OCI Architect Associate Questions #1 Flashcards

1
Q

Your company has been running several small applications in OCI and is planning a Proof-of-Concept (POC) to deploy PeopleSoft (PSFT). If your existing resources are being maintained in the root compartment, what is the recommended approach for defining security for the upcoming POC?

A

Create a new compartment for the POC and grant appropriate permissions to create and manage resources within the compartment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You have been tasked with creating one Virtual Cloud Network (VCN) each for 2 Large Object (LOB) apps.

LOB A and LOB B will need to communicate with each other. To ensure that you can utilize VCN peering, which network Classless Inter-Domain Routing (CIDR) ranges should be used?

A

VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which service would you use if your big data workload required shared access and Network File System (NFS) based connectivity?

A

File Storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

You have hired a new employee to run reports from the ADW and are not confident in their SQL writing ability. Into which consumer group will you assign this individual to minimize the impact of their code?

A

Low

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

You deployed a compute instance (VM.Standard2.16) to run a SQL database. After a few weeks, you need to increase disk performance by using Non-Volatile Memory Express (NVMe) disks; the number of Critical Patch Updates (CPUs) will not change. As a first step, you terminate the instance and preserve the boot volume.

What is the next step?

A

Create a new instance using a VM.DenseIO2.16 shape using the preserved boot volume and move the SQL Database data to NVMe disks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

You have provisioned an ATP database and logged into the ATP service console. What are the three abilities that can be performed from this service console?

A

Reset the admin password.

Set resource management rules.

Monitor database activity and SQL queries.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Where do you find the tnsnames.ora for your ADW database?

A

The tnsnames.ora file is included in credentials.zip file that you download from the service console of ADW.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which statement is true regarding ATP?

A

A database name cannot be used concurrently for both an ADW and an ATP database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which two resources reside exclusively in a single availability domain?

A

Compute Instance

Block Volume

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which two use the Dynamic Routing Gateway (DRG) for connectivity?

A

Remote VCN peering across region

Oracle IPSec VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

You are running a mission-critical DB app in OCI. You take regular backups of your DB system to OCI object storage. Recently, you notice a failed DB backup status in the console.

What two steps can you take to determine the cause of the backup failure?

A

Ensure that your database host can connect to the OCI object storage.

Restart the dcsagent program if it has a status of stop or waiting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which statement is true about OCI FastConnect?

A

For private peering, FastConnect extends your existing infrastructure to a VCN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which two actions will occur when a backend server that is registered with a backend set is marked to drain connections?

A

It disallows new connections to that backend server.

Keeps the connections to that instance open and attempts to complete any in-flight requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which two statements are true about restoring a block volume from a manual or policy-based block volume backup?

A

It can be restored as new volumes with different sizes from the backup.

It can be restored as a new volume to any AD in the same region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In what two ways does OCI File Storage service differ from OCI Object Storage and Block Volume services?

A

File Storage uses the Network File System (NFS) protocol, whereas block volume uses ISCSI (Small Computer System Interface).

You can move object storage buckets, block volumes and file storage mount targets between compartments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You have been notified of an application failure indicating that one or more of the OCI resources have become unavailable. After scanning the Compute and Database consoles, you notice that one of the DB Systems is missing.

What would you do to identify the reason for this missing resource?

A

Navigate to the Audit console and search the previous 24 hours for all Delete actions to get a list of any resource that was deleted in the past 24 hours.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which two statements are true about adding secondary VNICs to an existing compute instance?

A

The primary and secondary VNIC association must be in the same availability domain.

The primary and secondary VNIC association can be in different VCNs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

You are designing a high bandwidth, with a redundant connection between your data center and OCI. While researching for OCI FastConnect locations, you notice that you are co-located with Oracle at one of the Oracle FastConnect locations in the Ashburn region.

What is the recommended design in this scenario?

A

Create a cross-connect group and have at least two or more cross-connects in that group. Create at least two or more virtual circuits in the group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

You have created a VCN with 3 private subnets, 2 of the subnets contain application servers, and the 3rd subnet contains a DB System. The application requires a shared file system, so you have provisioned one using the File Storage Service (FSS). You also created the corresponding mount target in one of the application subnets. The VCN security lists are properly configured so that both app servers and the DB System can access the file system. The security team determines that the DB System should have read-only access to the file system.

What change would you make to satisfy this requirement?

A

Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which two OCI database services allow you to dynamically scale CPU and storage?

A

Autonomous Data Warehouse (ADW)

Autonomous Transaction Processing (ATP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Your company has decided to move a few applications to OCI, and you have been asked to design a cloud-based DR solution. One of the requirements is to deploy the DR resources at least 300 miles from the home OCI region and minimize the network latency.

What will be the recommended deployment?

A

Deploy production and DR applications in 2 separate VCNs, each in different regions. Connect them using a VCN remote peering connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which two statements are true about encryption on OCI?

A

By default, object storage and block storage are encrypted at rest.

By default, DB Systems offers an encrypted database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which two options are available when setting up DNS for your bare metal and VM DB Systems?

A

Custom resolver

Internet and VCN resolver

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

You are designing a lab exercise for your team that has a large number of graphics with large file sizes. The application becomes unresponsive if the graphics are embedded in the application. You have uploaded the graphics to OCI and only added the URL in the application. You need to ensure these graphics are accessible without requiring any authentication for an extended period of time.

How can you achieve these requirements?

A

Make the object storage bucket public and use the URL found in the Object “Details”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

You are deploying a highly available web application in OCI and have decided to use a public load balancer. The back-end web servers will be distributed across all 3 ADs.

How many subnets should you create to deliver a secure, highly available application?

A

2 subnets in total; 1 regional private subnet to host your back-end web servers & 1 regional public subnet to host your public load load balancer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which two statements about File Storage Service (FSS) are accurate?

A

FSS leverages the UNIX user group and permission checking for file access security.

Data in transit to an FSS mount target is encrypted.

27
Q

What is true about data guard set up with Fast-Start FailOver (FSFO) in OCI?

A

The best practice for high availability and durability is to run the primary, standby, and observer in separate ADs.

28
Q

Which two statements about fault domains are true?

A

A fault domain is a grouping of hardware and infrastructure within an availability domain.

Each availability domain contains three fault domains.

29
Q

You are about to upload a large log file (5 TiB size) to OCI object storage and have decided to use multipart upload capability for a more efficient and resilient upload.

A

Individual object parts can be as small as 10 MiB or as large as 50 GiB.

The maximum size for an uploaded object is 10 TiB.

30
Q

You must implement a backup solution for your ADW that will enable you to restore data as old as one year with a recovery point objective (RPO) of 10 days.

Which database backup strategy would you select?

A

Use the automated backups

31
Q

Which three load-balancing policies can be used with a

backend set?

A

IP Hash

Weighted Round Robin

Least Connections

32
Q

What is a valid option when exporting a custom image?

A

Object Storage URL

33
Q

Your on-premises hosted application uses an Oracle database server. Your database administrator must have access to the database server for managing the application. Your database server is sized for seasonal peak workloads, which results in high licensing costs. You want to move your application to OCI to take advantage of CPU scaling options.

Which database offering on OCI would you select?

A

Bare Metal DB Systems

34
Q

Which two statements are true about an OCI object storage bucket?

A

You can associate a bucket with only a single compartment.

You cannot edit or append data to an object, but you can replace the entire object.

35
Q

You are a network architect and have designed the network infrastructure of a three-tier application on OCI. In the architecture, back-end DB servers are in a private subnet. One of your DB administrators requests to have access to OCI object storage service.

How can you meet this requirement?

A

Create a service gateway, add a new route rule to the private subnet route table that uses storage as your service gateway target type.

36
Q

You are an administrator with an application running on OCI. The company has a fleet of OCI compute virtual instances behind an OCI Load Balancer. The OCI Load Balancer Backend Set health check API is providing a ‘Critical’ level warning. You have confirmed that your application is running healthy on the backend servers.

What is the possible reason for this ‘Critical’ warning?

A

The Backend Server VCN’s Security List does not include the IP range for the source of the health check requests.

37
Q

You want an OCI to compute instance in your compartment to make API calls to other services within OCI without storing credentials in a configuration file.

What do you need to do?

A

Create a dynamic group with appropriate matching rules to include the instance, and reference this group in your IAM policy statement.

38
Q

You have an application deployed in OCI running only in the Phoenix region. You were asked to create a DR plan that will protect against the loss of critical data. The DR site must be at least 500 miles from your primary site, and data transfer between the two sites must not traverse the public Internet.

Which is the recommended disaster recovery plan?

A

Create a DR environment in Ashburn. Associate a DRG with the VCN in each region and create a remote peering connection between the two VCNs.

39
Q

You are managing a tier-1 OLTP application on an ATP database. Your business needs to run hourly batch processes on this ATP database that may consume more CPUs than what is available on the server.

How can you limit these batch processes to not interfere with the OLTP transactions?

A

Configure ATP resource management rules to manage runtime and IO consumption for the consumer group of batch processes.

40
Q

You need to create a high performance shared file system and have been advised to use File Storage Service (FSS). You have logged into the OCI console, created a file system, and followed the steps to mount the shared file system on your Linux instance. However, you are still unable to access the shared file system from your Linux instance.

What is the likely reason for this?

A

There are no security list rules for mount target traffic.

41
Q

You have one database-style application that frequently makes many random reads and writes across the dataset. Which storage offering supports this application?

A

Block Volume Service

42
Q

Which statement is true about OCI object storage support for server-side encryption?

A

Objects are automatically encrypted as they are uploaded to object storage and decrypted upon retrieval.

43
Q

Which statement is true about Data Guard Implementation in DB systems?

A

Both DB systems must be in the same compartment, and they must be the same shape.

44
Q

You have an OCI load balancer distributing traffic via an evenly weighted round robin policy to your back-end web servers. You notice that one of your web servers is receiving more traffic than other web servers.

How can you resolve this imbalance?

A

Disable session persistence on your back-end set.

45
Q

Your organization has deployed a large, complex application across multiple compute instances in OCI. These compute instances also have block volume storage attached to them. You want to create a time consistent backup of this block volume storage.

Which implementation strategy should be used?

A

Group volumes in a volume group and create a manual backup of the volume group.

46
Q

Which two choices are true for Autonomous Data Warehouse (ADW)?

A

Billing for compute stops when ADW is stopped.

Billing for storage continues when ADW is stopped.

47
Q

You are about to deploy an e-business application on OCI, and one of the requirements is to use a shared file system that supports the NFS protocol.

Which storage service would meet this requirement?

A

File Storage

48
Q

When terminating a compute instance, which statement is true?

A

Users can preserve the boot volume associated with the instance.

49
Q

Your application front end consists of several OCI compute instances behind a load balancer. You have configured the load balancer to perform health checks on these instances.

If an instance fails to pass the configured health checks, what will happen?

A

Load balancer stops sending traffic to that instance.

50
Q

Which two options are true for the ATP database?

A

You can scale storage up or down in ATP.

You can scale CPU up or down in ATP.

51
Q

Which two are a valid image source when launching a new compute instance?

A

Custom Image

Boot Volume

52
Q

Which two statements are true regarding cloning a block volume?

A

You can change the block volume performance when creating a clone.

You can change the block volume size when creating a clone.

53
Q

You are running several Linux based operating systems in your on-premises environment that you want to import to OCI as custom images. You can launch your imported images as OCI compute VMs.

Which two modes below can be used to launch these imported Linux VMs?

A

Paravirtualized

Emulated

54
Q

You have 2 lines of business operations (LOB1, LOB2) leveraging OCI. LOB1 is deployed in VCN1 in the OCI US East region, while LOB2 is deployed in VCN2 in the US West region. You need to peer VCN1 and VCN2 for disaster recovery and data backup purposes.

To ensure you can utilize the OCI VCN remote peering feature, which CIDR ranges should be used?

A

VCN1 (10.0.0.0/16) and VCN2 (172.16.0.0/16)

55
Q

You deployed a web server in OCI using an Ephemeral Public IP address. While making configuration changes, an admin inadvertently deleted your web server. You redeploy your web server, but many of your LOB apps depend on this web server’s public IP address and would need an update.

What can you do to prevent this from happening again?

A

Create a reserved public IP and associate it with the VNIC of your compute instance.

56
Q

You are a network architect of an application running on OCI. Your security team has informed you about a security patch that needs to be applied immediately to one of the backend web servers.

What should you do to ensure that the OCI load balancer does not forward traffic to this backend server during maintenance?

A

Drain all existing connections to this backend server and mark the backend web server offline.

57
Q

Your application consists of 3 OCI compute instances running behind a public load balancer. You have configured the load balancer to perform health checks on these instances, but one of the three instances fails to pass the configured health check.

Which of the following action will the load balancer perform?

A

Stop sending traffic to the instance that failed health check.

58
Q

Which of the following statement is true regarding OCI Object Storage Pre-Authenticated Requests?

A

Changing the bucket visibility does not change existing pre-authenticated requests.

59
Q

You have two NFS clients running in two different subnets within the same OCI VCN. You have created a shared file system for the two NFS clients who want to connect to the same file system, but you want to restrict one of the clients to have READ access while the other has READ/Write access.

Which OCI feature would you leverage to meet this requirement?

A

Use File Storage NFS Export Options to control access for the NFS clients.

60
Q

Which statement is true about the OCI File Storage Service Snapshots?

A

Snapshots are created under the root folder of file system, in a hidden directory named .snapshot

61
Q

Which is a customer’s responsibility on an OCI DB System?

A

Applying patches to the database and OS.

62
Q

Which of the following two tasks can be performed in the OCI Console for ADW?

A

Increase Storage allocated for Database.

Scale up/down CPU.

63
Q

Which two statements are true about the OCI object storage service?

A

It provides strong consistency.

Data is stored redundantly across multiple availability domains (ADs) in a multi-AD region.