1z0-1072 Oracle Cloud0AInfrastructure 2019architect Associate - 3 August 2020 - Compressed

Oracle
Oracle Cloud
Infrastructure 2019
Architect Associate
Version: 6.0
Web: www.dumpscollection.com [ Total Questions: 66]
Email: support@dumpscollection.com
IMPORTANT NOTICE
Feedback
We have developed quality product and state-of-art service to ensure our customers interest. If you have any
suggestions, please feel free to contact us at feedback @dumpscollection.com
Support
If you have any questions about our product, please provide the following items:
© exam code
© screenshot of the question
© login id/email
please contact us at support@dumpscollection.com and our technical experts will provide support within 24 hours.
Copyright
The product of each order has its own encryption code, so you should use it independently. Any unauthorized
changes will inflict legal punishment. We reserve the right of final explanation for this statement.
Dumps Q&A Oracle - 1z0-1072
Which two use Oracle dynamic routing gateway (DRG) for connectivity? (Choose two.)
A. Remote virtual cloud network (VCN) peering across region
B. Oracle IPsec VPN
C. Local VCN peering
D. Oracle Cloud Infrastructure FastConnect public peering
Answer: A B
What is a valid option when exporting a custom image?
A. object storage URL
B. archive storage URL
C. file storage service
D. block volume
Answer: A
Which three load-balancing policies can be used with a backend set? (Choose three.)
A. throughput
B. IP hash
C. weighted round robin
D. CPU utilization
E. least connections
Answer: B CE
You are designing a lab exercise for your team that has a large number of graphics with large file sizes. The
application becomes unresponsive if the graphics are embedded in the application. You have uploaded the
graphics to Oracle Cloud Infrastructure and only added the URL in the application. You need to ensure these
graphics are accessible without requiring any authentication for an extended period of time.
Success Guaranteed, 100% Valid

How can you achieve these requirements?
A. Create pre-authenticated requests (PAR) and specify 00:00:0000 as the expiration time.
B. Make the object storage bucket private and all objects public and use the URL found in the Object
“Details”.
C. Make the object storage bucket public and use the URL found in the Object “Details”.
D. Create PARs and do not specify an expiration date.
Answer: C
You are designing a two-tier web application in Oracle Cloud Infrastructure (OCI). Your clients want to access
the web servers from anywhere, but want to prevent access to the database servers from the Internet.
Which is the recommended way to design the network architecture?
A. Create public subnets for web servers and private subnets for database servers in your virtual cloud
network (VCN), and associate separate internet gateways for each subnet.
B. Create a public subnet for web servers and associate a dynamic routing gateway with that subnet, and a
private subnet for database servers with no association to dynamic routing gateway.
C. Create public subnets for web servers and private subnets for database servers in your VCN, and
associate separate security lists and route tables for each subnet.
D. Create a single public subnet for your web servers and database servers, and associate only your web
servers to internet gateway.
Answer: D
Which statement is true about Oracle Cloud Infrastructure FastConnect?
A. For private peering, FastConnect extends your existing infrastructure to allow you to consume object
storage from your on-premises data center
B. For private peering, FastConnect extends your existing infrastructure to a virtual cloud network
C. The FastConnect provider network offers only 1 Gbps port connection speed increments
D. For public peering, a dynamic routing gateway must be configured and attached to the virtual cloud
network (VCN)

Answer: B
You have provisioned an Autonomous Transaction Processing (ATP) database and logged into the ATP
service console.
What are three abilities that can be performed from this service console? (Choose three.)
A. scale up/down the CPUs
B. create ATP database users
C. reset the admin password
D. set resource management rules
E. monitor database activity and SQL queries
Answer: A DE
Which two resources reside exclusively in a single availability domain?
A. compute instance
object storage
m
groups
uO4
block volume
Web Application Firewall Policy

m
Answer: A D
You have created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain
application servers and the third subnet contains a DB System. The application requires a shared file system so
you have provisioned one using the file storage service (FSS). You also created the corresponding mount
target in one of the application subnets. The VCN security lists are properly configured so that both
application servers and the DB System can access the file system. The security team determines that the DB
System should have read-only access to the file system.

What change would you make to satisfy this requirement?
A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of
the DB System subnet.
B. Connect via SSH to one of the application servers where the file system has been mounted. Use the Unix
command chmod to change permissions on the file system directory, allowing the database user
read-only access.
C. Modify the security list associated with the subnet where the mount target resides. Change the ingress
tules corresponding to the DB System subnet to be stateless.
D. Create an instance principal for the DB System. Write an Identity and Access Management (IAM)
policy that allows the instance principal read-only access to the file storage service.
Answer: C
You have multiple applications installed on a compute Instance and these applications generate a large amount
of log files. These log files must reside on the boot volume for a minimum of 15 days. Any files over 15 days
do not have to reside on boot volume but still must be retained for at least 60 days. The 60-day retention
requirement Is causing an Issue with available disk space. What are the two recommended methods to provide
additional boot volume space for this compute instance?
A. Terminate the instance while preserving the boot volume. Create a new instance from the boot volume
and select a DenseIO shape to take advantage of local NVMe storage.
B. Create an object storage bucket and use a script that runs daily to move log files older than 15 days to
the bucket.
C. Create and attach a block volume to the compute instance and copy the log files.
D. Create a custom image and launch a new compute instance with a larger boot volume size.
E. Write a custom script to remove the log files on a daily basis and free up the space on the boot volume.
Answer: B
Which two statements are true about the Oracle Cloud Infrastructure object storage service?
A. It provides strong consistency.
B. It provides higher LOPS than block storage.
C. It can be directly attached to or detached from a compute instance.

D. Data is stored redundantly across multiple availability domains (ADs) in a multi-AD region.
Answer: A D
A customer has launched a compute instance In the Virtual Cloud Network (VCN), which has an internet
gateway, a service gateway, a default security lists and a default route table. Customer has opened up Port 22
In the security lists attached to the compute Instance subnet, however is still unable to connect to compute
Instances using ssh.
Which option would remedy this situation?
A. Modify the route table associated with the VCN subnet in which the instance resides. Add a following
route to the route table.
Destination CIDB: 0.0.0.0/0 Target: Internet Gateway <"GM)
B. Modify the route table associated with the VCN subnet in which the instance resides. Add a following
Destination CIDP: 0.0.0.0/0
Target: Dynamic Routing Gateway (ORG)
C. Modify the security list associated with the VCN subnet In which the Instance resides. Add a stateful
egress rule to allow ichp traffic in addition to the port 22.
D. Modify the route table associated with the VCN subnet In which the Instance resides. Add a following
Destination CIDR: 0.0.0.0/0 Target: Service Gateway (SGW)
Answer:
When terminating a compute instance, which statement is true?
A. The instance needs to be stopped first, and then terminated.
B. The boot volume is always deleted.
C. All block volumes attached to the instance are terminated.
D. Users can preserve the boot volume associated with the instance.
Answer: D

What is true about data guard set up with fast-start failover (FSFO) in Oracle Cloud Infrastructure (OCT)?
A. The best practice for high availability and durability is to run the primary, standby, and observer in
separate availability domains (ADs).
B. When you configure data guard using OCI console, the default mode is set to maxprotection.
C. You cannot create the standby DB system in a different AD from the primary DB system.
D. You cannot use database command line interface (CLD to set up data guard with FSFO.
Answer: A
Which two statements ate true about restoring a block volume from a manual or policy based block volume
backup?
A. It can be restored as new volumes with different sizes from the backups
B. It can be restored as a new volume to any AD across different regions
C. It must be restored as a new volume to the same availability domain (AD) on which the original block
volume backup resides
D. It can be restored as a new volume to any AD in the same region
Answer: A C
Which two choices are true for Autonomous Data Warehouse (ADW)? (Choose two.)
A. Billing stops only when the ADW is terminated
B. Billing stops for both CPU usage and storage usage when ADW is stopped
C. Billing for compute stops when ADW is stopped
D. Billing for storage continues when ADW is stopped
Answer: C D
Which statement is true about Data Guard Implementation in DB systems?

A. Both DB systems must be in the same compartment, and they must be the same shape
B. You cannot manage Oracle database Initialization parameters at a global level.
C. You can define the backup window and set custom backup retention period for the automatic database
backup schedule.
D. You cannot manage the database as ays/sysdba.
Answer: A
Explanation
https://docs.cloud.oracle.com/en-us/iaas/Content/Database/Tasks/exausingdataguard.htm
Which two options are true for Autonomous Transaction Processing (ATP) database? (Choose two.)
A. You can add/remove Diskgroup in ATP
You can scale storage up or down in ATP

m
You can scale CPU up or down in ATP

uO4
You can add more Pluggable Databases for consolidating multiple databases in ATP
You can add new ORACLE

_ HOME for bringing older versions of on-premises databases to ATP
m
Answer: B D
You are an administrator with an application running on OCI. The company has a fleet of OCI compute virtual
instances behind an OCI Load Balancer. The OCI Load Balancer Backend Set health check API is providing a
‘Critical’ level warning. You have confirmed that your application is running healthy on the backend servers.
What is the possible reason for this ‘Critical’ warning?
A. A user does not have correct IAM credentials on the Backend Servers.
B. The Backend Server VCN’s Route Table does not include the route for OCI LB.
C. OCI Load Balancer Listener is not configured correctly.
D. The Backend Server VCN’s Security List does not include the IP range for the source of the health
check requests.

Answer: D
Which two statements about fault domains are true? (Choose two.)
A. A fault domain is a grouping of hardware and infrastructure within an availability domain
B. Each availability domain contains three fault domains
C. A failed instance in a fault domain is automatically relaunched
D. A fault domain is selected automatically based on usage data
Answer: A B
Which two are a valid image source when launching a new compute instance? (Choose two.)
A. bare metal instance
B. object storage
C. custom image
D. boot volume
Answer: A C
Which two statements are true about encryption on Oracle Cloud Infrastructure (OCT)?
A. By default, object storage and block storage are encrypted at rest.
B. A customer is responsible for data encryption in all services of OCI.
C. By default, DB Systems offers an encrypted database.
D. By default, NVMe drives are encrypted but the block volume service is not.
Answer: A C

You have hired a new employee to run reports from the Autonomous Data Warehouse (ADW) and are not
confident in their SQL writing ability. Into which consumer group will you assign this Individual to minimize
the impact of their code?
A. Low
B. Lowest
C. Medium
D. High
E. Highest
Answer: D
You want an Oracle Cloud Infrastructure (OCI) compute instance in your compartment to make API calls to
other services within OCI without storing credentials in a configuration file.
What do you need to do?
A. Create a dynamic group with appropriate matching rules to include the instance, and reference this
group in your IAM policy statement
B. Instances cannot access services outside their compartment
C. VM instances are treated as users. Create a user, assign the user to that VM instance, and reference the
instance in your Identity and Access Management (IAM) policy statement
D. By default, all VM instances are created with an instance principal. Reference this instance principal in
your IAM policy statement
Answer: D
Which two statements are true about adding secondary VNICs to an existing compute instance? (Choose two.)
A. The primary and secondary VNIC association must be in the same availability domain
B. You can assign an Ephemeral Public IP to a secondary VNIC
C. You can remove the primary VNIC after the secondary VNIC’s attachment is complete
D. The primary and secondary VNIC association can be in different virtual cloud networks (VCNs)
Answer: A B

You are a network architect and have designed the network infrastructure of a three-tier application on Oracle
Cloud Infrastructure (OCI). In the architecture, back-end DB servers are in a private subnet. One of your DB
administrators requests to have access to OCI object storage service.
How can you meet this requirement?
A. Create a service gateway, add a new route rule to the private subnet route table that uses storage as your
service gateway target type
B. Create a dynamic routing gateway (DRG) and attach it your virtual cloud network (VCN). Add a default
route rule to the private subnets route table and set the target as DRG
C. Attach a public IP address to the instances in the private subnet, and then add a new route rule to the
private subnet route table to route default traffic to the internet gateway
D. Add a new route rule to the private subnet route table to route default traffic to the internet gateway
Answer: A
You have five different company locations spread across the US. For a proof-of-concept (POC) you need to
setup secure and encrypted connectivity to your workloads running in a single virtual cloud network (VCN) in
the Oracle Cloud Infrastructure Ashburn region from all company locations.
What would meet this requirement?
A. Create five internet gateways in your VCN and have separate route table for each internet gateway.
B. Create five virtual circuits using FastConnect for each company location and terminate those
connections on a single dynamic routing gateway (DRG). Attach that DRG to your VCN.
C. Create five IPsec connections with each company location and terminate those connections on a single
DRG. Attach that DRG to your VCN.
D. Create five IPsec VPN connections with each company location and terminate those connections on five
separate DRGs. Attach those DRGs to your VCN.
Answer:
In what two ways does Oracle Cloud Infrastructure (OCI) file storage service differ from OCI object storage
and block volume services?
A. File storage mount target does not provide a private IP address, while the object storage bucket provides
Success Guaranteed, 100% Valid 10 of 25

one.
B. File Storage uses the network file system (NFS) protocol, whereas block volume uses ISCSI.
C. Block volume service is NVMe based, while file storage service is not.
D. You can move object storage buckets, block volumes and file storage mount targets between
compartments.
Answer: B D
You have an application deployed in Oracle Cloud Infrastructure running only in the Phoenix region. You
were asked to create a disaster recovery (DR) plan that will protect against the loss of critical data. The DR site
must be at least 500 miles from your primary site and data transfer between the two sites must not traverse the
public Internet.
Which is the recommended disaster recovery plan?
A. Create a new virtual cloud network (VCN) in the Phoenix region and create a subnet in one availability
domain (AD) that is not currently being used by your production systems. Establish VCN peering
between the production and DR sites.
B. Create a DR environment in Ashburn. Associate a DRG with the VCN in each region and create a
remote peering connection between the two VCNs.
C. Create a DR environment in Ashburn and provision a FastConnect virtual circuit using DRG between
the regions.
D. Create a DR environment in Ashburn. Associate a dynamic routing gateway (DRG) with the VCN in
each region and configure an IPsec VPN connection between the two regions.
Answer: A
You deployed a compute instance (VM.Standard2.16) to run a SQL database. After a few weeks, you need to
increase disk performance by using NVMe disks; the number of CPUs will not change. As a first step you
terminate the instance and preserve the boot volume.
What is the next step?
A. Create a new instance using a VM.DenseIO2.16 shape using the preserved boot volume and move the
SQL Database data to block volume
B. Create a new instance using a VM.DenseIO2.8 shape using the preserved boot volume and move the
SQL Database data to NVMe disks
Success Guaranteed, 100% Valid lane

C. Create a new instance using a VM.Standard1.16 shape using the preserved boot volume and move the
D. Create a new instance using a VM.DenseIO2.16 shape using the preserved boot volume move the SQL
Database data to NVMe disks
Answer: A
Your on-premises hosted application uses Oracle database server. Your database administrator must have
access to the database server for managing the application. Your database server is sized for seasonal peak
workloads, which results in high licensing costs. You want to move your application to Oracle Cloud
Infrastructure (OCI) to take advantage of CPU scaling options.
Which database offering on OCI would you select?
A. bare metal DB systems
B. VM DB systems
C. Autonomous Transactions Processing (ATP)
D. Autonomous Data Warehouse (ADW)
Answer: A
Which two options ate necessary for achieving high availability on Oracle Cloud Infrastructure?
A. Store your database across multiple regions so that half of the data resides in one region and the other
half resides in another region.
B. Attach your block volume form Availability Domain | to a compute instance in Availability Domain 2
(and vice versa) so that they are highly available.
C. Configure your database to have Data Guard in another Availability Domain in Sync mode within a
region.
D. Store your database files on Object Storage so that they are available in all Availability Domains in all
regions.
E. Distribute your application servers across all Availability Domains within a region.
Answer: B E
Success Guaranteed, 100% Valid ieee

Which statement is true regarding Autonomous Transaction Processing (ATP)?
A. A database name cannot be used concurrently for both an Autonomous Data Warehouse (ADW) and an
ATP database
B. After terminating a database, the database name is available for immediate reuse
C. A maximum of 8 cores can be enabled for an ATP database
D. A maximum of 2 TB of storage can be enabled for an ATP database
Answer: A
You need to create a high performance shared file system, and have been advised to use file storage service
(FSS). You have logged into the Oracle Cloud Infrastructure console, created a file system, and followed the
steps to mount the shared file system on your Linux instance. However, you are still unable to access the
shared file system from your Linux instance.
What is the likely reason for this?
A. There are no security list rules for mount target traffic
B. There is no internet gateway set up for mount target traffic
C. There is no Identity and Access Management (IAM) policy set up to allow you to access the mount
target
D. There is no route in your virtual cloud network’s (VCN) route table for mount target traffic
Answer: C
Which statement is true about Oracle Cloud Infrastructure (OCI) object storage support for server-side
encryption?
A. You must manually enable server-side encryption for each object as you upload to OCI object storage
B. Objects are automatically encrypted as they are uploaded to object storage and decrypted upon retrieval
C. You must manually decrypt the data when retrieving from OCI object storage
D. Only the object data is encrypted and the user-defined metadata that is associated with the object is not
encrypted
Success Guaranteed, 100% Valid leno

Answer: D
Where do you find the tnsnames.ora for your Autonomous Data Warehouse (ADW) database?
A. You can download tnsnames.ora from Oracle Cloud Infrastructure web console under ADW details page
B. The tnsnames.ora file is included in credentials.zip file that you download from service console of ADW
C. The ADW database will place the tnsnames.ora file in an object storage bucket
D. You are automatically prompted to download the tnsnames.ora file upon creation of the ADW database
r:
>
=]
Which two actions will occur when a back-end server that is registered with a backend set is marked to drain
connections? (Choose two.)
A. It disallows new connections to that backend server.
B. It keeps the connections to that instance open and attempts to complete any in-flight requests.
C. It redirects the requests to a user-defined error page.
D. It immediately closes all existing connections to that instance.
E. It forcibly closes all connections to that instance after a timeout period.
Answer: A D
Your company has been running several small applications in Oracle Cloud Infrastructure and is planning a
proof of concept (POC) to deploy PeopleSoft. If your existing resources are being maintained In the root
compartment, what is the recommended approach for defining security for the upcoming POC?
A. Create a new tenancy tor the POC. Provision all new resources Into the root compartment. Grant
appropriate permissions to create and manage resources within the root compartment.
B. Provision all new resources Into the root compartment. Grant permissions that only allow for creation
and management of resources specific to the POC.
C. Create a new compartment for the POC and grant appropriate permissions to create and manage
resources within the compartment.

D. Provision all new resources into the root compartment. Use defined tags to separate resources that
belong to different applications.
Answer: A
You are about to deploy an e-business application on Oracle Cloud Infrastructure and one of the requirements
is to use a shared file system that supports the NFS protocol.
Which storage service would meet this requirement?
A. object storage
B. block volume
C. data transfer appliance
D. file storage
Answer: D
You have been tasked with creating one virtual cloud network (VCN) each for two line of business (LOB)
applications. LOB A and LOB B will need to communicate with each other. To ensure that you can utilize
VCN peering, which network CIDR ranges should be used?
A. VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16)
B. VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25)
C. VCN A (10.0.0.0/16) and VCN B (10.0.16.0/24)
D. VCN A (172.16.0.0/24) and VCN B (172.16.0.0/28)
Answer: A
Which two options are available when setting up DNS for your bare metal and virtual machine DB Systems?
(Choose two.)
A. Internet and custom resolver
B. Google DNS servers
Success Guaranteed, 100% Valid iene

C. custom resolver
D. Internet and virtual cloud network (VCN) resolver
Answer: C D
Which two statements are true about DB Systems in Oracle Cloud Infrastructure? (Choose two.)
A. Customers can consolidate multiple database homes on a single virtual machine database host.
B. Customers have no control over database patching.
C. Customers can manage the TDE Wallet after DB Systems are provisioned.
D. The database and backups are encrypted by default.
Answer: C D
You have one database style application that frequently makes many random reads and writes across the
dataset Which storage offering supports this application?
A. block volume service
B. file storage service
C. object storage service
D. archive storage service
Answer: A
You are deploying a highly available web application in Oracle Cloud Infrastructure and have decided to use a
public load balancer. The back end web servers will be distributed across all three availability domains (ADS).
How many subnets should you create to deliver a secure, highly available application?
A. two subnets in total; one regional private subnet to host your back-end web servers and one regional
public subnet to host your public load load balancer.
B. three subnets in total; one regional public subnet to host your back-end web servers and two AD specific
private subnets to host your private load toad balancer.
C. one subnet In total; one regional private subnet to host your back-end web servers and your public load

balancer.
D. two subnets in total; one regional public subnet to host your back-end web servers and one regional
private subnet to host your public load load balancer.
Answer: B
You are running a mission-critical database application in Oracle Cloud Infrastructure (OCI). You take regular
backups of your DB system to OCI object storage. Recently, you notice a failed database backup status in the
console.
What two steps can you take to determine the cause of the backup failure? (Choose two.)
A. Ensure the database archiving mode is set to NOARCHIVELOG
B. Ensure that your database host can connect to the OCI object storage
C. Restart the dcsagent program if it has a status of stop or waiting
D. Make sure that the database is not active and running while the backup is in progress
Answer: A C
Which two statements are true about an Oracle Cloud Infrastructure object storage bucket? (Choose two.)
A. You can associate a bucket with multiple compartments
B. You cannot change a bucket from private to public after it is created
C. You can associate a bucket with only a single compartment
D. You cannot edit or append data to an object, but you can replace the entire object
Answer: C D
You have an application running on Oracle Cloud Infrastructure. You identified that the read and write
operations are slowing your application down enough to impair user access. The application is currently using
a VM.Standard1.2 compute without any block storage attached to it.
Which two options allow you to increase disk performance? (Choose two.)
Success Guaranteed, 100% Valid wae

A. Terminate the compute instance preserving the boot volume. Create a new compute instance using a VM
Dense IO shape using the boot volume preserved.
B. Terminate the compute instance preserving the boot volume. Create a new compute instance using a VM
Standard shape and attach a new block volume to host your application.
C. Create a backup of the boot volume. Create a new compute instance using a VM Dense IO shape and
restore the backup.
D. Terminate the compute instance and create a backup of the boot volume. Create a new compute instance
using a VM Dense IO shape and restore the backup.
Answer: BC
You are designing a networking infrastructure in multiple Oracle Cloud Infrastructure regions and require
connectivity between workloads in each region. You have created a dynamic routing gateway (ORG) and a
remote peering connection. However, your workloads are unable to communicate with each other. What are
two reasons for this?
A. The security lists associated with subnets in each virtual cloud network (VCN) do not have the
appropriate ingress rules
Identity and Access Management (IAM) policies have not been defined to allow connectivity across the
two VCNs in different regions
A local peering gateway needs to be created in each VCN with a default route rule added in the route
table forwarding the traffic to the local peering gateway
An Internet gateway needs to be created in each VCN with a default route rule added in the route table
forwarding the traffic to the Internet Gateway
The route table associated with subnets in each VCN do not have a route rule defined to forward the
traffic to their respective DRGs
Answer: A E
As the Cloud Architect for your company, you have been tasked with designing a high performance (HPC)
cluster in Oracle Cloud Infrastructure (OCD. The following requirements have been defined:
© The cluster must be a minimum of three nodes, but may increase to six nodes when demand requires.
© The cluster must be resilient to any potential infrastructure failures.

© To minimize latency, all nodes must be deployed within the same availability domain (AD).
© Adding or replacing nodes within the cluster should take no more than 30 minutes.
Which two steps should be performed to satisfy these requirements in OCI? (Choose two.)
A. Deploy the cluster in a single AD with a shared file system that leverages the file storage service (FSS).
Deploy a standby cluster in another AD and configure it to use the same shared file system.
Deploy the cluster in a single AD. Place each of the nodes in one of the three different fault domains in
that AD.
Create a backup of your HPC node compute instance boot volume. Launch new compute instances
directly from the backup reduce provisioning time.
Create a custom image of your HPC node compute instance. Launch new compute instances using this
image to reduce provisioning time.
Deploy the cluster in a single AD. Place each of the nodes in a different virtual cloud network (VCN)
subnet.
Answer: A D
You must implement a backup solution for your Autonomous Data Warehouse (ADW) that will enable you to
restore data as old as one year with a recovery point objective (RPO) of 10 days.
Which database backup strategy would you select?
A. Take weekly manual backups to supplement the automated backups and preserve them for 12 months.
B. Use the automated backups.
C. Take monthly manual backups to supplement the automated backups and preserve them for 12 months.
D. Take quarterly manual backups to supplement the automated backups and preserve them for 12 months.
Answer: A
You have been notified of an application failure indicating that one or more of the Oracle Cloud Infrastructure
(OC1) resources have become unavailable. After scanning the Compute and Database consoles, you notice that
one of the DD Systems is missing.
What would you do to identify the reason for this missing resource?

A. Navigate to the Audit console and search the previous 24 hours for all Delete actions to get a list of any
resource that was deleted in the past 24 hours.
B. Create a serial console connection to the DB System that does not appear in the management console.
Connect to the serial console connection, and then review the system logs under /var/log/messages.
C. View the service limits associated with your account to ensure that you have not exceeded the allowable
number of DB Systems in your tenancy.
D. Navigate to the Audit console and search the previous 24 hours for all List actions to get a list of every
event that occurred in the past 24 hours.
Answer: D
Which two statements about file storage service (FSS) are accurate? (Choose two.)
A. FSS leverages UNIX user group and permission checking for file access security
B. Encryption of file system in FSS is optional
C. Identity and Access Management (IAM) controls which file systems are mountable by which instances
D. Security lists can be used as a virtual firewall to prevent an instance from mounting an FSS mount target
within the same subnet
E. Data in transit to an FSS mount target is encrypted
Answer: A D
How can you provide users access to an existing compartment?
A. by granting users access to a compartment when the compartment is created
B. by adding users to a group and defining a policy to provide the group access to the compartment
C. by adding users to a compartment; all users in the compartment will have access to the objects in the
compartment.
D. by granting access directly to the user when the user is created
Answer: B
Success Guaranteed, 100% Valid nw:7a,

Which service would you use if your big data workload required shared access and NFS-based connectivity?
A. block volume
B. archive storage
C. object storage
D. file storage
Answer: D
Your company has decided to move a few applications to Oracle Cloud Infrastructure (OCT) and you have
been asked to design a cloud-based disaster recovery (DR) solution. One of the requirements is to deploy the
DR resources at least 300 miles from the home OCI region and minimize the network latency.
What will be the recommended deployment?
A. Deploy production and DR applications in the same VCN. Create production subnets in one AD, and
DR subnets in another AD.
B. Deploy production and DR applications in two separate VCNs in different availability domains (ADs)
within your home region, and then use a VCN remote peering connection for connectivity.
C. Deploy production and DR applications in two separate VCNs, each in different regions. Connect them
using a VCN remote peering connection.
D. Deploy production and DR applications in two separate virtual cloud networks (VCNs), each in different
regions, and then use VCN local peering gateways for connectivity.
Answer: B
Which two statements are true about an Oracle Cloud Infrastructure (OCI) virtual cloud network (VCN)?
A. A VCN creates the dynamic routing gateway by default.
B. A VCN can reside In multiple OCI regions and availability domains.
C. AVCN covers a single, contiguous IPv4 CIDR block of your choice.
D. The allowable VCN size range is:/16 to /30
Success Guaranteed, 100% Valid Dee

Answer: C D
You have an Oracle Cloud Infrastructure (OCD) load balancer distributing traffic via an evenly-weighted round
robin policy to your backend web servers. You notice that one of your web servers is receiving more traffic
than other web servers.
How can you resolve this imbalance?
A. Check security lists and route tables of your virtual cloud network (VCN) and fix any issues associated
with the rules
B. Create separate listeners for each backend web server
C. Delete and re-create your OCI load balancer
D. Disable session persistence on your backend set
Answer: A
You are managing a tier-1 OLTP application on an Autonomous Transaction Processing (ATP) database. Your
business needs to run hourly batch processes on this ATP database that may consume more CPUs than what is
available on the server.
How can you limit these batch processes to not interfere with the OLTP transactions?
A. Copy OLTP data into new tables in a new table space and run batch processes against these new tables
B. ATP is designed for OLTP workload only; you should not run batch processes on ATP
C. Disable automated backup during the batch process operations
D. Configure ATP resource management rules to manage runtime and IO consumption for the consumer
group of batch processes
Answer: D
Your organization has deployed a large, complex application across multiple compute instances in Oracle
Cloud Infrastructure (OCI). These compute instances also have block volume storage attached to them. You
want to create a time consistent backup of this block volume storage.
Which implementation strategy should be used?
A. Create a manual backup of each volume

i)
i)
an
N
=Oo
B. Use scripts available in OCI to backup block volume storage
C. Group volumes in a volume group first and then use available scripts in OCI
D. Group volumes in a volume group and create a manual backup of the volume group
A B
.
Which two Oracle Cloud Infrastructure database services allow you to dynamically scale CPU and storage?
(Choose two.)
A. bare metal DB system
B. virtual machine DB system
C. Autonomous Data Warehouse (ADW)
D. Autonomous Transaction Processing (ATP)
Answer: A B
You are about to upload a large log file (5 TiB size) to Oracle Cloud Infrastructure object storage and have
decided to use multipart upload capability for a more efficient and resilient upload.
Which two statements are true about multipart upload? (Choose two.)
A. Individual object parts can be as small as 10 MiB or as large as 50 GiB
B. While a multipart upload is still active, you cannot add parts even if the total number of parts is less than
10,000
C. The maximum size for an uploaded object is 10 TiB
D. You do not have to commit the upload after you have uploaded all the object parts
Answer: A C
You have successfully configured identity federation between Oracle Cloud Infrastructure (OCT) and Oracle
Identity Cloud Services (IDCS). A new project manager wants access to OCI for her team and provides the
name of an existing group within IDCS to use when granting access.
How do you configure federation to allow the project team access to OCI resources?
A. Create a new IAM group in OCI and map it to the existing IDCS group. Create a new policy in IDCS
Success Guaranteed, 100% Valid DeTee

and reference the name of the IAM group.
B. Create a new Identity and Access Management (IAM) policy in OCI and reference the name of the
IDCS group in each policy statement.
C. Create a new compartment in OCI with the same name as the existing IDCS group. Create an IAM
policy that references the new compartment and the name of the IDCS group.
D. Create a new IAM group in OCI and map it to the existing IDCS group. Create a new IAM policy and
reference the name of the IAM group in each policy statement.
Answer: D
Your application front end consists of several Oracle Cloud Infrastructure compute instances behind a load
balancer. You have configured the load balancer to perform health checks on these instances.
If an instance fails to pass the configured health checks, what will happen?
A. The instance is replaced automatically by the load balancer.
B. The instance is terminated automatically by the load balancer.
C. The instance is taken out of the back end set by the load balancer.
D. The load balancer stops sending traffic to that instance.
Answer: D
You have created a public subnet in a VCN, and your public subnet has a Route Table, a Security List, and an
Internet Gateway. However, none of the compute instances can connect to the Internet.
Which two are possible reasons for the connectivity issue? (Choose two.)
A. There is no Dynamic Routing Gateway (DRG) associated with the VCN.
B. The Route Table has no default route for routing traffic to the Internet Gateway.
C. There is no stateful ingress rule in the Security List associated with the public subnet.
D. There is no stateful egress rule in the Security List associated with the public subnet.
Answer: A C
Success Guaranteed, 100% Valid IA of 25

A company currently uses Microsoft Active Directory as its identity provider. The company recently
purchased Oracle Cloud Infrastructure (OCD) to leverage the cloud platform for its test and development
operations. As the administrator, you are now tasked with giving access only to developers so that they can
start creating resources in their OCI accounts.
Which step will you perform to achieve this requirement?
A. Create a group for developers on OCI and map the group to a similar group in Microsoft Active
Directory during the federation process.
B. Federate all Microsoft Active Directory groups with OCI to allow users to use their existing credentials.
C. Create a new user account for each user, and then create policies to provide access to developers.
D. Create a group for developers on OCI, export all the developers from Microsoft Active Directory, and
then import them into the Identity and Access Management (IAM) group.
Answer: B
You are designing a high bandwidth, redundant connection between your data center and Oracle Cloud
Infrastructure (OCI). While researching for OCI FastConnect locations, you notice that you are co-located
with Oracle at one of the Oracle FastConnect locations in the Ashburn region.
What is the recommended design in this scenario?
A. Create a cross-connect group and have two or more cross-connects in that group. Create an IPsec VPN
connection on this group.
B. Setup two IPsec connections between your data center and OCI Ashburn region. Create an OCI load
balancer to distribute the traffic across the two connections.
C. Create a cross-connect group and have at least two or more cross-connects in that group. Create at least
two or more virtual circuits in the group.
D. Create a cross-connect group and have at least one cross-connect in that group. Create at least one
virtual circuit in the group.
Answer: C
Success Guaranteed, 100% Valid we

7a,
About dumpscollection.com
dumpscollection.com was founded in 2007. We provide latest & high quality IT / Business Certification Training
Exam Questions, Study Guides, Practice Tests.
We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. Especially
Cisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.
View list of all certification exams: All vendors
stftetdts CITRIX poo
cisco CompTiA.
EMC
where information lives
(SC) =><IN juniper
Micresoft ORACLE Se symantec.
We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses listed
below.
© Sales: sales @dumpscollection.com

© Feedback: feedback @ dumpscollection.com
© Support: support @dumpscollection.com
© Skype ID: crack4sure@ gmail.com
Any problems about IT certification or our products, You can write us back and we will get back to you within 24
hours.
Leeeeeeeeed
15% Discount Coupon Code:
3 DC15disc
Oracle
Oracle Cloud
Infrastructure 2019
Architect Associate
Version: 7.0
Web: www.dumpscollection.com [ Total Questions: 166]
Email: support@dumpscollection.com
IMPORTANT NOTICE
Feedback
We have developed quality product and state-of-art service to ensure our customers interest. If you have any
suggestions, please feel free to contact us at feedback @dumpscollection.com
Support
If you have any questions about our product, please provide the following items:
© exam code
© screenshot of the question
© login id/email
please contact us at support@dumpscollection.com and our technical experts will provide support within 24 hours.
Copyright
The product of each order has its own encryption code, so you should use it independently. Any unauthorized
changes will inflict legal punishment. We reserve the right of final explanation for this statement.
Why are two subnets required to create a public load balancer when additional subnets are often used for
back-end servers? (Choose two.)
A. Routing is simpler when the load balancer is not in the same subnet as the back-end server.
B. Performance is higher when more subnets are used.
C. Additional subnets for back-end servers allow for separate route tables for these servers.
D. Additional subnets for back-end servers allow for separate security lists for these servers.
Answer: B D
Explanation
References:
You are about to deploy an e-business application on Oracle Cloud Infrastructure and one of the requirements
is to use a shared file system that supports the NFS protocol.
A. object storage
B. block volume
D. file storage
Answer: D
Which storage service is used on OCI for a Data Transfer Service job?
A. An instance with enough storage to accommodate the job
B. An object bucket
. A File System service instance

OD
D. Block Volume

Answer: B
Explanation
https://docs.cloud.oracle.com/en-us/iaas/Content/DataTransfer/Concepts/overview.htm
You are responsible for setting up access for all the cloud users of a large enterprise. You log in to the Phoenix
region and start creating users and policies. You then realize that some users might be creating resources in the
Ashburn region.
Which step should you perform to enable those users?
A. You can assign a region to each of the users at the time of creation.
B. IAM users are global and non-admin users can add resources to any region by default.
C. You need to log in to each region separately to create users for that particular region.
D. IAM users are global. As an administrator, make sure that you subscribe to the Ashburn region.
Answer: D
Which three components can you configure in Oracle Infrastructure Identity and Access Management?
(Choose three.)
A. Groups
B. Users
C. Instances
D. Policies
E. VCNs
Answer:
A B D
Explanation
References:

NO: 59
Which three load-balancing policies can be used with a back end set? (Choose three.)
A. Throughput
B. IP Hash
C. Weighted Round Robin
D. CPU Utilization
E. Least Connections
Answer: B CE
Explanation
References:
You create a public Load Balancer instance and configure a back end set “BES1” with one back end server
running a service on port 80. You also create a listener on port 80 and configure that listener to use the back
end set “BES1”. A client makes one HTTP request to the Load Balancer with the correct protocol and port.
How many connections does the Load Balancer maintain?
A.1
Answer: B
Which two statements are true about data guard service on DB Systems in Oracle Cloud Infrastructure (OCI)?
A. Data guard implementation requires two DB Systems, one running the primary database on a virtual
machine and the standby database running on bare metal.
B. Data guard implementation requires two DB Systems, one containing the primary database and one
containing the standby database.

C. Data guard configuration on the OCI is limited to a virtual machine only.
D. Both DB Systems must use the same VCN, and port 1521 must be open.
Answer: B D
Explanation
References:
You deployed a web server in Oracle Cloud Infrastructure using an ephemeral public IP. After a few changes
in your web server configuration, you rebooted the server and a new public IP was associated to your instance.
What should you do to prevent this from happening again?
A. Create a reserved public IP and associate it with the security list that your complete instance is using
B. Create a reserved public IP and associate it with the subnet of your compute instance
C. Create a reserved public IP and associate it with the VNIC of your compute instance
D. Create a reserved public IP and associate it with the hosts file of your web server
Answer: C
You currently manage an e-commerce application that utilizes 25 identical compute resources to handle
customer traffic. The stakeholders have asked you to create another 25 identical compute resources in order to
deploy and test a new version of the software?
What is the most efficient process to create 25 additional compute resources that are identical to the first 25?
A. Create a custom image from 1 of the 25 servers. Use this custom image to provision 25 more servers
B. Create a manual backup of each boot volume belonging to the 25 servers. Restore each backup to create
25 new boot volumes, from which you will provision 25 more servers
C. Provision a new server and configure it to be identical to the first 25. Create a custom image from the
new server, then use the custom image to provision 24 more servers
D. Clone the boot volume of 1 of the 25 servers. Use the boot volume clone to provision 25 more servers
Answer: A

A customer wants to do development on premise while leveraging services such as Java Cloud, Mobile
Developer Cloud, and App Builder Services. The customer would also like to scale out the application,
stretching from on-premises to the cloud by using a common API.
Which two Infrastructure options can the customer leverage to do this? (Choose two.)
A. Oracle Cloud at Customer
B. Oracle Cloud Infrastructure Classic
C. Oracle Cloud Ravello service
D. Oracle Cloud Infrastructure
Answer: A D
You are deploying a highly available web application in Oracle Cloud Infrastructure and have decided to use a
public load balancer. The back-end web servers will be distributed across all three availability domains (ADs).
How many subnets should you create to deliver a secure highly available application?
A. three subnets in total; one subnet in each AD
B. five subnets in total; two subnets each in the first and second AD with a single subnet in the third AD
C. six subnets in total; two subnets in each AD; one for the load balancer and one for the web servers
D. four subnets in total; one subnet in each AD for the web servers and a single subnet in any one AD for
the load balancer
Answer: C
Which statement is true about cloning a volume?
A. You need to detach a volume before cloning from it.
B. Acloned volume is the same as a snapshot that has a dependency on the source volume.
C. You cannot change the block volume size when cloning a volume.

D. You can create a clone for a volume across regions.
Answer: B
Explanation
References:
Which two parameters are required in a back end set’s HTTP health check? (Choose two.)
A. response body
URL path
m
timeout
uO4
port
status code
m
Answer: A C
B. by adding users to a group and defining a policy to provide the group access to the compartment
C. by adding users to a compartment. All users in the compartment will have access to the objects in the
compartment.
Answer: B
Which two statements are true about policies?
A. You can use read, write, manage, and inspect as verbs for defining a policy.
B. A policy is a document that specifies who can access which Oracle Cloud Infrastructure resources that

your company has, and how.
C. Users need not do anything but still have to be added to a group with appropriate policies defined.
D. You can deny access to a group via policies.
Answer: B C
Explanation
References:
Which three actions need to be performed before attempting a data transfer service job?
A. Obtain an available host machine which can run the dts utility on-premise with SATA or USB drives
attached for the transfer job.
B. Get access to a high-speed internet connection
C. Data Transfer Service and Storage Service Limits should be checked and raised if required.
D. Set up SSH access to a host on OCI to coordinate the transfer job.
E. Create an object bucket to receive the job.
Answer: A CE
You have five different company locations spread across the US. For a proof-of-concept (POC) you need to
setup secure and encrypted connectivity to your workloads running in a single virtual cloud network (VCN) in
the Oracle Cloud Infrastructure Ashburn region from all company locations.
A. Create five internet gateways in your VCN and have separate route table for each internet gateway.
B. Create five virtual circuits using FastConnect for each company location and terminate those
connections on a single dynamic routing gateway (DRG). Attach that DRG to your VCN.
C. Create five IPsec connections with each company location and terminate those connections on a single
DRG. Attach that DRG to your VCN.
D. Create five IPsec VPN connections with each company location and terminate those connections on five
separate DRGs. Attach those DRGs to your VCN.

Answer: C
Your company has decided to move a few applications to Oracle Cloud Infrastructure and you have been
asked to design it for Disaster Recovery (DR). One of the items of your design is to deploy the DR at least 300
miles from the home site and minimize the network latency as much as possible.
Based on that, what will be the recommended deployment?
A. Deploy applications in two separated VCNs in different Availability Domains and use VCN Remote
Peering
B. Deploy applications in different regions and have them connected using VCN Remote Peering
C. Deploy applications in two separated VCNs in different regions and use VCN Local Peering
D. Deploy applications on the same region splitting workloads across Availability Domains.
Answer: D
You have created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain
application servers and the third subnet contains a DB System. The application requires a shared file system so
you have provisioned one using the file storage service (FSS). You also created the corresponding mount
target in one of the application subnets. The VCN security lists are properly configured so that both
application servers and the DB System can access the file system. The security team determines that the DB
System should have read-only access to the file system.
A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of
the DB System subnet.
B. Connect via SSH to one of the application servers where the file system has been mounted. Use the Unix
command chmod to change permissions on the file system directory, allowing the database user read
only access.
C. Modify the security list associated with the subnet where the mount target resides. Change the ingress
tules corresponding to the DB System subnet to be stateless.
D. Create an instance principal for the DB System. Write an Identity and Access Management (IAM)
policy that allows the instance principal read-only access to the file storage service.
Answer: C
Success Guaranteed, 100% Valid eyes)

Which two statements are true about Oracle Cloud Infrastructure Compute Service? (Choose two.)
A. You can launch a virtual or bare metal instance by using the same LaunchInstance API.
B. You cannot launch a bare metal server in Oracle Cloud Infrastructure Compute Service.
C. You can attach a block volume in an Availability Domain other than your compute instance.
D. You can share custom images across tenancies and regions.
Answer: A D
Explanation
References:
Which two options are true for Autonomous Transaction Processing (ATP) database? (Choose two.)
You can scale storage up or down in ATP

m
You can scale CPU up or down in ATP

uO4
You can add more Pluggable Database for consolidating multiple databases in ATP
You can add new ORACLE

_ HOME for bringing older versions of on-premises databases to ATP
m
Answer: B D
NO: 139
What is the maximum number of security lists that can be associated with a subnet?
A. four
B. three
C. five

D. two
Answer: C
Which two features are offered natively on Oracle Cloud Infrastructure Database Cloud Service (DBCS)?
(Choose two.)
A. Data Guard in Async mode within a region
B. GoldenGate replication between two regions
C. Data Guard in Maximum Protection mode
D. backup to Object Storage
Answer: C D
You have created a public subnet in a VCN, and your public subnet has a Route Table, a Security List, and an
Internet Gateway. However, none of the compute instances can connect to the Internet.
Answer: A C
Which two are true for achieving High Availability on Oracle Cloud Infrastructure? (Choose two.)
A. Store your database across multiple regions so that half of the data resides in one region and the other
half resides in another region.
B. Attach your block volume form Availability Domain | to a compute instance in Availability Domain 2
(and vice versa) so that they are highly available.

C. Configure your database to have Data Guard in another Availability Domain in Sync mode within a
region.
D. Store your database files on Object Storage so that they are available in all Availability Domains in all
regions.
You are in the process of setting up a highly available student registration website on Oracle Cloud
Infrastructure (OCT). You use a load balancer and a database service on OCI. You launch two compute
instances each in a different subnet and add them to the back end set of a public load balancer. The load
balancer is configured correctly and working. You then deploy the student registration application on these
two compute instances. The application can communicate with the database service. However, when you type
the URL of this student registration application in your browser, no web page appears.
What could be the cause?
A. The security lists of the subnets on which the two instances are located do not have “allow” rules for
port 80 and 443.
B. The load balancer performed a health check on the application and found that compute instances were
not in a healthy state and terminated the instances.
C. The client requested https access to the application and the load balancer service does not support
end-to-end SSL from the client to the listener to the back-end set.
D. The Dynamic Routing Gateway is preventing the client traffic from your data center network from
reaching the public IP of the load balancer.
Answer: A
ESTION NO: 36
When terminating a compute instance, you want to preserve the boot volume and its data.
Which step will you need to perform?
A. You cannot preserve the boot volume; it will always be deleted when you terminate the instance.
B. Reboot the instance first, and then terminate the instance.

C. Disable the default option to delete the boot volume when terminating an instance.
D. Before terminating the instance, you must detach the boot volume.
Answer:
Explanation
References:
You have been notified of an application failure indicating that one or more of the Oracle Cloud Infrastructure
(OCD resources have become unavailable. After scanning the Compute and Database consoles, you notice that
one of the DB Systems is missing.
A. Navigate to the Audit console and search the previous 24 hours for all Delete actions to get a list of any
resource that was deleted in the past 24 hours.
B. Create a serial console connection to the DB System that does not appear in the management console.
Connect to the serial console connection, and then review the system logs under /var/log/messages.
C. View the service limits associated with your account to ensure that you have not exceeded the available
number of DB system in your tenancy.
D. Navigate to the Audit console and search the previous 24 hours for all List actions to get a list of every
event that occurred in the past 24 hours.
Answer: D
Question #101
: 64
You need to transfer over 12 TB of data from on-premises to your cloud account. You started copying this
data over the internet and noticed that it will take too long to complete.
Without increasing the costs of your subscription, what is the recommended way to send this amount of data to
your cloud account?
A. Use Data Transfer Service to send your data.
B. Split the data into multiple parts and use the multipart tool.
C. Use a 10 GB FastConnect line to send the data.

D. Send the data over a VPN IPsec tunnel.
E. Compress the data and use the multipart tool.
Answer: A
Explanation
References:
Which five are the required parameters to launch an instance in Oracle Cloud Infrastructure? (Choose five.)
A. subnet
B. Availability Domain
Virtual Cloud Network

uO4
host name
instance shape
m
F. image operating system
G. private IP address
Answer: ABCEF
Explanation
References:
NO: 122
You have an application deployed in Oracle Cloud Infrastructure running only in the Phoenix region. You
were asked to create a disaster recovery (DR) plan that will protect against the loss of critical data. The DR site
must be at least 500 miles from your primary site and data transfer between the two sites must not traverse the
public Internet.
A. Create a new virtual cloud network (VCN) in the Phoenix region and create a subnet in one availability
domain (AD) that is not currently being used by your production systems. Establish VCN peering
between the production and DR sites.
Success Guaranteed, 100% Valid eRe mes)

B. Create a DR environment in Ashburn. Associate a DRG with the VCN in each region and create a
remote peering connection between the two VCNs.
C. Create a DR environment in Ashburn and provision a FastConnect virtual circuit using DRG between
the regions.
D. Create a DR environment in Ashburn. Associate a dynamic routing gateway (DRG) with the VCN in
each region and configure an IPsec VPN connection between the two regions.
Answer: A
A customer has established an Oracle Cloud Infrastructure (OCI) FastConnect connection to OCI. The virtual
circuit is up and routes are being advertised from the customer’s end, however the customer is unable to ping
from compute instances inside the virtual cloud network (VCN) to servers residing in its on-premises data
center.
Which two options on OCI would remedy this situation? (Choose two.)
A. Modify the route table associated with the VCN subnet in which the instance resides. Add a route to the
customer’s on-premises network via the Dynamic Routing Gateway (DRG).
B. Modify the security list associated with the VCN subnet in which the instance resides. Add a stateful
egress rule to allow ICMP traffic to the customer’s on-premises network.
C. Modify the security list associated with the VCN subnet in which the instance resides. Add a stateful
ingress rule to allow ICMP traffic from anywhere.
D. Modify the default VCN route table to add a route back to the customer’s on-premises network via the
DRG.
Which statement is true about DB Systems?
A. Data Guard as a Service is offered between regions.
B. You cannot manage the database as sys/sysdba.
C. You have full control over the automatic backup schedule and retention periods.
D. You can manage Oracle database initialization parameters at a global level.
Answer: A C
Success Guaranteed, 100% Valid Ro mess)

Your company is moving an Internet-facing, 2-tier web application into Oracle Cloud Infrastructure. The
application must have a highly available architecture.
Which two design options would you consider? (Choose two.)
A. Configure a Dynamic Route Gateway in your VCN and make it highly available.
B. Configure a NAT instance in your Virtual Cloud Network (VCN). Create a route rule by using the
private IP of the NAT instance as a route target for all the private subnets in your VCN.
C. Create an Internet Gateway and attach it to your VCN. Deploy public load balancer nodes into two
Available Domains.
D. Place all web servers behind a public load balancer.
Answer: B C
NO: 66
You are the Cloud Architect of a company, and are designing a solution on Oracle Cloud Infrastructure where
you want to have all your compute instances resistant to hardware failure.
Which two are recommended best practices to achieve the requirement on Oracle Cloud Infrastructure?
(Choose two.)
A. Create a custom image of your system drive each time you change the image.
B. Attach block volumes from different Availability Domains to compute instances in different Availability
Domains for high availability.
C. Design your system with redundant compute modes in different Availability Domains to support the
failover capability.
D. Create backups of your block volumes that are associated with compute instances in different regions.
Answer: A C
Explanation
References:
Success Guaranteed, 100% Valid ee) mess)

Your organization has deployed a large, complex application across multiple compute instances in Oracle
Cloud Infrastructure (OCI). These compute instances also have block volume storage attached to them. You
want to create a time consistent backup of these block volume storage.
Answer: D
What is the maximum CIDR range that can be assigned when configuring a Virtual Cloud Network?
A. /16
B. /26
C. /24
D. /8
Answer: A
Explanation
References:
Within your tenancy you have a compute instance with a boot volume and a block volume attached. The boot
volume contains the OS and the attached block volume contains the instance’s important data. Logs on the
boot volume have filled the boot volume and are causing issues with the OS.
What should you do to resolve this situation?
A. Stop the instance that is full. Create a manual backup of the block storage before making changes.
Detach the block volume, create a new instance of the same shape with a larger custom boot volume and
attach the block volume to the new instance. Configure the OS and any related application(s) to access
the block volume under the same mount point as before.

B. Create a new instance with a larger boot volume size as well a new block volume which is the same size
or larger than the one attached to the full instance. rsync the state of the boot volume and the state of the
block volume between the two instances.
C. Detach the block volume from the full instance. Create a new instance of the same shape with a larger
boot volume and rsync the state of the boot volume between the instances. Attach the block volume to
the new instance.
D. Create a manual backup of the block storage instance. Create a custom image of the full instance. Once
that completes deploy the custom image to a new instance.
Answer: B
You have an external facing web server running in the Oracle Cloud Infrastructure (OCD London region. You
are notified that customers in North America and Australia are facing high latency while connecting to your
web server.
Which services are available on OCI that can help you get current latency statistics to your web server from
these markets?
A. Use DNS Zone Management service to check latency over that connection
B. Setup an IPsec VPN with customers in those markets and check latency over that connection
C. Use the Internet Intelligence tool. Run tests using the web server’s public IP address and review
traceroute details from different vantage points
D. Setup a FastConnect with customers in those markets and check latency over that connection
Answer: A
You have a shared file system between two web servers using File Storage Service (FSS) and you were tasked
to create a backup plan for this environment to protect the data placed into the shared file system.
What is the recommended approach to create this backup using FSS features?
A. Implement a backup policy to execute a snapshot of the shared volume.
B. Implement a backup policy to copy data from the shared volume to object storage.
C. Compress the data that is in the shared volume and copy it into a different folder on the boot volume
disk.

D. Use the rsync tool to send data from the shared volume to a boot volume disk.
E. Use the rsync tool to send data from the shared volume to a block volume.
Answer: A
You have successfully configured identity federation between Oracle Cloud Infrastructure (OCT) and Oracle
Identity Cloud Services (IDCS). A new project manager wants access to OCI for her team and provides the
name of an existing group within IDCS to use when granting access.
How do you configure federation to allow the project team access to OCI resources?
A. Create a new IAM group in OCI and map it to the existing IDCS group. Create a new policy in IDCS
and reference the name of the IAM group.
B. Create a new Identity and Access Management (IAM) policy in OCI and reference the name of the
IDCS group in each policy statement.
C. Create a new compartment in OCI with the same name as the existing IDCS group. Create an IAM
policy that references the new compartment and the name of the IDCS group.
D. Create a new IAM group in OCI and map it to the existing IDCS group. Create a new IAM policy and
reference the name of the IAM group in each policy statement.
Answer: D
As the Cloud Architect for your company, you have been tasked with designing a high performance (HPC)
cluster in Oracle Cloud Infrastructure (OCD. The following requirements have been defined:
© The cluster must be a minimum of three nodes, but may increase to six nodes when demand requires.
© The cluster must be resilient to any potential infrastructure failures.
© To minimize latency, all nodes must be deployed within the same availability domain (AD).
© Adding or replacing nodes within the cluster should take no more than 30 minutes.
Which two steps should be performed to satisfy these requirements in OCI? (Choose two.)
A. Deploy the cluster in a single AD with a shared file system that leverages the file storage service (FSS).
Deploy a standby cluster in another AD and configure it to use the same shared file system.
B. Deploy the cluster in a single AD. Place each of the nodes in one of the three different fault domains in

that AD.
C. Create a backup of your HPC node compute instance boot volume. Launch new compute instances
directly from the backup reduce provisioning time.
D. Create a custom image of your HPC node compute instance. Launch new compute instances using this
image to reduce provisioning time.
E. Deploy the cluster in a single AD. Place each of the nodes in a different virtual cloud network (VCN)
subnet.
Answer: A D
You had an outage in your application caused by the loss of a shared volume provisioned by File Storage
Service (FSS). At this point, you need to restore the data from a snapshot you created of the FSS.
What are the steps to restore the data?
A. Access the directory where the shared volume is mounted, then cd into .snapshot folder, find the
snapshot folder you want to recover and use cp or rsync tool to copy the files to the original location.
B. Open OCI Console, select File Storage Service, find the shared storage, then click on snapshot and
restore.
C. Open OCI Console, select File Storage Service, find the snapshot you created and click restore.
D. Access the directory, where you mounted the shared volume, then cd into .snapshot folder and find the
snapshot folder you want to recover and rename that folder to the original folder name.
Answer: B
Which two statements are true about subnets within a VCN? (Choose two.)
A. You can have multiple subnets in an Availability Domain for a given VCN.
B. Private and Public subnets cannot reside in the same Availability Domain for a given VCN.
C. Subnets can have their IP addresses overlap with other subnets in another network for a given VCN.
D. Instances obtain their private IP and the associated security list from their subnets.
Answer: A D

Explanation
References:
Which two statements are true about data guard service on DB Systems in Oracle Cloud Infrastructure (OCI)?
(Choose two.)
A. Data guard implementation requires two DB Systems, one running the primary database on a virtual
machine and the standby database running on bare metal
B. Data guard configuration on the OCI is limited to one standby database per primary database
C. Data guard configuration on the OCT is limited to a virtual machine only
D. Data guard implementation requires two DB Systems, one containing the primary database and one
containing the standby database
Answer: B D
Explanation
References:
Which service would you use if your big data workload required shared access and NFS-based connectivity?
A. block volume
B. archive storage
C. object storage
D. file storage
Answer: D
Explanation
References:
Which storage would you use if your big data workload requires shared access and an NFS based interface?
A. File Storage

B. Storage Software Cloud Appliance
C. Object Storage
D. Archive Storage
E. Block Volume
Answer: A
Explanation
References:
You are running a mission-critical database in Oracle Cloud Infrastructure (OCI). You take regular backups of
your DB system to OCI object storage. Recently, you notice a failed database backup status in the console.
What two steps can you take to determine the cause of the backup failure? (Choose two.)
D. Make sure that the database is not active and running while backup is in progress
Answer: A C
Which two options are available when configuring DNS resolution for your virtual cloud network? (Choose
two.)
C. custom resolver
Answer: C D
Explanation

References:
You have an application running on Oracle Cloud Infrastructure. You identified that the read and write
operations are slowing your application down enough to impair user access. The application is currently using
a VM.Standard 1.2 compute without any block storage attached to it.
A. Terminate the compute instance preserving the boot volume. Create a new compute instance a VM
Dense IO shape using the boot volume preserved.
B. Terminate the compute instance preserving the boot volume. Create a new compute instance using a VM
Standard shape and attach a new block volume to host your application.
C. Create a backup of the boot volume. Create a new compute instance a VM Dense IO shape and restore
the backup.
D. Terminate the compute instance and create a backup of the boot volume. Create a new compute instance
using a VM Dense IO shape and restore the backup.
Answer: B C
You want an Oracle Cloud Infrastructure (OCI) compute instance in your compartment to make API calls to
other services within OCI without storing credentials in a configuration file.
A. Create a dynamic group with appropriate matching rules to include the instance, and reference this
group in your IAM policy statement
C. VM instances are treated as users. Create a user, assign the user to that VM instance, and reference the
instance in your Identity and Access Management (IAM) policy statement
D. By default, all VM instances are created with an instance principal. Reference this instance principal in
your IAM policy statement
Answer: D
Explanation
References:

Question #2620
: 46
Which statement is true about Oracle Cloud Infrastructure Object Storage Service?
A. An Archive Object Storage tier bucket can be upgraded to the Standard Object Storage tier.
B. You cannot directly download an object from an Archive Object Storage bucket.
C. An existing Standard Object Storage tier bucket can be downgraded to the Archive Object Storage tier.
D. Data retrieval in Archive Object Storage is instantaneous.
Answer: B
Which two use Oracle dynamic routing gateway (DRG) for connectivity? (Choose two.)
B. Oracle IPsec VPN
Answer: A B
Explanation
References:
At the end of a terraform apply operation, what is the default output?
A. nothing by default
B. statistics about what was added, changed, and destroyed
C. the entire state file
D. statistics about what was added, changed, and destroyed, and the values of outputs
Success Guaranteed, 100% Valid VERO) ESS)

Answer: D
Explanation
References:
NO: 137
A company currently uses Microsoft Active Directory as its identity provider. The company recently
purchased Oracle Cloud Infrastructure (OCD) to leverage the cloud platform for its test and development
operations. As the administrator, you are now tasked with giving access only to developers so that they can
start creating resources in their OCI accounts.
A. Create a group for developers on OCI and map the group to a similar group in Microsoft Active
Directory during the federation process.
B. Federate all Microsoft Active Directory groups with OCI to allow users to use their existing credentials.
C. Create a new user account for each user, and then create policies to provide access to developers.
D. Create a group for developers on OCI, export all the developers from Microsoft Active Directory, and
then import them into the Identity and Access Management (IAM) group.
Answer: B
Which scaling option does Database Cloud Service (DBCS) on Bare Metal Shape offer?
A. network bandwidth
B. CPU
C. storage
D. memory
Answer:
Explanation
References:
Success Guaranteed, 100% Valid WTO keys)

Which resource is required when connecting to your on-premise network from your Virtual Cloud Network
(VCN) via IPSec VPN or FastConnect?
A. Internet Gateway (IGW)
B. Dynamic Routing Gateway (DRG)
C. local peering gateway
D. NAT
Answer: B
Explanation
References:
Which three are capabilities of the dbaascli utility? (Choose three.)
A. Patching the primary database deployment
Open port 1521 in the VCN to allow for traffic to the listener
m
Start and open the database instance

uO4
Switchover and failover in an Oracle Guard configuration
Clone a DB
m
Answer: A C D
Which two statements about the Oracle File Storage Service (FSS) Security are accurate? (Choose two.)
A. Oracle IAM controls which filesystems are mountable by which instances.
B. Security lists can be used as a virtual firewall to prevent an instance from mounting an FSS mount target
within a subnet.
C. Encryption of file storage in FSS is optional.
D. Data in transit to an FSS mount target is encrypted.
Success Guaranteed, 100% Valid VeRO) aos)

E. FSS leverages UNIX user group and permission checking for file access security.
Answer: B D
You have just created an Autonomous Data Warehouse (ADW) and you want to connect to the ADW using
SQL Developer.
What three items are needed to connect to the ADW using SQL Developer? (Choose three.)
A. the keystore password
a security list with an ingress rule for TCP port 1521

m
the client credentials file

G9
the public IP address of the ADW server
the admin password

m
Answer: A CE
Answer: D
Which statement is true about Oracle Cloud Identifiers (OCID)?
A. mytenancy.oc.ocid is a valid OCID.
B. If you delete a user, and them create a new user with the same name, the user will be considered a
different user because of different OCIDs.

C. Users can customize OCIDs for all the resources in their compartments.
D. If you delete a user, and then create a new user with the same name, the new user will be assigned the
exact same OCIDs as the system remembers.
Answer: B
Explanation
References:
Your company has decided to move a few applications to Oracle Cloud Infrastructure (OCT) and you have
been asked to design a cloud-based disaster recovery (DR) solution. One of the requirements is to deploy the
DR resources at least 300 miles from the home OCI region and minimize the network latency.
A. Deploy production and DR applications in the same VCN. Create production subnets in one AD, and
DR subnets in another AD.
B. Deploy production and DR applications in two separate VCNs in different availability domains (ADs)
within your home region, and then use a VCN remote peering connection for connectivity.
C. Deploy production and DR applications in two separate VCNs, each in different regions. Connect them
using a VCN remote peering connection.
D. Deploy production and DR applications in two separate virtual cloud networks (VCNs), each in different
regions, and then use VCN local peering gateways for connectivity.
Answer: B
You are an administrator with an application running on OCI. The company has a fleet of OCI compute virtual
instances behind an OCI Load Balancer. The OCI Load Balancer Backend Set health check API is providing a
‘Critical’ level warning. You have confirmed that your application is running healthy on the backend servers.
What is the possible reason for this ‘Critical’ warning?
B. The Backend Server VCN’s Route Table does not include the route for OCI LB.

D. The Backend Server VCN’s Security List does not include the IP range for the source of the health
check requests.
Answer: D
Explanation
References:
Which three are default Virtual Cloud Network (VCN) components? (Choose three.)
A. Security List
B. Dynamic Routing Gateway
C. DHCP options
D. Internet Gateway
E. Route Table
Answer: A C E
Explanation
References:
Which two resources are available by default when your Oracle Cloud Infrastructure tenancy is provisioned?
A. an NVMe SSD boot disk for each instance, whose size is determined by the image and shape of the
instance
B. arange of public IP addresses that are reserved for your tenancy
C. aset of images, where each image is a template of a virtual hard drive that consists of the OS and
installed software and applications
D. a variety of shapes, where each shape determines the number of CPUs and memory allocated to an
instance.
Answer: A B

You are the Solutions Architect of a large company and are tasked with migrating all your services to Oracle
Cloud Infrastructure. As part of this, you first design a Virtual Cloud Network (VCN) with a public subnet and
a private subnet. Then in order to provide Internet connectivity to the instances in your private subnet, you
create an Oracle Linux instance in your public subnet and configure NAT on it. However, even after adding all
related security list rules and routes in the Route Table, your private subnet instances still cannot connect to
the Internet.
Which action should you perform to enable Internet connectivity?
A. Disable “Source and Destination Check” on the VNIC of your Linux instance.
B. There is no way that a private subnet can connect to the Internet.
C. Create a Dynamic Routing Gateway (DRG) and route your private IP traffic to the DRG.
D. Restart the NAT instance.
Answer: A
Which is a customer’s responsibility on an Oracle Cloud Infrastructure database?
A. patching the database and OS
B. creating the first default database on the DBCS server
C. creating an ASM diskgroup for data file or temp file storage
D. installing the operating system (OS), Grid Infrastructure, and database software
Answer: B
Question #2164
O:7
Which three must be configured for a load balancer to accept incoming traffic? (Choose two.)
A. alistener
B. a back-end server
C. aback end set
D. asecurity list that is open on a listener port
Success Guaranteed, 100% Valid PANO ass)

E. acertificate
Answer: ADE
Explanation
References:
Which statement is true about a pre-authenticated request in Oracle Cloud Infrastructure Object Storage?
A. You can create only 1, 000 pre-authenticated requests per bucket.
B. You can create a pre-authenticated request only for public buckets.
C. You cannot retire a pre-authenticated request before it expires.
D. You cannot extend the expiration date on a pre-authenticated request.
Answer: D
Explanation
References:
Your company has decided to move a few applications to Oracle Cloud and you have been asked to design it
for both High Availability (HA) and Disaster Recovery (DR).
Which two should you consider while designing your Oracle Cloud Infrastructure architecture? (Choose two.)
A. Region
B. Instance Shape
C. Compartments
D. Availability Domain
Answer: A D
Explanation
References:

Which two options are available when setting up DNS for your bare metal and virtual machine DB Systems?
(Choose two.)
C. custom resolver
Answer: C D
Explanation
References:
Which two statements are true about the Oracle Cloud Infrastructure Object Storage Service? (Choose two.)
A. It provides higher IOPS than Block Storage.
B. It can be directly attached or detached from a compute instance.
C. Data is stored redundantly only in a single AD.
D. Data is stored redundantly across multiple availability domains (ADs).
E. It provides strong consistency.
Answer: D E
Explanation
References:
Which two options are valid for loading data directly into Autonomous Data Warehouse (ADW)? (Choose
two.)
A. Data Integrator
B. Data Pump
C. Data Transfer Service

D. SQL *Loader
Answer: B D
Explanation
References:
Which two resources are availability domain constructs? (Choose two.)
A. VCN
Groups
m
Block Volume
uO4
Compute Instance
E. Object Storage
Answer: C D
Explanation
References:
Which two are required parameters to create a public load balancer instance? (Choose two.)
A. certificate
B. load balancer name
C. listener
D. back end set
E. two public subnets
Answer: D E
Explanation
References:
Success Guaranteed, 100% Valid CVMolmos)

Your Operations team has recently created a new, standard image that will be used to launch all new
application servers in the Finance compartment. The custom image currently exists in the Operations
compartment. You have access to manage all-resources in the Finance compartment and do not have access to
the Operations compartment.
Which two methods would make the new image available for you to use when deploying new servers in the
Finance compartment? (Choose two.)
A. Instruct the Operations team to reassign the custom image to the Finance compartment so you can select
it from a drop-down list when launching new compute resources.
B. Instruct the Operations team to export the image to an object storage bucket, create a pre-authenticated
request (PAR), and provide you with the URL. Download the custom image to your laptop and import it
as a custom image in the Finance compartment.
C. Instruct the Administrators team to grant you access to use instance-images in the Operations
compartment. Use the Oracle Cloud Identifier (OCID) of the custom image when launching new
compute resources in the Finance compartment.
D. Instruct the Operations team to export the image to an object storage bucket, create a PAR, and provide
you with the URL. Use that URL as the source when importing a custom image. Import the custom
image into the Finance compartment.
E. Instruct the Operations team to export the image to an object storage bucket. Instruct the Administrators
team to grant you access to the object storage bucket where the custom image is stored. Use the
download URL of the custom image as the image source when launching new compute resources in the
Finance compartment.
Answer: C E
You need to create a high performance shared file system, and have been advised to use file storage service
(FSS). You have logged into the Oracle Cloud Infrastructure console, created a file system, and followed the
steps to mount the shared file system on your Linux instance. However, you are still unable to access the
shared file system from your Linux instance.
B. There is no internet gateway (IGW) set up for mount target traffic
C. There is no Identity and Access Management (IAM) policies set up to allow you to access the mount
target
Success Guaranteed, 100% Valid RE ROmes)

D. There is no route in your virtual cloud network’s (VCN) route table for mount target traffic
Answer: C
Your application front end consists of several Oracle Cloud Infrastructure compute instances behind a load
balancer. You have configured the load balancer to perform health checks on these instances.
If an instance fails to pass the configured health checks, what will happen?
Answer: D
Where is the tenancy Oracle Cloud Identifier (OCID) located?
A. given by support on account creation
B. at the bottom of every console page
C. on the Identity — Users page
D. contained within the compartment OCID
Answer: B
Explanation
References:
NO: 120
Your company has been running several small applications in Oracle Cloud Infrastructure and is planning a
proof-of-concept (POC) to deploy PeopleSoft.

If your existing resources are being maintained in the root compartment, what is the recommended approach
for defining security for the upcoming POC?
A. Create a new compartment for the POC and grant appropriate permissions to create and manage
resources within the compartment.
B. Provision all new resources into the root compartment. Grant permissions that only allow for creation
and management of resources specific to the POC.
C. Provision all new resources into the root compartment. Use defined tags to separate resources that
belong to different applications.
D. Create a new tenancy for the POC. Provision all new resources into the root compartment. Grant
appropriate permissions to create and manage resources within the root compartment.
Answer: D
Explanation
References:
Which does NOT set a variable in Terraform?
A. Passing the variable with a var statement to Terraform
B. Setting the variable as key value pairs in a file in a subdirectory named tfvar
C. A default value in the variable declaration within a TF plan file
D. Setting the environment variable using a TF_VAR_ predicate in front of the variable name
Answer: A
Which two statements are true about encryption on Oracle Cloud Infrastructure (OCT)? (Choose two.)
Answer: A C

Explanation
References:
Which deployment architecture is offered when you deploy the Platform Service Manager based Database
Cloud Service (DBCS) onto Oracle Cloud Infrastructure?
A. Two node Primary RAC database leveraging ACFS for the shared file system
B. Single Instance database with a Single Instance Data Guard in Maximum Performance mode
C. Single Instance database with a Single Instance Data Guard in Maximum Protection mode
D. Two node Primary RAC database with a two node RAC Data Guard Standby in Maximum Performance
mode
Answer: D
Which two are valid options when migrating a database from on-premise to Oracle Cloud Infrastructure?
(Choose two.)
A. snapping or cloning storage form on-premise to Oracle Cloud Infrastructure
B. performing a backup to Oracle Cloud Infrastructure Object Storage, and then restoring to a database
server on Oracle Cloud Infrastructure
C. performing RMAN backup to an on-premise storage device, and then shipping to Oracle Cloud
Infrastructure
D. converting the Oracle database to a NoSQL database and migrating to Oracle Cloud Infrastructure by
using rsync file copy
Answer: A C
Which service is NOT supported by Oracle Cloud Infrastructure CLI?
A. load balancer
B. compute
Success Guaranteed, 100% Valid Rlenelimes)

C. database
D. block volumes
Answer: D
Explanation
References:
Which two configuration formats does Terraform support? (Choose two.)
A. YAML
B. JSON
C. HCL
D. XML
Answer: B C
Explanation
References:
Which two are true for Oracle Cloud Infrastructure DNS? (Choose two.)
A. It can function only as a primary DNS.
B. It supports other cloud providers such as AWS and Azure.
C. It supports segregation of traffic by using the private pool.
D. It does not provide DDoS protection.
Answer: B C
Explanation
References:
Success Guaranteed, 100% Valid RV MOlies)

You have an application server that needs to copy data on Oracle Cloud Infrastrucutre (OCT) object storage in
the same region. You have created a service gateway for OCI object storage in your virtual cloud network
(VCN) and modified security lists associated with the subnet to allow traffic to the service gateway. You are
able to connect to the OCI object storage, however, you notice that the connectivity is over the Internet instead
of the service gateway.
What is the reason for this behavior?
A. The route table associated with the subnet has no route rule where the destination is object storage
service
B. The service gateway created in the VCN resides in a different availability domain
C. The security list associated with the subnet has an egress rule that allows all traffic to be forwarded to a
destination CIDR 0.0.0.0/0
D. Identity and Access Management (IAM) policies restrict the access to the object storage bucket
Answer: B
Explanation
References:
Which two identity providers can your administrator federate with Oracle Cloud Infrastructure? (Choose two.)
A. Microsoft Active Directory
B. Oracle Identity Cloud Services
C. AWS Directory Services
D. Google Directory Federation Services
Answer: A B
Explanation
References:
Success Guaranteed, 100% Valid er mel imes)

C. Identity and Access Management (IAM) controls which file systems are mountable by which instances
D. Security lists can be used as a virtual firewall to prevent an instance from mounting an FSS mount target
within the same subnet
Answer: A D
Which DNS resource record type is used to point a host name to an [Pv4 address?
A. ALIAS
B.A
C. CNAME
D. AAAA
Answer: B
Explanation
References:
O: 113
You are planning to deploy a multi-region web application in Oracle Cloud Infrastructure (OCT). You have
customers in North America, Asia and Europe who will access the application.
What service is available in OCI to help you choose the regions the lowest latency to these markets?
A. Internet Intelligence
B. FastConnect
C. IPsec VPN
D. DNS Zone Management
Answer: A
Success Guaranteed, 100% Valid Relies)

Which two statements are true about Database Cloud Service (DBCS)? (Choose two.)
A. Data Guard as a Service is offered among regions.
B. You have full control over backup schedule and retention.
C. You can manage Oracle parameters at a global system level.
D. You cannot manage the database as sys/sysdba.
Answer: A B
Explanation
References:
Answer: A B
Explanation
References:
Which three types of credentials are used to manage Oracle Cloud Infrastructure Identity and Access
Management (IAM)? (Choose three.)
A. Windows Password
B. API Signing Key
C. Swift Password
D. SSH Key

E. Console Password
Answer: B CE
Explanation
References:
Question #353
NO: 160
You are tasked with creating a highly available clustered application on Oracle Cloud Infrastructure consisting
of three nodes. The round-trip latency between nodes must be less than 500 us (micro-seconds) and your cluster
should be resilient to hardware failure.
What is the recommended deployment strategy?
A. Deploy the cluster nodes in a single region and deploy each node into a different AD. Select the same
fault domain in each AD to ensure consistency.
B. Deploy the cluster nodes in two separate regions and take advantage of multiple availability domains
(ADs) in each region.
C. Deploy the cluster nodes in a single region and deploy each node into a different AD.
D. Deploy the cluster nodes in a single region and deploy each node in different fault domains within a
single AD.
Answer: D
Which three actions are required to configure a highly available and secure hybrid network between Oracle
Cloud and your data center? (Choose three.)
A. Define a non-overlapping IP Address Space between the data center and the cloud.
B. Configure each of the CPEs to leverage each of the IPSec Tunnels created by the connection process.
C. Create two or more CPEs that map to the private IP addresses of the customer routers used in the IPSec
VPN Tunnel.
D. Define a default route table entry for the VCN that directs all traffic to the data center network to a
single DRG.
E. Create dynamic routing gateways in more than one AD within your region.
Success Guaranteed, 100% Valid Al of 69

Answer: C DE
You have created a public subnet and an internet gateway in your virtual cloud network (VCN). The public
subnet has an associated route table and security list. However, after creating several compute instances in the
public subnet, none can reach the Internet.
A. The route table has no default route for routing traffic to the internet gateway
B. There is no stateful egress rule in the security list associated with the public subnet
C. There is no dynamic routing gateway (DRG) associated with the VCN
D. There is no stateful ingress rule in the security list associated with the public subnet
Answer: A C
Which two Oracle Cloud Infrastructure database services allow you to dynamically both scale CPU and
storage? (Choose two.)
Answer: A B
Explanation
References:
You have one database-style application that frequently makes many random reads and writes across the
dataset.
Which storage offering supports this application?

A. Object Storage Service
B. Archive Storage Service
C. File Storage Service
D. Block Storage Service
Answer: D
Given: When creating multiple subnets within a Virtual Cloud Network (VCN), security lists are often made to
group common services, for example, SSH and RDP (remote access), 80 and 443 (HTTP), and so on.
By default, what is the maximum number of security lists that can be associated with a subnet upon creation?
A. 4
Answer: C
Explanation
References:
For what business need should you use Database Cloud Service (DBCS) instead of Oracle database on a
compute instance?
A. to bring your own license on a compute service
B. to lower license and infrastructure cost
C. to implement Oracle RAC for high availability
D. to build an Oracle database on a compute service
Answer: D

Question #6
NO: 138
Which two are a valid image source when launching a new compute instance? (Choose two.)
B. object storage
C. custom image
D. boot volume
Answer: A C
Explanation
References:
Which two are required to create an IPSec VPN connection? (Choose two.)
A. security list
B. static route CIDR
C. name
D. compute instance
Answer: A B
Explanation
References:
Which statement is true about Oracle Cloud Infrastructure (OCI) object storage support for server-side
encryption?
A. You must manually enable server-side encryption for each object as you upload to OCI object storage
B. Objects are automatically encrypted as they are uploaded to object storage and decrypted upon retrieval

D. Only the object data is encrypted and the user-defined metadata that is associated with the object is not
encrypted
Answer: D
Explanation
References:
You have provisioned an Autonomous Data Warehouse (ADW) database with 16 enabled OCPUs and need to
configure the consumer group for your application.
Which two are true when deciding the number of sessions for each application? (Choose two.)
A. The MEDIUM and LOW consumer group can run up to 16 concurrent SQL statements if HIGH
consumer group has 0 SQL statements
B. The HIGH consumer group can run up to 16 concurrent SQL statements as long as MEDIUM and LOW
consumer groups have 0 SQL statements
C. The MEDIUM consumer group can run 20 concurrent SQL statements when HIGH consumer group has
0 SQL statements
D. The HIGH consumer group can run up to 16 concurrent SQL statements in addition to 32 concurrent
SQL statements in MEDIUM and LOW consumer group each
E. The HIGH consumer group can run 3 concurrent SQL statements when MEDIUM consumer group has
0 SQL statements
Answer: C E
Explanation
References:
You are designing a high bandwidth, redundant connection between your data center and Oracle Cloud
Infrastructure (OCI). While researching for OCI FastConnect locations, you notice that you are co-located
with Oracle at one of the Oracle FastConnect locations in the Ashburn region.
A. Create a cross-connect group and have two or more cross-connects in that group. Create an IPsec VPN
connection on this group.
B. Setup two IPsec connections between your data center and OCI Ashburn region. Create a OCI load

balancer to distribute the traffic across the two connections.
C. Create a cross-connect group and have at least two or more cross-connects in that group. Create at least
two or more virtual circuits in the group.
D. Create a cross-connect group and have at least one cross-connect in that group. Create at least one
virtual circuit in the group.
Answer: C
What is a “transfer package” when transferring data to OCI via the OCI Data Transfer Service?
A. A transfer package is the logical representation of the physical shipment containing the HDD transfer
devices that you ship to Oracle to upload to OCI.
B. A transfer package is the software Oracle provides for you to prepare transfer devices for shipment to
Oracle
C. A transfer package contains the physical devices.
D. A transfer package is the archive file that the Data Transfer Service Utility (dts) writes to the transfer
device.
Answer: A
Explanation
References:
You are responsible for creating and maintaining an enterprise application that consists of multiple storage
volumes across multiple instances. The storage volumes include boot volumes and block volumes for your
data storage. You need to create backups of these storage volumes in the most time-efficient manner.
A. You can create clones of storage volumes one at a time
B. You can group together multiple storage volumes in a volume group and create volume group backups
C. You can create on-demand one-off backups of boot volumes, but not block volumes
D. You can create on-demand one-off backups of block volumes, but not boot volumes
Answer: B

You are running your warehouse using Autonomous Data Warehouse (ADW) service and you noticed that a
newly configured batch job is always running in serial even through nothing else is running in the database.
All your jobs are configured to run with parallelism enabled.
What could be the reason for this batch job to run in serial?
A. The batch job depends on only one table and parallelism cannot be enabled on single-table queries.
B. The parallelism of batch job depends on the number of ADW databases involved in the query.
Cc . The new batch job is connected to LOW consumer group.
D. The new batch job runs on database tables that are not enable for parallel execution.
. Parallelism on the database is controlled by the application, not the database.

ies)
Answer: C
You are designing a two-tier web application in Oracle Cloud Infrastructure (OCI). Your clients want to access
the web servers from anywhere, but want to prevent access to the database servers from the Internet.
A. Create public subnets for web servers and private subnets for database servers in your virtual cloud
network (VCN), and associate separate internet gateways for each subnet.
B. Create public subnets for web servers and associate a dynamic routing gateway with that subnet, and a
private subnet for database servers with no association to dynamic gateway.
C. Create public subnets for web servers and private subnets for database servers in your VCN, and
associate separate security lists and route tables for each subnet.
D. Create a single public subnet for your web servers and database servers, and associate only your web
servers to internet gateway.
Answer: D
Which two statements define the types of DNS resolvers that exist? (Choose two.)

A. Accustom resolver allows instances to use the host names of the hosts in your on-prem network that are
connected to your VCN by an IPSec VPN connection.
B. A VCN resolver allows instances to use the host names of the hosts in your on-prem network that are
connected to your VCN by an IPSec VPN connection.
C. A VCN resolver allows instances to use host names to communicate with instances on other VCNs in
your tenancy.
D. An Internet resolver allows instances to use the host names that are published on the Internet.
Answer: A D
You are a network architect and have designed the network infrastructure of a three-tier application on Oracle
Cloud Infrastructure (OCI). In the architecture, back-end DB servers are in a private subnet. One of your DB
administrators requests to have access to OCI object storage service.
A. Create a service gateway, add a new route rule to the private subnet route table that uses storage as your
service gateway target type
B. Create a dynamic routing gateway (DRG) and attach it your virtual cloud network (VCN). Add a default
route rule to the private subnets route table and set the target as DRG
C. Attach a public IP address to the instances in the private subnet, and then add a new route rule to the
private subnet route table to route default traffic to the internet gateway
D. Add a new route rule to the private subnet route table to route default traffic to the internet gateway
Answer: A
Explanation
References:
You have multiple applications installed on a compute instance and these applications generate a large amount
of log files. These log files must reside on the boot volume for a minimum of 15 days and must be retained for
at least 60 days. The 60-day retention requirement is causing an issue with available disk space.
What are the two recommended methods to provide additional boot volume space for this compute instance?
(Choose two.)
A. Terminate the instance while preserving the boot volume. Create a new instance from the boot volume

and select a DenseIO shape to take advantage of local NVMe storage.
B. Create an object storage bucket and use a script that runs daily to move log files older than 15 days to
the bucket.
D. Create a custom image and launch a new compute instance with a larger boot volume size.
E. Write a custom script to remove the log files on a daily basis and free up the space on the boot volume.
Answer: B C
Which three can you achieve by using Terraform? (Choose three.)
A. Create resources in the right order without regard to the order in the terraform plan file.
Automatically re-provision the resources that are tainted or whose configuration has changed.
m
Automatically translate a deployed infrastructure and create a plan.

uO4
Automatically destroy all the resources that are in tenancy.
Continuously maintain the configuration files in an instance.

m
Answer: ABD
You are asked to create a user that will access programmatic endpoints in Oracle Cloud Infrastructure. The
user must not be allowed to authenticate by username and password.
Which two authentication options can you use? (Choose two.)
A. PEM Certificate file
B. Auth tokens
C. API signing key
D. Windows password
E. SSH key pair
Answer: B

You want an instance in your compartment to make API calls to other services within Oracle Cloud
Infrastructure without storing credentials in a configuration file.
A. No action is required. By default, all VM instances are created with an Instance Principal.
B. Instances cannot access services outside their compartment.
C. VM instances are treated as users. Create a user and assign the user to that VM instance.
D. Create appropriate matching rules in the Dynamic Group to create an Instance Principal.
Answer: A
Explanation
References:
Which two tools would you use to manage Database Cloud Service (DBCS)? (Choose two.)
A. psql
B. Oracle Swingbench
C. SQL Developer
D. Oracle Enterprise Manager
Answer: C D
Explanation
References:
You are implementing Oracle Cloud Infrastructure (OCI) FastConnect to access OCI public access points (e.g.
— object storage). You want other Internet traffic from your on-premises environment to use your existing
connection with your ISP.
What is the correct way to establish OCI FastConnect to access these OCI public endpoints?

A. Configure private peering on your FastConnect link. Redistribute BGP routes learned into your existing
routing table and advertise a default from your network infrastructure to OCI.
B. Configure private peering on your FastConnect link with a static route that points to OCI object storage
service.
C. Configure public peering on your FastConnect link with a static route that points to OCI object storage
service.
D. Configure public peering on your FastConnect link. Redistribute BGP routes learned into your existing
routing table and advertise a specific route for your network infrastructure to OCI.
Answer: D
Explanation
https://www.oracle.com/a/ocom/docs/connectivity-fast-connect-200.pdf
Which two are NOT an image source when launching a new compute instance? (Choose two.)
A. boot volume
B. custom image
C. Object Storage
D. bare metal instance
Answer: A C
Explanation
References:
You are managing a tier-1 OLTP application on an Autonomous Transaction Processing (ATP) database. Your
business needs to run hourly batch processes on this ATP database that may consume more CPUs than what is
available on the server.
How can you limit these batch processes to not interfere with the OLTP transactions?
A. Copy OLTP data into new tables in a new table space and run batch processes against these new tables

D. Configure ATP resource management rules to manage runtime and IO consumption for the consumer
group of batch processes
Answer: D
Explanation
References:
Your company is developing a new database application in Oracle Cloud Infrastructure. You need to test
application functionality including a hardware failure scenario. Since the application is still in the development
phase, you want to minimize infrastructure costs.
Which database service deployment option meets this requirement?
A. two node real application cluster (RAC) system
B. Autonomous Data Warehouse (ADW) system as it provides auto fail over functionality
C. two node bare metal system with data guard enabled
D. single node bare metal system
Answer: A
Explanation
References:
What does Terraform use to create, manage, and manipulate infrastructure resources?
A. resources
B. provisioner
C. instances
D. provider
Answer: D

An instance is launched with a primary VNIC that is created during instance launch.
Which two operations are true when you add secondary VNICs to an existing instance? (Choose two.)
A. You can remove the primary VNIC after the secondary VNIC’s attachment is complete.
B. You can remove the secondary VNIC later if it is not needed.
C. The primary and secondary VNIC association should be within the same Availability Domain.
D. It is not possible to connect two VNICs to an instance.
Answer: B
You have provisioned an Autonomous Transaction Processing (ATP) database and logged into the ATP
service console.
What are three abilities that can be performed from this service console? (Choose three.)
create ATP database users

m
reset the admin password

uO4
set resource management rules
monitor database activity and SQL queries

m
Answer: ADE
You are about to upload log file (5 TiB size) to Oracle Cloud Infrastructure object storage and have decided to
use multipart upload capability for a more efficient and resilient upload.
B. While a multipart upload is still active, you cannot add parts even if the total number of parts is less than
10,000

Answer: A C
Explanation
References:
There are multiple options of migrating Oracle Databases from on-premises to Oracle Cloud Infrastructure.
Which two characteristics do you need to consider when choosing a migration method? (Choose two.)
A. On-premises database character set and application version
B. On-premises database version and quantity of data, including indexes
C. On-premises host operating system platform and network bandwidth
D. On-premises connectivity using remote and local VCN peering
Answer: BC
Explanation
References:
For a compute instance that is launched in a private subnet in a Virtual Cloud Network (VCN), which action
needs to be performed to connect to the Internet, assuming that the required security list is properly set up?
A. Assign a Public IP address to the compute instance.
B. Create and configure Network Address Translation (NAT) in a public subnet and route all traffic to it.
C. There is no way for an instance in a private subnet to connect to the Internet.
D. Create a default route entry in the route table to forward all traffic to the Internet gateway.
Answer: B

: 126
Which two statements are true about an Oracle Cloud Infrastructure object storage bucket? (Choose two.)
Answer: C D
Explanation
References:
Which three are valid Terraform configuration components? (Choose three.)
A. variable
region
m
metadata
G9
instance
resource
m
F. data source
Answer: A EF
Which two actions will occur when a back-end server that is registered with a backend set is marked to drain
connections? (Choose two.)
B. It keeps the connections to that instance open and attempts to complete any in-flight requests.
D. It immediately closes all existing connections to that instance.

Answer: A D
Explanation
References:
Your on-premises hosted application uses Oracle database server. Your database administrator must have
access to the database server for managing the application. Your database server is sized for seasonal peak
workloads, which results in high licensing costs. You want to move your application to Oracle Cloud
B. VM DB systems
D. Autonomous Data Warehouse (ADW)
Answer: A
Explanation
References:
You are designing a networking infrastructure in multiple Oracle Cloud Infrastructure regions and require
connectivity between workloads in each region. You have created a dynamic routing gateway (DRG) and a
remote peering connection. However, your workloads are unable to communicate with each other.
What are two reasons for this? (Choose two.)
A. The security lists associated with subnets in each virtual cloud network (VCN) do not have the
appropriate ingress rules
B. Identity and Access Management (IAM) policies have not been defined to allow connectivity across the
two VCNSs in different regions
C. A local peering gateway needs to be created in each VCN with a default route rule added in the route
table forwarding the traffic to the local peering gateway

D. An Internet gateway needs to be created in each VCN with a default route rule added in the route table
forwarding the traffic to the Internet Gateway
E. The route table associated with subnets in each VCN do not have a route rule defined to forward the
traffic to their respective DRGs
Answer: A E
A. A database name cannot be used concurrently for both an Autonomous Data Warehouse (ADW) and an
ATP database
Answer: A
Explanation
References:
Which two statements are true about an Oracle Cloud Infrastructure Virtual Cloud Network (VCN)? (Choose
two.)
A. A VCN can reside in multiple Oracle Cloud Infrastructure regions and Availability Domains.
B. A VCN covers a single contiguous IPv4 CIDR block of your choice.
C. An allowable VCN size range is: /16 to /30.
D. A VCN creates the dynamic routing gateway by default.
Answer: B C
ON NO: 131

A. For private peering, FastConnect extends your existing infrastructure to allow you to consume object
storage from your on-premises data center
B. For private peering, FastConnect extends your existing infrastructure to a virtual cloud network
D. For public peering, a dynamic routing gateway must be configured and attached to the virtual cloud
network (VCN)
Answer: B
Explanation
References:
In which language are Terraform and Terraform providers written?
A. Python
B. Go
C.C
D. Ruby
Answer: B
Explanation
References:
Which three methods can you use to manage Oracle Cloud Infrastructure services? (Choose three.)
A. Oracle Cloud Infrastructure Desktop Client
B. Oracle Cloud Infrastructure Console
C. SSH or RDP
D. Command-line Interface
E. REST API

Answer: ABD
You have been tasked with creating one virtual cloud network (VCN) each for two line of business (LOB)
applications. LOB A and LOB B will need to communicate with each other. To ensure that you can utilize
VCN peering, which network CIDR ranges should be used?
A. VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16)
B. VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25)
C. VCN A (10.0.0.0/16) and VCN B (10.0.16.0/24)
D. VCN A (172.16.0.0/24) and VCN B (172.16.0.0/28)
Answer: A
Which two statements are true about adding secondary VNICs to an existing compute instance? (Choose two.)
C. You can remove the primary VNIC after the secondary VNIC’s attachment is complete
D. The primary and secondary VNIC association can be in different virtual cloud networks (VCNs)
Answer: A B
What is the default backup location for database backup on Database Cloud Service (DBCS)?
A. Object Storage on Oracle Cloud Infrastructure
B. ASM diskgroup
C. block volume
D. locally attached NVMe on Virtual Machine

Answer: A
Explanation
References:
You deployed a compute instance (VM.Standard2.16) to run a SQL database. After a few weeks, you need to
increase disk performance by using NVMe disks; the number of CPUs will not change. As a first step you
terminate the instance and preserve the boot volume.
What is the next step?
A. Create a new instance using a VM.DenseIO2.16 shape using the preserved boot volume and move the
SQL Database data to block volume
B. Create a new instance using a VM.DenselIO2.8 shape using the preserved boot volume and move the
C. Create a new instance using a VM.Standard1.16 shape using the preserved boot volume and move the
D. Create a new instance using a VM.DenseIO2.16 shape using the preserved boot volume move the SQL
Database data to NVMe disks
Answer: A
NO: 157
You must implement a backup solution for your Autonomous Data Warehouse (ADW) that will enable you to
restore data as old as one year with a recovery point objective (RPO) of 10 days.
A. Take weekly manual backups to supplement the automated backups and preserve them for 12 months.
C. Take monthly manual backups to supplement the automated backups and preserve them for 12 months.
D. Take quarterly manual backups to supplement the automated backups and preserve them for 12 months.
Answer: A

Which certificate format is used with the load balancer?
A. PFX
B. PEM
C. PKCS12
D. CRT
Answer: B
NO: 145
You have hired a new employee to run reports from the Autonomous Data Warehouse (ADW) and are not
confident in their SQL writing ability.
Into which consumer group will you assign this individual to minimize the impact of their code?
A. Lowest
Medium
m
C. Highest
D. High
E. Low
Answer: D
Explanation
References:
You are designing a shared storage solution for your company in Oracle Cloud Infrastructure. The proposed
storage solution should allow users to create a hierarchical structure (similar to the directory structure in Linux
or Windows based systems). The solution should provide data encryption and a large amount of storage space.
Which would be the best implementation strategy?

A. Use block storage. Create and attach a large block storage volume to one compute instance. Assign a
public IP to the compute instance. Store data on the block storage and access it by connecting to the
compute instance.
B. Use object storage. Create a single namespace and multiple buckets to create the hierarchical directory
structure.
C. Use object storage. Create multiple namespaces with one bucket each. Make the buckets publicly
accessible.
D. Use file storage service. Create a file system and a mount target. Share the private IP of the mount
target.
Answer: D
You are designing a lab exercise for your team that has a large number of graphics with large file sizes. The
application becomes unresponsive if the graphics are embedded in the application. You have uploaded the
graphics to Oracle Cloud Infrastructure and only added the URL in the application. You need to ensure these
graphics are accessible without requiring any authentication for an extended period of time.
B. Make the object storage bucket private and all objects public and use the URL found in the Object
“Details”.
C. Make the object storage bucket public and use the URL found in the Object “Details”.
Answer: C
NO: 103
You have an Oracle Cloud Infrastructure (OCD) load balancer distributing traffic via an evenly-weighted round
robin policy to your backend web servers. You notice that one of your web servers is receiving more traffic
than other web servers.
A. Check security lists and route tables of your virtual cloud network (VCN) and fix any issues associated
with the rules

Answer: A
Explanation
References:
Where do you find the tnsnames.ora for your Autonomous Data Warehouse (ADW) database?
A. You can download tnsnames.ora from Oracle Cloud Infrastructure web console under ADW details page
B. The tnsnames.ora file is included in credentials.zip file that you download from service console of ADW
D. You are automatically prompted to download the tnsnames.ora file upon creation of the ADW database
Answer: B
Explanation
https://docs.oracle.com/en/cloud/paas/autonomous-data-warehouse-cloud/user/connect-intorduction.html#GUID
Which option lists Virtual Cloud Networks (VCNs) that can be peered?
A. VCN A (172.16.0.0/24) and VCN B (172.16.0.0/28)
B. VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16)
C. VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25)
D. VCN A (10.0.0.0/16) and VCN B (10.0.16.0/24)
Answer: D

Which statement is true about restoring a block volume from a manual or policy-based block volume backup?
A. It can be restored as new volumes to any Availability Domain within the same region.
B. It must be restored as new volumes to the same Availability Domain on which the original block volume
backup resides.
C. It can be restored as new volumes to any Availability Domain across different regions.
D. It can be restored as new volumes with different sizes from the backups.
Answer: A
Explanation
References:
Which two choices are true for Autonomous Data Warehouse (ADW)? (Choose two.)
Answer: C D
Explanation
References:
Where are DB Systems backups stored by default?
A. ASM disk group
B. locally attached NVMe on virtual machine
C. block volume
D. object storage on Oracle Cloud Infrastructure
Answer: D

Which two statements are true about restoring a block volume from a manual or policy-based block volume
backup? (Choose two.)
C. It must be restored as a new volume to the same availability domain (AD) on which the original block
volume backup resides
Answer: A D
NO: 95
D. block volume
Answer: A
Explanation
References:
A new employee has just started working for your company. You create an Oracle Cloud Infrastructure user
account for this employee, following which they are able to log in, but still cannot create any resources.
What should you do to resolve this?
A. Send the employee API Signing Keys to log in.
B. Delete the account and create another one.

C. Make sure that the employee is logging in to the Oracle Cloud Infrastructure account from your
corporate network only.
D. Add the employee to a group with policies to grant access to relevant resources.
Answer: D
What happens when you run terraform plan?
A. It configures, reconfigures, and instantiates resources and their dependencies.
B. It shows the operator the course of action that would be taken if a change is applied.
C. It deletes all existing resources and re-creates them.
D. It shows a dependency graph.
Answer: B
Explanation
References:
When creating a subnet, one or more placeholder security lists are often associated with the subnet. Why?
A. Each operator needs its own security list.
B. Each protocol needs its own security list.
C. Each network endpoint or instance in the subnet needs its own security list.
D. It is not possible to add or remove security lists after a subnet is created.
Answer:
Explanation
References:
When deploying a highly available, Internet-facing, 2-tier web application on Oracle Cloud Infrastructure
(OCD, which design option would you use?

A. Deploy all web servers into one Availability Domain and behind a public load balancer, and deploy two
single-node OCI database systems in the same Availability Domain with Data Guard enabled.
B. Deploy all web servers into multiple Availability Domains and behind a public load balancer, and
deploy two single-node OCI database systems across two Availability Domains with Data Guard
enabled.
C. Deploy all web servers into multiple Availability Domains and behind a private load balancer, and
deploy two single-node OCI database systems across two Availability Domains with Data Guard
enabled.
D. Deploy all web servers into one Availability Domain, and deploy a single-node OCI database system
into a different Availability Domain.
Answer: B
In which two ways does Oracle Cloud Infrastructure (OCD) file storage (FSS) differ from OCI object storage
and block volume services? (Choose two.)
A. Block volume service is NVMe based, while FSS is not
B. Object storage and block volume services offer default encryption, but FSS does not
C. A file system is created within an availability domain, whereas object storage buckets exist at the region
level
D. FSS uses the network file system (NFS) protocol, whereas block volume uses iSCSI
Answer: C D
Explanation
References:
NO: 133
What is true about data guard set up with fast-start failover (FSFO) in Oracle Cloud Infrastructure (OCT)?
A. The best practice for high availability and durability is to run the primary, standby, and observer in
separate availability domains (ADs).
B. When you configure data guard using OCI console, the default mode is set to maxprotection.

D. You cannot use database command line interface (CLD to set up data guard with FSFO.
Answer: A
Explanation
References:
Which two resources reside exclusively in a single availability domain? (Choose two.)
A. compute instance
B. block volume
C. object storage
D. groups
E. virtual cloud network
Answer: A B
Which tool can automatically install Oracle Cloud Infrastructure CLI?
A. Python
B. RPM
C. APT
D. PIP
Answer: A
Explanation
References:
Which statement is true about cloning a volume?

A. You can clone a volume in another region.
B. You need to detach a volume before cloning it.
C. Acloned volume is the same as a snapshot that has a dependency on the source volume.
D. You can change the block volume size when cloning a volume.
Answer: C

About dumpscollection.com
dumpscollection.com was founded in 2007. We provide latest & high quality IT / Business Certification Training
Exam Questions, Study Guides, Practice Tests.
We help you pass any IT / Business Certification Exams with 100% Pass Guaranteed or Full Refund. Especially
Cisco, CompTIA, Citrix, EMC, HP, Oracle, VMware, Juniper, Check Point, LPI, Nortel, EXIN and so on.
View list of all certification exams: All vendors
stftetdts CITRIX poo
cisco CompTiA.
EMC
where information lives
(SC) =><IN juniper
Micresoft ORACLE Se symantec.
We prepare state-of-the art practice tests for certification exams. You can reach us at any of the email addresses listed
below.
© Sales: sales @dumpscollection.com

© Feedback: feedback @ dumpscollection.com
© Support: support @dumpscollection.com
© Skype ID: crack4sure@ gmail.com
Any problems about IT certification or our products, You can write us back and we will get back to you within 24
hours.
Leeeeeeeeed
15% Discount Coupon Code:
3 DC15disc
Version: V12.95
Oracle Cloud Infrastructure 2019 Architect Associate 1Z0-1072
1. When deploying a highly available, Internet-facing, 2-tier web application on Oracle

Cloud Infrastructure (OCI), which design option would you use?
A. Deploy all web servers into one Availability Domain and behind a public load balancer, and
deploy two single-node OCI database systems in the same Availability Domain with Data
Guard enabled. Page | 1
B. Deploy all web servers into multiple Availability Domains and behind a public load balancer,
and deploy two single-node OCI database systems across two Availability Domains with Data
Guard enabled.
C. Deploy all web servers into multiple Availability Domains and behind a private load
balancer, and deploy two single-node OCI database systems across two Availability Domains
with Data Guard enabled.
D. Deploy all web servers into one Availability Domain, and deploy a single-node OCI
database system into a different Availability Domain.
Answer: B
2. Which statement is true about Oracle Cloud Infrastructure FastConnect?

A. For private peering, FastConnect extends your existing infrastructure to allow you to
consume object storage from your on-premises data center
B. For public peering, a dynamic routing gateway must be configured and attached to the
virtual cloud network (VCN)
C. For private peering, FastConnect extends your existing infrastructure to a virtual cloud
network
D. The FastConnect provider network offers only 1 Gbps port connection speed increments
Answer:C
3. Which option lists Virtual Cloud Networks (VCNs) that can be peered?
A. VCN A (172.16.0.0/24) and VCN B (172.16.0.0/28)
B. VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16)
C. VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25)
D. VCN A (10.0.0.0/16) and VCN B (10.0.16.0/24)
Answer: B
4 Which two actions will occur when a back-end server that is registered with a backend set
is marked to drain connections? (Choose two.)
B. It keeps the connections to that instance open and attempts to complete any in-flight
requests.
D. Itimmediately closes all existing connections to that instance.
Answer: A,B
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/Balance/Reference/sessionpersistence.htm The
Load Balancing service considers a server marked drain available for existing persisted
sessions. New requests that are not part of an existing persisted session are not sent to that
server.
5. Which two statements about fault domains are true? (Choose two.)
Version: V12.95

Answer: A,B
6. You are designing a networking infrastructure in multiple Oracle Cloud Infrastructure

regions and require connectivity between workloads in each region. You have created
a dynamic routing gateway (DRG) and a remote peering connection. However, your
workloads are unable to communicate with each other. What are two reasons for this? Page | 2
(Choose two.)
A. The security lists associated with subnets in each virtual cloud network (VCN) do not have
the appropriate ingress rules
B. Identity and Access Management (IAM) policies have not been defined to allow connectivity
across the two VCNs in different regions
C. A local peering gateway needs to be created in each VCN with a default route rule added
in the route table forwarding the traffic to the local peering gateway
D. An Internet gateway needs to be created in each VCN with a default route rule added in
the route table forwarding the traffic to the Internet Gateway
E. The route table associated with subnets in each VCN do not have a route rule defined to
forward the traffic to their respective DRGs
Answer: A,E
7. Which statement is true about Oracle Cloud Infrastructure FastConnect?

A. For private peering, FastConnect extends your existing infrastructure to allow you to
consume object storage from your on-premises data center
B. For private peering, FastConnect extends your existing infrastructure to a virtual cloud
network
D. For public peering, a dynamic routing gateway must be configured and attached to the
virtual cloud network (VCN)
Answer: B
8. Which two Oracle Cloud Infrastructure database services allow you to dynamically
both scale CPU and storage? (Choose two.)
Answer: A,B
9. You have a shared file system between two web servers using File Storage Service
(FSS) and you were tasked to create a backup plan for this environment to protect the
data placed into the shared file system. What is the recommended approach to create
this backup using FSS features?
A. Implement a backup policy to execute a snapshot of the shared volume.
B. Implement a backup policy to copy data from the shared volume to object storage.
C. Compress the data that is in the shared volume and copy it into a different folder on the
boot volume disk.
D. Use the rsync tool to send data from the shared volume to a boot volume disk.
E. Use the rsync tool to send data from the shared volume to a block volume.
Answer:A
10. Which statement is true about Oracle Cloud Infrastructure (OCI) object storage support for
server-side encryption?
A. You must manually enable server-side encryption for each object as you upload to OCI
object storage
Version: V12.95
B. Objects are automatically encrypted as they are uploaded to object storage and decrypted
upon retrieval
D. Only the object data is encrypted and the user-defined metadata that is associated with the
object is not encrypted
Answer: B
Page | 3
Explanation:
References:
https:/Avww.oracle.com/cloud/storage/object-storage-fag.html
11. Your on-premises hosted application uses Oracle database server. Your database
administrator must have access to the database server for managing the application.
Your database server is sized for seasonal peak workloads, which results in high
licensing costs. You want to move your application to Oracle Cloud Infrastructure (OCI)
to take advantage of CPU scaling options. Which database offering on OCI would you
select?
B. VM DB systems
D. Autonomous Data Warehouse (ADWV)
Answer:A
12. You are designing a lab exercise for your team that has a large number of graphics
with large file sizes. The application becomes unresponsive if the graphics are
embedded in the application. You have uploaded the graphics to Oracle Cloud
Infrastructure and only added the URL in the application. You need to ensure these
graphics are accessible without requiring any authentication for an extended period of
time. How can you achieve these requirements?
B. Make the object storage bucket private and all objects public and use the URL found in the
Object "Details".
C. Make the object storage bucket public and use the URL found in the Object "Details".
Answer: C
13. You are deploying a highly available web application in Oracle Cloud Infrastructure
and have decided to use a public load balancer. The back-end web servers will be
distributed across all three availability domains (ADs). How many subnets should you
create to deliver a secure highly available application?
A. three subnets in total; one subnet in each AD
B. five subnets in total; two subnets each in the first and second AD with a single subnet in
the third AD
C. six subnets in total; two subnets in each AD; one for the load balancer and one for the web
servers
D. four subnets in total; one subnet in each AD for the web servers and a single subnet in any
one AD for the load balancer
Answer: C
14. You are about to deploy an e-business application on Oracle Cloud Infrastructure
and one of the requirements is to use a shared file system that supports the NFS
protocol. Which storage service would meet this requirement?
A. object storage
B. block volume
D. file storage
Version: V12.95
Answer: D
15. Which two are valid options when migrating a database from on-premise to Oracle
Cloud Infrastructure? (Choose two.)
A. snapping or cloning storage form on-premise to Oracle Cloud Infrastructure
B. performing a backup to Oracle Cloud Infrastructure Object Storage, and then restoring to a
database server on Oracle Cloud Infrastructure Page | 4
C. performing RMAN backup to an on-premise storage device, and then shipping to Oracle
Cloud
Infrastructure
D. converting the Oracle database to a NoSQL database and migrating to Oracle Cloud
Infrastructure by using rsync file copy
Answer: A,C
16. Your Operations team has recently created a new, standard image that will be used
to launch all new application servers in the Finance compartment. The custom image
currently exists in the Operations compartment. You have access to manage all-
resources in the Finance compartment and do not have access to the Operations
compartment. Which two methods would make the new image available for you to use
when deploying new servers in the Finance compartment? (Choose two.)
A. Instruct the Operations team to reassign the custom image to the Finance compartment so
you can select it from a drop-down list when launching new compute resources.
B. Instruct the Operations team to export the image to an object storage bucket, create a pre-
authenticated request (PAR), and provide you with the URL. Download the custom image to
your laptop and import it as a custom image in the Finance compartment.
C. Instruct the Administrators team to grant you access to use instance-images in the
Operations compartment. Use the Oracle Cloud Identifier (OCID) of the custom image when
launching new compute resources in the Finance compartment.
D. Instruct the Operations team to export the image to an object storage bucket, create a PAR,
and provide you with the URL. Use that URL as the source when importing a custom image.
Import the custom image into the Finance compartment.
E. Instruct the Operations team to export the image to an object storage bucket. Instruct the
Administrators team to grant you access to the object storage bucket where the custom image
is stored. Use the download URL of the custom image as the image source when launching
new compute resources in the Finance compartment.
Answer: C,E
17. Which three actions are required to configure a highly available and secure hybrid
network between Oracle Cloud and your data center? (Choose three.)
A. Define a non-overlapping IP Address Space between the data center and the cloud.
B. Configure each of the CPEs to leverage each of the IPSec Tunnels created by the
connection process.
C. Create two or more CPEs that map to the private IP addresses of the customer routers
used in the IPSec VPN Tunnel.
D. Define a default route table entry for the VCN that directs all traffic to the data center
network to a single DRG.
E. Create dynamic routing gateways in more than one AD within your region.
Answer: A,B,C
Explanation:
https://docs.cloud.oracle.com/iaas/Content/Network/T asks/configuringCPE.htm
18. Which two statements are true about data guard service on DB Systems in Oracle
Cloud Infrastructure (OCI)? (Choose two.)
Version: V12.95
A. Data guard implementation requires two DB Systems, one running the primary database
on a virtual machine and the standby database running on bare metal
B. Data guard configuration on the OCI is limited to one standby database per primary
database
C. Data guard configuration on the OCI is limited to a virtual machine only
D. Data guard implementation requires two DB Systems, one containing the primary database
and one containing the standby database Page | 5
Answer: B,D
19. Which is a customer's responsibility on an Oracle Cloud Infrastructure database?

A. patching the database and OS
B. creating the first default database on the DBCS server
C. creating an ASM diskgroup for data file or temp file storage
D. installing the operating system (OS), Grid Infrastructure, and database software
Answer:A
Explanation:
On autonomous there's no patching needed. But on the regular DB Cloud services you need
to patch the DB and the OS. During the creation on the OCDB the first DB is created
automatically
20. You are in the process of setting up a highly available student registration website
on Oracle Cloud Infrastructure (OCI). You use a load balancer and a database service
on OCI. You launch two compute instances each in a different subnet and add them to
the back end set of a public load balancer. The load balancer is configured correctly
and working. You then deploy the student registration application on these two
compute instances. The application can communicate with the database service.
However, when you type the URL of this student registration application in your
browser, no web page appears. What could be the cause?
A. The security lists of the subnets on which the two instances are located do not have "allow"
rules for port 80 and 443.
B. The load balancer performed a health check on the application and found that compute
instances were not in a healthy state and terminated the instances.
C. The client requested https access to the application and the load balancer service does not
support end-to-end SSL from the client to the listener to the back-end set.
D. The Dynamic Routing Gateway is preventing the client traffic from your data center network
from reaching the public IP of the load balancer.
Answer:A
21. You have created a public subnet and an internet gateway in your virtual cloud
network (VCN). The public subnet has an associated route table and security list.
However, after creating several compute instances in the public subnet, none can reach
the Internet. Which two are possible reasons for the connectivity issue? (Choose two.)
A. The route table has no default route for routing traffic to the internet gateway
B. There is no stateful egress rule in the security list associated with the public subnet
C. There is no dynamic routing gateway (DRG) associated with the VCN
D. There is no stateful ingress rule in the security list associated with the public subnet
Answer: B,D
Explanation:
https://docs.cloud. oracle .com/iaas/Content/Network/Concepts/securitylists.htm
22. You have been notified of an application failure indicating that one or more of the
Oracle Cloud Infrastructure (OCI) resources have become unavailable. After scanning
the Compute and Database consoles, you notice that one of the DB Systems is missing.
Version: V12.95
A. Navigate to the Audit console and search the previous 24 hours for all Delete actions to get
a list of any resource that was deleted in the past 24 hours.
B. Create a serial console connection to the DB System that does not appear in the
management console. Connect to the serial console connection, and then review the system
logs under
/varllog/messages.
C. View the service limits associated with your account to ensure that you have not exceeded Page | 6
the available number of DB system in your tenancy.
D. Navigate to the Audit console and search the previous 24 hours for all List actions to get a
list of every event that occurred in the past 24 hours.
Answer: D
23. What is the maximum IP address size range that you can have in a Virtual Cloud
Network?
A. /16
B. /26
C. /24
D. /8
Answer:A
Explanation:
When you create your VCN, you assign a contiguous IPv4 CIDR block of your choice. VCN
sizes ranging from /16 (65,533 IP addresses) to /30 (1 IP address) are allowed. Example:
10.0.0.0/16,
192.168.0.0/24.
24. When creating a subnet, one or more placeholder security lists are often associated
with the subnet. Why?
A. Each operator needs its own security list.
B. Each protocol needs its own security list.
C. Each network endpoint or instance in the subnet needs its own security list.
D. Itis not possible to add or remove security lists after a subnet is created.
Answer: C
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/securitylists.htm?tocpath=Ser
vices%/CNetworking%/CAccess%20and%20Security%7C 3
25. Your company has been running several small applications in Oracle Cloud
Infrastructure and is planning a proof-of-concept (POC) to deploy PeopleSoft. If your
existing resources are being maintained in the root compartment, what is the
recommended approach for defining security for the upcoming POC?
A. Create a new compartment for the POC and grant appropriate permissions to create and
manage resources within the compartment.
B. Provision all new resources into the root compartment. Grant permissions that only allow
for creation and management of resources specific to the POC.
C. Provision all new resources into the root compartment. Use defined tags to separate
resources that belong to different applications.
D. Create a new tenancy for the POC. Provision all new resources into the root compartment.
Grant appropriate permissions to create and manage resources within the root compartment.
Answer:A
Explanation:
If your organization is small, or if you are still in the proof-of-concept stage of evaluating Oracle
Cloud
Version: V12.95
Infrastructure, consider placing all of your resources in the root compartment (tenancy). This
approach makes it easy for you to quickly view and manage all your resources. You can still
write policies and create groups to restrict permissions on specific resources to only the users
who need access. If you plan to maintain all your resources in the root compartment, we
recommend setting up a separate sandbox compartment to give users a dedicated space to
try out features. In the sandbox compartment, you can grant users permissions to create and
manage resources, while maintaining stricter permissions on the resources in your tenancy Page | 7
(root) compartment.
https:/Awww.oracle.com/a/ocom/docs/best-practices-for-iam-on-oci.pdf
26. You are asked to create a user that will access programmatic endpoints in Oracle
Cloud Infrastructure. The user must not be allowed to authenticate by username and
password. Which two authentication options can you use? (Choose two.)
A. PEM Certificate file
B. Auth tokens
C. API signing key
D. Windows password
E. SSH key pair
Answer: B,C
27. You have multiple applications installed on a compute instance and these
applications generate a large amount of log files. These log files must reside on the
boot volume for a minimum of 15 days and must be retained for at least 60 days. The
60-day retention requirement is causing an issue with available disk space. What are
the two recommended methods to provide additional boot volume space for this
compute instance? (Choose two.)
A. Terminate the instance while preserving the boot volume. Create a new instance from the
boot volume and select a DenselO shape to take advantage of local NVMe storage.
B. Create an object storage bucket and use a script that runs daily to move log files older than
15 days to the bucket.
D. Create a custom image and launch anew compute instance with a larger boot volume size.
E. Write a custom script to remove the log files on a daily basis and free up the space on the
boot volume.
Answer: B,C
28. Which two options are available when setting up DNS for your bare metal and virtual
machine DB Systems? (Choose two.)
C. custom resolver
Answer: C,D
29. Which two statements are true about an Oracle Cloud Infrastructure object storage
bucket? (Choose two.)
Answer: C,D
30. Which three must be configured for a load balancer to accept incoming traffic?
(Choose two.)
A. a listener
Version: V12.95
B. a back-end server
C. a back end set
D. a security list that is open on a listener port
E. acertificate
Answer: A,B,C
Explanation:
https://docs.cloud.oracle.com/iaas/Content/Balance/Tasks/managingloadbalancer.htm?tocpa Page | 8
th=Ser vices%/7CLoad%20Balancing%/C 5 The essential components for load
balancing include:
* A load balancer with pre-provisioned bandwidth.
* A backend set with a health check policy. See Managing Backend Sets.
* Backend servers for your backend set. See Managing Backend Servers.
* One or more listeners . See Managing Load Balancer Listeners.
* Load balancer subnet security rules to allow the intended traffic. To learn more about these
rules, see Security Rules.
* Optionally, you can associate your listeners with SSL server certificate bundles to manage
how your system handles SSL traffic. See Managing SSL Certificates.
31. Which deployment architecture is offered when you deploy the Platform Service
Manager based Database Cloud Service (DBCS) onto Oracle Cloud Infrastructure?
A. Two node Primary RAC database leveraging ACFS for the shared file system
B. Single Instance database with a Single Instance Data Guard in Maximum Performance
mode
C. Single Instance database with a Single Instance Data Guard in Maximum Protection mode
D. Two node Primary RAC database with a two node RAC Data Guard Standby in Maximum
Performance mode
Answer: D
32. Which two resources reside exclusively in a single availability domain? (Choose
two.)
A. compute instance
B. block volume
C. object storage
D. groups
E. virtual cloud network
Answer: A,B
33. Which three methods can you use to manage Oracle Cloud Infrastructure services?
(Choose three.)
A. Oracle Cloud Infrastructure Desktop Client
B. Oracle Cloud Infrastructure Console
C. SSH or RDP
D. Command-line Interface
E. REST API
Answer: B,D,E
Explanation:
https://docs.cloud.oracle.com/iaas/Content/GS G/Concepts/baremetalintro.htm
34. A new employee has just started working for your company. You create an Oracle
Cloud Infrastructure user account for this employee, following which they are able to
log in, but still cannot create any resources. What should you do to resolve this?
A. Delete the account and create another one.
B. Send the employee API Signing Keys to log in.
C. Add the employee to a group with policies to grant access to relevant resources.
Version: V12.95
D. Make sure that the employee is logging in to the Oracle Cloud Infrastructure account from
your corporate network only.
Answer: C
35. You have just created an Autonomous Data Warehouse (ADW) and you want to
connect to the ADW using SQL Developer. What three items are needed to connect to
the ADW using SQL Developer? (Choose three.) Page | 9
A. the keystore password
B. a security list with an ingress rule for TCP port 1521
C. the client credentials file
D. the public IP address of the ADW server
E. the admin password
Answer: A,C,E
Explanation:
httos:/Avww.oracle.com/webfolder/technetwork/tutorials/obe/cloud/adwc/OBE Provisioning
Autonomous Data Warehouse Cloud bak/provisioning autonomous data_warehouse clo
ud. html
36. Why are two subnets required to create a public load balancer when additional
subnets are often used for back-end servers? (Choose two.)
A. Routing is simpler when the load balancer is not in the same subnet as the back-end server.
B. Performance is higher when more subnets are used.
C. Additional subnets for back-end servers allow for separate route tables for these servers.
D. Additional subnets for back-end servers allow for separate security lists for these servers.
Answer: B,D
Explanation:
References:
http:/Avww. oracle.com/webfolder/technetwork/tutorials/obe/cloud/ocis/load-
balancer/loadbalancer.html
37. You create a public Load Balancer instance and configure a back end set "BES1"
with one back end server running a service on port 80. You also create a listener on
port 80 and configure that listener to use the back end set "BES1". A client makes one
HTTP request to the Load Balancer with the correct protocol and port. How many
connections does the Load Balancer maintain?
D.3
Answer: B
38. Which three are capabilities of the dbaascli utility? (Choose three.)
A. Patching the primary database deployment
B. Open port 1521 in the VCN to allow for traffic to the listener
C. Start and open the database instance
D. Switchover and failover in an Oracle Guard configuration
E. Clone a DB
Answer: A,C,D
Explanation:
https://docs.oracle.com/en/cloud/paas/database-dbaas-cloud/csdbi/dbaascli.html
Using the dbaascli utility, you can:
Change the password of a database user.
Start and stop a database.
Start and stop the Oracle Net listener
Version: V12.95
Check the status of the Oracle Data Guard configuration.

Perform switchover and failover in an Oracle Data Guard configuration.
Patch the database deployment.
Perform database recovery.
Rotate the master encryption key.
https://docs.oracle.com/en/cloud/paas/database-dbaas-cloud/csdbi/dbaascli.html
Page | 10
39. Which three can you achieve by using Terraform? (Choose three.)
A. Create resources in the right order without regard to the order in the terraform plan file.
B. Automatically re-provision the resources that are tainted or whose configuration has
changed.
C. Automatically translate a deployed infrastructure and create a plan.
D. Automatically destroy all the resources that are in tenancy.
E. Continuously maintain the configuration files in an instance.
Answer: A,B,D
40. Which storage would you use if your big data workload requires shared access and an
NFS based interface?
A. File Storage
B. Storage Software Cloud Appliance
C. Object Storage
D. Archive Storage
E. Block Volume
Answer:A
Explanation:
References:
httos://docs.cloud.oracle.com/iaas/Content/File/Concepts/filestorageoverview.htm
41. You have an application running on Oracle Cloud Infrastructure. You identified that
the read and write operations are slowing your application down enough to impair user
access. The application is currently using a VM.Standard 1.2 compute without any
block storage attached to it. Which two options allow you to increase disk
performance? (Choose two.)
A. Terminate the compute instance preserving the boot volume. Create a new compute
instance a VM Dense IO shape using the boot volume preserved.
B. Terminate the compute instance preserving the boot volume. Create a new compute
instance using a VM Standard shape and attach a new block volume to host your application.
C. Create a backup of the boot volume. Create anew compute instance a VM Dense IO shape
and restore the backup.
D. Terminate the compute instance and create a backup of the boot volume. Create a new
compute instance using a VM Dense IO shape and restore the backup.
Answer: A,C
42. You are an administrator with an application running on OCI. The company has a
fleet of OCI compute virtual instances behind an OCI Load Balancer. The OCI Load
Balancer Backend Set health check API is providing a ‘Critical’ level warning. You have
confirmed that your application is running healthy on the backend servers. What is the
possible reason for this ‘Critical’ warning?
B. The Backend Server VCN's Route Table does not include the route for OCI LB.
D. The Backend Server VCN's Security List does not include the IP range for the source of
the health check requests.
Answer: D
Explanation:
Version: V12.95
References:
"In this case, your security rules might not include the IP range for the source of the health
check requests. You can find the health check source IP on the Details page for each backend
server. You can also use the API to find the IP in the sourcelpAddress field of the
HealthCheckResult
object."https://docs.cloud.oracle.com/iaas/Content/Balance/T asks/editinghealthcheck.htm#h
ealth-status Page | 11
43. Which three are valid Terraform configuration components? (Choose three.)
A. variable
B. region
C. metadata
D. instance
E. resource
F. data source
Answer: A,E,F
44, At the end of a terraform apply operation, what is the default output?
A. nothing by default
B. statistics about what was added, changed, and destroyed
Answer: D
45. Which DNS resource record type is used to point a host name to an IPv4 address?
A. ALIAS
B.A
C. CNAME
D. AAAA
Answer: B
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/DNS/Reference/supporteddnsresource.htm?tocp
ath=Services%7CDNS%/C 2
46. You are designing a shared storage solution for your company in Oracle Cloud
Infrastructure. The proposed storage solution should allow users to create a
hierarchical structure (similar to the directory structure in Linux or Windows based
systems). The solution should provide data encryption and a large amount of storage
space. Which would be the best implementation strategy?
A. Use block storage. Create and attach a large block storage volume to one compute
instance.
Assign a public IP to the compute instance. Store data on the block storage and access it by
connecting to the compute instance.
B. Use object storage. Create a single namespace and multiple buckets to create the
hierarchical directory structure.
C. Use object storage. Create multiple namespaces with one bucket each. Make the buckets
publicly accessible.
D. Use file storage service. Create a file system and a mount target. Share the private IP of
the mount target.
Answer: D
47. Which statement is true about restoring a block volume from a manual or policy-
based block volume backup?
A. It can be restored as new volumes to any Availability Domain within the same region.
Version: V12.95
B. It must be restored as new volumes to the same Availability Domain on which the original
block volume backup resides.
C. It can be restored as new volumes to any Availability Domain across different regions.
D. It can be restored as new volumes with different sizes from the backups.
Answer:A
48. You are running a mission-critical database in Oracle Cloud Infrastructure (OCI). Page | 12
You take regular backups of your DB system to OCI object storage. Recently, you notice
a failed database backup status in the console. What two steps can you take to
determine the cause of the backup failure? (Choose two.)
D. Make sure that the database is not active and running while backup is in progress
Answer: B,C
49. How can you provide users access to an existing compartment?

B. by adding users to a group and defining a policy to provide the group access to the
compartment
C. by adding users to a compartment. All users in the compartment will have access to the
objects in the compartment.
Answer: B
50. Where do you find the tnsnames.ora for your Autonomous Data Warehouse (ADW)
database?
A. You can download tnsnames.ora from Oracle Cloud Infrastructure web console under ADW
details page
B. The tnsnames.ora file is included in credentials.zip file that you download from service
console of ADW
D. You are automatically prompted to download the tnsnames.ora file upon creation of the
ADW database
Answer: B
Explanation:
https://docs. oracle.com/en/cloud/paas/autonomous-data-warehouse-
cloud/user/connectintorduction. html#GUID-CD4C10A6-1C1E-4969-8F67-1433B6CE626A
51. Your company is moving an Internet-facing, 2-tier web application into Oracle Cloud
Infrastructure. The application must have a highly available architecture. Which two
design options would you consider? (Choose two.)
A. Configure a Dynamic Route Gateway in your VCN and make it highly available.
B. Configure a NAT instance in your Virtual Cloud Network (VCN). Create a route rule by using
the private IP of the NAT instance as a route target for all the private subnets in your VCN.
C. Create an Internet Gateway and attach it to your VCN. Deploy public load balancer nodes
into two Available Domains.
D. Place all web servers behind a public load balancer.
Answer: C,D
52. Which two configuration formats does Terraform support? (Choose two.)
A. YAML
B. JSON
C. HCL
D. XML
Version: V12.95
Answer: B,C
Explanation:
References:
Terraform configuration files can use either of two formats: Terraform domain-specific
language
(HashiCorp Configuration Language format [HCL]), which is the recommended approach, or
JSON format if the files need to be machine-readable. Page | 13
53. What is the maximum CIDR range that can be assigned when configuring a Virtual
Cloud Network?
A. /16
B. /26
C. /24
D. /8
Answer:A
54. You are implementing Oracle Cloud Infrastructure (OCI) FastConnect to access OCI
public access points (e.g. - object storage). You want other Internet traffic from your
on-premises environment to use your existing connection with your ISP. What is the
correct way to establish OCI FastConnect to access these OCI public endpoints?
A. Configure private peering on your FastConnect link. Redistribute BGP routes learned into
your existing routing table and advertise a default from your network infrastructure to OCI.
B. Configure private peering on your FastConnect link with a static route that points to OCI
object storage service.
C. Configure public peering on your FastConnect link with a static route that points to OCI
object storage service.
D. Configure public peering on your FastConnect link. Redistribute BGP routes learned into
your existing routing table and advertise a specific route for your network infrastructure to OCI.
Answer: D
Explanation:
https:/Awww.oracle.com/a/ocom/docs/connectivity-fast-connect-200. pdf
55. You have created a virtual cloud network (VCN) with three private subnets. Two of
the subnets contain application servers and the third subnet contains a DB System.
The application requires a shared file system so you have provisioned one using the
file storage service (FSS). You also created the corresponding mount target in one of
the application subnets. The VCN security lists are properly configured so that both
application servers and the DB System can access the file system. The security team
determines that the DB System should have read-only access to the file system. What
change would you make to satisfy this requirement?
A. Create an NFS export option that allows READ_ONLY access where the source is the
CIDR range of the DB System subnet.
B. Connect via SSH to one of the application servers where the file system has been mounted.
Use the Unix command chmod to change permissions on the file system directory, allowing
the database user read only access.
C. Modify the security list associated with the subnet where the mount target resides. Change
the ingress rules corresponding to the DB System subnet to be stateless.
D. Create an instance principal for the DB System. Write an Identity and Access Management
(IAM) policy that allows the instance principal read-only access to the file storage service.
Answer:A
56. Which two statements about the Oracle File Storage Service (FSS) Security are
accurate? (Choose two.)
A. Oracle IAM controls which filesystems are mountable by which instances.
Version: V12.95
B. Security lists can be used as a virtual firewall to prevent an instance from mounting an FSS
mount target within a subnet.
C. Encryption of file storage in FSS is optional.
D. Data in transit to an FSS mount target is encrypted.
E. FSS leverages UNIX user group and permission checking for file access security.
Answer: B,D
Page | 14
57. Which two tools would you use to manage Database Cloud Service (DBCS)?
(Choose two.)
A. psd
B. Oracle Swingbench
C. SQL Developer
D. Oracle Enterprise Manager
Answer: C,D
58. Which two statements are true about policies?

A. You can use read, write, manage, and inspect as verbs for defining a policy.
B. A policy is a document that specifies who can access which Oracle Cloud Infrastructure
resources that your company has, and how.
C. Users need not do anything but still have to be added to a group with appropriate policies
defined.
D. You can deny access to a group via policies.
Answer: B,C
59. Where is the tenancy Oracle Cloud Identifier (OCID) located?

A. given by support on account creation
B. at the bottom of every console page
C. on the Identity - Users page
D. contained within the compartment OCID
Answer: D
Explanation:
Identity > Compartments >(The root Compartment of the tenancy)
60. Which two statements are true about data guard service on DB Systems in Oracle
Cloud Infrastructure (OCI)?
A. Data guard implementation requires two DB Systems, one running the primary database
on a virtual machine and the standby database running on bare metal.
B. Data guard implementation requires two DB Systems, one containing the primary database
and one containing the standby database.
C. Data guard configuration on the OCI is limited to a virtual machine only.
D. Both DB Systems must use the same VCN, and port 1521 must be open.
Answer: B,D
61. What is a valid option when exporting a custom image?

D. block volume
Answer:A
62. Which five are the required parameters to launch an instance in Oracle Cloud
Infrastructure? (Choose five.)
A. subnet
B. Availability Domain
C. Virtual Cloud Network
Version: V12.95
D. host name
E. instance shape
F. image operating system
G. private IP address
Answer: A,B,C,E,F
Explanation:
References: Page | 15
https://docs.cloud.oracle.com/iaas/Content/Compute/Concepts/computeoverview.htm
63. Which two options are available when configuring DNS resolution for your virtual
cloud network? (Choose two.)
C. custom resolver
Answer: C,D
Explanation:
References:
httos://docs.cloud.oracle.com/iaas/Content/Database/T asks/launchingDB.htm
64. Which two use Oracle dynamic routing gateway (DRG) for connectivity? (Choose
two.)
B. Oracle IPsec VPN
Answer: A,B
65. You currently manage an e-commerce application that utilizes 25 identical compute
resources to handle customer traffic. The stakeholders have asked you to create
another 25 identical compute resources in order to deploy and test a new version of the
software? What is the most efficient process to create 25 additional compute resources
that are identical to the first 25?
A. Create a custom image from 1 of the 25 servers. Use this custom image to provision 25
more servers
B. Create a manual backup of each boot volume belonging to the 25 servers. Restore each
backup to create 25 new boot volumes, from which you will provision 25 more servers
C. Provision a new server and configure it to be identical to the first 25. Create a custom image
from the new server, then use the custom image to provision 24 more servers
D. Clone the boot volume of 1 of the 25 servers. Use the boot volume clone to provision 25
more
Servers
Answer:A
66. Given: When creating multiple subnets within a Virtual Cloud Network (VCN),
security lists are often made to group common services, for example, SSH and RDP
(remote access), 80 and 443 (HTTP), and so on. By default, what is the maximum
number of security lists that can be associated with a subnet upon creation?
A. 4
B. 2
c.5
D.3
Answer:C
Version: V12.95
67. Which three components can you configure in Oracle Infrastructure Identity and
Access Management? (Choose three.)
A. Groups
B. Users
C. Instances
D. Policies
E. VCNs Page | 16
Answer: A,B,D
Explanation:
References:
https://cloud. oracle.com/governance/identity/faq
68. As the Cloud Architect for your company, you have been tasked with designing a
high performance (HPC) cluster in Oracle Cloud Infrastructure (OCI). The following
requirements have been defined:
The cluster must be a minimum of three nodes, but may increase to six nodes when
demand requires. The cluster must be resilient to any potential infrastructure failures.
To minimize latency, all nodes must be deployed within the same availability domain
(AD). Adding or replacing nodes within the cluster should take no more than 30
minutes. Which two steps should be performed to satisfy these requirements in OCI?
(Choose two.)
A. Deploy the cluster in a single AD with a shared file system that leverages the file storage
service (FSS). Deploy a standby cluster in another AD and configure it to use the same shared
file system.
B. Deploy the cluster in a single AD. Place each of the nodes in one of the three different fault
domains in that AD.
C. Create a backup of your HPC node compute instance boot volume. Launch new compute
instances directly from the backup reduce provisioning time.
D. Create a custom image of your HPC node compute instance. Launch new compute
instances using this image to reduce provisioning time.
E. Deploy the cluster in a single AD. Place each of the nodes in a different virtual cloud network
(VCN) subnet.
Answer: A,D
69. You have an Oracle Cloud Infrastructure (OCI) load balancer distributing traffic via
an evenly weighted round robin policy to your backend web servers. You notice that
one of your web servers is receiving more traffic than other web servers. How can you
resolve this imbalance?
A. Check security lists and route tables of your virtual cloud network (VCN) and fix any issues
associated with the rules
Answer: D
70. Which three are default Virtual Cloud Network (VCN) components? (Choose three.)
A. Security List
B. Dynamic Routing Gateway
C. DHCP options
D. Internet Gateway
E. Route Table
Answer: A,C,E
Explanation:
References:
(1) => Populated by Default (0) => Not Populated by Default
Version: V12.95
Resources ========== Subnets (0) Route Tables (1) Internet Gateways (0) Dynamic
Routing
Gateways (0) Network Security Groups (0) Security Lists (1) DHCP Options (1) Local Peering
Gateways
(0) NAT Gateways (0) Service Gateways (0)
71. What happens when you run terraform plan? Page | 17

A. It configures, reconfigures, and instantiates resources and their dependencies.
B. It shows the operator the course of action that would be taken if a change is applied.
C. It deletes all existing resources and re-creates them.
D. It shows a dependency graph.
Answer: B
Explanation:
References:
The terraform plan command is used to create an execution plan. Terraform performs a
refresh, unless explicitly disabled, and then determines what actions are necessary to achieve
the desired state specified in the configuration files. This command is a convenient way to
check whether the execution plan for a set of changes matches your expectations without
making any changes to real resources or to the state. For example, terraform plan might be
run before committing a change to version control, to create confidence that it will behave as
expected.
72. Which two statements are true about Oracle Cloud Infrastructure Compute Service?
(Choose two.)
A. You can launch a virtual or bare metal instance by using the same Launchinstance API.
B. You cannot launch a bare metal server in Oracle Cloud Infrastructure Compute Service.
C. You can attach a block volume in an Availability Domain other than your compute instance.
D. You can share custom images across tenancies and regions.
Answer: A,D
Explanation:
References:
Regions and Availability Domains Volumes are only accessible to instances in the same
availability domain . You cannot move a volume between availability domains or regions.
FYI: https://docs.cloud.oracle.com/iaas/Content/Block/Concepts/overview.htm
73. You are about to upload log file (5 TiB size) to Oracle Cloud Infrastructure object
storage and have decided to use multipart upload capability for a more efficient and
resilient upload. Which two statements are true about multipart upload? (Choose two.)
B. While a multipart upload is still active, you cannot add parts even if the total number of parts
is less than 10,000
Answer: A,C
74, You have an application deployed in Oracle Cloud Infrastructure running only in the
Phoenix region. You were asked to create a disaster recovery (DR) plan that will protect
against the loss of critical dat a. The DR site must be at least 500 miles from your
primary site and data transfer between the two sites must not traverse the public
Internet. Which is the recommended disaster recovery plan?
A. Create a new virtual cloud network (VCN) in the Phoenix region and create a subnet in one
availability domain (AD) that is not currently being used by your production systems. Establish
VCN peering between the production and DR sites.
B. Create a DR environment in Ashburn. Associate a DRG with the VCN in each region and
create a remote peering connection between the two VCNs.
Version: V12.95
C. Create a DR environment in Ashburn and provision a FastConnect virtual circuit using DRG
between the regions.
D. Create a DR environment in Ashburn. Associate a dynamic routing gateway (DRG) with
the VCN in each region and configure an IPsec VPN connection between the two regions.
Answer: C
75. You have an external facing web server running in the Oracle Cloud Infrastructure Page | 18
(OCI) London region. You are notified that customers in North America and Australia
are facing high latency while connecting to your web server. Which services are
available on OCI that can help you get current latency statistics to your web server from
these markets?
A. Use DNS Zone Management service to check latency over that connection
B. Setup an IPsec VPN with customers in those markets and check latency over that
connection
C. Use the Internet Intelligence tool. Run tests using the web server's public IP address and
review traceroute details from different vantage points
D. Setup a FastConnect with customers in those markets and check latency over that
connection
Answer:C
Explanation:
The second tool, OCI IP Troubleshooting, helps troubleshoot issues with public facing IP
addresses. This feature is also part of our Internet Intelligence toolset, providing analytical
insight to help network operations teams reduce the time it takes to troubleshoot an issue by
providing awareness of availability and latency across the Internet.
Ref: httos://blogs.oracle.com/cloud-infrastructure/internet-intelliqence,-now-available-in-the-
oraclecloud-infrastructure-console
76. A new employee has just started working for your company. You create an Oracle
Cloud Infrastructure user account for this employee, following which they are able to
log in, but still cannot create any resources. What should you do to resolve this?
A. Send the employee API Signing Keys to log in.
B. Delete the account and create another one.
C. Make sure that the employee is logging in to the Oracle Cloud Infrastructure account from
your corporate network only.
D. Add the employee to a group with policies to grant access to relevant resources.
Answer: D
77. You are planning to deploy a multi-region web application in Oracle Cloud
Infrastructure (OCI). You have customers in North America, Asia and Europe who will
access the application. What service is available in OCI to help you choose the regions
the lowest latency to these markets?
A. Internet Intelligence
B. FastConnect
C. IPsec VPN
D. DNS Zone Management
Answer:A
78. You are a network architect and have designed the network infrastructure of a three-
tier application on Oracle Cloud Infrastructure (OCI). In the architecture, back-end DB
servers are in a private subnet. One of your DB administrators requests to have access
to OCI object storage service. How can you meet this requirement?
A. Create a service gateway, add a new route rule to the private subnet route table that uses
storage as your service gateway target type
B. Create a dynamic routing gateway (DRG) and attach it your virtual cloud network (VCN).
Add a default route rule to the private subnets route table and set the target as DRG
Version: V12.95
C. Attach a public IP address to the instances in the private subnet, and then add a new route
rule to the private subnet route table to route default traffic to the internet gateway
D. Add a new route rule to the private subnet route table to route default traffic to the internet
gateway
Answer:A
79. Which service is NOT supported by Oracle Cloud Infrastructure CLI?
A. load balancer Page | 19
B. compute
C. database
D. block volumes
Answer: D
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/API/Concepts/cliconcepts.htm#services
80. Where are DB Systems backups stored by default?

A. ASM disk group
B. locally attached NVMe on virtual machine
C. block volume
D. object storage on Oracle Cloud Infrastructure
Answer: D
81. You need to transfer over 12 TB of data from on-premises to your cloud account.
You started copying this data over the internet and noticed that it will take too long to
complete. Without increasing the costs of your subscription, what is the recommended
way to send this amount of data to your cloud account?
A. Use Data Transfer Service to send your data.
B. Split the data into multiple parts and use the multipart tool.
C. Use a 10 GB FastConnect line to send the data.
D. Send the data over a VPN IPsec tunnel.
E. Compress the data and use the multipart tool.
Answer:A
Explanation:
References:
Overview of Data Transfer Service Oracle offers offline data transfer solutions that let you
migrate data to Oracle Cloud Infrastructure. Moving data over the public internet is not always
feasible due to high network costs, unreliable network connectivity, long transfer times, and
security concerns. Our transfer solutions address these pain points, are easy to use, and
provide significantly faster data upload compared to over-the-wire data transfer.
https://docs.cloud. oracle. com/iaas/Content/DataTransfer/Concepts/overview.htm
82. Your company has decided to move a few applications to Oracle Cloud
Infrastructure and you have been asked to design it for Disaster Recovery (DR). One of
the items of your design is to deploy the DR at least 300 miles from the home site and
minimize the network latency as much as possible. Based on that, what will be the
recommended deployment?
A. Deploy applications in two separated VCNs in different Availability Domains and use VCN
Remote Peering
B. Deploy applications in different regions and have them connected using VCN Remote
Peering
C. Deploy applications in two separated VCNs in different regions and use VCN Local Peering
D. Deploy applications on the same region splitting workloads across Availability Domains.
Answer: B
83. Which statement is true about Oracle Cloud Infrastructure Object Storage Service?
Version: V12.95
A. An Archive Object Storage tier bucket can be upgraded to the Standard Object Storage tier.
B. You cannot directly download an object from an Archive Object Storage bucket.
C. An existing Standard Object Storage tier bucket can be downgraded to the Archive Object
Storage tier.
D. Data retrieval in Archive Object Storage is instantaneous.
Answer: B
Page | 20
84. What is the default backup location for database backup on Database Cloud Service
(DBCS)?
A. Object Storage on Oracle Cloud Infrastructure
B. ASM diskgroup
C. block volume
D. locally attached NVMe on Virtual Machine
Answer:A
Explanation:
References:
https://docs.oracle.com/en/cloud/paas/database-dbaas-cloud/csdbi/backing.
html
85. Your company has decided to move a few applications to Oracle Cloud
Infrastructure (OCI) and you have been asked to design a cloud-based disaster
recovery (DR) solution. One of the requirements is to deploy the DR resources at least
300 miles from the home OCI region and minimize the network latency. What will be the
recommended deployment?
A. Deploy production and DR applications in the same VCN. Create production subnets in one
AD, and DR subnets in another AD.
B. Deploy production and DR applications in two separate VCNs in different availability
domains
(ADs) within your home region, and then use a VCN remote peering connection for
connectivity.
C. Deploy production and DR applications in two separate VCNs, each in different regions.
Connect them using a VCN remote peering connection.
D. Deploy production and DR applications in two separate virtual cloud networks (VCNs), each
in different regions, and then use VCN local peering gateways for connectivity.
Answer: C
86. You want an instance in your compartment to make API calls to other services within
Oracle Cloud Infrastructure without storing credentials in a configuration file. What do
you need to do?
A. No action is required. By default, all VM instances are created with an Instance Principal.
B. Instances cannot access services outside their compartment.
C. VM instances are treated as users. Create a user and assign the user to that VM instance.
D. Create appropriate matching rules in the Dynamic Group to create an Instance Principal.
Answer: D
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingdynamicgroups.htm
87. You have provisioned an Autonomous Data Warehouse (ADW) database with 16
enabled OCPUs and need to configure the consumer group for your application. Which
two are true when deciding the number of sessions for each application? (Choose two.)
A. The MEDIUM and LOW consumer group can run up to 16 concurrent SQL statements if
HIGH consumer group has 0 SQL statements
B. The HIGH consumer group can run up to 16 concurrent SQL statements as long as
MEDIUM and LOW consumer groups have 0 SQL statements
Version: V12.95
C. The MEDIUM consumer group can run 20 concurrent SQL statements when HIGH
consumer group has 0 SQL statements
D. The HIGH consumer group can run up to 16 concurrent SQL statements in addition to 32
concurrent SQL statements in MEDIUM and LOW consumer group each
E. The HIGH consumer group can run 3 concurrent SQL statements when MEDIUM consumer
group has 0 SQL statements
Answer: C,E Page | 21
Explanation:
References:
https://docs. oracle.com/en/cloud/paas/autonomous-data-warehouse-
cloud/user/connectpredefined.
html#GUID-9747539B-FD46-44F 1-8F F8-F5AC650F 15BE
88. What is true about data guard set up with fast-start failover (FSFO) in Oracle Cloud
Infrastructure (OCI)?
A. The best practice for high availability and durability is to run the primary, standby, and
observer in separate availability domains (ADs).
B. When you configure data guard using OCI console, the default mode is set to
maxprotection.
D. You cannot use database command line interface (CLI) to set up data guard with FSFO.
Answer:A
89. You are designing a two-tier web application in Oracle Cloud Infrastructure (OCI).
Your clients want to access the web servers from anywhere, but want to prevent access
to the database servers from the Internet. Which is the recommended way to design the
network architecture?
A. Create public subnets for web servers and private subnets for database servers in your
virtual cloud network (VCN), and associate separate internet gateways for each subnet.
B. Create public subnets for web servers and associate a dynamic routing gateway with that
subnet, and a private subnet for database servers with no association to dynamic gateway.
C. Create public subnets for web servers and private subnets for database servers in your
VCN, and associate separate security lists and route tables for each subnet.
D. Create a single public subnet for your web servers and database servers, and associate
only your web servers to internet gateway.
Answer: C
90. Which statement is true about DB Systems?

A. Data Guard as a Service is offered between regions.
B. You cannot manage the database as sys/sysdba.
C. You have full control over the automatic backup schedule and retention periods.
D. You can manage Oracle database initialization parameters at a global level.
Answer: A,C
91. You are managing a tier-1 OLTP application on an Autonomous Transaction

Processing (ATP) database. Your business needs to run hourly batch processes on this
ATP database that may consume more CPUs than what is available on the server. How
can you limit these batch processes to not interfere with the OLTP transactions?
A. Copy OLTP data into new tables in a new table space and run batch processes against
these new tables
Version: V12.95
D. Configure ATP resource management rules to manage runtime and IO consumption for the
consumer group of batch processes
Answer: D
92. Which two features are offered natively on Oracle Cloud Infrastructure Database
Cloud Service (DBCS)? (Choose two.)
A. Data Guard in Async mode within a region Page | 22
B. GoldenGate replication between two regions
C. Data Guard in Maximum Protection mode
D. backup to Object Storage
Answer: A,D
Explanation:
Data Guard in Maximum Performance protection mode is supported not simply Maximum
Protection mode, however, you can configure additional protection modes and transport types
by logging on to the DB system and accessing Data Guard command-line interface(
DGMGRL).
93. Which two resources are availability domain constructs? (Choose two.)
A. VCN
B. Groups
C. Block Volume
D. Compute Instance
E. Object Storage
Answer: C,D
Explanation:
References:
httos://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#one
94. Within your tenancy you have a compute instance with a boot volume and a block
volume attached. The boot volume contains the OS and the attached block volume
contains the instance's important data. Logs on the boot volume have filled the boot
volume and are causing issues with the OS. What should you do to resolve this
situation?
A. Stop the instance that is full. Create a manual backup of the block storage before making
changes. Detach the block volume, create a new instance of the same shape with a larger
custom boot volume and attach the block volume to the new instance. Configure the OS and
any related application(s) to access the block volume under the same mount point as before.
B. Create a new instance with a larger boot volume size as well a new block volume which is
the same size or larger than the one attached to the full instance. rsync the state of the boot
volume and the state of the block volume between the two instances.
C. Detach the block volume from the full instance. Create a new instance of the same shape
with a larger boot volume and rsync the state of the boot volume between the instances. Attach
the block volume to the new instance.
D. Create a manual backup of the block storage instance. Create a custom image of the full
instance. Once that completes deploy the custom image to a new instance.
Answer:A
Explanation:
https://docs.cloud.oracle.com/en-us/iaas/Content/Block/Tasks/resizingavolume.htm
95. Which two identity providers can your administrator federate with Oracle Cloud
Infrastructure? (Choose two.)
A. Microsoft Active Directory
B. Oracle Identity Cloud Services
C. AWS Directory Services
D. Google Directory Federation Services
Version: V12.95
Answer: A,B
Explanation:
References:
Oracle Cloud Infrastructure supports federation with Oracle Identity Cloud Service and
Microsoft
Active Directory (via Active Directory Federation Services (AD FS)), and any identity provider
that supports the Security Assertion Markup Language (SAML) 2.0 protocol. Page | 23
96. Which tool can automatically install Oracle Cloud Infrastructure CLI?
A. Python
B. RPM
C. APT
D. PIP
Answer: D
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/API/SDKDocs/climanualinst.htm
97. Which statement is true regarding Autonomous Transaction Processing (ATP)?

A. A database name cannot be used concurrently for both an Autonomous Data Warehouse
(ADW) and an ATP database
Answer:A
98. Which two statements are true about restoring a block volume from a manual or
policybased block volume backup? (Choose two.)
C. It must be restored as a new volume to the same availability domain (AD) on which the
original block volume backup resides
Answer: A,D
Explanation:
A - Backups are encrypted and stored in Oracle Cloud Infrastructure Object Storage, and can
be restored as new volumes to any availability domain within the same region they are stored.
D- You can restore a block volume backup to a larger volume size. To do this, check Custom
Block Volume Size (GB), and then specify the new size. You can only increase the size of the
volume, you cannot decrease the size.
99. You have created a public subnet in a VCN, and your public subnet has a Route
Table, a Security List, and an Internet Gateway. However, none of the compute
instances can connect to the Internet. Which two are possible reasons for the
connectivity issue? (Choose two.)
Answer: A,B
100. You have successfully configured identity federation between Oracle Cloud
Infrastructure (OCI) and Oracle Identity Cloud Services (IDCS). A new project manager
wants access to OCI for her team and provides the name of an existing group within
IDCS to use when granting access. How do you configure federation to allow the project
team access to OCI resources?
Version: V12.95
A. Create a new IAM group in OCI and map it to the existing IDCS group. Create a new policy
in IDCS and reference the name of the IAM group.
B. Create a new Identity and Access Management (IAM) policy in OCI and reference the name
of the IDCS group in each policy statement.
C. Create anew compartment in OCI with the same name as the existing IDCS group. Create
an IAM policy that references the new compartment and the name of the IDCS group.
D. Create a new IAM group in OCI and map it to the existing IDCS group. Create a new IAM Page | 24
policy and reference the name of the IAM group in each policy statement.
Answer: D
101. Which two statements define the types of DNS resolvers that exist? (Choose two.)
A. A custom resolver allows instances to use the host names of the hosts in your on-prem
network that are connected to your VCN by an IPSec VPN connection.
B. A VCN resolver allows instances to use the host names of the hosts in your on-prem
network that are connected to your VCN by an IPSec VPN connection.
C. A VCN resolver allows instances to use host names to communicate with instances on
other VCNs in your tenancy.
D. An Internet resolver allows instances to use the host names that are published on the
Internet.
Answer: A,D
Explanation:
https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/dns.htm
This is an Oracle-provided option that includes two parts: Internet Resolver: Lets instances
resolve hostnames that are publicly published on the internet. The instances do not need to
have internet access by way of either an internet gateway or a connection to your on-premises
network (such as an IPSec VPN connection through a DRG ). VCN Resolver: Lets instances
resolve hostnames (which you can assign) of other instances in the same VCN. For more
information, see About the DNS Domains and Hostnames. By default, new VCNs you create
use the Internet and VCN Resolver. If you're using the Networking API, this choice refers to
the VcnLocalPlusInternet enum in the DhcpDnsOption object. The Internet and VCN Resolver
does not let instances resolve the hostnames of hosts in your onpremises network connected
to your VCN by IPSec VPN connection or FastConnect. Use your own custom DNS resolver
to enable that.
https://docs.cloud. oracle .com/iaas/Content/Network/Concepts/dns.htm?Highlight=-DNS%20r
esolver#About
102. You are responsible for creating and maintaining an enterprise application that
consists of multiple storage volumes across multiple instances. The storage volumes
include boot volumes and block volumes for your data storage. You need to create
backups of these storage volumes in the most time-efficient manner. How can you meet
this requirement?
A. You can create clones of storage volumes one at a time
B. You can group together multiple storage volumes in a volume group and create volume
group backups
C. You can create on-demand one-off backups of boot volumes, but not block volumes
D. You can create on-demand one-off backups of block volumes, but not boot volumes
Answer: B
103. When terminating a compute instance, which statement is true?

Answer: D
Version: V12.95
104. For a compute instance that is launched in a private subnet in a Virtual Cloud
Network (VCN), which action needs to be performed to connect to the Internet,
assuming that the required security list is properly set up?
A. Assign a Public IP address to the compute instance.
B. Create and configure Network Address Translation (NAT) in a public subnet and route all
traffic to it. Page | 25
C. There is no way for an instance in a private subnet to connect to the Internet.
D. Create a default route entry in the route table to forward all traffic to the Internet gateway.
Answer: D
105. Which service would you use if your big data workload required shared access
and NFSbased connectivity?
A. block volume
B. archive storage
C. object storage
D. file storage
Answer: D
106. Which two statements are true about adding secondary VNICs to an existing
C. You can remove the primary VNIC after the secondary VNIC's attachment is complete
D. The primary and secondary VNIC association can be in different virtual cloud networks
(VCNs)
Answer: A,B
107. What is the maximum number of security lists that can be associated with a
subnet?
A. four
B. three
C. five
D. two
Answer: C
Explanation:
you may optionally specify one or more security lists for the subnet to use (up to five). If you
don't specify any, the subnet uses the cloud network's default security list. You can change
which security list the subnet uses at any time.
https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/managingVCNs.htm
108. Which two are true for achieving High Availability on Oracle Cloud Infrastructure?
(Choose two.)
A. Store your database across multiple regions so that half of the data resides in one region
and the other half resides in another region.
B. Attach your block volume form Availability Domain 1 to a compute instance in Availability
Domain 2 (and vice versa) so that they are highly available.
C. Configure your database to have Data Guard in another Availability Domain in Sync mode
within a region.
D. Store your database files on Object Storage so that they are available in all Availability
Domains in all regions.
Answer: C,E
Version: V12.95
109. Which two statements are true about the Oracle Cloud Infrastructure Object
Storage Service? (Choose two.)
A. It provides higher lIOPS than Block Storage.
B. It can be directly attached or detached from a compute instance.
C. Data is stored redundantly only in a single AD.
D. Data is stored redundantly across multiple availability domains (ADs).
E. It provides strong consistency. Page | 26
Answer: D,E
Explanation:
STRONG CONSISTENCY When a read request is made, Object Storage always serves the
most recent copy of the data that was written to the system. DURABILITY Object Storage is a
regional service. Data is stored redundantly across multiple storage servers. Object Storage
actively monitors data integrity using checksums and automatically detects and repairs corrupt
data. Object Storage actively monitors and ensures data redundancy. If a redundancy loss is
detected, Object Storage automatically creates more data copies. For more details about
Object Storage durability, see the Oracle Cloud Infrastructure Object Storage FAQ. CUSTOM
METADATA You can define your own extensive metadata as key-value pairs for any purpose.
For example, you can create descriptive tags for objects, retrieve those tags, and sort through
the data. You can assign custom metadata to objects and buckets using the Oracle Cloud
Infrastructure CLI or SDK. See Software Development Kits and Command Line Interface for
details. ENCRYPTION Object Storage employs 256-bit Advanced Encryption Standard (AES-
256) to encrypt object data on the server. Each object is encrypted with its own key. Data
encryption keys are encrypted with a master encryption key that is frequently rotated.
Encryption is enabled by default and cannot be turned off.
110. For what business need should you use Database Cloud Service (DBCS) instead
of Oracle database on a compute instance?
A. to bring your own license on a compute service
B. to lower license and infrastructure cost
C. to implement Oracle RAC for high availability
D. to build an Oracle database on a compute service
Answer: C
111. You want an Oracle Cloud Infrastructure (OCI) compute instance in your
compartment to make API calls to other services within OCI without storing credentials
in a configuration file. What do you need to do?
A. Create a dynamic group with appropriate matching rules to include the instance, and
reference this group in your IAM policy statement
C. VM instances are treated as users. Create a user, assign the user to that VM instance, and
reference the instance in your Identity and Access Management (IAM) policy statement
D. By default, all VM instances are created with an instance principal. Reference this instance
principal in your IAM policy statement
Answer:A
112 Which two statements are true about subnets within a VCN? (Choose two.)
A. You can have multiple subnets in an Availability Domain for a given VCN.
B. Private and Public subnets cannot reside in the same Availability Domain for a given VCN.
C. Subnets can have their IP addresses overlap with other subnets in another network for a
given
VCN.
D. Instances obtain their private IP and the associated security list from their subnets.
Answer: A,D
Explanation:
References:
Version: V12.95
https://cloud.oracle.com/en_US/bare-metal-network/vcn/faq
113. Which two statements are true about Database Cloud Service (DBCS)? (Choose
two.)
A. Data Guard as a Service is offered among regions.
B. You have full control over backup schedule and retention.
C. You can manage Oracle parameters at a global system level. Page | 27
D. You cannot manage the database as sys/sysdba.
Answer: B,C
Explanation:
References:
https://cloud.oracle.com/database/faq#backup
Can | set up Data Guard across Availability Domains? Yes, you can set up Data Guard in the
same or
different Availability Domains in a region. However, Oracle recommends that you set up your
Data
Guard configuration across Availability Domains. Can | set up Data Guard across Oracle
Cloud
Infrastructure regions? Yes, you can set up Data Guard across regions, "but the Database
Cloud Service Data Guard feature currently does not support it. " You can manually set up
Data Guard across regions by logging on to your host and using DGMGRL. You must enable
an internet gateway on the primary and standby DB system VCN for Data Guard to transport
logs across regions. Learn more about DGMGRL. To configure a Data Guard system across
regions or between on-premises and Oracle Cloud Infrastructure DB systems, you must
access the database host directly and use the DGMGRL utility.
https://docs.cloud.oracle.com/iaas/Content/Database/T asks/usingdataguard.htm
114. Your company is developing a new database application in Oracle Cloud

Infrastructure. You need to test application functionality including a hardware failure
scenario. Since the application is still in the development phase, you want to minimize
infrastructure costs. Which database service deployment option meets this
requirement?
A. two node real application cluster (RAC) system
B. Autonomous Data Warehouse (ADW) system as it provides auto fail over functionality
C. two node bare metal system with data guard enabled
D. single node bare metal system
Answer:A
115. Which two statements are true about encryption on Oracle Cloud Infrastructure
(OCI)? (Choose two.)
Answer: A,C
Explanation:
33
References:
https://cloud.oracle.com/storage/object-storage/features
116. Which certificate format is used with the load balancer?

A. PFX
B. PEM
C. PKCS12
D. CRT
Version: V12.95
Answer: B
Explanation:
https://docs.cloud.oracle.com/iaas/Content/Balance/Tasks/managingcertificates.htm
117. You have been tasked with creating one virtual cloud network (VCN) each for two
line of business (LOB) applications. LOB A and LOB B will need to communicate with
each other. To ensure that you can utilize VCN peering, which network CIDR ranges Page | 28
should be used?
A. VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16)
B. VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25)
C. VCN A (10.0.0.0/16) and VCN B (10.0.16.0/24)
D. VCN A (172.16.0.0/24) and VCN B (172.16.0.0/28)
Answer: C
118. You are tasked with creating a highly available clustered application on Oracle
Cloud Infrastructure consisting of three nodes. The round-trip latency between nodes
must be less than 500 us (micro-seconds) and your cluster should be resilient to
hardware failure. What is the recommended deployment strategy?
A. Deploy the cluster nodes in a single region and deploy each node into a different AD. Select
the same fault domain in each AD to ensure consistency.
B. Deploy the cluster nodes in two separate regions and take advantage of multiple availability
domains (ADs) in each region.
C. Deploy the cluster nodes in a single region and deploy each node into a different AD.
D. Deploy the cluster nodes in a single region and deploy each node in different fault domains
within a single AD.
Answer: D
119. Which two statements about file storage service (FSS) are accurate? (Choose two.)
C. Identity and Access Management (IAM) controls which file systems are mountable by which
instances
D. Security lists can be used as a virtual firewall to prevent an instance from mounting an FSS
mount target within the same subnet
Answer: A,D
120. Your organization has deployed a large, complex application across multiple
compute instances in Oracle Cloud Infrastructure (OCI). These compute instances also
have block volume storage attached to them. You want to create a time consistent
backup of these block volume storage. Which implementation strategy should be used?
Answer: D
121. Which scaling option does Database Cloud Service (DBCS) on Bare Metal Shape
offer?
A. network bandwidth
B. CPU
C. storage
D. memory
Answer: B
Explanation:
Version: V12.95
References:
https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/managingDBsystem.htm
122. You are running your warehouse using Autonomous Data Warehouse (ADW)
service and you noticed that a newly configured batch job is always running in serial
even through nothing else is running in the database. All your jobs are configured to
run with parallelism enabled. What could be the reason for this batch job to run in Page | 29
serial?
A. The batch job depends on only one table and parallelism cannot be enabled on single-table
queries.
B. The parallelism of batch job depends on the number of ADW databases involved in the
query.
C. The new batch job is connected to LOW consumer group.
D. The new batch job runs on database tables that are not enable for parallel execution.
E. Parallelism on the database is controlled by the application, not the database.
Answer: C
123. Which two choices are true for Autonomous Data Warehouse (ADW)? (Choose
two.)
Answer: C,D
124. What does Terraform use to create, manage, and manipulate infrastructure
resources?
A. resources
B. provisioner
C. instances
D. provider
Answer: D
Explanation:
The Oracle Cloud Infrastructure provider is used to interact with the many resources supported
by the Oracle Cloud Infrastructure. The provider needs to be configured with credentials for
the Oracle Cloud Infrastructure account.
125. You are designing a high bandwidth, redundant connection between your data
center and Oracle Cloud Infrastructure (OCI). While researching for OCI FastConnect
locations, you notice that you are co-located with Oracle at one of the Oracle
FastConnect locations in the Ashburn region. What is the recommended design in this
scenario?
A. Create a cross-connect group and have two or more cross-connects in that group. Create
an IPsec VPN connection on this group.
B. Setup two IPsec connections between your data center and OCI Ashburn region. Create a
OCI load balancer to distribute the traffic across the two connections.
C. Create a cross-connect group and have at least two or more cross-connects in that group.
Create at least two or more virtual circuits in the group.
D. Create a cross-connect group and have at least one cross-connect in that group. Create at
least one virtual circuit in the group.
Answer: C
126. Which three actions need to be performed before attempting a data transfer service
job?
A. Obtain an available host machine which can run the dts utility on-premise with SATA or
USB drives attached for the transfer job.
Version: V12.95
B. Get access to a high-speed internet connection

C. Data Transfer Service and Storage Service Limits should be checked and raised if required.
D. Set up SSH access to a host on OCI to coordinate the transfer job.
E. Create an object bucket to receive the job.
Answer: A,C,E
127. When terminating a compute instance, you want to preserve the boot volume and Page | 30
its data. Which step will you need to perform?
A. You cannot preserve the boot volume; it will always be deleted when you terminate the
instance.
B. Reboot the instance first, and then terminate the instance.
C. Disable the default option to delete the boot volume when terminating an instance.
D. Before terminating the instance, you must detach the boot volume.
Answer: C
Explanation:
References:
The dialog will show you when you terminate the instance. If you want to preserve the boot
volume associated with the instance, uncheck Permanently delete the attached Boot Volume.
https://docs.cloud.oracle.com/iaas/Content/Compute/T asks/terminatinginstance.htm
128. Which statement is true about cloning a volume?

A. You can clone a volume in another region.
B. You need to detach a volume before cloning it.
C. Acloned volume is the same as a snapshot that has a dependency on the source volume.
D. You can change the block volume size when cloning a volume.
Answer: D
129. Which two options are true for Autonomous Transaction Processing (ATP)
database?
(Choose two.)
B. You can scale storage up or down in ATP
C. You can scale CPU up or down in ATP
D. You can add more Pluggable Database for consolidating multiple databases in ATP
E. You can add new ORACLE_HOME for bringing older versions of on-premises databases
to ATP
Answer: B,C
130. A customer wants to do development on premise while leveraging services such

as Java Cloud, Mobile Developer Cloud, and App Builder Services. The customer would
also like to scale out the application, stretching from on-premises to the cloud by using
acommon API. Which two Infrastructure options can the customer leverage to do this?
(Choose two.)
A. Oracle Cloud at Customer
B. Oracle Cloud Infrastructure Classic
C. Oracle Cloud Ravello service
D. Oracle Cloud Infrastructure
Answer: A,D
131. Which two resources are available by default when your Oracle Cloud
Infrastructure tenancy is provisioned?
A. an NVMe SSD boot disk for each instance, whose size is determined by the image and
shape of the instance
B. arange of public IP addresses that are reserved for your tenancy
Version: V12.95
C. aset of images, where each image is a template of a virtual hard drive that consists of the
OS and installed software and applications
D. a variety of shapes, where each shape determines the number of CPUs and memory
allocated to an instance.
Answer: C,D
132. Which two options are valid for loading data directly into Autonomous Data Page | 31
Warehouse (ADW)? (Choose two.)
A. Data Integrator
B. Data Pump
C. Data Transfer Service
D. SQL *Loader
Answer: B,D
133. Which two are NOT an image source when launching a new compute instance?
(Choose two.)
A. boot volume
B. custom image
C. Object Storage
D. bare metal instance
Answer: A,B
134. Which two are required parameters to create a public load balancer instance?
(Choose two.)
A. certificate
B. load balancer name
C. listener
D. back end set
E. two public subnets
Answer: C,D
Explanation:
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/GSG/Tasks/loadbalancing.htm
135. You must implement a backup solution for your Autonomous Data Warehouse
(ADW) that will enable you to restore data as old as one year with a recovery point
objective (RPO) of 10 days. Which database backup strategy would you select?
A. Take weekly manual backups to supplement the automated backups and preserve them
for 12 months.
C. Take monthly manual backups to supplement the automated backups and preserve them
for 12 months.
D. Take quarterly manual backups to supplement the automated backups and preserve them
for 12 months.
Answer:A
136. Which three load-balancing policies can be used with a back end set? (Choose
three.)
A. Throughput
B. IP Hash
C. Weighted Round Robin
D. CPU Utilization
E. Least Connections
Answer: B,C,E
Explanation:
Version: V12.95
References:
After you create a load balancer, you can apply policies to control traffic distribution to your
backend servers. The Load Balancing service supports three primary policy types:
Round Robin Least Connections IP Hash
137. Which two are required to create an IPSec VPN connection? (Choose two.)
A. security list Page | 32
B. static route CIDR
C. name
D. compute instance
Answer: A,B
138. Which statement is true about Oracle Cloud Identifiers (OCID)?

A. mytenancy.oc.ocid is a valid OCID.
B. If you delete a user, and them create a new user with the same name, the user will be
considered a different user because of different OCIDs.
C. Users can customize OCIDs for all the resources in their compartments.
D. If you delete a user, and then create a new user with the same name, the new user will be
assigned the exact same OCIDs as the system remembers.
Answer: B
139. Which storage service is used on OCI for a Data Transfer Service job?
A. An instance with enough storage to accommodate the job
B. An object bucket
C. A File System service instance
D. Block Volume
Answer: B
Explanation:
httos://docs.cloud.oracle.com/en-us/iaas/Content/DataTransfer/Concepts/overview.htm
140. Which statement is true about a pre-authenticated request in Oracle Cloud

Infrastructure Object Storage?
A. You can create only 1, 000 pre-authenticated requests per bucket.
B. You can create a pre-authenticated request only for public buckets.
C. You cannot retire a pre-authenticated request before it expires.
D. You cannot extend the expiration date on a pre-authenticated request.
Answer: D
Explanation:
https://docs.cloud.oracle.com/iaas/Content/Object/Tasks/usingpreauthenticatedrequests.htm
you can create an unlimited number of pre-authenticated requests. You can't edit a pre-
authenticated request. If you want to change user access options in response to changing
requirements, you must create a new pre-authenticated request.
URL: https://docs.cloud.oracle.com/iaas/Content/Object/T asks/managingbuckets.htm
you can change a bucket's access from public to private or from private to public. Changing
the type of access doesn't affect existing pre-authenticated requests. Existing pre-
authenticated requests still work.
141. You had an outage in your application caused by the loss of a shared volume
provisioned by File Storage Service (FSS). At this point, you need to restore the data
from a snapshot you created of the FSS. What are the steps to restore the data?
A. Access the directory where the shared volume is mounted, then cd into .snapshot folder,
find the snapshot folder you want to recover and use cp or rsync tool to copy the files to the
original location.
B. Open OCI Console, select File Storage Service, find the shared storage, then click on
snapshot and restore.
Version: V12.95
C. Open OCI Console, select File Storage Service, find the snapshot you created and click
restore.
D. Access the directory, where you mounted the shared volume, then cd into .snapshot folder
and find the snapshot folder you want to recover and rename that folder to the original folder
name.
Answer: B
Page | 33
142. You have provisioned an Autonomous Transaction Processing (ATP) database
and logged into the ATP service console. What are three abilities that can be performed
from this service console? (Choose three.)
B. create ATP database users
C. reset the admin password
D. set resource management rules
E. monitor database activity and SQL queries
Answer: C,D,E
143. Which two are true for Oracle Cloud Infrastructure DNS? (Choose two.)
A. It can function only as a primary DNS.
B. It supports other cloud providers such as AWS and Azure.
C. It supports segregation of traffic by using the private pool.
D. It does not provide DDoS protection.
Answer: B,C
Explanation:
References:
B - Support for Oracle Cloud Infrastructure, other Cloud provider endpoints (AWS, Azure) and
private assets, including Cloud, CDNs and Data Centers
C - Customers may purchase Oracle Cloud Infrastructure Private Pool and Vanity Nameserver
to have their Domain Names and Zones under a private IP pool with dedicated nameservers
to segregate from those of other customers in order to reduce the risk of external issues
affecting their websites.
https:/Awww.oracle.com/cloud/networking/dns-fag. html
144. Which two statements are true about an Oracle Cloud Infrastructure Virtual Cloud
Network (VCN)? (Choose two.)
A. AVCN can reside in multiple Oracle Cloud Infrastructure regions and Availability Domains.
B. AVCN covers a single contiguous IPv4 CIDR block of your choice.
C. An allowable VCN size range is: /16 to /30.
D. AVCN creates the dynamic routing gateway by default.
Answer: B,C
145. Which statement is true about cloning a volume?

A. You need to detach a volume before cloning from it.
B. Acloned volume is the same as a snapshot that has a dependency on the source volume.
C. You cannot change the block volume size when cloning a volume.
D. You can create a clone for a volume across regions.
Answer: B
146. Which two parameters are required in a back end set's HTTP health check?
(Choose two.)
A. response body
B. URL path
C. timeout
D. port
E. status code
Version: V12.95
Answer: B,D
Explanation:
https://docs.cloud.oracle.com/iaas/Content/GSG/Tasks/loadbalancing.htm#Create Enter the
Health Check details. Load Balancing automatically checks the health of the instances for your
load balancer. If it detects an unhealthy instance, it stops sending traffic to the instance and
reroutes traffic to healthy instances. In this step, you provide the information required to check
the health of servers in the backend set and ensure that they can receive data traffic. Page | 34
Protocol: Select HTTP. Port: Enter 80 URL Path (URI): Enter/
The rest of the fields are optional and can be left blank for this tutorial. Click Create.
147. You need to create a high performance shared file system, and have been advised
to use file storage service (FSS). You have logged into the Oracle Cloud Infrastructure
console, created a file system, and followed the steps to mount the shared file system
on your Linux instance. However, you are still unable to access the shared file system
from your Linux instance. What is the likely reason for this?
B. There is no internet gateway (IGVV) set up for mount target traffic
C. There is no Identity and Access Management (IAM) policies set up to allow you to access
the mount target
D. There is no route in your virtual cloud network's (VCN) route table for mount target traffic
Answer:A
Explanation:
Virtual firewall rules for your VCN. Your VCN comes with a default security list, and you can
add more. These security lists provide ingress and egress rules that specify the types of traffic
allowed in and out of the instances. You can choose whether a given rule is stateful or
stateless. Security list rules must be set up so that clients can connect to file system mount
targets. For more information about how security lists work in Oracle Cloud Infrastructure, see
Security Lists in the Networking documentation. For information about setting up specific
security list rules required for mount target traffic, see Configuring VCN Security List Rules for
File Storage. About Security explains how security lists interact with other types of security in
your file system.
https://docs.cloud.oracle.com/iaas/Content/File/Concepts/filestorageoverview.htm
148. Your company has decided to move a few applications to Oracle Cloud and you
have been asked to design it for both High Availability (HA) and Disaster Recovery (DR).
Which two should you consider while designing your Oracle Cloud Infrastructure
architecture? (Choose two.)
A. Region
B. Instance Shape
C. Compartments
D. Availability Domain
Answer: A,D
Explanation:
References:
httos://blogs. oracle.com/cloud-infrastructure/migration-and-disaster-recovery-in-the-oracle-
cloudwith-rackware
149. You are the Cloud Architect of a company, and are designing a solution on Oracle
Cloud Infrastructure where you want to have all your compute instances resistant to
hardware failure. Which two are recommended best practices to achieve the
requirement on Oracle Cloud Infrastructure? (Choose two.)
A. Create a custom image of your system drive each time you change the image.
B. Attach block volumes from different Availability Domains to compute instances in different
Availability Domains for high availability.
Version: V12.95
C. Design your system with redundant compute modes in different Availability Domains to
support the failover capability.
D. Create backups of your block volumes that are associated with compute instances in
different regions.
Answer: A,C
Explanation:
References: Page | 35
https://docs.cloud.oracle.com/iaas/C ontent/Compute/References/bestpracticescompute.htm
System Resilience Oracle Cloud Infrastructure runs on Oracle's high-quality Sun servers.
However, any hardware can experience a failure. Follow industry-wide hardware failure best
practices to ensure the resilience of your solution. Some best practices include:
Design your system with redundant compute nodes in different availability domains to support
failover capability. Create a custom image of your system drive each time you change the
image. Back up your data drives, or sync to spare drives, regularly. If you experience a
hardware failure and have followed these practices, you can terminate the failed instance,
launch your custom image to create a new instance, and then apply the backup data.
150. A customer has established an Oracle Cloud Infrastructure (OCI) FastConnect

connection to OCI. The virtual circuit is up and routes are being advertised from the
customer's end, however the customer is unable to ping from compute instances inside
the virtual cloud network (VCN) to servers residing in its on-premises data center.
Which two options on OCI would remedy this situation? (Choose two.)
A. Modify the route table associated with the VCN subnet in which the instance resides. Add
a route to the customer's on-premises network via the Dynamic Routing Gateway (DRG).
B. Modify the security list associated with the VCN subnet in which the instance resides. Add
a stateful egress rule to allow ICMP traffic to the customer's on-premises network.
C. Modify the security list associated with the VCN subnet in which the instance resides. Add
a
stateful ingress rule to allow ICMP traffic from anywhere.
D. Modify the default VCN route table to add a route back to the customer's on-premises
network via the DRG.
Answer: A,B
151. You are responsible for setting up access for all the cloud users of a large
enterprise. You log in to the Phoenix region and start creating users and policies. You
then realize that some users might be creating resources in the Ashburn region. Which
step should you perform to enable those users?
A. You can assign a region to each of the users at the time of creation.
B. IAM users are global and non-admin users can add resources to any region by default.
C. You need to log in to each region separately to create users for that particular region.
D. IAM users are global. As an administrator, make sure that you subscribe to the Ashburn
region.
Answer: D
152. Which three types of credentials are used to manage Oracle Cloud Infrastructure
Identity and Access Management (IAM)? (Choose three.)
A. Windows Password
B. API Signing Key
C. Swift Password
D. SSH Key
E. Console Password
Answer: B,C,E
Explanation:
References:
Version: V12.95
https://cloud.oracle.com/iaas/whitepapers/best-practices-for-iam-on-oci.pdf
You manage the following types of credentials with Oracle Cloud Infrastructure IAM:
Console password: For signing in to the Console, which is the user interface for interacting
with Oracle Cloud Infrastructure API signing key (in PEM format): For sending API requests,
which require authentication Swift password: For using a Swift client with Recovery Manager
(RMAN) to back up an Oracle Database System (DB System) database to Object Storage
Page | 36
153. You have hired a new employee to run reports from the Autonomous Data
Warehouse (ADW) and are not confident in their SQL writing ability. Into which
consumer group will you assign this individual to minimize the impact of their code?
A. Lowest
B. Medium
C. Highest
D. High
E. Low
Answer: D
154. What is a "transfer package" when transferring data to OCI via the OC] Data Transfer
Service?
A. A transfer package is the logical representation of the physical shipment containing the
HDD transfer devices that you ship to Oracle to upload to OCI.
B. A transfer package is the software Oracle provides for you to prepare transfer devices for
shipment to Oracle
C. A transfer package contains the physical devices.
D. A transfer package is the archive file that the Data Transfer Service Utility (dts) writes to
the transfer device.
Answer:A
Explanation:
References:
https://blogs.oracle.com/cloud-infrastructure/introducing-oracle-cloud-infrastructure-data-
transferservice
155. In which two ways does Oracle Cloud Infrastructure (OCI) file storage (FSS) differ
from OCI object storage and block volume services? (Choose two.)
A. Block volume service is NVMe based, while FSS is not
B. Object storage and block volume services offer default encryption, but FSS does not
C. A file system is created within an availability domain, whereas object storage buckets exist
at the region level
D. FSS uses the network file system (NFS) protocol, whereas block volume uses iSCSI
Answer: C,D
156. Which two are a valid image source when launching a new compute instance?
(Choose two.)
B. object storage
C. custom image
D. boot volume
Answer: C,D
Explanation:
https://docs.cloud.oracle.com/en-
us/iaas/Content/Resources/Assets/whitepapers/deployingcustom-os-images.
pdf
157. There are multiple options of migrating Oracle Databases from on-premises to
Oracle Cloud Infrastructure. Which two characteristics do you need to consider when
choosing a migration method? (Choose two.)
A. On-premises database character set and application version
Version: V12.95
B. On-premises database version and quantity of data, including indexes

C. On-premises host operating system platform and network bandwidth
D. On-premises connectivity using remote and local VCN peering
Answer: B,C
Explanation:
References:
https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/migrating.htm Page | 37
Some of the characteristics and factors to consider when choosing a migration method are:
On-premises database version Database service database version On-premises host
operating system and version On-premises database character set Quantity of data, including
indexes Data types used in the on-premises database Storage for data staging Acceptable
length of system outage Network bandwidth
158. Which resource is required when connecting to your on-premise network from
your Virtual Cloud Network (VCN) vialPSec VPN or FastConnect?
A. Internet Gateway (IGVW)
B. Dynamic Routing Gateway (DRG)
C. local peering gateway
D. NAT
Answer: B
Explanation:
References:
https://cloud.oracle.com/networking/vcn/faq
159. You have one database-style application that frequently makes many random
reads and writes across the dataset. Which storage offering supports this application?
A. Object Storage Service
B. Archive Storage Service
C. File Storage Service
D. Block Storage Service
Answer: D
160. Your application front end consists of several Oracle Cloud Infrastructure compute
instances behind a load balancer. You have configured the load balancer to perform
health checks on these instances. If an instance fails to pass the configured health
checks, what will happen?
Answer: D
161. An instance is launched with a primary VNIC that is created during instance launch.
Which two operations are true when you add secondary VNICs to an existing instance?
(Choose two.)
A. You can remove the primary VNIC after the secondary VNIC's attachment is complete.
B. You can remove the secondary VNIC later if it is not needed.
C. The primary and secondary VNIC association should be within the same Availability
Domain.
D. It is not possible to connect two VNICs to an instance.
Answer: B,C
Explanation:
https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/managingVNICs.htm
162. You have five different company locations spread across the US. For a proof-of-
concept (POC) you need to setup secure and encrypted connectivity to your workloads
Version: V12.95
running in a single virtual cloud network (VCN) in the Oracle Cloud Infrastructure
Ashburn region from all company locations. What would meet this requirement?
A. Create five internet gateways in your VCN and have separate route table for each internet
gateway.
B. Create five virtual circuits using FastConnect for each company location and terminate
those connections on a single dynamic routing gateway (DRG). Attach that DRG to your VCN.
C. Create five IPsec connections with each company location and terminate those connections Page | 38
on asingle DRG. Attach that DRG to your VCN.
D. Create five IPsec VPN connections with each company location and terminate those
connections on five separate DRGs. Attach those DRGs to your VCN.
Answer: C
163. You deployed a web server in Oracle Cloud Infrastructure using an ephemeral
public IP. After a few changes in your web server configuration, you rebooted the server
and a new public IP was associated to your instance. What should you do to prevent
this from happening again?
A. Create a reserved public IP and associate it with the security list that your complete instance
is using
B. Create a reserved public IP and associate it with the subnet of your compute instance
C. Create a reserved public IP and associate it with the VNIC of your compute instance
D. Create a reserved public IP and associate it with the hosts file of your web server
Answer: C
164. At the end of a terraform apply operation, what is the default output?
A. statistics about what was added, changed, and destroyed
B. nothing by default
Answer: D
165. You have an application server that needs to copy data on Oracle Cloud
Infrastrucutre (OCI) object storage in the same region. You have created a service
gateway for OCI object storage in your virtual cloud network (VCN) and modified
security lists associated with the subnet to allow traffic to the service gateway. You are
able to connect to the OCI object storage, however, you notice that the connectivity is
over the Internet instead of the service gateway. What is the reason for this behavior?
A. The route table associated with the subnet has no route rule where the destination is object
storage service
B. The service gateway created in the VCN resides in a different availability domain
C. The security list associated with the subnet has an egress rule that allows all traffic to be
forwarded to a destination CIDR 0.0.0.0/0
D. Identity and Access Management (IAM) policies restrict the access to the object storage
bucket
Answer:A
166. You deployed a compute instance (VM.Standard2.16) to run a SQL database. After
a few weeks, you need to increase disk performance by using NVMe disks; the number
of CPUs will not change. As a first step you terminate the instance and preserve the
boot volume. What is the next step?
A. Create a new instance using a VM.DenselO2.16 shape using the preserved boot volume
and move the SQL Database data to block volume
B. Create a new instance using a VM.DenselO2.8 shape using the preserved boot volume
and move the SQL Database data to NVMe disks
C. Create a new instance using a VM.Standard1.16 shape using the preserved boot volume
and move the SQL Database data to NVMe disks
Version: V12.95
D. Create a new instance using a VM.DenselO2.16 shape using the preserved boot volume
move the SQL Database data to NVMe disks
Answer: D
167. Which does NOT set a variable in Terraform?

A. Passing the variable with a var statement to Terraform
B. Setting the variable as key value pairs in a file in a subdirectory named tfvar Page | 39
C. A default value in the variable declaration within a TF plan file
D. Setting the environment variable using a TF_VAR_ predicate in front of the variable name
Answer: B
168. In which language are Terraform and Terraform providers written?

A. Python
B. Go
C.Cc
D. Ruby
Answer: B
Explanation:
References:
https:/Awww.terraform.io/docs/extend/writing-custom-providers.html
169. You are the Solutions Architect of a large company and are tasked with migrating
all your services to Oracle Cloud Infrastructure. As part of this, you first design a Virtual
Cloud Network (VCN) with a public subnet and a private subnet. Then in order to provide
Internet connectivity to the instances in your private subnet, you create an Oracle Linux
instance in your public subnet and configure NAT on it. However, even after adding all
related security list rules and routes in the Route Table, your private subnet instances
still cannot connect to the Internet. Which action should you perform to enable Internet
connectivity?
A. Disable "Source and Destination Check" on the VNIC of your Linux instance.
B. There is no way that a private subnet can connect to the Internet.
C. Create a Dynamic Routing Gateway (DRG) and route your private IP traffic to the DRG.
D. Restart the NAT instance.
Answer:A
Explanation:
https://docs.cloud.oracle.com/iaas/Content/Network/Tasks/managingVNICs.htm#
Source/D By default, every VNIC performs the source/destination check on its network traffic. The VNIC looks at
the source and destination listed in the header of each network packet. If the VNIC is not the source or destination,
then the packet is dropped. If the VNIC needs to forward traffic (for example, if it needs to perform Network Address
Translation (NAT)), you must disable the source/destination check on the VNIC. For instructions, see To update
an existing VNIC. For information about the general scenario, see Using a Private IP as a Route Target.
170. A company currently uses Microsoft Active Directory as its identity provider. The
company recently purchased Oracle Cloud Infrastructure (OCI) to leverage the cloud
platform for its test and development operations. As the administrator, you are now
tasked with giving access only to developers so that they can start creating resources
in their OCI accounts. Which step will you perform to achieve this requirement?
A. Create a group for developers on OCI and map the group to a similar group in Microsoft
Active Directory during the federation process.
B. Federate all Microsoft Active Directory groups with OCI to allow users to use their existing
credentials.
C. Create a new user account for each user, and then create policies to provide access to
developers.
D. Create a group for developers on OCI, export all the developers from Microsoft Active
Directory, and then import them into the Identity and Access Management (IAM) group.
Answer:A
120-1072: Oracle Cloud Infrastructure 2019 Architect Associate -
Results
< Return to review
Attempt 1 All questions ~
Question 1: Skipped
Which two options are true necessary for achieving High Availability on Oracle
Cloud Infrastructure?
(Choose two.)
Store your database across multiple regions so that half of the data resides in
one region and the other half resides in another region.
Attach your block volume form Availability Domain 1 to a compute instance in

Availability Domain 2 (and vice versa) so that they are highly available.
Configure your database to have Data Guard in another Availability

te ei : (Correct)
Domain in Sync mode within a region.
Retake test om Af
WUHNIQUIE YUU UalaDeSe WO Nave Wile UO I AOU AWelney
(Correct)
Domain in Sync mode within a region.
Store your database files on Object Storage so that they are available in all
Availability Domains in all regions.
Distribute your application servers across all Availability Domains

(Correct)
within a region.
Question 2: skipped
You have created a public subnet in a VCN, and your public subnet has a Route
Table, a Security List, and an Internet Gateway.
However, none of the compute instances can connect to the Internet.
There is no Dynamic Routing Gateway (DRG) associated with the VCN.
The Route Table has no default route for routing traffic to the
(Correct)
Internet Gateway.
There is no stateful ingress rule in the Security List associated with the public
subnet.
There is no stateful ingress rule in the Security List associated with the public
subnet.
There is no stateful egress rule in the Security List associated with

(Correct)
the public subnet.
Question 3: skipped
Your application front end consists of several Oracle Cloud Infrastructure compute
instances behind a load balancer instance. You have configured the load balancer
to perform health checks on these instances.
If. an instance fails to pass health checks, what will happen?
The instance is replaced automatically by the load balancer.
The instance is terminated automatically by the load balancer.
The instance is taken out of the back end set by the load balancer.
The load balancer stops sending traffic to that instance. (Correct)

The load balancer stops sending traffic to that instance. (Correct)
Question 4: skipped
You have one database style application that frequently makes many random reads
and writes across the dataset.
Which storage offering supports this application?
Object Storage Service
Archive Storage Service
File Storage Service
Block Volume Service (Correct)
Question 5: skipped
Question 5: skipped
You have an application deployed in Oracle Cloud Infrastructure running only in

the Phoenix region. You were asked to create a disaster recovery (DR) plan that will
protect against the loss of critical data. The DR site must be at least 500 miles from
your primary site and data transfer between the two sites must not traverse the
public Internet.
Create a new virtual cloud network (VCN) in the Phoenix region and create a
subnet in one availability domain (AD) that is not currently being used by your
production systems, Establish VCN peering between the production and DR
sites.
Create a DR environment in Ashburm. Associate a DRG with the

VCN in each region and create a remote peering connection (Correct)
between the two VCNs.
Create a DR environment in Ashburn and provision a FastConnect virtual circuit

using DRG between the regions.
Create a DR environment in Ashburn. Associate a dynamic routing gateway

(DRS) with the VCN in each region and configure an IPsec VPN connection
between the two regions.
Continue Retake test om Af

Qe ey er ee ee ee eg a
between the two regions.
Question 6: skipped
You have multiple applications installed on a compute instance and these

applications generate a large amount of log files. These log files must reside on
the boot volume for a minimum of 15 days and must be retained for at least 60
days. The 60-day retention requirement is causing an issue with available disk
space.
What are the two recommended methods to provide additional boot volume space
for this compute instance?
Terminate the instance while preserving the boot volume. Create a new instance
from the boot volume and select a DenselO shape to take advantage of local
NVMe storage.
Create an object storage bucket and use a script that runs daily to
(Correct)
move log files older than 15 days to the bucket.
Create and attach a block volume to the compute instance and copy the log files.
Create a custom image and launch a new compute instance with a

cs (Correct)
larger boot volume size.
Create a custom image and launch a new compute instance with a
LI : (Correct)
larger boot volume size.
Write a custom script to remove the log files on a daily basis and free up the
' space on the boot volume.
Question 7: skipped
FSS leverages UNIX user group and permission checking for file
‘ access security
Encryption of file system in FSS is optional
Identity and Access Management (IAM) controls which file systems are
mountable by which instances
Security lists can be used as a virtual firewall to prevent an instance from

mounting an FSS mount target within the same subnet
| Data in transit to an FSS mount target is encrypted (Correct)
Continue
mounting an FSS mount target within the same subnet
Data in transit to an FSS mount target is encrypted (Correct)
Question &: skipped
You are designing a two-tier web application in Oracle Cloud Infrastructure (OCI).
Your clients want to access the web servers from anywhere, but want to prevent
access to the database servers from the Internet.
Create public subnets for web servers and private subnets for database servers
in your virtual cloud network (VCN), and associate separate internet gateways
for each subnet
Create public subnets for web servers and associate a dynamic routing gateway
with that subnet, and a private subnet for database servers with no association
to dynamic gateway.
Create public subnets for web servers and private subnets for
database servers in your VCN, and associate separate security lists (Correct)
and route tables for each subnet.

database servers in your VCN, and associate separate security lists (Correct)
and route tables for each subnet.
Create a single public subnet for your web servers and database servers, and
associate only your web servers to internet gateway.
Question 9: Skipped
Which two statements are true about an Oracle Cloud Infrastructure object storage
bucket? (Choose twa.)
You can associate a bucket with multiple compartments
You cannot change a bucket from private to public after it is created
You can associate a bucket with only a single compartment (Correct)
You cannot edit or append data to an object, but you can replace
| [Corre
the entire object : -
a es
Question 10: skipped
You are running a mission-critical database in Oracle Cloud Infrastructure (OCI).

You take regular backups of your DB system to OCI object storage. Recently, you
notice a failed database backup status in the console.
What two steps can you take to determine the cause of the backup failure?
Ensure the database archiving mode is set to NOARCHIVELOG
Ensure that your database host can connect to the OCI abject
(Correct)
storage
Restart the dcsagent program if it has a status of stop or waiting (Correct)
Make sure that the database js not active and running while backup is in
progress
Question 11: Skipped
You are about to upload log file (5 TIB size) to Oracle Cloud Infrastructure object

Question 11: | skipped
You are about to upload log file (5 TIB size) to Oracle Cloud Infrastructure object
storage and have decided to use multipart upload capability for a more efficient
and resilient upload. Which two statements are true about multipart upload.
Individual object parts can be as small as 10 MiB or as large as 50

(Correct)
GiB
While a multipart upload is still active, you cannot add parts even if the total
number of parts is less than 10,000
The maximum size for an uploaded object is 10 TiB (Correct)
You do not have to commit the upload after you have uploaded all the object
parts
You are designing a high bandwidth, redundant connection between your data
center and Oracle Cloud Infrastructure (OCI). While researching for OCI
FastConnect locations, you notice that you are co-located with Oracle at one of the

WUESUON 12: »skippea
You are designing a high bandwidth, redundant connection between your data
center and Oracle Cloud Infrastructure (OCI). While researching for OCI
FastConnect locations, you notice that you are co-located with Oracle at one of the
Oracle FastConnect locations in the Ashburn region.
Create a cross-connect group and have two or more cross-connects in that

group. Create an IPsec VPN connection on this group.
Setup two IPsec connections between your data center and OC! Ashburn region.
Create a OCI load balancer to distribute the traffic across the two connections.
Create a cross-connect group and have at least two or more cross-

connects in that group. Create at least two or more virtual circuits in (Correct)
the group.
Create a cross-connect group and have at least one cross-connect in that group.
Create at least one virtual circuit in the group.
As the Cloud Architect for your company, you have been tasked with designing a
high performance (HPC) cluster in Oracle Cloud Infrastructure (OCI).
As the Cloud Architect for your company, you have been tasked with designing a
high performance (HPC) cluster in Oracle Cloud Infrastructure (OCI).
The following requirements have been defined: The cluster must be a minimum of
three nodes, but may increase to six nodes when demand requires. The cluster
must be resilient to any potential infrastructure failures. To minimize latency, all
nodes must be deployed within the same availability domain (AD). Adding or
replacing nodes within the cluster should take no more than 20 minutes.
Which two steps should be performed to satisfy these requirements in OCI?
Deploy the cluster in a single AD with a shared file system that leverages the file
storage service (FSS). Deploy a standby cluster in another AD and configure it to
use the same shared file system.
Deploy the cluster in a single AD. Place each of the nodes in one of
5 eran (Correct)
the three different fault domains in that AD.
Create a backup of your HPC node compute instance boot volume. Launch new
compute instances directly from the backup reduce provisioning time.
Create a custom image of your HPC node compute instance.

. : e (Correct)
Launch new compute instances using this image to reduce.
Deploy the cluster in a single AD. Place each of the nodes in a different virtual
cloud network (VCN) subnet.
Deploy the cluster in a single AD. Place each of the nodes in a different virtual
cloud network (VCN) subnet.
——
For private peering, FastConnect extends your existing infrastructure to allow

you to consume object storage from your on-premises data center.
For private peering, FastConnect extends your existing

infrastructure to a virtual cloud network.
For public peering, FastConnect extends your existing infrastructure to a virtual

cloud network
For public peering, a dynamic routing gateway must be confiqured and attached
to the virtual cloud network (VCN).
unetinn TR: sista
Continue Retake test

Your company has decided to move a few applications to Oracle Cloud

Infrastructure (OCI) and you have been asked to design a cloud-based disaster
recovery (DR) solution. One of the requirements is to deploy the DR resources at
least 300 miles from the home OCI region and minimize the network latency.
Deploy production and DR applications in the same VCN. Create production

subnets in one AD, and DR subnets in another AD.
Deploy production and DR applications in two separate VCNs in different

availability domains (ADs) within your home region, and then use a VCN remote
peering connection for connectivity.
Deploy production and DR applications in two separate VCNs, each

in different regions. Connect them using a VCN remote peering (Correct)
connection.
Deploy production and DR applications in two separate virtual cloud networks

(VCNs), each in different regions, and then use VCN local peering gateways for
connectivity.

What is true about data guard set up with fast-start failover (FSFO) in Oracle Cloud
Infrastructure (OCI)?
The best practice for high availability and durability is to run the
primary, standby, and observer in separate availability domains (Correct)
(ADs).
When you configure data guard using OCI console, the default mode is set to
maxprotection.
You cannot create the standby DB system in a different AD from the primary DB
system.
You cannot use database command line interface (CLI) to set up data quard with
FSFO.

Which two choices are true for Autonomous Data Warehouse (ADW)? (Choose
two.)
Billing stops only when the ADW is terminated.
Billing stops for both CPU usage and storage usage when ADW is stopped.
Billing for compute stops when ADW is stopped. (Correct)
Billing for storage continues when ADW is stopped. (Correct)
You have created a virtual cloud metwork (VCN) with three private subnets. Two of
the subnets contain application servers and the third subnet contains a DB
System. The application requires a shared file system so you have provisioned one
using the file storage service (FSS). You also created the corresponding mount
target in one of the application subnets. The VCN security lists are properly
configured so that both application servers and the DB System can access the file
system. The security team determines that the DB System should have read-only
access to the file system.

ROONEY AO nm ee ee re re ee ee pg ere,
target in one of the application subnets. The VCN security lists are properly
configured so that both application servers and the DB System can access the file
system. The security team determines that the DB System should have read-only
access to the file system.
Create an NFS export option that allows READ ONLY access

if (Correct)
where the source is the CIDR range of the DB System subnet.
Connect via SSH to one of the application servers where the file system has
been mounted. Use the Unix command chmod to change permissions on the file
system directory, allowing the database user read only access.
Modify the security list associated with the subnet where the mount target
resides. Change the ingress rules corresponding to the DB System subnet to be
Stateless.
Create an instance principal for the DE System. Write an Identity and Access
Management (LAM) policy that allows the instance principal read-only access to
the file storage service.
A company currently uses Microsoft Active Directory as its identity provider. The
i iS rn Len el Phen nll Peel Pn Ben nde eden PAR bn Inve enn thn
A company currently uses Microsoft Active Directory as its identity provider. The
company recently purchased Oracle Cloud Infrastructure (OCI) to leverage the
cloud platform for its test and development operations. As the administrator, you
are now tasked with giving access only to developers so that they can start
creating resources in their OC] accounts.
Create a group for developers on OCI and map the group toa
similar group in Microsoft Active Directory during the federation (Correct)
process.
Federate all Microsoft Active Directory groups with OC! to allow users to use
their existing credentials.
Create a new user account for each user, and then create policies to provide
access to developers.
Create a group for developers on OCI, export all the developers from Microsoft
Active Directory, and then import them into the Identity and Access Management
(IAM) group.
Which two are a valid image source when launching a new compute instance?
(Choose two.)
bare metal instance
object storage
custom image (Correct)
boot volume (Correct)
A database name cannot be used concurrently for both an

Autonomous Data Warehouse (ADW) and an ATP database
A database name cannot be used concurrently for both an
(Correct)
Autonomous Data Warehouse (ADW) and an ATP database
After terminating a database, the database name is available for immediate

reuse
A Maximum of 8 cores can be enabled for an ATP database
Amaximum of 2 TB of storage can be enabled for an ATP database
You have been tasked with creating one virtual cloud network (VCN) each for two
line of business (LOB) applications. LOB A and LOB B will need to communicate
with each other. To ensure that you can utilize VCN peering.
Which network CIDR ranges should be used?
VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16) (Correct)
VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25)
VCNA (10,0.0,0/16) and VEN B (10.0.16.0/24)

VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25)
VCN A (10.0,0.0/16) and VCN B (10.0.16.0/24)
VCNA (172.16.0.0/24) and VGN B (172.16.0.0/28)
Which two options are true for Autonomous Transaction Processing (ATP)
database? (Choose two.)
You can add/remove Diskgroup in ATP
| ‘You can scale storage up or down in ATP (Correct)
You can scale CPU up or down in ATP (Correct)
You can add more Pluggable Database for consolidating multiple databases in
ATP
You can add new ORACLE HOME for bringing older versions of on-premises
Continue Retake test x

ATP
You can add new ORACLE HOME for bringing older versions of on-premises
databases ta ATP
In what two ways does Oracle Cloud Infrastructure (OCI) file storage service differ
from OCI object storage and block volume services?
File storage mount target does not provide a private IP address, while the object
storage bucket provides one.
File Storage uses the network file system (NFS) protocol, whereas
| (Correct)
block volume uses ISCS|
Block volume service is NVMe based, while file storage service is not.
‘You can move object storage buckets, block volumes and file
(Correct)
storage mount targets between compartments
You have hired a new employee to run reports from the Autonomous Data
Warehouse (ADW) and are not confident in their SQL writing ability.
Into which consumer group will you assign this individual to minimize the impact
of their code?
Lowest
Medium
Highest
High
Low (Correct)
Which two use Oracle dynamic routing gateway (DRG) for connectivity?
Remote virtual cloud network (VCN) peering across region (Correct)
Oracle IPsec VPN (Correct)
Local VCN peering
Oracle Cloud Infrastructure FastConnect public peering
Which statement is true about Oracle Cloud Infrastructure (OCI) object storage
support for server-side encryption?
You must Manually enable server-side encryption for each object as you upload
to OCI! object storage
You must manually enable server-side encryption for each object as you upload
to OC! object storage
Objects are automatically encrypted as they are uploaded to object storage and
decrypted upon retrieval
You must Manually decrypt the data when retrieving from OCI object storage
Only the object data is encrypted and the user-defined metadata

3 55 si s = (Correct)
that is associated with the object is not encrypted
You deployed a compute instance (VM.Standard2.16) to run a SQL database. After

afew weeks, you need to increase disk performance by using NVMe disks; the
number of CPUs will not change.
As afirst step you terminate the instance and preserve the boot volume. What is
the next step?
Create a new instance using a VM.DenselO2.16 shape using the preserved boot
volume and move the SOL Database data to block volume
Create a new instanne using a VM DenselO? & shane using the nreserved hont
ee eine ana ner i (ne peeve eRe ny ne t ee ee nerdae en enn nnten ong Rhee preteen mene) arene
volume and move the SQL Database data to block volume
Create a new instance using a VM.DenselO2.8 shape using the preserved boot
volume and move the SQL Database data to NVMe disks
Create a new instance using a VM.Standard1.16 shape using the preserved boot
volume and move the SOL Database data to NVMe disks
ci
Create a new instance using a VM.DenselO2.16 shape using the
preserved boot volume move the SOL Database data to NVMe (Correct)
disks
A fault domain is a grouping of hardware and infrastructure within

an availability domain
|_| Each availability domain contains three fault domains (Correct)
A failed instance in a fault domain is automatically relaunched
Continue
LG) Uy UP eo LS eM US (wero
A failed instance in a fault domain is automatically relaunched
A fault domain is selected automatically based on usage data
Which two options are available when setting up DNS for your bare metal and
virtual machine DB Systems? (Choose two.)
Internet and custom resolver.
Google DNS servers.
custom resolver. (Correct)
Internet and virtual cloud network (VCN) resolver. (Correct)

You have successfully configured identity federation between Oracle Cloud

Infrastructure (OCI) and Oracle Identity Cloud Services (IDCS). A new project
Manager wants access to OCI for her team and provides the name of an existing
group within IDCS to use when granting access.
How do you configure federation to allow the project team access to OCI
resources?
Create a new IAM group in OCI and map it to the existing IDCS group. Create a
new policy in IDCS and reference the name of the IAM group.
Create a new Identity and Access Management (1AM) policy in OCI and
reference the name of the IDCS group in each policy statement.
Create a new compartment in OCI with the same name as the existing IDCS
group. Create an JAM policy that references the new compartment and the name
of the IDCS group.
Create a new IAM group in OC! and map it to the existing IDCS
group. Create a new IAM policy and reference the name of the [AM (Correct)
group in each policy statement.

group. Create a new IAM policy and reference the name of the |AM (Gorrect)
group in each policy statement.
Which three load-balancing policies can be used with a back end set? (Choose
three.)
Throughput
IP Hash (Correct)
Weighted Round Robin (Correct)
CPU Utilization
| Least Connections (Correct)

Which two actions will occur when a back-end server that is registered with a back
end set is marked to drain connections? (Choose two.)
It disallows new connections to that back-end server. (Correct)
It keeps the connections to that instance open and attempts to

(Correct)
complete any in-flight requests.
It redirects the requests to a user-defined error page.
It immediately closes all existing connections to that instance.
It forcibly closes all connections to that instance after a timeout period.
Which two statements are true about encryption on Oracle Cloud Infrastructure

er ee ere
Which two statements are true about encryption on Oracle Cloud Infrastructure
By default, Object Storage and Block Storage are encrypted at rest. (Correct)
A customer is responsible for data encryption in all services of OCI.
By default, DB Systems offers an encrypted database. (Correct)
By default, NVMe drives are encrypted but the block volume service is not.
You need to create a high performance shared file system service, and have been
advised to use OCI File Storage Service. You have logged into the OCI Console,
created a File System in an availability domain, and followed the steps to mount
the shared file system on your Oracle Linux virtual Instance. However, you are still
unable to access the shared file system from your Linux instance.
There are no security list rules for mount target traffic. (Correct)
| There are no security list rules for mount target traffic. (Correct)
There is no internet gateway set up for mount target traffic.
There is no Identity and Access Management (LAM) policy set up to allow you to
access the mount target.
There is no route in your virtual cloud network's (VCN) route table for mount
target traffic.
by granting users access to a compartment when the compartment is created
by adding users to a group and defining a policy to provide the

group access to the compartment
by adding users to a compartment. All users in the compartment will have access
to the objects in the compartment.
Continue
by adding users to a compartment. All users in the compartment will have access
to the objects in the compartment.
by granting access directly to the user when the user is created
| The instance needs to be stopped first, and then terminated.
The boot volume is always deleted.
All block volumes attached to the instance are terminated.
| Users can preserve the boot volume associated with the instance. (Correct)
come
EEE « -
Which two characteristics do you need to consider when choosing a method to

migrate a database to Oracle Cloud Infrastructure (OCI)?
On-premises connectivity using remote and local virtual cloud network (¥CN)
peering
On-premises database character set and application version
On-premises host operating system platform and network

: (Correct)
bandwidth
On-premises database version and quantity of data, including

P (Correct)
indexes
You are an administrator with an application running on OCI. The company has a
fileet of OCI compute virtual instances behind an OC] Load Balancer. The OCI Load
Balancer Backend Set health check API is providing a Critical’ level warning. You
have confirmed that your application is running healthy on the backend servers.
You are an administrator with an application running on OCI. The company has a
fileet of OCI compute virtual instances behind an OCI Load Balancer. The OCI Load
Balancer Backend Set health check API is providing a ‘Critical’ level warning. You
have confirmed that your application is running healthy on the backend servers.
What is the possible reason for this Critical’ warning?
A user does not have correct [AM credentials on the Backend Servers.
The Backend Server VCN's Route Table does not include the route for OCI LB.
Oc! Load Balancer Listener is not configured correctly.
The Backend Server VCN's Security List does not include the IP
(Correct)
range for the source of the health check requests.
Which is a customer's responsibility on an Oracle Cloud Infrastructure DB.

System?
Applying patches to the database and OS (Correct)

| Applying patches to the database and OS (Correct)
Installing the operating system (OS), Grid Infrastructure, and database software
Creating the first database on the DB System
Creating an ASM diskgroup for data file or temp file storage
Which two statements are true about an Oracle Cloud Infrastructure Virtual Cloud
Network (VCN)? (Choose two.)
AVCN can reside in multiple Gracie Cloud Infrastructure regions and Availability
Domains.
AVCN covers a single contiguous IPv4 CIDR block of your choice. (Correct)
An allowable VCN size range is: /16 to /30. (Correct)

An allowable VCN size range is: /16 to ‘20. (Correct)
AVCN creates the dynamic routing gateway by default.
Which two Oracle Cloud Infrastructure database services allow you to dynamically
scale CPU and storage? (Choose two.)
bare metal DB system
virtual machine DB system
Autonomous Data Warehouse (ADW) (Correct)
Autonomous Transaction Processing (ATP) (Correct)

You want an Oracle Cloud Infrastructure (OCI) compute instance in your

compartment to make API calls to other services within OCI without storing
credentials in a configuration file.
Create a dynamic group with appropriate matching rules to include

y i i - (Correct)
the instance, and reference this group in your [AM policy statement
Instances cannot access services outside their compartment
VM instances are treated as users. Create a user, assign the user to that VM
instance, and reference the instance in your Identity and Access Management
(IAM) policy statement
By default, all VM instances are created with an instance principal. Reference

this instance principal in your 1AM policy statement

object storage URL (Correct)
archive storage URL
file storage service
block volume
Which two statements are true about adding secondary VNICs to an existing
The primary and secondary VNIC association must be in the same

availability domain eers
You can assign an Ephemeral Public IP to a secondary VNIC

You can assign an Ephemeral Public IP to a secondary VNIC
You can remove the primary VNIC after the secondary VNIC's attachment is
complete
The primary and secondary VNIC association can be in different

(Correct)
virtual cloud networks (VCNs)
You are managing a tier-1 OLTP application on an Autonomous Transaction

Processing (ATP) database. Your business needs to run hourly batch processes on
this ATP database that may consume more CPUs than what is available on the
server.
How can you limit these batch processes to not interfere with the OLTP
transactions?
Copy OLTP data into new tables in a new table space and run batch processes
against these new tables
ATP is designed for OLTP workload only; you should not run batch processes on
ATP

ATP is designed for OLTP workload only; you should not run batch processes on
ATP
Disable automated backup during the batch process operations
Configure ATP resource management rules to manage runtime and

; (Correct)
10 consumption for the consumer group of batch processes
Your organization has deployed a large, complex application across multiple

compute instances in Oracle Cloud Infrastructure (OCI). These compute instances
also have block volume storage attached to them. You want to create a time
consistent backup of these block volume storage.
Create a manual backup of each volume
Use scripts available in OCI to backup block volume storage
Group volumes in a volume group first and then use available scripts in OCI

Use scripts available in OCI to backup block volume storage
Group volumes in a volume group first and then use available scripts in OCI
Group volumes in a volume group and create a manual backup of

(Correct)
the volume group
Which two resources reside exclusively in a single availability domain?
compute instance (Correct)
block volume (Correct)
object storage
groups
virtual cloud network
Continue Retake test x

virtual cloud network
You are designing a networking infrastructure in multiple Oracle Cloud

Infrastructure regions and require connectivity between workloads in each region.
You have created a dynamic routing gateway (DRG) and a remote peering
connection. However, your workloads are unable to communicate with each other.
What are two reasons for this?
The security lists associated with subnets in each virtual cloud

network (VCN) do not have the appropriate ingress rules
Identity and Access Management (IAM) policies have not been defined to allow
connectivity across the two VCNs in different regions
A local peering gateway needs to be created in each VCN with a default route
tule added in the route table forwarding the traffic to the local peering gateway
An Internet gateway needs to be created in each VCN with a default route rule
added in the route table forwarding the traffic to the Internet Gateway

An Internet gateway needs to be created in each VCN with a default route rule
added in the route table forwarding the traffic to the Internet Gateway
The route table associated with subnets in each VCN do not have a
i i ' i (Correct)
route rule defined to forward the traffic to their respective DRGs
You have an Oracle Cloud Infrastructure (OCI) load balancer distributing traffic via
an evenly-weighted round robin policy to your backend web servers. You notice
that one of your web servers is receiving more traffic than other web servers.
Check security lists and route tables of your virtual cloud network (VCN) and fix
any issues associated with the rules.
Create separate listeners for each backend web server.
Delete and re-create your OCI load balancer.
Disable session persistence on your backend set. (Correct)

Disable session persistence on your backend set. (Correct)
You deployed a web server in Oracle Cloud Infrastructure using an Ephemeral

Public IP address. While making configuration changes, an admin inadvertently
deleted your web seNer. You redeploy your web server, but many of your LOB apps
depend on this web server's public IP address and would need an update.
What can you do to prevent this from happening again?
Create a reserved public IP and associate it with the security list for the subnet
being used by your compute instance
Create a reserved public | P and associate it with the hosts file of your web
server
Create a reserved public IP and associate it with the subnet of your compute
instance
Create a reserved public IP and associate it with the virtual NIC of

your compute instance

Create a reserved public IP and associate it with the virtual NIC of
your compute instance
Which two statements are true about restoring a block volume from a manual or
policy-based block volume backup?
It can be restored as new volumes with different sizes from the

(Correct)
backups
It can be restored as a new volume to any AD across different regions
It must be restored as a new volume to the same availability domain (AD) on

which the original block valume backup resides
| It can be restored as a new volume to any AD in the same region (Correct)

You are a network architect and have designed the network infrastructure of a
three-tier application on Oracle Cloud Infrastructure (OCI). In the architecture,
back-end DB servers are in a private subnet. One of your DB administrators
requests to have access to OC] object storage service.
Create a service gateway, add a new route rule to the private

subnet route table that uses storage as your service gateway target (Correct)
type
Create a dynamic routing gateway (DRG) and attach it your virtual cloud network
(VCN). Add a default route rule to the private subnets route table and set the
target as DRG
Attach a public IP address to the instances in the private subnet, and then add a
new route rule to the private subnet route table to route default traffic to the
internet gateway
Add anew route rule to the private subnet route table to route default traffic to
the internet gateway

You are about to deploy an e-business application on Oracle Cloud Infrastructure

and one of the requirements is to use a shared file system that supports the NFS
protocol.
object storage
block volume
data transfer appliance
file storage (Correct)
You are deploying a highly available web application in Oracle Cloud Infrastructure
distributed across all three availability domains (ADs).
You are deploying a highly available web application in Oracle Cloud Infrastructure
distributed across all three availability domains (ADs).
How many subnets should you create to deliver a secure highly available
application?
two subnets in total; one regional private subnet to host your

backend web servers and one regional public subnet to host your (Correct)
public load load balancer.
three subnets in total; one regional public subnet to host your back-end web
servers and two AD specific private subnets to host your private load toad
balancer.
one subnet In total; one regional private subnet to host your back-end web
servers and your public load balancer.
two subnets in total; one regional public subnet to host your back-end web
servers and one regional private subnet to host your public load load balancer.
Where do you find the tnsnames.ora for your Autonomous Data Warehouse (ADW)

Where do you find the tnsnames.ora for your Autonomous Data Warehouse (ADW)
database?
You can download tnsnames.ora from Oracle Cloud Infrastructure web console
under ADW details page
The tnsnames.ora file is included in credentials.zip file that you

(Correct)
download from service console of ADW
The ADW database will place the insnames.ora file in an object storage bucket
You are automatically prompted to download the tnsnames.ora file upon creation
of the ADW database
Which service would you use if your big data workload required shared access and
NFS-based connectivity?
block volume
block volume
archive storage
object storage
file storage (Correct)
Your on-premises hosted application uses Oracle database server. Your database
administrator must have access to the database server for managing the
application. Your database server is sized for seasonal peak workloads, which
results in high licensing costs. You want to move your application to Oracle Cloud
bare metal DB systems (Correct)
VM DB systems

VM DB systems
Autonomous Transactions Processing (ATP)
Autonomous Data Warehouse (ADW)
Your company has been running several small applications in Oracle Cloud
Infrastructure and is planning a proof-of-concept (POC) to deploy PeopleSoft. If
your existing resources are being maintained in the root compartment,
What is the recommended approach for defining security for the upcoming POC?
Create a new compartment for the POC and grant appropriate

permissions to create and manage resources within the (Correct)
compartment.
Provision all new resources into the root compartment. Grant permissions that
only allow for creation and management of resources specific to the POC.
Provision all new resources into the root compartment. Use defined tags to

only allow for creation and management of resources specific to the POC.
Provision all new resources into the root compartment. Use defined tags to
separate resources that belong to different applications.
Create a new tenancy for the POC. Provision all new resources into the root
compartment. Grant appropriate permissions to create and manage resources
within the root compartment.
You have an application running on Oracle Cloud Infrastructure. You identified that
the read and write operations are slowing your application down enough to impair
user access. The application is currently using a VM.Standard1.2 compute without
any block storage attached to it.
Terminate the compute instance preserving the boot volume. Create

a new compute instance using a VM Dense |O shape using the boot (Correct)
volume preserved.

a new compute instance using a VM Standard shape and attach a (Correct)
new block volume to host your application.

anew compute instance using a VM Standard shape and attacha (Correct)
new block volume to host your application.
Create a backup of the boot volume. Create a new compute instance a VM

Dense |O shape and restore the backup.
Terminate the compute instance and create a backup of the boot volume. Create
anew compute instance using a VM Dense 10 shape and restore the backup.
Question G1: Skipped
You are designing a lab exercise for your team that has a large number of graphics
with large file sizes. The application becomes unresponsive if the graphics are
embedded in the application. You have uploaded the graphics to Oracle Cloud
Infrastructure and only added the URL in the application. You need to ensure these
graphics are accessible without requiring any authentication for an extended
period of time.
Create pre-authenticated requests (PAR) and specify 00:00:0000 as the

&xpiration time.
Make the object storage bucket private and all objects public and use the URL

expiration time.
Make the object storage bucket private and all objects public and use the URL
found in the Object "Details".
Make the object storage bucket public and use the URL found in the
(Correct)
Object "Details".
Create PAR's and do not specify an expiration date.
You have five different company locations spread across the US. For a proof-of-
concept (POC) you need to setup secure and encrypted connectivity to your
workloads running ina single virtual cloud network (VCN) in the Oracle Cloud
Infrastructure Ashburn region from all company locations.
Create five internet gateways in your VCN and have separate route table for
each intemet gateway.
Create five virtual circuits using FastConnect for each company location and
terminate those connections on a single dynamic routing gateway (DRG). Attach
that ARG te vou Vie

Create five virtual circuits using FastConnect for each company location and
terminate those connections on a single dynamic routing gateway (DRG). Attach
that DRG to your VCN.
Create five IPsec connections with each company location and

terminate those connections on a single DRG. Attach that DRG to (Correct}
your VCN.
Create five IPsec VPN connections with each company location and terminate
those connections on five separate DRGs. Attach those DRGs to your VCN.
Question G3: skipped
You have provisioned an Autonomous Transaction Processing (ATP) database and

logged into the ATP service console.
What are three abilities that can be performed from this service console?
scale up/down the CPUs
rrent dhe adenin nacciumerd [Parracth

reset the admin password (Correct)
set resource management rules (Correct)
monitor database activity and SQL queries (Correct)
You must implement a backup solution for your Autonomous Data Warehouse
(ADW) that will enable you to restore data as old as one year with a recovery point
objective (RPO) of 10 days.
Take weekly manual backups to supplement the automated backups and

preserve them for 12 months.
Use the automated backups. (Correct)
Take monthly manual backups to supplement the automated backups and

| USE IN€ auLOMaled DAaCKUpS. (Correct)
Take monthly manual backups to supplement the automated backups and

Take quarterly manual backups to supplement the automated backups and

Which two statements are true about the Oracle Cloud Infrastructure object
storage service?
| It provides strong consistency (Correct)
It provides higher |OPS than block storage.
It can be directly attached to or detached from a compute instance
Data is stored redundantly across multiple availability domains

* (ADs) in a multi-AD region

Data is stored redundantly across multiple availability domains
(ADs) in a multi-AD region
You have been notified of an application failure indicating that one or more of the
Oracle Cloud Infrastructure (0C1) resources have become unavailable. After
scanning the Compute and Database consoles, you notice that one of the DD
Systems is missing.
Navigate to the Audit console and search the previous 24 hours for
all Delete actions to get.a list of any resource that was deleted in (Correct)
the past 24 hours
Create a serial console connection to the DB System that does not appear in the
management console. Connect to the serial console connection, and then review
the system logs under /varilogimessages
View the service limits associated with your account to ensure that you have not
exceeded the allowable number of DB Systems in your tenancy
Navigate to the Audit console and search the previous 24 hours for all List
actions to get alist of every event that occurred in the past 24 hours.
Navigate to the Audit console and search the previous 24 hours for all List
actions to get a list of every event that occurred in the past 24 hours.
Which statement is true about Data Guard Implementation in DB systems?
Both DB systems must be in the same compartment, and they must

(Correct)
be the same shape
You cannot manage Oracle database Initialization parameters at a global level
You can define the backup window and set custom backup retention peried for
the automatic database backup schedule
| You cannot manage the database as ays/sysdba

Question G8: skipped
Which two statements are true about DB Systems in Oracle Cloud Infrastructure?
(Choose two.)
Customers can consolidate multiple database homes on a single virtual machine

database host
Customers have no control over database patching
Customers can manage the TDE Wallet after DB Systems are

=e (Correct)
provisioned
The database and backups are encrypted by default (Correct)
Which two statements are true regarding cloning a block volume?
You can change the block volume performance when creating a

(Correct)
clone
You can change the block volume performance when creating a
(Correct)
clone
You can clone block volumes across regions
You can change the block volume size when creating a clone (Correct)
You can skip block volume encryption when creating a clone
You have deployed a compute instance (VM.Standard2.24) to run an Oracle

database. With this set up, you run into some performance issues and want to
leverage an OCI Dense 10 shape (VM.Densel02.24), with which you get 25.6 TB
local NVMe SSD. You do not want to lose the configuration changes you made to
the instance.
Which of the following TWO steps ARE NOT required to make this transition?
Terminate the VM.Standard2.24 instance and do not preserve the

(Correct)
boot volume
Create a new instance using the VM.Densel02.24 shape using the preserved
hantunhlime and meve tha Ororlia MNatahsca Asta th A/a dicke

Wu worn
Create a new instance using the VM.Densel02.24 shape using the preserved
boot volume and move the Oracle Database data to NVMe disks
Terminate the VM.Standard2.24 instance and preserve the boot volume
Create a new instance using a VM.Densel02.24 shape using the

preserved boot volume and move the Oracle Database data to (Correct)
block volumes
You are running several Linux based operating systems in your on .premises
environment that you want to import to OCI] as custom images. You can launch
your imported images as OCI compute Virtual machines.
Which two modes below can be used to launch these imported Linux VMs?
Native
Mixed

Mixed
Paravirtualized (Correct)
Emulated (Correct)
You have an application deployed in Oracle Cloud Infrastructure running in the US

East region. You have been asked to create a disaster recovery plan that will
protect against the loss of critical data. The DR site must be at leasta few hundred
miles from your primary site and data transfer between the two sites must not
traverse the public Internet.
Which Is the lowest latency and lowest cost recommended disaster recovery plan?
Create a DR environment in the US West region and provision a FastConnect

virtual circuit using Dynamic Routing Gateways between the regions
Create a DR environment in the US West region. Associate a Dynamic Routing

Gateway (DRG) with the VCN in each region and configure an IPsec VPN
connection between the two regions
Create a DR environment in the US West region. Associate a

connection between the two regions
Create a DR environment in the US West region. Associate a

| Dynamic Routing Gateway (DRG) with the VCN in each region and (Correct)
create a remote peering connection between the two VCNs
Create a DR environment in the US West region. Associate a local Peering

Gateway with the VCN in each region and create a local peering connection
between the two VCNs
Which two statements are true about Oracle Cloud Infrastructure IPSec VPN
Connect?
| Each OCI IPSec VPN consists of multiple redundant !PSec tunnels (Correct)
—
Oc! IPSec VPN tunnel supports only static routes to route traffic
OCI IPSec VPN can be configured in tunnel mode only (Correct)
OCI IPSec VPN can be configured in trans port mode only

OC! IPSec VPN can be configured in trans port mode only
Which two Oracle Cloud Infrastructure services use a Dynamic Routing Gateway?
OC! FastConnect Public Peering
Local Peering
OCI FastConnect Private Peering (Correct)
Internet Gateway
OCI IPSec VPN Connect (Correct)

You have an instance running in a development compartment that needs to make

API calls against other OCI services, but you do not want to configure user
credentials or a store a configuration file on the instance.
Create a dynamic group with matching rules to include your instance
Instances can automatically make calls to other OCI services
Instances are secure and cannot make calls to other OCI services
Create a dynamic group with matching rules to include your

; : . : . (Correct)
instance and write a policy for this dynamic group
You have the following compartment structure in your tenancy. Root compartment-
=Training->Training-subl ->Training-sub2 You create a policy in the root
compartment to allow the default admin for the account (Administrators) to

You have the following compartment structure in your tenancy. Root compartmecnt-
>Training->Training-subl ->Training-sub2 You create a policy in the root
compartment to allow the default admin for the account (Administrators) to
manage block volumes in compartment Training-sub2.
What policy would you write to meet this requirement?
Allow group Administrators to manage volume-family in root compartment
Allow group Administrators to manage volume-family in compartment Training-

sub! :Trainmg-sub2
Allow group Administrators to manage volume-family in

eae et a (Correct)
compartment Training: Training-sub 1 :Training-sub2
Allow group Administrators to manage volume-family in compartment Training-

sub2
You have created a new compartment called Production to host some production
apps. You have also created users in your tenancy and added them to a Group
called "production group”. Your users are still unable to access the Production
compartment.

You have created anew compartment called Production to host some production
apps. You have also created users in your tenancy and added them to a Group
called "production group". Your users are still unable to access the Production
compartment.
How can you resolve this situation?
Every compartment you create comes with a predefined set of policies, so no

further action is needed
Your users get automatic access to all compartments, so no further action is

needed
Write an IAM Policy for each specific user granting them access to the
production compartment
Write an LAM Policy for "production_group" granting it access to the

‘Corre:
production compartment : =
You have two line of business operations (LOB1, LOB2) leveraging Oracle Cloud
Infrastructure. LOB1 is deployed in VCN1 in the OCI US East region, while LOB2 is
deployed in VCN2 in the US West region. You need to peer VCN1 and VCN2 for
disaster recovery and data backup purposes.

You have two line of business operations (LOB1, LOB2) leveraging Oracle Cloud
Infrastructure. LOB1 is deployed in VCN1 in the OCI US East region, while LOB2 is
deployed in VCN2 in the US West region. You need to peer VCN1 and VCN2 for
disaster recovery and data backup purposes.
To ensure you can utilize the OCI Virtual Cloud Network remote peering feature,
which Cl DR ranges should be used?
VCN1 (10.0.0.0/16) and VCN2 (10,0.1.0/24)
VCN1 (10.0.0.0/16) and VCN2 (172.16.0.0/16) (Correct)
VCNI1 (172.16.1-0/24) and VCN2 (172.16.1.0/27)
VCNI (192.168.0.0/16) and VCN2 (192.168.1.0/27)
You have launched a compute instance running Oracle database in a private

subnet in the Oracle Cloud Infrastructure US East region. You have also created a
Service Gateway to back up the data files to OC Object Storage in the same
region. You have modified the security list associated with the private subnet to
allow traffic to the Service Gateway, but your instance still cannot access OC]
Object Storage.
How can you resolve this issue?

region. You have modified the security list associated with the private subnet to
allow traffic to the Service Gateway, but your instance still cannot access OCI
Object Storage.
How can you resolve this issue?
Add a stateful rule that enables ingress HTTPS (TOP port 443) traffic to 001
Object Storage in the security list associated with the private subnet
Add a stateful rule that enables egress HTTPS (TCP port 442) traffic to OCI
Object Storage in the security list associated with the private subnet
Add a rule in [he Route Table associated with the private subnet
with Target type as ‘Service Gateway" and destination service as all (Correct)
|AD services in the Oracle Service Network.’
Use the default Security List which has ports open for OCI Object Storage
You are a network architect of an application running on Oracle Cloud

Infrastructure (OCI). Your security team has informed you about a security patch
that needs to be applied immediately to one of the backend web servers.
What should you do to ensure that the OCI load balancer does not forward traffic
to this backend server during maintenance?

LS SY CU Ly pre
that needs to be applied immediately to one of the backend web servers.
What should you do to ensure that the OCI load balancer does not forward traffic
to this backend server during maintenance?
Drain all existing connections to this backend server and mark the
- (Correct)
backend web server offline
Create another OCI load balancer for the backend web servers, which are active
and handling traffic
Edit the security list associated with the subnet to avoid traffic connectivity to this
backend serve
Stop the load balancer for maintenance and restart the load balancer after the
maintenance is finished
Your application consists of three Oracle Cloud Infrastructure compute instances

running behind a public load balancer. You have configured the load balancer to
perform health checks on these instances, but one of the three instances fails to
pass the configured health check.
Which of the following action will the load balancer perform?

perform health checks on these instances, but one of the three instances fails to
pass the configured health check.
Which of the following action will the load balancer perform?
Stop sending traffic to the instance that failed health check (Correct}
Terminate the instance that failed health check
Stop the instances that failed health check
Remove the instance that failed the health check from the backend set
Which three items must be configured for a load balancer to accept incoming
traffic?
A route table entry pointing to the listener IP address
A security list that is open on the listener port (Correct)

A security list that is open on the listener port (Correct)
A backend set with at least one backend server (Correct)
SSL certificate
A listener (Correct)
Your IT department wants to cut down storage costs, but also meet compliance
requirements as set up by the central audit group. You have a legacy bucket with
both Word does (*.docx) and Excel files (*.xlsx). Your auditors want to retain only
Excel files for compliance purposes. Your IT departments wants to keep all other
files for 365 days only.
What two steps can you take to meet this requirement?
Create Object Storage Lifecycle rules to archive objects from the legacy bucket
after 365 days without any pattern matching
Create Object Storage Lifecycle rules to delete objects fram the

legacy bucket after 365 days with a filter type - include by pattern: (Correct)
Create Object Storage Lifecycle rules to delete objects from the
legacy bucket after 365 days with a filter type - include by pattern: (Correct)
"docx"
It is not possible to meet this requirement.
Itis not possible to meet this requirement Create Object Storage

Lifecycle rules to delete objects from the legacy bucket after 365 (Correct)
days with a filter type - exclude by pattern: "xisx"
Create Object Storage Lifecycle rules to delete objects from the legacy bucket
after 365 days without any pattern matching
You have a working application in the US East region. The app is a 3-ticr app with a
database backend - you take regular backups of the database into OC! Object
Storage in the US East region. For Business continuity; you are leveraging OCI
Object Storage cross-region copy feature to copy database backups to the US
West region.
Which of the following three steps do you need to execute to meet your
requirement?

Which of the following three steps do you need to execute to meet your
requirement?
Write an LAM policy and authorize the Object Storage service to

(Correct)
manage objects on your behalf
Specify an existing destination bucket (Correct)
Specify an existing destination bucket
Provide a destination object name
Provide an option to choose bulk copying of objects
Choose an overwrite rule (Correct)
Which of the following statement is true regarding Oracle Cloud Infrastructure

Object Storage Pre-Authenticated Requests?
Which of the following statement is true regarding Oracle Cloud Infrastructure
Object Storage Pre-Authenticated Requests?
It Is not possible to create pre-authenticated requests for "archive" storage tier
Changing the bucket visibility does not change existing pre-

(Correct)
authenticated requests
Itis not possible to create pre-authenticated requests for the buckets, but only
for the objects
Pre-authenticated requests don't have an expiration
You have two NFS clients running in two different subnets within the same Oracle
Cloud Infrastructure (OCI) Virtual Cloud Network (VCN). You have created a shared
file system for the two NFS clients who want to connect to the same file system,
but you want to restrict one of the clients to have READ access while the other has
READMMtrite access.
Which OCr feature would you leverage to meet this requirement?
Use VCN security rules to control access for the NFS clients
Which Ocr feature would you leverage to meet this requirement?
Use VCN security rules to control access for the NFS clients
Use OCI Identity Access Management to control access for the NFS clients
Use File Storage NFS Export Options to control access for the NFS
clients =
Use NFS security to control access for the NES clients
Which statement is true about the Oracle Cloud Infrastructure File Storage Service
Mount Target?
You can access multiple file systems through a single mount target (Correct)
Mount target has a public IP address and DNS name
Mount target lives in a single subnet of your choice, but is not highly available
UU Ley St oS a PUM uo a Lee rr
Mount target lives in a single subnet of your choice, but is not highly available
Each mount target requires six internal IP addresses in the subnet to function
Which statement is true about the Oracle Cloud Infrastructure File Storage Service
Snapshots?
Snapshots are created under the root folder of file system, ina
hidden directory named snapshot .
Snapshots are not incremental
You can restore the whole snapshot, but not the individual files
It ls not possible to create snapshots from OCI console, but just the CLI

Which two statements are true about Oracle Cloud Infrastructure (OCI) DB
Systems Data Guard service?
_ Both DB systems must use the same VCN, and port 1521 must be
(Correct)
open
Data guard configuration on the OC! is limited to a virtual machine only
Data guard implementation for Bare Metal shapes requires two DB

| Systems, one containing the primary database and one containing (Correct)
the standby database.
Data guard implementation requires two DB Systems, one running the primary
database on a virtual machine and the standby database running on bare metal.
Which two ontions are available within the service console of Autonomous
Which two options are available within the service console of Autonomous
Transaction Processing?
Monitor the health of the database server including CPU, memory

ic
and query performance ——
Configure resource management rules and reset the admin

password
Perform a manual backup of the ATP database
Fine tune a long running query using optimizer hints
Which of the following two tasks can be performed in the Oracle Cloud
Infrastructure Console for Autonomous Data Warehouse?
Adjust Network Bandwidth

Which two options are available within the service console of Autonomous
Transaction Processing?
Monitor the health of the database server including CPU, memory

ic
and query performance ——
Configure resource management rules and reset the admin

password
Perform a manual backup of the ATP database
Fine tune a long running query using optimizer hints
Which of the following two tasks can be performed in the Oracle Cloud
Infrastructure Console for Autonomous Data Warehouse?

Scale up/down Memory
Increase Storage allocated for Database (Correct)
| Scale up/down CPU (Correct)
Which two statements arc true about Autonomous Data Warehouse (ADW)
backup?
You can perform manual backups to OC! object storage in addition

to automated backups available on ADW a
You can backup ADW database only to a standard bucket type in

OC! object storage
Oracle Cloud Infrastructure (OCI) recommends backing up ADW databases

manually to on-premises storage devices
a es
You must backup ADW database to object storage bucket named ADW_ backup
A customer has launched a compute instance In the Virtual Cloud Network (VCN),
which has an internet gateway, a service gateway, a default security lists and a
default route table. Customer has opened up Port 22 In the security lists attached
to the compute Instance subnet, however is still unable to connect to compute
Modify the route table associated with the VCN subnet in which the
instance resides. Add a following route to the route table. (Correct)
Destination CIDB: 0.0.0.0/0 Target Internet Gateway <"GM)
Modify the route table associated with the YVCN subnet in which the instance
resides. Add a following route to the route table. Destination Cl DP: 0.0.0.0/0
Modify the security list associated with the VCN subnet In which the Instance

You must backup ADW database to object storage bucket named ADW_ backup
A customer has launched a compute instance In the Virtual Cloud Network (VCN),
which has an internet gateway, a service gateway, a default security lists and a
default route table. Customer has opened up Port 22 In the security lists attached
to the compute Instance subnet, however is still unable to connect to compute
Modify the route table associated with the VCN subnet in which the
instance resides. Add a following route to the route table. (Correct)
Destination CIDB: 0.0.0.0/0 Target Internet Gateway <"GM)
Modify the route table associated with the YVCN subnet in which the instance
resides. Add a following route to the route table. Destination Cl DP: 0.0.0.0/0

resides. Add a stateful egress rule to allow ichp traffic in addition to the port 22
Modify the route table associated with the VCN subnet In which the Instance
resides. Add a following route to the route table. Destination Cl DR: 0.0.0.0/0
Target: Service Gateway (SGW)
The Oracle Cloud Infrastructure Block Volume service lets you expand the size of
block and boot volumes.
Which three options below can you use to increase the size of your block
volumes?
| Clone an existing volume to a new, larger volume (Correct)
You can only expand block volumes and net boot volumes
Expand an existing volume in place with offline resizing (Correct)

Rah pee es eee wee Qe ny
The Oracle Cloud Infrastructure Block Volume service lets you expand the size of
block and boot volumes.
Which three options below can you use to increase the size of your block
volumes?
Clone an existing volume to a new, larger volume (Correct)
You can only expand block volumes and net boot volumes
Expand an existing volume in place with offline resizing (Correct)
Take a backup of your existing volume and restore from the volume
(Correct)
backup to a larger volume
Expand an existing volume in place with online resizing

1z0-1072 Oracle Cloud0AInfrastructure 2019architect Associate - 3 August 2020 - Compressed

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

1z0-1072 Oracle Cloud0AInfrastructure 2019architect Associate - 3 August 2020 - Compressed

Uploaded by

Copyright:

Available Formats

Oracle

Web: www.dumpscollection.com [ Total Questions: 66]

A. Remote virtual cloud network (VCN) peering across region

B. Oracle IPsec VPN

C. Local VCN peering

D. Oracle Cloud Infrastructure FastConnect public peering

What is a valid option when exporting a custom image?

A. object storage URL

B. archive storage URL

C. file storage service

C. weighted round robin

Success Guaranteed, 100% Valid

How can you achieve these requirements?

D. Create PARs and do not specify an expiration date.

Which is the recommended way to design the network architecture?

Which statement is true about Oracle Cloud Infrastructure FastConnect?

Success Guaranteed, 100% Valid

A. scale up/down the CPUs

B. create ATP database users

C. reset the admin password

D. set resource management rules

E. monitor database activity and SQL queries

Which two resources reside exclusively in a single availability domain?

Web Application Firewall Policy

Success Guaranteed, 100% Valid

What change would you make to satisfy this requirement?

A. It provides strong consistency.

B. It provides higher LOPS than block storage.

C. It can be directly attached to or detached from a compute instance.

Success Guaranteed, 100% Valid

Which option would remedy this situation?

Destination CIDB: 0.0.0.0/0 Target: Internet Gateway <"GM)

Destination CIDP: 0.0.0.0/0

Target: Dynamic Routing Gateway (ORG)

Destination CIDR: 0.0.0.0/0 Target: Service Gateway (SGW)

When terminating a compute instance, which statement is true?

A. The instance needs to be stopped first, and then terminated.

B. The boot volume is always deleted.

C. All block volumes attached to the instance are terminated.

Success Guaranteed, 100% Valid

B. It can be restored as a new volume to any AD across different regions

D. It can be restored as a new volume to any AD in the same region

A. Billing stops only when the ADW is terminated

C. Billing for compute stops when ADW is stopped

D. Billing for storage continues when ADW is stopped

Which statement is true about Data Guard Implementation in DB systems?

Success Guaranteed, 100% Valid

B. You cannot manage Oracle database Initialization parameters at a global level.

D. You cannot manage the database as ays/sysdba.

A. You can add/remove Diskgroup in ATP

You can scale storage up or down in ATP

You can scale CPU up or down in ATP

You can add new ORACLE

What is the possible reason for this ‘Critical’ warning?

C. OCI Load Balancer Listener is not configured correctly.

Success Guaranteed, 100% Valid

A. A fault domain is a grouping of hardware and infrastructure within an availability domain

B. Each availability domain contains three fault domains

C. A failed instance in a fault domain is automatically relaunched

D. A fault domain is selected automatically based on usage data

A. bare metal instance

A. By default, object storage and block storage are encrypted at rest.

B. A customer is responsible for data encryption in all services of OCI.