In order to achieve this, they will divert only 40% of the
traffic to the new Apache Tomcat web servers running on OCI and serve the
remaining 60% traffic through their on-premises infrastructure. Once the
migration is complete and application works fine, they will divert all traffic
to OCI.
How can these requirements be met with the LEAST amount of
effort?
A.
Use OCI Traffic management service with failover
steering policy and distribute the traffic between OC1 and on premises
infrastructure.
B. Use OCI Traffic management
service with Load Balancing steering policy and distribute the traffic between
OCI and on premises infrastructure.
C.
Use an OCI load Balancer and distribute the
traffic between OCI and on premises infrastructure.
D.
Use VPN connectivity between on premises
Infrastructure and OCI and create routing tables to distribute the traffic
between them.
Answer
B
A company has an application that processes confidential
data. The data is currently stored in an on premises data center. A solution
architect needs to move this data to Oracle Cloud Infrastructure (OCI) Object
Storage and ensure data is encrypted in-transit to OCI.
Which two steps should the solution architect perform to set
up the most cost-effective connection between on-premises data center and OCI?
A.
Set up private endpoint for accessing Object
Storage.
B.
Attach an Internet Gateway to Virtual Cloud
network(VCN).
C. Configure a service gateway
accessing Object Storage.
D.
Set up an IPsec tunnel between the customer equ
ment and software VPN on an oci instance
E.
Configure a private peering connection on the
Oracle FastConnect
F. Set up VPN Connect between the
customer equipment and the Dynamic Routing Gateway.
Answer
C,F
You are a solutions architect for a global health care
company which has numerous data centers around the globe. Due to the
ever-growing data that your company is storing, you were instructed to set up a
durable, cost effective solution to archive your data from your existing
on-premises tape-based backup infrastructure to Oracle Cloud Infrastructure
(OCI).
What is the most-effective mechanism to implement this
requirement? (Choose the best answer.)
A.
Use the File Storage Service in OCI and copy the
data from your existing tape-based backup to the shared file system.
B.
Setup an on-premises OCI Storage Gateway which
will back up your data to OCI Object Storage Standard tier. Use Object Storage
life cycle policy management to move any data older than 30 days from Standard
to Archive tier.
C.
Setup FastConnect to connect your on-premises
network to your OCI VCN and use rsync tool to copy your data to OCI Object
Storage Archive tier.
D.
Setup an on-premises OCI Storage Gateway which
will back up your data to OCI Object Storage Standard tier.
E. Setup an on-premises OCI Storage
Gateway which will back up your data to OCI Object Storage Archive tier.
Answer
E
To serve web traffic for a popular product, your cloud
engineer has provisioned four BM.Standard2.52 instances, evenly spread across
two availability domains in the us-ashburn-1 region; Load Balancer is used to
deliver the traffic across instances.
After several months, the product grows even more popular
and you need additional compute capacity. As a result, an engineer provisioned
two additional VM.Standard2.8 instances. You register the two VM.Standard2.8
instances with your Load Balancer Backend set and quickly find that the
VM.Standard 2.8 instances are now running at 100% of CPU utilization but the
BM.Standard 2.52 instances have significant CPU capacity that's unuse
Which option is the most cost effective and uses instances
capacity most effectively? (Choose the best answer.)
A.
Configure Autoscaling instance pool with
LoadBalancerto add up to 3 more BM.Standard2.52 instances when triggered. Shut
off VM.Standard2.8 instances.
B.
Configure Load Balancer with two VM.Standard 2.8
instances and use Autoscaling instance pool to add up to two additional
VM.Standard 2.8 instances. Shut off BM.Standard2.52 instances.
C.
Route traffic to BM.Standard2.52 and VM.Standard
2.8 instances directly using DNS and Health Checks. Shut off the Load Balancer.
D. Configure your Load Balancer
with weighted round robin policy to distribute traffic to the compute
instances, with more weight assigned to bare metal instances.
Answer
D
A small business specializing in video processing wants to
leverage cloud storage in order to lower its costs. They are looking to backup
all video data generated, from an existing on-premises file server to Oracle
Cloud Infrastructure (OCI). The requirement is to setup continuous data sync as
changes are made to on premises file server. What is the most cost effective
solution for this scenario?
A.
Set up a Fastconnect virtual Circuit and nightly
back up all videos to OCI Archive Storage.
B.
Set up file storage service on OCI and mount the
file system to an instance running on-premises. Move all the data to this
on-premises instance and then sync the videos to the shared file system.
C.
Set up a VPN connect connection and back up all
videos to Object storage standard bucket. Create a lifecycle policy to move
files older than 30 days to Archive Storage.
D. Setup an on-premises OCI Storage
Gateway Cloud Sync to back up videos to OCI Object Storage Archive tier.
Answer
D
You work for a public health care company based in the
United States. Their existing patient records system runs in an on-premise data
center and the customer is sending tape backups offsite as part of their
disaster recovery planning.
You developed an alternative archival solution using Oracle
Cloud Infrastructure (OCI) that will save the company a significant amount of
money on a yearly basis.
The solution involves storing data in an OCI Object Storage
bucket. After reviewing your solution with the customer Global Risk and
Compliance (GRC) team, they highlighted four security requirements:
All data less than 1 year old must be accessible within 2
hours
All data must be retained for at least 10 years and be
accessible within 48 hours
All data must be encrypted at rest
No data may be transmitted across the public internet
Which two options meet the requirements outlined by the
customer GRC team? (Choose two.)
A.
Provision a FastConnect link to the closest OCI
region and configure a private peering virtual circuit.
B. Provision a FastConnect link to
the closest OCI region and configure a public peering virtual circuit.
C.
Create an OCI Object Storage Standard tier bucket. Configure a
lifecycle policy to archive any object that is older than 365 days. Create an
OCI Object Storage Standard tier bucket. Configure a lifecycle policy to delete
any object that is older than 7 years.
D.
Create a VPN connection between your on-premises
data center and OCI. Create a Virtual Cloud Network (VCN) along with an OCI
Service Gateway for OCI Object Storage.
Answer
B,C
You are advising the database administrator responsible for
managing non-production environment for Oracle Autonomous Database running on
Oracle Cloud Infrastructure. You need to help the database administrator ensure
that the non-production environments have a copy of the current data from the production
environment in a manner that is most time-efficient. Which method should you
recommend?
A. Create a full clone of the
production Autonomous Database and create the non-production database from it.
B.
Take a full database backup of the production
Autonomous Database and create the non-production database from it.
C.
Take a Data Pump export of the production
Autonomous Database and import into the non-production database.
D.
Create a metadata clone of the production Autonomous
Database and create the non-production database from it.
Answer
A
A large E-commerce company is looking to run seasonal
workloads in Oracle Cloud Infrastructure. The Oracle database used by their
E-commerce application can use up to 52 cores at peak workloads. Due to the
seasonal nature of the business, the database will be not be used for 10 months
in a year and can also be shut down during non-business hours.
A.
Autonomous Transaction Processing with shared Exadata infrastructure
B.
Oracle Cloud Infrastructure Exadata DB Systems
C.
Oracle Cloud Infrastructure Virtual Machine DB
Systems
D.
Oracle Cloud Infrastructure Bare Metal DB
Systems
Answer
A
You designed and deployed your Autonomous Data Warehouse
(ADW) so that it is accessible from your on-premise data center and servers
running on both private and public networks in Oracle Cloud Infrastructure
(OCI).
As you are testing the connectivity to your ADW database
from the different access paths, you notice that the server running on the
private network is unable to connect to ADW.
Which two steps do you need to take to enable connectivity
from the server on the private network to ADW? (Choose two.)
A. Add an entry in the Security
List of the ADW allowing ingress traffic for CIDR block 10.2.2.0/24
B.
Add an entry in the route table (associated with the private subnet)
with destination of 0.0.0.0/0; target type of NAT Gateway, add a stateful
egress rule to the security list (associated with the private subnet) with
destination of 0.0.0.0/0 and for all IP protocols.
C.
Add an entry in the access control list of ADW
for IP address 129.146.160.11
D.
Add an entry in the route table (associated with
the private subnet) with destination of 0.0.0.0/0; target type of Internet
Gateway, add a stateful egress rule to the security list (associated with the
private subnet) with destination of 0.0.0.0/0 and for all IP protocols.
E.
Add an entry in the access control list of ADW
for CIDR block 10.2.2.0/24.
Answer
A,B
A company has an urgent requirement to migrate 100 TB of
data to Oracle Cloud Infrastructure (OCI) in two weeks. They have a 100 Mbps
Internet line but the connection is intermittent due to problems with their
internet provider.
In this scenario, what is the most time-efficient mechanism
to migrate data to OCI?
A.
Set up an IPSec VPN tunnel between your data
center and OCI. Upload all data to OCI using OCI Storage Gateway.
B.
Set up an OCI Storage Gateway to connect your
data center to your Virtual Cloud Network and upload data.
C.
Upload data using OCI Object Storage multipart
upload capability.
D.
Set up hybrid network by launching a 1 Gbps FastConnect virtual circuit
between your data center and OCI. Use OCI Object Storage multipart upload
capability to automate the migration of your data to OCI.
E.
Use OCI File Storage Service to copy data from
your data center to OCI.
Answer
D
A company has an urgent requirement to migrate 300 TB of
data to Oracle Cloud Infrastructure (OCI) In two weeks. Their data center has
been recently struck by a massive hurricane and the building has been badly
damaged, although still operational. They have a 100 Mbps Internet line but the
connection is Intermittent due to the damages caused to the electrical grid in
this scenario, what is the most effective service to use to migrate the data to
OCI given the time constraints?
A.
Setup a OCI Storage Gateway to connect your data
center and your VCN. Once the connection has been established, upload all data
to OCI using OCI Storage Gateway Cloud Sync tool.
B.
Setup a hybrid network by launching a 1 Gbps
FastConnect virtual circuit between your data center and OCI. Use OCI Object
storage multipart upload tool to automate the migration of your data to OCI.
C.
Use multiple OCI Data Transfer Appliances to transfer data to OCI.
D.
Upload the data to OCI using OCI Object Storage
multipart upload tool.
E.
Storage Gateway to connect your data center and
your VCN. Once the connection has been established, upload all data to OCI.
Answer
C
A retail company runs their online shopping platform
entirely on Oracle cloud Infrastructure (OCI). This is a 3 tier web application
that Includes a Mbps Load Balancer. Virtual Machine Instances for web and an
Oracle DB Systems Virtual Machine Due to unprecedented growth, they noticed an
Increase in the
Incoming traffic to their website and all users start
getting 503 (Service Unavailable) errors.
What is the potential problem in this scenario?
A.
The Load Balancer health check status Indicates
critical situation for half of the backend webservers
B.
All the web servers are too busy and not able to answer any request
from users.
C.
The Database is down hence users can not access
the web site
D.
The Traffic Management Policy is not set to load
Balancer the traffic to the web servers.
E.
You did not configure a Service Gateway to allow
connection between web servers and load Balance.
Answer
B
After performing maintenance on an Oracle Linux compute
instance the system is returned to a running state You attempt to connect using
SSH but are unable to do so. You decide to create an instance console
connection to troubleshoot the issue.
Which three tasks would enable you to connect to the console
connection and begin troubleshooting?
A.
Use SSH to connect to the public address of the
compute Instance and provide the console connection OCID as the username.
B. edit the Linux boot menu to
enable access to console.
C. Use SSH to connect to the
service endpoint of the console connection service
D.
Reboot the compute instance using the Oracle Cloud Infrastructure (OCI)
Management Console
E.
Upload an API signing key for console connection
authentication.
F.
F. Stop the compute Instance using the Oracle
cloud Infrastructure (OCI) Command Line interface (CLI).
Answer
B,C,D
Multiple departments in your company use a shared Oracle
Cloud Infrastructure (OCI) tenancy to Implement their projects. You are in
charge of managing the cost of OCI resources in the tenancy and need to obtain
better Insights Into department's usage.
Which three options can you implement together to accomplish
this?
A.
Create a budget that matches your commitment amount and an alert at 100
percent of the forecast
B.
Set up a consolidated budget tracking lags to
analyze costs in 1 granular manner
C.
Set up different compartments for each department then track and
analyze cost per compartment
D.
Use the billing cost tracking report to analyze
costs
E.
Set up a tag default that automatically applies tags to all specified
resources created in a compartment then use these tags for cost analysis.
Answer
A,C,E
You work for a German company as the Lead Oracle Cloud
Infrastructure architect. You have designed a highly scalable architecture for
your company's business critical application which uses the Load Balancer
service auto which uses the Load Balancer service, autoscaling configuration
for the application servers and a 2 Node VM Oracle RAC database.
During the peak utilization period of the application you
notice that the application is running slow and customers are complaining. This
is resulting in support tickets being created for API timeouts and negative
sentiment from the customer base.
What are two possible reasons for this application slowness?
A.
Autoscaling configuration for the application
servers didn't happen due to 1AM policy that's blocking access to the
application server compartment
B.
The Load Balancer configuration is not sending
traffic to the listener of the application servers.
C. Autoscaling configuration for
the application servers didn't happen due to compartment quota breach of the VM
shapes used by the application servers.
D.
Autoscaling configuration for the application servers didn't happen due
to service limit breach of the VM shapes used by the application servers
E.
The Load Balancer doesn't have a Network
Security Group to allow traffic to the application servers.
Answer
C,D
A large London based eCommerce company is running Oracle DB
System Virtual RAC database on Oracle Cloud Infrastructure (OCI) for their
eCommerce application activity. They are launching a new product soon, which is
expected to sell in large quantities all over the world.
The application architecture should have minimal cost, no
data loss, no performance impacts during the database backup windows and should
have minimal downtime.
A.
Launch a new VM RAC database in another
availability domain, launch a compute instance, deploy Oracle GoldenGate on it
and then configure it to replicate the data from the eCommerce Database over to
the new RAC database using GoldenGate. Take backups from the new VM RAC
database.
B.
Turn off automated backups from the eCommerce
database, implement Oracle Data Guard with the Standby database deployed on
another availability domain, take backups from the standby database.
C.
Launch a new VM RAC database in another availability domain, launch a
compute instance, deploy Oracle GoldenGate on it and then configure
bi-directional replication from the eCommerce Database over to the new VM RAC
database using GoldenGate. Take backups from the new VM RAC database.
D.
Turn off automatic backups from the eCommerce
database, implement Oracle Active Data Guard with the standby database deployed
on another availability domain, and take backups from the standby database.
Answer
C
A hospital in Austin has hosted its web based medical
records portal entirely In Oracle cloud Infrastructure (OCI) using Compute
Instances for its web-tier and DB system database for its data tier. To
validate compliance with Health Insurance Portability and Accountability
(HIPAA), the security professional to check their systems.
it was found that there are a lot of unauthorized coming
requests coming from a set of IP addresses originating from a country in
Southeast Asia.
Which option can mitigate this type of attack?
A.
Block the attacking IP address by creating by
Network Security Group rule to deny access to the compute Instance where the
web server Is running
B.
Block the attacking IP address by implementing a OCI Web Application
Firewall policy using Access Control Rules
C.
Mitigate the attack by changing the Route fable
to redirect the unauthorized traffic to a dummy Compute instance
D.
Block the attacking IP address by creating a
Security List rule to deny access to the subnet where the web server Is running.
Answer
B
You have provisioned a new VM.Densel02.24 compute instance
with local NVMe drives. The compute instance is running production application.
This is a write heavy application, with a significant Impact to the business it
the application goes down.
What should you do to help maintain write performance and
protect against NVMe devices failure.
A.
NVMe drive have built in capability to recover
themself, so no other actions are required
B.
Configure RAID 6 for NVMe devices.
C.
Configure RAID 1 for NVMe devices.
D.
Configure RAID 10 for NVMe devices
Answer
D
You are working as a cloud consultant for a major media
company. In the US and your client requested to consolidate all of their log
streams, access logs, application logs, and security logs into a single system.
The client wants to analyze all of their logs In real-time based on heuristics
and the result should be validated as well. This validation process requires
going back to data samples extracted from the last 8 hours. What approach
should you take for this scenario?
A.
Create an auto scaling pool of syslog-enabled
servers using compute instances which will store the logs In Object storage,
then use map reduce jobs to extract logs from dject storage, and apply
heuristics on the logs.
B.
Create a bare-metal instance big enough to host
a syslog enabled server to process the logs and store logs on the locally
attached NVMe SSDs for rapid retrieval of logs when needed.
C.
Set up an OCI Audit service and ingest all the
API arils from Audit service pragmatically to a client side application to
apply heuristics and save the result in an OCI Object storage.
D.
Stream all the logs and cloud events of Events service to Oracle
Streaming Service. Build a client process that will apply heuristics on the
logs and store them in an Object Storage.
Answer
D
You are working as a solution architect with a global
automotive provider who is looking to create a multi-cloud solution They want
to run their application tier in Microsoft Azure while utilizing the Oracle DB
Systems in the Oracle Cloud Infrastructure (OCI).
What is the most fault tolerant and secure solution for this
customer?
A.
Create an Oracle database in OCI Virtual Cloud
Network (VCN) and connect to the application tier running In Microsoft Azure
over the Internet.
B.
Create a FastConnect virtual circuit and choose Microsoft Azure from
the list of providers available to setup Network connectivity between
application tier running in Microsoft Azure Virtual Network and Oracle
Databases running In OCI Virtual Cloud (VCN)
C.
Use OCI Virtual Cloud Network remote peering
connection to create connectivity among application tier running in
D.
Microsoft Azure Virtual Network and Oracle
Databases running in OCI Virtual Cloud Network (VCN).
E.
Create a VPN connection between the application
tie, running in Azure Virtual Network and Oracle Databases running In OCL
Virtual Cloud Network (CN).
Answer
B
The Finance department of your company has reached out to
you. They have customer sensitive data on compute Instances In Oracle Cloud
Infrastructure (OCI) which they want to store in OCI Storage for long term
retention and archival.
To meet security requirements they want to ensure this data
is NOT transferred over public internet, even if encrypted. which they want to
store In OCI Object Storage for long term retention and archival. To meet
security requirements they want to ensure this data is NOT transferred over
public Internet, even it encrypted. Which option meets this requirements?
A.
Configure a NAT instance and all traffic between
compute In Private subnet should use this NAT instance with Private IP as the
route target.
B.
Use NAT gateway with appropriate route table
when transferring data. Then use NAT gateways' toggle (on/off) once data
transfer is complete.
C.
Use Service gateway with appropriate route table.
D.
Use Storage gateway with appropriate firewall
rule.
Answer
C
A civil engineering company is running an online portal in
which engineers can upload their constructions photos, videos, and other
digital files.
There is a new requirement for you to implement: the online
portal must offload the digital content to an Object Storage bucket for a
period of 72 hours. After the provided time limit has elapsed, the portal will
hold all the digital content locally and wait for the next offload period.
Which option fulfills this requirement? (Choose the best
answer.)
A.
Create a pre-authenticated URL for the entire
Object Storage bucket to read and list the content with an expiration of 72
hours.
B.
Create a Dynamic Group with matching rule for
the portal compute instance and grant access to the Object Storage bucket for
72 hours.
C.
Create a pre-authenticated URL for the entire Object Storage bucket to
write content with an expiration of 72 hours.
D.
Create a pre-authenticated URL for each object
that is uploaded to the Object Storage bucket with an expiration of 72 hours.
Answer
C
A data analytics company has been building Its now
generation big data and analytics platform on Oracle Cloud Infrastructure
(OCI). They need a storage service that provide the scale and performance that
their big data applications require such as high throughput to compute nodes
with low latency file operations in addition, their data needs to be stored
redundantly across multiple nodes In a single availability domain and allows
concurrent connections from multiple compute Instances hosted on multiple
availability domains. Which OCI storage service can you use to meet this
requirement?
A.
Object Storage
B.
File System Storage
C.
Archive storage
D.
Block Volume
Answer
B
Your company needs to migrate a business critical
application from your data center to Oracle Cloud Infrastructure (OCI). The
application runs on Oracle
Database and both the application and database servers run
on Oracle Linux version 7. The application server is WebLogic server running on
multiple 4-core servers and the database is deployed as an Oracle Database
Enterprise Edition RAC database on 2 servers (4-cores each).
Which method of database migration should you choose so that
the application has minimal impact? (Choose the best answer.)
A.
Deploy Virtual Machine RAC DB system on OCI and
use the Oracle Database Backup module with RMAN to migrate the data from
customer on-premises to OCI.
B.
Deploy Virtual Machine RAC DB system on OCI and use the ZDM tool for
the database migration.
C.
Deploy Autonomous Transaction Processing Database
on OCI and use the MV2ADB tool for the database migration.
D.
Deploy Exadata Cloud Service Base rack and use
Oracle Data Pump tool to migrate the data from customer on-premises to OCI.
Answer
B
You are responsible for migrating your on-premises legacy
databases on 11.2.0.4 version to Autonomous Transaction Processing - Dedicated
(ATP-D) in Oracle
Cloud Infrastructure (OCI). As a solution architect, you
need to plan your migration approach. Which two options do you need to
implement together to migrate your on-premises databases to OCI? (Choose two.)
A. Use Oracle Golden Gate
replication to keep on-premises database online during migration.
B.
Convert on-premises databases to PDB, upgrade to 19c, and encrypt.
C.
Use Oracle Data Guard to keep on-pre database
always active during migration.
D.
Retain changes to Oracle shipped privileges,
stored procedures or views in the on-premises databases.
E.
Retain all legacy structures and unsupported
features (e.g. legacy LOBS) in the on-premises databases migration.
Answer
A,B
A retail company has several on-premises data centers which
span multiple geographical locations. They plan to move some of their
applications from on-premises data centers to Oracle Cloud Infrastructure
(OCI). For these applications running in OCI, they still need to interact with
applications running on their on-premises data centers to Oracle Cloud
Infrastructure (OCI). for these applications running in OCI. they still need to
interact with applications running on their on-premises data centers. These applications
require highly available, fault-tolerant network connections between on
premises data centers and OCI.
Which option should you recommend to provide the highest
level of redundancy?
A.
Oracle cloud Infrastructure provides network
redundancy by default so that no other operations are required
B.
If your data centers span multiple, geographical locations, use only
the specific IP address as a static route for the specific geographical
location
C.
Set up both IPSec VPN and FastConnect to connect
your on premises data centers to Oracle Cloud Infrastructure.
D.
Use FastConnect private peering only to ensure
secure access from your data center to Oracle Cloud Infrastructure
E.
Set up a single IPSec VPN connection (rom your
data center to Oracle Cloud Infrastructure since it is cost effective
Answer
B
By copying block volume backups to another region at regular
intervals, it makes it easier for you to rebuild applications and data in the
destination region if a region-wide disaster occurs in the source region. Which
IAM Policy statement allows the VolumeAdmins group to copy volume backups
between regions?
A.
Allow group VolumeAdmins to use volumes in
tenancy
B.
Allow group VolumeAdmins to copy volume' backups
in tenancy
C.
Allow group VolumeAdmins to manage volume-family In tenancy
D.
Allow group VolumeAdmins to inspect volumes in
tenancy
Answer
C
You work for a large bank where your main application is a
payment processing gateway API. You deployed the application on Oracle
Container Engine for Kubernetes (OKE) and used API Gateway with several
policies to control the access of the API endpoint.
However, your customers are complaining about the
unavailability of the API endpoint. Upon checking, you noticed that the Gateway
URL is throwing Service Unavailable error. You need to check the backend
latency and backend responses when this error started last night.
What should you do to get this data? (Choose the best
answer.)
A.
Check with the application owner and search the
log file for the container to get the metrics from the log file.
B.
Go to Governance Menu and click on Audit to see
the Audit log for the API Gateway. Filter it using Start and End date with a
503 response status.
C.
Go to Developer Services and click on API
Gateway. Go to the detail page of the gateway and select Metrics. Change the
Start and End time to filter the metrics.
D.
Go to Monitoring and click on Service Metrics. Choose the Metric
Namespace as oci_apigateway. Change the Start and End time accordingly. Add a
Dimension and select httpStatusCode: 503. Check the backend latency and backend
responses
Answer
D
You are working as a solution architect for an online retail
store to create a portal to allow the users to pay for their groceries using
credit cards. Since the application is not fully compliant with the Payment
Card Industry Data Security Standard (PCI DSS), your company is looking to use
a third party payment service to process credit card payments. The third party
service allows a maximum of Spelunk IP addresses 5 public IP addresses at a
time However, your website is using Oracle Cloud Infrastructure (OCI) Instance
Pool Auto Scaling policy to create up to create up to 15 Instances during peak
traffic demand, which are launched In VCN private in VCN private subnets and
attached to an OCI public Load Balancer. Upon user payment, the portal connects
to the payment service over the Interne! to complete the transaction What
solution can you implement to make sure that all compute Instances can connect
to the third party system to process the payments aw peak traffic demand?
A.
Route credit card payment request from the
compute instances through the NAT Gateway. On the third-party services, whitest
the public IP associated with the NAT Gateway.
B.
Whitelist the Internet Gateway Public IP on the
third party service and route all payment requests through the Internet
Gateway.
C.
Create an OCI Command Line Interface (CLI)
script to automatically reserve public IP address for the compute instances. On
the third services, whitelist the Reserved public IP.
D.
Route payment request from the compute instances through the OCI Load
Balancer, which will then be routed to the third party service
Answer
D
Your company has recently deployed a new web application
that uses Oracle functions Your manager Instructed you to Implement major
manage your systems more effectively. You know that Oracle functions
automatically monitors functions on your behalf reports metrics through Service
Metrics. Which two metrics are collected and made available by this feature?
A.
length of time a function runs
B.
number of times a function is removed
C.
number of times a function is invoked
D.
amount of CPU used by a function
E.
number of concurrent connections
Answer
A,C
Which three scenarios are suitable for the Oracle
Infrastructure (OCI) Autonomous transaction Processing Server less (ATP-S)
deployment?
A. Well established, online auction
marketplace is running an application where there is database usage 24x7 but
also has peaks of activity that the hard to predict when the peaks happen, the
total activities may reach 3 times the normal activity level
B. A small startup is deploying a
new application fen eCommerce and it requires database to store customers'
transactions the team b of what the load will look like since it is a new
application.
C.
A midsize company is considering migrating its
legacy on premises MongoDB database to Oracle Cloud Infrastructure (OCI). The
database has significantly higher workloads on weekends than weekdays It
D. A developer working on an
Internal project needs to use a database during work hours but doesn't need
during nights or weekends. the project budget requires her to keep costs low.
E.
E.A manufacturing company is running Oracle
E-Business Suite application on premises. They are looking to move this
application to OCI and they want to use a managed database offering for their
database tier
Answer
A,B,D
You are designing the network infrastructure for two
application servers: appserver-1 and appserver-2 running in two different
subnets inside the same Virtual Cloud Network (VCN) Oracle Cloud Infrastructure
(OCI). You have a requirement where your end users will access appserver-1 from
the internet and appserver-2 from the on-premises network. The on premises
network is connected to your VCN over a FastConnect virtual circuit. How should
you design your routing configuration to meet these requirements?
A.
Configure a single routing table (Route Table-1)
that has two set of rules. One that has route to internet via the internet
Gateway and another that propagate specific routes for the on-premise network
via the Dynamic Routing Gateway. Associate the routing table with all the VCN
subnets.
B.
Configure a single routing table (Routing
Table-1) that has two set of rules: one that has route to internet via the
Internet Gateway and another that propagates specific routes for the
on-premises network via Dynamic Routing Gateway (DRG). Associate the routing
table with the VCN.
C. Configure two routing tables:
Route Table-1 that has a route to internet via the Internet gateway. Associate
this route table to the subnet containing appserver-1. Route Table-2 that
propagate specific routes for the on-premises network via the Dynamic Routing
Gateway (DRG) Associate this route table to subnet containing appserver-2.
D.
Configure two routing table (Route table-1 Route
Table-2) that have rule to route all traffic via the Dynamic Routing Gateway
(DRG) Associate the two routing tables with all the VCN Subnet.
Answer
C
As a part of migration exercise for an existing on premises
application to Oracle Cloud Infrastructure (OCT), yon ore required to transfer
a 7 TB file to OCI Object Storage. You have decided to upload functionality of
Object Storage.
Which two statements are true?
A. Active multipart upload can be
checked by listing all parts that have been uploaded, however It Is not
possible to list information for individual object part in an active multipart
upload
B.
It is possible to spill this file lnto multiple
parts using the APIs provided by Object Storage.
C.
It is possible to split this file into multiple
parts using rclone tool provided by Object Storage.
D. After initiating a multipart
upload by making a CreateMultiPartUpload RESI API Call, the upload remains
active until you explicitly commit it or abort.
E.
Contiguous numbers need to be assigned for each
part so that Object Storage constructs the object by ordering, part numbers in
ascending order
Answer
A,D
A company has an urgent requirement to migrate 300 TB of data
to Oracle Cloud Infrastructure (OCI) in two weeks. Their data center has been
recently struck by a massive hurricane and the building has been badly damaged,
although still operational. They have a 100 Mbps Internet line but the
connection is intermittent due to the damages caused to the electrical grid.
In this scenario, what is the most effective service to use
to migrate the data to OCI given the time constraints? (Choose the best
answer.)
A. Use multiple OCI Data Transfer
Appliances to transfer data to OCI.
B.
Setup an OCI Storage Gateway to connect your
data center and your VCN. Once the connection has been established, upload all
data to OCI.
C.
Setup a hybrid network by launching a 1Gbps
FastConnect virtual circuit between your data center and OCI. Use OCI Object
Storage multipart upload tool to automate migration of your data to OCI.
D.
Setup an OCI Storage Gateway to connect your
data center and your VCN. Once the connection has been established, upload all
data to OCI using OCI Storage Gateway Cloud Sync tool.
E.
Upload the data to OCI using OCI Object Storage
multipart upload tool.
Answer
A
A large financial company has a web application hosted in
their on-premises data center. They are migrating their application to Oracle
Cloud Infrastructure (OCI) and require no downtime while the migration is on
going. In order to achieve this, they have decided to divert only 30% of the
application works fine, they divert all traffic to OCI.
A.
As a solution architect working with this
customer, which suggestion should you provide them?
B. Use OCI Traffic management with
failover steering policy and distribute the traffic between OC1 and on premises
infrastructure.
C.
Use OCI Traffic management with Load Balancing
steering policy and distribute the traffic between OCI and on premises infrastructure.
D.
Use an OCI load Balancer and distribute the
traffic between OCI and on premises infrastructure. Use VPN connectivity
between on premises Infrastructure and OCI, and create routing tables to
distribute the traffic between them.
Answer
B
You are the Solution Architect that designed this Oracle
Cloud Infrastructure (OC) compartment layout for your organization: The
development team has deployed quite a few instances under 'Compute' Compartment
and the operations team needs to list the instances under the same compartment
for their testing. Both teams, development and operations are part of a group
called 'Eng-group'.
You have been looking for an option to allow the operations
team to list the instances without access any confidential information or metadata
of the resources.
Which IAM policy should you write based on these
requirements? (Choose the best answer.)
A.
Allow group Eng-group to inspect instance-family
in compartment Dev-Team:Compute and attach the policy to "SysTest Team'
Compartment.
B.
Allow group Eng-group to read instance-family in
compartment Dev-Team:Compute and attach the policy to 'Dev-Team' Compartment.
C. Allow group Eng-group to inspect
instance-family in compartment Dev-Team:Compute and attach the policy to
Engineering' Compartment.
D.
Allow group Eng-group to read instance-family in
compartment Compute and attach the policy to Engineering' Compartment.
Answer
C
A retail company runs their online shopping platform
entirely on Oracle cloud Infrastructure (OCI). This is a 3-tier web application
that Includes a Mbps Load Balancer. Virtual Machine Instances for web and an
Oracle DB Systems Virtual Machine Due to unprecedented growth, they noticed an
Increase in the Incoming traffic to their website and all users start getting
503 (Service Unavailable) errors.
What is the potential problem in this scenario?
A.
The Load Balancer health check status Indicates
critical situation for half of the backend webservers
B. All the web servers are too busy
and not able to answer any request from users.
C.
The Database Is down hence users cannot access
the web site
D.
The Traffic Management Policy is not set to load
Balancer the traffic to the web servers.
E.
You did not configure a Service Gateway to allow
connection between web servers and load Balance
Answer
B
All three Data Guard Configuration are fully supported on
Oracle Cloud infrastructure (OCI). You want to deploy a maximum availability
architecture (MAA) for database workload. Which option should you consider
while designing your Data Guard configuration to ensure best RTO and PRO without
causing any data loss?
A.
Configure "Maximum Protection" mode
which provides zero data loss If the primary database fails.
B.
Configure "Maximum Performance" mode
in SYNC mode between two availability domains (same region) which provides, the
highest level of data protection that is possible without affecting the
performance of the primary database.
C.
Configure "Maximum Scalability" mode
which provides the highest level of scalability without compromising the
availability of the primary database.
D. Configure "Maximum
Availability" mode in SYNC mode between two availability domains (same
region), and use the Maximum Availability mode in SYNC mode between two
regions.
Answer
D
Your customer recently provisioned a 1-Gbps FastConnect
connection in ap-tokyo-1 region of Oracle Cloud Infrastructure (OCI). They will
use this to connect to one Virtual Cloud Network (VCN) in their production OCI
tenancy compartment and another VCN in their development OCI tenancy.
How should you configure the connectivity between
on-premises and the two VCNs in OCI using the single FastConnect connection?
(Choose the best answer.)
A.
Provision a Dynamic Routing Gateway (DRG) and
create a private virtual circuit for the FastConnect connection. Create one
additional route table in your production VCN that includes two routes rules.
One with a destination of the on-premises network using the DRG, and a second
with a destination of the development VCN, also using the DRG.
B.
Create two private virtual circuits on the
FastConnect link. Create two Dynamic Routing Gateways, one for each VCNs.
Attach the virtual circuits to the dynamic routing gateways.
C. Create a hub-VCN that uses DRG
to communicate with the on-premises network over FastConnect. Connect the
hub-VCN to the production VCN spoke and with development VCN spoke, each peered
via their respective Local Peering Gateway (LPG).
D.
Create a single private virtual circuit over
FastConnect and attach Fastconnect to either of the VCN's DRG. Use Remote
Peering to neer production and development VCNs.
Answer
C
You work for a German company as the Lead Oracle Cloud
Infrastructure architect. You have designed a highly scalable architecture for
your company's business critical application which uses the Load Balancer
service auto which uses the Load Balancer service, autoscaling configuration
for the application servers and a 2 Node VM Oracle RAC database. During the
peak utilization period of the application yon notice that the application is
running slow and customers are complaining. This is resulting in support
tickets being created for API timeouts and negative sentiment from the customer
base.
What are two possible reasons for this application slowness?
A.
The Load Balancer doesn't have a Network
Security Group to allow traffic to the application servers.
B.
The Load Balancer configuration is not sending
traffic to the listener of the application servers.
C. Autoscaling configuration for
the application servers didn't happen due to compartment quota reach of the VM
shapes used by the application servers.
D. Autoscaling configuration for
the application servers didn't happen due to service limit reach of the VM
shapes used by the application servers.
E.
Autoscaling configuration for the application
servers didn't happen due to IAM policy that blocking access to the application
server compartment.
Answer
C,D
A telecom company has an application running in Oracle Cloud
Infrastructure (OCI) Germany Central (eu-frankfurt-1) region. They want to
configure Disaster Recovery (DR) site in the OCI UK South (uk-london-1) region.
Which is the most cost-effective option to help set up application and
persistence layers in the DR site?
A.
Application layer: configure events service rule
in eu-frankfurt-1 region to filter Health Checks event failure and route
traffic to uk-london-1 region in the event of a disaster.
Persistence layer: set up policy to schedule cross-region automated backups of
block volumes between eu-frankfurt-1 and uk-london-1 regions.
B. Application layer:configure
Traffic Management steering policy with Load Balancing policy between servers
in eu-frankfurt-1 and uk-london-1 regions.
Persistence layer: set up policy to schedule cross-region automated backups of
block volumes between eu-frankfurt-1 and uk-london-1 regions.
C.
Application layer: Set us a public laod
balancerin the eu-frankfurt-1 region. Create a backend set with instances
running in both uk-frankfurt-1 and uk-london-1 regions.
Persistence layer: Set up OCI Object Storage replication from eu-frankfurt-1
region to uk-london-1 region.
D.
Application layer:configure Traffic Management
steering policy with Failover policy between servers in eu-frankfurt-1 and
uk-london-1 regions.
Persistence layer: set up policy to schedule cross-region automated backups of
file systems in File Storage service between eu-frankfurt-1 and uk-london-1
regions.
Answer
B
An online gaming application is deployed to multiple
Availability Domains in the Oracle Cloud Infrastructure (OCI) us ashburn-1
region. Considering the high volume of traffic that the gaming application
handles, the company has hired you to ensure that the data stored by the
application is scalable, highly available, and disaster resilient. In the event
of failure, the Recovery Time Objective (RTO) and Recovery Point Objective
(RPO) must be less than 2 hours. Which Disaster Recovery strategy should be
used to achieve the RTO and RPO requirements in the event of a system failure?
A. Configure hourly block volumes
backups using the OCI Command Line Interface (CLI)
B.
Create a user defined backup policy with a
schedule of generating daily backups for block volumes.
C.
Configure hourly block volumes backups through
the OCI Storage Gateway service.
D.
Create a user defined backup policy with a
schedule of generating hourly backups for block volumes.
Answer
A
An automobile company wants to deploy their CRM application
for Oracle Database on Oracle Cloud Infrastructure (OCI) DB Systems for one of
major clients.
In compliance with the Business Continuity Program of the
client, they need to provide a Recovery Point objective (RPO) of 24 hours and
Recovery Time Objective (RTO) of 1 hour. The CRM application should be
available oven in me event that an entire on Region is down.
Which approach is the most suitable and cost-effective
configuration for this scenario?
A.
Deploy a 2 node Virtual Machine (VM) Oracle RAC
database in one region and replicate the database to a 2 node VM Oracle RAC
database in another region using a manual setup and configuration of Oracle
Data Guard,
B.
Deploy a 1 node VM Oracle database in one
region. Manual Configure a Recovery Manager (RMAN) database backup schedule to
take hourly database backups. Asynchronously copy the database backups to
object storage in another OCI region, If the primary OCI region is unavailable
launch a new 1 new VM Database in the other OCI region restore the production
database from the backup.
C.
Deploy an Autonomous Transaction Processing
(Serverless) database in one region and replicate it to an Autonomous
Transaction Processing (Serverless) database in another region Oracle
GoldenGate.
D.
Deploy a 1 node VM Oracle database in one region and replicate the
database to a 1 node VM Oracle database in another region using a manual setup
and configuration of Oracle Data Guard.
Answer
D
The development team has deployed quite a few instances
under 'Compute' Compartment and the operations team needs to list the Instances
under the same compartment for their testing. Both teams, development and
operations are part of a group called 'Eng-group' You have been looking for an
option to allow the operations team to list the instances without access any
confidential information or metadata of resources. Which IAM policy should you
write based on these requirements?
A. Allow group Eng-group to inspect
instance-family in compartment Dev-Team:Compute and attach the policy to
'Engineering' Compartment
B.
Allow group Eng-group to inspect instance-family
in compartment Dev-Team: Compute and attach the policy to 'SysTest Team'
Compartment
C.
Allow group Eng-group to read instance-family in
compartment Compute and attach the policy to 'Engineering' Compartment.
D.
Allow group Eng-group to read instance-family in
compartment Dev-Team-.Compute and attach the policy to'Dev Team'
Answer
A
Your company will soon start moving critical systems Into
Oracle Cloud Infrastructure (OCI) platform. These systems will reside in the
us-phoenix-1 and us-ashburn 1 regions. As part of the migration planning, you
are reviewing the company's existing security policies and written guidelines
for the OCI platform usage within the company. you have to work with the
company managed key.
Which two options ensure compliance with this policy?
A.
When you create a new compute instance through
OCI console, you use the default options for "configure boot volume to
speed up the process to create this compute instance.
B. When you create a new block
volume through OCI console, select Encrypt using Key Management checkbox and
use encryption keys generated and stored in OCI Key Management Service.
C.
When you create a new compute instance through
OCI console, you use the default shape to speed up the process to create this
compute instance.
D. When you create a new OCI Object
Storage bucket through OCI console, you need to choose "ENCRYPT USING
CUSTOMER-MANAGED KEYS" option.
E.
You do not need to perform any additional
actions because the OCI Block Volume service always encrypts all block volumes,
boot volumes, and volume backups at rest by using the Advanced Encryption
Standard (AES) algorithm with 256-bit encryption.
Answer
B,D
You are tasked with building a highly available, fault
tolerant web application for your current empoyer. The security team is
concerned about an increase in malicious web-based attacks across the internet
and asked what you can do to add a higher level of security to the website.
How should you architect the solution on Oracle Cloud
Infrastructure (OCI) to meet all requirements defined by your organizations?
A. Deploy at least 3 web
application servers, each in a different fault domain, using a regional private
subnet. Place a public load balancer in a regional public subnet and create a
backend set for all of the web application servers. Deploy a Web Application
Firewall (WAF) and configure the load balancer public IP address as the origin.
B.
Deploy at least 3 web application servers, each
in a different fault domain, using a regional private subnet. Place a public
load balancer in a regional public subnet and create a backend set for all of
the web application servers. Create a Geolocation steering policy in Traffic
Management and add an answer pool that directs to the public IP address of the
load balancer. Configure a global catch-all rule to use this answer pool.
C.
Deploy at least 3 web application servers, each
in a different fault domain, using a regional public subnet. Ensure that each
web application server is assigned a public IP address. Deploy a Web Application
Firewall (WAF) and configure one Origin for each public IP address.
D.
Deploy at least 3 web application servers, each
in a different fault domain, using a regional public subnet. Use the OCI
Traffic Management service to create a load balancing policy that will resolve
DNS evenly between all web servers.
Answer
A
You want to move a compute instance that is in 'Compute'
compartment to 'SysTes-Team'. You login to your Oracle Cloud Infrastructure
(OCI)account and use the 'Move Resource' option. What will happen when you
attempt moving the compute resource?
A.
The move will be successful though Compute
Instance and its Public and Private IP address will stay the same. The Compute
instance VNIC will need to be moved separately. The Compute instance will still
be associated with the original VCN.
B.
The move will fail, and you will be prompted to
move the VCN first. Once VCN is moved to the target compartment, the Compute
instance can be moved.
C.
The move will be successful though Compute
Instance Public and Private IP address changed, and it will be associated to
the VCN in target compartment.,
D. The move will be successful
though Compute instance and its Public and Private IP address will stay the
same. The Compute instance VNIC will still be associated with the original VCN.
Answer
D
Your customer has gone through a recent departmental re
structure. As part of this change, they are organizing their Oracle Cloud
Infrastructure (OC) compartment structure to align with the company's new
organizational structure. They have made the following change:
Compartment x Is moved, and its parent compartment is now
compartment c.
Policy defined in compartment A: Allow group networkadmins
to manage subnets in compartment X Policy defined in root compartment: Allow
group admins to read subnets in compartment Finance:A:X After you move the
compartment, which two IAM policies would be required to ensure both groups
retain the same permissions to compartment X that they had before? (Choose
two.)
A.
Define a policy in the root compartment as
follows: Allow group admins to manage subnets in compartment Finance:A:X
B. Define a policy in compartment
HR as follows: Allow group networkadmins to manage subnets in compartment CX.
C. Define a policy in the root
compartment as follows: Allow group admins to read subnets in compartment
HR:C:X
D.
Define a policy in compartment C as follows:
Allow group networkadmins to read subnets in compartment X
Answer
B,C
A digital marketing company is planning to host a website on
Oracle Cloud Infrastructure (OCI) and leverage OCI Container Engine for Kubernetes
(OKE). The web server will make API calls to access OCI Object Storage to store
all images uploaded by users.
For security purposes, your manager instructed you to ensure
that the credentials used by the web server to allow access not stored locally
on the compute instance.
What solution results in an Implementation with the least
effort for this scenario?
A. Configure the credentials using
Instance Principal to allow the web server to make API calls to OCI Object
Storage
B.
Configure the credentials using OCI Registry
(OC1R) which will automatically connect with OKE allowing the web server to
make API calls to OCI Object Storage.
C.
Configure the credentials to use Transparent
Data Encryption (TDE) which will automatically allow the web server to make API
calls to OCI Object Storage.
D.
Configure the credentials using OCI Key
Management to allow an instance to make API calls and grant access to OCI
Object Storage.
Answer
A
Your team is conducting a root analysis (RCA) following a
recent, unplanned outage. One of the block volumes attached to your production
WebLogic server was deleted and you have tasked with identifying the source of
the action. You search the Audit logs and find several Delete actions that
occurred in the previous 24 hours. Given the sample of this event.
Which item from the event log helps you identify the
individual or service that initiated the DeleteVolume API call?
A.
requestAgent
B.
eventsource
C. principalld
D.
requestOrigin
E.
eventid
Answer
C
An organization has its mission critical application
consisting of multiple application servers and databases running inside Virtual
Cloud Network (VCN) in uk-london-1 region. Their solution architect wants to
further strengthen their architecture by planning for Disaster Recovery (DR) in
eu-frankfurt-1
region. Which two solutions should their architect keep in
mind while designing for DR?
A. A remote VCN peering connection
is required to establish secure and reliable connectivity between different
VCNs created in uk-london-1 and eu-frankfurt-1 region.
B.
rsync utility can be used to asynchronously copy
file systems or snapshot data to another region.
C. Load balancer will automatically
distribute traffic between both the regions.
D.
The RTO is the acceptable timeframe of lost data
that application can tolerate.
E.
It is not possible to use Active Data Guard to
synchronize a database in uk-london-1 region to equivalent database in
eu-frankfurt-1 region.
Answer
A,C
You are designing the network infrastructure for two
application servers: appserver-1 and appserver-2 running in two different
subnets inside the same Virtual Cloud Network (VCN) Oracle Cloud Infrastructure
(OCI). You have a requirement where your end users will access appserver-1 from
the internet and appserver-2 from the on-premises network. The on-premises
network is connected to your VCN over a FastConnect virtual circuit.
How should you design your routing configuration to meet
these requirements?
A.
Configure a single routing table (Route Table-1)
that has two set of rules. One that has route to internet via the internet
Gateway and another that propagate specific routes for the on-premise network
via the Dynamic Routing Gateway. Associate the routing table with all the VCN
subnets.
B.
Configure a single routing table (Routing
Table-1) that has two set of rules: one that has route to internet via the
internet Gateway and another that propagates specific routes for the
on-premises network via Dynamic Routing Gateway (DRG). Associate the routing
table with the VCN.
C. Configure two routing tables:
Route Table-1 that has a route to internet via the Internet gateway. Associate
this route table to the subnet containing appserver-1. Route Table-2 that
propagate specific routes for the on-premises network via the Dynamic Routing
Gateway (DRG) Associate this route table to subnet containing appserver-2.
D.
Configure two routing table (Route table-1 Route
Table-2) that have rule to route all traffic via the Dynamic Routing Gateway
(Dr) Asciate the iso routing tables with all the VCN subnets
Answer
C
You are working for a Travel company and your travel portal
application is a collection of microservices that run on Oracle Cloud
Infrastructure Container Engine for Kubernetes. As per the recent security
overview, you have noticed that Oracle has published a newer image of the
Operating System used by the worker nodes. You want to make sure that your
application doesn't face any downtime but at the same time the worker nodes
gets upgraded to the latest version of the Operating System.
What should you do to get this upgrade done without
application downtime? (Choose the best answer.)
A.
Shutdown the worker nodes 2. Create a new node
pool 3. Manually schedule the pods on the newly built node pool
B.
Create a new node pool using the latest
available Operating System image. 2. Run kubecti cordon <node name>
against all the worker nodes in the old pool to stop any new application pods
to get scheduled 3. Run kubecti drain <node name> -
-delete-local-data-force-ignore-daemonsets to evict any Pods that are running
4. Delete the old node pool
C.
Create a new node pool using the latest
available Operating System image 2. Run kubecti taint nodes-all node role
kubernetes.io/master-3. Delete the old node pool
D. Run kubectl cordon <node
name> against all the worker nodes in the old pool to stop any new
application pods to get scheduled 2. Run kubecti drain <node name>
-delete-local-data-force -ignore-daemonsets to evict any Pods that are running
3. Download the patches for the new Operating System image 4. Patch the worker
nodes to the latest Operating System image
Answer
D
You are developing a Serverless function for your company's
loT project. This function should access Oracle Cloud Infrastructure (OC) Object
Storage to store some files. You choose Oracle Functions to deploy this
function on OCI. However, your security team doesn't allow you to carry any API
Token or RSA Key to authenticate the function against the OCI API to access the
Object Storage.
Add these two policy statements for your compartment and
then include is call to a resource principal provider in your function code:
Allow group-tuniotion-velopers to inspect repos in tenancy Allow grep functione
wwwimpers to anape caps in senancy where all
Your company developed a function that needs to access the
Oracle Database to inject some data to it at runtime. You are tasked to move
this function to the Oracle Cloud Infrastructure (OCI) and use Oracle Functions
and access Oracle Autonomous Database. You created a Dockerfile below to run
this function, however, you are getting this error
"cx_Oracle.DatabaseError: ORA-12560: TNS:protocol adapter error".
What should you do to make sure that Oracle Functions can
run this Dockerfile properly? (Choose the best answer.)
A.
Add these two lines to your Dockerfile: groupadd-gid 1000 fn
&&\ adduser-uid 1000 -gid fn fn
B.
Use-privileged flag while running the Docker
container to add runtime privilege
C.
Use-cap-add-ALL flag while running the Docker
container to add runtime capability
D.
You need to run this Container as root, so add
this line: USER root
Answer
A
You work for a retail company, and they developed a
Microservices based shopping application that needs to access Oracle Autonomous
Database from the application. As an Architect, you have been tasked to treat
all of the application components as Kubernetes native objects, such as the
Microservices, Oracle Autonomous database, Kubernetes services, etc.
What should you do to make sure that you can use Kubernetes
constructs to manage the life cycle of the application components, including
Oracle Autonomous Database?
A.
Create an Oracle Cloud Infrastructure (OCI)
Service Gateway and connect to the Oracle Autonomous Database using the private
IP address from the microservice.
B.
Provision an Oracle Autonomous Database and then
use OCI Service Broker to access the database as a native component to your
Kubernetes cluster.
C.
Create a service from the Kubernetes cluster and
point to the Oracle Autonomous Database using its FQDN.
D. Install and secure the OCI
Service Broker for Kubernetes. Then provision and bind to the required Oracle
Cloud Infrastructure services.
Answer
D
You are working as a solution architect for an online retail
store to create a portal to allow the users to pay for their groceries using
credit cards. Since the application is not fully compliant with the Payment
Card Industry Data Security Standard (PCI DSS), your company is looking to use
a third-party payment service to process credit card payments.
The third-party service allows a maximum of Spelunk IP
addresses 5 public IP addresses at a time However, your website is using Oracle
Cloud Infrastructure (OCI) Instance Pool Auto Scaling policy to create up to
create up to 15 Instances during peak traffic demand, which are launched in VCN
private in VCN private subnets and attached to an OCI public Load Balancer.
Upon user payment, the portal connects to the payment service over the Internel
to complete the transaction.
A.
What solution can you implement to make sure
that all compute Instances can connect to the third-party system to process the
payments aw peak traffic demand?
B.
Route credit card payment request from the
compute instances through the NAT Gateway. On the third-party services, whitest
the public IP associated with the NAT Gateway.
C.
Whitelist the Internet Gateway Public IP on the
third-party service and route all payment requests through the Internet
Gateway.
D.
Create an OCI Command Line Interface (CLI)
script to automatically reserve public IP address for the compute instances. On
the third services, whitelist the Reserved public IP.
E. Route payment request from the
compute instances through the OCI Load Balancer, which will then be routed to
the third-party service
Answer
E
Your customer recently ordered for a 1-Gbps Fast Connect
connection In ap-tokyo-1 region of Oracle Cloud Infrastructure (OCI). They will
us this to one Virtual cloud Network (VCN) in their production (OCI) tenancy
and VCN In their development OCI tenancy As a Solution Architect.
how should you configure and architect the connectivity
between on premises and VCNs In OCI?
A.
Create two private virtual circuits on the
FastConnect link. Create two Dynamic Routing Gateways, one for each VCNS.
B.
Attach the virtual circuits to the dynamic
routing gateways. You cannot achieve connectivity using single FastConnect link
as the production and the development VCNS-are in separate tenancies. Request
one more FastConnect connection.
C.
Create a single private virtual circuit over
FastConnect and attach fastConnect to either of the VCN's Dynamic Routing
Gateway. Use Remote Peering to peer production and development VCNs.
D. Create a hub-VCN that uses
Dynamic Routing Gateway (DRG) to communicate with on-premises network over
FastConnect. Connect the hub-VCN to the production VCN spoke and with
development VCN spoke, each peered via their respective local Peering Gateway
(LPG)
Answer
D
You are working as a solution architect with a global
automotive provider who is looking to create a multi-cloud solution. They want
to run their application tier in Microsoft Azure while utilizing the Oracle DB
Systems In the Oracle Cloud Infrastructure (OCI).
What is the most fault tolerant and secure solution for this
customer?
A.
Create an Oracle database in OCI Virtual Cloud
Network (VCN) and connect to the application tier running In Microsoft Azure
over the Internet.
B. Create a FastConnect virtual
circuit and choose Microsoft Azure from the list of providers available to
setup Network connectivity between application tier running in Microsoft Azure
Virtual Network and Oracle Databases running In OCI Virtual Cloud (VCN)
C.
Use OCI Virtual Cloud Network remote peering
connection to create connectivity among application tier running Microsoft
Azure Virtual Network and Oracle Databases running in OCI Virtual Cloud
Network(VCN).
D.
Create a VPN connection between the application
tie, running in Azure Virtual Network and Oracle Databases running In OCI
Virtual Cloud Network
Answer
B
You work for a large bank where security and compliance are
critical. As part of the security overview meeting, your company decided to
minimize the installation of local tools on your laptop. You have been running
Ansible and kubectl to spin up Oracle Container Engine for Kubernetes (OKE)
clusters and deployed your application.
For authentication, you are using an Oracle Cloud
Infrastructure (OCI) CLI config file that contains OCIDs, Fingerprint, and a
locally stored PEM file. Your security team doesn't want you to store any local
API key and certificate, or any other local tools.
Which two actions should you perform to spin up the OKE
cluster and interact with it? (Choose two.)
A.
Create a developer workstation on OCI. Install
Ansible and kubectl on it. Use resource principal to authenticate against OCI
API and create the OKE Cluster.
B.
Develop your own code using OCI SDK to deploy
the OKE cluster.
C. Work on OCI Cloud Shell to use
built-in Ansible and kubectl to deploy the OKE cluster. Use OC
CLI_AUTH=instance_obo_userenvironment variable to authenticate using built-in
token.
D.
Work on OCI Cloud Shell to use built-in Ansible
and kubectl to deploy the OKE cluster. Bring in your own config file
certificate to authenticate against OCI API.
E. Create a developer workstation
on OCI. Install Ansible and kubectl on it. Use instance principal to
authenticate against OCI API and create the OKE Cluster.
Answer
C,E
You are creating a compute instance using Oracle Cloud
Infrastructure (OCI) Console. You decide to use
Oracle provided image for the compute instance launch. Which
option is TRUE when using Oracle provided images?
A.
On Windows images, custom user data scripts are
executed using cloud-init to perform various tasks such as enabling GPU
support.
B.
Oracle provided images do not support the
ability to supply a custom metadata during instance launch.
C. For a Linux based image, access
to host over the internet is permitted only via SSH protocol and all other
remote access is disabled.
D.
If you choose a non-Windows image, the only way
to download and update packages is by running apt or yum commands.
Answer
C
You have an Oracle database system in a virtual cloud
network (VCN) that needs to be accessible on port 1521 from your on-premises
network CIDR
172.17.0.0/24.
You have the following configuration currently:
Virtual cloud network (VCN) is associated with a Dynamic
Routing Gateway (DRG), and DRG has an active IPSec connection with your
on-premises data center.
Oracle database system is hosted in a private subnet.
The private subnet route table has following configuration.
However, you are still unable to connect to the Oracle
Database system. Which action will resolve this issue? (Choose the best answer)
Add an EGRESS rule in private subnet security list as
following
After performing maintenance on an Oracle Linux compute
instance, the system is returned to a running state You attempt to connect
using SSH but are unable to do so. You decide to create an instance console
connection to troubleshoot the issue.
Which three tasks would enable you to connect to the console
connection and begin troubleshooting?
A.
Use SSH to connect to the public: IP address of
the compute Instance and provide the console connection OCID as the username.
B. Edit the Linux boot menu to
enable access to console.
C. Use SSH to connect to the service
endpoint of the console connection service
D. Reboot the compute instance
using the Oracle Cloud Infrastructure (OCI) Management Console
E.
Upload an API signing key for console connection
authentication.
F.
Stop the compute Instance using the Oracle cloud
Infrastructure (OCI) Command Line interface (CLI).
Answer
B,C,D
You are using the Oracle Cloud Infrastructure (OCI) OS
Management service to manage updates and patches for the Oracle Linux 8
environments on your compute instances in OCI. You have verified that the OS
Management Service Agent (osms-agent) is installed and running properly in the
instances.
One of the compute instances is not getting the updates from
OS Management Service. You use the following command to validate that your
instance cannot reach the OS Management Ingestion service by running curl
https://ingestion.osms.
<region>.oci.oraclecloud.com/
Which Is NOT a possible reason for this issue?
A.
The instance Is in a private subnet with a NAT
gateway.
B.
The instance is in a private subnet with a private endpoint with
security rules configured to access the OS Management ingestion service
C.
The instance is in a private subnet with a
service gateway that uses the All <region> Services in Oracle Services
Network CIDR label.
D.
The Instance is in a public subnet with an Internet
gateway.
Answer
B
You developed a microservices based application that runs on
Oracle Cloud Infrastructure (OCI) Container Engine for
Kubernetes (OKE). Your security team wants to use SSL
termination for this application. What should you do to create a secure SSL
termination for this application using fewest steps?
A.
Create a self-signed certificate and it's
corresponding key. Create a Kubernetes secret using the certificate and the
key. Then add these annotations to the Kubernetes service:
annotations:
service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443"
service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode:"Frontend"
B.
Generate a self-signed certificate using Let's
Encrypt. Use that certificate on OCI Load Balancer. Create the Kubernetes
service using this load balancer.
C.
Add these annotations to the Kubernetes service:
annotations:
service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443"
service.beta.kubernetes.io/oci-load-balancer-ssl-secret-key: ssl-secret-key
D. Create a self-signed certificate
and it's corresponding key. Create a Kubernetes secret using the certificate
and the key, then add these annotations to the Kubernetes service.
Service.beta.kubernete.io/oci-load-balancer-ssl-ports:
"443"
Service.bet kute netes.io/o-load-ha ancer-tls-secret: SSL-CERTIFICATE-SECRET
Answer
D
You developed a microservices based application that runs on
Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE). It has
multiple endpoints that needs to be exposed to the public internet. What is the
most cost-effective way to expose multiple application endpoints without adding
complexity to the application?
A.
Use cluster1P service type in Kubernetes for
each of your service endpoint and use a load balancer to expose the endpoints.
B.
Use separate load balancer instance for each
service but use the 100 Mbps load balancer option.
C. Deploy an Ingress controller and
use it to expose each endpoint with its own routing endpoint.
D.
Use NodePort service type in Kubernetes for each
of your service endpoint and use node's public IP address to access the
applications.
Answer
C
I hope it's helpful for you. If you have any queries, don't hesitate to contact me.
0 comments:
Post a Comment
If you have any doubts, please let me know. I will help you.