Oracle: Question & Answers

Oracle
1Z0-1067-21
Oracle Cloud Infrastructure 2021 Cloud Operations
Associate
QUESTION & ANSWERS
https://www.certsquestions.com/
Exam A
QUESTION 1
You have been asked to ensure that in-transit communication between an Oracle Cloud Infrastructure
(OCI) compute instance and an on-premises server (192.168.10.10/32) is encrypted. The instances
communicate using HTTP. The OCI Virtual Cloud Network (VCN) is connected to the on-premises network
by two separate connections: a Dynamic IPsec VPN tunnel and a FastConnect virtual circuit. No static
configuration has been added.
What solution should you recommend? (Choose the best answer.)
A. The instances will communicate by default over IPsec VPN, which ensures data is encrypted in-transit.
B. Advertise a 192.168.10.10/32 route over the VPN.
C. Advertise a 192.168.10.10/32 router over the FastConnect.
D. The instances will communicate by default over the FastConnect private virtual circuit, which ensures
data is encrypted in-transit.
Correct Answer: D
Explanation/Reference:
Reference: https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/transitrouting.htm
QUESTION 2
You have created a group for several auditors. You assign the following policies to the group:
What actions are the auditors allowed to perform within your tenancy? (Choose the best answer.)
A. The Auditors can view resources in the tenancy.

B. Auditors are able to create new instances in the tenancy.
C. The Auditors are able to delete resource in the tenancy.
D. Auditors are able to view all resources in the compartment.
Correct Answer: D
QUESTION 3
You have a web application running on Oracle Cloud Infrastructure (OCI) that lets users log in with a
username and password. You notice that an attacker has tried to use SQL comment “--" to alter the
database query, remove the password check and log in as a user. You decide to prevent any future
attacks.
Which of the following OCI services or features would you choose to safeguard your application? (Choose
the best answer.)
A. Network Security Group

B. Data Safe
C. Web Application Framework (WAF)
D. Vault
67C0FB1C7E6FD23F99B8574B9B13A75E
Correct Answer: D
QUESTION 4
One of the compute instances that you have deployed on Oracle Cloud Infrastructure (OCI) is
malfunctioning. You have created a console connection to remotely troubleshoot it.
Which two statements about console connections are TRUE? (Choose two.)
A. It is not possible to use VNC console connections to connect to Bare Metal Instances.
B. VNC console connection uses SSH port forwarding to create a secure connection from your local
system to the VNC server attached to your instance’s console.
C. It is not possible to connect to the serial console to an instance running Microsoft Windows, however
VNC console connection can be used.
D. For security purpose, the console connection will not let you edit system configuration files.
E. If you do not disconnect from the session, your serial console connection will automatically be
terminated after 24 hours.
Correct Answer: BE
QUESTION 5
You have created an Autonomous Data Warehouse (ADW) service in your company’s Oracle Cloud
Infrastructure (OCI) tenancy and you now have to load historical data into it. You have already extracted
this historical data from multiple data marts and data warehouses. This data is stored in multiple CSV text
files and these files are ranging in size from 25 MB to 20 GB.
Which is the most efficient and error tolerant method for loading data into ADW? (Choose the best
answer.)
A. Create Auth token, use it to create an object storage credential by executing

DBMS_CLOUD.CREATE_CREDENTIAL, using the web console upload the CSV files to an OCI object
storage bucket, create the tables in the ADW database and then execute DBMS_CLOUD.COPY_DATA
for each CSV file to copy the contents into the corresponding ADW database table.
B. Create the tables in the ADW database and then execute SQL*Loader for each CSV file to load the
contents into the corresponding ADW database table.
C. Create Auth token, use it to create an object storage credential by executing
DBMS_CLOUD.CREATE_CREDENTIAL, using OCI CLI upload the CSV files to an OCI object storage
bucket, create the tables in the ADW database and then execute Data Pump Import for each CSV file
to copy the contents into the corresponding ADW database table.
D. Create Auth token, use it to create an object storage credential by executing
DBMS_CLOUD.CREATE_CREDENTIAL, using OCI CLI upload the CSV files to an OCI object storage
bucket, create the tables in the ADW database and then execute DBMS_CLOUD.COPY_DATA for
each CSV file to copy the contents into the corresponding ADW database table.
Correct Answer: D
QUESTION 6
You are using the Oracle Cloud Infrastructure Command Line Interface to launch a Linux virtual machine.
You enter the following command (with correct values for all parameters):
The command fails.
Which is NOT a valid parameter in this command? (Choose the best answer.)
A. –t <tenancy_id>
B. – –image-id <image_id>
C. – –shape “<shape_name>”
D. –c <compartment_id>
E. – –subnet-id <subnet_id>
Correct Answer: A
QUESTION 7
You have received an email from your manager to provision new resources on Oracle Cloud Infrastructure
(OCI). When researching OCI, you determined that you should use OCI Resource Manager. Since this is a
task that will be done multiple times for development, test, and production. You will need to create a
command that can be re-used.
Which CLI command can be used in this situation? (Choose the best answer.)
A. oci resource-manager stack create ––tenancy–id <tenancy_OCID> \

––config-source prod.zip ––variables file://variables.json \
––display-name Production stack build \
––description Creating new Production environment
B. oci resource-manager stack update ––compartment–id <compartment_OCID> \
––display-name “Production stack build” \
C. oci resource-manager stack create ––compartment–id <compartment_OCID> \
––display-name Production stack build \
D. oci resource-manager stack update ––tenancy–id <tenancy_OCID> \
––display-name “Production stack build” \
Correct Answer: C
QUESTION 8
You are asked to deploy a new application that has been designed to scale horizontally. The business
stakeholders have asked that the application be deployed in us-phoenix-1.
Normal usage requires 2 OCPUs. You expect to have few spikes during the week, that will require up to 4
OCPUs, and a major usage uptick at the end of each month that will require 8 OCPUs.
What is the most cost-effective approach to implement a highly available and scalable solution? (Choose
the best answer.)
A. Create an instance pool with a VM.Standard2.2 shape instance configuration. Setup the autoscaling
configuration to use 2 availability domains and have a minimum of 2 instances, to handle the weekly
spikes, and a maximum of 4 instances.
B. Create an instance with 1 OCPU shape. Use the Resize Instance action to scale up to a larger shape
when more resources are needed.
C. Create an instance with 1 OCPU shape. Use a CLI script to clone it when more resources are needed.
D. Create an instance pool with a VM.Standard2.1 shape instance configuration. Setup the autoscaling
configuration to use 2 availability domains and have a minimum of 2 instances and a maximum of 8
instances.
Correct Answer: A
QUESTION 9
You have been asked to set up connectivity between a client’s on-premises network and Oracle Cloud
Infrastructure (OCI). The requirements are:
Low latency: The applications are financial and require low latency connectivity into OCI.
Consistency: The application isn’t tolerant of performance variation.
Performance: The communications link needs to support up to 1.25 Gbps.
Encryption: The communications link needs to encrypt any data in transit between the on-premises
network and OCI Virtual Cloud Network (VCN).
The client wants to implement the above with as low a cost as possible, while meeting all of the
requirements. What should you suggest? (Choose the best answer.)
A. Provision FastConnect with a single private virtual circuit, and run an IPsec VPN tunnel over the top of
this virtual circuit.
B. Provision FastConnect with a single public virtual circuit.
C. Provision a site-to-site IPsec VPN between your on-premises network and your virtual cloud network
(VCN) using VPN Connect.
D. Provision FastConnect with a single private virtual circuit.
E. Provision FastConnect with a single public virtual circuit, and run an IPsec VPN tunnel over the top of
this virtual circuit.
Correct Answer: D
Reference: https://docs.oracle.com/en-us/iaas/Content/Network/Concepts/fastconnectoverview.htm
QUESTION 10
Which two statements about the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI) are
TRUE? (Choose two.)
A. You can run CLI commands from inside OCI Regions only.
B. You can filter CLI output using the JMESPath query option for JSON.
C. The CLI provides an automatic way to connect with instances provisioned on OCI.
D. The CLI allows you to use the Python language to interact with OCI APIs.
E. The CLI provides the same core functionality as the Console, plus additional commands.
Correct Answer: BE
QUESTION 11
You have a Linux compute instance located in a public subnet in a VCN which hosts a web application. The
security list attached to subnet containing the compute instance has the following stateful ingress rule.
The Route table attached to the Public subnet is shown below. You can establish an SSH connection into
the compute instance from the internet. However, you are not able to connect to the web server using your
web browser.
Which step will resolve the issue? (Choose the best answer.)
A. In the route table, add a rule for your default traffic to be routed to NAT gateway.
B. In the security list, add an ingress rule for port 80 (http).
C. In the security list, remove the ssh rule.
D. In the route table, add a rule for your default traffic to be routed to service gateway.
Correct Answer: D
QUESTION 12
Your company recently adopted a hybrid cloud architecture which requires them to migrate some of their
on-premises web applications to Oracle Cloud Infrastructure (OCI). You created a Terraform template
which automatically provisions OCI resources such as compute instances, load balancer, and a database
instance. After running the stack using the terraform apply command, it successfully launched the
compute instances and the load balancer, but it failed to create a new database instance with the following
error:
Service error: NotAuthorizedOrNotFound. shape VM.Standard2.4 not found. http

status code: 404
You discovered that the resource quotas assigned to your compartment prevent you from using
VM.Standard2.4 instance shapes available in your tenancy. You edit the Terraform script and replace the
shape with VM.Standard2.2
Which option would you recommend to re-run the terraform command to have required OCI resources
provisioned with the least effort? (Choose the best answer.)
A. terraform plan –target=oci_database_db_system.db_system

B. terraform apply –auto-approve
C. terraform refresh –target=oci_database_db_system.db_system
D. terraform apply –target=oci_database_db_system.db_system
Correct Answer: D
QUESTION 13
You have been monitoring your company’s applications running in Oracle Cloud Infrastructure (OCI) and
notice that the application is using OCI Traffic Management service. This service uses a traffic steering
policy to distribute the DNS traffic based on subnet addresses in a rule set.
Which steering policy is in use in this particular case? (Choose the best answer.)
A. Load Balancing policy

B. Geolocation steering
C. ASN steering policy
D. IP Prefix steering
Correct Answer: C
Reference: https://k21academy.com/1z0-997/traffic-management-in-oci/
QUESTION 14
You have the following compartment structure within your company’s Oracle Cloud Infrastructure (OCI)
tenancy:
You want to create a policy in the root compartment to allow SystemAdmins to manage VCNs only in
CompartmentC.
Which policy is correct? (Choose the best answer.)
A. Allow group SystemAdmins to manage virtual-network-family in compartment

CompartmentB:CompartmentC
B. Allow group SystemAdmins to manage virtual-network-family in compartment
Root
C. Allow group SystemAdmins to manage virtual-network-family in compartment
CompartmentA:CompartmentB:CompartmentC
D. Allow group SystemAdmins to manage virtual-network-family in compartment
CompartmentC
Correct Answer: D
Reference: https://docs.oracle.com/en-us/iaas/Content/Identity/Concepts/policies.htm
QUESTION 15
Which option contains the essential components of the Oracle Cloud Infrastructure Notifications service?
(Choose the best answer.)
A. An ALARM with a name unique across the tenancy, a SUBSCRIPTION, and a METRIC with the
measurement of interest.
B. A TOPIC with a name unique across the tenancy, a SUBSCRIPTION, and a MESSAGE where content is
published.
C. A TOPIC with a name unique across the compartment, a SUBSCRIPTION, and a MESSAGE where
content is published.
D. An ALARM with a name unique across the compartment, a SUBSCRIPTION, and a METRIC with the
measurement of interest.
Correct Answer: D
QUESTION 16
You run a large global application with 90% of customers based in the US and Canada. You want to be
able to test a new feature and allow a small percentage of users to access the new version of your
application.
What Oracle Cloud Infrastructure Traffic Management steering policy should you utilize? (Choose the best
answer.)
A. Load Balancer
B. IP Prefix steering
C. ASN steering
D. Geolocation steering
Correct Answer: D
Reference: https://docs.oracle.com/en-us/iaas/Content/TrafficManagement/Tasks/trafficmanagement.htm
QUESTION 17
Which two statements are TRUE about Object Storage data security and encryption in Oracle Cloud
Infrastructure (OCI)? (Choose two.)
A. Client-side encryption is managed by the customer.

B. Data needs to be decrypted on the client side before retrieving it.
C. OCI Vault Management is used by default to provide data security.
D. All traffic to and from Object Storage service is encrypted using TLS.
E. A VPN connection to OCI is required to ensure secure data transfer to an object storage bucket.
Correct Answer: AD
QUESTION 18
You are using Oracle Cloud Infrastructure (OCI) console to set up an alarm on a budget to track your OCI
spending.
Which two are valid targets for creating a budget in OCI? (Choose two.)
A. Select group as the type of target for your budget.

B. Select Tenancy as the type of target for your budget.
C. Select user as the type of target for your budget.
D. Select Cost-Tracking Tags as the type of target for your budget.
E. Select Compartment as the type of target for your budget.
Correct Answer: DE
QUESTION 19
Your application is using an Object Storage bucket named app-data in the namespace vision, to store
both persistent and temporary data. Every week all the temporary data should be deleted to limit the
storage consumption.
Currently you need to navigate to the Object Storage page using the web console, select the appropriate
bucket to view all the objects and delete the temporary ones.
To simplify the task you have configured the application to save all the temporary data with /temp prefix.
You have also decided to use the Command Line Interface (CLI) to perform this operation.
What is the command you should use to speed up the data cleanup? (Choose the best answer.)
A. oci os object delete –ns vision –bn app–data ––prefix /temp

B. oci os object bulk-delete –ns vision –bn app–data ––prefix /temp ––force
C. oci objectstorage bulk–delete –ns vision –bn app–data ––prefix /temp ––force
D. oci os object delete app-data in vision where prefix = /temp
Correct Answer: B
QUESTION 20
Your company has restructured its HR departments. As part of this change, you also need to re-organize
compartments within Oracle Cloud Infrastructure (OCI) to align them to the company’s new organizational
structure. The following change is required:
Compartment Team_x needs to be moved under a new parent compartment, Project_B
The tenancy has the following policies defined for compartments Project_A and Project_B:
Policy1: Allow group G1 to manage instance-family in compartment HR:Project_A
Policy2: Allow group G2 to manage instance-family in compartment HR:Project_B
Which two statements describe the impacts after the compartment Team_x is moved? (Choose two.)
A. Group G2 can now manage instance-families in compartment Project_B and compartment Team_X
B. Group G1 can now manage instance-families in compartment Project_A, compartment Project_B
and compartment Team_X
C. Group G1 can now manage instance-families in compartment Project_A but not in compartment
Team_x
D. Group G2 can now manage instance-families in compartment Project_A but not in compartment
Team_x
E. Group G2 can now manage instance-families in compartment Project_B, compartment Project_A
and compartment Team_X
Correct Answer: AC
QUESTION 21
You have been contracted by a local e-commerce company to assist with enhancing their online shopping
application. The application is currently deployed in a single Oracle Cloud Infrastructure (OCI) region. The
application utilizes a public load balancer, application servers in a private subnet, and a database in a
separate, private subnet.
The company would like to deploy another set of similar infrastructure in a different OCI region that will act
as standby site. In the event of a failure at the primary site, all customers should be routed to the failover
site automatically.
After deploying the additional infrastructure within the second region, how should you configure automated
failover requirements? (Choose the best answer.)
A. Create a load balancer policy in the Traffic Management service. Configure one answer for each site.
Set the answer for the primary site with a weight of 10 and the answer for the secondary site with a
weight of 100.
B. Create a new A record in DNS that points to the public load balancer at the secondary site. Create a
CNAME for the sub-domain failover that will resolve to the new A record. Inform customers to prepend
the website URL with failover if the primary site is unavailable.
C. Create a failover policy in the Traffic Management service. Set the IP address of the public load
balancer for the primary site in answer pool 1. Set the IP address of the public load balancer for the
secondary site in answer pool 2. Define a health check to monitor both sites.
D. Deploy a new load balancer in the primary region. Create one backend set for the primary application
servers and a second backend set for the standby application servers. Create a listener for the primary
backend set with a timeout of 3 minutes. Create a listener for the secondary backend set with a timeout
of 10 minutes.
Correct Answer: D
QUESTION 22
You have recently been asked to take over management of your company’s infrastructure provisioning
efforts, utilizing Terraform v0.12 to provision and manage infrastructure resources in Oracle Cloud
Infrastructure (OCI). For the past few days the development environments have been failing to provision.
Terraform returns the following error:
You locate the related code block in the Terraform config and find the following:
Which correction should you make to solve this issue? (Choose the best answer.)
A. Place a command at the end of line 16

B. Modify line 15 to be the following:
tcp_options = {min = “22”, max = “22”)
C. Modify line 15 to be the following:
tcp_options {
min = “22”
max = “22”
}
D. Replace the curly braces ‘{ }’ in lines 11 and 16 with square braces ‘[ ]’
Correct Answer: B
QUESTION 23
Here is a partial code from a Terraform template written for Oracle Cloud Infrastructure (OCI):
What operation(s) does it perform? (Choose the best answer.)
A. Provides object read and write access for an OCI Object Storage bucket.
B. Creates a pre-authenticated request for objects in an OCI Object Storage bucket.
C. Creates a URL to provide access to an OCI Object Storage bucket for managing objects.
D. Creates a lifecycle policy for an OCI Object Storage bucket for moving data to Archival storage at a
specified time.
Correct Answer: A
QUESTION 24
Your customer is running a set of compute instances inside a private subnet to manage their workloads on
Oracle Cloud Infrastructure (OCI) tenancy. You have set up auto scaling feature to provide consistent
performance to their end users during period of high demand.
Which step should be met for auto scaling to work? (Choose the best answer.)
A. OS Management Service agent (osms) must be installed on the instances.

B. Audit logs for the instances should be enabled.
C. Service gateway should be setup to allow instances to send metrics to monitoring service.
D. Monitoring for the instances should not be enabled.
Correct Answer: B
Reference: https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/autoscalinginstancepools.htm
QUESTION 25
You are working with Terraform on your laptop and have been tasked with spinning up multiple compute
instances in Oracle Cloud Infrastructure (OCI) for a project. In addition, you are also required to collect IP
addresses of provisioned instances and write them to a file and save it in your laptop.
Which specific Terraform functionality can help accomplish this task? (Choose the best answer.)
A. Terraform modules
B. Terraform remote state
C. Terraform local-exec
D. Terraform remote-exec
Correct Answer: A
QUESTION 26
You have created a geolocation steering policy in the Oracle Cloud Infrastructure (OCI) Traffic
Management service, with this configuration:
What happens to requests that originate in Africa? (Choose the best answer.)
A. The traffic will be forwarded at the same time to both Pool 1 and Pool 2.
B. The traffic will be dropped.
C. The traffic will be forwarded randomly to any of the pools mentioned in the rules.
D. The traffic will be forwarded to Pool 1. If Pool 1 is not available, then it will be forwarded to Pool 2.
Correct Answer: D
QUESTION 27
One of your development teams has asked for your help to standardize the creation of several compute
instances that must be provisioned each day of the week. You initially write several Command Line
Interface (CLI) commands with all appropriate configuration parameters to achieve this task later
determining this method lacks flexibility.
Which command generates a JSON-based template that Oracle Cloud Infrastructure (OCI) CLI can use to
provision these instances on a regular basis? (Choose the best answer.)
A. oci compute instance create – –generate–cli–skeleton

B. oci compute instance launch – –generate–cli–skeleton
C. oci compute provision–instance – –generate–full–command–json–input
D. oci compute instance launch – –generate–full–command–json–input
Correct Answer: D
Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliusing.htm
QUESTION 28
A developer has created a file system in Oracle Cloud Infrastructure (OCI) File Storage service. She
launches an Oracle Linux compute instance and successfully mounts the file system from the instance.
She then tries writing to the file system from the compute instance using the following command:
touch /mnt/yourmountpoint/helloworld
But gets an error message:
touch: cannot touch ‘/mnt/yourmountpoint/helloworrld’: Permission denied
Which is a reason for this error? (Choose the best answer.)
A. ‘touch’ command is not available in Oracle Linux by default.

B. Service limits or quota for file system writes have been breached.
C. User is not part of any OCI Identity and Access Management group with write permissions to File
Storage service.
D. User is connecting as the default Oracle Linux user ‘opc’ instead of ‘root’ user.
Correct Answer: C
Explanation
Reference: https://itectec.com/unixlinux/touch-cannot-touch-test-permission-denied/
QUESTION 29
You have recently joined a startup company and quickly find that nobody is tracking the amount of money
spent on Oracle Cloud Infrastructure (OCI). Seeing an opportunity to help save money you begin creating a
solution to better track the cost of resources provisioned by each individual on the team.
Which option allows you to identify excessive spend across all resources in your tenancy? (Choose the
best answer.)
A. Use the Python SDK to write a custom application that will monitor the Audit log. Look for CREATE
events and configure the application to send you an email each time a new resource is created.
B. Create a tag namespace named BILLING with a Tag Key named CostCenter. Tag each of your
resources with this Tag Key and the correct value.
C. Use the Events Service and create rules that will act when a new Object Storage bucket or Compute
Instance has been created. Have the rule email you each time one of these events occurs.
D. Create a budget for each compartment that will send a notification when monthly spend reaches a pre-
defined amount.
Correct Answer: D
Reference: https://blogs.oracle.com/cloud-infrastructure/how-to-get-control-of-your-spending-in-oracle-
cloud-infrastructure
QUESTION 30
You have been asked to review a network design for Oracle Cloud Infrastructure (OCI) by a major client.
The client’s IT team needs to provision two Virtual Cloud Networks (VCNs) for a major application. The
application uses a large number of virtual machine instances. Additionally, in the future, a VCN peering will
be required to allow connectivity between the VCNs.
Which of the following are valid IP ranges to consider? (Choose the best answer.)
A. 10.0.0.0/30 and 192.168.0.0/30

B. 10.0.0.0/8 and 11.0.0.0/8
C. 10.0.8.0/21 and 10.0.16.0/22
D. 10.0.0.0/16 and 10.0.64.0/24
Correct Answer: D
Reference: https://blogs.oracle.com/developers/setting-up-a-virtual-cloud-network-vcn-in-oracle-cloud-
infrastructure
QUESTION 31
You have created the following JSON file to specify a lifecycle policy for one of your object storage buckets:
How will this policy affect the objects that are stored in the bucket? (Choose the best answer.)
A. Objects with the prefix “LOGS” will be retained for 120 days and then deleted permanently.
B. Objects containing the name prefix LOGS will be automatically migrated from standard Storage to
Archive storage 30 days after the creation date. The object will be deleted 120 days after creation.
C. The objects with prefix “LOGS” will be deleted 30 days after creation date.
D. Objects containing the name prefix LOGS will be automatically migrated from standard Storage to
Archive storage 30 days after the creation date. The object will be migrated back to standard Storage
120 days after creation.
Correct Answer: B
QUESTION 32
You have set an alarm to be generated when the CPU usage of a specified instance is greater than 10%.
In the alarm behavior view below you notice that the critical condition happened around 23:30. You were
expecting a notification after 1 minute, however, the alarm firing state did not begin until 23:33.
What should you change to fix it? (Choose the best answer.)
A. Change the alarm’s metric interval to 1.

B. Change the alarm condition to be grater than 3%.
C. Change the notification topic that you previously associated with the alarm.
D. Change the alarm’s trigger delay minutes value to 1.
Correct Answer: D
QUESTION 33
You have ordered two FastConnect connections that provide a high availability connection architecture
between your on-premises data center and Oracle Cloud Infrastructure (OCI). You want to run these
connections in an ACTIVE/PASSIVE architecture.
How can you accomplish this? (Choose the best answer.)
A. Decrease the prefix length of AS for the FastConnect you want to use as PASSIVE connection.
B. Enable BGP on the FastConnect that you want as the ACTIVE connection.
C. Use AS PATH prepending with your routes.
D. Adjust one of the connections to have a higher ASN.
Correct Answer: C
Reference: https://docs.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/connectivity-
redundancy-guide.pdf (5)
QUESTION 34
The boot volume on your Oracle Linux instance has run out of space. Your application has crashed due to
a lack of swap space, forcing you to increase the size of the boot volume.
Which step should NOT be included in the process used to solve the issue? (Choose the best answer.)
A. Reattach the boot volume and restart the instance.

B. Attach the resized boot volume to a second instance as a data volume; extend the partition and grow
the file system in the resized boot volume.
C. Stop the instance and detach the boot volume.
D. Resize the boot volume by specifying a larger value than the boot volume’s current size.
E. Create a RAID 0 configuration to extend the boot volume file system onto another block volume.
Correct Answer: B
QUESTION 35
You launched a Linux compute instance to host the new version of your company website via Apache Httpd
server on HTTPS (port 443). The instance is created in a public subnet along with other instances. The
default security list associated to the subnet is:
You want to allow access to the company website from public internet without exposing websites eventually
hosted on the other instances in the public subnet.
Which action would you take to accomplish the task? (Choose the best answer.)
A. Create a network security group, add a stateful rule to allow ingress access on port 443 and associate it
to the public subnet that hosts the company website.
B. In default security list, add a stateful rule to allow ingress access on port 443.
C. Create a new security list with a stateful rule to allow ingress access on port 443 and associate it to the
public subnet.
D. Create a network security group, add a stateful rule to allow ingress access on port 443 and associate it
to the instance that hosts the company website.
Correct Answer: D
QUESTION 36
You are using Oracle Cloud Infrastructure (OCI) services across several regions: us-phoenix-1, us-
ashburn-1, uk-london-1 and ap-tokyo-1. You have creates a separate administrator group for each region:
PHX-Admins, ASH-Admins, LHR-Admins and NRT-Admins, respectively.
You want to restrict admin access to a specific region. E.g., PHX-Admins should be able to manage all
resources in the us-phoenix-1 region only and not any other OCI regions.
What IAM policy syntax is required to restrict PHX-Admins to manage OCI resources in the us-phoenix-1
region only? (Choose the best answer.)
A. Allow group PHX-Admins to manage all-resources in tenancy where

request.region= ‘phx’
B. Allow group PHX-Admins to manage all-resources in tenancy where
request.permission= ‘phx’
C. Allow group PHX-Admins to manage all-resources in tenancy where
request.target= ‘phx’
D. Allow group PHX-Admins to manage all-resources in tenancy where
request.location= ‘phx’
Correct Answer: A
QUESTION 37
You created an Oracle Linux compute instance through the Oracle Cloud Infrastructure (OCI) management
console then immediately realize you forgot to add an SSH key file. You notice that OCI compute service
provides instance console connections that supports adding SSH keys for a running instance. Hence, you
created the console connection for your Linux server and activated it using the connection string provided.
However, now you get prompted for a username and password to login.
What option should you recommend to add the SSH key to your running instance, while minimizing the
administrative overhead? (Choose the best answer.)
A. You need to configure the boot loader to use ttyS0 as a console terminal on the VM.
B. You need to terminate the running instance and recreate it by providing the SSH key file.
C. You need to reboot the instance from the console, boot into the bash shell in maintenance mode, and
add SSH keys for the opc user.
D. You need to modify the serial console connection string to include the identity file flag, –i to specify the
SSH key to use.
Correct Answer: D
Reference: https://docs.oracle.com/en-us/iaas/Content/Compute/References/serialconsole.htm
QUESTION 38
You are launching a Windows server in your Oracle Cloud Infrastructure (OCI) tenancy. You provided a
startup script during instance initialization, but it was not executed successfully.
What is a possible reason for this error? (Choose the best answer.)
A. Didn’t include anything in user_data.

B. Wrote a custom script which tried to install GPU drivers.
C. Ran a cloudbase-init script instead of cloud-init.
D. Specified a #directive on the first line of your script.
Correct Answer: C
Reference: https://blogs.oracle.com/cloud-infrastructure/windows-custom-startup-scripts-and-cloud-init-on-
oracle-cloud-infrastructure
QUESTION 39
You have been asked to update the lifecycle policy for object storage using the Oracle Cloud Infrastructure
(OCI) Command Line Interface (CLI).
Which command can successfully update the policy? (Choose the best answer.)
A. oci os object-lifecycle-policy delete –ns <object_storage_namespace> –bn <bucket_name>

B. oci os object-lifecycle-policy put –ns <object_storage_namespace> –bn <bucket_name>
C. oci os object-lifecycle-policy put –ns <object_storage_namespace> –bn <bucket_name> – –items
<json_formatted_lifecycle_policy>
D. oci os object-lifecycle-policy get –ns <object_storage_namespace> –bn <bucket_name>
Correct Answer: C
QUESTION 40
Which statement about Oracle Cloud Infrastructure paravirtualized block volume attachments is TRUE?
A. Paravirtualized volumes may reduce the maximum IOPS performance for larger block volumes.
B. Paravirtualized is required to manage iSCSI configuration for virtual machine instances.
C. Paravirtualized volumes become immediately available on bare metal compute instances.
D. Paravirtualization utilizes the internal storage stack of compute instance OS and network hardware
virtualization to access block volumes.
Correct Answer: A
Reference: https://blogs.oracle.com/cloud-infrastructure/paravirtualized-block-volume-attachments-for-vms
QUESTION 41
Multiple teams are sharing a tenancy in Oracle Cloud Infrastructure (OCI). You are asked to figure out an
appropriate method to manage OCI costs.
Which is NOT a valid technique to accurately attribute costs to resources used by each team? (Choose the
best answer.)
A. Create a Cost-Tracking tag. Apply this tag to all resources with team information. Use the OCI cost
analysis tools to filter costs by tags.
B. Create separate compartment for each team. Use the OCI cost analysis tools to filter costs by
compartment.
C. Create an Identity and Access Management (IAM) group for each team. Create an OCI budget for each
group to track spending.
D. Define and use tags for resources used by each team. Analyze usage data from the OCI Usage Report
which has detailed information about resources and tags.
Correct Answer: C
QUESTION 42
You have been asked to investigate a potential security risk on your company’s Oracle Cloud Infrastructure
(OCI) tenancy. You decide to start by looking through the audit logs for suspicious activity.
How can you retrieve the audit logs using the OCI Command Line Interface (CLI)? (Choose the best
answer.)
A. oci audit event list –-end-time $end-time –-compartment-id $compartment-id

B. oci audit event list –-start-time $start-time –-compartment-id $compartment-
id
C. oci audit event list –-start-time $start-time –-end-time $end-time –-
compartment-id $compartment-id
D. oci audit event list –-start-time $start-time –-end-time $end–time –-
tenancy-id $tenancy–id
Correct Answer: C
QUESTION 43
Your deployment platform within Oracle Cloud Infrastructure (OCI) leverages a compute instance with
multiple block volumes attached. There are multiple teams that use the same compute instance and have
access to these block volumes. You want to ensure that no one accidentally deletes any of these block
volumes. You have started to construct the following IAM policy but need to determine which permissions
should be used.
allow group DeploymentUsers to manage volume-family where ANY

{ request.permission != <???>, request.permission != <???>, request.permission
!= <???> }
Which permissions can you use in place of <???> in this policy? (Choose the best answer.)
A. VOLUME_DELETE, VOLUME_ATTACHMENT_DELETE, VOLUME_BACKUP_DELETE

B. VOLUME_ERASE, VOLUME_ATTACHMENT_ERASE, VOLUME_BACKUP_ERASE
C. ERASE_VOLUME, ERASE_VOLUME_ATTACHMENT, ERASE_VOLUME_BACKUP
D. DELETE_VOLUME, DELETE_VOLUME_ATTACHMENT, DELETE_VOLUME_BACKUP
Correct Answer: A
QUESTION 44
You have a group pf developers who launch multiple VM.Standard2.2 compute instances every day into the
compartment Dev. As a result, your OCI tenancy quickly hit the service limit for this shape. Other groups
can no longer create new instances using VM.Standard2.2 shape.
Because of this, your company has issued a new mandate that the Dev compartment must include a quota
to allow for use of only 20 VM.Standard2.2 shapes per Availability Domain. Your solution should not affect
any other compartment in the tenancy.
Which quota statement should be used to implement this new requirement? (Choose the best answer.)
A. set compute quota vm-standard2–2count to 10 in compartment dev where

request.region = us-phoenix–1
B. set compute quota vm-standard2–2–count to 20 in compartment dev
C. zero compute quotas in tenancy
set compute quota vm–standard2–2–count to 20 in compartment dev
D. zero compute quotas in tenancy
set compute quota vm–standard2–2–count to 20 in tenancy dev
Correct Answer: A
QUESTION 45
You set up a bastion host in your VCN to only allow your IP address (140.19.2.140) to establish SSH
connections to your Compute Instances that are deployed in a private subnet. The Compute Instances
have an attached Network Security Group with a Source Type: Network Security Group (NSG),
Source NSG: NSG-050504. To secure the bastion host, you added the following ingress rules to its
Network Security Group:
However, after checking the bastion host logs, you discovered that there are IP addresses other than your
own that can access your bastion host.
What is the root cause of this issue? (Choose the best answer.)
A. The Security List allows access to all IP address which overrides the Network Security Group ingress
rules.
B. All compute instances associated with NSG-050504 are also able to connect to the bastion host.
C. The port 22 provides unrestricted access to 140.19.2.140 and to other IP address.
D. A netmask of /32 allows all IP address in the 140.19.2.0 network, other than your IP
140.19.2.140
Correct Answer: B
QUESTION 46
You are asked to implement the disaster recovery (DR) and business continuity requirements for Oracle
Cloud Infrastructure (OCI) Block Volumes. Two OCI regions being used: a primary/source region and a
DR/destination region. The requirements are:
There should be a copy of data in the destination region to use if a region-wide disaster occurs in the
source region
Minimize costs
Which design will help you meet these requirements? (Choose the best answer.)
A. Clone block volumes. Use Object Storage lifecycle management to automatically move clone objects to
Archive Storage. Copy Archive Storage buckets from source region to destination at regular intervals.
B. Clone block volumes. Copy block volume clones from source region to destination region at regular
intervals.
C. Back up block volumes. Copy block volume backups from source region to destination region at regular
intervals.
D. Back up block volumes. Use Object Storage lifecycle management to automatically move backup
objects to Archive Storage. Copy Archive Storage buckets from source region to destination at regular
intervals.
Correct Answer: D
QUESTION 47
A subscriber of an Oracle Cloud Infrastructure (OCI) Notifications service topic complained about not
receiving messages from the service.
Which option can help you debug this issue? (Choose the best answer.)
A. If OCI Notifications service does not receive an acknowledgement from a subscription endpoint, the
service drops the message. Confirm that the subscriber is always online to receive messages to help
debug the issue.
B. If OCI Notifications service does not receive an acknowledgement from a subscription endpoint, check
the NumberOfNotificationFailed metric through the OCI Monitoring service for failed messages.
Copy these messages to an OCI Object Storage bucket. Make sure the subscriber has the required
credentials to access this bucket to help debug the issue.
C. If OCI Notifications service does not receive an acknowledgement from a subscription endpoint, the
service tries to redeliver messages for up to one day. Make sure that the subscriber is online at least
once a day to help debug the issue.
D. If OCI Notifications service does not receive an acknowledgement from a subscription endpoint, the
service tries to redeliver messages for up to two hours. Configure an alarm on the
NumberOfNotificationFailed metric through the OCI Monitoring service to help debug the issue.
Correct Answer: D
QUESTION 48
Which technique does NOT help you get the optimal performance out of the Oracle Cloud Infrastructure
(OCI) File Storage service? (Choose the best answer.)
A. Limit access to the same Availability Domain (AD) as the File Storage service where possible.
B. Serialize operations to the file system to access consecutive blocks as much as possible.
C. Right size compute instances from where file system is accessed based on their network capacity.
D. Increase concurrency by using multiple threads, multiple clients, and multiple mount targets.
Correct Answer: D
Reference: https://www.oracle.com/a/ocom/docs/cloud/file-storage-performance-guide.pdf (6)
QUESTION 49
What is a key benefit of using Oracle Cloud Infrastructure’s Resource Manager for your Terraform
provisioning and management activities? (Choose the best answer.)
A. You can use Resource Manager to apply patches to all existing Oracle Linux interfaces in a specified
compartment.
B. Resource Manager has administrative privileges by design. Even if your IAM user does not have
access, you can leverage Resource Manager to provision new resources to any compartment in the
Tenancy.
C. You can use Resource Manager to identify and maintain an inventory of all Compute and Database
instances across your tenancy.
D. Resource Manager manages to Terraform state file for your infrastructure and locks the file so that only
one job at a time can run on a given stack.
Correct Answer: D
Reference: https://docs.oracle.com/en-us/iaas/Content/ResourceManager/Concepts/
samplecomputeinstance.htm
QUESTION 50
Recently, your e-commerce web application has been receiving significantly more traffic than usual. Users
are reporting they often encounter a 503 Service Error when trying to access your site. Sometimes the site
is very slow.
You check your instance pool configuration to confirm that the maximum number of instances is configured
to allow 20 compute instances. Currently, 14 compute instances have been provisioned by the instance
pool. You also confirm that current CPU utilization across all hosts exceeds the scale-out threshold you set
in your auto-scaling policy. However, the instance pool is not provisioning any new instances.
What can you check to determine why the application is NOT functioning properly? (Choose the best
answer.)
A. Verify that the new offer feature code did not introduce any performance bugs.
B. Verify that the database is accessible.
C. Verify that the compute resource quota has not been exceeded.
D. Verify that the Quality Assurance team is not currently performing load-testing against production.
Correct Answer: C
QUESTION 51
You have a 750 MIB file in an Oracle Cloud Infrastructure (OCI) Object Storage bucket. You want to
download the file in multiple parts to speed up the download using the OCI CLI. You also want to configure
each part size to be 128 MIB.
Which is the correct OCI CLI command for this operation? (Choose the best answer.)
A. oci os object get –ns my–namespace –bn my–bucket ––name my–large–object ––

multipart–download–threshold 750 ––parallel–download–count 128
B. oci os object download –ns my–namespace –bn my–bucket ––name my–large–object
––multipart–download–threshold 750 ––parallel–download–count 128
C. oci os object download –ns my–namespace –bn my–bucket ––name my–large–object
––resume–put ––multipart–download–threshold 500 ––part–size 128
D. oci os object get –ns my–namespace –bn my–bucket ––name my–large–object ––
multipart–download–threshold 500 ––part–size 128
Correct Answer: D
Reference: https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/cliusing.htm
QUESTION 52
Security Testing Policy describes when and how you may conduct certain types of security testing of Oracle
Cloud Services, including vulnerability and penetration tests, as well as tests involving data scraping tools.
What does Oracle allow as part of this testing? (Choose the best answer.)
A. Customers are allowed to use their own testing and monitoring tools.
B. Customers can simulate DoS attack scenarios as long as it’s restricted to the customer’s own
environment.
C. Customers can validate that their network resources are isolated from other customer resources.
D. Customers are allowed to test Oracle Cloud Infrastructure (OCI) hardware related to resources in their
tenancy.
Correct Answer: D
Reference: https://docs.oracle.com/en-us/iaas/Content/Security/Concepts/security_testing-policy.htm
QUESTION 53
You are working as a Cloud Operations Administrator for your company. They have different Oracle Cloud
Infrastructure (OCI) tenancies for development and production workloads. Each tenancy has resources in
two regions – uk-london-1 and eu-frankfurt-1. You are asked to manage all resources and to automate all
the tasks using OCI Command Line Interface (CLI).
Which is the most efficient method to manage multiple environments using OCI CLI? (Choose the best
answer.)
A. Use OCI CLI profiles to create multiple sets of credentials in your config file, and reference the
appropriate profile at runtime.
B. Create environment variables for the sets of credentials that align to each combination of tenancy,
region, and environment.
C. Run oci setup config to create new credentials for each environment every time you want to
access the environment.
D. Use different bash terminals for each environment.
Correct Answer: B
QUESTION 54
Your team implemented a SaaS application that requires a whole system deployment for each new
customer. The infrastructure provisioning is already automated via Terraform, and now you have been
asked to develop an Ansible playbook to centralize configuration file management and deployment.
What is the most effective way to ensure your playbooks are utilizing up-to-date and accurate inventory?
A. Export an inventory list from the Oracle Cloud Infrastructure Web console.
B. Export an inventory list using Terraform apply command.
C. Implement a Command Line Interface script to list all the resources and run it within Ansible to generate
a dynamic inventory list.
D. Download the dynamic inventory script provided by Oracle Cloud Infrastructure and include it in the
playbook invocation command.
Correct Answer: D
QUESTION 55
An insurance company has contracted you to help automate their application business continuity plan. They
have the application running in eu-frankfurt-1 as the primary site and uk-london-1 as a disaster recovery
site. Normally they have a DNS A record associated with the IP address of the primary endpoint in eu-
frankfurt-1. In the event of a disaster, they use OCI DNS Zone Management to update the A record and
replace it with the IP address of the endpoint in uk-londond-1.
How can you automate the failover process? (Choose the best answer.)
A. Create a Health Check that evaluates both regional endpoints. Create a Traffic Management Steering
policy with Failover type and associate it with the Health Check.
B. Create a Traffic Management Steering policy with Load Balancer type and add both eu-frankfurt-1 and
uk-london-1 endpoints. Attach the Traffic Management Steering policy to the A record.
C. Provision a Load Balancer in Frankfurt and associate it with the A record in DNS. Create a backend set
with backend servers from both eu-frankfurt-1 and uk-london-1 regions.
D. Create a Traffic Management Steering policy and attach it to a backend servers from both eu-frankfurt-
1 and uk-london-1 regions.
Correct Answer: B
QUESTION 56
You are launching a Windows server in your Oracle Cloud Infrastructure (OCI) tenancy. You provided a
startup script during instance initialization, but it was not executed successfully.
What is a possible reason for this error? (Choose the best answer.)
A. Didn’t include anything in user_data.

B. Wrote a custom script which tried to install GPU drivers.
C. Ran a cloudbase-init script instead of cloud-init.
D. Specified a #directive on the first line of your script.
Correct Answer: C

Oracle: Question & Answers

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Oracle: Question & Answers

Uploaded by

Copyright:

Available Formats

Oracle

QUESTION & ANSWERS

What solution should you recommend? (Choose the best answer.)

A. The Auditors can view resources in the tenancy.

A. Network Security Group

A. Create Auth token, use it to create an object storage credential by executing

The command fails.

A. oci resource-manager stack create ––tenancy–id <tenancy_OCID> \

Service error: NotAuthorizedOrNotFound. shape VM.Standard2.4 not found. http

A. terraform plan –target=oci_database_db_system.db_system

A. Load Balancing policy

Which policy is correct? (Choose the best answer.)

A. Allow group SystemAdmins to manage virtual-network-family in compartment

A. Client-side encryption is managed by the customer.

A. Select group as the type of target for your budget.

A. oci os object delete –ns vision –bn app–data ––prefix /temp

Compartment Team_x needs to be moved under a new parent compartment, Project_B

Policy1: Allow group G1 to manage instance-family in compartment HR:Project_A

Policy2: Allow group G2 to manage instance-family in compartment HR:Project_B

A. Place a command at the end of line 16

A. OS Management Service agent (osms) must be installed on the instances.

A. oci compute instance create – –generate–cli–skeleton

But gets an error message:

touch: cannot touch ‘/mnt/yourmountpoint/helloworrld’: Permission denied

Which is a reason for this error? (Choose the best answer.)

A. ‘touch’ command is not available in Oracle Linux by default.

A. 10.0.0.0/30 and 192.168.0.0/30

A. Change the alarm’s metric interval to 1.

How can you accomplish this? (Choose the best answer.)

A. Reattach the boot volume and restart the instance.

A. Allow group PHX-Admins to manage all-resources in tenancy where

A. Didn’t include anything in user_data.

A. oci os object-lifecycle-policy delete –ns <object_storage_namespace> –bn <bucket_name>

A. oci audit event list –-end-time $end-time –-compartment-id $compartment-id

allow group DeploymentUsers to manage volume-family where ANY

A. VOLUME_DELETE, VOLUME_ATTACHMENT_DELETE, VOLUME_BACKUP_DELETE

A. set compute quota vm-standard2–2count to 10 in compartment dev where

A. oci os object get –ns my–namespace –bn my–bucket ––name my–large–object ––

A. Didn’t include anything in user_data.

You might also like