Oci Q&a

1.
A customer wants to do development on premise while leveraging services such as Java Cloud,
Mobile Developer Cloud, and App Builder Services. The customer would also like to scale out the
application, stretching from on-premises to the cloud by using a common API. Which two
infrastructure options can the customer leverage to do this?
A. Oracle Cloud at Customer

B. Oracle Cloud Infrastructure Classic
C. Oracle Cloud Ravello Service
D. Oracle Cloud Infrastructure
Answer: A & B
Explanation:
A, is correct as the customer wants to do development on-premise leveraging
Cloud Services so Cloud@Customer is the correct option
B is correct because as per requirement, the customer also wants to scaleout to
the Cloud using common API so as Cloud@Customer (C@C) is OCIC basis so OCI Classic is
correct.
C is not correct as Ravello is VM lift & Shift (and not for PaaS services like JCS or
ABCS).
D OCI is wrong because C@C is Classic based and with OCI can't use common API
2. Which two actions can you perform in Oracle Cloud Infrastructure?
A. Create Oracle Mobile Cloud Service Instances.

B. Create Bare Metal Instances & Virtual Machines.
C. Create Business Intelligence Cloud Service Instances.
D. Create Oracle Cloud Infrastructure Database Instances.
Explanation :
Db is PaaS service and we create it from OCI console. PaaS services are built over IaaS service
only. As Oracle Mobile Cloud Service Instances, Oracle Cloud Infrastructure Database instances
is a part of PaaS Service, so A & C are wrong answer, however we can create Bare metal
instances and virtual machines, Create Oracle Cloud Infrastructure Database instances
3. When a customer has data sovereignty requirements, which Oracle Cloud solution would you
recommend?
A. Oracle Platform as a Service
B. Oracle Cloud Infrastructure Classic
C. Oracle Cloud Infrastructure
D. Oracle Cloud at Customer
Explanation :
In Oracle Platform as a Service, Oracle Cloud Infrastructure & Oracle Cloud Infrastructure Classic
the data centre is remotely located, however Oracle has a unique offerings as Oracle Cloud at
Customer where data Centre is on your company premises and that will solve the Data
sovereignty requirements so correct answer is D/
3. Which three methods can you use to manage Oracle Cloud Infrastructure services? (Choose
three.)
A. Oracle Cloud Infrastructure Desktop Client

B. Oracle Cloud Infrastructure Console
C. SSH or RDP
D. Command-line Interface
E. REST API
Answer: B, D, E
Explanation:
Answer A is wrong as there is nothing like Oracle Cloud Infrastructure Desktop Client Answer C
is wrong because SSH & RDP are tools to manage Compute (Linux/Windows Machine) and not to
manage OCI .B,D,E and are correct methods to manage OCI.

Reference: Page 12 of Getting Started with OCI
https://docs.cloud.oracle.com/iaas/pdf/gsg/OCI_Getting_Started.pdf
Developer Tools in OCI
https://docs.cloud.oracle.com/iaas/Content/devtoolshome.htm
4. Which two statements about fault domains are true?

A. A fault domain is a grouping of hardware and infrastructure within an availability domain
B. Each availability domain contains three fault domains
C. A failed instance in a fault domain is automatically relaunched.
D. A fault domain is selected automatically based on usage data
Explanation: A is correct because fault domain is a grouping of hardware and infrastructure
within an availability domain B is correct as we have 3 Fault Domain within each AD C is incorrect as
nothing is automatically launched D is incorrect as though it is automatically selected but we can also
choose during instance creation
Reference:
https://blogs.oracle.com/cloud-infrastructure/using-availibilitydomains-and-fault-domains-to-
improve-application-resiliency
6. Which two resources are availability domain constructs?

A. VCN
B. Groups
C. Block Volume
D. Compute Instance
E. Object Storage
Answer: C & D
Explanation:
7. You are responsible for setting up access for all the cloud users of a large enterprise. You log in to the
Phoenix region and start creating users and policies. You then realize that some users might be creating
resources in the Ashburn region. Which step should you perform to enable those users?
A. You can assign a region to each of the users at the time of creation.
B. IAM users are global and non-admin users can add resources to any region by default.
C. You need to log in to each region separately to create users for that particular region.
D. IAM users are global. As an administrator, make sure that you subscribe to the Ashburn
region.
Answer: D
Explanation: IAM Users are global, it means it is available to all the regions, so if users are
creating resources in other region, then you need to just subscribe that region with no additional cost.
8. Which three types of credentials are used to manage Oracle Cloud Infrastructure Identity and Access
Management (IAM)?
A. Windows Password
B. API Signing Key
C. Auth Token
D. SSH Key
E. Console Password
Answer: B, C, E
Explanation: There is nothing called Windows Password in Oracle Cloud Infrastructure, SSH Key is used
to logged into the instances created in OCI, so as of now API Singing Key, Auth Token, & Console
Password are the credentials which are used to manage Oracle Cloud Infrastructure Identity and Access
Management (IAM).
Reference: https://cloud.oracle.com/cloud-security/identity/faq
https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingcredenti als.htm
9. A new employee has just started working for your company. You create an Oracle Cloud infrastructure
user account for this employee, following which they are able to log in, but still cannot create any
resources. What should you do to resolve this?
A. Send the Employee API Signing Keys to Log In.
B. Delete the Account & Create Another One.
C. Make Sure that the Employee Is Logging in the Oracle Cloud Infrastructure Account from Your
Corporate Network Only.
D. Add the Employee to a Group With Policies To Grant Access To Relevant Resources.
Answer: D
Explanation: when you create any new users in Oracle Cloud Infrastructure doesn't have any
access to any of the resources, so you need to add them to a group with policies to grant to
relevant resources Reference: https://cloud.oracle.com/cloud-security/identity/faq

10 .Which statement is true about Oracle Cloud Identifiers (OCID)?
A. mytenancy.oc.ocid is a valid OCID.

B. If you delete a user, and then create a new user with the same name, the user will be
considered a different user because of different OCIDs.
C. Users can customize OCIDs for all the resources in their compartments. D. If you delete a
user, and then create a new user with the same name, the new user will be assigned the exact
same OCIDs as the system remembers.
Answer: B
Explanation: As every user creation generates unique id in OCI. Even though it is the same user
but its id will be different. OCID is generated by Oracle and user have no option or control to change it.
Format of OCID is ocid1. <RESOURCE TYPE>.<REALM>.[FUTURE USE].<UNIQUE ID> so option 1 is wrong
11. Which three components can you configure in Oracle Cloud Infrastructure Identity and Access
Management?
A. Groups
B. Users
C. Instances
D. Policies
E. VCNs
Answer: A, B, D Explanation:

https://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/overview.htm
12. Where is the tenancy Oracle Cloud Identifier (OCID) located?
A. Given by Support on Account Creation

B. At the Bottom of Every Console Page
C. On the Identity - Users Page
D. Contained Within the Compartment OCID
Answer: B
Explanation: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/identifiers.ht m
13. Your Company has signed up for Oracle Cloud Infrastructure and you have asked your cloud
administrator to provide access to the resources. Which steps does the administrator need to perform
to provide the necessary access?
A. Create an IAM user and add the user to a compartment with appropriate policies defined for
compartment access
B. Nothing, by default everyone in the company has access to their OCI account
C. Create an IAM user and assign the appropriate policy to the user account
D. Create an IAM user and add the user to the group that has the appropriate access
Answer: D
Explanation: IAM user is having global scope and follows minimum access rule. Once user is created it
needs to be added to particular group for having access to resources. You add policies to the group. So,
Option D is correct.
14. Where are IAM resources (such as users and groups) created?
A. In Each Compartment.
B. In Each Region.
C. Globally
D. In Each Availability Domain.
Answer: C
Explanation: IAM resources are global in nature and once user is created it will be there for all the region
within the tenancy. Access to the user can be controlled at Compartment and tenancy level.
15. How can you provide users access to an existing compartment?

A. By granting users access to a compartment when the compartment is created
B. By adding users to a group and defining a policy to provide the group access to the
compartment
C. By adding users to a compartment. All users in the compartment will have access to the objects
in the compartment.
D. By granting access directly to the user when the user is created
Answer: B
needs to be added to particular group for having access to Resources. You add policies to the group.
Unless you are not adding User to group no access to any resource will be there for user. So, Option B is
correct.
16. In OCI, a policy is defined in IAM which can be(Two).

A. Using verbs of inspect, read, use, or manage as verbs
B. A policy is a document define who can access what is your tenancy.
C. Users can assign individual access and rules for Authorization
E. Groups are used to assign rules for Authorization to each user based on membership
Answer: A, B
Explanation: A is right ("verbs" are actions you can take on resources, for example: inspect, read, use, or
manage.) B is right (A policy is a document consisting of descriptive policy statements that grant specific
permissions to groups of users) C is Wrong (Users Cannot Assign the access) D is Wrong (We assign
Policy at Group Level & any user you add to the group has similar kind of access)
17 . You are asked to create a user that will access programmatic endpoints in Oracle Cloud
Infrastructure. The user must not be allowed to authenticate by username and password. Which two
authentication options can you use?

A. PEM Certificate file
B. Auth Token
C. API signing key
D. Windows password
E. SSH key pair
Answer: B, C

Explanation: A is incorrect as PEM is used for SSL B & C is Correct as Auth Tokens & API Signing key are
used when we make API Calls through CLI, SDK to OCI Resources E is wrong as we use SSH key pair for
connecting to Compute Instance or Database Instance in OCI D is wrong as there is nothing Windows
password
Reference: https://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/usercredenti als.htm
18. Which two statements are true about policies?

A. You can use read, write, manage, and inspect as verbs for defining a policy.
B. A policy is a document that specifies who can access which Oracle Cloud Infrastructure
resources that your company has, and how
C. Users need not do anything but still have to be added to a group with appropriate policies
defined.
D. You can deny access to a group via policies
Answer: B, C

Explanation: A is wrong because there is no verb called Write B is Right -- as a policy is a document
consisting of descriptive policy statements that grant specific permissions to groups of users C is Right --
There is no Role of Users in defining the policies, we write the policies at the group level & we attach the
user to that Group, (Also, Oracle follows the principle of least privileges so the user needs to be in at
least one group) D is Wrong -- We only Give the Policy to allow the access and there is no such policy for
denying
Reference: https://cloud.oracle.com/cloud-security/identity/faq#policy
https://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/policies.htm
19. Which two statements are true about an Oracle Cloud Infrastructure Virtual Cloud Network (VCN)?
A. A VCN creates the dynamic routing gateway by default.
B. A VCN covers a single contiguous IPv4 CIDR block of your choice.
C. An allowable VCN size range is: /16 to /30.
D. A VCN can reside in multiple Oracle Cloud Infrastructure Regions and Availability Domains.
Answer: B, C
Explanation: D is not an option as VCN is regional service.
20 . Which two statements are true about subnets within a VCN?
A.You can have multiple subnets in an Availability Domain for a given VCN.
B. Private and Public subnets cannot reside in the same Availability Domain for a given VCN.
C. Subnets can have their IP addresses overlap with other subnets in another network for a
given VCN.
D. Instances obtain their private IP and the associated security list from their subnets.
Answer: A & D
Explanation: B is wrong as Private & Public subnet can reside in same AD for a given VCN. C is wrong as
subnets within a given VCN can’t overlap
Management?
A. Groups
B. Users
C. Instances
D. Policies
E. VCNs


Answer: B
compartment access
Answer: D
B. In Each Region.
C. Globally
Answer: C

compartment
in the compartment.
Answer: B
correct.

Answer: A, B

B. Auth Token
C. API signing key
D. Windows password
E. SSH key pair
Answer: B, C

password

defined.
Answer: B, C

denying
Answer: B, C
given VCN.
Answer: A & D
Management?
A. Groups
B. Users
C. Instances
D. Policies
E. VCNs


Answer: B
compartment access
Answer: D
B. In Each Region.
C. Globally
Answer: C

compartment
in the compartment.
Answer: B
correct.

Answer: A, B

B. Auth Token
C. API signing key
D. Windows password
E. SSH key pair
Answer: B, C

password

defined.
Answer: B, C

denying
Answer: B, C
given VCN.
Answer: A & D
21. Which resource is required when connecting to your on-premise network from your Virtual Cloud
Network (VCN) via IPsec VPN or Fast Connect?
A. Internet Gateway (IGW)

B. Dynamic Routing Gateway (DRG)
C. Local peering gateway
D. NAT
Answer: B
Explanation: Dynamic Routing Gateway is essential component when connecting On-prem to OCI
network via Fastconnect or via IPSec VPN. DRG is the only essential component used in both the VPN.
A is incorrect as IGW is used to give public access to any subnet in the VCN.
C is incorrect Local Perring Gateway is used to connect 2 VCN in OCI with the same Region.
D is incorrect as NAT is used to have public access (internet access) to any Private IP Host to get updates
without exposing private node to internet.
22. You launch a Windows Instance and use the initial password provided to you by Oracle Cloud
Infrastructure to RDP into the Windows instance. However, you are unable to log in.What is a possible
reason?
A. NO, security list has been created in your Virtual Cloud Network (VCN).
B. B. The security list associated with the subnet of your Windows instance has no stateful rule to
allow SSH traffic on port 22 for your IP address.
C. C. The Windows license is not correct.
D. The security list associated with the subnet of your Windows instance has no stateful rule to
allow ingress traffic over RDP port 3389 for your IP address
Answer: D
Explanation: D is the Answer.
A is not correct as when we create a VCN, Default Security List is created.

B is not correct, Port 22 is required to connect to Linux Instance not for RDP.
C is wrong as we don’t need License while connecting to windows instance

D is the answer, Yes for windows instance, you need to open port 3389, in order to connect to make
sure port 3389 is open
23. You have created a public subnet in a VCN, and your public subnet has a Route Table, a Security List,
and an Internet Gateway. However, none of the compute Instances can connect to the Internet. Which
two are possible reasons for the connectivity Issue?
A.There is no Dynamic Routing Gateway (DRG) associated with the VCN.

B. The Route Table has no default route for routing traffic to the Internet Gateway.
C. There is no stateful ingress rule in the Security List associated with the public subnet.
D. There is no stateful egress rule in the Security List associated with the public subnet.
Answer: B and D
Explanation: When we need to give public access to any subnet we need to create IGW for the same.
But just creating IGW is not sufficient you need to add Routing Table entry for the IGW and route all the
traffic via IGW. That is by default created when you select Create VCN and its components. If not, you
need to add manually. So B is correct. We also need egress rule (From Node to outside world) to be
added in the security list so access can be done. With stateful rules, once a network packet matching the
rule is allowed, connection tracking is used and all further network packets belonging to this connection
are automatically allowed. So if you create a stateful ingress rule, both incoming traffic matching the
rule and the corresponding outgoing (response) traffic are allowed.
24. When creating multiple subnets within a Virtual Cloud Network (VCN), security lists are often made
to group common services, for example, SSH and RDP (remote access),80 and 443 (HTTP), and so on. By
default, what is the maximum number of security lists that can be associated with a subnet upon
creation?
A. 4
B. 2
C. 5
D. 3
Answer: C
Explanation: Try creating Subnet and add security list in that and you’ll see max 5 Security Lists you can
add in that.
25. When creating a subnet, one or more placeholder security lists are often associated with the subnet.
Why?

A. Each operator needs its own security list.
B. Each protocol needs its own security list.
C. Each network endpoint or instance in the subnet needs its own security list.
D. It is not possible to add or remove security lists after a subnet is created.
Answer: C
Explanation: As per FAQ https://cloud.oracle.com/en_US/bare-metalnetwork/vcn/faq

Q: Can I change the security lists assigned to my subnet after I create it? Ans: No, currently you cannot
change the security list you assigned to your subnet after you create the subnet. However, you can
change the rules in each list.
26. What is the maximum IP address size range that you can have in a Virtual Cloud Network?
A. /16 B. /26 C. /24 D. /8

Answer: A
Explanation: under FAQ https://cloud.oracle.com/en_US/bare-metalnetwork/vcn/faq
27. What IP addresses can I use inside my VCN? When you create your VCN, you assign a contiguous
IPv4 CIDR block of your choice. VCN sizes ranging from /16 (65,533 IP addresses) to /30 (1 IP address)
are allowed. Example: 10.0.0.0/16, 192.168.0.0/24.
Which two statements define the types of DNS revolvers that exist?
A. A VCN resolver allows instances to use host names to communicate with Instances on other
VCNs in your tenancy.
B. An Internet & VCN resolver allows instances to use the host names that are published on the
Internet.
C. A VCN resolver allows instances to use the host names of the hosts in your on-prem network that
are connected to your VCN by an IPSec VPN connection.
C. A custom resolver allows instance to use the host names of the hosts in your on-prem network
that are connected to your VCN by an IPsec VPN connection.
Answer: B & D
Explanation: As per FAQ https://cloud.oracle.com/en_US/bare-metal-network/vcn/faq
28. If my subnet is configured to use "Custom Resolver" for DNS, are DNS hostnames created for
instances in this subnet?
Yes, you can do this with custom DNS servers set up within the VCN. You can configure the custom
DNS servers to use 169.254.169.254 as the forwarder for the VCN domain (like
customerdns.oraclevcn.com).
Note that the custom DNS servers must be configured in a subnet that uses "Internet and VCN Resolver"
as the DNS type (to allow access to the 169.254.169.254 IP address).
29 . Can I configure my custom DNS servers to resolve VCN internal DNS hostnames?
30 .Which option lists Virtual Cloud Networks (VCNs) that can be peered?
A. VCN A (172.16.0.0/24) and VCN B (172.16.0.0/28)
B. VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16)
C. VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25)
D. VCN A (10.0.0.0/16) and VCN B (10.0.16.0/24)
Answer: B
Explanation: Rest all are overlapping IPs
31. Why are two subnets required to create a public load balancer when additional subnets are often
used for back-end servers?
A. Routing is simpler when the load balancer is not in the same subnet as the back-end server.
B. Performance is higher when more subnets are used.
C. Additional subnets for back-end servers allow for separate route tables for these servers.
D. Additional subnets for back-end servers allow for separate security lists for these servers
Answer: D
Explanation: Separate Security list will be there for each subnet but Routing table is there at VCN level
Performance has no relation with subnet. So, most appropriate answer is D
32.Which resource is tied to an Availability Domain?

A. Route table
B. Subnet
C. Load Balancer
D. VCN E. Security lists
Answer: B Explanation: Subnet cannot be accessed across AD but VCN can spread across AD. Rest all
component have scope across AD only Subnet is restricted to AD. Route table, Load Balancer, VCN,
Security List have scope across AD.
33. You are asked to configure a VPN connection to connect your onpremise network to OCI VCN. After
the VCN has been created, what steps do you need to take on OCI to create an IPsec tunnel?
A. Create a Dynamic Routing Gateway (DRG), attach the DRG to the VCN, update the routing in your
route table to use DRG, create a CPE and then configure the DRG to open an IPsec connection to the CPE
object
B. Create a DRG, configure a CPE with appliance information and then configure the DRG to open an
IPsec connection
C. Create an Internet Gateway (IGW), attach the IGW to the VCN, update the routing in your route table
to use DRG, create a Customer Premise Equipment (CPE) and then configure the IGW to open an IPsec
connection to the CPE object
D. Create an Internet Gateway, configure a CPE with appliance information and then configure the IGW
to open an IPsec connection
Answer: A Explanation: https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/settingupIPsec.

htm
34.What is the default behaviour of a Security List?
A. It automatically allows HTTP connections
B. It uses stateful rules by default
C. It automatically allows TCP connections over ports 22 and 3389
D. It will explicitly deny SSH connections from unknown IP addresses
Answer: B
Explanation: By default, when rules are created it is stateful and to make stateless we need to tick the
checkbox to make it stateless. Also, when security list created there are no rules defined in that. Any
rule we need to add.
35.What is the main purpose of the Internet Gateway (IG)?
A. It generates and assigns a public IP address to each compute instance you create.
B. It provides a path for network traffic between your VCN and the public internet.
C. It provides a connection between two or more VCNs.
D. It provides communication between compute instances within your VCN.
Answer:B
Explanation: You can think of an internet gateway as a router connecting the edge of the cloud network
with the internet. Traffic that originates in your VCN and is destined for a public IP address outside the
VCN goes through the internet gateway.
37. You have created a virtual cloud network (VCN) with three private subnets. Two of the subnets
contain application servers and the third subnet contains a DB System. The application requires a shared
file system so you have provisioned one using the file storage service (FSS). You also created the
corresponding mount target in one of the application subnets. The VCN security lists are properly
configured so that both application servers and the DB System can access the file system. The security
team determines that the DB System should have read-only access to the file system. What change
would you make to satisfy this requirement?
A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the
DB System subnet.
B. Connect via SSH to one of the application servers where the file system has been mounted. Use the
Unix command chmod to change permissions on the file system directory, allowing the database user
read only access.
C. Modify the security list associated with the subnet where the mount target resides. Change the
ingress rules corresponding to the DB System subnet to be stateless.
D. Create an instance principal for the DB System. Write an Identity and Access Management (IAM)
policy that allows the instance principal read-only access to the file storage service.
Answer: A
Explanation: A is correct Using NFS export option, you can limit clients' ability to connect to the file
system and B is wrong as we cannot control this at the OS user level. C is wrong as Security List is all or
nothing approach D. IAM doesn't have read only option and it cannot be controlled from IAM
38. When creating multiple subnets within a Virtual Cloud Network (VCN), security lists are often made
to group common services, for example, SSH and RDP (remote access), 80 and 443 (HTTP), and so on. By
default, what is the maximum number of security lists that can be associated with a subnet upon
creation?
A. 4
B. 2
C. 5
D. 3
Answer. C
Explanation: We can add up to 5 Security list to a subnet. That is the maximum limit
Reference:
https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/managingVCNs .htm
39.You have been tasked with creating one virtual cloud network (VCN) each for two line of business
(LOB) applications. LOB A and LOB B will need to communicate with each other. To ensure that you can
utilize VCN peering, which network CIDR ranges should be used?
A. VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16)

B. VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25)
C. VCN A (10.0.0.0/16) and VCN B (10.0.16.0/24)
D. VCN A (172.16.0.0/24) and VCN B (172.16.0.0/28)
Answer: A
Explanation: One Criteria for VCN Peering is CIDR Should be nonoverlapping In case of B, C, & D CIDR is
overlapping so these are incorrect. So, A will be the correct answer
40. An instance is launched with a primary VNIC that is created during instance launch. Which two
operations are true when you add secondary VNICs to an existing instance?
A. You can remove the primary VNIC after the secondary VNIC's attachment is complete.
B. You can remove the secondary VNIC later if it is not needed.
C. The primary and secondary VNIC association should be within the same Availability Domain.
D. It is not possible to connect two VNICs to an instance.
Answer: B, C
Explanation: A is wrong as you cannot remove the Primary VNIC B is correct as you can remove the
secondary VNIC C is correct as both needs to be in the same AD D is wrong as Up to 31 Secondary
private IPv4 addresses from the subnet the VNIC is in, assigned by either you or Oracle
Reference: https://cloud.oracle.com/bare-metalnetwork/vcn/faq#vnic
https://docs.cloud.oracle.com/iaas/Content/Networ/Tasks/managingVNICs .htm?Highlight=VNIC
41. Which three are default Virtual Cloud Network (VCN) components? (Choose three.)

A. Security List
B. Dynamic Routing Gateway
C. DHCP options
D. Internet Gateway
E. Route Table
42.You have created a public subnet and an internet gateway in your virtual cloud network (VCN). The
public subnet has an associated route table and security list. However, after creating several compute
instances in the public subnet, none can reach the Internet. Which two are possible reasons for the
connectivity issue? (Select two.)
A. The route table has no default route for routing traffic to the internet gateway
B. There is no stateful egress rule in the security list associated with the public subnet
C. There is no dynamic routing gateway (DRG) associated with the VCN
D. There is no stateful ingress rule in the security list associated with the public subnet
Answer: A, B
Explanation: A is correct as you need to have route table for routing traffic to the internet gateway
B is correct as you need to have stateful egress rule associated with the security list of the pubic subnet
C DRG has no role in internet connectivity, it is An optional virtual router that you can add to your VCN
to provide a path for private network traffic between your VCN and on-premises network.
D is correct as stateful Ingress rule is for incoming traffic Reference:
https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/managingIGs.ht m?Highlight=Internet
%20connectivity
43. When terminating a compute instance, you want to preserve the boot volume and its data. Which
step will you need to perform?
A. You cannot preserve the boot volume; it will always be deleted when you terminate the instance.
B. Reboot the instance first, and then terminate the instance.
C. Disable the default option to delete the boot volume when terminating an instance.
D. Before terminating the instance, you must detach the boot volume.
Answer: C
Explanation: While deleting the instance it will ask option with the Checkbox if we want to preserve Boot
volumes or not by default check box is not checked. If we want to preserve the boot volumes, we need
to check it.
44.Which two are NOT an image source when launching a new compute Instance?
A. Boot Volume
B. Custom Image
C. Object Storage
D. Bare Metal Instance
Answer: C & D
Explanation: When creating the Compute instance we can select the image source. Image source can be
Oracle Image, custom image which will be loaded to the OCI.
Reference: https://docs.cloud.oracle.com/iaas/tools/oci-
cli/latest/oci_cli_docs/cmdref/compute/instance/launch.html https://cloud.oracle.com/compute/faq
45.Which five are the required parameters to launch an instance in Oracle Cloud Infrastructure?
A. Subnet
B. Availability Domain
C. Virtual Cloud Network
D. Host Name
E. Instance Shape
F. Image Operating System
G. Private IP Address
Answer: A, B, C, E, F
Explanation: https://docs.cloud.oracle.com/iaas/Content/Compute/Concepts/computeov erview.htm
46. A compute instance has one block volume attached in addition to its boot volume. A user wants to
attach this block volume to another running instance in the same Availability Domain. What step should
this user perform?
A. Stop both the first instance and the running instance to do this.
B. Detach the block volume from the first instance, and then attach it to the new instance.
C. Reboot the first instance, and only then attach this block volume to the new instance.
D. Terminate the first instance, and only then attach this block volume to the new instance.
Answer: B
Explanation: You cannot detach Boot volume from the running instance but Block volume can be
detached and attached to another instance. We don’t need to reboot or terminate the instance for the
same. Remember any application related Data on Block volume is there and you remove the block
volume might affect the application but instance point of view will remain up.
47. What is the difference between VM Standard and VM Dense I0 shapes?
Choose one:
A. VM Dense I0 will provide NVMe drivers and VM Standard will provide block Storage only.
B. VM Standard has more memory than VM Dense I0.
C. VM Dense I0 will perform worse than VM Standard.
D. VM Standard is ideal for extreme transactional workload while VM Dense I0 is not.
Answer: A
Explanation: https://cloud.oracle.com/compute/virtual-machine/features
48. What are the two types of compute instances offered with Oracle Cloud Infrastructure? (Choose
two.)
A. SPARC
B> Virtual Machine
C> Dedicate Compute
D> D. Bare Metal
E> E. Ravello
Answer: B, D
Explanation: Oracle provide VM and BM instances under Compute Service. These are OEL based
Instances.
Bare Metal Instances - A bare metal instance is a physical server that is fully dedicated to you. It helps
address compliance requirements and saves money by leveraging server licenses you already own,
subject to your existing licensing terms. It provides uncompromising raw performance and includes
instances with the latest generation NVMe SSDs. These instances offer over a million IOPS and are ideal
for running any IO-intensive application or big data workload.
Bare metal compute instances run only the software you choose, providing you with complete control.
There is no Oracle-applied software on your instance.
Virtual Machine (VM) Instances - A VM compute instance is an isolated operating system environment
on a multi-tenant host. You can provision VM and bare metal instances in your Virtual Cloud Network
side-by-side and manage them using the same console and API.
49. Within your tenancy you have a compute instance with a boot volume and a block volume attached.
The boot volume contains the OS and the attached block volume contains the instance's important data.
Logs on the boot volume have filled the boot volume and are causing issues with the OS. What should
you do to resolve this situation?
A. Stop the instance that is full. Create a manual backup of the block storage before making changes.
Detach the block volume, create a new instance of the same shape with a larger custom boot volume
and attach the block volume to the new instance. Configure the OS and any related application(s) to
access the block volume under the same mount point as before.
B. Create a new instance with a larger boot volume size as well a new block volume which is the same
size or larger than the one attached to the full instance. Rsync the state of the boot volume and the
state of the block volume between the two instances.
C. Detach the block volume from the full instance. Create a new instance of the same shape with a larger
boot volume and rsync the state of the boot volume between the instances. Attach the block volume to
the new instance.
D. Create a manual backup of the block storage instance. Create a custom image of the full instance.
Once that completes deploy the custom image to a new instance.
Answer: A
Explanation: Since Boot Volume logs are filled and there is no space so we need the bigger boot
volume. Boot volume cannot be detached without bring down the compute instance so we need to
Stop the instance and create another instance with bigger boot volume. You can increase the size of
your boot volume using 3 options:
Expand the size of existing volume offline up to 32 TB.
Restore from a backup of volume to a larger size volume up to 32 TB.
Clone an existing volume to a larger size volume up to 32 TB.
Block Volume instance can be detached and attach to another instance without loss of data.
50. When terminating a compute instance, which statement is true?

A. The instance needs to be stopped first, and then terminated.
B. The boot volume is always deleted.
C. All block volumes attached to the instance are terminated.
D. Users can preserve the boot volume associated with the instance
Answer: D
Explanation: A is wrong because we can directly terminate it without stopping the instance B is wrong
because we can preserve it while terminating C No we can preserve it while terminating D is Correct
and we can preserve the boot volume associated with the instance
51. Which five are the required parameters to launch an instance in Oracle Cloud Infrastructure?
A. Subnet
B. Availability Domain
C. Virtual Cloud Network
D. Host Name
E. Instance Shape
F. Image Operating System G. Private IP Address
Answer: A, B, C, E, F
Explanation: https://docs.cloud.oracle.com/iaas/Content/Compute/Concepts/computeov erview.htm
52 . A compute instance has one block volume attached in addition to its boot volume. A user wants to
attach this block volume to another running instance in the same Availability Domain. What step should
this user perform?
A. Stop both the first instance and the running instance to do this.
B. B. Detach the block volume from the first instance, and then attach it to the new instance.
C. C. Reboot the first instance, and only then attach this block volume to the new instance.
D. D. Terminate the first instance, and only then attach this block volume to the new instance.
Answer: B
Explanation: You cannot detach Boot volume from the running instance but Block volume can
be detached and attached to another instance. We don’t need to reboot or terminate the
instance for the same. Remember any application related Data on Block volume is there and you
remove the block volume might affect the application but instance point of view will remain up
53 . What is the difference between VM Standard and VM Dense I0 shapes? Choose one:
A. VM Dense I0 will provide NVMe drivers and VM Standard will provide block Storage only.
B. VM Standard has more memory than VM Dense I0.
C. VM Dense I0 will perform worse than VM Standard.
D. VM Standard is ideal for extreme transactional workload while VM Dense I0 is not.
Answer: A
Explanation: https://cloud.oracle.com/compute/virtual-machine/features
54. What are the two types of compute instances offered with Oracle Cloud Infrastructure? (Choose
two.)
A. SPARC
B. Virtual Machine
C. Dedicate Compute
D. Bare Metal
E. Ravello
Answer: B, D
Explanation: Oracle provide VM and BM instances under Compute Service. These are OEL based
Instances.
Bare Metal Instances - A bare metal instance is a physical server that is fully dedicated to you. It helps
address compliance requirements and saves money by leveraging server licenses you already own,
subject to your existing licensing terms. It provides uncompromising raw performance and includes
instances with the latest generation NVMe SSDs. These instances offer over a million IOPS and are ideal
for running any IO-intensive application or big data workload.
Bare metal compute instances run only the software you choose, providing you with complete control.
There is no Oracle-applied software on your instance.
Virtual Machine (VM) Instances - A VM compute instance is an isolated operating system environment
on a multi-tenant host.
You can provision VM and bare metal instances in your Virtual Cloud Network side-by-side and manage
them using the same console and API.
55. Within your tenancy you have a compute instance with a boot volume and a block volume attached.
The boot volume contains the OS and the attached block volume contains the instance's important data.
Logs on the boot volume have filled the boot volume and are causing issues with the OS. What should
you do to resolve this situation?
A. Stop the instance that is full. Create a manual backup of the block storage before making changes.
Detach the block volume, create a new instance of the same shape with a larger custom boot volume
and attach the block volume to the new instance. Configure the OS and any related application(s) to
access the block volume under the same mount point as before.
B. Create a new instance with a larger boot volume size as well a new block volume which is the same
size or larger than the one attached to the full instance. Rsync the state of the boot volume and the
state of the block volume between the two instances.
C. Detach the block volume from the full instance. Create a new instance of the same shape with a larger
boot volume and rsync the state of the boot volume between the instances. Attach the block volume to
the new instance.
D. Create a manual backup of the block storage instance. Create a custom image of the full instance.
Once that completes deploy the custom image to a new instance.
Answer: A
Explanation: Since Boot Volume logs are filled and there is no space so we need the bigger boot
volume. Boot volume cannot be detached without bring down the compute instance so we need to
Stop the instance and create another instance with bigger boot volume. You can increase the size of
your boot volume using 3 options:
Expand the size of existing volume offline up to 32 TB.
Restore from a backup of volume to a larger size volume up to 32 TB.
Clone an existing volume to a larger size volume up to 32 TB.
Block Volume instance can be detached and attach to another instance without loss of data.
56. When terminating a compute instance, which statement is true?
A. The instance needs to be stopped first, and then terminated.

B. The boot volume is always deleted.
C. All block volumes attached to the instance are terminated.
D. Users can preserve the boot volume associated with the instance
Answer: D
Explanation: A is wrong because we can directly terminate it without stopping the instance B is wrong
because we can preserve it while terminating C No we can preserve it while terminating D is Correct
and we can preserve the boot volume associated with the instance
57. What is a valid option when exporting a custom image?
A. object storage URL

B. archive storage URL
C. file storage service
D. block volume
Answer: A
Explanation: Custom images are by default stored on object storage when exported.

Reference: https://docs.cloud.oracle.com/iaas/Content/Compute/Tasks/imageimportex port.htm
58 . Which two statements are true about adding secondary VNICs to an existing compute instance?
A. The primary and secondary VNIC association must be in the same availability domain
B. B. You can assign an Ephemeral Public IP to a secondary VNIC
C. C. You can remove the primary VNIC after the secondary VNIC’s attachment is complete
D. D. The primary and secondary VNIC association can be in different virtual cloud networks
(VCNs)
Answer: A, D
Explanation:
B is wrong because Ephemeral public IP can be assigned only to VNIC primary private IP only and not to
secondary VNIC
C is wrong as we cannot remove Primary VNIC
D is wrong as all the VNICs must be in the same availability domain as the VCN

Reference: https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/managingpublic IPs.htm?
Highlight=Ephemeral%20Public%20IP
Https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/managingVNIC s.htm
59. You currently manage an e-commerce application that utilizes 25 identical compute resources to
handle customer traffic. The stakeholders have asked you to create another 25 identical compute
resources in order to deploy and test a new version of the software? What is the most efficient process
to create 25 additional compute resources that are identical to the first 25?
A. Create a custom image from 1 of the 25 servers. Use this custom image to provision 25 more
servers
B. B. Create a manual backup of each boot volume belonging to the 25 servers. Restore each
backup to create 25 new boot volumes, from which you will provision 25 more servers
C. C. Provision a new server and configure it to be identical to the first 25. Create a custom image
from the new server, then use the custom image to provision 24 more servers
D. D. Clone the boot volume of 1 of the 25 servers. Use the boot volume clone to provision 25
more Servers
Answer: A
Explanation: B, C, & D are wrong because these are not efficient way as because it will take time, A is
write because creating custom image is one-time activity and you just need to select that image every
time you are creating new instance
60 . You have an application running on Oracle Cloud Infrastructure. You identified that the read and
write operations are slowing your application down enough to impair user access. The application is
currently using a VM.Standard1.2 compute without any block storage attached to it. Which two options
allow you to increase disk performance?
A. Terminate the compute instance preserving the boot volume. Create a new compute instance a VM
Dense IO shape using the boot volume preserved.
B. Terminate the compute instance preserving the boot volume. Create a new compute instance using a
VM Standard shape and attach a new block volume to host your application.
C. Create a backup of the boot volume. Create a new compute instance using a VM Dense IO shape and
restore the backup.
D. Terminate the compute instance and create a backup of the boot volume. Create a new compute
instance using a VM Dense IO shape and restore the backup

Answer. A, C
Explanation: A is correct as using VM Dense IO Shape will improve the disk performance B is wrong as
standard shape does not improve the performance. we have to use Dense I/O C is correct as we create
instance using boot volume. D is wrong, as we don’t have any option to restore the backup
61. You have multiple applications installed on a compute instance and these applications generate a
large amount of log files. These log files must reside on the boot volume for a minimum of 15 days and
must be retained for at least 60 days. The 60-day retention requirement is causing an issue with
available disk space. What are the two recommended methods to provide additional boot volume space
for this compute instance?
A. Terminate the instance while preserving the boot volume. Create a new instance from the boot
volume and select a Dense IO shape to take advantage of local NVMe storage.
B. Create an object storage bucket and use a script that runs daily to move log files older than 15 days to
the bucket.
C. Create and attach a block volume to the compute instance and copy the log files.
D. Create a custom image and launch a new compute instance with a larger boot volume size.
E. Write a custom script to remove the log files on a daily basis and free up the space on the boot
volume.
Answer: B, D
Explanation: A is wrong as using local NVMe doesn't help in increasing storage space, it is just for high
performance B and D as they both will fulfill the requirement of keeping 15 days day and then moved.
Object storage is basically infinite storage so space will not be an issue C is not correct because only
copying is not the solution as we need to retain 15days file as per the scenario E is wrong because Log
file should reside a minimum of 15 days in boot volume and should be retained at least 60 days
62. Which two are a valid image source when launching a new compute instance?
A. bare metal instance

B. B. object storage
C. C. custom image
D. D. boot volume
Answer: C, D
Reference: https://docs.cloud.oracle.com/iaas/tools/oci-
cli/latest/oci_cli_docs/cmdref/compute/instance/ launch.html
63. Your Operations team has recently created a new, standard image that will be used to launch all new
application servers in the Finance compartment. The custom image currently exists in the Operations
compartment. You have access to manage all-resources in the Finance compartment and do not have
access to the Operations compartment. Which two methods would make the new image available for
you to use when deploying new servers in the Finance compartment?
A. Instruct the Operations team to reassign the custom image to the Finance compartment so you
can select it from a drop-down list when launching new compute resources.
B. Instruct the Operations team to export the image to an object storage bucket, create a pre-
authenticated request (PAR), and provide you with the URL. Download the custom image to your laptop
and import it as a custom image in the Finance compartment.
C. Instruct the Administrators team to grant you access to use instanceimages in the Operations
compartment. Use the Oracle Cloud Identifier (OCID) of the custom image when launching new compute
resources in the Finance compartment.
D. Instruct the Operations team to export the image to an object storage bucket, create a PAR, and
provide you with the URL. Use that URL as
the source when importing a custom image. Import the custom image into the Finance compartment. E.
Instruct the Operations team to export the image to an object storage bucket. Instruct the
Administrators team to grant you access to the object storage bucket where the custom image is stored.
Use the download URL of the custom image as the image source when launching new compute
resources in the Finance compartment

Answer: C, D
Explanation: No re-assign is possible. We can give access to the resource. B is wrong because there is
no option for download the image to laptop. C is correct as with OCI you can install. D is correct as with
the PAR URL you can create image. We can select PAR URL as a source of the Image. E is wrong as there
is no Download URL.
64. You deployed a web server in Oracle Cloud Infrastructure using an ephemeral public IP. After a few
changes in your web server configuration, you rebooted the server and a new public IP was associated
to your instance. What should you do to prevent this from happening again?
A. Create a reserved public IP and associate it with the security list that your complete instance is using
B. Create a reserved public IP and associate it with the subnet of your compute instance
C. Create a reserved public IP and associate it with the VNIC of your compute instance
D. Create a reserved public IP and associate it with the hosts file of your web server
Answer. C
Explanation: A B, & D are wrong as reserved public can be associate only with VNIC of the instance
Reference: https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/managingpublic IPs.htm?

Highlight=ephemeral%20public%20IP#console-reserved
https://cloud.oracle.com/en_US/networking/vcn/faq#ip
65. Which two resources are available by default when your Oracle Cloud Infrastructure tenancy is
provisioned?
A. A variety of shapes, where each shape determines the number of CPUs and memory allocated to an
instance
B. A range of public IP addresses that are reserved for your tenancy
C. An NVMe SSD boot disk for each instance, whose size is determined by the image and shape of the
instance
D. A set of images, where each image is a template of a virtual hard drive that consists of the OS and
installed software and applications
Answer: A, D
Explanation: Tenancy once created all the OCI resources are allocated to it. Basically, to home region if
to be more specific. We have got option to select from variety of shapes and that is option 1. Also, we
have Oracle preconfigured images which are available various flavours of Linux and windows. So, option
4 says that. There are no IP which are reserved so 2 is wrong. And NVMe is not available for all instances
type so 3 will not make sense here.
66. Which statement is true about cloning a volume?
A. You need to detach a volume before cloning from it.

B. A cloned volume is the same as a snapshot that has a dependency on the source volume.
C. You cannot change the block volume size when cloning a volume.
D. You can create a clone for a volume across regions.
Answer: C
Earlier C was Correct but as per the new changes nothing is correct for this question
Explanation: FOR NEW FORMAT The clone happens via a point-in-time direct disk-to-disk deep copy of
the source volume, and there is no need to detach a volume before cloning it. C is not the option as
now we can change the size during cloning. Block volumes are AD-local and reside in the region they
are created in. You can clone volumes only within the same AD of the region that they exist. This
question is of the old format exam.
67. Which statement is true about restoring a block volume from block volume backups?
A. It can be restored as new volumes to any Availability Domain within the same region.
B. It must be restored as new volumes to the same Availability Domain on which the original block
volume backup resides.
C. It can be restored as new volumes to any Availability Domain across different regions.
D. It can be restored as new volumes with different sizes from the backups.
Answer: A, C, D
Explanation: As of Nov -2018 Block volume backups can be m+oved across regions. A backup can be
restored to any Availability Domain within the same region it is stored, and is the recommended method
for efficiently moving data. You can use the cross-region backup copy feature to copy your existing block
volume backups to another region that you have access. You can restore from your backup to a larger
volume up to the currently supported maximum 32 TB volume size.
68. Which two statements are true about the Oracle Cloud Infrastructure Object Storage Service?
A. Data is stored redundantly across multiple storage servers across multiple Availability Domains.
B. B. It can be directly attached to or detached from a compute Instance.
C. C. It provides strong consistency.
D. D. It provides higher IOPS than Block Storage.
E. E. Data is stored redundantly only in one Availability Domain.
Answer: A, C
Explanation:
A. Data is stored redundantly across multiple storage servers across multiple Availability Domains. B.
We can only attached & Detached Block Volume & File Storage Service from a compute Instance D. IOPS
of Block Storage is higher as compared to Object Storage E. Data is stored redundantly across multiple
storage servers across multiple Availability Domains
https://docs.cloud.oracle.com/iaas/Content/Object/Concepts/objectst orageoverview.htm
https://cloud.oracle.com/en_US/storage/object-storage/faq
69 . Which statement is true about Oracle Cloud infrastructure Object Storage Service?
A. An Archive Object Storage tier bucket can be upgraded to the Standard Object Storage tier.
B. You cannot directly download an object from an Archive Object Storage bucket.
C. An existing Standard Object Storage tier bucket can be downgraded to the Archive Object Storage
tier.
D. Data retrieval in Archive Object Storage is instantaneous.

Answer: B
Explanation: Data Retrieval from Archive Storage is minimum 4 hours. We cannot change the type of
Object storage once created.
70. Which statement is true about a pre-authenticated request in Oracle Cloud Infrastructure Object
Storage?
A. You can create only 1.000 pre-authenticated requests per bucket.

B. You can create a pre-authenticated request only for public buckets.
C. You cannot retire a pre-authenticated request before it expires.
D. You cannot extend the expiration date on a pre-authenticated request.
Answer: D
Explanation: You can't edit a pre-authenticated request. If you want to change user access options in
response to changing requirements, you need to create a new pre-authenticated request. You can
retire access by deleting the Pre-Authenticated URL but cannot extend. There is no limit on the number
of PARs that can be created on a bucket or object.

Oci Q&a

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Oci Q&a

Uploaded by

Copyright:

Available Formats

1.

A. Oracle Cloud at Customer

Answer: A & B

2. Which two actions can you perform in Oracle Cloud Infrastructure?

A. Create Oracle Mobile Cloud Service Instances.

A. Oracle Cloud Infrastructure Desktop Client

4. Which two statements about fault domains are true?

6. Which two resources are availability domain constructs?

Answer: C & D

Answer: B, C, E

A. mytenancy.oc.ocid is a valid OCID.

Answer: A, B, D Explanation:

12. Where is the tenancy Oracle Cloud Identifier (OCID) located?

A. Given by Support on Account Creation

15. How can you provide users access to an existing compartment?

16. In OCI, a policy is defined in IAM which can be(Two).

Reference: https://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/usercredenti als.htm

18. Which two statements are true about policies?

20 . Which two statements are true about subnets within a VCN?

Answer: A & D

Answer: A, B, D Explanation:

12. Where is the tenancy Oracle Cloud Identifier (OCID) located?

A. Given by Support on Account Creation

15. How can you provide users access to an existing compartment?

16. In OCI, a policy is defined in IAM which can be(Two).

Reference: https://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/usercredenti als.htm

18. Which two statements are true about policies?

20 . Which two statements are true about subnets within a VCN?

Answer: A & D

Answer: A, B, D Explanation:

12. Where is the tenancy Oracle Cloud Identifier (OCID) located?

A. Given by Support on Account Creation

15. How can you provide users access to an existing compartment?

16. In OCI, a policy is defined in IAM which can be(Two).

Reference: https://docs.cloud.oracle.com/iaas/Content/Identity/Concepts/usercredenti als.htm

18. Which two statements are true about policies?

20 . Which two statements are true about subnets within a VCN?

Answer: A & D

A. Internet Gateway (IGW)

Explanation: D is the Answer.

A is not correct as when we create a VCN, Default Security List is created.

C is wrong as we don’t need License while connecting to windows instance

A.There is no Dynamic Routing Gateway (DRG) associated with the VCN.

Answer: B and D

Explanation: As per FAQ https://cloud.oracle.com/en_US/bare-metalnetwork/vcn/faq

A. /16 B. /26 C. /24 D. /8

Explanation: under FAQ https://cloud.oracle.com/en_US/bare-metalnetwork/vcn/faq

Answer: B & D

Explanation: As per FAQ https://cloud.oracle.com/en_US/bare-metal-network/vcn/faq

32.Which resource is tied to an Availability Domain?

Answer: A Explanation: https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/settingupIPsec.

35.What is the main purpose of the Internet Gateway (IG)?

A. VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16)

Answer: C & D

Explanation: https://docs.cloud.oracle.com/iaas/Content/Compute/Concepts/computeov erview.htm

50. When terminating a compute instance, which statement is true?

Explanation: https://docs.cloud.oracle.com/iaas/Content/Compute/Concepts/computeov erview.htm

56. When terminating a compute instance, which statement is true?

A. The instance needs to be stopped first, and then terminated.

57. What is a valid option when exporting a custom image?

A. object storage URL

A. bare metal instance