Pass Exam Now Chanakya “The King of IT Certifications” Oracle 120-932 Oracle Cloud Infrastructure 2018 Architect Associate Ver 19.03.01 Q&A 158 ITChanakya@hotmail.com www.dump4pass.comQUESTION 1 ‘Which two parameters are required in a back end set's HTTP health check? (Choose two.) response body URL path timeout port status code moog» Correct Answer: AC “ QUESTION 2 Which two are true for achieving High Availabilty on Oracle Cloud Infrastructure? (Choose two.) ACStore your database across multiple regions so that half ofthe data resides in one region and the other half resides in another region. 8 “Attach your black volume form Availability Domain 1 to-a compute instance in Availabilty Domain 2 (and vice versa) so that they are highly available, ©S-Configure your database to have Data Guard in another Availability Domain in Sync mode within a region. Store your database files on Object Storage so that they are availble in all Avaablty Domains inal regions. o& —E Distribute your application servers across all Availabilty Domains within a region, Correct Answer: BE 6% ~QUESTION 3 Which two configuration formats does Terraform support? (Choose two.) A. YAML 8. JSON c. HCL D. XML Correct Answer: BC UESTION 4 JAt the end of 2 terraform apply operation, what is the default output? A. nothing by defautt B. statistics about what was added, changed, and destroyed C. the entire state file D. statistics about what was added, changed, and destroyed, and the values of outputs Correct Answer: D QUESTION 8 You have created a public subnet in a VCN, and your public subnet has a Route Table, a Security List, and an Internet Gateway. However, none of the compute instances can connect to the Internet Which two are possible reasons for the connectivity issue? (Choose two.) @ A. There is no Dynamic Routing Gateway (ORG) associated with the VON.5. The Route Table has no default route for routing traffic to the Intemet Gateway ~ CC. There is no stateful ingress rule in the Security List associated withthe public subnet There is no stateful egress rule in the Security List associated with the public subnet. Corrct Answar: 8c: QUESTION 6 ‘You want an instance in your compartment to make API calls to other services within Oracle Cloud Infrastructure without storing credentials in a configuration fie. ‘What do you need to do?- (No action is required. By default, all VM instances are created with an Instance Principal.” 'B, Instances cannot access services outside their compartment7> . VM instances are treated as users. Create a user and assign the user to that VM instance. D. Create appropriate matching rules in the Dynamic Group to create an Instance Principal Correct Answer: AY ‘QUESTION 7 Which three must be configured for a load balancer to accept incoming traffic? (Choose two.) A. allistener ~ a back-end server aback end set ~ ‘a security list that is open on a listener port-~ acertfcate moog Correct Answer: ADE A“? QUESTION 8 Which two statements are true about Oracle Cloud Infrastructure Compute Service? (Choose two.) ‘A. You can launch a virtual or bare metal instance by using the same Launchinstance API.—~ B. You cannot launch a bare metal server in Oracle Cloud Infrastructure Compute Service.» C. You can attach a block volume in an Availability Domain other than your compute instance. D. You can share custom images across tenancies and regions.\~ Correct Answer: AD QUESTION 9 Which five are the required parameters to launch an instance in Oracle Cloud Infrastructure? (Choose five) A, subnet B, Availabilty Domain C. Virtual Cloud Network D. host namey E. instance shape FF. image operating system G. private IP address? Correct Answer: ABCEF”QUESTION 10 Which ONS resource record type is used to point a host name to an IPv4 address? ‘A. ALIAS BAY ©. CNAME D. AAAA Correct Answer: 8 / UESTION 11 ich three can you achieve by using Terraform? (Choose three.) A. Create resources in the right order without regard to the order in the terraform plan fll B. Automatically re-provision the resources that are tainted or whose configuration has changed, CC. Automatically translate a deployed infrastructure and create a plan. , Automatically destroy all the resources that are in tenancy, E. Continuously maintain the configuration files in an instance. Correct Answer: ABD QUESTION 12 ‘Your application front end consists of several Oracle Cloud Infrastructure compute instances behind a load balancer. You have configured the load balancer to perform health checks on these instances, If an instance fails to pass the configured health checks, what will happen? ‘A. The instance is replaced automatically by the load balancer. B. The instance is terminated automatically by the load balancer. C. The instance is taken out of the back end set by the load balancer, D. The load balancer stops sending trafic to that instance. ‘Correct Answer: D- ~~ QUESTION 13, Which statement is true about cloning a volume? ‘A. You need to detach a volume before cloning from it B, A cloned volume is the same as a snapshot that has a dependency on the source volume ‘You cannot change the block volume size when cloning a volume. D. You can create a clone for a volume across regions ‘Correct Answer: cw QUESTION 14 Which scaling option does Database Cloud Service (DBCS) on Bare Metal Shape offer? ‘A, network bandwidth cpu C. storage D. memory Correct Answer: a 7QUESTION 15, ‘Which statement is true about Oracle Cloud Identifiers (OCID)? ‘A. mytenancy.oc.ccid is a valid OCID.¥ B- If you delete a user, and them create a new user with the same name, the user will be considered a ‘different user because of different OCIDs. C. Users can customize OCIDs for all the resources in their compartments. . Ifyou delete a user, and then create a new user with the same name, the new user will be assigned the exact same OCIDs as the system remembers. Correct Answer: 8“ QUESTION 16 Which three types of credentials are used to manage Oracle Cloud Infrastructure Identity and Access Management (IAM)? (Choose three.) Windows Password [APL Signing Key Swift Password SSH Key Console Password moom> Correct Answer: BCE” QUESTION 17 Which two are true for Oracle Cloud Infrastructure DNS? (Choose two.) > itcan function only as a primary DNS. 8. It supports other cloud providers such as AWS and Azure C. It supports segregation of trafic by using the private pool.“ D. It does not provide DDoS protections. Correct Answer: BC QUESTION 18 Which service is NOT supported by Oracle Cloud Infrastructure CLI? A. load balancer 8. compute . database D. block volumes Correct Answer: D QUESTION 19 In-which language are Terraform and Terraform providers written? A. Python B. Go cc D. RubyCorrect Answer: 8 QUESTION 20 ./ Given: When creating multiple subnets within a Virtual Cloud Network (VCN), security lists are often made to ‘group common services, for example, SSH and ROP (remote access), 80 and 443 (HTTP), and s0 on. By default, what is the maximum number of security lists that can be associated with a subnet upon creation? Va pom» Correct Answer: C 4 1, QUESTION 21 “Why are two subnets required to create a public load balancer when additional subnets are often used for back-end servers? (Choose two.) ‘A. Routing is simpler when the load balancer is not in the same subnet as the back-end server. B. Performance is higher when more subnets are used C. Additional subnets for back-end servers allow for separate route tables for these servers. D. Adgitional subnets for back-end servers allow for separate security lists for these servers, canwetanewar(@) QUESTION 22 Which cerifcate format is used with the load balancer? A. PEK 8. PEM c. PKcS12, D. cRT Correct Answer: 8 ~~ QUESTION 23, A new employee has just started working for your company. You create an Oracle Cloud Infrastructure user account for this employee, following which they are able to log in, but stil cannot create any resources, ‘What should you do to resolve this? ‘A. Send the employee API Signing Keys to log in. B. Delete the account and create another one. C. Make sure that the employee is logging in to the Oracle Cloud Infrastructure account from your corporate cw ol 2 aoa employee to group wth plies to grant acces to relevant resources Correct Answer: @) QUESTION 24 ‘Which two statements are true about subnets within a VN? (Choose two.) ‘A. You can have muttiple subnets in an Availabilty Domain for a given VONB. Private and Public subnets cannot reside in the same Availabilty Domain for a given VCN. ©. Subnets can have their IP addresses overlap with other subnets in another network for a given VCNX< D, Instances obtain their private IP and the associated security lst from their subnets. — Correct Answer: 4D QUESTION 25, Which resource is required when connecting to your on-premise network from your Virtual Cloud Network (VCN) via IPSec VPN or FastConnect? A. Internet Gateway (GW) B. Dynamic Routing Gateway (DRG) ~~ C. local peering gateway D. NAT Correct Answer: 8 ~ QUESTION 26 ‘Which two resources are availability domain constructs? (Choose two.) A. VCN Groups Block Volume ‘Compute Instance’ Object Storage moom Correct Answer: CD a QUESTION 27 What is the default backup location for database backup on Database Cloud Service (DBCS)? A. Object Storage on Oracle Cloud Infrastructure —~ B. ASM diskgroup . block volume D. locally attached NVMe on Virtual Machine Correct Answer: A“ cussnova/ A wv B \Which statement i true about restoring a block volume from block volume backups? It can be restored as new volumes to any Availabilty Domain within the same region A @© (B) Wemust be restored as new volumes to the same Availablity Domain on which the original block volume ~ backup resides. ©. It can be restored as new volumes to any Availability Domain across different regions. < D. It can be restored as new volumes with different sizes from the backups. Correct Answer: & 7% ipusstion 29 ich three are valid Terraform configuration components? (Choose three.) A. variableB. region C. metadata D. instance E, resource F, data source Correct Answer: AEF QUESTION 30 Which three components can you configure in Oracle Infrastructure Identity and Access Management? (Choose three.) A. Groups ~ Users 7 Instances Policies \VCNs moo Correct Answer: ABD QUESTION 31 ‘Which two are NOT an image source when launching a new compute instance? (Choose two.) A. boot volume B. custom image C. Object Storage D. bare metal instance Correct Answer: AC QUESTION 32 Where is the tenancy Oracle Cloud Identifier (OCID) located? given by support on account creation at the bottom of every console page ‘on the Identity — Users page contained within the compartment OCID pom Bova A Correct Answer: 8 ~ QUESTION33 ‘ich wo feturesafe offered naively on Oracle Cloud Infrastructure Database Cloud Service (OBCS)? 1008e two.) © 8. Data Guard in Asyne mode within a region B. GoldenGate replication between two regions . Data Guard in Maximum Protection mode X Fd. backup to Object Storage Correct Answer: 60 *? QUESTION 34 “What happens when you run terraform plan?A. It configures, reconfigures, and instantiates resources and their dependencies. B. It shows the operator the course of action that would be taken if a change is applied. . It deletes all existing resources and re-creates them. D. It shows a dependency graph Correct Answer: B QUESTION 35 When creating a subnet, one or more placeholder security lists are often associated with the subnet. Why? ‘A. Each operator needs its own security list. 8. Each protocol needs its own security list CC. Each network endpoint or instance inthe subnet needs its own security lst‘ D. itis not possible to add or remove security lists after a subnet is created. Correct Answer: C-/ QUESTION 36 ‘When terminating a compute instance, you want to preserve the boot volume and its data. Which step will you need to perform? ‘A. You cannot preserve the boot volume; it will always be deleted when you terminate the instance. B. Reboot the instance first, and then terminate the instance. . Disable the default option to delete the boot volume when terminating an instance. ~ D. Before terminating the instance, you must detach the boot volume, Correct Answer: ¢ ~ QUESTION 37 An instance is launched with a primary VNIC that is created during instance launch Which two operations are true when you add secondary VNICs to an existing instance? (Choose two.) ‘A. You can remove the primary VNIC after the secondary VNIC's attachment is complete. X B. You can remove the secondary VNIC later ifit is not needed. ~ C. The primary and secondary VNIC association should be within the same Availability Domain. ~~ D. Itis not possible to connect two VNICs to an instance. CH Correct Answer < QUESTION 38 which does NOT set a variable in Terraform? ‘A. Passing the variable with a var statement to Terraform B. Setting the variable as key value pairs in a file in a subdirectory named tfvar C. A default value in the variable declaration within a TF plan file D. Setting the environment variable using a TF_VAR_ predicate in front ofthe variable name Correct Answer: A QUESTION 39 ‘Which two are required to create an IPSec VPN connection? (Choose two.)security list static route CIDR: name ‘compute instance gob> Correct Answer: AB“ QUESTION 40 When deploying a highly available, Internet-facing, 2-tier web application on Oracle Cloud Infrastructure (OCI), which design option would you use? ‘A. Deploy all web servers into one Availability Domain and behind a public load balancer, and deploy two single-node OCI database systems in the same Availabilty Domain with Data Guard enabled-¥_ Deploy all web servers into multiple Availability Domains and behind a public load balancer, and deploy two single-node OCI database systems across two Availablity Domains with Data Guard enabled C. Deploy all web servers into multiple Availabilty Domains and behind a private load balancer, and deploy ‘wo single-node OCI database systems across two Availabilty Domains with Data Guard enabled. D. Deploy all web servers into one Availabilty Domain, and deploy a single-nade OCI database system into a different Availability Domain, Correct Answer: 8 7 QUESTION 41 Which two identity providers can your administrator federate with Oracle Cloud Infrastructure? (Choose two.) A. Microsoft Active Directory < . Oracle Identity Cloud Services C. AWS Directory Services . Google Directory Federation Services a Correct Answer: A\ ‘QUESTION 42 What is the maximum IP address size range that you can have in a Virtual Cloud Network? A116 8. 126 ©. 124 D. 8 Correct Answer: A QUESTION 43 Which two tools would you use to manage Database Cloud Service (D8CS)? (Choose two.) A. psal B. Oracle Swingbench ©. SQL Developer D. Oracle Enterprise Manager ~~ Correct Answer: CD QUESTION 44‘A.customer wants to do development on premise while leveraging services such as Java Cloud, Mobile Developer Cloud, and App Builder Services. The customer would also lke to scale out the application, stretching from on-premises to the cloud by using a common API. Which two Infrastructure options can the customer leverage to do this? (Choose two.) > Oracle Cloud at Customer ~ B. Oracle Cloud Infrastructure Classic ©. Oracle Cloud Ravello service D. Oracle Cloud Infrastructure “ Correct Answer: AD ~ QUESTION 45, ‘Which statement is true about a pre-authenticated request in Oracle Cloud infrastructure Object Storage? ‘You can create only 1, 000 pre-authenticated requests per bucket. ~ ‘You can create a pre-authenticated request only for public buckets.” You cannot retire a pre-authenticated request before it expires. You cannot extend the expiration date on a pre-authenticated request. pom> Correct Answer: DU“ QUESTION 46 Which statement is true about Oracle Cloud Infrastructure Object Storage Service? ‘A. An Archive Object Storage tier bucket can be upgraded to the Standard Object Storage tier. 2 You cannot directly download an object from an Archive Object Storage bucket ©. An existing Standard Object Storage tier bucket can be downgraded to the Archive Object Storage tier. D. Data retrieval in Archive Object Storage is instantaneous. Correct Answer: & B QUESTION 47) For a compute instance that is launched in a private subnet in a Virtual Cloud Network (VCN), which action needs to be performed to connect to the Internet, assuming that the required security lst is properly set up? A. Assign a Public IP address to the compute instance. Create and configure Network Address Translation (NAT) in a public subnet and route all traffic to it, . There is no way for an instance in a private subnet to connect to the Internet D. Create a defauit route entry in the route table to forward all traffic tothe Internet gateway. Correct Answer:6) QUESTION 48 Which two are valid options when migrating a database from on-premise to Oracle Cloud Infrastructure? (Choose two.) ‘A. snapping or cloning storage form on-premise to Oracle Cloud Infrastructure (AP: performing a backup to Oracle Cloud Infrastructure Object Storage, and then restoring to a database Server on Oracle Cloud infrastructure @&. performing RMAN backup to an on-premise storage device, and then shipping to Oracle Cloud Infrastructure D. converting the Oracle database to a NoSQL database and migrating to Oracle Cloud Infrastructure byusing rayne fle copy Correct Answor:as OY QUESTION 49 ‘You are responsible for setting up access for al the cloud users of a large enterprise. You log in to the Phoenix region and start creating users and policies. You then realize that some users might be creating resources in the Ashburn region. Which step should you perform to enable those users? ‘A, You can assign a region to each of the users at the time of creation, B. IAM users are global and non-admin users can add resources to any region by default. C. You need to lag in to each region separately to create users for that particular region. D: IAM users are global. As an administrator, make sure that you subscribe to the Ashburn region. Correct Answer: D 7 QUESTION 50 ‘Your company has decided to move a few applications to Oracle Cloud and you have been asked to design it for both High Availability (HA) and Disaster Recovery (OR), ‘Which two should you consider while designing your Oracle Cloud Infrastructure architecture? (Choose two.) Region @. Instance Shape C. Compartments . Availabilty Domain Conect Answer: AD” QUESTION 51 ‘Which three are capabilities of the dbaascliutlity? (Choose three.) ‘A. Patching the primary database deployment B. Open port 1524 in the VCN to allow for traffic to the listener C. Start and open the database instance . Switchover and fallover in an Oracle Guard configuration E, Clone a DB. Correct Answer: ADE / QUESTION 52 \/~ You have ane database-style application that frequently makes many random reads and writes across the dataset. Which storage offering supports this application? ‘A. Object Storage Service B. Archive Storage Service C. File Storage Service D. Block Storage Service Correct Answer: DQUESTION 53, You create a public Load Balancer instance and configure a back end set "BES1" with one back end server running a service on port 80. You also create a listener on port 80 and configure that listener to use the back ‘end set “BES1". A client makes one HTTP request to the Load Balancer with the correct protocol and port. How many connections does the Load Balancer maintain? Correct Answer: 8 QUESTION 54 Which three actions are required to configure a highly available and secure hybrid network between Oracle Cloud and your data center? (Choose three.) ‘A, Define a non-overlapping IP Address Space between the data center and the cloud’ B. Configure each of the CPEs to leverage each of the IPSec Tunnels created by the connection process. ©. Greate two or more CPEs that map to the private IP addresses of the customer routers used in the IPSec VPN Tunnel.“ D. Define a default route table entry for the VCN that directs all traffic to the data center network to a single DRG. 7 E. Create dynamic routing gateways in more than one AD within your region Correct Answer: CO / QUESTION 55 Which tool can automatically install Oracle Cloud Infrastructure CLI? A. Python“ 8. RPM c. APT D. PIP Correct Answer: A“ QUESTION 56 Which two statements are true about the Oracle Cloud Infrastructure Object Storage Service? (Choose two.) It provides higher IOPS than Block Storage. % It can be directly attached or detached from a compute instance * Data is stored redundantly only in one Availability Domain Data is stored redundantly across multiple storage servers across multiple Availability Domains. — It provides strong consistency. ~ moogp Correct Answer: DE ~ QUESTION 57 ‘What does Terraform use to create, manage, and manipulate infrastructure resources? A. resourcesB. provisioner C. instances D. provider Correct Answer: D QUESTION 58 Which deployment architecture is offered when you deploy the Platform Service Manager based Database Cloud Service (DBCS) onto Oracle Cloud Infrastructure? ‘A. Two node Primary RAC database leveraging ACFS for the shared fle system B. Single Instance database with a Single Instance Data Guard in Maximum Performance made . Single Instance database with a Single Instance Data Guard in Maximum Protection mode D. Two node Primary RAC database witha two node RAC Data Guard Standby in Maximum Performance mod Correct Answer: D ov QUESTION59 Which three load-balancing policies can be used with a back end set? (Choose three.) ‘A. Throughput 8. IP Hash 7 ©. Weighted Round Robi” D. CPU Utilization . Least Connections / Correct Answer: BCE Ss QUESTION 60 You are in the process of setting up a highly available student registration website on Oracle Cloud Infrastructure (OCI). You use a load balancer and a database service on OCI. You launch two compute instances each in a diferent subnet and add them to the back end set of a public load balancer. The load balancer is configured correctly and working. You then deploy the student registration application on these two compute instances. The appiication can communicate with the database service. However, when you type the URL of this student registration application in your browser, no web page appears. ‘What could be the cause? 20 The security ists of the subnets on which the two instances are located do net have “allow rues for port 80 and 443, 8. The load balancer performed a health check on the application and found that compute instances were not in aheaithy state and terminated the instances, C. The client requested https access to the application and the load balancer service does not support end-to- fend SSL from the client ‘o the listener tothe back-end set, D. The Dynamic Routing Gateway is preventing the cient traffic from your data center network from reaching the public IP of the load balancer. J Correct Answer: A QUESTION 61 Which two will occur when a back-end server that is registered with a back end set is marked to drain connections? (Choose two.)AA, Itcisallows new connections to that back-end server. ~ B, It keeps the connections to that instance open and attempts to complete any in-flight requests. C. Itredrects the requests to a user-defined error page. D. Itimmediatey closes all existing connections to that instance“ E. It forcibly closes all connections to that instance after a timeout period. Correct Answer: AD —~ QUESTION 62 You have a shared file system between two web servers using File Storage Service (FSS) and you were tasked to create a backup plan for this environment to protect the data placed into the shared fle system. What is the recommended approach to create this backup using FSS features? _A. Implement a backup policy to execute a snapshot of the shared volume, B. Implement a backup policy to copy data from the shared volume to object storage C. Compress the data that isin the shared volume and copy it into a different folder on the boot volume disk. D. Use the rsync tool to send data from the shared volume to a boot volume disk. . Use the rsync tool to send data from the shared volume to a block volume. Correct Answer: A QUESTION 63 ‘Which storage would you use if your big data workload requires shared access and an NFS based interface? A. File Storage” ‘Storage Software Cloud Appliance Object Storage Archive Storage Block Volume moo Correct Answer: AL” QUESTION 64 You need to transfer over 12 TB of data from on-premises to your cloud account. You started copying this data over the internet and noticed that it wil take too long to complete. \Without increasing the costs of your subscription, what is the recommended way to send this amount of data to your cloud account? Use Data Transfer Service to send your data ~ Split the data into multiple parts and use the multipart tool. Use a 10 GB FastConnect line to send the data, Send the data over a VPN IPsec tunnel Compress the data and use the multipart too mooa> Correct Answer: A QUESTION 65 Which two statements are true about encryption on Oracle Cloud Infrastructure (OCI)? (Choose two.) A. By default, Object Storage and Block Storage are encrypted at rest. yf. Acustomers responsible for data encryption in all services of OCIC. By default, DBCS offers an encrypted database. ‘B. By default, NVMe drives are encrypted but the block volume service is not. Correct Answer: AC. QUESTION 66 You are the Cloud Architect of a company, and are designing a solution on Oracle Cloud Infrastructure where you want to have all your compute instances resistant to hardware failure. ‘Which two are recommended best practices to achieve the requirement on Oracle Cloud Infrastructure? (Choose two.) A. Create a custom image of your system drive each time you change the image. BB. Attach block volumes from different Availabilty Domains to compute instances in different Availabilty Domains for high availabilty. * C. Design your system with redundant compute modes in different Availability Domains to support the failover capability D. Create backups of your block volumes that are associated with compute instances in different regions. Correct Answer: AC ~ QUESTION 67 For what business need should you use Database Cloud Service (DBCS) instead of Oracle database on a ‘compute instance? ‘A. tobring your own license on a compute service B. to lower license and infrastructure cost CC. to implement Oracle RAC for high availability D. to build an Oracle database on a compute service ~ Correct Answer: ~~ QUESTION 68 You need to create a high performance shared flle system service, and have been advised to use OCI File Storage Service. You have logged into the OC! Console, created a File System in an availabilty domain, and followed the steps to mount the shared fle system on your Oracle Linux virtual Instance. However, you are still tunable to access the shared file system from your Linux instance. What isthe likely reason for this? A. There are no security list rules for mount target trafic here is no IGW set up for mount target trafic ‘There is no IAM policies set up to allow you to access the mount target, D. There is no raute in your VCN's route table for mount target traffic Correct Answer: C QUESTION 69 ~~ Which two statements define the types of DNS resolvers that exist? (Choose two.) ‘A. Acustom resolver allows instances to use the host names of the hosts in your on-prem network that are connected to your VCN by an IPSec VPN connection. B. ACN resolver allows instances to use the host names of the hosts in your on-prem network that are connected to your VCN by an IPSec VPN connection.C. AVN resolver allows instances to use host names to communicate with instances on ather VCNs in your tenancy, D. An Internet resolver allows instances to use the host names that are published on the Internet, Correct Answer: AD QUESTION 70 What is a “transfer package" when transferring data to OCI via the OCI Data Transfer Service? Ac Atransfer package is the logical representation of the physical shipment containing the HDD transfer ~~ devices that you ship to Oracle to upload to OCI BB. A transfer package is the software Oracle provides for you to prepare transfer devices for shipment to Oracle C. A transfer package contains the physical devices. D. A transfer package is the archive file that the Data Transfer Service Utility (dts) writes to the transfer device Correct Answer: A ‘QUESTION 71 How can you provide users access to an existing compartment? ‘A. by granting users access to a compartment when the compartment is created ‘A. by adding users to a group and defining a policy to provide the group access to the compartment C. by adding users to a compartment. All users in the compartment will have access to the objects in the ‘compartment. D. by granting access directly to the user when the useris created Correct Answer: 8~ QUESTION 72 You are the Solutions Architect of a large company and are tasked with migrating all your services to Oracle Cloud Infrastructure. As part ofthis, you frst design a Virtual Cloud Network (VCN) with a public subnet and a private subnet. Then in order to provide Internet connectivity to the instances in your private subnet, you ‘create an Oracle Linux instance in your public subnet and configure NAT on it. However, even after adding all related security list rules and routes in the Route Table, your private subnet instances still cannot connect to the Internet. ‘Which action should you perform to enable Internet connectivity? |X Disable “Source and Destination Check” on the VNIC of your Linux instance. 'B. There is no way that a private subnet can connect to the Internet. ©. Create a Dynamic Routing Gateway (ORG) and route your private IP traffic to the DRG. D. Restart the NAT instance. Correct Answer: A QUESTION 73 ‘When terminating a compute instance, which statement is tue? |A. The instance needs to be stopped first, and then terminated, B. The boot volume is always deleted. C, All black volumes attached to the instance are terminated, 0. Users can preserve the boot volume associated with the instance.Correct Answer: D7 QUESTION 74 There are multiple options of migrating Oracle Databases from on-premises to Oracle Cloud Infrastructure. Which two characteristics do you need to consider when choosing 2 migration method? (Choose two.) ‘A. On-premises database character set and application version B. On-premises database version and quantity of data, including indexes . On-premises host operating system platform and network bandwidth D. On-premises connectivity using remote and local VCN peering / Correct Answer: iC QUESTION 75, Within your tenancy you have a compute instance with a boot volume and a block volume attached. The boot volume contains the OS and the attached block volume contains the instance's important data. Logs on the boot volume have filed the boot volume and are causing issues with the OS. ‘What should you do to resolve this situation? ‘A. Stop the instance that is full Create a manual backup ofthe block storage before making changes. Detach the block volume, create a new instance af the same shape witha larger custom boot volume and attach the block volume to the new instance. Configure the OS and any related application(s) to access the block _, volume under the same mount point as before, Hf Create a new instance with a larger boot volume size as well @ new block volume which is the same size or larger than the one attached tothe fll instance. rsync the state ofthe boot volume and the state ofthe block volume between the two instances. . Detach the block volume from the full instance. Create @ new instance ofthe same shape with a larger boot volume and rsync the state ofthe boot volume between the instances. Attach the block volume to the new instance: D. Create 2 manual backup ofthe block storage instance. Create a custom image of the fllinstance. Once that completes deploy the custom image to @ new instance. Comect Answer: 6! QUESTION 76 Which two resources are available by default when your Oracle Cloud Infrastructure tenancy is provisioned? (Choose two.) _K. an NVMe SSD boot disk for each instance, whose size is determined by the image and shape of the instance _B. a range of public IP addresses that are reserved for your tenancy (C. a set of images, where each image is a template of a virtual hard drive that consists of the OS and installed software and applications D. a variety of shapes, where each shape determines the number of CPUs and memory allocated to an instance. Correct Answer: ABV” QUESTION (77) ‘Your company is moving an Internet-facing, 2-tier web application into Oracle Cloud Infrastructure. The pplication must have a highly available architecture, Which two design options would you consider? (Choose two.)onto rari Roe cata nr VON anda Ganfgue a NAT instance your Virtual lo Nebr (VEN). Create a ete rey using the prvateP ofthe NA stances ao rg orale private Sabet your VON Create an inemet Gateway ad tac tt your VN, Deploy publi as Balance nodes into we ‘alae Domains. D. Place a web sever behind a publi load balancer Correct Answer: BC ~~ QUESTION 78 ~~ Which two statements are true about Database Cloud Service (DBCS)? (Choose two.) A, Data Guard as a Service is offered among regions. B. You have full control over backup schedule and retention. C. You can manage Oracle parameters at a global system level. D. You cannot manage the database as sys/sysdba. X <_Gorrect Answer: AB QUESTION 79 You are an administrator with an application running on OCI. The company has a fleet of OCI compute virtual instances behind an OCI Load Balancer. The OC! Load Balancer Backend Set health check API is providing a ‘Critical level warning. You have confirmed that your application is running healthy on the backend servers. ‘What is the possible reason for this ‘Critica’ warning? A. Auser does not have correct IAM credentials on the Backend Servers. B. The Backend Server VCN’s Route Table does not include the route for OCI LB. . OCI Load Balancer Listener is not configured correctly. po The ackend Server VCN's Securty List oes ntincude the Prange fr the source of he heath check requests. . Correct Answer: D uA QUESTION 80 Your company has decided to move a few applications to Oracle Cloud Infrastructure and you have been asked to design it for Disaster Recovery (OR). One of the items of your design is to deploy the DR at least 300 miles from the home site and minimize the network latency as much as possible. Based on that, what will be the recommended deployment? A, Deploy applications in two separated VCNs in different Availabilty Domains and use VCN Remote Peering Deploy applications in diferent regions and have them connected using VCN Remote Peering ‘c!Deploy applications in two separated VCNs in different regions and use VCN Local Peering = @. Deploy applications on the same region splitting workloads across Availabilty Domains: Correct Answer: QUESTION 81 ‘Which three methods can you use to manage Oracle Cloud Infrastructure services? (Choose three.) AF oracle Cloud Infrastructure Desktop Client BC Oracle Cloud Infrastructure Console ©. SSH or ROP~B.Commanduiine Interface NE REST API Correct Answer: AB@ GP QUESTION? ) Which is a customer's responsibility on an Oracle Cloud Infrastructure database? AL 2g Patching the database and OS B. creating the first default database on the DBCS servers C. creating an ASM diskgroup for data file or temp file storage D. installing the operating system (OS), Grid Infrastructure, and database software Correct Answer: B, QUESTION 83 Which three are defauit Virtual Cloud Network (VCN) components? (Choose three.) LA: Seourity List B. Dynamic Routing Gateway ©. DHGP options D. Internet Gateway _E Route Table Correct Answer: ACE ~~ QUESTION 84 Which option lists Virtual Cloud Networks (VCNs) that can be peered? A, VON A (172.16.0.0/24) and VEN B (172.16.0.0/28) Vv @. VONA (10.0.0.0/16) and VEN B (10.1.0.0/16) ©. VON A (10.0.2.0/16) and VON B (10.0.2.0125) D. VCN A (10.0.0.0/16) and VCN 8 (10.0.16.0/24y Correct Answer: B QUESTION 85, \Which wo statements aretrue about an Oracle Cloud Inestucture Virtual loud Network (VN? (Choose two, ‘A. AVCN can reside in multiple Oracle Cloud Infrastructure regions and Availabilty Domains, B. AVCN covers a single contiguous IPv4 CIDR black of your choice. C. An allowable VCN size range is: /16 to /30. D. AVCN creates the dynamic routing gateway by default. Correct Answer: BC —~ QUESTION 86 ich three actions need to be performed before attempting a data transfer service job? ‘A, Obtain an available host machine which can run the dts utility on-premise with SATA or USB drives attached for the transfer jo. B. Get access to a high-speed intemet connectionC. Data Transfer Service and Storage Service Limits should be checked and raised if required D. Set up SSH access to a host on OCI to coordinate the transfer job. E. Create an object bucket to receive the job, Correct Answer: ACE ‘QUESTION 87) ~~ Which two statements about the Oracle File Storage Service (FSS) Security are accurate? ‘A. Oracle IAM controls which filesystems are mountable by which instances. @®- Security lists can be used as a virtual firewall to prevent an instance from mounting an FSS mount target within a subnet. C. Encryption of fle storage in FSS is optional D. Data in transit to an FSS mount target is encrypted. (@E- FSS leverages UNIX user group and permission checking for fle access security Correct Answer: 88 9 QUESTION 88 Which two statements are true about policies? ‘A. You can use read, write, manage, and inspect as verbs for defining a policy. B. A policy is a document that specifies who can access which Oracle Cloud Infrastructure resources that your company has, and how. . Users need not do anything but stil have to be added to a group with appropriate policies defined. D. You can deny access to a group via policies. Correct Answer: BC {QUESTION 89 A wmich storage service is used on OC! for a Data Transfer Service job? A. An instance with enough storage to accommodate the job B. An object bucket ©. AFile System service instance D. Block Volume Correct Answer: A QUESTION 90 You had an outage in your application caused by the loss of a shared volume provisioned by File Storage Service (FSS). At this point, you need to restore the data from a snapshot you created of the FSS. What are the steps to restore the data? ‘A. Access the directory where the shared volume is mounted, then cd into .snapshot folder, find the snapshot folder you want to recover and use cp or rsync tool to copy the files to the original location, ‘Open OCI Console, select File Storage Service, find the shared storage, then click on snapshot and restore. C. Open OCI Console, select File Storage Service, find the snapshot you created and click restore, D. Access the directory, where you mounted the shared volume, then cd into snapshot folder and find the ‘snapshot folder you want to recover and rename that folder to the original folder name. Correct Answer: B/‘QUESTION 1 ‘Which two are required parameters to create a public load balancer instance? A. certificate lead balancer name * ©. listener D, back end set two public subnets ~~ Correct Answer: DE QUESTION 92, ‘Which two Oracle Cloud Infrastructure database services allow you to dynamically scale CPU and storage? A. bare metal DB system 8. virtual machine DB system @c. Autonomous Data Warehouse (ADW) @. Autonomous Transaction Processing (ATP) Correct Answer: AB (D> QUESTION 93, You have an application server that needs to copy data on Oracle Cloud Infrastrucutre (OCI) object storage in the same region. You have created a service gateway for OCI object storage in your virtual cloud network (VCN) and modified security lists associated with the subnet to allow traffic to the service gateway. You are able to connect to the OCI abject storage, however, you notice that the connectivity is over the Internet instead of the service gateway. ‘What is the reason for this behavior? ‘A. The route table associated with the subnet has no route rule where the destination is object storage service B. The service gateway created in the VCN resides in a different availabilty domain C. The security list associated with the subnet has an egress rule that allows all traffic to be forwarded to @ destination CIDR 0.0.0.0/0 D. Identity and Access Management (\AM) polices restrict the access to the object storage bucket, Correct Answer: C QUESTION 94 You want an Oracle Cloud Infrastructure (OC!) compute instance in your compartment to make API calls to other services within OCI without storing credentials in a configuration file. ‘What do you need to do? A. Create a dynamic group with appropriate matching rules to include the instance, and reference this group in your 1AM policy statement B._ Instances cannot access services outside their compartment C. VM instances are treated as users. Create a user, assign the user to that VM instance, and reference the instance in your Identity and Access Management (IAM) policy statement D. By default, al VM instances are created with an instance principal. Reference this instance principal in your IAM policy statement Correct Answer: O~ 7 QUESTION 95 ~~What is a valid option when exporting a custom image? object storage URL B. archive storage URL C. file storage service D. block volume Correct Answer: A QUESTION 96 ‘Which two statements are true about adding secondary VNICs to an existing compute instance? AA. ‘he primary and secondary VNIC association must be in he same availability domain (@B. You can assign an Ephemeral Public IP to a secondary VNIC . You can remove the primary VNIC ater the secondary VNIC’s attachment is complete D. The primary and secondary VIC aseciaon canbe In ferent vtual coud networks (VCNS) Correct Answer: AB QUESTION 37 ‘You are managing a tier-1 OLTP application on an Autonomous Transaction Processing (ATP) database. Your business needs to run hourly batch processes on this ATP database that may consume more CPUs than what is available on the server. How can you limit these batch processes to not interfere with the OLTP transactions? ‘A. Copy OLTP data into new tables in a new table space and run batch processes against these new tables B, ATP is designed for OLTP workload only; you should not run batch processes on ATP. C. Disable automated backup during the batch process operations ‘Configure ATP resource management rules to manage runtime and IO consumption for the consumer group of batch processes Correct Answer: O~ QUESTION 98 ‘You are responsible for creating and maintaining an enterprise application that consists of multiple storage ‘volumes across multiple instances. The storage volumes include boot volumes and block volumes for your data storage. You need to create backups of these storage volumes in the most time-efficient manner, How can you meet this requirement? A. You can create clones of storage volumes one at a time B7You can group together multiple storage volumes in a volume group and create volume group backups C. You can create on-demand one-off backups of boot volumes, but nat block volumes D. You can ereate on-demand one-off backups of block volumes, but not boot volumes Correct answer:th ‘QUESTION 99 ‘Your organization has deployed a large, complex application across multiple compute instances in Oracle Cloud Infrastructure (OCI). These compute instances also have block volume storage attached to them. You want to create a time consistent backup of these block volume storage. ‘Which implementation strategy should be used? A, Create a manual backup of each volume Use scripts available in OCI to backup block volume storageC. Group volumes in a volume group first and then use available scripts in OCI \B°-Group volumes in a volume group and create a manual backup of the volume group caret Anawer jb D QUESTION 100 Where are DB Systems backups stored by default? ‘A. ASM disk group 8, locally attached NVMe on vitual machine C. block volume AB object storage on Oracle Cloud infrastructure Correct Answer: D ~ QUESTION 101 Which two resources reside exclusively in a single availability domain? ‘A. compute instance ~ B. block volume ~ C. object storage D. groups E. virtual cloud network Correct Answer: ABX~ QUESTION 102 You are designing a networking infrastructure in multiple Oracle Cloud Infrastructure regions and require connectivity between workloads in each region. You have created a dynamic routing gateway (DRG) and a remote peering connection. However, your workloads are unable to communicate with each other. What are two reasons for this? + Correct Answer: AC — QUESTION 139 What is the maximum number of security lists that can be associated with a subnet? A. four B. three ©. five D. two Correct Answer: C QUESTION 140 ‘You have an extemal facing web server running in the Oracle Cloud infrastructure (QC!) London region. You are notified that customers in North America and Australia are facing high latency while connecting to your web server. Which services are available on QC! that can help you get current latency statistics to your web server from these markets? ‘A. Use DNS Zone Management service to check latency over that connection B. Setup an IPsec VPN with customers in those markets and check latency over that connection. Use the Internet Intelligence tool. Run tests using the web server's public IP address review traceroute details from different vantage points D, Setup a FastConnect wth customers in those markets and check latency over that connection Correct Answer: 6 QUESTION 141 ‘Which statement is true regarding Autonomous Transaction Processing (ATP)? ‘A database name cannot be used concurrently for both an Autonomous Data Warehouse (ADW) and an ATP database B. After terminating a database, the database name is available for immediate reuse CC. Amaximum of 8 cores can be enabled for an ATP database D. Amaximum of 2 TB of storage can be enabled for an ATP database Correct Answer: A QUESTION 142 You have been tasked with creating one virtual cloud network (VCN) each for two line of business (LOB) applications. LOB A and LOB B will need to communicate with each other. To ensure that you can ulilize VCN. peering, which network CIDR ranges should be used? ACTEN A (10.0.0.016) and VON 8 (10.4.0.0/16) B. VN A (10.02.0/6) and VN B (10.02.0728) 6. VON (10.00.0716) and VON 8 (10.0.16.024) D. VCN A (172.16.0.0/24) and VEN B (172.16.0.0/28)/ Conect Anewer:A Correct Answer: AB QUESTION 148 Which statement is rue about Oracle Cloud Infrastructure (OC) object storage support for server-side encryption? You must manually enable server-side encryption for each object as you upload to OCI object storage Objects are automatically encrypted as they are uploaded to abject storage and decrypted upon retrieval You must manually decrypt the data when retrieving from OCI object storage Only the object data is encrypted and the user-defined metadata that is associated with the object is not encrypted poa> Correct Answer: D-~ WwW QUESTION 149 ‘You deployed a compute instance (VM, Standard2.16) to run a SQL. database. After a few weeks, you need to increase disk performance by using NVMe disks: the number of CPUs will not change. AS a first step you terminate the instance and preserve the boot volume, ‘What is the next step? A reate a new instance using a VM.DenselO2.16 shape using the preserved boot volume and move the ‘SQL Database data to block volume Bs Create a new instance using 2 VM.Densel02.8 shape using the preserved boot volume and move the SQL. 7, Database data to NVMe disks “fi Create a new instance using a VM. Standardi.16 shape using the preserved boot volume and move the ‘SQL Database data to NVMe disks D. Create a new instance using a VM,Densel02.16 shape using the preserved boot volume move the SQL Database data to NVMe disks Correct Answer: A QUESTION 150 Which two statements are true about data guard service on DB Systems in Oracle Cloud Infrastructure (OCI)? ‘A. Data guard implementation requires two DB Systems, one running the primary database on a virtual machine and the standby database running on bare metalB. Data guard configuration on the OCT is limited to one standby database per primary database . Data guard configuration on the OCI is limited to a virtual machine only D. Data guard implementation requires two DB Systems, one containing the primary database and one containing the standby database Correct Answer: BD ~~ QUESTION 151 Which two statements about fault domains are true? ‘A. A fault domain is a grouping of hardware and infrastructure within an availability domain B, Each availabilty domain contains three fault domains . A failed instance in a fault domain is automatically relaunched D. A fault domain is selected automatically based on usage data Correct Answer: AB QUESTION 152 You are asked to create a user that will access programmatic endpoints in Oracle Cloud Infrastructure. The ser must not be allowed to authenticate by username and password, Which two authentication options can you use? PEM Certificate file ‘Auth tokens ~ API signing key’ Windows password SSH key pair moog> Correct Answer: BC QUESTION 153“ ‘Which two options are available when setting up DNS for your bare metal and virtual machine DB Systems? A. Intemet and custom resolver B. Google DNS servers . custom resolver . Intemet and virtual €loud network (VCN) resolver —~ Correct Answer QUESTION 154 You ate designing a shared storage solution for your company in Oracle Cloud infrastructure. The proposed storage solution should allow users to create a hierarchical structure (similar to the directory structure in Linux. ‘of Windows based systems). The solution should provide data encryption and a large amount of storage space. Which would be the best implementation strategy? A. Use block storage, Create and attach a large block storage volume to one compute instance. Assign a public IP to the compute instance. Store data on the block storage and access it by connecting to the compute instance. B. Use object storage. Create a single namespace and multiple buckets to create the hierarchical directory structure. C. Use object storage. Create multiple namespaces with one bucket each. Make the buckets publicly accessibleD. Use file storage service. Create a file system and a mount target. Share the private IP of the mount target, Correct Answer: Q.—~ QUESTION 155 You have successfully configured identity federation between Oracle Cloud Infrastructure (OCI) and Oracle Identity Cloud Services (IDCS). A new project manager wants access to OCI for her team and provides the name of an existing group within IDCS to use when granting access How do you configure federation to allow the project team access to OCI resources? ‘A. Create a new IAM group in OCI and map it to the existing IDCS group. Create a new policy in IDCS and reference the name of the IAM group. B. Create a new Identity and Access Management (IAM) policy in OCI and reference the name of the IDCS group in each policy statement. . Create a new compartment in OCI with the same name as the existing IDCS group, Create an IAM policy that references the new compartment and the name of the IDCS group. D. Create a new IAM group in OC! and map itto the existing IDCS group. Create a new IAM policy and reference the name of the IAM group in each policy statement. Correct Answer: DY QUESTION 156 You are designing a lab exercise for your team that has a large number of graphics with large fle sizes. The application becomes unresponsive if the graphics are embedded in the application, You have uploaded the {faphics to Oracle Cloud Infrastructure and only added the URL in the application. You need to ensure these {graphics are accessible without requiring any authentication for an extended period of time, How can you achieve these requirements? ‘A. Create pre-authenticated requests (PAR) and specify 00:00:0000 as the expiration time, B. Make the object storage bucket private and all objects public and use the URL found in the Object "Details". C. Make the object storage bucket public and use the URL found in the Object "Details" D. Create PARs and do not specify an expiration date Correct Answer: CL QUESTION 157 ‘Which two statements are true about DB Systems? A. Data Guard as a Service is offered between regions B. You can manage Oracle database initialization parameters at a global level . You have full control over the automatic backup schedule and retention periods . You cannot manage the database as sys/sysdba 7 Correct Answer: AC QUESTION 158 ‘You have five different company locations spread across the US. For a proof-of-concept (POC) you need to ‘setup secure and encrypted connectivity to your workloads running in a single virtual cloud network (VCN) in the Oracle Cloud Infrastructure Ashbum region from all company locations. What would meet this requirement? A. Create five internet gateways in your VCN and have separate route table for each intemet gateway. B. Create five virtual circuits using FastConnect for each company location and terminate those connections con a single dynamic routing gateway (DRG). Attach that DRG to your VCN.Create five IPsec connections with each company location and terminate those connections on a single DRG. Attach that DRG to your VON. . Create five IPsec VPN connections with each company location and terminate those connections on five separate DRGs. Attach those DRGs to your VGN. 4 Correct Answer