OCI Professional 2023

1Z0-997-22 - Architect Professional
Study online at https://quizlet.com/_cz149y
1. You are designing the network infrastructure for an Answer: A

application consisting of a web server (server-1)
and a Domain Name Server (server-2) running in
two different subnets inside the same Virtual Cloud
Network (VCN) in Oracle Cloud Infrastructure (OCI).
You have a requirement where your end users
will access server-1 from the internet and serv-
er-2 from your customers on-premises network.
The on-premises network is connected to your VCN
over a FastConnect virtual circuit.
How should you design your routing configuration

to meet these requirements?
A. Configure two routing tables: first one with a
route to internet via an Internet gateway associ-
ate this route table to the subnet containing serv-
er-1.Configure the second route table to propa-
gate specific routes to the on-premises network via
a Dynamic Routing Gateway associate this route
table to subnet containing server-2
B. Configure two routing tables that have rules to
route all traffic via a Dynamic Routing Gateway.
Associate the two routing tables with all the VCN
subnets.
C. Configure a single routing table with two set of
rules: one that has route to internet via an Inter-
net Gateway and another that propagate specific
routes to the on-premises network via a Dynamic
Routing Gateway. Associate the routing table with
all the VCN subnets.
D. Configure a single routing table with two set of
rules: one that has route to internet via an Inter-
net Gateway and another that propagates specific
routes for the on-premises network via a Dynamic
Routing Gateway. Don't associate this routing table
with any of the subnets in the VCN
2. Q2 Answer: B
A data analytics company has been building Its
1 / 43
now generation big data and analytics platform
on Oracle Cloud Infrastructure (OCI). They need
a storage service that provide the scale and per-
formance that their big data applications require
such as high throughput to compute nodes with
low latency file operations in addition, their data
needs to be stored redundantly across multiple
nodes In a single availability domain and allows
concurrent connections from multiple compute In-
stances hosted on multiple availability domains.
Which OCI storage service can you use to meet this
requirement?
A. Object Storage
B. File System Storage
C. Archive storage
D. Block Volume
3. Q3 Answer: A
You are working as a cloud engineer for an IoT
startup company which is developing a health
monitoring pet collar for dogs and cats. The compa-
ny collects biometric Information of the pet every
second and then sends it to Oracle Cloud Infra-
structure (OCI) Your task is to come up with an ar-
chitecture which will accept and process the moni-
toring data as well as provide complete trends and
health reports to the pet owners. The portal should
be highly available, durable, and scalable with an
additional feature for showing real time biomet-
ric data analytics. which architecture will help you
meet this requirement?
A. Use OCI Streaming Service to collect the incom-
ing biometric dat
B. Use Oracle Functions to process the date and
show the results on a real-time dashboard and
store the results lo OCI Object Storage Store the
data In OCI Autonomous Data warehouse (ADW) to
handle analytics.
C. Launch an open source Hadoop cluster to col-
2 / 43
lect the Incoming biometrics data Use an Open
source Fluentd cluster to analyze the- data me re-
sults to OCI Autonomous Transaction Processing
(ADW)to handle complex analytics
D. Create an OCI Object Storage bucket to collect
the incoming biometric data from the smart pet
collar Fetch the data horn OC\ Object storage to
OCI Autonomous Data Warehouse (ADW) every day
and run analytics Jobs with it
E. Use OCI Streaming Service to collect the incom-
ing biometric dat
F. Use an open source Hadoop cluster to analyze
the data horn streaming servic
G. Store the results to OCI Autonomous Data ware-
house (ADW) to handle complex analytics
4. Q4 Answer: A, B
Bot Management in OCI provides which of the fea-
tures? Select TWO correct answers.
A. Good Bot Allowlist
B. CAPTCHA Challenge
C. IP Prefix Steering
D. Bad Bot Denylist
5. Q5 Answer: D
Which AM policy should be created to give XYZ
the ability to list contents of a resource excluding
the f needs to authenticate in prod compartment?
Principle of least privilege should be used.
A. Allow group XYZ to read all resources in tenancy
where target.compartment.name I= prod
B. Allow group XYZ to use all resources in compart-
ment != prod
C. Allow group XYZ to manage all resources in
compartment I= prod
D. Allow group XYZ to inspect all resources in ten-
ancy where target.compartment.name I= prod
6. Answer: C
3 / 43
Q6
what is the use case for Oracle cloud infrastructure
logging analytics service?
A. automatically create instances to collect logs
analysis and send reports
B. labels data packets that pass through the inter-
net gateway
C. monitors, aggregates, indexes and analyzes all
log data from on-premises.
D. automatically and manage any log based on a
subscription model
7. Q7 Answer: C
Select the component that encompasses the over-
all configuration of your WAF service on OCI.
A. Protection rules
B. Bot Management
C. Web Application Firewall policy
D. Origin
8. Q8 Answer: C
As a solutions architect, you need to assist oper-
ations team to write an I AM policy to give users
in group-uat1 and group- uat2 access to manage
all resources in the compartment Uat. Which is the
CORRECT IAM policy?
A. Allow any-user to manage all resources in ten-
ancy where target. compartment= Uat
B. Allow group /group-uat*/ to manage all re-
sources in compartment Uat
C. Allow group group-uat1 group-uat2 to manage
all resources in compartment Uat
D. Allow any-user to manage all resources in com-
partment at where request.group=/group-uat/*
9. On which option do you set Oracle Cloud Infra- Answer: C

structure Budget?
A. Instances
B. Tenancy
4 / 43
C. Compartments
D. Free-form tags
10. Q10 Answer: C

What does an audit log event include?
A. Audit type
B. Type of input
C. Header
D. Footer
11. Q11 Answer: A, C

A company needs to have some buckets as pub-
lic in the compartment. You want Cloud Guard to
ignore the problem associated with public bucket.
Select TWO correct answers
A. Dismiss the issues associated with these re-
sources
B. Make the bucket private so that Cloud Guard
won't detect it
C. J C. Configure Conditional groups for the detec-
tor to fix base line
D. First make the bucket private and after few days
make the bucket public again

A company has OCI tenancy which has mount tar-
get associated with two File Systems, CG 1 and
CG 2. These File Systems are accessed by IP-based
clients AB 1 and AB 2 respectively. As a
and CG 2 has Read/ Write access on AB
now can you provide access to both clients such
that CGI has Read onlv access on AR1
A. NFS Export Option
B. D B. Access Control Lists
C. NFS v3 Unix Security
D. A D. Vault
13. Q13 Answer: A

In which two ways can you improve data durability
in Oracle Cloud Infrastructure Object Storage?
5 / 43
A. Setup volumes in a RAID1 configuration
B. Enable server-side encryption
C. Enable Versioning
D. Limit delete permissions
E. Enable client-side encryption
14. Q14 Answer: B, D

Which statements are CORRECT about Security
Zone policy in OCI ? Select TWO correct answers
A. Block volume can be moved from a security zone
to a standard compartment
B. Bucket can't be moved from a security zone to a
standard compartment
C. Resources in a security zone must be accessible
from internet
D. Resources in a security zone must be encrypted
using customer-managed keys
15. Q15 Answer: B

As a Security Admin you want to inspect the meta-
data and actual data in your Oracle databases to
discover sensitive data and provide comprehen-
sive results listing the sensitive columns and re-
lated information. Which Data Safe feature will help
you to achieve the above requirement?
A. Data Masking
B. Data Discovery
C. Security Assessment
D. User Assessment
16. Q16 Answer: D

As a security architect, how can you prevent un-
wanted bots while desirable bots are allowed to
enter?
A. Data Guard
B. Vault
C. Compartments
D. Web Application Firewall (WAF)
17. Answer: A
6 / 43
Q17
Which storage type is most effective when you
want to move some unstructured data, consisting
of images and videos, to cloud storage?
A. Object Storage
B. File Storage
C. Archive Storage
D. Block Volume
18. Q18 Answer: A

Which type of file system does file storage use?
A. NESv3
B. iSCSI
C. Paravirtualized
D. NVMe
E. SSD
19. Q19 Answer: D

Which Oracle Data Safe feature minimizes the
amount of personal data and allows internal test,
development, and analytics teams to operate with
reduced risk?
A. data auditing
B. data encryption
C. security assessment
D. data masking
E. data discovery
20. Q20 Answer: C

What do the features of OS Management Service
do?
A. Add complexity in using multiple tools to man-
age mixed-OS environments
B. Provide paid service and support to OCI sub-
scribers for fixes on priority
C. Increase security and reliability by regular bug
fixes
D. Encourage manual setup to avoid machine-in-
duced errors
7 / 43
21. Q21 Answer: A
With regard to OCI Audit Log Service, which of the
statement is INCORRECT?
A. Audit Events gets collected when modification
within objects stored in an Object Storage bucket
B. Retention period for audit events cannot be mod-
ified
C. Events logged by the Audit service can be
viewed by using the Console, API, or the SDK for
Java
D. REST API calls can be recorded by Audit service
22. Q22 Answer: B

You are using a custom application with third-party
APIs to manage application and data hosted in
an Oracle Cloud Infrastructure (OCI) tenancy. Al-
though your third-party APIs don't support OCI's
signature-based authentication, you want them to
communicate with OCI resources. Which authenti-
cation option must you use to ensure this?
A. API Signing Key
B. Auth Token
C. OCI username and Password
D. SSH Key Pair with 2048-bit algorithm
23. Q23 Answer: A

When using Management Agent to collect logs
continuously, which is the required configuration
for OCI Logging Analytics to retrieve data from
numerous logs for an instance?
A. Source-Entity Association
B. Entity - Source Association
C. Entity - Agent Association
D. Agent - Entity Association
24. Q24 Answer: A

You subscribe to a PaaS service that follows the
Shared Responsibility model. Which type of secu-
rity is your responsibility?
8 / 43
A. Data
B. Guest OS
C. Infrastructure
D. Network
25. Q25 Answer: A,C

Which statements are CORRECT about Multi-Fac-
tor Authentication in OCI ?
A. Members of the Administrators group can dis-
able MFA for other users
B. A user can register multiple devices to use for
MFA.
C. Members of the Administrators group cannot
enable MFA for another user
D. Users cannot enable MFA for themselves
26. Q26 Answer: B

Which statement is true about using custom BYOI
instances in Windows Servers that are managed by
OS Management Service?
A. Windows Servers that already has the minimum
agent version requires an agent update or installa-
tion.
B. Windows Servers that does not have the min-
imum agent version requires an agent update or
installation.
C. Windows Servers that already has the minimum
agent version does not require an agent update or
installation.
D. Windows Servers that does not have the mini-
mum agent version does not require an agent up-
date or installation
27. Q27 Answer: A

As a security administrator, you found out that
there are users outside your co network who are
accessing OCI Object Storage Bucket. How can
you prevent these users from accessing OCI re-
9 / 43
sources in corporate network?
A. Create an IAM policy and add a network source
B. Make OCI resources private instead of public
C. Create an IAM policy and create WAF rules
D. Create PAR to restrict access the access
28. Q28 Answer: A

You want to make API calls against other OCI ser-
vices from your instance without configuring user
credentials. How would you achieve this?
A. Create a dynamic group and add a policy
B. Create a dynamic group and add your instance
C. Create a group and add a policy
D. No configuration is required for making API calls
29. Q29 Answer: A

Which statement is true about Oracle Cloud Infra-
structure (OCI) Object Storage server-side encryp-
tion?
A. All the traffic to and from object storage is en-
crypted by using Transport Layer Security
B. Encryption is not enabled by default
C. Customer-provided encryption keys are never
stored in OCI Vault service
D. Each object in a bucket is always encrypted with
the same data encryption key
30. Q30 Answer: C

Which statement is true about origin management
in WAF?
Statement A: Multiple origins can be defined.
Statement B: Only a single origin can be active for
a WAF.
A. Only statement B is true.
B. Both the statements are false.
C. Both the statements are true.
D. Only statement A is true
31. Q31 Answer: C

Which of these protects customer data at rest and
10 / 43
in transit in a way that allows customers to meet
their security and compliance requirements for
cryptographic algorithms and key management?
A. Security controls
B. Customer isolation
C. Data encryption
D. Identity Federation
32. Q32 Answer: C

What is the minimum active storage duration for
logs used by Logging Analytics to be archived?
A. 60 days
B. 10 days
C. 30 days
D. 15 days
33. Q33 Answer: A

Which components are a part of the OCI Identity
and Access Management service?
A. Policies
B. Regional subnets
C. Compute instances
D. VCN
34. Q34 Answer: C

An E-commerce company which sells computers,
tablets, and other electronics items has recently
decided to move all of their on-premises infrastruc-
ture to Oracle Cloud Infrastructure (OCI). One of
their on-premises application is running on an NG-
INX server and the Oracle Database is running in
a 2 node Oracle Real Application Clusters (RAC)
configuration.
They cannot afford to have any application down

time when they do the migration.
What is an effective mechanism to migrate the

customer application to OCI and set up regular
11 / 43
automated backups?
A. Launch a compute instance and run an NGINX
server to host the application. Deploy a 2 node
VM DB Systems with Oracle RAC enabled. Import
the on-premises database to OCI VM DB Systems
using Oracle Data Pump and then enable automatic
backups.
B. Launch a compute instance for both the NGINX
application server and the database server. Attach
block volumes on the database server compute
instance and enable backup policy to backup the
block volumes.
C. Launch a compute instance and run an NGINX
server to host the application. Deploy a 2 node
VM DB Systems with Oracle RAC enabled. Setup
Oracle GoldenGate to synchronize data from their
on-premises database to OCI VM Database. Export
and Import the on-premises database to OCI VM
DB Systems using Oracle Data Pump, apply the
GoldenGate trail files to sync up the OCI database
with the on-premises database. Enable automatic
backups for the OCI VM database and then cut over
the application from on-premises to OCI
D. Launch a compute instance and run an NG-
INX server to host the application. Deploy Exadata
Quarter Rack, enable automatic backups and im-
port the database using Oracle Data Pump
35. Q35 Answer: B,D

When creating an OCI Vault, which factors may lead
to select the Virtual Private Vault ?
A. Need for more than 9211 key versions
B. Greater degree of isolation
C. To mask Pll data for non-production environ-
ment
D. Ability to back up the vault
36. Answer: D
12 / 43
Q36
Cloud Guard detected a risk score of zero in the
dashboard, what does this mean ?
A. Risk score doesn't say anything. These are just
numbers
B. LOW or MINOR issues
C. Larger number of problems that have high risk
levels ( HIGH or CRITICAL )
D. No problem detected for any resource

With regard to vulnerability and cloud penetration
testing, which rules of engagement apply? Select
TWO correct answers.
A. Any port scanning must be performed in an
aggressive mode
B. Physical penetration and vulnerability testing of
Oracle facilities is prohibited
C. Testing should target any other subscription or
any other Oracle Cloud customer resources
D. You are responsible for any damages to Oracle
Cloud customers that are caused by your testing
activities
38. Q38
How can you establish private connectivity over
two VCN within same OCI region without traversing
the traffic over public internet ?
A. NAT Gateway
B. Data Guard
C. Remote VCN Peering
D. Local VCN Peering'
Answer: D

Which security issues can be identified by Oracle
Vulnerability Scanning Service? Select TWO cor-
rect answers
A. Distributed Denial of Service (DDoS)
13 / 43
B. Ports that are unintentionally left open can be a
potential attack vector for cloud resources
C. SQL Injection
D. CIS published Industry-standard benchmarks
40. Q40 Answer: B

What are the security recommendations and best
practices for Oracle Functions?
A. Grant privileges to UID and GID 1000, such that
the functions running within a container acquire
the default root capabilities.
B. Add applications to network security groups for
fine-grained ingress/egress rules.
C. Define a policy statement that enables access
to functions for requests coming from multiple IP
addresses.
D. Ensure that functions in a VCN have restricted
access to resources and services
41. Q41 Answer: A

Which is true regarding importing a symmetric key
into Vault (Bring your own key)?
A. The key must be wrapped using a RSA asymmet-
ric key provided by the Vault.
B. The user performing the import must have the
"import" permission via an AM Policy.
C. The user must use the Command Line Interface
(CLI) for importing the key into the Vault.
D. The key must be 1024 bits

Which two Cloud Guard tasks can be configured
using API or Console?
A. Create targets against your compartments to
monitor resources within those.
B. Create your own rules within existing recipes.
C. Clone Config detector recipes to customize your
security policies.
D. Run behavior analytics on your users
14 / 43
You know that a few buckets in your compartment
should stay public, and you do not want Cloud
Guard to detect these as problems. In which two
ways would you handle this?
A. A public bucket is a security risk, so Cloud Guard
will keep detecting it
B. Fix the base line by configuring the Conditional
groups for the detector
C. Resolve or remediate those problems and you
should not see Cloud Guard triggering on these
resources ever again
D. Dismiss the problems associated those re-
sources
44. Q44 Answer: D

You have configured the Management Agent on an
Oracle Cloud Infrastructure (OCI) Linux instance
for log ingestion purposes.
Which is a required configuration for OCI Logging
Analytics service to collect data from multiple logs
of this Instance?
A. Log - Log Group Association
B. Log Group - Source Association
C. Entity - Log Association
D. Source - Entity Association
45. Q45 Answer: C

Which of the following features is NOT supported
by Oracle Cloud Infrastructure Multi-factor authen-
tication (MFA)?
A. Users can disable MFA for their own accounts.
B. Only the user can enable MFA for their own
account.
C. Members of the Administrators group can en-
D. Members of the Administrators group can dis-
15 / 43
46. Q46 Answer: A
Which of the following is NOT a good use case
for the Oracle Cloud Infrastructure (OCI) Streaming
service?
A. Meeting compliance requirements for data to
remain unchanged over a long time, so that it can
be retrieved for audit purposes
B. Ingesting metric and log data to help make crit-
ical operational data more quickly available for in-
dexing, analysis, and visualization.
C. Messaging with a pull-based communication
model and the ability to feed multiple consumers
with the same data independently.
D. Providing a unified entry point for cloud com-
ponents to report their life cycle events for audit,
accounting, and related activities
47. Q47 Answer: D

An Oracle Cloud Infrastructure (OCI) load balancer
is configured with three listeners and one path
route set:
Listener 1
Virtual hostname: none
Default backend set: A
Path route set: PathRouteSet1
Listener 2
Virtual hostname: captive.com
Default backend set: B
Listener 3
Virtual hostname: wild.com
Default backend set: C
Path Route Set

Path route set name: PathRouteSet1
16 / 43
Exact match on path string /tame/ routes to back-
end set B.
Exact match on path string /feral/ routes to back-
end set C.
You need to validate the destination for each of the

following URLs.
U1: http://captive.com/
U2: http://wild.com/tame/
Which statement is true?

A. U1 will be routed to backend set B, and U2 will
be routed to backend set C.
B. U1 and U2 will be routed to backend set A.
C. U1 will be routed to backend set A, and U2 will
be routed to backend set B.
D. U1 and U2 will be routed to backend set B
48. Q48 Answer: C

A developer is using Oracle Functions to deploy
her code as part of an event-driven solution in Or-
acle Cloud Infrastructure (OCI). When she invokes
her function, Oracle Functions returns a Function-
InvokeImageNotAvailable message and a 502 error:
{"code":"FunctionInvokeImageNotAvail-
able","message":"Failed to pull function image"}
Fn: Error invoking function. status: 502 message:

Failed to pull function image
Which of the following options is NOT a plausible

reason for this error?
A. The function does not exist in the specified loca-
tion in OCI Registry.
B. The VCN being used does not have an internet
gateway or a service gateway configured for Oracle
Functions to be able to access OCI Registry.
C. OCI Events service rule is not configured with
17 / 43
the correct location of the function in OCI Registry
D. Missing or invalid IAM policy to give Oracle
Functions read access to images stored for func-
tions in repositories in OCI Registry
49. Q49 Answer: A

As an administrator you want to give users of Ob-
jectWriters group full access to bucket Bucket-A
and its objects in compartment comp-images. You
want users of ObjectWriters to not be able to ac-
cess or modify properties of any other buckets and
its objects in the compartment comp-images.
Select the statement(s) below that will best define

your IAM policies.
A. Allow group ObjectWriters to inspect buck-
ets in compartment comp-images Allow group
ObjectWriters to read buckets in compartment
comp-images where target.bucket.name=Bucket-A
Allow group ObjectWriters to manage objects
in compartment comp-images where target.buck-
et.name= Bucket-A
B. Allow group ObjectWriters to mange buckets
in compartment comp-images Allow group Ob-
jectWriters to manage objects in compartment
C. Allow group ObjectWriters to read buckets
in compartment comp-images Allow group Ob-
jectWriters to manage objects in compartment
D. Allow group ObjectWriters to manage buckets
in compartment comp-images where target.buck-
et.name=Bucket-A
50. Q50 Answer: C, E

You are tasked with backing up your data using
Oracle Cloud Infrastructure Block Volume service.
When you are finalizing your block volume backup
18 / 43
schedule, which of the following two are valid con-
siderations for your backup plan? (Choose Two)
A. Governance: Tagging of backups so you can
capture backup related API calls through the Audit
service.
B. Location: Determine the Object Store Bucket
where the backups will be stored.
C. Number of stored backups: How many backups
you need to keep available and the deletion sched-
ule for those you no longer need
D. Encryption: Whether to use your own key to
encrypt your volume backups.
E. Frequency: How often you want to back up your
data
51. Q51 Answer: A, C, E

You are responsible for migrating your on-premis-
es legacy databases on 11.2.0.4 version to Au-
tonomous Transaction Processing - Dedicated
(ATP-D) in Oracle Cloud Infrastructure (OCI). As a
solution architect, you need to plan your migration
approach.
Which three options do you need to implement

together to migrate your on-premises databases to
OCI?
A. Convert on-premises databases to PDB, up-
grade to 19c, and encrypt
B. Use Oracle Data Guard to keep on-premises
database always active during migration.
C. Use Oracle GoldenGate replication to keep
on-premises database online during migration
D. Retain all legacy structures and unsupported
features (e.g. legacy LOBs) in the on-premises
databases for migration.
E. Launch Autonomous Transaction Processing -
Dedicated database in OCI
F. Retain changes to Oracle shipped privileges,
19 / 43
stored procedures or views in the on-premises
databases
52. Q52 Answer: A

You have configured backups for your Oracle
Cloud Infrastructure (OCI) 2-node RAC DB systems
on virtual machines. In the console, the database
backup displays a Failed status.
Which of the following options is the most likely

reason for this backup issue?
A. The auth token being used by the Object Store
Swift endpoint is incorrect
B. The master key stored in OCI Key Management
for encryption and decryption of data in the data-
base is not accessible to the backup service.
C. The RMAN backup agent is not compatible with
the version of database being used.
D. The allocated storage on the OCI File Storage
service file system attached with the database is
full
53. Q53 Answer: C

for the volume backup feature of the Oracle Cloud
Infrastructure Block Volume service?
A. Meet compliance and regulatory requirements
for data to remain unchanged over time, so that it
can be retrieved for audit purposes.
B. Support business continuity requirements of re-
ducing the risk of outages or data mutation over
time.
C. Rapidly duplicate an environment in seconds to
test configuration changes without impacting your
production environment
D. Retain a copy of data in a volume, so that you
can duplicate an environment later or preserve the
data for future use
20 / 43
54. Q54 Answer: D
A company is running High Performance Comput-
ing workloads on Oracle Cloud Infrastructure and
are using OCI bare metal compute shape. They
have decided to create a custom image of the bare
metal instance's boot disk and use it to launch
other instances.
Which of the following is a NOT a true statement?

A. Before you create a custom image of an in-
stance, you must disconnect all iSCSI attachments
and remove all iscsid node configurations from the
instance.
B. Custom images do not include the data from any
attached block volumes.
C. Editing custom Windows images is not support-
ed due to hardware differences between shapes.
D. You can create additional custom images of an
instance while the instance is engaged in the image
creation process
55. Q55 Answer: D

A cloud consultant is working on a implementation
project on Oracle Cloud Infrastructure (OCI). As
part of the compliance requirements, the objects
placed in OCI Object Storage should be automati-
cally archived first and then deleted. He is testing
a lifecycle policy on Object Storage and created a
policy as below:
[ { "name": "Archive_doc", "action": "ARCHIVE",

"objectNameFilter": { "inclusionPrefixes": [ "doc"]
},
"timeAmount": 5, "timeUnit": "DAYS", "isEnabled":
true },
{ "name": "Delete_doc", "action": "DELETE", "ob-

jectNameFilter": { "inclusionPrefixes": [ "doc"] },
"timeAmount": 5, "timeUnit": "DAYS", "isEnabled":
21 / 43
true }
]
What will happen after this policy is applied?

A. All the objects having file extension "doc" will
be archived for 5 days and will be deleted 10 days
after object creation.
B. All the objects having file extension "doc" will
be archived 5 days after object creation.
C. All the objects with names starting with "doc"
will be archived 5 days after object creation and will
be deleted 5 days after archival.
D. All objects with names starting with "doc" will
be deleted after 5 days of object creation
56. Q56 Answer: A, E

A manufacturing company is planning to migrate
their on-premises database to Oracle Cloud Infra-
structure and has hired you for the migration. Cus-
tomer has provided following information regard-
ing their existing on-premises database:
Database version, database character set, storage
for data staging, acceptable length of system out-
age.
What additional information do you need from cus-

tomer in order to recommend a suitable migration
method? (Choose Two)
A. Data types used in the on-premises database
B. Number of active connections.
C. Elapsed time since database was last patched.
D. Top 5 longest running queries.
E. On-Premises host operating system and version
57. Q57 Answer: C

As a solution architect, you are designing a web
application to be deployed across multiple Oracle
Cloud Infrastructures (OCI) regions for a global
audience. Your goal is that users from each re-
22 / 43
gion should access the application web servers
deployed in their own geographical OCI location.
Which OCI feature can be used to achieve this?

A. OCI Public Load Balancers
B. OCI Global Load balancers
C. OCI Traffic Management GeoLocation steering
policy
D. OCI Traffic Management IP Prefix steering policy
58. Q59 Answer: B

Many development engineers are deploying new
instances as part of their projects in Oracle Cloud
Infrastructure tenancy, but majority of these in-
stances have not been tagged. You as an admin-
istrator of this tenancy want to enforce tagging
to identify owners who are launching these in-
stances.
Which option below should be used to implement

this requirement?
A. Create a default tag for each compartment which
ensure appropriate tags are allowed at resource
creation.
B. Create a predefined tag with tag variables to
automatically tag a resource with username
C. Create tag variables for each compartment to
automatically tag a resource with user name.
D. Create an IAM policy to automatically tag a re-
source with the username
59. Q60 Answer: D

An online gaming application is deployed to multi-
ple Availability Domains in the Oracle Cloud Infra-
structure (OCI) us-ashburn-1 region. Considering
the high volume of traffic that the gaming applica-
tion handles, the company has hired you to ensure
that the data stored by the application is scalable,
highly available, and disaster resilient. In the event
23 / 43
of failure, the Recovery Time Objective (RTO) and
Recovery Point Objective (RPO) must be less than
2 hours.
Which Disaster Recovery strategy should be used

to achieve the RTO and RPO requirements in the
event of a system failure?
A. Create a user defined backup policy with a
schedule of generating daily backups for block vol-
umes.
B. Create a user defined backup policy with a
schedule of generating hourly backups for block
volumes.
C. Configure hourly block volumes backups
through the OCI Storage Gateway service.
D. Configure hourly block volumes backups using
the OCI Command Line Interface (CLI)
60. Q61 Answer: B

Your security team has informed you that there
are a number of malicious requests for your web
application coming from a set of IP addresses orig-
inating from a country in Europe.
Which of the following methods can be used to

mitigate these type of unauthorized requests?
A. Delete Internet Gateway from Virtual Cloud Net-
work.
B. Web Application Firewall policy using access
control rules
C. Deny rules in Virtual Cloud Network Security
Lists for the specific set of IP addresses.
D. Deny rules in Virtual Cloud Network Security
Group for the specific set of IP addresses
61. Q62 Answer: C, E

You are building a demo for a customer that show-
cases Oracle Cloud Infrastructure (OCI) Events
service and Oracle Functions. You plan to create
24 / 43
an event every time an image is uploaded to an
OCI Object Storage bucket. You have also created a
function that is listening to the event and process-
es the image for face recognition.
Choose the two actions from below that are NOT

required to run the demo successfully.
A. You must specify an action type while creating
an Event service and specify the function you want
to trigger.
B. You must deploy the function that does facial
recognition for the demo to work.
C. The function must be deployed only to Oracle
Kubernetes Engine (OKE)
D. You have to enable Object Storage buckets to
emit events for state changes.
E. Creating an event rule is not permitted for OCI
Object storage. (*)
62. Q63 Answer: C

Design and implement hybrid network architec-
tures to meet high availability, bandwidth and la-
tency requirements
Your Oracle database is deployed on-premises and

has produced 100 TB database backup locally. You
have a disaster recovery plan that requires you
to create redundant database backups in Oracle
Cloud Infrastructure (OCI). Once the initial back-
up is completed, the backup must be available for
retrieval in less than 30 minutes to support the
Recovery Time Objective (RTO) of your solution.
Which is the most cost effective option to meet

these requirements?
A. Setup a FastConnect connection between
on-premises data center and OCI. Then to use OCI
CLI command to upload database backups to OCI
Object Storage Standard tier as the final destina-
25 / 43
tion.
B. Setup an IPsec VPNConnect between on-premis-
es data center and OCI. Then to use OCI CLI com-
mand to upload database backups to OCI Object
Storage Archive tier as the final destination.
C. Use OCI Storage Gateway to transfer the backup
files to OCI Object Storage Standard tier as the final
destination
D. Use OCI Storage Gateway to transfer the backup
files to OCI Object Storage Archive tier as the final
destination
63. Q64 Answer: A, B

You have been asked to create a mobile application
which will be used for submitting orders by users
of a popular E-Commerce site. The application is
built to work with Autonomous Transaction Pro-
cessing - Serverless (ATP-S) database as the back-
end and HTML5 on Oracle Application Express as
the front end. During the peak usage of the applica-
tion you notice that the application response time
is very slow. ATP-S database is deployed with 3
CPU cores and 1 TB of memory.
Which two options are expensive or impractical

ways to improve the application response times?
A. Scale up CPU core count and memory during
peak times. (*)
B. Identify the maximum CPU capacity needed for
peak times and scale the CPU core count for the
ATP-S database to that number. ATP-S will scale
the CPU core count down when not needed. (*)
C. Enable auto scaling for CPU cores on ATP-S
database.
D. Use the Machine Learning (ML) feature of the
ATP-S database iteratively to tune the SQL queries
used by the application.
E. Identify the maximum memory capacity needed
for peak times and scale the memory for the ATP-S
26 / 43
database to that number. ATP-S will scale the mem-
ory down when not needed
64. Q65 Answer: D

A customer has a Virtual Machine instance running
in their Oracle Cloud Infrastructure tenancy. They
realized that they wrongly picked a smaller shape
for their compute instance. They are reaching out
to you to help them fix the issue.
Which of the below options is best recommended

to suggest to the customer?
A. Change the shape of instance without reboot,
but stop all the applications running on instance
beforehand to prevent data corruption.
B. OCI doesnt allow such an operation.
C. Delete the running instance and spin up a new
instance with the desired shape.
D. Change the shape of the virtual machine in-
stance using the Change Shape feature available
in the console
65. Q66 Answer: C

You have an application running in Microsoft Azure
and want to use Oracle Autonomous Data ware-
house (ADW) instance for running business analyt-
ics.
How can you build a secure solution for such a

use-case?
A. Connect the Oracle ADW in your VCN to the
Microsoft Azure VNet over the internet.
B. Create a software Remote Peering Connection
between Oracle Cloud Infrastructure (OCI) Virtual
Cloud Network (VCN) and Microsoft Azure Virtual
Network (VNet) and connect the application with
Oracle ADW instance.
C. Setup an interconnect between OCI and Mi-
crosoft Azure using FastConnect and Express-
27 / 43
Route. Use a Service Gateway in OCI Virtual Cloud
Network to provide connectivity to the Oracle ADW
instance for the application in Microsoft Azure VNet
D. Create a software VPN connection between Or-
acle Cloud Infrastructure (OCI) Virtual Cloud Net-
work (VCN) and Microsoft Azure Virtual Network
(VNet) and connect the application with Oracle
ADW instance
66. Q67 Answer: B

Which of the below options for private access to
services within Oracle Cloud Infrastructure (OCI) is
NOT valid?
A. Traffic from an OCI compute instance going
through a Service Gateway to Object Storage is
routed without being sent over the internet.
B. You cannot use the private endpoint for hosts in
the on-premises network
C. The private endpoint gives hosts within your
Virtual Cloud Network access to a given service
within Oracle Cloud Infrastructure.
D. You can enable private access to certain ser-
vices within OCI from your Virtual Cloud Network
by using either a private endpoint or a service gate-
way
67. Q68 Answer: A, D

You have deployed an application server in a pri-
vate subnet in your virtual cloud network (VCN).
For the database, you have provisioned an Au-
tonomous Transaction Processing (ATP) server-
less instance. However, you are unable to connect
to the database instance from your application
server.
Which two steps would you need to enable this

connectivity?
A. Add a stateful egress rule to the security list
associated with your private subnet.
28 / 43
Destination CIDR: 0.0.0.0/0
Protocols: All Protocols
B. Add an internet gateway to your VCN and add a
route rule to your private subnet route table.
CIDR: 0.0.0.0/0
Target: Internet Gateway
C. Add a remote peering connection from your VCN
to the ATP VCN
D. Create a NAT Gateway and add the following
route rule to the route table of private subnet.
CIDR: 0.0.0.0/0
Target: NAT Gateway
68. Q69 Answer: C

There are two compartments: Networks and DevIn-
stances
There are two groups: NetworkAdmins with a user

named Nick, and Devs with a user named Dave
The following IAM policies are being used:
Allow group NetworkAdmins to manage virtu-

al-network-family in compartment Networks
Allow group NetworkAdmins to manage in-
stance-family in compartment Networks
Allow group Devs to use virtual-network-family in
compartment Networks
Allow group Devs to manage all-resources in com-
partment DevInstances
Nick creates a VCN in Networks compartment. Dave

creates a VCN in DevInstances compartment.
Which of the following statements is INCORRECT?

A. Dave launches instances in DevInstances using
the VCN in Networks compartment
B. Nick cannot launch new instances in DevIn-
stances compartment
29 / 43
C. Nick launches instances in Networks using VCN
in DevInstances compartment
D. Dave cannot launch new instances in Networks
compartment
69. Q70 Answer: D

You want to automate the processing of new image
files to generate thumbnails. The expected rate is
10 new files every hour.
Which of the following is the most cost effective

option to meet this requirement in Oracle Cloud
Infrastructure (OCI)?
A. Upload files to an OCI Object storage bucket.
Every time a file is uploaded, trigger an event with
an action to provision a compute instance with a
cloud-init script to access the file, process it and
store it back in an Object storage bucket. Terminate
the instance using Autoscaling policy after the pro-
cessing is finished.
B. Build a web application to ingest the files and
save them to a NoSQL Database. Configure OCI
Events service to trigger a notification using Or-
acle Notification Service (ONS). ONS invokes a
custom application to process the image files to
generate thumbnails. Store thumbnails in a NoSQL
Database table.
C. Upload all files to an Oracle Streaming Service
(OSS) stream. Set up a cron job to invoke a function
in Oracle Functions to fetch data from the stream.
Invoke another function to process the image files
and generate thumbnails. Store thumbnails in an-
other OSS stream.
D. Upload files to an OCI Object storage bucket.
Every time a file is uploaded, an event is emitted.
Write a rule to filter these events with an action
to trigger a function in Oracle Functions. The func-
tion processes the image in the file and stores the
thumbnails back in an Object storage bucket
30 / 43
70. Q71 s hotline is flooded
A fast growing E-commerce company has de- with complaints.
ployed their online shopping application on Oracle
Cloud Infrastructure. The application was deployed What could be two
on compute instances with Autoscaling configu- possible reasons for
ration for application servers fronted by a load this situation?
balancer and OCI Autonomous Transaction Pro- A. The health check
cessing (ATP) in the backend. In order to promote on some of the back-
their e-commerce platform 50% discount was an- end servers has failed
nounced on all the products for a limited period. and the load balancer
During the day 1 of promotional period it was ob- was rebooting these
served that the application is running slow and servers.
company B. As part of Autoscal-
ing, the load balancer
shape has dynamical-
ly changed to a larg-
er shape to handle
more incoming traffic
and the system was
slow for a short time
during this change.
C. Autoscaling has al-
ready scaled to the
maximum number of
instances specified in
the configuration and
there is no room for
scaling further
D. The health check
on some of the
backend servers has
failed and the load
balancer has taken
those servers tem-
porarily out of rota-
tion'
Answer: C, D
71. Answer: D
31 / 43
Q72
An eCommerce company is running on Oracle
Cloud Infrastructure (OCI) and many compute in-
stances remain unused for the most part of the
year except during Black Friday and Christmas.
You suggest them to use OCIs Autoscaling feature
and present them a slide to showcase the features
of Autoscaling.
Which option below is inaccurate in your presenta-

tion to the customer?
A. Autoscaling requires an instance pool as a
pre-requisite so that it can automatically adjust the
number of compute instances in an instance pool.
B. A cooldown period between Autoscaling events
lets the system stabilize at the updated level.
C. Autoscaling relies on performance metrics such
as CPU utilization that are collected by OCI Moni-
toring service to trigger an Autoscaling event.
D. When an instance pool scales in, instances are
terminated in this order: the number of instances
is balanced across Availability Domains, and then
balanced across Fault Domains. Finally, within a
Fault Domain, the newest instance is terminated
first
72. Q73 Answer: A,D

You have decided to migrate your application to Or-
acle Cloud Infrastructure and use Oracle Functions
to deploy your microservices.
Which monitoring metrics are available to help you

calculate your total cost for using Oracle Functions
per month? (Choose Two)
A. Number of times a function is invoked
B. Amount of storage used by your functions.
C. Network bandwidth used by your functions.
D. Length of time a function runs
E. Amount of RAM used by your functions
32 / 43
73. Q74 Answer: A
As per Oracle Cloud Architecture (OCI) Connectivi-
ty Redundancy recommendations, you have decid-
ed to deploy two 10 GB FastConnect Virtual Cir-
cuits going from on-premises to OCI. One of these
is active and the other is in stand-by mode. One
of the virtual circuits is provided by OCI FastCon-
nect partner A, while the other virtual circuit is
provided by OCI FastConnect partner B. Despite
implementing this recommended architecture, you
encounter complete unavailability of connectivity
between OCI and on-premises. What is the most
likely reason for this issue?
A. OCI partner B leases infrastructure from partner
A and both digital circuits run over the same phys-
ical line. Partner A went down
B. The 10 GB bandwidth was not sufficient for the
amount of traffic being sent, causing FastConnect
to overflow.
C. The Dynamic Routing Gateway on OCI froze,
bringing down both circuits.
D. The two edge routers on premises malfunctioned
simultaneously, causing both circuits to go down
74. Q75 Answer:B

for using the functionality available in the Oracle
Cloud Infrastructure (OCI) Events service?
A. Publish all events in a specific compartment to
Oracle Streaming service for later analysis.
B. Capture Monitoring Alarms and invoke Autoscal-
ing of compute instances
C. Trigger a Function using Oracle Functions when
new files are uploaded in an OCI Object Storage
bucket.
D. Trigger a notification when a function completes
its execution.
E. Publish a notification when long lived tasks com-
33 / 43
plete, such as OCI Autonomous Database backup
completion
75. Q76 Answer: B

Your organization is planning on using Oracle
Cloud Infrastructure (OCI) File Storage Service
(FSS). You will be deploying multiple compute in-
stance in Oracle Cloud Infrastructure(OCI) and
mounting the file system to these compute in-
stances.
The file system will hold payment data processed

by a Database instance and utilized by compute
instances to create a overall inventory report. You
need to restrict access to this data for specific
compute instances and must be allowed/blocked
per compute instances CIDR block.
Which option can you use to secure access?

A. Use stateless Security List rule to restrict access
from known IP addresses only.
B. Use Export option feature of FSS to restrict ac-
cess to the mounted file systems
C. Create a new VCN security list, choose SOURCE
TYPE as Service and SOURCE SERVICE as FSS.
Add stateless ingress and egress rules for specific
IP address and CIDR blocks.
D. Create and configure OCI Web Application Fire-
wall service with built in DNS based intelligent rout-
ing
76. Q77 Answer: C

You have to migrate your application to Oracle
Cloud Infrastructure (OCI). The database is con-
stantly being updated and needs to be online with-
out interruptions. How can you transition the data-
base to OCI without interrupting its use?
A. It is impossible to migrate without interruption.
B. Use an on-premises database with two-way syn-
34 / 43
chronization to a cloud-based database and allow
clients to connect to either databases.
C. Use an on-premises database with one-way syn-
clients to connect only to the on-premises data-
base until it is synchronized
D. Use an on-premises database with one-way syn-
clients to connect only to the cloud database
77. Q78 Answer: A

You are working as a solution architect for a cus-
tomer in Frankfurt, which uses multiple compute
instance VMs spread among three Availability Do-
mains in the Oracle Cloud Infrastructure (OCI)
eu-frankfurt-1 region. The compute instances do
not have public IP addresses and are running in pri-
vate subnets inside a Virtual Cloud Network (VCN).
You have set up OCI Autoscaling feature for the
compute instances, but find out that instances can-
not be auto scaled. You have enabled monitoring
on the instances.
What could be wrong in this situation?

A. You need to set up a Service Gateway to send
metrics to the OCI Monitoring service
B. You need to assign a reserved public IP address
to the compute instances.
C. Autoscaling only works for instances with public
IP addresses.
D. Autoscaling only works with single availability
domains
78. Q79 Answer: A, D

You are creating an Oracle Cloud Infrastructure
Dynamic Group. To determine the members of this
group you are defining a set of matching rules.
Which of the following are the supported vari-
35 / 43
ables to define conditions in the matching rules?
(Choose Two)
A. instance.compartment.id - the OCID of the com-
partment where the instance resides
B. instance.tenancy.id - the OCID of the tenancy
where the instance resides.
C. iam.policy.id - the OCID of the IAM policy to apply
to the group.
D. tag.<tagnamespace>.<tagkey>.value - the tag
namespace and tag key
79. Q80 Answer: C

A global media organization is working on a pro-
ject which lets users upload their videos to the
site. After upload is complete, the video should be
automatically processed by an AI algorithm. The
algorithm will try to recognize certain actions in
the videos so that it can be used to show related
advertisements in future. The development team
wants to focus on writing AI code and not worry
about underlying infrastructure for high availabili-
ty, scalability, security and monitoring.
Which Oracle Cloud Infrastructure (OCI) services

would meet these requirements?
A. OCI Events, Oracle Container Engine for Kuber-
netes and OCI Digital Assistant.
B. OCI Resource Manager, OCI Functions and OCI
Events service.
C. OCI Object Storage, OCI Events service and OCI
Functions
D. Oracle Container Engine for Kubernetes, OCI
Notifications and OCI Object Storage
80. Q81 Answer: C

As part of planning the network design on Ora-
cle Cloud Infrastructure, you have been asked to
create an Oracle Cloud Infrastructure Virtual Cloud
Network (VCN) with 3 subnets, one in each Avail-
36 / 43
ability Domain. Each subnet needs to have a mini-
mum of 64 usable IP addresses.
What is the smallest subnet and VCN size you

should use to implement this design? The require-
ments are static, so no growth is expected.
A. /22 for the VCN /25 for the subnets
B. /22 for the VCN /24 for the subnets
C. /23 for the VCN /25 for the subnets
D. /24 for the VCN /24 for the subnets
81. Q82 Answer: D

You have been asked to review some network
proposals by a major client. The client's IT direc-
tor needs to provision two Virtual Cloud Network
(VCN) for a major application. Both applications
use a large number of virtual machine instances,
and so will ideally occupy VCNs with as many ad-
dress spaces as possible. Additionally, in the fu-
ture, VCN peering will be required to allow commu-
nication between the VCNs.
Which of the following are valid IP ranges to con-

sider for the VCNs?
A. 10.0.0.0/16 and 10.0.64.0/24
B. 10.0.1.0/24 and 10.0.1.0/27
C. 10.0.0.0/8 and 11.0.0.0/8
D. 10.0.0.0/24 and 10.0.1.0/24
82. Q83 Answer: B

You have deployed a multi-tier application with
multiple compute instances in Oracle Cloud Infra-
structure. You want to back up these volumes and
have decided to use Volume Groups feature. The
Block volume and Compute instances exist in dif-
ferent compartments within your tenancy.
Periodically, a few child compartments are moved
under different parent compartments, and you no-
tice that sometimes volume group backup fails.
37 / 43
What should be the cause ?

A. You have the same block volume attached to
multiple compute instances if these compute in-
stances are in different compartments then all con-
cerned compartments must be moved at the same
time.
B. The Identity and Access Management policy al-
lowing backup failed to move when the compart-
ment was moved
C. A compute instance with multiple block vol-
umes attached cannot move when a compartment
is moved.
D. You are exceeding your volume group backup
quota configured
83. Q84 Answer: C

You are a solution architect working with a startup
that has decided to move their workload to Oracle
Cloud Infrastructure. Since their workload is small,
upon architecting, you decide its sufficient to use
8 compute instances to run their workload. The
company wants to use a common storage for their
instances. So, you propose the idea of attaching
a block volume to multiple instances to provide a
common storage.
Which of the below option is NOT true for such a

solution?
A. Once you attach a block volume to an instance
as read-only, it can only be attached to other in-
stances as read-only.
B. Block volumes attached as read-only are config-
ured as shareable by default.
C. You can delete a block volume from one instance
without detaching it from all other instances there
by keeping other instances storage intact
D. If the block volume is already attached to an
instance as read/write non-shareable you can't at-
38 / 43
tach it to another instance until you detach it from
the first instance
84. Q85 Answer: B

You are part of a project team working in the de-
velopment environment created in Oracle Cloud
Infrastructure (OCI). You realize that the CIDR block
specified for one of the subnets in a Virtual Cloud
Network (VCN) is not correct and want to delete the
subnet. While deleting you get an error indicating
that there are still resources that you must delete
first. The error includes the OCID of the VNIC that
is in the subnet.
Which of the following action you will take to trou-

bleshoot this issue?
A. Use OCI CLI to delete the VNIC first and then
delete the subnet.
B. Use OCI CLI to call "network vnic" and "compute
vnic-attachment" operations to find out the parent
resource of the VNIC
C. Copy and paste OCID of the VNIC in the search
box of the OCI Console to find out the parent re-
source of the VNIC.
D. Use OCI CLI to delete the subnet using --force
option
85. Q86 Answer: D

You are trying to troubleshoot the configuration of
your Oracle Cloud Infrastructure (OCI) Load Bal-
ancing service. You have a backend HTTP service
for which you have created a backend set in the
load balancer. You have configured health checks
for the backend set. Although the health checks
appear good, customers sometimes experience
transaction failures.
Which of the following options will definitely lead

to this problem?
39 / 43
A. You are NOT using regional subnets in your
Virtual Cloud Network. With Availability Domain
(AD) specific subnet, the compute instances of the
backend service running in the subnet have issues
when the AD is down.
B. You are using OCI Domain Name System. You
have misconfigured the 'A' record with the wrong
IP address leading to requests not getting routed
correctly.
C. You are using iSCI for block volume attachment
to the compute instances in your backed HTTP
service. TCP/IP configuration of your block volume
attachment is not configured correctly, leading to
issues in your backend service.
D. You are running a TCP-level health check against
your HTTP service. The TCP handshake can suc-
ceed and indicate that the service is up even when
the HTTP service has issues
86. Q87 Answer: C

You are working on the migration of the web
application infrastructure of your company from
on-premises to Oracle Cloud Infrastructure. You
need to ensure that the DNS cache entries of exter-
nal clients will not direct them to the on-premises
infrastructure after switching to the new infrastruc-
ture.
Which of the following options will minimize this
problem?
A. Reduce the TTL of the DNS records after the
switch.
B. Increase the TTL of the DNS records before the
switch.
C. Reduce the TTL of the DNS records before the
switch
D. DNS changes propagate fast enough that it is not
necessary to take any action.
E. Increase the TTL of the DNS records after the
switch
40 / 43
87. Q88 Answer: A
You are working as a security consultant with
a global insurance organization which is using
Microsoft Azure Active Directory as an identity
provider to manage user login/passwords. When a
user logs in to Oracle Cloud Infrastructure (OCI)
console, it should get authenticated by Azure AD.
Which set of steps are required to be configured in

OCI to meet this requirement?
A. Setup Azure AD as an Identity Provider, map
Azure AD groups to OCI groups, set up the IAM
policies to govern access to Azure AD groups
B. Setup Azure AD as an Identity Provider, import
users and groups from Azure AD to OCI, set up IAM
policies to govern access to Azure AD groups.
C. Setup Azure AD as an Enterprise Application,
map Azure AD users, groups and policies to OCI
groups and users.
D. Setup Azure AD as an Enterprise Application,
configure OCI for single sign-on, map Azure AD
groups to OCI groups, set up the IAM policies to
govern access to Azure AD groups
88. Q89 Answer: C

An E-Commerce company wants to deploy their
web application for Oracle Database on Oracle
Cloud Infrastructure (OCI) DB Systems. In compli-
ance with the business continuity program of the
business, they need to provide a Recovery Point
Objective (RPO) of 1 hour and a Recovery Time
Objective (RTO) of 5 minutes. The web application
should be highly available within the region and
meet the RTO and RPO requirements in case of a
region outage.
Which approach is the most suitable and cost ef-

fective configuration for this scenario?
A. Deploy an Autonomous Transaction Process-
41 / 43
ing (Serverless) database in one region and repli-
cate it to an Autonomous Transaction Processing
(Serverless) database in another region using Ora-
cle GoldenGate.
B. Deploy a 1 node VM Oracle database in one
region. Manually Configure a Recovery Manager
(RMAN) database backup schedule to take hourly
database backups. Asynchronously copy the data-
base backups to object storage in another OCI
region. If the primary OCI region is unavailable,
launch a new 1 node VM Database in the other OCI
region and restore the production database from
the backup.
C. Deploy a 2 node Virtual Machine (VM) Oracle
RAC database in one region and replicate the data-
base to a 2 node VM Oracle RAC database in anoth-
er region using a manual setup and configuration
of Oracle Data Guard
D. Deploy a 1 node VM Oracle database in one
region and replicate the database to a 1 node VM
Oracle database in another region using a manual
setup and configuration of Oracle Data Guard
89. Q90 Answer: B

You have been asked to implement a bespoke fi-
nancial application in Oracle Cloud Infrastructure
using virtual machine instances controlled by Au-
toscaling across multiple Availability Domains. The
application stores transaction logs, intermediate
transaction data, and audit data and needs to store
this on a persistent, durable data store accessible
from all of the application servers. The application
requires the file system to be mounted in the /audit
folder on the Linux file system. The system needs
to tolerate the failure of two or more Fault Do-
mains and still maintain data integrity. The solution
should be as low maintenance as possible.
What storage architecture should you suggest?

42 / 43
A. Use locally attached NVMe instances and con-
figure RAID 0 replication between servers.
B. Use File Storage Service(FSS). Configure FSS to
operate from all Availability Domains the applica-
tion servers operate in and mount the file system
in the /audit folder
C. Implement a single instance and install an NFS
server, configure and create an NFS share, and
mount this as /audit on the application instances.
D. Store the data on Oracle Object Storage mount-
ed at the /audit mount point on all the Linux in-
stances using the default mount options
90. Q91 Answer: B
An insurance company is storing critical financial
data in the Oracle Cloud Infrastructure block vol-
ume. This volume is currently encrypted using or-
acle managed keys. Due to regulatory compliance,
the customer wants to encrypt the data using the
keys that they can control and not the keys which
are controlled by Oracle.
What of the following series of tasks are required

to encrypt the block volume using customer man-
aged keys ?
A. Create a master encryption key, create a new
version of the encryption key, decrypt the block
volume using existing oracle managed keys and
encrypt using new version of the encryption key.
B. Create a vault, create a master encryption key in
the vault, assign this master encryption key to the
block volume. (*)
C. Create a master encryption key, create a data
encryption key, decrypt the block volume using
existing oracle managed keys, encrypt the block
volume using the data encryption key.
D. Create a vault, import your master encryption
key into the vault, generate data encryption key,
assign data encryption key to the block volume
43 / 43

OCI Professional 2023

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

OCI Professional 2023

Uploaded by

Copyright:

Available Formats

1Z0-997-22 - Architect Professional

Study online at https://quizlet.com/_cz149y

1. You are designing the network infrastructure for an Answer: A

How should you design your routing configuration

9. On which option do you set Oracle Cloud Infra- Answer: C

10. Q10 Answer: C

11. Q11 Answer: A, C

12. Q12 Answer: A, C

13. Q13 Answer: A

14. Q14 Answer: B, D

15. Q15 Answer: B

16. Q16 Answer: D

18. Q18 Answer: A

19. Q19 Answer: D

20. Q20 Answer: C

22. Q22 Answer: B

23. Q23 Answer: A

24. Q24 Answer: A

25. Q25 Answer: A,C

26. Q26 Answer: B

27. Q27 Answer: A

28. Q28 Answer: A

29. Q29 Answer: A

30. Q30 Answer: C

31. Q31 Answer: C

32. Q32 Answer: C

33. Q33 Answer: A

34. Q34 Answer: C

They cannot afford to have any application down

What is an effective mechanism to migrate the

35. Q35 Answer: B,D

37. Q37 Answer: B, D

39. Q39 Answer: B, D

40. Q40 Answer: B

41. Q41 Answer: A

42. Q42 Answer: A, C

44. Q44 Answer: D

45. Q45 Answer: C

47. Q47 Answer: D

Path Route Set

You need to validate the destination for each of the

Which statement is true?

48. Q48 Answer: C

Fn: Error invoking function. status: 502 message:

Which of the following options is NOT a plausible

49. Q49 Answer: A

Select the statement(s) below that will best define

50. Q50 Answer: C, E

When you are finalizing your block volume backup

51. Q51 Answer: A, C, E

Which three options do you need to implement

52. Q52 Answer: A

Which of the following options is the most likely

53. Q53 Answer: C

Which of the following is a NOT a true statement?

55. Q55 Answer: D

[ { "name": "Archive_doc", "action": "ARCHIVE",

{ "name": "Delete_doc", "action": "DELETE", "ob-

What will happen after this policy is applied?

56. Q56 Answer: A, E

What additional information do you need from cus-

57. Q57 Answer: C

Which OCI feature can be used to achieve this?