Professional Documents
Culture Documents
OCI Operations
OCI Operations
1. All the developers in a DevOps team are using the same compartment Allow group group-dev group-ops to manage all
called 'devops'. There are two IAM groups: 'group-devs' and 'group-ops'. resources in compartment devops
Which of the following IAM policy will give users in both these groups
access to manage all resources in the compartment?
- Allow group /group*/ to manage all resources in compartment devops
- Allow any-user to manage all resources in compartment devops where
any {request.group=group-dev,group-ops}
- Allow group group-dev group-ops to manage all resources in
compartment devops
- Allow any-user to manage all resources in compartment devops where
request.group= /group*/
2. As an administrator of your Oracle Cloud Infrastructure (OCI) tenancy, you Launch a compute instance in your OCI tenancy.
are configuring your tenancy so that Oracle SDKs and OCI CLI can be Install and configure required development
integrated with your OCI environments. Which of the following is NOT a environments and CLI
required action to accomplish this integration?
- Add the required credentials in either a configuration file for the SDKs
and CLI or a config object in the code.
- Create a user in IAM for the person or system who will be calling the
API, and put that user in at least one IAM group with any desired
permissions
- Launch a compute instance in your OCI tenancy. Install and configure
required development environments and CLI
- Generate an API signing key in PEM format. Upload the public key from
the key pair in the OCI Console.
3. As a solution architect of the Oracle Cloud Infrastructure tenancy, you Allow group CloudOps to read metrics in tenancy
have been asked to provide members of group CloudOps the ability to where target.metrics.namespace=oci_computeagent
view and retrieve monitoring metrics, but only for all monitoring-enabled
compute instances. Which policy statement will you define to grant this
access ?
- Restricting monitoring access only to compute instances metrics is not
possible.
- Allow group CloudOps to read compute-metrics in tenancy
- Allow group CloudOps to read metrics in tenancy where
target.metrics.monitoring='oci_computeagent'
- Allow group CloudOps to read metrics in tenancy where
target.metrics.namespace=oci_computeagent
4. As a solution architect to Oracle Cloud Infrastructure tenancy, you have Allow group DevOps to read buckets in compartment
been asked to provide your organization developers within the group nightly-builds Allow group DevOps to manage
DevOps access to regularly write and list log files to any bucket within objects in compartment nightly-builds where any
the compartment nightly-builds. Which of the below statements will {request.permission='0BJECT_CREATE',
define your IAM policy? request.permission='OBJECT_INSPECT'}
- Allow group DevOps to read buckets in compartment nightly-builds
Allow group DevOps to manage objects in compartment nightly-builds
- Allow group DevOps to read buckets in compartment nightly-builds
Allow group DevOps to manage objects in compartment nightly-builds
where any {request.permission='0BJECT_CREATE',
request.permission='OBJECT_INSPECT'}
- Allow group DevOps to inspect buckets in compartment nightly-builds
Allow group DevOps to manage objects in compartment nightly-builds
where any {request.permission='OBJECT_INSPECT'}
- Allow group DevOps to inspect buckets in compartment nightly-builds
Allow group DevOps to manage objects in compartment nightly-builds
where any {request.permission='0BJECT_CREATE'}
5. As the operations administrator for your company's Oracle Cloud Native Oracle Net Services encryption and
Infrastructure (OCI), you have been entrusted the task of ensuring that data integrity capabilities
being accessed by the application is encrypted. Your application portfolio
Includes both Virtual Machine (VM) and Bare Metal (BM) database systems.
Which method should you use to ACHIEVE ENCRYPTION of data in-transit ?
- Data is encrypted at rest using TDE and no additional encryption is needed
- Key Store/Wallet service for on the fly encryption of data in transit
- Native Oracle Net Services encryption and integrity capabilities
- Configure backup encryption for RMAN backup sets before transferring data
6. The boot volume on your Oracle Linux instance has run out of space. Your Create a RAID 0 configuration to extend the boot
application has crashed due to a lack of swap space, forcing you to Increase volume file system onto another block volume.
the size of the boot volume. Which step should NOT be Included In the
process used to solve the issue ?
- Create a RAID 0 configuration to extend the boot volume file system onto
another block volume.
- Reattach the boot volume and restart the instance.
- Attach the resized boot volume to a second instance as a data volume;
Extend the partition and grow the file system on the resized boot volume.
- Resize the boot volume by specifying a larger value than the boot volume's
current size.
- Stop the instance and detach the boot volume.
7. Choose TWO options that show the correct scope for setting up Oracle Cloud - Cost-tracking tag
Infrastructure (OCI) budgets? - Compartment
- User-defined tag
- Tenancy
- Namespace
- Cost-tracking tag
- Compartment
8. An eCommerce company is running on Oracle Cloud Infrastructure (OCI) and When an instance pool scales in, instances are
many compute instances remain unused for the most part of the year except terminated in this order: the number of instances
during Black Friday and Christmas. You suggest them to use OCI's Autoscaling is balanced across Availability Domains, and
feature and present them a slide to showcase the features of Autoscaling. then balanced across Fault Domains. Finally,
Which option below is INACCURATE in your presentation to the customer ? within a Fault Domain, the newest instance is
- Autoscaling requires an instance pool as a pre-requisite so that it can terminated first.
automatically adjust the number of compute instances in an instance pool.
- When an instance pool scales in, instances are terminated in this order: the
number of instances is balanced across Availability Domains, and then
balanced across Fault Domains. Finally, within a Fault Domain, the newest
instance is terminated first.
- A cooldown period between Autoscaling events lets the system stabilize at
the updated level.
- Autoscaling relies on performance metrics such as CPU utilization that are
collected by OCI Monitonng service to trigger an Autoscaling event.
9. The following command was successfully executed from Oracle Cloud It archives all objects after 30 days.
Infrastructure (OCI) CLI for the lifecycle management of objects in an OCI
object storage bucket. oci os object-lifecycle-policy put -ns MyNamespace -
bn MyBucket —items
- It archives objects named "null" after 30 days and deletes them after 180
days.
- It archives all objects after 30 days.
- It archives objects named "null" after 30 days.
- It archives all objects after 30 days and deletes them after 180 days.
10. How can you provide USER ACCESS to an existing compartment in Oracle Cloud Infrastructure? by adding users to a group
- by granting users access to the compartment when the compartment is created and defining policy to
- by adding users to a compartment; all users in the compartment will have access to the provide the group access to
resources in the compartment the compartment
- by adding users to a group and defining policy to provide the group access to the compartment
- by granting access directly to the user when the user is created
11. In order to better manage resource utilization in your environment, you have decided to create - Create a new topic in the
alerts that notify your team each time a new compute instance is created. Which TWO resources Notifications Service.
would you need to create in order to accomplish this task? Subscribe your email
- Create a new metrics query in the Monitoring Service with the metric namespace address to the topic.
soci_computeagent and the dimension name 'resourceld'. - Create a rule in the Event
- Create a new subscription in the Notification Service to subscribe to all Event Service rules. Service that is activated by
- Create a new topic in the Notifications Service. Subscribe your email address to the topic. the Instance - Launch End
- Create a rule in the Event Service that is activated by the Instance - Launch End event type. event type.
- Create a new instance pool and assign an Autoscaling policy to create additional instances
when aggregate CPU utilization exceeds 80%.
12. In order to manage Alarms In Oracle Cloud Infrastructure (OCI), which THREE actions can be - View all the firing alarms.
performed through the OCI Console? - View alarm history for the
- Update the MQL expression of an alarm. last 3 months.
- Add multiple suppressions for an alarm. - Move an alarm to a
- View all the firing alarms. different compartment.
- View alarm history for the last 3 months.
- Manually fire an alarm
- Move an alarm to a different compartment.
13. An Insurance company has contracted you to help automate their application business continuity Create a Health Check that
plan. They have the application running in eu-frankfurt-1 as the primary site and uk-london-1 as a evaluates both regional
disaster recovery site. Normally they have a DNS A record associated with the IP address of the endpoints. Create a Traffic
primary endpoint in eu-frankfurt-1. In the event of a disaster, they use OCI DNS Zone Management Steering policy
Management to update the A record and replace it with the IP address of the endpoint in uk- with Failover type and
london-1. How can you AUTOMATE the failover process ? associate it with the Health
- Provision a Load Balancer in Frankfurt and associate it with the A record in DNS. Create a Check.
backend set with backend servers from both eu-frankfurt-1 and uk-london-1 regions
- Create a Traffic Management Steering policy with Load Balancer type and add both eu-
frankfurt-1 and uk-london-1 endpoints. Attach the Traffic Management Steering policy to the A
record
- Create a Health Check that evaluates both regional endpoints. Create a Traffic Management
Steering policy with Failover type and associate it with the Health Check.
- Create a Traffic Management Steering policy and attach it to a backend set with the backend
servers from both eu-frankfurt-1 and uk-london-1 regions.
14. In the Oracle Cloud Infrastructure Console, a failed database backup for VM DB System is Using the OCI logging
displaying a "Backup in Progress" status. Which of the following troubleshooting steps DOES NOT feature to collect the logs
provides enough details to solve this issue ? and search the logs history
- Using the database CLI and log files to gather more data and look for root causes for the exact error
- Looking for Database service agent issues and try restarting the dcsagent program
- Using the OCI logging feature to collect the logs and search the logs history for the exact error
- Testing if the host can connect to the applicable Swift endpoint by using a Swift user to make
sure Object Storage connectivity is working
15. Multiple teams are sharing a tenancy in Oracle Cloud Infrastructure (OCI). You are asked to Create an Identity and Access
figure out an appropriate method to manage OCI cost not a valid technique to accurately Management (IAM) group for
attribute costs to resources used by each team ? each team. Create an OCI
- Create a Cost-Tracking tag. Apply this tag to all resources with team information. Use the OCI budget for each group to
cost analysis tools to filter costs by tags. track spending.
- Create separate compartment for each team. Use the OCI cost analysis tools to filter costs by
compartments.
- Define and use tags for resources used by each team. Analyze usage data from the OCI Usage
Report which has detailed information about resources and tags.
- Create an Identity and Access Management (IAM) group for each team. Create an OCI budget
for each group to track spending.
16. One of the compute Instances that you have deployed is malfunctioning. You have created a - If you do not disconnect
console connection to remotely troubleshoot. Which TWO statements about console from the session, your serial
connections are TRUE? console connection will
- For security purpose, the console connection will not let you edit system configuration files. automatically be terminated
- If you do not disconnect from the session, your serial console connection will automatically be after 24 hours.
terminated after 24 hours. - VNC console connection
- VNC console connection uses SSH port forwarding to create a secure connection from your uses SSH port forwarding to
local system to the VNC server attached to your instance's console. create a secure connection
- It is not possible to connect to the serial console to an instance running Microsoft Windows, from your local system to the
however VNC console connection can be used. VNC server attached to your
- It is not possible to use VNC console connections to connect to Bare Metal Instances. instance's console.
17. One of your development teams has asked for your help to standardize the creation of several oci compute instance launch
computes instances that must be provisioned each day of the week. You initially write several —generate-full-command-
Command Line Interface (CLI) commands with all appropriate configuration parameters to json-input
achieve this task later determining this method lacks flexibility. Which command generates a
JSON-based template that Oracle Cloud Infrastructure (OCI) CLI can use to provision these
Instances on a regular basis ?
- oci compute instance create --generate-cll-skeleton
- oci compute provision-instance — generate-full-command-json-Input
- oci compute instance launch --generate-cll-skeleton
- oci compute instance launch —generate-full-command-json-input
18. An organization wants to extend their existing on-premises data centers to the Oracle Cloud Add another Customer-
Infrastructure (OCI) us-phoenix-1 region. In order to achieve It, they have created an IPSec VPN Premises Equipment (CPE)
connection between their Customer-Premises Equipment(CPE) and Dynamic Routing and create second IPSec VPN
Gateway(DRG). How can you make this connection highly available ( HA )? connection with the same
- Create a NAT Gateway and route all traffic through a NAT Gateway, which is highly available Dynamic Routing Gateway
component. (DRG)
- Add another Dynamic Routing Gateway in a different Availability Domain, and create another
IPSec VPN connection with another Customer Premises Equipment (CPE)
- Add another Dynamic Routing Gateway in a different Availability Domain, and create another
IPSec VPN connection with another Customer Premises Equipment (CPE)
- Add another Customer-Premises Equipment (CPE) and create second IPSec VPN connection
with the same Dynamic Routing Gateway (DRG)
19. Question 27: Skipped Allow group
You are tasked with creating a group called volumeBackcupAdmins to manage only block volume VolumeBackupAdmins to
backups. Which of the following set of policy/policies would you need to write to meet this use volumes in tenancy
requirement? Allow group
- Allow group VolumeBackupAdmins to use volumes in tenancy Allow group VolumeBackupAdmins VolumeBackupAdmins to
to manage volume-backups in tenancy manage volume-
- Allow group VolumeBackupAdmins to use volumes in tenancy Allow group VolumeBackupAdmins backups in tenancy
to manage volume-backups in tenancy Allow group VolumeBackupAdmins to use volume-
attachments in tenancy Allow group VolumeBackupAdmins to use instances in tenancy
- Allow group VolumeBackupAdmins to use volumes in tenancy Allow group VolumeBackupAdmins
to manage volume-backups in tenancy Allow group VolumeBackupAdmins to use volume-
attachments in tenanc
- Allow group VolumeBackupAdmins to manage volume-backups in tenancy
20. Recently your e-commerce web application has been receiving significantly more traffic than usual. Verify that the compute
Users are reporting they often encounter a 903. when trying to access your site. Sometimes the site resource quota has not
is very slow. You check your instance pool configuration to confirm that the maximum number of been exceeded.
instances Is configured to allow 20 compute instances. Currently 14 compute instances have been
provisioned by the Instance pool. You also confirm that current CPU utilization across all hosts
exceeds the scale- threshold you set in your auto-scaling policy. However, the Instance pool is not
provisioning any new instances. What can you check to determine why the application is NOT
functioning properly ?
- Verify that the Quality Assurance team is not currently performing load-testing against production.
- Verify that the database is accessible.
- Verify that the new offer feature code did not introduce any performance bugs
- Verify that the compute resource quota has not been exceeded.
21. Several development teams in your company have each been provided with a budget and a Associate a Budget Tag
dedicated compartment to be used for testing purpose u are asked to help them to control the costs to each compartment
and avoid any overspending. What should you do? with the monthly n
- Associate a Budget Tag to each compartment with the monthly n budget amount and set an alert budget amount and set
rule to notify the developers' teams when they reached a specific percentage of the budget an alert rule to notify the
- Configure a Quota for each compartment to prevent provisioning of any bare metal instances developers' teams when
- Contact Oracle support and ask them to associate the monthly budget with the Service Limits in they reached a specific
every region for which your tenancy is subscribed. The tenancy administrator will receive an alert percentage of the
email from Oracle when the limit is reached budget
- Associate a Budget Tag to each resource with monthly budget amount and use that Information to
prepare a weekly report to send to each team
22. A subscriber of on Oracle Cloud Infrastructure (OCI) Notifications service If OCI Notifications service does not receive an
topic complained about not receiving messages from the service. Which of acknowledgement from a subscription endpoint,
the following options can help you debug this issue? the service tries to redeliver messages for up to
- If OCI Notifications service does not receive an acknowledgement from a two hours. Configure an alarm on the Number of
subscription endpoint, the service tries to redeliver messages for up to one Notification Failed metric through the OCI
day. Make sure that the subscriber is online at least once a day to help Monitoring service to help debug the issue.
debug the issue.
- If OCI Notifications service does not receive an acknowledgement from a
subscription endpoint, check the NumberofNotificationFailed metric through
the OCI Monitoring service for failed messages. Copy these messages to an
OCI Object Storage bucket. Make sure the subscriber has the required
credentials to access this bucket to help debug the issue.
- If OCI Notifications service does not receive an acknowledgement from a
subscription endpoint, the service drops the message. Confirm that the
subscriber is always online to receive messages to help debug the issue.
- If OCI Notifications service does not receive an acknowledgement from a
subscription endpoint, the service tries to redeliver messages for up to two
hours. Configure an alarm on the Number of Notification Failed metric
through the OCI Monitoring service to help debug the issue.
23. A team Implemented a SaaS application that requires a whole system Download the dynamic inventory script provided
deployment for each new customer. The Infrastructure provisioning is by Oracle Cloud Infrastructure and include it in the
already automated via Terraform, and now you have been asked to develop playbook Invocation command.
an Ansible playbook to centralize configuration file management and
deployment. What Is the most effective way to ensure your playbooks are
utilizing up-to-date and accurate Inventory?
- Export an inventory list from the Oracle Cloud Infrastructure Web
console.
- Implement a Command Line Interface script to list all the resources and
run it within Ansible to generate a dynamic inventory list.
- Export an inventory list using Terraform apply command.
- Download the dynamic inventory script provided by Oracle Cloud
Infrastructure and include it in the playbook Invocation command.
24. Testing Policy describes when and how you may conduct certain types of Customers are allowed to use their own testing
security testing of Oracle Cloud Services, Including vulnerability and and monitoring tools.
penetration tests, as well as tests Involving data scraping tools. What does
Oracle allow as part of this testing?
- Customers can simulate DoS attack scenarios as long as its restricted to
the customers own environment.
- Customers can validate that their network resources are isolated from
other customer resources.
- Customers are allowed to use their own testing and monitoring tools.
- Customers are allowed to test Oracle Cloud Infrastructure (OCI) hardware
related to resources in their tenancy.
25. To take advantage of cloud agility and burst computing capability, ABC Use an existing SAML 2.0 compliant identity
Automobiles have extended their data center to a Virtual Cloud Network (VCN). provider(IdP) to grant CloudOps members
In Oracle Cloud Infrastructure's (OCI) us-phoenlx-1 region. They have several federated access to OCI Console via the OCI
members in their Cloud Operations (CloudOps) team that need to access the single sign-on (SSO) endpoint
OCI management console. The security administrator does not want to create
new IAM users and credentials that would then need to be ibuted to each
CloudOps member. Which option will help solution architect meet the needs for
CloudOps ?
- Use Web Identity Federation to retrieve an AuthToken to enable CloudOps
members to sign in to the OCI Console
- Use on-premises SAML 2.0 compliant identity provider(IdP) to retrieve an
AuthToken to enable CloudOps members to sign in to the OCI Console
- Use OAuth 2.0 to retrieve temporary credentials to enable your CloudOps
members to sign in to the OCI Console
- Use an existing SAML 2.0 compliant identity provider(IdP) to grant CloudOps
members federated access to OCI Console via the OCI single sign-on (SSO)
endpoint
26. What is a key benefit of using Oracle Cloud Infrastructure's Resource Manager Resource Manager manages the Terraform state
for your Terraform provisioning and management activities? file for your infrastructure and locks the file so
- Resource Manager has administrative privileges by design. Even if your IAM that only one Job at a time can run on a given
user does not have access, you can leverage Resource Manage provision new stack.
resources to any compartment in the Tenancy.
- You can use the Resource Manager to apply patches to all existing Oracle
Linux Instances in a specified compartment.
- Resource Manager manages the Terraform state file for your infrastructure
and locks the file so that only one Job at a time can run on a given stack.
- You can use Resource Manager to identify and maintain an Inventory of all
Compute and Database Instances across your tenancy.
27. Which command sample can be used to copy an object from Oracle Cloud oci os object copy --namespace-name
Infrastructure (OCI) Object Storage bucket in source region to a bucket in a <object_storage_namespace> --bucket-name
destination region ? <source_bucket_name> --source-object-name
- oci os object copy --bucket-name <source_bucket_name> --source-object- <source_object> --destination-namespace
name <source_object> --destination-compartment-id <destination_namespace_string> --destination-
<destination_compartment_id> --destination-region <destination_region> -- region <destination_region> --destination-bucket
destination-bucket <destination_bucket_name> --destination-object-name <destination_bucket_name> --destination-object-
<destination_object_name> name <destination_object_name>