for the primary 

application servers and a second backend set for the standby application servers. Create a listener for 

the primary backend set with a timeout of 3minutes. Create a listener for the secondary backend set 

with a timeout of 10 minutes. 

Answer:

C


You have recently been asked to take over management of your company's infrastructure provisioning 

efforts, utilizing Terraform v0.12 to provision and manage infrastructure resources in Oracle Cloud 

Infrastructure (OCI). For the past few days the development environments have been failing to 

provision. Terraform returns the following error:


You locate the related code block in the Terraform config and find the following:


 Which correction should you make to solve this issue? (Choose the best answer.) 

A. Place a command at the end of line 16 

B. Modify line 15 to be the following: tcp_options {min = "22", max "22") 

C. Modify line 15 to be the following: tcp_options {min = "22" max = "22"} 

D. Replace the curly braces '(Y in lines 11 and 16 with square braces [ ]'

Answer:

C

Here is a partial code from a Terraform template written for Oracle Cloud Infrastructure (OCI):


What operation(s) does it perform? (Choose the best answer.) 

A. Provides object read and write access for an OCI Object Storage bucket. 

B. Creates a pre-authenticated request for objects in an OCI Object Storage bucket. 

C. Creates a URL to provide access to an OCI Object Storage bucket for managing objects. 

D. Creates a lifecycle policy for an OCI Object Storage bucket for moving data to Archival storage at a 

specified time.

Answer:

B

Your customer is running a set of compute instances inside a private subnet to manage their workloads 

on Oracle Cloud Infrastructure (OCI) tenancy. You have set up auto scaling feature to provide 

consistent performance to their end users during period of high demand. Which step should be met for 

auto scaling to work? (Choose the best answer.) 

A. OS Management Service agent (osms) must be installed on the instances. 

B. Audit logs for the instances should be enabled. 

C. Service gateway should  be setup to allow instances to send metrics to monitoring service. 

D. Monitoring for the instances should not be enabled.

Answer:

C


You are working with Terraform on your laptop and have been tasked with spinning up multiple 

compute instances in Oracle Cloud Infrastructure (OCI) for a project. In addition, you are also 

required  to collect IP addresses of provisioned instances and write them to a file and save it in your 

laptop. 

Which specific Terraform functionality can help accomplish this task? (Choose the best answer.) 

A. Terraform modules 

B. Terraform remote state 

C. Terraform local-exec 

D. Terraform remote-exec

Answer:

D


You have created a geolocation steering policy in the Oracle Cloud Infrastructure (OCI) Traffic 

Management service, with this configuration: 



What happens to requests that originate in Africa? (Choose the best answer.) 

A. The traffic will be forwarded at the same time to both Pool 1 and Pool 2. 

B. The traffic will be dropped. 

C. The traffic will be forwarded randomly to any of the pools mentioned in the rules. 

D. The traffic will be forwarded to Pool 1. If Pool 1 is not available, then it will be forwarded to Pool 2. 

Answer:

C


One of your development teams has asked for your help to standardize the creation of several compute instances that

must be provisioned each day of the week. You initially write several Command Line Interface (CLI) commands with all

appropriate configuration parameters to achieve this task later determining this method lacks flexibility.

Which command generates a JSON-based template that Oracle Cloud Infrastructure (OCI) CLI can use to provision

these instances on a regular basis? (Choose the best answer.)

A.      oci compute instance create--generate-cli-skeleton

B.      oci compute instance launch--generate-cli-skeleton

C.      oci compute provision-instance--generate-ful-command-json-input

D.      oci compute instance launch--generate-full-command-json-input

Answer:

D

A developer has created a file system in Oracle Cloud Infrastructure (OCI) File Storage service. She launches an Oracle

Linux compute instance and successfully mounts the file system from the instance.

She then tries writing to the file system from the compute instance using the following command:

touch /mnt/yourmountpoint/helloworld

But gets an error messag

touch: cannot touch '/mnt/yourmountpoint/helloworrld': Permission denied

Which is a reason for this error? (Choose the best answer.)

A.      "touch' command is not available in Oracle Linux by default.

B.      Service limits or quota for file system writes have been breached.

C.      User is not part of any OCI Identity and Access Management group with write permissions to File Storage service.

D.      User is connecting as the default Oracle Linux user 'opc' instead of 'root' user.


Answer:

D 


You have recently joined a startup company and quickly find that nobody is tracking the amount of money spent on Oracle Cloud Infrastructure (OCI). Seeing an opportunity to help save money you begin creating a solution to better track the cost of resources provisioned by everyone on the team.

 

Which option allows you to identify excessive spend across all resources in your tenancy? (Choose the best answer.)

 

A.      Use the Python SDK to write a custom application that will monitor the Audit log. Look for CREATE events and configure the application to send you an email each time a new resource is created.

B.      Create a tag namespace named BILLING with a Tag Key named CostCenter. Tag each of your resources with this Tag Key and the correct value.

C.      Use the Events Service and create rules that will act when a new Object Storage bucket or Compute Instance has been created. Have the rule email you each time one of these events occurs.

D.      Create a budget for each compartment that will send a notification when monthly spend reaches a pre-defined amount.


Answer:

B


You have been asked to review a network design for Oracle Cloud Infrastructure (OCI) by a major client. The client's IT team needs to provision two Virtual Cloud Networks (VCNS) for a major application. The application uses a large number of virtual machine instances. Additionally, in the future, a VCN peering will be required to allow connectivity between the VCNS. Which of the following are valid IP ranges to consider? (Choose the best answer.)

A.      10.0.0.0/30 and 192.168.0.0/30

B.      10.0.0.0/8 and 11.0.0.0/8

C.      10.0.8.0/21 and 10.0.16.0/22

D.      10000/16 and 10 0 64 0/24

Answer:

C


You have created the following JSON file to specify a lifecycle policy for one of your object storage buckets:


How will this policy affect the objects that are stored in the bucket? (Choose the best answer.)

A.      Objects with the prefix "LOGS" will be retained for 120 days and then deleted permanently.

B.      Objects containing the name prefix LOGS will be automatically migrated from standard Storage to Archive storage 30 days after the creation date. The object will be deleted 120 days after creation.

C.      The objects with prefix "LOGS" will be deleted 30 days after creation date.

D.      Objects containing the name prefix LOGSS will be automatically migrated from standard Storage to Archive storage 30 days after the creation date. The object will be migrated back to standard Storage 120 days after creation.

 Answer:

B


You have set an alarm to be generated when the CPU usage of a specified instance is greater than 10%. In the 

alarm behavior view below you notice that the critical condition happened around 23:30. You were expecting a 

notification after 1 minute, however, the alarm firing state did not begin until 23:33.


What should you change to fix it? (Choose the best answer.)

A.      Change the alarm's metric interval to 1.

B.      Change the alarm condition to be grater than 3%.

C.      Change the notification topic that you previously associated with the alarm.

D.      Change the alarm's trigger delay minutes value to 1.


 Answer:

D 


You have been asked to ensure that in-transit communication between an Oracle Cloud Infrastructure (OCI) compute instance and an on-premises server (192.168.10.10/32) is encrypted. The instances communicate using HTTP. The OCI Virtual Cloud Network (VCN) is connected to the on-premises network by two separate connections: a Dynamic IPsec VPN tunnel and a FastConnect virtual circuit. No static configuration has been added.

What solution should you recommend? (Choose the best answer.)

A.      The instances will communicate by default over IPsec VPN, which ensures data is encrypted in-transit.

B.      Advertise a 192.168.10.10/32 route over the VPN.

C.      Advertise a 192.168.10.10/32 router over the FastConnect.

D.      The instances will communicate by default over the FastConnect private virtual circuit, which

E.       ensures data is encrypted in-transit.


 Answer:

B


You have created a group for several auditors. You assign the following policies to the group:


 What actions are the auditors allowed to perform within your tenancy? (Choose the best answer.)

A.      The Auditors can view resources in the tenancy.

B.      Auditors are able to create new instances in the tenancy.

C.      The Auditors are able to delete resource in the tenancy.

D.      Auditors are able to view all resources in the compartment.


 Answer:

A


You have a web application running on Oracle Cloud Infrastructure (OCI) that lets users log in with a username and password. You notice that an attacker has tried to use SQL comment -" to alter the database query, remove the password check and log in as a user. You decide to prevent any future attacks.

Which of the following OCI services or features would you choose to safeguard your application?

(Choose the best answer.)

A.      Network Security Group

B.      Data Safe

C.      Web Application Firewall (WAF) 

D.      Vault 


 Answer:

C


One of the compute instances that you have deployed on Oracle Cloud Infrastructure (OCI) is malfunctioning. You have created a console connection to remotely troubleshoot it.

Which two statements about console connections are TRUE? (Choose two.)

A.      It is not possible to use VNC console connections to connect to Bare Metal Instances.

B.      VNC console connection uses SSH port forwarding to create a secure connection from your local system to the VNC server attached to your instance's console.

C.      It is not possible to connect to the serial console to an instance running Microsoft Windows however VNC console connection can be used.

D.      For security purpose, the console connection will not let you edit system configuration files.

E.       If you do not disconnect from the session, your serial console connection will automatically be terminated after 24 hours.

  Answer:

B,E


You have created an Autonomous Data Warehouse (ADW) service in your company's Oracle Cloud Infrastructure (OCI) tenancy, and you now have to load historical data into it. You have already extracted this historical data from multiple data marts and data warehouses. This data is stored in multiple CSV text files and these files are ranging in size from 25 MB to 20 GB.

Which is the most efficient and error tolerant method for loading data into ADw? (Choose the best answer.)

A.      Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL,   using the web console upload the CsV files to an OCI object storage bucket, create the tables in the ADW database and   then execute DBMS_CLOUD.COPY_DATA for each CSV file to copy the contents into the corresponding ADW database table.

B.      Create the tables in the ADW database and then execute SQL*Loader for each CSV file to load the contents into the corresponding ADW database table.

C.      Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL, using OCI CLI upload the CSV files to an OCI object storage bucket, create the tables in the ADW database and then execute Data Pump Import for each CSV file to copy the contents into the corresponding ADW database table.

D.      Create Auth token, use it to create an object storage credential by executing DBMS_CLOUD.CREATE_CREDENTIAL, using OCI CLI upload the CSV files to an OCI object storage bucket, create the tables in the ADW database and then execute DBMS_CLOUD.COPY DATA for each CSV file to copy the contents into the corresponding ADW database table.

Answer:

D

 You are using the Oracle Cloud Infrastructure Command Line Interface to launch a Linux virtual machine. You enter the following command (with correct values for all parameters):



The command fails.

Which is NOT a valid parameter in this command? (Choose the best answer.)

A.      -t <tenancy_id>

B.      --image-id <image_id>

C.      --shape "<shape_name>"

D.      -c <compartment_id>

E.       --subnet-id <subnet_id>

Answer:

A


You have received an email from your manager to provision new resources on Oracle Cloud Infrastructure (OCI). When researching OCI, you determined that you should use OCI Resource Manager. Since this is a task that will be done multiple times for development, test, and production. You will need to create a command that can be re-used.

Which CLI command can be used in this situation? (Choose the best answer.)

a.       oci resource-manager stack create -tenancy-id <tenancy_OCID> \

-config-source prod.zip -variables fil/variables.json I

-display-name Production stack build \

-description Creating new Production environment

b.       oci resource-manager stack update -compartment-id <compartment_OCID> \

-config-source prod.zip -variables fil//variables.json \

-display-name "Production stack build" |

-description Creating new Production environment

c.       oci resource-manager stack create -compartment-id <compartment_OCID> \

-config-source prod.zip -variables fil/variables.json \

-display-name Production stack build \

-description Creating new Production environment

d.       oci resource-manager stack update -tenancy-id <tenancy_OCID> \

-config-source prod.zip -variables fil//variables.json \

-display-name "Production stack build" \

-description Creating new Production environment


Answer:

B


You are asked to deploy a new application that has been designed to scale horizontally. The business

stakeholders have asked that the application be deployed in us-phoenix-1.

Normal usage requires 2 OCPUS. You expect to have few spikes during the week, that will require up to 4 OCPUS, and a major usage uptick at the end of each month that will require 8 OCPUS.

What is the most cost-effective approach to implement a highly available and scalable solution? (Choose the best answer.)

A.      Create an instance pool with a VM.Standard2.2 shape instance configuration. Setup the autoscaling configuration to use 2 availability domains and have a minimum of 2 instances, to handle the weekly spikes, and a maximum of 4 instances.

B.      Create an instance with 1 OCPU shape. Use the Resize Instance action to scale up to a larger shape when more resources are needed.

C.      Create an instance with 1 OCPU shape. Use a CLI script to clone it when more resources are needed.

D.      Create an instance pool with a VM.Standard2.1 shape instance configuration. Setup the autoscaling  configuration to use 2 availability domains and have a minimum of 2 instances and a maximum of 8 instances.

 Answer:

D


You have been asked to set up connectivity between a client's on-premises network and Oracle Cloud Infrastructure (OCI).

The requirements are:

  •  Low latency: The applications are financial and require low latency connectivity into OCI.
  •  Consistency: The application isn't tolerant of performance variation.
  •  Performance: The communications link needs to support up to 1.25 Gbps.
  •  Encryption: The communications link needs to encrypt any data in transit between the on-premises network and OCI Virtual Cloud Network (VCN).

The client wants to implement the above with as low a cost as possible, while meeting all of the requirements. What should

you suggest? (Choose the best answer.)

A.      Provision FastConnect with a single private virtual circuit and run an IPsec VPN tunnel over the top of this virtual circuit.

B.      Provision FastConnect with a single public virtual circuit.

C.      Provision a site-to-site IPsec VPN between your on-premises network and your virtual cloud network (VCN) using VPN Connect.

D.      Provision FastConnect with a single private virtual circuit.

E.       Provision FastConnect with a single public virtual circuit and run an IPsec VPN tunnel over the top of this virtual circuit.


 Answer:

E


Which two statements about the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI)

are TRUE? (Choose two.)

A.      You can run CLI commands from inside OCI Regions only.

B.      You can filter CLI output using the JMESPath query option for JSON.

C.      The CLI provides an automatic way to connect with instances provisioned on OCI.

D.      The CLI allows you to use the Python language to interact with OCI APIS.

E.       The CLI provides the same core functionality as the Console, plus additional commands.

 Answer:

B,E


You have a Linux compute instance located in a public subnet in a VCN which hosts a web application. The security list attached to subnet containing the compute instance has the following stateful ingress rule.

 The Route table attached to the Public subnet is shown below. You can establish an SSH connection into the compute instance from the internet. However, you are not able to connect to the web server using your web browser.

Which step will resolve the issue? (Choose the best answer.)

A.      In the route table, add a rule for your default traffic to be routed to NAT gateway.

B.      In the security list, add an ingress rule for port 80 (http).

C.      In the security list, remove the ssh rule.

D.      In the route table, add a rule for your default traffic to be routed to service gateway.


 Answer:

B


Your company recently adopted a hybrid cloud architecture which requires them to migrate some of their on-premises web applications to Oracle Cloud Infrastructure (OCI). You created a Terraform template which automatically provisions OCI resources such as compute instances, load balancer, and a database instance. After running the stack using the terraform apply command, it successfully launched the compute instances and the load balancer, but it failed to create a new database instance with the following error:

Service error: NotAuthorizedOrNotFound. shape VM.Standard2.4 not found. http status code: 404

You discovered that the resource quotas assigned to your compartment prevent you from using VM.Standard2.4 instance shapes available in your tenancy. You edit the Terraform script and replace the shape with VM.Standard2.2

Which option would you recommend to re-run the terraform command to have required OCI resources provisioned with the least effort? (Choose the best answer.)

A.      terraform plan -target=Doci_database_db_system.db_system

B.      terraform apply-auto-approve

C.      terraform refresh -target=Doci_database_db_system.db_system

D.      terraform apply-targetoci_database_db_system.db_system

 Answer:

B


You have been monitoring your company's applications running in Oracle Cloud Infrastructure (OCI) and notice that the application is using OCI Traffic Management service. This service uses a traffic steering policy to distribute the DNS traffic based on subnet addresses in a rule set.

Which steering policy is in use in this case? (Choose the best answer.)

A.      Load Balancing policy

B.      Geolocation steering

C.      ASN steering policy

D.      IP Prefix steering

 Answer:

D 


You are working as a Cloud Operations Administrator for your company. They have different Oracle

Cloud Infrastructure (OCI) tenancies for development and production workloads. Each tenancy has resources in two regions-uk-london-1 and eu-frankfurt-1. You are asked to manage all resources and to automate all the tasks using OCI Command Line Interface (CLI).

Which is the most efficient method to manage multiple environments using OCI CLI?

A.      Create environment variables for the sets of credentials that align to each combination of tenancy, region, and environment.

B.      Use OCI CLI profiles to create multiple sets of credentials in your config file, and reference the appropriate profile at runtime.

C.      Run oci setup config to create new credentials for each environment every time you want to access the environment.

D.      Use different bash terminals for each environment.

Answer

B

 

Recently, your e-commerce web application has been receiving significantly more traffic than usual. Users are reporting they often encounter a 503 Service Error when trying to access your site. Sometimes the site is very slow.

You check your instance pool configuration to confirm that the maximum number of instances is configured to allow 20 compute instances. Currently, 14 compute instances have been provisioned by the instance pool. You also confirm that current CPU utilization across all hosts exceeds the scale-out threshold you set in your auto-scaling policy.

However, the instance pool is not provisioning any new instances.

What can you check to determine why the application is NOT functioning properly?

A.      verify that the new offer feature code did not introduce any performance bugs.

B.      Verify that the Quality Assurance team is not currently performing load-testing against production.

C.      Verify that the database is accessible.

D.      Verify that the compute resource quota has not been exceeded.

Answer

D

Which technique does NOT help you get the optimal performance out of the Oracle Cloud Infrastructure (OCI) File Storage service?

A.      Limit access to the sarme Availability Domain (AD) as the File Storage service where possible.

B.      Right size compute instances from where file system is accessed based on their network capacity.

C.      Increase concurrency by using multiple threads, multiple clients, and multiple mount targets.

D.      Serialize operations to the file system to access consecutive blocks as much as possible.

 

Answer

D

 

You are using Oracle Cloud Infrastructure (OCI) console to set up an alarm on a budget to track your OCI spending.

Which two are valid targets for creating a budget in OCI?

(Choose all correct answers)

A.      Select Compartment as the type of target for your budget.

B.      Select user as the type of target for your budget.

C.      Select Cost-Tracking Tags as the type of target for your budget.

D.      Select group as the type of target for your budget.

E.       Select Tenancy as the type of target for your budget.

 

Answer

A,C

 

You are asked to implement the disaster recovery (DR) and business continuity requirements for Oracle Cloud Infrastructure (OCI) Block Volumes. Two OCI regions being used: a primary/source region and a DR/destination region. The requirements are:

   • There should be a copy of data in the destination region to use if a region-wide disaster occurs in the source region

  • Minimize costs

Which design will help you meet these requirements?

A.      Clone block volumes. Copy block volume clones from source region to destination region at regular intervals.

B.      Clone block volumes. Use Object Storage lifecycle management to automatically move clone objects to Archive Storage Copy Archive Storage buckets from source region to destination at regular intervals.

C.      Back up block volumes. Use Object Storage lifecycle management to automatically move backup objects to Archive Storage. Copy Archive Storage buckets from source region to destination at regular intervals.

D.      Back up block volumes. Copy block volume backups from source region to destination region at regular intervals.

 

Answer

C

 

You are launching a Windows server in your Oracle Cloud Infrastructure  (OCI) tenancy. You provided a startup script during instance initialization, but it was not executed successfully.

What is a possible reason for this error?

A.      Wrote a custom script which tried to install GPU drivers.

B.      Specified a #directive on the first line of your script.

C.      Didn't include anything in user_data.

D.      Ran a cloudbase-init Script instead of cloud-init.

 

Answer

D

 

The boot volume on your Oracle Linux instance has run out of space. Your application has crashed due to a lack of swap space, forcing you to increase the size of the boot volume.

Which step should NOT be included in the process used to solve the issue?

A.      Reattach the boot volume and restart the instance.

B.      Create a RAID O configuration to extend the boot volume file system onto another block volume.

C.      Attach the resized boot volume to a second instance as a data volume: extend the partition and grow the file system on the resized boot volume.

D.      Resize the boot volume by specifying a larger value than the boot volume's current size.

E.       Stop the instance and detach the boot volume.

 

 

Answer

B

 

Which statement about Oracle Cloud Infrastructure paravirtualized block volume attachments is TRUE?

A.      Paravirtualized volumes may reduce the maximum IOPS performance for larger block volumes.

B.      Paravirtualized is required to manage ISCSI configuration for virtual machine instances.

C.      Paravirtualized volumes become immediately available on bare metal compute instances.

D.      Paravirtualization utilizes the internal storage stack of compute instance OS and network hardware virtualization to access block volumes.

 

Answer

A

 

You created an Oracle Linux compute instance through the Oracle Cloud Infrastructure  (OCI) management console then immediately realize you forgot to add an SSH key file. You notice that OCI compute service provides instance console connections that supports adding SSH keys for a running instance. Hence, you created the console connection for your Linux server and activated it using the connection string provided. However, now you get prompted for a username and password to login.

What option should you recommend to add the SSH key to your running instance, while minimizing the administrative overhead?

A.      You need to configure the boot loader to use ttyS0 as a console terminal on the VM.

B.      You need to reboot the instance from the console, boot into the bash shell in maintenance mode, and add SSH keys for the opc user.

C.      You need to modify the serial console connection string to include the identity file flag, -i to specify the SSH key to use.

D.      You need to terminate the running instance and recreate it by providing the SSH key file.

 

Answer

B

 

You have created several block volumes in the us-phoenix-1 region in a specific compartment. The compartment can be identified by the following Oracle Cloud Infrastructure  (OCI) unique identifier, or OCID:

ocidl.compartment.ocl.phx..exampleuniqueID

Your manager has asked you to leverage the OCI monitoring service and write a metric query showing all read IOPS at a one-minute interval, filtered to this compartment and aggregated for the maximum.

Which metric query will you create?

A.      lopsWrite(1m}{compartmentid="ocid1.compartment.oc1.phx.exampleuniquelD").mean)

B.      lopsRead[1m{compartmentid="ocid1.compartment.oct.phx.exampleuniquelD")-grouping().max()

C.      lopsRead[1m}{compartmentid="ocid1.compartment.oct.phx.exarmpleuniquelD").max()

D.      lopsRead[1m}{compartmentid="ocid1.compartment.oct.phx.exarmpleuniquelD").grouping().mean()

 

Answer

B

 

You are a Cloud Operations administrator who has recently joined a new department. You have created 10 Terraform stacks using Oracle Cloud Infrastructure (OCI) resource manager. Each stack creates a different set of resources in OCI for your development team.

What determines the cost of these Terraform stacks?

A.      The number of lines of text in your Terraform configuration files.

B.      The length of time it takes to build each resource using these Terraform stacks.

C.      Resource manager stacks are free but you are charged for the resources they create.

D.      The cost for each stack will be higher for pay as you go (PAYG) than for monthly flex billing.

 

Answer

C

 

 

 

 

You have been brought in to help secure an existing application that leverages Object Storage buckets to distribute content. The data is currently being shared from public buckets and the security team is not satisfied with this approach. They have stated that all data must be stored in object storage buckets. Your application should be able to provide secure access to the data. The URL that is provided for access to the data must be rotated every 30 days.

Which design option will meet these requirements?

A.      Create a private bucket only to share the data.

B.      Create multiple buckets and classify them as Public and Private. Use public bucket for non-sensitive data and private bucket for sensitive data.

C.      Create a new group and map users to this group. create a IAM policy providing access to Object Storage service only to this group. Users can then simply login to OCI console and retrieve needed files.

D.      Use pre-Authenticated request, even though  there will be multiple URLs this will provide better security.

 

Answer

D

 

You have been asked to update the lifecycle policy for object storage using the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI).

Which command can successfully update the policy?

A.      oci os object-lifecycle-policy put-ns <object storage namespace -bn <bucket name> -items <json formatted_lifecycle_policy>

B.      oci os object-lifecycle policy put -ns <object_storage namespace bn <bucket_name>

C.      oci os object-lifecycle policy delete -ns <object storage_namespace -bn <bucket_name>

D.      oci os object-lifecycle-policy get-ns <object storage_namespace -bn <bucket_name>

 

Answer

A

 

Several development teams in your company have each been provided with a budget and a dedicated compartment to be used for testing purpose. You are asked to help them to control the costs and avoid any overspending.

What should you do?

A.      Configure a Quota for each compartment to prevent provisioning of any bare metal instances.

B.      Associate a Budget Tag to each resource with monthly budget amount and use that information to prepare a weekly report to send to each team.

C.      Contact Oracle support and ask them to associate the monthly budget with the Service Limits in every region for which your tenancy is subscribed. The tenancy administrator will receive an alert email from Oracle when the limit is reached.

D.      Associate a Budget Tag to each compartment with the monthly budget amount and set an alert rule to notify the developers teams when they reached a specific percentage of the budget.

 

Answer

B

You have ordered two FastConnect connections that provide a high availability connection architecture between your on-premises data center and Oracle Cloud Infrastructure (OCI). You want to run these connections in an ACTIVE/PASSIVE architecture.

How can you accomplish this?

A.      Adjust one of the connections to have a higher ASN.

B.      Enable BGP on the FastConnect that you want as the ACTIVE connection.

C.      Use AS PATH prepending with your routes.

D.      Decrease the prefix length of AS for the FastConnect you want to use as PASSIVE connection.

 

Answer

C

 

The tenancy has the following policies defined for compartments Project A and Project B:

 Policy1: Allow group G1 to manage instance-family in compartment HR: Project A

Policy2: A1low group G2 to manage instance-family in compartment HR: Project B

Which two statements describe the impacts after the compartment Team_x is moved?

A.      Group G1 can now manage instance families in compartment Project A, compartment Project and compartment Team_x

B.      Group G2 can now manage instance-families in compartment Project_B. compartment Project A and compartment Team_x

C.      Group G2 can now manage instance-families in compartment Project_A but not in compartment Team X

D.      Group G1 can now manage instance-families in compartment Project_A but not in compartment Team_X

E.       Group G2 can now manage instance families in compartment Project_B and compartment Team_X

 

Answer

D,E

 

Security Testing Policy describes when and how you may conduct certain types of security testing of Oracle Cloud Services, including vulnerability and penetration tests, as well as tests involving data scraping tools.

What does Oracle allow as part of this testing?

A.      Customers are allowed to use their own testing and monitoring tools.

B.      Customers can simulate DoS attack scenarios as long as it's restricted to the customer's own environment.

C.      Customers can validate that their network resources are isolated from other customer resources.

D.      Customers are allowed to test Oracle Cloud Infrastructure (OCI) hardware related to resources in their tenancy.

 

Answer

A

 

You have a 750 MIB file in an Oracle Cloud Infrastructure (OCI) Object Storage bucket. You want to download the file in multiple parts to speed up the download using the OCI CLI, You also want to configure each part size to be 128 MIB.

Which is the correct OCI CLI command for this operation?

A.      oci on object download -ns my namespace -bn my bucket-name my-large-object -reaume-put-- multipart-download-threshold 500 -part-size 128

B.      oci os object get -n my-name apace -bn mybucket ame my-larqe-object --multipart-download-threehold 500 –part-size 128

C.      oci os object download -ns my-namespace -bn my-bucket-name my-large-object-multipart-download threshold 750-parallel-download-count 128

D.      oci os object get na my-namespace -bn my bucket -- name my-large-object-multipart-download threshold 750 --parallel-download-count 128

 

Answer

B

 

An insurance company has contracted you to help automate their application business continuity plan. They have the application running in eu-frankfurt-1 as the primary site and uk-london-1 as a disaster recovery site. Normally they have a DNS A record associated with the IP address of the primary endpoint in eu-frankfurt-1. In the event of a disaster, they use OCI DNS Zone Management to update the A record and replace it with the IP address of the endpoint in uk-london-1.

How can you automate the failover process?

A.      Create a Traffic Management Steering policy and attach it to a backend set with the backend servers from both eu frankfurt and uk-london-1 regions

B.      Create a Health Check that evaluates both regional endpoints. Create a Traffic Management Steering pacy with Failover type and associate it with the Health Check.

C.      Provision a Load Balancer in Frankfurt and associate it with the A record in DNS, Create a backend set with backend servers from both eu-frankfurt-1 and uk-london-1 regions.

D.      Create a Traffic Management Steering policy with Load Balancer type and add both eu-frankfurt-1 and uk london-1 endpoints. Attach the Traffic Management Steering policy to the A record.

 

Answer

B

Multiple teams are sharing a tenancy in Oracle Cloud Infrastructure (OCI). You are asked to figure out an appropriate method to manage OCI costs.

Which is NOT valid technique to accurately attribute costs to resources used by each team?

A.      Define and use tags for resources used by each team. Analyze usage data from the OCI Usage Report which has detailed information about resources and tags.

B.      Create a Cost-Tracking tag. Apply this tag to all resources with team information. Use the OCI cost analysis tools to filter costs by tags.

C.      create separate compartment for each team. Use the OCI cost analysis tools to filter costs by compartments.

D.      Create an identity and Access Management (IAM) group for each team. Create an OCI budget for each group to track spending.

 

Answer

D

 

You have a group of developers who launch multiple VM.Standard2.2 compute instances every day into the compartment Dev. As a result, your OCI tenancy quickly hit the service limit for this shape. Other groups can no longer create new instances using VM.Standard2.2 shape.

Because of this, your company has issued a new mandate that the Dev compartment must include a quota to allow for use of only 20 VM.Standard2.2 shapes per Availability Domain. Your solution should not affect any other compartment in the tenancy.

Which quota statement should be used to implement this new requirement?

A.      set compute quota vm-standard2-2-count to 20 in compartment dey where request.regionas-phoenix-1

B.      set compute quota vm-atandard2-2-count to 20 in compartment dev

C.      zero compute quotas in tenancy at compute quota v-atandard2-2-count to 20 in compartment dev

D.      zero compute quotas an tenancy set compute quota vi standard2-2-count to 20 in tenancy dev.

 

 

Answer

B

A subscriber of an Oracle Cloud Infrastructure (OCI) Notifications service topic complained about not receiving messages from the service.

Which option can help you debug this issue?

A.      if OCI Notifications service does not receive an acknowledgement from a subscriptiorn endpoint, the service tries to redeliver messages for up to one day. Make sure that the subscriber is online at least once a day to help debug the issue.

B.      If OCI Notifications service does not receive an acknowledgement from a subscription endpoint, check the Number of NotificationFailed metric through the OC Monitoring service for failed messages. Copy these messages to an OC Object Storage bucket. Make sure the subscriber has the required credentials to access this bucket to help debug the issue.

C.      If OCI Notifications service does not receive an acknowledgement from a subscription endpoint, the service tries to redeliver messages for up to two hours. Configure an alarm on the sumberOfNotification failed metric through the OC) Monitoring service to help debug the issue.

D.      If OCI Notifications service does not receive an acknowledgement from a subscription endpoint, the service drops the message. Confirm that the subscriber is always online to receive messages to help debug the issue.

 

Answer

C

 

Your team implemented a Saas application that requires a whole system deployment for each new customer. The infrastructure provisioning is already automnated via Terraform, and now you have been asked to develop an Ansible playbook to centralize configuration file managerment and deployment.

What is the most effective way to ensure your playbooks are utilizing up-to-date and accurate inventory?

A.      Export an inventory list from the Oracle Cloud Infrastructure Web console.

B.      Implement a Command Line Interface script to list all the resources and run it within Ansible to generate a dynamic inventory list.

C.      Export an inventory list using Terraform apply command.

D.      Download the dynamic inventory script provided by Oracle Cloud Infrastructure and include it in the playbook invocation command.

 

Answer

D

 

 

 

 

You are using Oracle Cloud Infrastructure (OCI) services across several regions: us phoenix-1, us-ashburn-1, uk-london-1 and ap-tokyo-1. You have created a separate administrator group for each region: PHX-Admins, ASH-Admins, LHR-Admins and NRT-Admins, respectively.

You want to restrict admin access to a specific region. E.g., PHX-Admins should be able to manage all resources in the us-phoenix-1 region only and not any other OCI regions.

What IAM policy syntax is required to restrict PHX-Admins to manage OCI resources in the us-phoenix-1 region only?

 

A.      Allow group PHX-Admins to manage all-resources in tenancy where request. location=’phx’

B.      Allow group PHX-Admine to manage all-resources in tenancy where request.permission=’phx’

C.      Allow group PEX-Admins to manage all-resourcer in tenancy where requeat.target=’phx’

D.      Allow group PHX-Admins to manage all-resources in tenancy where request.region=’phx’

 

Answer

D

 

Your deployment platform within Oracle Cloud Infrastructure (OCI) leverages a compute instance with multiple block volumes attached. There are multiple tearns that use the same compute instance and have access to these block volumes. You want to ensure that no one accidentally deletes any of these block volumes. You have started to construct the following IAM policy but need to determine which permissions should be used.

allow group Deploymentusers to manage volume-family where ANY { request.permission 1= <???>, raquest-permi ssion 1= <???>, request.perission 1= <???> )

Which permissions can you use in place of <777> in this policy?

A.      VOLUME DELETE, VOLUME ATTACHMENT_DELETE, VOLUME BACKUP DELETE

B.      VOLUME ERASE, VOLUME ATTACHMENT ERASE, VOLUME BACKUP ERASE

C.      DELETE VOLUME DELETE VOLUME ATTACHMENT. DELETE VOLUME BACKUP

D.      ERASE VOLUME, ERASE VOLUME ATTACHMENT, FRASE VOLUME BACKUP

 

Answer

A

You set up a bastion host in your VCN to only allow your IP address (140.19.2.140) to establish SSH connections to your Compute instances that are deployed in a private subnet. The Compute instances have an attached Network Security Group with a Source TypeNotwork Security Group (NIG), Source NSGaNBG-050504. To secure the bastion host, you added the following ingress rules to its Network Security Group:

Type: All TCP

Protocol: TrCP

Port Range: 22

Source: 140.19.2.140/32

Type: All TCP

Protocol: TCP

Port Range: 22

Source: NSG-050504

However, after checking the bastion host logs, you discovered that there are IP addresses other than your own that can access your bastion host.

What is the root cause of this issue?

A.      The port 22 provides unrestricted access to 140.19.2.140 and to other IP address.

B.      The Security List allows access to all IP address which overrides the Network Security Group ingress rules.

C.      All compute instances associated with NSG-050504 are also able to connect to the bastion host.

D.      A netmask of/32 allows all IP address in the 140.19.2.0 network, other than your IP 149.19.2.140

 

Answer

C

 

What is a key benefit of using Oracle Cloud Infrastructure's Resource Manager for your Terraform provisioning and management activities?

A.      Resource Manager has administrative privileges by design. Even if your IAM user does not have access, you can leverage Resource Manager to provision new resources to any compartment in the Tenancy.

B.      You can use Resource Manager to apply patches to all existing Oracle Linux instances in a specified compartment.

C.      You can use Resource Manager to identify and maintain an inventory of all Compute and Database instances across your tenancy.

D.      Resource Manager manages the Terraform state file for your infrastructure and locks the file so that only one job at a time can run on a given stack.

 

Answer

B

 

I hope it's helpful for you. If you have any queries, don't hesitate to contact me.

Name : Muhammad Sahal Qasim
E-mail : s.m.sahal789@gmail.com
Thank you.

0 comments:

Post a Comment

If you have any doubts, please let me know. I will help you.