OCI Operations

Operations
Study online at quizlet.com/_992a8y
1. All the developers in a DevOps team are using the same compartment Allow group group-dev group-ops to manage all
called 'devops'. There are two IAM groups: 'group-devs' and 'group-ops'. resources in compartment devops
Which of the following IAM policy will give users in both these groups
access to manage all resources in the compartment?
- Allow group /group*/ to manage all resources in compartment devops
- Allow any-user to manage all resources in compartment devops where
any {request.group=group-dev,group-ops}
- Allow group group-dev group-ops to manage all resources in
compartment devops
- Allow any-user to manage all resources in compartment devops where
request.group= /group*/
2. As an administrator of your Oracle Cloud Infrastructure (OCI) tenancy, you Launch a compute instance in your OCI tenancy.
are configuring your tenancy so that Oracle SDKs and OCI CLI can be Install and configure required development
integrated with your OCI environments. Which of the following is NOT a environments and CLI
required action to accomplish this integration?
- Add the required credentials in either a configuration file for the SDKs
and CLI or a config object in the code.
- Create a user in IAM for the person or system who will be calling the
API, and put that user in at least one IAM group with any desired
permissions
- Launch a compute instance in your OCI tenancy. Install and configure
required development environments and CLI
- Generate an API signing key in PEM format. Upload the public key from
the key pair in the OCI Console.
3. As a solution architect of the Oracle Cloud Infrastructure tenancy, you Allow group CloudOps to read metrics in tenancy
have been asked to provide members of group CloudOps the ability to where target.metrics.namespace=oci_computeagent
view and retrieve monitoring metrics, but only for all monitoring-enabled
compute instances. Which policy statement will you define to grant this
access ?
- Restricting monitoring access only to compute instances metrics is not
possible.
- Allow group CloudOps to read compute-metrics in tenancy
- Allow group CloudOps to read metrics in tenancy where
target.metrics.monitoring='oci_computeagent'
- Allow group CloudOps to read metrics in tenancy where
target.metrics.namespace=oci_computeagent
4. As a solution architect to Oracle Cloud Infrastructure tenancy, you have Allow group DevOps to read buckets in compartment
been asked to provide your organization developers within the group nightly-builds Allow group DevOps to manage
DevOps access to regularly write and list log files to any bucket within objects in compartment nightly-builds where any
the compartment nightly-builds. Which of the below statements will {request.permission='0BJECT_CREATE',
define your IAM policy? request.permission='OBJECT_INSPECT'}
- Allow group DevOps to read buckets in compartment nightly-builds
Allow group DevOps to manage objects in compartment nightly-builds
- Allow group DevOps to read buckets in compartment nightly-builds
where any {request.permission='0BJECT_CREATE',
request.permission='OBJECT_INSPECT'}
- Allow group DevOps to inspect buckets in compartment nightly-builds
where any {request.permission='OBJECT_INSPECT'}
- Allow group DevOps to inspect buckets in compartment nightly-builds
where any {request.permission='0BJECT_CREATE'}
5. As the operations administrator for your company's Oracle Cloud Native Oracle Net Services encryption and
Infrastructure (OCI), you have been entrusted the task of ensuring that data integrity capabilities
being accessed by the application is encrypted. Your application portfolio
Includes both Virtual Machine (VM) and Bare Metal (BM) database systems.
Which method should you use to ACHIEVE ENCRYPTION of data in-transit ?
- Data is encrypted at rest using TDE and no additional encryption is needed
- Key Store/Wallet service for on the fly encryption of data in transit
- Native Oracle Net Services encryption and integrity capabilities
- Configure backup encryption for RMAN backup sets before transferring data
6. The boot volume on your Oracle Linux instance has run out of space. Your Create a RAID 0 configuration to extend the boot
application has crashed due to a lack of swap space, forcing you to Increase volume file system onto another block volume.
the size of the boot volume. Which step should NOT be Included In the
process used to solve the issue ?
- Create a RAID 0 configuration to extend the boot volume file system onto
another block volume.
- Reattach the boot volume and restart the instance.
- Attach the resized boot volume to a second instance as a data volume;
Extend the partition and grow the file system on the resized boot volume.
- Resize the boot volume by specifying a larger value than the boot volume's
current size.
- Stop the instance and detach the boot volume.
7. Choose TWO options that show the correct scope for setting up Oracle Cloud - Cost-tracking tag
Infrastructure (OCI) budgets? - Compartment
- User-defined tag
- Tenancy
- Namespace
- Cost-tracking tag
- Compartment
8. An eCommerce company is running on Oracle Cloud Infrastructure (OCI) and When an instance pool scales in, instances are
many compute instances remain unused for the most part of the year except terminated in this order: the number of instances
during Black Friday and Christmas. You suggest them to use OCI's Autoscaling is balanced across Availability Domains, and
feature and present them a slide to showcase the features of Autoscaling. then balanced across Fault Domains. Finally,
Which option below is INACCURATE in your presentation to the customer ? within a Fault Domain, the newest instance is
- Autoscaling requires an instance pool as a pre-requisite so that it can terminated first.
automatically adjust the number of compute instances in an instance pool.
- When an instance pool scales in, instances are terminated in this order: the
number of instances is balanced across Availability Domains, and then
balanced across Fault Domains. Finally, within a Fault Domain, the newest
instance is terminated first.
- A cooldown period between Autoscaling events lets the system stabilize at
the updated level.
- Autoscaling relies on performance metrics such as CPU utilization that are
collected by OCI Monitonng service to trigger an Autoscaling event.
9. The following command was successfully executed from Oracle Cloud It archives all objects after 30 days.
Infrastructure (OCI) CLI for the lifecycle management of objects in an OCI
object storage bucket. oci os object-lifecycle-policy put -ns MyNamespace -
bn MyBucket —items
- It archives objects named "null" after 30 days and deletes them after 180
days.
- It archives all objects after 30 days.
- It archives objects named "null" after 30 days.
- It archives all objects after 30 days and deletes them after 180 days.
10. How can you provide USER ACCESS to an existing compartment in Oracle Cloud Infrastructure? by adding users to a group
- by granting users access to the compartment when the compartment is created and defining policy to
- by adding users to a compartment; all users in the compartment will have access to the provide the group access to
resources in the compartment the compartment
- by adding users to a group and defining policy to provide the group access to the compartment
- by granting access directly to the user when the user is created
11. In order to better manage resource utilization in your environment, you have decided to create - Create a new topic in the
alerts that notify your team each time a new compute instance is created. Which TWO resources Notifications Service.
would you need to create in order to accomplish this task? Subscribe your email
- Create a new metrics query in the Monitoring Service with the metric namespace address to the topic.
soci_computeagent and the dimension name 'resourceld'. - Create a rule in the Event
- Create a new subscription in the Notification Service to subscribe to all Event Service rules. Service that is activated by
- Create a new topic in the Notifications Service. Subscribe your email address to the topic. the Instance - Launch End
- Create a rule in the Event Service that is activated by the Instance - Launch End event type. event type.
- Create a new instance pool and assign an Autoscaling policy to create additional instances
when aggregate CPU utilization exceeds 80%.
12. In order to manage Alarms In Oracle Cloud Infrastructure (OCI), which THREE actions can be - View all the firing alarms.
performed through the OCI Console? - View alarm history for the
- Update the MQL expression of an alarm. last 3 months.
- Add multiple suppressions for an alarm. - Move an alarm to a
- View all the firing alarms. different compartment.
- View alarm history for the last 3 months.
- Manually fire an alarm
- Move an alarm to a different compartment.
13. An Insurance company has contracted you to help automate their application business continuity Create a Health Check that
plan. They have the application running in eu-frankfurt-1 as the primary site and uk-london-1 as a evaluates both regional
disaster recovery site. Normally they have a DNS A record associated with the IP address of the endpoints. Create a Traffic
primary endpoint in eu-frankfurt-1. In the event of a disaster, they use OCI DNS Zone Management Steering policy
Management to update the A record and replace it with the IP address of the endpoint in uk- with Failover type and
london-1. How can you AUTOMATE the failover process ? associate it with the Health
- Provision a Load Balancer in Frankfurt and associate it with the A record in DNS. Create a Check.
backend set with backend servers from both eu-frankfurt-1 and uk-london-1 regions
- Create a Traffic Management Steering policy with Load Balancer type and add both eu-
frankfurt-1 and uk-london-1 endpoints. Attach the Traffic Management Steering policy to the A
record
- Create a Health Check that evaluates both regional endpoints. Create a Traffic Management
Steering policy with Failover type and associate it with the Health Check.
- Create a Traffic Management Steering policy and attach it to a backend set with the backend
servers from both eu-frankfurt-1 and uk-london-1 regions.
14. In the Oracle Cloud Infrastructure Console, a failed database backup for VM DB System is Using the OCI logging
displaying a "Backup in Progress" status. Which of the following troubleshooting steps DOES NOT feature to collect the logs
provides enough details to solve this issue ? and search the logs history
- Using the database CLI and log files to gather more data and look for root causes for the exact error
- Looking for Database service agent issues and try restarting the dcsagent program
- Using the OCI logging feature to collect the logs and search the logs history for the exact error
- Testing if the host can connect to the applicable Swift endpoint by using a Swift user to make
sure Object Storage connectivity is working
15. Multiple teams are sharing a tenancy in Oracle Cloud Infrastructure (OCI). You are asked to Create an Identity and Access
figure out an appropriate method to manage OCI cost not a valid technique to accurately Management (IAM) group for
attribute costs to resources used by each team ? each team. Create an OCI
- Create a Cost-Tracking tag. Apply this tag to all resources with team information. Use the OCI budget for each group to
cost analysis tools to filter costs by tags. track spending.
- Create separate compartment for each team. Use the OCI cost analysis tools to filter costs by
compartments.
- Define and use tags for resources used by each team. Analyze usage data from the OCI Usage
Report which has detailed information about resources and tags.
- Create an Identity and Access Management (IAM) group for each team. Create an OCI budget
for each group to track spending.
16. One of the compute Instances that you have deployed is malfunctioning. You have created a - If you do not disconnect
console connection to remotely troubleshoot. Which TWO statements about console from the session, your serial
connections are TRUE? console connection will
- For security purpose, the console connection will not let you edit system configuration files. automatically be terminated
- If you do not disconnect from the session, your serial console connection will automatically be after 24 hours.
terminated after 24 hours. - VNC console connection
- VNC console connection uses SSH port forwarding to create a secure connection from your uses SSH port forwarding to
local system to the VNC server attached to your instance's console. create a secure connection
- It is not possible to connect to the serial console to an instance running Microsoft Windows, from your local system to the
however VNC console connection can be used. VNC server attached to your
- It is not possible to use VNC console connections to connect to Bare Metal Instances. instance's console.
17. One of your development teams has asked for your help to standardize the creation of several oci compute instance launch
computes instances that must be provisioned each day of the week. You initially write several —generate-full-command-
Command Line Interface (CLI) commands with all appropriate configuration parameters to json-input
achieve this task later determining this method lacks flexibility. Which command generates a
JSON-based template that Oracle Cloud Infrastructure (OCI) CLI can use to provision these
Instances on a regular basis ?
- oci compute instance create --generate-cll-skeleton
- oci compute provision-instance — generate-full-command-json-Input
- oci compute instance launch --generate-cll-skeleton
- oci compute instance launch —generate-full-command-json-input
18. An organization wants to extend their existing on-premises data centers to the Oracle Cloud Add another Customer-
Infrastructure (OCI) us-phoenix-1 region. In order to achieve It, they have created an IPSec VPN Premises Equipment (CPE)
connection between their Customer-Premises Equipment(CPE) and Dynamic Routing and create second IPSec VPN
Gateway(DRG). How can you make this connection highly available ( HA )? connection with the same
- Create a NAT Gateway and route all traffic through a NAT Gateway, which is highly available Dynamic Routing Gateway
component. (DRG)
- Add another Dynamic Routing Gateway in a different Availability Domain, and create another
IPSec VPN connection with another Customer Premises Equipment (CPE)
- Add another Dynamic Routing Gateway in a different Availability Domain, and create another
IPSec VPN connection with another Customer Premises Equipment (CPE)
- Add another Customer-Premises Equipment (CPE) and create second IPSec VPN connection
with the same Dynamic Routing Gateway (DRG)
19. Question 27: Skipped Allow group
You are tasked with creating a group called volumeBackcupAdmins to manage only block volume VolumeBackupAdmins to
backups. Which of the following set of policy/policies would you need to write to meet this use volumes in tenancy
requirement? Allow group
- Allow group VolumeBackupAdmins to use volumes in tenancy Allow group VolumeBackupAdmins VolumeBackupAdmins to
to manage volume-backups in tenancy manage volume-
- Allow group VolumeBackupAdmins to use volumes in tenancy Allow group VolumeBackupAdmins backups in tenancy
to manage volume-backups in tenancy Allow group VolumeBackupAdmins to use volume-
attachments in tenancy Allow group VolumeBackupAdmins to use instances in tenancy
- Allow group VolumeBackupAdmins to use volumes in tenancy Allow group VolumeBackupAdmins
to manage volume-backups in tenancy Allow group VolumeBackupAdmins to use volume-
attachments in tenanc
- Allow group VolumeBackupAdmins to manage volume-backups in tenancy
20. Recently your e-commerce web application has been receiving significantly more traffic than usual. Verify that the compute
Users are reporting they often encounter a 903. when trying to access your site. Sometimes the site resource quota has not
is very slow. You check your instance pool configuration to confirm that the maximum number of been exceeded.
instances Is configured to allow 20 compute instances. Currently 14 compute instances have been
provisioned by the Instance pool. You also confirm that current CPU utilization across all hosts
exceeds the scale- threshold you set in your auto-scaling policy. However, the Instance pool is not
provisioning any new instances. What can you check to determine why the application is NOT
functioning properly ?
- Verify that the Quality Assurance team is not currently performing load-testing against production.
- Verify that the database is accessible.
- Verify that the new offer feature code did not introduce any performance bugs
- Verify that the compute resource quota has not been exceeded.
21. Several development teams in your company have each been provided with a budget and a Associate a Budget Tag
dedicated compartment to be used for testing purpose u are asked to help them to control the costs to each compartment
and avoid any overspending. What should you do? with the monthly n
- Associate a Budget Tag to each compartment with the monthly n budget amount and set an alert budget amount and set
rule to notify the developers' teams when they reached a specific percentage of the budget an alert rule to notify the
- Configure a Quota for each compartment to prevent provisioning of any bare metal instances developers' teams when
- Contact Oracle support and ask them to associate the monthly budget with the Service Limits in they reached a specific
every region for which your tenancy is subscribed. The tenancy administrator will receive an alert percentage of the
email from Oracle when the limit is reached budget
- Associate a Budget Tag to each resource with monthly budget amount and use that Information to
prepare a weekly report to send to each team
22. A subscriber of on Oracle Cloud Infrastructure (OCI) Notifications service If OCI Notifications service does not receive an
topic complained about not receiving messages from the service. Which of acknowledgement from a subscription endpoint,
the following options can help you debug this issue? the service tries to redeliver messages for up to
- If OCI Notifications service does not receive an acknowledgement from a two hours. Configure an alarm on the Number of
subscription endpoint, the service tries to redeliver messages for up to one Notification Failed metric through the OCI
day. Make sure that the subscriber is online at least once a day to help Monitoring service to help debug the issue.
debug the issue.
- If OCI Notifications service does not receive an acknowledgement from a
subscription endpoint, check the NumberofNotificationFailed metric through
the OCI Monitoring service for failed messages. Copy these messages to an
OCI Object Storage bucket. Make sure the subscriber has the required
credentials to access this bucket to help debug the issue.
subscription endpoint, the service drops the message. Confirm that the
subscriber is always online to receive messages to help debug the issue.
subscription endpoint, the service tries to redeliver messages for up to two
hours. Configure an alarm on the Number of Notification Failed metric
through the OCI Monitoring service to help debug the issue.
23. A team Implemented a SaaS application that requires a whole system Download the dynamic inventory script provided
deployment for each new customer. The Infrastructure provisioning is by Oracle Cloud Infrastructure and include it in the
already automated via Terraform, and now you have been asked to develop playbook Invocation command.
an Ansible playbook to centralize configuration file management and
deployment. What Is the most effective way to ensure your playbooks are
utilizing up-to-date and accurate Inventory?
- Export an inventory list from the Oracle Cloud Infrastructure Web
console.
- Implement a Command Line Interface script to list all the resources and
run it within Ansible to generate a dynamic inventory list.
- Export an inventory list using Terraform apply command.
- Download the dynamic inventory script provided by Oracle Cloud
Infrastructure and include it in the playbook Invocation command.
24. Testing Policy describes when and how you may conduct certain types of Customers are allowed to use their own testing
security testing of Oracle Cloud Services, Including vulnerability and and monitoring tools.
penetration tests, as well as tests Involving data scraping tools. What does
Oracle allow as part of this testing?
- Customers can simulate DoS attack scenarios as long as its restricted to
the customers own environment.
- Customers can validate that their network resources are isolated from
other customer resources.
- Customers are allowed to use their own testing and monitoring tools.
- Customers are allowed to test Oracle Cloud Infrastructure (OCI) hardware
related to resources in their tenancy.
25. To take advantage of cloud agility and burst computing capability, ABC Use an existing SAML 2.0 compliant identity
Automobiles have extended their data center to a Virtual Cloud Network (VCN). provider(IdP) to grant CloudOps members
In Oracle Cloud Infrastructure's (OCI) us-phoenlx-1 region. They have several federated access to OCI Console via the OCI
members in their Cloud Operations (CloudOps) team that need to access the single sign-on (SSO) endpoint
OCI management console. The security administrator does not want to create
new IAM users and credentials that would then need to be ibuted to each
CloudOps member. Which option will help solution architect meet the needs for
CloudOps ?
- Use Web Identity Federation to retrieve an AuthToken to enable CloudOps
members to sign in to the OCI Console
- Use on-premises SAML 2.0 compliant identity provider(IdP) to retrieve an
AuthToken to enable CloudOps members to sign in to the OCI Console
- Use OAuth 2.0 to retrieve temporary credentials to enable your CloudOps
members to sign in to the OCI Console
- Use an existing SAML 2.0 compliant identity provider(IdP) to grant CloudOps
members federated access to OCI Console via the OCI single sign-on (SSO)
endpoint
26. What is a key benefit of using Oracle Cloud Infrastructure's Resource Manager Resource Manager manages the Terraform state
for your Terraform provisioning and management activities? file for your infrastructure and locks the file so
- Resource Manager has administrative privileges by design. Even if your IAM that only one Job at a time can run on a given
user does not have access, you can leverage Resource Manage provision new stack.
resources to any compartment in the Tenancy.
- You can use the Resource Manager to apply patches to all existing Oracle
Linux Instances in a specified compartment.
- Resource Manager manages the Terraform state file for your infrastructure
and locks the file so that only one Job at a time can run on a given stack.
- You can use Resource Manager to identify and maintain an Inventory of all
Compute and Database Instances across your tenancy.
27. Which command sample can be used to copy an object from Oracle Cloud oci os object copy --namespace-name
Infrastructure (OCI) Object Storage bucket in source region to a bucket in a <object_storage_namespace> --bucket-name
destination region ? <source_bucket_name> --source-object-name
- oci os object copy --bucket-name <source_bucket_name> --source-object- <source_object> --destination-namespace
name <source_object> --destination-compartment-id <destination_namespace_string> --destination-
<destination_compartment_id> --destination-region <destination_region> -- region <destination_region> --destination-bucket
destination-bucket <destination_bucket_name> --destination-object-name <destination_bucket_name> --destination-object-
<destination_object_name> name <destination_object_name>
- oci os object copy --namespace-name <object_storage_namespace> --

bucket-name <source_bucket_name> --source-object-name <source_object> --
destination-namespace <destination_namespace_string> --destination-region
<destination_region> --destination-bucket <destination_bucket_name> --
destination-object-name <destination_object_name>
- oci os object copy --bucket-name <source_bucket_name> --source-object-

name <source_object> --destination-region <destination_region> --destination-
bucket <destination_bucket_name> --destination-object-name
<destination_object_name>
- oci os object copy --source-compartment-id <source_compartment_id> --

bucket-name <source_bucket_name> --source-object-name <source_object> --
destination-compartment-id <destination_compartment_id> --destination-
region <destination_region> --destination-bucket <destination_bucket_name> --
destination-object-name <destination_object_name>
28. Which of the below is NOT a supported SDK on Oracle Cloud .NET SDK
Infrastructure(OCI)?
- .NET SDK
- Go SDK
- Java SDK
- Python SDK
- Ruby SDK
29. Which of the below option is a FALSE statement in regards to Oracle OCI CLI does not support combining arguments on
Cloud Infrastructure (OCI) CLI? the command line with file inputs
- The oci-cli-rc command creates shortcuts and command abbreviations
and can be used to set default compartment per CLI profile
- OCI CLI does not support combining arguments on the command line
with file inputs
- Token-based authentication for the CLI allows customers to authenticate
their session interactively, then use the CLI for a single session without an
API signing ke
- OCI CLI can simplify the process of moving large amounts of data to or
from Object Storage
30. Which of the below options is NOT a recommended best practice while You must use oci_core_image data source to use the
creating resources using Terraform provider for OCI? same image every time while launching a compute
- Use lower snake_case for all naming conventions in your terraform instance
configuration files
- Use S3 Backend using OCI Object Storage's S3 Compatibility for Sharing
State Files across teams
- You must use oci_core_image data source to use the same image every
time while launching a compute instance
- Do not check in the state files (terraform.tfstate by default ) to source
control. Add it to your .gitignore.
31. Which of the below options is TRUE while managing compartments in If you move the resource to the new compartment,
Oracle Cloud Infrastructure (OCI)? the policies that govern the new compartment apply
- You can create subcompartments in compartments to create hierarchies immediately.
that are four levels deep.
- If you move the resource to the new compartment, the policies that
govern the new compartment does not apply immediately.
- It's not possible to recover a compartment once it has been deleted.
- If you move the resource to the new compartment, the policies that
govern the new compartment apply immediately.
- Compartment names need not be unique for a given region.
32. Which of the following action do you need to perform to push a new Generate an auth token to complete the
image to the Oracle Cloud Infrastructure(OCI) Registry? authentication via Docker CLI
- Generate a public private key pair to authenticate via Docker CLI.
- Generate an API signing key to complete the authentication via Docker
CLI
- Generate an auth token to complete the authentication via Docker CLI
- Assign an OCI defined tag via OCI CLI to the image
33. Which of the following are essential components of the Oracle Cloud A topic with a name unique across the tenancy, a
Infrastructure Notifications service? subscription, and a message where content is
- An alarm with a name unique across the tenancy, a subscription, and a published.
metric with the measurement of interest.
- An alarm with a name unique across the compartment, a subscription, and
a metric with the measurement of interest.
- A topic with a name unique across the compartment, a subscription, and a
message where content Is published.
- A topic with a name unique across the tenancy, a subscription, and a
message where content is published.
34. Which of the following is NOT a valid attribute of Alarms feature of Oracle metricName
Cloud Infrastructure (OCI) Monitoring service ?
- severity
- namespace
- compartmentld
- metricName
35. Which of the following is NOT a valid option for setting up redundant Use FastConnect with static routing and VPN
connections from an on-premises environment to Oracle Cloud Connect with static routing
Infrastructure (OCI)?
- Use VPN Connect with multiple redundant IPSec tunnels using Border
Gateway Protocol (BGP) dynamic routing
- Use FastConnect with static routing and VPN Connect with static routing
- Use FastConnect with Border Gateway Protocol (BGP) dynamic routing and
VPN Connect with static routing
- Use VPN Connect with multiple redundant IPSec tunnels using static
routing
36. Which of the following is NOT a valid use case for using Oracle Cloud Set up autoscaling policies based on tags
Infrastructure (OCI) cost-tracking tags?
- Set up budgets based on resources grouped by tags
- Set up autoscaling policies based on tags
- Track resource usage based on tags
- Filter projected costs based on tags
37. Which of the following statements is correct about the Oracle Cloud You can configure log retention for up to 365 days
Infrastructure (OCI) Audit LOGS RETENTION PERIOD?
- You can configure log retention for any time duration
- Log retention duration can not be changed
- You can configure log retention for 60 days
- You can configure log retention for up to 365 days
38. Which statement below is TRUE about the Oracle Cloud Infrastructure (OCI) The knife-oci plugin allows users to interact with
knife-oci plugin for Chef ? OCI through Chef Knife
- OCI provides a Chef Server running in each tenancy that can be
controlled by the knife-oci plugin
- The knife-oci plugin allows you to run chef commands from OCI CLI
- The knife-oci plugin allows users to interact with OCI through Chef Knife
- The knife-oci plugin is a Terraform provider to deploy Chef in OCI
39. Which technique does NOT help you get the OPTIMAL Serialize operations to the file system to access consecutive
performance out of the Oracle Cloud Infrastructure (OCI) File blocks as much as possible.
Storage service?
- Increase concurrency by using multiple threads, multiple clients,
and multiple mount targets.
- Store files across multiple directories in the file system.
- Limit access to the same Availability Domain (AD.as the File
Storage service where possible.
- Serialize operations to the file system to access consecutive
blocks as much as possible.
- Right size compute instances from where file system Is accessed
based on their network capacity.
40. Which THREE statements are TRUE about Object Storage Data - All traffic to and from Object Storage service is encrypted
security and Encryption in Oracle Cloud Infrastructure (OCI)? using TLS.
- All traffic to and from Object Storage service is encrypted using - Server-side encryption uses per-object keys which are
TLS. managed by Oracle.
- A VPN connection to OCI is required to ensure security data - Client-side encryption is managed by the customer.
transfer to an object storage bucket.
- OCI Key Management is used by default to provide data
security.
- Server-side encryption uses per-object keys which are managed
by Oracle.
- Client-side encryption is NOT managed by the customer.
- Client-side encryption is managed by the customer.
41. Which TWO statements about the Oracle Cloud Infrastructure - The CLI provides the same core functionality as the
(OCI) Command Line Interface (CLI) are TRUE? Console, plus additional commands.
- The CLI allows you to use the Python language to interact with - You can filter CLI output using the JMESPath query option
OCI APIs. for JSON.
- The CLI provides the same core functionality as the Console,
plus additional commands.
- You can run CLI commands from inside OCI Regions only.
- You can filter CLI output using the JMESPath query option for
JSON.
- The CLI provides an automatic way to connect with instances
provisioned on OCI.
42. Which TWO statements accurately describe Ansible Modules for - OCI Ansible Modules enable orchestrating, provisioning,
Oracle Cloud Infrastructure (OCI)? and configuration management tasks on Oracle Cloud
- OCI Ansible Modules enable orchestrating, provisioning, and Infrastructure.
configuration management tasks on Oracle Cloud Infrastructure. - OCI Ansible Modules represent discrete provisioning tasks
- OCI Ansible Modules represent discrete provisioning tasks or or operations that you CAN invoke individually from the
operations that you CANNOT invoke individually from the command line or else run individually or in sequence from a
command line or else run individually or in sequence from a playbook.
playbook.
- OCI Ansible Modules are units of organization that allows you to
abstract configuration, orchestration, and provisioning tasks into
roles that you can save and share among playbooks and other
users.
- OCI Ansible Modules represent discrete provisioning tasks or
operations that you CAN invoke individually from the command
line or else run individually or in sequence from a playbook.
- OCI Ansible Modules is not able to provide you state control of
resources.
43. Which TWO statements are true about the Bulk Export of Oracle Cloud Infrastructure - Exported logs are available in the
Audit Log Events ? object storage buckets in your tenancy.
- It will be available immediately after the Bulk Export request. - Exported logs remain available
- Exported logs are available in the object storage buckets in your tenancy. indefinitely.
- You can specify only one region in your bulk export request.
- Exported log files list a single audit event per line using csv format.
- Exported logs remain available indefinitely.
44. You are a Cloud Operations administrator who has recently joined a new department. Resource manager stacks are free but you
You have created 10 Terraform stacks using Oracle Cloud Infrastructure (OCI) are charged for the resources they create
resource manager. Each stack creates a different set of resources In OCI for your
development team. What determines the COST of these Terraform stacks ?
- The cost for each stack will be higher for pay as you go (PAYG) than for monthly
flex billing
- The number of lines of text in your Terraform configuration files.
- The length of time it takes to build each resource using these Terraform stacks
- Resource manager stacks are free but you are charged for the resources they
create
45. You are an admin for Oracle Cloud Infrastructure (OCI) tenancy and you are using The Monitoring service uses metrics to
the monitoring service to monitor your team's cloud resource usage. Which of the monitor resources and alarms to notify
below option is TRUE regarding monitoring service? about metrics.
- You cannot create alarms with nested queries.
- Metric and alarm data are accessible via the Console only.
- The Monitoring service uses metrics to monitor resources and alarms to notify
about metrics.
- You can publish only default metrics to Monitoring service not the custom metrics.
46. You are asked to deploy a new application that has been designed to scale Create an instance pool with a
horizontally. The business stakeholders have asked that the application be deployed VM.Standard2.2 shape instance
In us-phoenlx-1. Normal usage requires 2 OCPUs. You expect to have few spikes configuration. Setup the autoscaling
during the week, that will require up to 4 OCPUs, and a major usage uptick at the end configuration to use 2 availability
of each month that will require 8 OCPUs. What is the most cost-effective approach to domains and have a minimum of 2
implementing a highly available and scalable solution? instances, to handle the weekly spikes,
- Create an instance pool with a VM.Standard2.1 shape instance configuration. Setup and a maximum of 4 instances.
the autoscaling configuration to use 2 availability domains and have a minimum of 2
instances and a maximum of 8 instances.
- Create an instance pool with a VM.Standard2.2 shape instance configuration. Setup
the autoscaling configuration to use 2 availability domains and have a minimum of 2
instances, to handle the weekly spikes, and a maximum of 4 instances
- Create an instance with 1 OCPU shape. Use the Resize instance action to scale up
to a larger shape when more resources are needed.
- Create an instance with 1 OCPU shape. Use a CLI script to clone It when more
resources are needed.
47. You are asked to implement the disaster recovery (DR) and business continuity requirements for Back up block
Oracle Cloud Infrastructure (OCI) Block Volumes. Two OCI regions being used: a primary/source region volumes. Copy block
and a DR/destination region. The requirements are: • There should be a copy of data in the destination volume backups from
region to use If a region-wide disaster occurs in the source region. • Minimize costs. Which of the source region to
following design will help you meet these requirements? destination region at
- Clone block volumes. Use Object Storage lifecycle management to automatically move clone object regular intervals
Archive Storage. Copy Archive Storage buckets from source region to destination at regular intervals.
- Clone block volumes. Copy block volume clones from source region to destination region at regular
intervals
- Back up block volumes. Copy block volume backups from source region to destination region at
regular intervals
- Back up block volumes. Use Object Storage lifecycle management to automatically move backup
objects to Archive Storage. Copy Archive Storage buckets from source region to destination at regular
intervals.
48. You are configuring on alarm In Oracle Cloud Infrastructure (OCI) for a compute instance named NetworksBytesIn[1m]
vision. The metric needs to be triggered when the INGRESS network rate is greater than 1 MB. Which {resourceDisplayName
statement will accomplish this ? - "vision").rate() > 1024
- {resourceDisplayName = Hvision"}(NetworksBytesInOMBD.rate() > 1
- {resourceDisplayName = avision"}(NetworksBytesInfl mfl.rate() > 1024
- NetworksBytesIn[1MB]{resourceDisplayName - "vision").rateo > 1
- {resourceDisplayName = avision"}(NetworksBytesInfl mfl.node() = 5
- NetworksBytesIn[1m]{resourceDisplayName - "vision").rate() > 1024
49. You are helping a customer to use Oracle Cloud Infrastructure Resource Manager to automate their With Resource
infrastructure. Which of the below options is FALSE regarding the Resource Manager? Manager, you cannot
- With Resource Manager, you cannot execute scripts or commands on a remote computer execute scripts or
- To control access to the Terraform state file, you can create a security policy that limits access to commands on a remote
reading jobs computer
- Resource Manager consists of Terraform configuration files and each file are in FICL or JSON format
- For a given Resource Manager stack, only one job can be run at a time
50. You are system administrator at a retail company. You Just received a ticket stating that the account The Route Table rules
team is unable to access an internal application. The application is running behind an Oracle Cloud associated with the
Infrastructure (OCI) Public Load Balancer and is using a compute instance pool with autoscaling subnet within the
enabled. You noticed some deleted items In the Audit Log while troubleshooting. Which RESOURCE Virtual Cloud Network
DELETION could have caused this issue? (VCN)
- Internet Gateway and the Route Table associated with the Virtual Cloud Network (VCN)
- NAT Gateway and the Route Table associated with the Virtual Cloud Network (VCN)
- The Route Table rules associated with the subnet within the Virtual Cloud Network (VCN)
- An Object Storage bucket containing transaction log backups
51. You are trying to access Object Storage from your on-premise network. The image shows The on-premises network can
the configuration that you have done. reach the Object Storage through
Which of the following statement is correct? multiple Service Gateways
- The on-premises network can reach the Object Storage through multiple Service (Service Gateway-1. w Service
Gateways (Service Gateway-1. w Service Gateway-2, Service Gateway-3) though you will Gateway-2, Service Gateway-3)
need to create specific routes on each service gateway though you will need to create
- The on-premises network can reach the Object Storage through multiple Service specific routes on each service
Gateways (Service Gateway-2, Service Gateway-3), though the data can only be returned gateway
via HUB VCN Service Gateway (Service Gateway-1)
- The on-premises network can reach the Object Storage only through a single service
gateway (Service Gateway-1)
- The on-premises network can reach the Object Storage through multiple Service
Gateways (Service Gateway-1, Service Gateway-2, Service Gateway-3)
52. You are using configuration management tool Ansible and Ansible playbook with Oracle It cannot generate a temporary,
Cloud Infrastructure to attach a block volume to a compute instance. Which of the below host-specific SSH key pair.
action is FALSE for such an action by Ansible playbook?
- It can specify the public key from the key pair for connecting to the instance, and then
launch the instance.
- It can create a new Block Volume for the instance, attach the volume to the instance, and
specify iSCSI as the volume attachment type.
- It cannot generate a temporary, host-specific SSH key pair.
- It can connect to and then mount the volume from the compute instance by executing
iscsiadm commands over SSH using an Ansible module.
53. You are using Oracle Cloud Infrastructure (OCI) console to set up an ALARM on a budget to - Select COST-TRACKING Tags as
track your OCI spending. Which TWO are valid targets for creating a budget in OCI? the type of target for your budget.
- Select COST-TRACKING Tags as the type of target for your budget. - Select COMPARTMENT as the
- Select COMPARTMENT as the type of target for your budget. type of target for your budget.
- Select GROUP as the type of target for your budget.
- Select TENANCY as the type of target for your budget.
- Select USER as the type of target for your budget.
54. You are using Oracle Cloud Infrastructure (OCI) services across several regions: us-phoenix- Allow group PHX-Admins to
1, us-ashburn-1, uk-london-1 and ap-tokyo-1. You have created a separate administrator manage all-resources in tenancy
group for each region: PHX-Admins, ASH-Admins, LHR-Admins and NRT-Admins, where requestregion= 'phx'
respectively. You want to restrict admin access to a specific region. E.g., PHX-Admins should
be able to manage all resources. In the us-phoenix-1 region only and don't any other OCI
regions. What IAM policy syntax is required to RESTRICT PHX-Admins to manage OCI
resources in the us-phoenix-1 region only ?
- Allow group PHX-Admins to manage all-resources in tenancy
- Allow group PHX-Admins to manage all-resources in tenancy where requestregion= 'phx'
- Allow group PHX-Admins to use all-resources in tenancy where request.region != 'ash'
- Allow group PHX-Admins to manage all-resources in tenancy where - target.group.name =
'ASH-Admins'
55. You are using Terraform provider for Oracle Cloud Infrastructure(OCI) to manage your resources. You You could have
notice someone in your team made changes outside of Terraform to the resources from the Oracle avoided such a
Cloud Infrastructure console. Which of the below options is TRUE for such a scenario? situation by adding
- You cannot perform Terraform code changes anymore as it has corrupted the overall resource the ignore_changes
management. parameter in
- You could have avoided such a situation by adding the ignore_changes parameter in configuration files. configuration files.
- Terraform always overwrites the changes made outside of Terraform next time you apply the
configuration.
- Terraform automatically detects the changes and makes sure your Terraform code is up to date.
56. You are using Terraform to create a sandbox environment for the development team. This environment The remote-exec
consists of an Oracle Cloud Infrastructure virtual cloud network, two compute resources, and a provisioner
database instance. As part of the Terraform configuration you need to run a script on the two compute
instances that will configure the connection to the database. Which Terraform feature would you
leverage to accomplish this task ?
- The remote-exec provisioner
- The local-exec provisioner
- The instance data source
- The OCI Provider
57. You are using the Oracle Cloud Infrastructure Command Line Interface to launch a Linux virtual ( -t <tenancy_id> )
machine. You enter the following command (with correct values for all parameters):oci compute
instance launch --availability-domain <availability_domain_name> -t <tenancy> -c <compartment-id> --
shape "<shape_name>" --display_name "<instance_display_name>" --image-id <image_id --ssh-
authorized-keys-files "<path_to_authorized_key_file" --subnet-id <subnet> The command fails. Which is
NOT a valid parameter in this command?
- ( -image-id <image_id> )
- ( -subnet-id <subnet_id> )
- ( -c <compartment_id> )
- ( -t <tenancy_id> )
- ( -shape "<shape_name>" )
58. You are using the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI) to upload a file to an ( -c compartment_id )
object storage bucket. You enter the following command (with correct values for all parameters): oci os
object put -c compartment_id -ns mynamespace -bn mybucket —name myfile.txt —file
/Users/abc/myfile.txt The command fails. Which of the following is NOT a valid parameter in this
command?
- ( -c compartment_id )
- ( --name myfile.txt )
- ( --file /Users/me/myfile.txt )
- ( -ns mynamespace )
59. You are working as a Cloud Operations Administrator for your company. They have different Oracle Use OCI CLI profiles
Cloud Infrastructure (OCI) tenancies for development and production workloads. Each tenancy has to create multiple set
resources in two regions - uk-london-1 and eu-frankfurt-1. You are asked to manage all resources and of credentials in your
to automate all the tasks using OCI Command Line Interface (CLI). Which is the MOST efficient method config file, and
to manage multiple environments using OCI CLI? reference the
- Create environment variables for the sets of credentials that align to each combination of tenancy, appropriate profile at
region, and environment. runtime.
- Run OCI setup config to create new credentials for each environment every time you want to access
the environment.
- Use different bash terminals for each environment.
- Use OCI CLI profiles to create multiple set of credentials in your config file, and reference the
appropriate profile at runtime.
60. You as an administrator want to provide IAM group FinanceAuditors to analyze the spending in the Allow group
Oracle Cloud Infrastructure tenancy. Which of the below policy statement will you define? FinanceAuditors to
- Allow group FinanceAuditors to read spend-reports in tenancy read usage-reports in
- Allow group FinanceAuditors to read usage-reports in tenancy tenancy
- Allow group FinanceAuditors to read usage-reports in tenancy
- Allow group FinanceAuditors to read usage-cost in tenancy
61. You have a group of developers who launch multiple VM.Standard2.2 compute Instances every day set compute quota vm-
into the compartment Dcv. As a result your OCI tenancy quickly hit the service limit for this shape. standard2-2-count to
Other groups can no longer create new instances using VM.Standard2.2 shape. of this, your company 20 in compartment dev
has Issued a new mandate that the Dev compartment must include a quota to allow for use of only 20
VM.Standar shapes per Availability Domain. Your solution should not affect any other compartment In
the tenancy. Which QUOTA STATEMENT should be used to implement this new requirement?
- set compute quota vm-standard2-2-count to 20 in compartment dev where request.region = us-
phoenix-1
- zero compute quotas in tenancy set compute quota vm-standard2-2-count to 20 in tenancy dev
- zero compute quotas in tenancy set compute quota vm-standard2-2-count to 20 in compartment dev
- set compute quota vm-standard2-2-count to 20 in compartment dev
62. You have a Linux compute Instance located in a public SUBNET in a VCN which hosts a web application. In the security list, add
The security list attached to SUBNET containing the compute Instance has the following stateful an ingress rule for port
INGRESS rule. 80 (http).
Which step will RESOLVE the issue?
- In the security list, add an ingress rule for port 80 (http).
- In the route table, add a rule for your default traffic to be routed to service gateway.
- In the security list, remove the ssh rule.
- In the route table, add a rule for your default traffic to be routed to NAT gateway.
63. You have been asked to investigate a potential security risk on your company's Oracle Cloud oci audit event list --
Infrastructure (OCI) tenancy. You decide to start by looking through the audit logs for suspicious start-time $start-time --
activity? end-time $end-time --
- oci audit event list --start-time $start-time --compartment-id $compartment-id compartment-id
- oci audit event list --start-time $start-time --end-time $end-time --compartment-id $compartment- $compartment-id
id
- oci audit event list --end-time $end-time --compartment-id $compartrnent-id
- oci audit event list --start-time $start-time --end-time $end-time --tenancy-id $tenancy-id
64. You have been asked to provision a new production environment on Oracle Cloud Infrastructure (OCI). Resource Manager
After working with the solution architect you docket that you are going to automate this process. manages the Terraform
Which OCI service can help automate the provisioning of this new environment? state file for your
- Resource Manager has administrative privileges by design. Even if your IAM user does not have infrastructure and locks
access, you can leverage Resource Manageprovisionnew resources to any compartment in the the file so that only
Tenancy. one Job at a time can
- You can use Resource Manager to apply patches to all existing Oracle Linux Instances in a specified run on a given stack.
compartment.
- Resource Manager manages the Terraform state file for your infrastructure and locks the file so that
only one Job at a time can run on a given stack.
- You can use Resource Manager to identify and maintain an Inventory of all Compute and Database
Instances across your tenancy.
65. You have been asked to update the llfecycle policy for object storage using the Oracle oci os object-lifecycle-policy put
Cloud Infrastructure (OCI) Command Line Interface (f command can successfully update the -ns <object_storage_namespace> -
policy ? bn <bucket_name> -items
- oci os object-lifecycle-policy get -ns cobject_storage_namespace> -bn <bucket_name> <json_formatted_lifecycle_policy>
- oci os object-lifecycle-policy put -ns <object_storage_namespace> -bn <bucket_name> -
items <json_formatted_lifecycle_policy>
- oci os object-lifecycle-policy delete -ns <object_storage_namespace> -bn oci os object-lift
<bucket_name>
- oci os object-lifecycle-policy put -ns <object_storage_namespace> -bn <bucket_name>
- oci os object-lifecycle-policy delete -ns <object_storage_namespace> -bn oci os object-
node <bucket_name>
66. You have been brought In to help secure an existing application that leverages Object Use Pre-Authenticated request,
Storage buckets to distribute content. The data is currently being shared from public buckets even though there will be
and the security team Is not satisfied with this approach. They have stated that all data must multiple URLs this will provide
be stored In storage buckets. Your application should be able to provide secure access to better security.
the data. The URL that is provided for access to the data must be rotated every 30 days.
Which design option will meet these requirements?
- Create a protected bucket only to write the data.
- Create a new group and map users to this group, create a IAM policy providing access to
Object Storage service only to this group. Users can then simply login to OCI console and
retrieve needed flies.
- Create a private bucket only to share the data.
- Use Pre-Authenticated request, even though there will be multiple URLs this will provide
better security.
- Create multiple bucket and classify them as Public and Private. Use public bucket for non-
sensitive data and private bucket for sensitive data.
67. You have been contracted by a local e-commerce company to assist with enhancing their Create a failover policy in the
online shopping application. The application is currently deployed In a single Oracle Cloud Traffic Management service. Set
Infrastructure (OCI) region. The application utilizes a public load balancer, application servers the IP address of the public load
in a private subnet and a database in a separate, private subnet. The company would like to balancer for the primary site in
deploy another set of similar Infrastructure In a different OCI region that will act as standby answer pool 1 Set the IP address
site. In the event of a failure at the primary site, all customers should be routed to the of the public load balancer for
failover site automatically. After deploying the additional infrastructure within the second the secondary site in answer pool
region, how should you configure automated failover requirements ? 2. Define a health check to
- Create a new A record in DNS that points to the public load balancer at the secondary monitor both sites.
site. Create a CNAME for the sub-domain failover that will resolve to the new A record.
Inform customers to prepend the website URL with failover If the primary site Is unavailable.
- Deploy a new load balancer in the primary region. Create one backend set for the primary
application servers and a second backend set for the standby application servers. Create a
listener for the primary backend set with a timeout of 3 minutes. Create a listener for the
secondary backend set with a timeout of 10 minutes.
- Create a failover policy in the Traffic Management service. Set the IP address of the public
load balancer for the primary site in answer pool 1 Set the IP address of the public load
balancer for the secondary site in answer pool 2. Define a health check to monitor both
sites.
- Create a load balancer policy in the Traffic Management service. Configure one answer for
each site. Set the answer for the primary site with a weight of 10 and the answer for the
secondary site with a weight of 100.
68. You have been tasked with allocating an identity to one of your compute Create IAM policies to permit instances in these
instances that needs to retrieve and process static files that are stored in an groups to make API calls against Oracle Cloud
Object Storage bucket. After creating a dynamic group with a matching rule Infrastructure services.
that specifies the OCID of the compute instance, you discover the that API
calls are failing. Which step should you take to resolve this issue?
- Once instance are in dynamic group no additional steps are required.
- Initial credentials must be initialized using OCI console for the Instance in
dynamic group. This can be a bulk operation.
- Create IAM policies to permit instances in these groups to make API calls
against Oracle Cloud Infrastructure services.
- Create IAM policies to permit users In these groups to make API calls against
Oracle Cloud Infrastructure services.
69. You have created a geolocation steering policy in the Traffic Management The traffic will be dropped.
service, with this configuration. Geolocation Steering Rules : The order of the
rules from top to bottom, is the order in which they will be evaluated. The first
matching rule will be executed and stop subsequent matching rules from being
executed. Once a rule is executed, the order of the pools in the rule, from top
to bottom, is the order in which pools will be evaluated. An answer in the first
available pool will be served and stop subsequent pool answers from being
served.
What happens to requests that originate in AFRICA?
·- The traffic will be forwarded randomly to any of the pools mentioned in the
rules.
- The traffic will be forwarded at the same time to both Pool 1 and Pool 2.
- The traffic will be forwarded to Pool 1. If Pool 1 is not available, then will be
forwarded to Pool 2.
- The traffic will be dropped.
70. You have created an Autonomous Data Warehouse (ADW) service in your Create Auth token, use it to create an object
company's Oracle Cloud Infrastructure (OCI) tenancy and you now have to storage credential by executing
load historical data into It. You have already extracted this historical data from DBMS_CLOUD.CREATE_CREDENTIAL. Using OCI
multiple data marts and data warehouses. This data is stored in CSV text files CLI upload the CSV files to an OCI object
and these file are ranging in size from 25 MB to 20 GB. Which step Is most storage bucket, create the tables in the ADW
efficient and error tolerant method for loading data into ADW ? database and then execute
- Create the tables in the ADW database and then execute SQL*Loader for DBMS_CLOUD.COPY_DATA for each CSV file to
each • CSV file to load the contents into the corresponding ADW database copy the contents into the corresponding ADW
table. database table.
- Create Auth token, use it to create an object storage credential by
executing DBMS_CLOUD.CREATE_CREDENTIAL. Using the web console upload
the CSV files to an OCI object storage bucket, create the tables in the ADW
database and then execute DBMS_CLOUD.COPY DATA for each CSV file to
copy the contents into the corresponding ADW database table.
executing DBMS_CLOUD.CREATE_CREDENTIAL. Using OCI CLI, upload the CSV
files to an OOCI object storage bucket, create the tables in the ADW
database and then execute Data Pump Import for each CSV file to copy the
contents into the corresponding ADW database table.
executing DBMS_CLOUD.CREATE_CREDENTIAL. Using OCI CLI upload the CSV
files to an OCI object storage bucket, create the tables in the ADW database
and then execute DBMS_CLOUD.COPY_DATA for each CSV file to copy the
contents into the corresponding ADW database table.
71. You have created several block volumes in the us-phoenix-1 region in a specific IopsRead[lm]
compartment. The compartment can be identified by the following Orade Cloud {compartmentId="ocid1.compartment.oci.phx..exampleuniquelD"}.grouping().max()
Infrastructure (OCI) unique identifier, OR
ocid1.compartment.oc1.phx.exampleuniquelD Your manager has asked you to
leverage the OCI monitoring service and write a metric query showing all read
IOPS at a one-minute interval, filtered to this compartment and aggregated for
the maximum. Which metric query will you create?
- IopsRead[lm] {compartmentId =
"ocidl.compartment.oci.phx..exampleuniquelD"}.grouping.mean()
- IopsRead[lm]
{compartmentId="ocid1.compartment.oci.phx..exampleuniquelD"}.max()
- IopsWrite[lm]
{compartmentId="ocid1.compartment.oci.phx..exampleuniquelD"}.mean()
- IopsRead[lm]
{compartmentId="ocid1.compartment.oci.phx..exampleuniquelD"}.grouping().max()
72. You have created the following JSON file to implement a lifecycle policy for Objects containing name prefix 'documents' will automatically be moved from
one of your Oracle Cloud Infrastructure Object Storage buckets.oci os object- Standard Object Storage to Archive storage after 30 days and then deleted after
lifecycle-policy put -ns MyNamespace -bn MyBucket --items' 180 days from the date of creation.
- Objects containing name prefix 'documents' will automatically be moved from
Standard Object Storage to Archive storage after 30 days from the date of
creation, but because of policy error have to be manually deleted after 180
days.
Standard Object Storage to Archive storage after 30 days and then deleted
after 180 days from the date of creation.
Standard Object Storage to Archive storage after 30 days from the date of
creation
Standard 0 Object Storage to Archive storage after 30 days from the date of
creation. Other objects will be deleted after 180 days
73. You have created the following JSON file to specify a lifecycle policy for one of Objects containing the name prefix LOGS will be automatically migrated from
your object storage buckets: standard Storage to Archive storage 30 days after the creation date. The objects
How will this policy affect the objects that are stored in the bucket? will be deleted 120 days after creation.
- Objects containing the name prefix LOGS will be automatically migrated from
standard Storage to Archive storage 30 days after the creation date. The
objects will be deleted 120 days after creation.
- The objects with prefix "LOGS" will be deleted 30 days after creation date.
- Objects containing the name prefix LOGS will automatically be migrated from
standard Storage to Archive storage 30 days then. The objects will be migrated
back to standard Storage 120 days after creation
- Objects with the prefix "LOGS" will be retained for 120 days and then deleted
permanently.
74. You have deployed a three-tier web application inside an Oracle Cloud Infrastructure (OCI) VCN with a You do not have
CIDR block of 10.0.0.0/28. You Initially deploy three web servers (VM.Standard2.2), two application enough private IP
servers (VM.Standard2.4), and two servers (VM.Standard2.8) running Oracle database. The web, addresses left to launch
application and database servers are deployed across two availability domains in the us-ashburn-1 all of the new compute
region. You also deployed a Public Load Balancer In front of the two web servers. The web traffic instances
gradually Increases in the first few days following the deployment, so you attempt to double the
number of instances in each tier of the application to handle the new load. Unfortunately, some of
these new Instances fail to launch. Your tenancy comes with the following set of predefined services
limits for the availability domain and compartment where the application is deployed.
What is a possible reason for this deployment to fail ?
- You do not have sufficient public IP addresses required by the web, application and database servers.
- You do not have sufficient quotas for number of VM.Standard2.2, VM.Standard2.4 and
VM.Standard2.8 shapes in the Production compartment in the us-ashburn-1 region.
- You do not have enough private IP addresses left to launch all of the new compute instances
- You do not have sufficient quotas for number of VM.Standard2.2, VM.Standard2.4 and
VM.Standard2.8 shapes in each availability domain in the us-ashburn-1 region
75. You have received an email from your manager to provision new resources on Oracle Cloud oci resource-manager
Infrastructure (OCI). When researching OCI y detect that you should use OCI Resource Manager. Since stack create --
this is a task that will be done multiple times for development, test, and production need to create a compartment-id
command that can be re-used. Which CLI command can be used In this situation ? <compartment_OCID> -
- oci resource-manager stack update --compartment-id <compartment_OCID> --config-source -config-source prod.zip
prod.zip --variables file://variables.json --display-name "Production Stack build" --description --variables
"Creating new Production environment" file://variables.json --
- oci resource-manager stack update --tenancy-id <tenancy_OCID> --config-source prod.zip -- display-name
variables file://variables.json --display-name "Production Stack build" --description "Creating new "Production Stack build"
Production environment" --description "Creating
- oci resource-manager stack create --compartment-id <compartment_OCID> --config-source prod.zip new Production
--variables file://variables.json --display-name "Production Stack build" --description "Creating new environment"
Production environment"
- oci resource-manager stack create --tenancy-id <tenancy_OCID> --config-source prod.zip --
variables file://variables.json --display-name "Production Stack build" --description "Creating new
Production environment"
76. You have recently been asked to take over management of your company's infrastructure provisioning Modify line 15 to be the
efforts, utilizing Terraform v0.12 to provision and manage infrastructure resources in Oracle Cloud following: tcp_options
Infrastructure (OCI). For the past few days the development environments have been failing to {min = "22" max = "22"}
Provision. Teraform returns the following error : ERROR: Missing item separator on xyz.tf line 15, in
resource 'oci_core_security_list" 'ManagementSecurityList': 15: tcp_options = (min = '22', max = '22')
Expected a comma to mark the beginning of the next item. You locate the related code block in the
Terraform config and find the following : (11) ingress_security_rules {(12) protocol = 6 (13) source ==
"0.0.0.0/0" (14) (15) tcp_options = {min = '22', max = '22'}(16) } Which CORRECTION should you make to
solve this issue ?
- Modify line 15 to be the following: tcp_options {min = "22" max = "22"}
- Modify line 15 to be the following: tcp_options = {min = "22", max = "22}
- Place a command at the end of line 16
- Replace the curly braces '{ }' in lines 11 and 16 with square braces '[ ]'
77. You have recently joined a startup company and quickly find that nobody is tracking Create a budget for each compartment
the amount of money spent on Oracle Cloud Infrastructure (OCI). Seeing an that will send a notification when
opportunity to help save money you begin creating a solution to better track the cost monthly spend reaches a pre-defined
of resources provisioned by each individual on the team. Which option allows you to amount.
identify excessive spend across all resources in your tenancy?
- Create a budget for each compartment that will send a notification when monthly
spend reaches a pre-defined amount.
- Use the Python SDK to write a custom application that will monitor the Audit Log.
Look for CREATE events and configure the application to send you an email each time
a new resource is created.
- Create a tag namespace named BILLING with a Tag Key named Costcenter. Tag each
of your resources with this Tag Key and the correct value.
- Use the Events Service and create rules that will act when a new Object Storage
bucket or Compute Instance has been created. Have the rule email you each time one
of these events occurs.
78. You have set an alarm to be generated when the CPU usage of a specified instance is Change the alarm's trigger delay
greater than 10%. In the alarm behavior view below you note that the critical condition minutes value to 1.
happened around 23:30. You were expecting a notification after 1 minute, however, the
alarm firing state did not begin until 23:33.
What should you change to FIX it?
- Change the alarm's metric interval to 1.
- Change the alarm's trigger delay minutes value to 1.
- Change the notification topic that you previously associated with the alarm
- Change the alarm condition to be greater than 3%.
79. You have set up a threshold alarm for CPU Utilization metric for a value greater than 80 Suppress the alarm notifications
percent. You get a notification email about this alarm. Which of the following action will temporarily.
help you respond to this notification?
- Change the at-risk threshold for the CPU utilization metric to a lower number.
- Suppress the alarm notifications temporarily.
- Modify the alarm to route notifications to Oracle Cloud Infrastructure Streaming
Service (OSS) for later investigation.
- Modify the alarm to route notifications to an Oracle Cloud Infrastructure Object
Storage bucket for later investigation.
80. You have shared your Oracle Cloud Infrastructure (OCI) tenancy with a group of Create a group called IdPAdmins.
developers in your organization by creating a compartment called "a-developer". You Assign the following IAM policy
are an administrator in the tenancy with privileges to modify IAM policies. The statement: Allow group IdPAdmins to
Developers need privileges to configure Federation to Wt Single Sign-On (SSO). manage identity-providers in tenancy
Would you give them permissions to complete their task In the most secure manner ? Allow group IdPAdmins to manage
- Create a group called IdPAdmins. Assign the following IAM policy statement: Allow groups in tenancy
group IdPAdmins to manage identity-providers in tenancy Allow group IdPAdmins to
manage groups in tenancy
- Create a group called IdPAdmins. Assign the following IAM policy statement: Allow
group IdPAdmins to manage identity-providers in compartment Allow group
IdPAdmins to manage groups in compartment
- Create a group called Developers. Set up the following IAM policy: Allow group
Developers to manage identity-providers in compartment a-developer Allow group
Developers to manage groups in compartment
- Create a new policy with the following statements: Allow any-user to manage
identity-providers in tenancy a-developer Allow any-user to manage groups in
tenancy
81. You have the following compartment structure within your company's Oracle Allow group SystemAdmins to manage virtual-
Cloud Infrastructure ( OCI ) tenancy : network-family in compartment
You want to create a POLICY in the root compartment to allow SystemAdmins CompartmentA:CompartmentB:CompartmentC
to manage VCNs only in CompartmentC. Which policy is correct?
- Allow group SystemAdmins to manage virtual-network-family in compartment
CompartmentC
CompartmentA:CompartmentB:CompartmentC
CompartmentB:CompartmentC
Node
Root
82. You launched a Linux compute Instance to host the new version of your - Create a network security group, add a
company website via Apache Httpd server on HTTPS (port 443) The Instance is stateful rule to allow INGRESS access on port
created in a public subnet along with other Instances. The default security list 443 and associate it to the instance that host
associated to the subnet is: You want to allow access to the company website the company website
from the public Internet without exposing websites eventually hosted on the - Access the Linux instance via SSH and
other instances in the public subnet. configure Iptables to allow HTTPS access on
Which TWO actions should you do? port 443.
- Create a new security list with a stateful rule to allow INGRESS access on port
443 and associate it to the public subnet
- Create a network security group, add a stateful rule to allow INGRESS access
on port 443 and associate it to the instance that host the company website
- In default security list, add a stateful rule to allow INGRESS access on port
443.
- Access the Linux instance via SSH and configure Iptables to allow HTTPS
access on port 443.
- Create a network security group, add a stateful rule to allow INGRESS access
on port 443 and associate it to the public subnet that host the company website
83. You need to set up daily Incremental backups of your database In Oracle Cloud Enable automatic backups and choose the
Infrastructure (OCI) Database Service. The backups need to be retained for at preset retention period of 60 days.
least 50 days. Which of the following method allows you do accomplish this Is
an efficient and cost effective manner ?
- Enable automatic backups and choose the preset retention period of 60 days.
- Set up a cron job with OCI Database Service CreateBackuP API call to take
periodic full-backups to OCI Object Store. Delete backups older than 50 days.
- Enable automatic backups and set the retention period to 50 days.
- Use Recovery Manager (RMAN) to take backups to an OCI Object Store
bucket. Delete backups older than 50 days.
84. You provisioned an Oracle Linux compute Instance through the Oracle Cloud Infrastructure (OCI) You need to
management console then immediately realize you add an SSH key file. You notice that OCI compute REBOOT the
service provides instance console connections that supports adding SSH keys for a running Instance. instance from the
Hence, you created the console connection for your Linux server and activated it using the connection console, boot into
string provided. However, now you get' prompted for a username and password to login. What option the bash shell in
should you recommend to add the SSH key to your running Instance, while MINIMIZING the administrative maintenance mode
overhead ? and add SSH keys
- You need to TERMINATE the running instance and recreate it by providing the SSH key file. for the ope user.
- You need to REBOOT the instance from the console, boot into the bash shell in maintenance mode and
add SSH keys for the ope user.
- You need to CONFIGURE the boot loader to use ttySO as a console terminal on the VM.
- You need to MODIFY the serial console connection String to include the identity file flag, -I to specify
the SSH key to use.
85. Your application is using Object Storage bucket named app-data In the namespace vision, to store both oci os object bulk-
persistent and temporary data. Every week all the temporary data should be deleted to limit the storage delete -ns vision -
consumption. Currently you need to navigate to the Object Storage page using the web console, select bn app-data --
the appropriate bucket to view all the objects and delete the temporary ones. To simplify the task you prefix /temp --
have configured the application to save all the temporary data with /temp prefix. You have also decided to force
use the Command Line Interface (CLI) to perform this operation. What is the command you should use to
speed up the data cleanup?
- oci os objectstorage bulk-delete -ns vision -bn app-data --prefix /temp --force
- oci os object bulk-delete -ns vision -bn app-data --prefix /temp --force
- oci os object delete -ns vision -bn app-data --prefix /temp
- oci os object delete app-data in version where prefix = /temp
86. Your company has restructured its HR departments. As part of this change, you also need to re-organize - Group G2 can
compartments within Oracle Cloud Infrastructure (OCI) to align them to the company's new organizational now manage
structure.The following change is required: Compartment Team_x needs to be moved under a new parent instance-families in
compartment, Project_B. The tenancy has the following policies defined for compartments Project_A and compartment
Project_B: Policy1 Allow group G1 to manage instance-family in compartment HR : Project_A Policy2 Allow Project_B and
group G2 to manage instance-family in compartment HR : Project_B Which TWO statements describe the compartment
impacts after the compartment Team_x is moved? Team_x
- Group G1 can now manage instance-families in compartment project_A,compartment project_B and - Group G1 can
compartment Team_x now manage
- Group G2 can now manage instance-families in compartment Project_B and compartment Team_x instance-families in
- Group G2 can now manage instance-families in compartment Project_B compartment Project_A and compartment
compartment Team_x Project_A but not
- Group G2 can now manage instance-families in compartment Project_A but not in compartment Team_x in compartment
- Group G1 can now manage instance-families in compartment Project_A but not in compartment Team_x Team_x
87. Your company recently adopted a hybrid cloud architecture which requires them to migrate terraform apply -auto-approve
some of their on-premises web applications to Oracle Cloud Infrastructure OCI). You created
a Terraform template which automatically provisions OCI resources such as compute
instances, load balancer, and a database instance. After running the stack using the terraform
apply command, it successfully launched the compute Instances and the load balancer, but it
failed to create a new database Instance with the following error: Service error:
NotAuthorizedOrNotFound.shape VM.Standard2.4 NOT found, HTTP status code: 404 You
discovered that the resource quotas assigned to your compartment prevent you from using
VM.Standard2.4 instance shapes available in your tenancy. You edit the Terraform script and
replace the shape with VM.Standard2.2. Which option would you recommend to re-run the
terraform command to have required OCI resources provisioned with the least effort?
- terraform apply -target=oci_database_db_system.db_system
- terraform refresh -target=oci_database_db_system.db_system
- terraform apply -auto-approve
- terraform plan -target=oci_database_db_system.db_system
88. Your company will undergo a security audit in one week. Your manager has asked you to oci os object get -ns my-
download and review recent logs from an Object Storage bucket. The current log archive file namespace -bn my-bucket --
is approximately 19 GB In size. Which command would you run to download the archive file as name my-large-object --
quickly as possible ? multipart-download-threshold
- oci os object put -ns my-namespace -bn my-bucket --name my-large-object --multipart- 2000 --part-size 128
download-threshold 20000 --part-size 128
- oci os object get -ns my-namespace -bn my-bucket --name my-large-object --multipart-
89. Your deployment platform within Oracle Cloud Infrastructure (OCI) leverages a compute VOLUME_DELETE,
instance with multiple block volumes attached. There are multiple teams that use the same VOLUME_ATTACHMENT_DELETE,
compute instance and have access to these block volumes. You want to ensure that no one VOLUME_BACKUP_DELETE
accidentally deletes of these block volumes. You have started to construct the following IAM
policy but need to determine which permissions should be used? allow group
DeploymentUsers to manage volume-family where ANY { request.permission != <???>,
request.permission != <???>, request.permission != <???> }
- VOLUME_ERASE, VOLUME_ATTACHMENT_ERASE, VOLUME_BACKUP_ERASE
- DELETE_VOLUME, DELETE_VOLUME_ATTACHMENT, DELETE_VOLUME_BACKUP
- ERASE_VOLUME, ERASE_VOLUME_ATTACHMENT, ERASE_VOLUME_BACKUP
- VOLUME_DELETE, VOLUME_ATTACHMENT_DELETE, VOLUME_BACKUP_DELETE
90. You saw created a group for several auditors. You assign the following policies to the group: Auditors are able to view ALL
Allow group Auditors to inspect all-resources in tenancy Allow group Auditors to read RESOURCES in the
instances in tenancy Allow group Auditors to read audit-events in tenancy What actions are compartment.
the auditors allowed to perform within your tenancy?
- The Auditors can VIEW resources in the tenancy.
- Auditors are able to view ALL RESOURCES in the compartment.
- The Auditors are able to DELETE resources in the tenancy.
- The Auditors are able to CREATE new instances in the tenancy.
91. You set up a bastion host in your VCN to only allow your IP address (140.19.2.140) to establish SSH connections All compute
to your Compute instances that are deployed private subnet. The Compute instances have an attached Network instances
Security Group with a Source Type: Network security Group (NSG) , Source NSG-050504. To secure the bastion associated
host, you added the following ingress rules to its Network Security Group: Type: All TCP Protocol: TCP Port with NSG-
Range: 22 Source: 140.19.2.140/32 Type: All TCP Protocol: TCP Port Range: 22 Source: NSG-050504 However, 050504 are
after checking the bastion host logs, you discovered that there are IP addresses other than your own that can also able to
access your bastion host. What is the ROOT cause of this issue ? connect to
- The Port List allows access to all IP address which overrides the Tenancy Group egress rules the bastion
- All compute instances associated with NSG-050504 are also able to connect to the bastion host host
- The Security List allows access to all IP address which overrides the Network Security Group ingress rules
- A netmask of /32 allows all IP address in the 140.19.2.0 network, other than your IP 110.192.140
- The port 22 provides unrestneted access to 140.19.2.140 and to other IP address
92. You want to create an Oracle Cloud Infrastructure (OCI) Compute Instance with multiple vnics at the time of By using
instance launch. Which one of the below options accomplishes such a task ? instance
- By using OCI CLI configurations
- By using OCI Console or Terraform.
- By executing remote script on the compute instance.
- By using instance configurations or Terraform.

OCI Operations

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

OCI Operations

Uploaded by

Copyright:

Available Formats

Operations

Study online at quizlet.com/_992a8y

- oci os object copy --namespace-name <object_storage_namespace> --

- oci os object copy --bucket-name <source_bucket_name> --source-object-

- oci os object copy --source-compartment-id <source_compartment_id> --

You might also like