Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

JF's OCI Cards > Foundation > Flashcards

Foundation Flashcards

1
Q

What is the bandwidth between servers in each AD (and cross regions)?

A
  • Oracle claims the network bandwidth between servers in each AD is 10 Gbps with a latency of less than 100 microseconds
  • The bandwidth between ADs in each region is 1 Tbps with a latency of less than 5,000 microseconds.
  • Finally, the bandwidth between regions, which are geographically vast distances apart, is 100 Gbps with a latency of less than 100 milliseconds.
  • This network is a flat high-speed non-oversubscribed Clos network that provides around one million network ports per AD
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Definition of Fault Domains ?

A
  • Logical Data Center
  • Infrastructure grouping allowing instances to be distributed so they do not reside on the same physical hardware within an AD
    • Protection at a physical server level against unexpected hardware failures and improves availability during planned outages.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is created with a VCN ?

A
  • 3 subnets were automatically created, one for each availability domain
  • A default route table is created along with an Internet Gateway, allowing your compute instances to connect to the Internet if desired
  • A default security list is also created with several default ingress rules, one of which permits SSH access on port 22 to provide remote login and access to your compute instances.
    • An ingress rule permits incoming traffic, while an egress rule permits outgoing traffic
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Load Balancers description ?

A
  • LB is a network device you may provision that receives incoming traffic on an IP address and routes the traffic to one or more underlying instances
  • The OCI LB service is a regional service that distributes traffic to instances either within the same availability domain or across multiple availability domains
  • The protocol and ports being serviced by an LB are specified in an entity called the Listener (up to 16 listeners can be defined)
  • When creating an LB, you specify the VCN in which incoming traffic is accepted as well as whether it will be a private or public LB
  • You also choose the shape of the LB, which limits the speed at which network traffic is routed
  • LBs are commonly used to support high availability and scaling out of web servers.
  • LBs distribute traffic to backend servers based on a set of policies known as a backend set. Routing algorithms, including Weighted Round-Robin (a weight is given such as 1, 2…), IP Hash, and Least Connections, are specified when creating the backend set
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the 3 protocols that OCI load balancers supports ?

A
  • TCP (level 4)
  • HTTP (level 7) - HTTP/1.0, HTTP/1.1, HTTP/2
  • WebSockets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Meaning of shape names ?

A
  • The shape names contain several useful identifiers
  • Standard means that only block storage is available while DenseIO refers to local NVMe drivers being present
  • The last digits in the shape name refer to the number of OCPUs, or Oracle Compute Units. The digit before last corresponds to the hardware generation (for instance on first- and second-generation hardware (in this case, X5 and X7).
  • An OCPU provides CPU capacity equivalent to one physical core of an Intel Xeon processor with hyperthreading enabled.
  • Each OCPU corresponds to two hardware execution threads, known as vCPUs
  • VM.Standard.E2.8 shapes are almost identically named, except for the additional “.E” in the latter shape. This identifies the underlying CPU as an AMD E-series microprocessor (EPYC CPU) as opposed to the standard Intel Xeon–based microchips found in other shapes.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 4 storages types ?

A
  • Block volumes (iSCSI interface = TCP/IP network connection)
    • Block volumes may be dismounted from one instance and mounted to another instance in the same AD without data loss
    • May be grouped with other block volumes to form a logical entity known as a volume group. Volume groups may be backed up together to form a consistent point-in-time, crash-consistent backup that is also useful for cloning
      • A boot volume is a special type of block volume because it contains a boot image (when an instance is created, a new boot volume can be created, or an unused boot volume can be chosen)
  • Object storage (HTTP, immediately available)
    • Not suitable for high speed, Object storage is not bound to an instance or an AD but is a region-level construct that resides in a compartment
    • The object storage service uses the 134.70.0.0/17 CIDR block IP range for all regions
    • OCI object storage integrates with OCI’s Identity and Access Management (IAM) to control permissions on object storage.
  • Archive storage (HTTP, needs a restore for data to be available)
    • Object and archive are based on the same storage solution, but archive is slower
  • File storage (NFS)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the global resources ?

A

Tenancy, compartments, users, groups (cannot be nested), and policies are global resources and span regions.

  • When you create these IAM entities, they exist in all regions to which your tenancy or cloud account has subscribed
  • IAM changes do not occur immediately across all regions. A user impacted by a policy change in the home region will experience a propagation delay before the changes are effected in all regions (there is a replication mechanism from the master region = tenancy home region)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the different types of users ?

A
  • Local users
  • Federated users (Federated users are created and managed in an identity provider outside of OCI’s IAM service such as Microsoft Active Directory or Oracle Identity Cloud Service (IDCS).
  • Provisioned (or synchronized) users (Provisioned users are automatically created in OCI’s IAM service based on federated users in an identity provider. A provisioned user does not exist without a corresponding federated user. If your tenancy has been federated to another identity provider and you attempt to access the OCI console using the preceding URLs, you will be prompted to either use a single sign-on (SSO) credential or to specify your local username and password. Provisioned users allow federated users to sign in to the OCI console using a password managed by their identity provider—for example, IDCS.)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the policies scope ?

A
  • Policies are inherited by their child compartments.
  • If a policy is created in the root compartment, it applies to all compartments.
  • A policy created in a child compartment with no subcompartments applies only to the relevant resources within that child compartment
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the dynamic groups used for ?

A

Dynamic groups authorize member instances to interact with OCI resources at a tenancy level by using IAM policies.

To support automation, OCI offers dynamic groups.

  • Dynamic groups are a tenancy-wide construct and represent a collection of compute instances added to the group by one or more matching rules.
  • A typical matching rule is to include all compute instances that belong to a certain compartment.
  • The group becomes dynamic as instances in that compartment are launched or terminated.
  • A single compute instance may belong to a maximum of ten dynamic groups.
  • Matching rules that determine the inclusion or exclusion of instances in dynamic groups are based on one or more of the following:
    • Compartment OCID
    • Compute instance OCID
    • Tag namespace and tag key
    • Tag namespace, tag key, and tag value
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

VCN Definition ?

A
  • A virtual cloud network (VCN) is functionally equivalent to an on-premises network and is a private network running on Oracle networking equipment in several data centers.
  • A VCN is a regional resource that spans all ADs in a single region and resides in a compartment (multiple VCNs may be created in a given compartment)
  • 3 subnets are automatically created, one for each availability domain
  • A default route table is created along with an Internet Gateway, allowing your compute instances to connect to the Internet if desired.
  • A default security list is also created with several default ingress rules, one of which permits SSH access on port 22 to provide remote login and access to your compute instances
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which OCI managed database service needs to be selected to use RAC on OCI?

  • Bare Metal DB system
  • Autonomous OLTP
  • Autonomous Data Warehouse
  • VM DB Systems
A

VM DB System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

At which level does a policy apply ?

A

A policy always applies at the group level and not individual user
It can also apply at the instance level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the difference between a Security List and a Network Security Group (NSG) ?

A
  • Security List applies to all the VNIC of the subnet

- NSG applies to some VNIC only of the subnet and specific resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How much storage comes under the free tier subscription of Oracle Cloud ?

A

5 TB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the IAM resources and their related scope ?

A
  • Tenancy
  • Compartment
  • User
  • Group
  • Policy
    IAM resources have global scope and are available in each Compartment, AD, and Region.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the 2 potential constraints of data management ?

A
  • Data residency regulations that restrict the geographical location of data
    • Many public sector organizations in Canada have a regulatory restriction on data leaving Canadian soil. Oracle has provisioned a Canadian region with an availability domain in Toronto, which has opened the door for widespread OCI adoption in that region.
  • Another design consideration to bear in mind relates to data sovereignty.
    • Some organizations have regulatory limitations on the location of the staff who work on their data.
    • For example, a large Canadian insurance corporation has a legal obligation to its policy holders guaranteeing that their data is never worked on by non–Canadian-based staff
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What are the regional resources ?

A
  • Buckets
  • Images
  • Internet Gateways (IG)
  • Customer Premises Equipment (CPE) - local representation of on-premise modem
  • Dynamic Routing Gateways (DRGs)
  • NAT Gateways
  • Route tables
  • Local Peering Gateways (LPGs)
  • Repositories
  • Security lists
  • Volume backups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are the AD specific resources ?

A
  • Volumes
  • Database systems
  • Instances
  • Ephemeral public IPs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Definition of Realm in the OCID ?

A
  • The realm is always oc1 for now and is meant to represent the set of regions that share OCI entities.
  • Region segment (region) is blank for global resources such as tenancy and compartments but contains the region code for regional and AD-specific
  • Future use is blank for now
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What are the 2 types of tags ?

A

A tag is simply a key-value pair that you associate with a resource.

  • Free-Form Tags
  • Defined Tags based on a tenancy level namespace
  • There is a facility for enabling tags as cost-tracking tags that appear on your invoice, which is very useful for implementing a chargeback system (cost tracking checkbox must be selected on the tag)
  • As of this writing there is a limit of ten tags that may be identified as cost-tracking tags, so factor this into your tag naming strategy.
  • Once you define your tag keys, you can apply these to any resource
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are some significant resource families ?

A 
Storage
  - volume-family
  - object-family
  - file-family
Compute
  - instance-family
Network
  - virtual-network-family
Database
  - database-family
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which is a capability of OCI users but not federated users?
A. Can add API keys
B. Can generate Auth tokens
C. Can use a local password for console access
D. Can generate customer secret keys

A

C. Can use a local password for console access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q 
Which resource is not an availability domain–level resource?
A.   Compute instance
B.   Subnet
C.   Block volume
D.   Object storage
A

D. Object storage

Object storage buckets are an interesting regional resource. An instance in AD: US-ASHBURN-AD-1 may access a bucket in the region: us-ashburn-1. This bucket is equally accessible by another instance in AD: US-ASHBURN-AD-2. Given the correct region-specific object storage URL and permissions, this bucket is accessible from any location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Security list Stateful and Stateless rules

A
  • Security lists contain firewall rules for all the compute instances using the subnet.
  • Rule can be either stateful or stateless.
    • Stateful rules allow connection tracking and are the default, but stateless is recommended if you have high traffic volumes. Stateful rules with connection tracking allow response traffic to leave your network without the need to explicitly define an egress rule to match an ingress rule.
    • Stateless rules, however, do not permit response traffic to leave your network unless an egress rule is defined.
  • One of the ingress rules in the default security list allows traffic from anywhere to instances using the subnet on TCP port 22. This supports incoming SSH traffic and is useful for connecting to Linux compute instances.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What are the types of public IP adresses ?

A
  • Ephemeral addresses are transient and are optionally assigned to an instance at launch or afterwards to a secondary vNIC. These persist reboot cycles of an instance and can be unassigned at any time resulting in the object being deleted. Once the instance is terminated, the address is unassigned and automatically deleted. Ephemeral public IPs cannot be moved to a different private IP. The scope of an ephemeral IP is limited to one AD.
  • Reserved addresses are persistent and exist independently of an instance. These may be assigned to an instance, unassigned back to the tenancy’s pool of reserved public IPs at any time, and assigned to a different instance. The scope of the reserved public IP is regional and can be assigned to any private IP in any AD in a region.

A vNIC on a public subnet is automatically assigned a public IP. It is not mandatory and may be removed or de-assigned.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is another name for a Gateway ?

A

Virtual Router

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

How many IP addresses a private load balancer requires ?

A
  • 3 IP addresses from the associated subnet for the primary and standby load balancers as well as the floating private IP.
  • A passive (standby) private load balancer is created automatically for failover purposes and also receives a private IP address from the same subnet. A floating private IP address serves as a highly available address of the load balancer.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

At what level is a Public load balancer defined ?

A

Region

  • The public load balancer is a regional resource as opposed to a private load balancer, which is an AD-level resource.
  • In regions with multiple ADs, it is mandatory to specify public subnets in different ADs for the active and passive load balancers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

When do we need to use a DRG for peering ?

A
  • Local peering gateways link up VCNs in the same region, while remote peering across regions is facilitated by running a remote peering connection through your DRG.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Which of the following statements is true?
A. BGP is supported with IPSec VPN but not FastConnect when connecting external networks to your VCN.
B. BGP is supported with FastConnect but not IPSec VPN when connecting external networks to your VCN.
C. BGP is supported with FastConnect but not IPSec VPN when connecting subnets within your VCN.
D. BGP is supported with IPSec VPN but not FastConnect when connecting subnets within your VCN.

A

B. BGP is supported with FastConnect but not IPSec VPN when connecting external networks to your VCN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A VCN is defined with the CIDR 192.168.0.0/30. How many IP addresses from this CIDR block are reserved by OCI?

A

3
- OCI networking service reserves the first IP known as the network address, the last IP known as the broadcast address, as well as the first host address in the CIDR range known as the subnet default gateway address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

A VCN is defined with the CIDR 192.168.0.0/30. How many IP addresses from this CIDR block are available for host addresses?

A

1 (2 puissance 2 - 3)
This CIDR block specifies four IPs: 192.168.0.0–192.168.0.3. After OCI networking services takes the three it requires, only one remains for host addressing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What are the different compute instance images ?

A

Annonce image is provided for some supported shape types

  • Platform images: Pre-built OCI-provided images with an operating system
  • Oracle images: Pre-built OCI images with applications pre-installed as well (Ebs, peoplesoft…) - not all images are available in all regions
  • Partner images: Trusted pre-built third-party images published by partners
  • Custom images: Images you have generated from other OCI instances or imported into OCI (Existing virtual machines may be exported as OCI, VMDK, or QCOW2 format images. These exports are uploaded to object storage)
  • Boot volumes: Previously created boot volumes
  • Image OCID: A specific version of an image (example: an image location provided from the OCI Marketplace)
  • BYOH: Bring Your Own Hypervisor (KVM: Kernel based VM, OVM, Hyper-V: Older Windows operating system images may be deployed as guest VMs of Hyper-V deployed on bare-metal instances)
36
Q

What are the different launch modes of Custom images ?

A
  • Native mode: Drivers in the image communicate directly with underlying hypervisor.
  • Paravirtualized mode: The guest image is modified to hook directly to the underlying hypervisor for certain tasks.
  • Emulated mode: The guest image is fully virtualized and runs without modification on the OCI hypervisor.

The launch mode is determined by the compatibility of the underlying image with the hardware hosting the virtual machines.
Custom images imported from OCI format exports may be launched in native mode because these images already have system drivers for the underlying hardware.
Images created outside of OCI may be launched in either emulated mode or paravirtualized mode, depending on whether the operating systems in these images have support for the underlying hardware.
Older operating systems typically do not have drivers for modern hardware and are likely to launch in emulated mode only.

37
Q

Where is a boot volume located ?

A
  • A boot volume used as the image source for a compute instance must be available in the same AD chosen to host the compute instance.
  • When you create a compute instance, you may configure the boot volume for the instance. This is a special block volume that stores the operating system and boot loader required to launch the compute instance.
  • The default boot volume size depends on the image chosen. Linux images usually require a significantly smaller boot volume than Windows images
  • A boot volume is attached to the instance but may be detached and retained upon termination of the instance. It may also be cloned and backed up. A detached boot volume, which may be a clone or previously attached boot volume, may be used as the image for a new compute instance.
38
Q

Where are the instances in an instance pool located ?

A
  • Instances in an instance pool are provisioned in the same region but can be in multiple availability domains.
  • Load balancers may be attached to instance pools
  • Instances in a pool may be managed together (or individually).
    For example, all instances in a pool may be reset with a single ResetInstancePool API operation.
    Other pool-level management APIs include StartInstancePool, StopInstancePool, and TerminateInstancePool. An instance pool may be in one of several states, including the following:
  • Provisioning Initial creation of instances in the pool based on the instance configuration.
  • Starting: Instances are being launched.
  • Running: Instances are running.
  • Stopping: Instances are being shut down.
  • Stopped: All instances in the pool are shut down.
  • Terminating: All instances in the instance pool and their associated resources are being deprovisioned.
  • Terminated: The instance pool and its associated resources have been terminated.
  • Scaling: The instance pool is being updated. Instances are being added or terminated.
39
Q

What is auto-scaling and how does it work ?

A
  • Autoscaling requires an instance pool.
  • An instance pool requires an instance configuration.
  • An autoscaling policy specifies scale-out and scale-in limits as well as the initial number of instances to start (could 3 instances to start when threshold is breached)
  • The scaling rule defines the thresholds for scale-out and scale-in
    • CPU usage or RAM greater for instance of a threshold
40
Q

A compute instance is not starting up. You suspect a problem with the boot volume. Which of the following options may be used to troubleshoot this further?
A. There is nothing further to do. The compute instance must be cloned and recreated.
B. A console connection may be created to see if there is more information available on the console.
C. The compute instance must just be reimaged from the same source image.
D. The boot volume may be detached and attached to another working instance as a regular volume to access log files and examine configuration.

A

B. A console connection may be created to see if there is more information available on the console.
D. The boot volume may be detached and attached to another working instance as a regular volume to access log files and examine

41
Q

Instance metadata on Oracle-provided Linux images are retrieved by querying which special IP address while connected to an instance?
A. http://169.254.169.254/opc/v1/instance/
B. http://127.0.0.1/opc/v1/instance/
C. http://255.255.255.0/opc/v1/instance/
D. There is no such thing. Use the OCI console or CLI to get instance metadata.

A

A. http://169.254.169.254/opc/v1/instance/

42
Q

What are the ACTION commands related to instance power management?

A

ACTION commands relate to power management for the instance and include: START, STOP, RESET, SOFTRESET, and SOFTSTOP

43
Q

What are the 2 types of block storage volumes ?

A
  • Boot volume is used as the image source for a compute instance
  • Block volume allows dynamic expansion of storage capacity of an instance

When you create a block volume, you specify several attributes, including the following:
- Name: This is the block volume description.
Compartment The logical container to which the block volume belongs.
-AD: Only instances in the same AD can use this volume.
- Size: Can be between 50GB and 32TB, at the time of this writing.
- Backup Policy: OCI offers three optional block volume backup policies: bronze, silver, and gold (daily, weekly, monthly incremental backup + annual full backup stored for 5 years).
- Encryption: All block volumes are encrypted using either Oracle-managed keys or customer-managed keys stored in an OCI key management vault.

One of the block volume attributes to note is lifecycle-state, which may have one of the following values:

  • PROVISIONING: Block volume is being created.
  • AVAILABLE: Block volume is ready to be attached, detached, connected, or disconnected.
  • TERMINATING: Block volume is being deleted.
  • TERMINATED: Block volume has been deleted and is no longer available.
  • FAULTY: Block volume requires diagnosis.
  • RESTORING: Block volume is being restored from a backup.Boot volumes are always attached with read/write access. To obtain information from the boot volume—for example, while troubleshooting an instance boot-up issue—the boot volume may be detached from an instance and attached with read-only access to another instance as a regular block volume.
44
Q

What are the block volume backup policies ?

A

OCI offers three optional block volume backup policies:

  • Bronze (monthly incremental backup + annual full backup stored for 5 years). Starts everyday for daily, retention period 7 days
  • Silver (weekly, monthly incremental backup + annual full backup stored for 5 years). Starts every Sunday for weekly’ retention period 4 weeks
  • Gold (daily, weekly, monthly incremental backup + annual full backup stored for 5 years). Starts first day of the month for monthly, retention period 12 months

Once a policy-based backup expires (the backup is older than the policy retention period), it is automatically deleted. If you want to retain a backup for longer than its retention period, a manual backup must be performed.

If you do not specify the backup type to either incremental or full, the OCI CLI defaults to an incremental backup.

45
Q

When do we pay for block storage ?

A
  • You always pay for OCI block storage, whether it is attached to a running or stopped instance.
  • To avoid unnecessary costs, block volumes that are no longer required should be deleted.
46
Q

Buckets Characteristics ?

A
  • A bucket is a logical container for objects that reside in a compartment.
  • An object storage bucket can exist in only one compartment but can also be moved between compartments
  • As the name suggests, you store objects of any data type in a bucket.
  • You may create up to 1,000 buckets per compartment per region and store an unlimited number of objects in a bucket, as of this writing.
  • Buckets may not be nested.
  • Bucket names must be unique within a namespace. The same bucket name may be used in a separate tenancy, unlike several other mainstream cloud object storage vendors.
  • Bucket names are case sensitive, may not be longer than 256 characters, and may only contain letters, numbers, hyphens, underscores, and periods.
  • Bucket may exist at one of two tiers:
    • Standard tier
    • Archive tier
  • Objects in buckets are encrypted automatically using either keys from your key management system or with OCI-provided keys.
  • Object storage is also replicated across multiple storage servers in a region providing high data durability.
  • OCI provides several options to share objects or buckets. You can designate a bucket’s visibility as public, which allows anyone to access your bucket without requiring authentication. You should use this option cautiously and carefully evaluate whether you need to make a bucket publicly visible. A safer option is to set up a pre-authenticated request (PAR) that exposes a bucket or an object for a limited time
    • Bucket PARs permit writes.
    • Object PARs permit either reads or writes or both reads and writes.
47
Q

What is the limit of object storage loading size ?

A
  • Objects may be uploaded to buckets using the console, but there is a 2GB limit per object.
  • The CLI, SDKs, or API may be used to upload larger objects up to 10TB by performing a multipart upload and parallelizing the upload to reduce the overall upload time.
  • Using the API, you are required to split the object into multiple parts, upload the parts, and commit the upload, which allows the object storage service to reconstruct the large object from its constituent parts.
  • When using the CLI, you are not required to split the object into parts manually as the splitting, upload, and commit are done automatically by the utility
48
Q

File Storage Services characteristics ?

A
  • FSS is a regional service available to instances in all ADs in a region
  • These file systems are physically located on storage servers in an AD and are replicated to other ADs or fault domains providing high durability
  • A mount target is an NFS endpoint that resides in a subnet in an AD or region and is given three IP addresses from that subnet by the file storage service
  • The default soft limit is 100 file systems per mount target
  • The security list associated with the subnet that contains the mount target must allow ingress TCP and UDP traffic on ports 111 and ports 2048, 2049, and 2050
  • FSS offers a convenient snapshot facility that takes a point-in-time backup of an FSS file system.
    • Snapshots are read-only and are located in a hidden directory named .snapshot in the root directory of the FSS file system.
    • Snapshots are incremental and are consequently very space efficient, backing up only files that have changed since the last snapshot.
    • By default, you can take up to 10,000 snapshots per file system.
49
Q

What are the characteristics of local MVNe SSD ?

A
  • Local NVMe SSD storage is temporary and has no durability.
  • You have to ensure redundancy and protect against disk failures by creating RAID sets with adequate mirroring or set up other high-availability mechanisms.
  • These are, however, the fastest storage available to bare-metal and VM instances as they are directly attached.
  • Local NVMe SSD storage is suitable for high-performance workloads, including transactional databases.
50
Q

An important production system with a boot volume and two block volumes must be moved from the Ashburn (IAD) region to the Toronto (YYZ) region. Choose which options are feasible?
A. Copy block storage to FSS file systems and mount on a new instance in Toronto.
B. Copy a snapshot to the Toronto region and mount on a new YYZ instance.
C. Use pre-authenticated requests to move the data without complex authentication.
D. Create a volume group backup of the boot and block volumes, copy each of these volume backups to the YYZ region, and mount on a new YYZ instance.

A

D. Create a volume group backup of the boot and block volumes, copy each of these volume backups to the YYZ region, and mount on a new YYZ instance

51
Q 
File storage service snapshots are useful for making file system backups. What type of backup is taken with an FSS snapshot?
A.   FULL
B.   ROLLING
C.   INCREMENTAL
D.   CLONE
E.   NFSv3
A

C. A snapshot makes an incremental backup of an FSS file system

52
Q

Which of the following statements are true?
A. Object storage has a flat structure.
B. Object storage has a hierarchical structure.
C. Multipart uploads can only be done for standard tier buckets.
D. Multipart uploads are possible for all types of object storage

A

A. Object storage has a flat structure.

D. Multipart uploads are possible for all types of object storage

53
Q 
What are the different storage tiers available for buckets in object storage?
A.   Gold
B.   Archive
C.   Silver
D.   Standard
E.   Bronze
A

B. Archive

D. Standard

54
Q

DBCS characteristics ?

A
  • DBCS is a PaaS offering that provides you with a fully functional and deployed Oracle database platform on a
    • Virtual machine (VM)
    • Bare metal (BM)
    • Exadata server
  • DBCS significantly simplifies database instance management, including taking backups, performing restores, and applying patches
  • DBCS backups are encrypted using the key used for Transparent Data Encryption (TDE) in the database.
    • It is important to back up the TDE wallet separately because the backup cannot be restored unless you have the correct TDE key.
  • The interface to the object storage bucket is an OpenStack Swift object storage bucket. This allows you to store backups in any Swift object store and for on-premises and other Cloud infrastructure to store data in the OCI object store using an open, uniform interface.
  • The database must be in archivelog mode.
  • When backing up to disk with dbcli, the backups are stored by default in the Fast Recovery Area (FRA) that resides in the RECO disk group
  • DBCS backups may be stored in both local and object storage.
    • Local backups use FRA space and are fast and optimized, but durability is low because the backup is not available if the DB system is down.
    • Storing backups in object storage is recommended for high durability, availability, and performance. An ideal solution may be a hybrid approach where backups are kept locally for fast point-in-time recovery and a backup copy also resides in object storage.
55
Q

Oracle Database licenses ?

A

The Oracle database software has traditionally been available in either a Standard Edition (SE2 hereafter SE) or Enterprise Edition (EE).

  • EE has many features and options that are not available on SE, notably the physical replication option known as Data Guard.
  • OCI offers two additional editions:
    • EE High Performance (EE-HP)
    • EE Extreme Performance (EE-EP)
  • EE-HP bundles additional database options on top of EE as well as several OEM management packs. The additional database options include Multitenant, Partitioning, Advanced Compression, Advanced Security, Label Security, Database Vault, OLAP, Advanced Analytics, and Spatial and Graph, while the additional OEM packs include Database Lifecycle Management Pack and Cloud Management Pack for Oracle Database.
  • EE-EP adds the In-Memory Database, Active Data Guard, and RAC database options to EE-HP
56
Q

DBCS disk groups

A

DBCS creates two disk groups:

  • DATA and RECO, and optionally a SPARSE disk group on Exadata.
    • DATA disk group is typically used for datafiles, redo logfiles, and control files
    • RECO disk group typically stores recovery-related files such as archive logfiles, flashback logs, and sometimes RMAN backups.
  • The optional SPARSE disk group on Exadata is used for snapshot databases, which are essentially thin-provisioned database clones

ASM, or Automatic Storage Management, is a volume manager used to manage disk storage that runs as a specialized Oracle instance.
ASM redundancy refers to the number of copies of data maintained by ASM across the available ASM disks. Three redundancy levels are supported: EXTERNAL, NORMAL, and HIGH, mapping to 0, 1, and 2 additional copies of data maintained respectively. DBCS only supports NORMAL and HIGH ASM redundancy levels

57
Q

DBCS on Exadata characteristics

A
  • An Exadata engineered system consists of compute nodes (x86 computer with dual socket multicore CPUs, memory, and some local storage) storage cells and networking infrastructure (all three core IaaS components)
  • Three Exadata configurations are available on DBCS:
    • Quarter rack consisting of 2 compute nodes, 3 storage servers
    • Half rack consisting of 4 compute nodes, 6 storage servers
    • Full rack consisting of 8 compute nodes, 12 storage servers
  • Usable storage for database files on Exadata is impacted by whether you choose to keep backups on the storage. Configuring SPARSE disk groups also reduces the storage available for database files.
58
Q

Managed Database Backup Using the Console

A

When you create a DBCS system, you may enable automatic backups, which have the following convenient characteristics.

  • Daily incremental backups are taken to object storage within a backup window.
  • The backup window is between midnight and 6:00 AM, in the time zone of the DB system’s region or UTC for older DBCS systems created before November 21, 2018.
  • A level zero backup is initially created, followed by daily incremental level 1 backups until the weekend, when the cycle repeats, starting with a fresh level zero backup.
  • Automatic backups are retained in object storage for 30 days, unless the database is terminated, which results in the automatic incremental backups being removed as well.

You may create on-demand backups at any time, which are retained until they are explicitly deleted.

For Exadata, the default backup configuration adheres to Oracle DBCS backup best practices. A weekly full backup (level 0) is accompanied by daily incremental (level 1) backups. All backups to cloud storage are encrypted. Backups are retained based on the destination:

  • Local FRA storage only Backups are retained for seven days.
  • Object storage only Backups are retained for 30 days.
  • Both local and object storage The most recent backups are retained locally for seven days and on object storage for 30 days.
59
Q

DBCS Patching

A
  • Relevant patches for your DBCS system are automatically discovered and listed in the OCI console.
  • If a new patch is released, previous patches are still available through the console.
  • You are not forced to apply the latest available patch, but you cannot downgrade to a previous patch.
  • You may pre-check a patch before applying to identify any potential downstream issues.
  • The two categories of patching are DB system and Databases patches.
    • These correspond to Grid Infrastructure and Database patches.
    • Both must be patched independently. Both have a pre-check option.
  • The sequence of patch application is important because there may be dependencies between them. For example, a specific database patch may only be successfully applied if a dependent DB system patch has already been applied.
  • When patching single-node database systems, downtime may be incurred while the relevant patch steps execute. RAC databases on VM and Exadata are usually available during patching because most patches are rolling, which means they may be applied in a rolling manner on each node in the cluster.
60
Q

DBCS Licensing (VM vs BM vs Exadata)

A
  • For database systems on VMs, you are charged for each OCPU hour that the system uses, rounded up to the nearest hour.
    • If your DBCS on VM system is stopped, you do not pay for OCPU, just for storage and any other infrastructure being used.
  • For database systems on bare metal, you are charged hourly for the hosted environment regardless of whether it is running or not. When scaling up by adding additional OCPUs (in multiples of two, limited to a maximum of eight OCPUs for DB SE), you are charged for each OCPU using a per-hour metric, rounded up to the nearest hour
  • Pricing for DBCS on Exadata works in the same way as bare metal except there is an additional upfront cost, which varies depending on the shape of the Exadata system chosen.
61
Q

Dataguard replication mechanism

A

Data Guard replication may be configured in one of three modes, which determines how the redo stream of changes from the primary database is shipped and applied on the standby:

  • Maximum Performance Optimized for performance. Replication is asynchronous and the primary database does not wait for confirmation that the captured redo stream has been successfully shipped or applied on the standby. Replication interruptions or issues do not impact the primary database.
  • Maximum Availability Optimized for availability and protection. Under normal operation, changes are not committed on the primary database until all changes are written to the redo logs and confirmation that the captured redo stream has been successfully shipped or applied on the standby has been received. Issues with the replication cause the system to operate as if in maximum performance mode and the availability of the primary database is not impacted.
  • Maximum Protection Optimized for data protection and integrity of the standby. No data loss is possible. Replication is synchronous and the primary database waits for confirmation that the captured redo stream has been successfully shipped or applied on the standby. Replication interruptions or issues cause the primary database to shut down

There is a small window (a few minutes at most, usually less than a minute) of unavailability during a switchover. The “old” standby database is now the primary (open read-write) while the “old” primary acts in a standby role.

Note that both the primary and standby database systems must be on the same VCN

Two modes of Data Guard replication may be configured, physical and logical standby. An important differentiator is that with physical Data Guard, the entire database is replicated with no exception. With logical replication such as SQL Apply or even Oracle GoldenGate, only a subset of the database is replicated—user-specified schemas and objects

ADG allows standby databases to be opened in read-only mode, supporting the offloading of expensive queries and read-intensive activities such as exports and backups to the standby. ADG in 19c and later supports limited read-write operations on the standby database, which exposes some exciting HADR possibilities.

Data Guard also provides a monitoring agent known as an observer that ideally runs on different infrastructure from both the primary and secondary DB systems. The observer can be configured to determine when a failover is required and to automatically perform the failover. This provides a huge HA advantage as no human involvement is required.

Consider the us-ashburn-1 region, which has at least three ADs. A best-practice HA architecture may include a primary RAC database system in AD1 with each RAC node in a separate fault domain, with a standby RAC database system in AD2, again with both standby nodes in separate fault domains. Active Data Guard has been implemented for backup and query offloading. A Data Guard observer has been configured in AD3 to orchestrate a fast-start-fail-over (FSFO) if issues with the primary RAC database system are detected.

62
Q

Autonomous Database Characteristics

A
  • Oracle autonomous database (ADB) systems offer a hosted and managed option with an underlying Exadata service and the ability to dynamically scale up and scale down both the CPUs and storage allocated to your VM
  • ADB is a pluggable DB
  • ADB uses advanced machine learning algorithms to balance performance and availability with cost, automating many tasks including indexing, tuning, upgrading, patching, and backing up the database.
  • HA is achieved through the use of a RAC database (when scaling to more than 16 OCPUs), triple-mirrored disk groups, redundant compute and network infrastructure, and nightly backups.
  • Autonomous Transaction Processing (ATP) and Autonomous Data Warehousing (ADW) each support a different workload type but they share the underlying infrastructure and tooling.
  • You cannot SSH to the compute node and no operating system access is permitted. Oracle Cloud Operations maintains the infrastructure.
  • Autonomous databases are backed up automatically at night as encrypted backups using the database backup cloud service. Backups are retained for 60 days before being removed. You may create manual backups that are stored in an object storage bucket in your tenancy.
  • The ADB Service Console provides an increasingly complex set of features geared specifically for administering and monitoring your autonomous database.
  • You may monitor CPU and storage utilization as well as current SQL statement activity and metrics
63
Q

Autonomous Database Service Options

A

The administrator manages available resources for users by assigning connection options to each user. The five consumer groups and, consequently, associated application connection services may be described as follows:

  • TPURGENT Highest priority for time-critical transaction processing operations, supporting manual parallelism on ATP databases.
  • TP Typical for OLTP, non-parallel operations on ATP databases.
  • HIGH High priority for batch and reporting parallel operations that are subject to queuing (ATP, ADW)
  • MEDIUM Typical for batch and reporting parallel operations that are subject to queuing. (ATP, ADW)
  • LOW Lowest priority for non-parallel batch and reporting operations. (ATP, ADW)
64
Q

When configuring a DB using Exadata Cloud Service, you may elect to store backups in the FRA on disk. Which statement is true regarding usable storage?

A. Space allocated for backups in the FRA has no impact on storage available for database files.

B. ExaCS backups are stored in an ACFS volume.

C. Space allocated for backups in the FRA reduces the space available for the DATA disk group.

D. ExaCS backups are stored in object storage

A

C. Space allocated for backups in the FRA reduces the space available for the DATA disk group.

65
Q

List the Oracle Cloud database solutions that support storage scaling.

A. DBCS–VM
B. ExaCS
C. ADB
D. DBCS–Bare metal

A

A. DBCS–VM
C. ADB

Storage may be scaled up and down on autonomous databases but scaled up on DBCS on VM.

66
Q

List the Oracle Cloud database solutions that support CPU core and storage scaling.

A. DBCS–VM
B. ExaCS
C. ADB
D. DBCS–Bare metal

A

C. ADB

CPU and storage may be scaled up on autonomous databases.

67
Q

Terraform Characteristics

A
  • Terraform is a declarative tool used to automate the full infrastructure lifecycle from the provision stage to updates and maintenance to the destroy stage.
  • Terraform is developed by HashiCorp and is integrated into OCI through the Terraform provider for OCI.
  • Terraform uses text configuration files with HashiCorp Configuration Language (HCL), which is simple to understand and edit, providing a self-documenting infrastructure provisioning solution.
  • Terraform can also read JSON configurations.
  • HCL code is used to specify infrastructure provisioning directives that are agnostic.
  • Terraform files may be used by multiple cloud and on-premises infrastructure providers.
  • The Terraform provider for OCI handles the interaction between Terraform and OCI, allowing OCI credentials to be configured, and translates the Terraform directives into OCI API calls, effectively exposing OCI resources to Terraform code.
  • Use Terraform commands such as plan, graph, apply, and refresh.
  • Use the Terraform destroy command to purge resources no longer required.
68
Q

Which of the following statements is true?

A. You can only interact with OCI resources using the CLI and Terraform.
B. You can only interact with OCI resources using the CLI, Terraform, and SDKs.
C. You can only interact with OCI resources using the CLI, Terraform, SDKs, and the OCI console.
D. You can interact with OCI using any tool through the OCI API endpoints

A

D. You can interact with OCI using any tool through the OCI API endpoints
You can interact with OCI using any tool through the OCI API endpoints. You are not confined to using any specific tools.

69
Q

Which command displays the VCNs in a compartment using the OCI CLI?
A. oci network vcn list –compartment-id
B. oci vcn list –compartment-id
C. oci network list –compartment-id
D. oci compartment list –vcn-id

A

A. oci network vcn list –compartment-id

70
Q

HADR Characteristics (RPO / RTO)

A
  • The basic design principle behind HADR is to eliminate single points of failure by leveraging redundant components.
  • HADR is associated with two additional terms that reflect the organizational context within which these technical architectures are situated:
    • RPO (Recovery Point Objective)
    • RTO (Recovery Time Objective)
  • RPO refers to how much data loss is tolerable for the organization in the event of a disaster. Ideally, you should strive for a zero data loss architecture. This ideal is accompanied by increased costs for redundant components and advanced software that reduces or eliminates data loss. The financial realities of an organization often dictate the RPO. It is common to see financial systems with zero data loss architectures, whereas non-production systems or systems where data can be recreated from downstream sources have less stringent RPO requirements.
  • RTO refers to the duration of a service outage. If the organizational requirement is to have zero downtime for some systems, this has implications for the underlying design and cost of the solution. Many systems can tolerate short outages. It is not ideal but can reduce the implementation costs significantly. Critical systems, usually governing life support and other high-risk environments, require zero downtime, and implementation costs for these designs tend to be material.
71
Q

DenseIO compute shapes include support for direct attached NVMe disks. What steps, if any, are required to ensure redundancy for this type of storage?

A. This storage is mirrored at the SAN level. No further steps are required.
B. Object storage mirrors must be configured.
C. Direct attached NVMe disks are preconfigured as highly available storage.
D. Some RAID configuration must be implemented to support redundancy for generic file system storage.

A

D. Some RAID configuration must be implemented to support redundancy for generic file system storage.

DenseIO compute shapes include support for direct attached NVMe disks. This storage is not SAN-based. There is no redundancy built in and it is your responsibility to set up appropriate redundancy using some sort of RAID configuration if they are used for generic file system storage.

72
Q

Which of the following statements is true?
A. All OCI regions have three availability domains.
B. HADR is not possible in a region with only one AD.
C. Each AD has three fault domains.
D. All OCI regions have three fault domains.

A

C. Each AD has three fault domains providing physical server isolation for VMs created in separate FDs in the same AD.

73
Q

Which of the following statements is true? (Choose all that apply.)
A. A RAC database is concurrently mounted by one or more database instances, each running on a separate compute node.
B. RAC databases can tolerate the loss of a RAC node.
C. As long as there is at least one RAC node available, the database remains accessible.
D. Both primary and standby databases in a Data Guard configuration may be RAC databases.

A

A. A RAC database is concurrently mounted by one or more database instances, each running on a separate compute node.
B. RAC databases can tolerate the loss of a RAC node.
C. As long as there is at least one RAC node available, the database remains accessible.
D. Both primary and standby databases in a Data Guard configuration may be RAC databases.

74
Q

Which of these options may provide zero data loss solutions for Oracle databases?
A. Oracle RAC
B. Oracle Data Guard in Maximum Performance mode
C. Oracle Data Guard in Maximum Protection mode
D. Oracle Data Guard in Maximum Availability mode

A

C. Oracle Data Guard in Maximum Protection mode

Data Guard in Maximum Protection mode ensures synchronous replication achieving zero data loss at the cost of potential waits on the primary database for confirmation that the captured redo stream has been successfully shipped and applied on the standby

75
Q

What are the differences between Object storage and FSS ?

A
  • FSS is defined at the AD level, whereas Object Storage is regional
  • FSS uses the NFS protocol whereas Object Storage uses iSCSI
76
Q

Are NVMe disks encrypted by default ?

A

No and no redundancy by default neither

77
Q

What are some valid Terraform components ?

A
  • Variable
  • Resource
  • Data source
  • Provider (create, manage, manipulate infrastructure resources)
  • Output
78
Q

Which 2 parameters are required to create a public load balancer?

A
  • Load balancer name

- 2 Public subnets

79
Q

What are the VCN components created by default ?

A
  • Route table
  • Security list
  • DHCP options
80
Q

Definition of the Service Gateway

A

Secure tunnel that keeps the traffic with OCI network

81
Q

Object Storage characteristics ?

A
  • Object storage is meant to store any amount of data of any type providing redundancy, integrity, data encryption, and various types of access.
  • Data entities such as files are seen as individual objects grouped together in a folder-like hierarchy that are called buckets .
  • Access policies guard the stored objects and decide who can access them and what actions are allowed.
  • Data is encrypted at rest, and redundant copies are distributed across data centers within a selected region
  • Some lifecycle aspects such as moving these objects that are rarely accessed to the archive storage can be automated through the use of lifecycle policies
  • it is possible to employ lifecycle policy rules to either delete or archive an object after a given period of time has elapsed
82
Q

Security List

A
  • Every VCN subnet is required to have at least one security list, which is a collection of security rules.
  • You can think of these rules as an additional layer of a virtual firewall, independent from the operating system firewall you control on each individual compute instance.
  • Before a request reaches a compute instance’s virtual network interface, security rules are enforced.
  • There are two types of security rules based on traffic direction.
    • Ingress, which means they validate the inbound traffic to VCN
    • Egress, which means they validate the outbound traffic from VCN
  • A VCN comes with a default security list resource with some basic rules that allow ingress SSH and basic ICMP traffic as well as all egress traffic.
83
Q

Purpose of a Route table ?

A

A route rule defines how to direct the outbound traffic that is destined to travel outside the VCN.

84
Q

Where can a secondary VNIC be located (VCN, Subnet, AD) ?

A
  • Secondary VNIC can be in different VCN and Subnet than primary
  • Secondary VNIC has to be in the same AD than primary
85
Q

What is the scope of the IP addresses?

A
  • Ephemeral is AD based as attached to an instance temporarily
  • Static or Reserved are regional
86
Q

At which level is object versioning defined ?

A
  • At bucket level
87
Q

Difference between Block volume and custom image ?

A
  • Custom image may be used in any AD within the region where the image is available
  • Block volume can be used in the same AD only
    • But block volume restore can be done in any AD of the region

JF's OCI Cards (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions