OCI Architect Associate Questions #1

Question 1

Your company has been running several small applications in OCI and is planning a Proof-of-Concept (POC) to deploy PeopleSoft (PSFT). If your existing resources are being maintained in the root compartment, what is the recommended approach for defining security for the upcoming POC?

Answer 1

Create a new compartment for the POC and grant appropriate permissions to create and manage resources within the compartment.

Question 2

You have been tasked with creating one Virtual Cloud Network (VCN) each for 2 Large Object (LOB) apps.

LOB A and LOB B will need to communicate with each other. To ensure that you can utilize VCN peering, which network Classless Inter-Domain Routing (CIDR) ranges should be used?

Answer 2

VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16)

Question 3

Which service would you use if your big data workload required shared access and Network File System (NFS) based connectivity?

Answer 3

File Storage

Question 4

You have hired a new employee to run reports from the ADW and are not confident in their SQL writing ability. Into which consumer group will you assign this individual to minimize the impact of their code?

Answer 4

Low

Question 5

You deployed a compute instance (VM.Standard2.16) to run a SQL database. After a few weeks, you need to increase disk performance by using Non-Volatile Memory Express (NVMe) disks; the number of Critical Patch Updates (CPUs) will not change. As a first step, you terminate the instance and preserve the boot volume.

What is the next step?

Answer 5

Create a new instance using a VM.DenseIO2.16 shape using the preserved boot volume and move the SQL Database data to NVMe disks.

Question 6

You have provisioned an ATP database and logged into the ATP service console. What are the three abilities that can be performed from this service console?

Answer 6

Reset the admin password.

Set resource management rules.

Monitor database activity and SQL queries.

Question 7

Where do you find the tnsnames.ora for your ADW database?

Answer 7

The tnsnames.ora file is included in credentials.zip file that you download from the service console of ADW.

Question 8

Which statement is true regarding ATP?

Answer 8

A database name cannot be used concurrently for both an ADW and an ATP database.

Question 9

Which two resources reside exclusively in a single availability domain?

Answer 9

Compute Instance

Block Volume

Question 10

Which two use the Dynamic Routing Gateway (DRG) for connectivity?

Answer 10

Remote VCN peering across region

Oracle IPSec VPN

Question 11

You are running a mission-critical DB app in OCI. You take regular backups of your DB system to OCI object storage. Recently, you notice a failed DB backup status in the console.

What two steps can you take to determine the cause of the backup failure?

Answer 11

Ensure that your database host can connect to the OCI object storage.

Restart the dcsagent program if it has a status of stop or waiting.

Question 12

Which statement is true about OCI FastConnect?

Answer 12

For private peering, FastConnect extends your existing infrastructure to a VCN.

Question 13

Which two actions will occur when a backend server that is registered with a backend set is marked to drain connections?

Answer 13

It disallows new connections to that backend server.

Keeps the connections to that instance open and attempts to complete any in-flight requests.

Question 14

Which two statements are true about restoring a block volume from a manual or policy-based block volume backup?

Answer 14

It can be restored as new volumes with different sizes from the backup.

It can be restored as a new volume to any AD in the same region.

Question 15

In what two ways does OCI File Storage service differ from OCI Object Storage and Block Volume services?

Answer 15

File Storage uses the Network File System (NFS) protocol, whereas block volume uses ISCSI (Small Computer System Interface).

You can move object storage buckets, block volumes and file storage mount targets between compartments.

Question 16

You have been notified of an application failure indicating that one or more of the OCI resources have become unavailable. After scanning the Compute and Database consoles, you notice that one of the DB Systems is missing.

What would you do to identify the reason for this missing resource?

Answer 16

Navigate to the Audit console and search the previous 24 hours for all Delete actions to get a list of any resource that was deleted in the past 24 hours.

Question 17

Which two statements are true about adding secondary VNICs to an existing compute instance?

Answer 17

The primary and secondary VNIC association must be in the same availability domain.

The primary and secondary VNIC association can be in different VCNs.

Question 18

You are designing a high bandwidth, with a redundant connection between your data center and OCI. While researching for OCI FastConnect locations, you notice that you are co-located with Oracle at one of the Oracle FastConnect locations in the Ashburn region.

What is the recommended design in this scenario?

Answer 18

Create a cross-connect group and have at least two or more cross-connects in that group. Create at least two or more virtual circuits in the group.

Question 19

You have created a VCN with 3 private subnets, 2 of the subnets contain application servers, and the 3rd subnet contains a DB System. The application requires a shared file system, so you have provisioned one using the File Storage Service (FSS). You also created the corresponding mount target in one of the application subnets. The VCN security lists are properly configured so that both app servers and the DB System can access the file system. The security team determines that the DB System should have read-only access to the file system.

What change would you make to satisfy this requirement?

Answer 19

Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet.

Question 20

Which two OCI database services allow you to dynamically scale CPU and storage?

Answer 20

Autonomous Data Warehouse (ADW)

Autonomous Transaction Processing (ATP)

Question 21

Your company has decided to move a few applications to OCI, and you have been asked to design a cloud-based DR solution. One of the requirements is to deploy the DR resources at least 300 miles from the home OCI region and minimize the network latency.

What will be the recommended deployment?

Answer 21

Deploy production and DR applications in 2 separate VCNs, each in different regions. Connect them using a VCN remote peering connection.

Question 22

Which two statements are true about encryption on OCI?

Answer 22

By default, object storage and block storage are encrypted at rest.

By default, DB Systems offers an encrypted database.

Question 23

Which two options are available when setting up DNS for your bare metal and VM DB Systems?

Answer 23

Custom resolver

Internet and VCN resolver

Question 24

You are designing a lab exercise for your team that has a large number of graphics with large file sizes. The application becomes unresponsive if the graphics are embedded in the application. You have uploaded the graphics to OCI and only added the URL in the application. You need to ensure these graphics are accessible without requiring any authentication for an extended period of time.

How can you achieve these requirements?

Answer 24

Make the object storage bucket public and use the URL found in the Object “Details”

Question 25

You are deploying a highly available web application in OCI and have decided to use a public load balancer. The back-end web servers will be distributed across all 3 ADs.

How many subnets should you create to deliver a secure, highly available application?

Answer 25

2 subnets in total; 1 regional private subnet to host your back-end web servers & 1 regional public subnet to host your public load load balancer.

Question 26

Which two statements about File Storage Service (FSS) are accurate?

Answer 26

FSS leverages the UNIX user group and permission checking for file access security.

Data in transit to an FSS mount target is encrypted.

Question 27

What is true about data guard set up with Fast-Start FailOver (FSFO) in OCI?

Answer 27

The best practice for high availability and durability is to run the primary, standby, and observer in separate ADs.

Question 28

Which two statements about fault domains are true?

Answer 28

A fault domain is a grouping of hardware and infrastructure within an availability domain.

Each availability domain contains three fault domains.

Question 29

You are about to upload a large log file (5 TiB size) to OCI object storage and have decided to use multipart upload capability for a more efficient and resilient upload.

Answer 29

Individual object parts can be as small as 10 MiB or as large as 50 GiB.

The maximum size for an uploaded object is 10 TiB.

Question 30

You must implement a backup solution for your ADW that will enable you to restore data as old as one year with a recovery point objective (RPO) of 10 days.

Which database backup strategy would you select?

Answer 30

Use the automated backups

Question 31

Which three load-balancing policies can be used with a

backend set?

Answer 31

IP Hash

Weighted Round Robin

Least Connections

Question 32

What is a valid option when exporting a custom image?

Answer 32

Object Storage URL

Question 33

Your on-premises hosted application uses an Oracle database server. Your database administrator must have access to the database server for managing the application. Your database server is sized for seasonal peak workloads, which results in high licensing costs. You want to move your application to OCI to take advantage of CPU scaling options.

Which database offering on OCI would you select?

Answer 33

Bare Metal DB Systems

Question 34

Which two statements are true about an OCI object storage bucket?

Answer 34

You can associate a bucket with only a single compartment.

You cannot edit or append data to an object, but you can replace the entire object.

Question 35

You are a network architect and have designed the network infrastructure of a three-tier application on OCI. In the architecture, back-end DB servers are in a private subnet. One of your DB administrators requests to have access to OCI object storage service.

How can you meet this requirement?

Answer 35

Create a service gateway, add a new route rule to the private subnet route table that uses storage as your service gateway target type.

Question 36

You are an administrator with an application running on OCI. The company has a fleet of OCI compute virtual instances behind an OCI Load Balancer. The OCI Load Balancer Backend Set health check API is providing a ‘Critical’ level warning. You have confirmed that your application is running healthy on the backend servers.

What is the possible reason for this ‘Critical’ warning?

Answer 36

The Backend Server VCN’s Security List does not include the IP range for the source of the health check requests.

Question 37

You want an OCI to compute instance in your compartment to make API calls to other services within OCI without storing credentials in a configuration file.

What do you need to do?

Answer 37

Create a dynamic group with appropriate matching rules to include the instance, and reference this group in your IAM policy statement.

Question 38

You have an application deployed in OCI running only in the Phoenix region. You were asked to create a DR plan that will protect against the loss of critical data. The DR site must be at least 500 miles from your primary site, and data transfer between the two sites must not traverse the public Internet.

Which is the recommended disaster recovery plan?

Answer 38

Create a DR environment in Ashburn. Associate a DRG with the VCN in each region and create a remote peering connection between the two VCNs.

Question 39

You are managing a tier-1 OLTP application on an ATP database. Your business needs to run hourly batch processes on this ATP database that may consume more CPUs than what is available on the server.

How can you limit these batch processes to not interfere with the OLTP transactions?

Answer 39

Configure ATP resource management rules to manage runtime and IO consumption for the consumer group of batch processes.

Question 40

You need to create a high performance shared file system and have been advised to use File Storage Service (FSS). You have logged into the OCI console, created a file system, and followed the steps to mount the shared file system on your Linux instance. However, you are still unable to access the shared file system from your Linux instance.

What is the likely reason for this?

Answer 40

There are no security list rules for mount target traffic.

Question 41

You have one database-style application that frequently makes many random reads and writes across the dataset. Which storage offering supports this application?

Answer 41

Block Volume Service

Question 42

Which statement is true about OCI object storage support for server-side encryption?

Answer 42

Objects are automatically encrypted as they are uploaded to object storage and decrypted upon retrieval.

Question 43

Which statement is true about Data Guard Implementation in DB systems?

Answer 43

Both DB systems must be in the same compartment, and they must be the same shape.

Question 44

You have an OCI load balancer distributing traffic via an evenly weighted round robin policy to your back-end web servers. You notice that one of your web servers is receiving more traffic than other web servers.

How can you resolve this imbalance?

Answer 44

Disable session persistence on your back-end set.

Question 45

Your organization has deployed a large, complex application across multiple compute instances in OCI. These compute instances also have block volume storage attached to them. You want to create a time consistent backup of this block volume storage.

Which implementation strategy should be used?

Answer 45

Group volumes in a volume group and create a manual backup of the volume group.

Question 46

Which two choices are true for Autonomous Data Warehouse (ADW)?

Answer 46

Billing for compute stops when ADW is stopped.

Billing for storage continues when ADW is stopped.

Question 47

You are about to deploy an e-business application on OCI, and one of the requirements is to use a shared file system that supports the NFS protocol.

Which storage service would meet this requirement?

Answer 47

File Storage

Question 48

When terminating a compute instance, which statement is true?

Answer 48

Users can preserve the boot volume associated with the instance.

Question 49

Your application front end consists of several OCI compute instances behind a load balancer. You have configured the load balancer to perform health checks on these instances.

If an instance fails to pass the configured health checks, what will happen?

Answer 49

Load balancer stops sending traffic to that instance.

Question 50

Which two options are true for the ATP database?

Answer 50

You can scale storage up or down in ATP.

You can scale CPU up or down in ATP.

Question 51

Which two are a valid image source when launching a new compute instance?

Answer 51

Custom Image

Boot Volume

Question 52

Which two statements are true regarding cloning a block volume?

Answer 52

You can change the block volume performance when creating a clone.

You can change the block volume size when creating a clone.

Question 53

You are running several Linux based operating systems in your on-premises environment that you want to import to OCI as custom images. You can launch your imported images as OCI compute VMs.

Which two modes below can be used to launch these imported Linux VMs?

Answer 53

Paravirtualized

Emulated

Question 54

You have 2 lines of business operations (LOB1, LOB2) leveraging OCI. LOB1 is deployed in VCN1 in the OCI US East region, while LOB2 is deployed in VCN2 in the US West region. You need to peer VCN1 and VCN2 for disaster recovery and data backup purposes.

To ensure you can utilize the OCI VCN remote peering feature, which CIDR ranges should be used?

Answer 54

VCN1 (10.0.0.0/16) and VCN2 (172.16.0.0/16)

Question 55

You deployed a web server in OCI using an Ephemeral Public IP address. While making configuration changes, an admin inadvertently deleted your web server. You redeploy your web server, but many of your LOB apps depend on this web server’s public IP address and would need an update.

What can you do to prevent this from happening again?

Answer 55

Create a reserved public IP and associate it with the VNIC of your compute instance.

Question 56

You are a network architect of an application running on OCI. Your security team has informed you about a security patch that needs to be applied immediately to one of the backend web servers.

What should you do to ensure that the OCI load balancer does not forward traffic to this backend server during maintenance?

Answer 56

Drain all existing connections to this backend server and mark the backend web server offline.

Question 57

Your application consists of 3 OCI compute instances running behind a public load balancer. You have configured the load balancer to perform health checks on these instances, but one of the three instances fails to pass the configured health check.

Which of the following action will the load balancer perform?

Answer 57

Stop sending traffic to the instance that failed health check.

Question 58

Which of the following statement is true regarding OCI Object Storage Pre-Authenticated Requests?

Answer 58

Changing the bucket visibility does not change existing pre-authenticated requests.

Question 59

You have two NFS clients running in two different subnets within the same OCI VCN. You have created a shared file system for the two NFS clients who want to connect to the same file system, but you want to restrict one of the clients to have READ access while the other has READ/Write access.

Which OCI feature would you leverage to meet this requirement?

Answer 59

Use File Storage NFS Export Options to control access for the NFS clients.

Question 60

Which statement is true about the OCI File Storage Service Snapshots?

Answer 60

Snapshots are created under the root folder of file system, in a hidden directory named .snapshot

Question 61

Which is a customer’s responsibility on an OCI DB System?

Answer 61

Applying patches to the database and OS.

Question 62

Which of the following two tasks can be performed in the OCI Console for ADW?

Answer 62

Increase Storage allocated for Database.

Scale up/down CPU.

Question 63

Which two statements are true about the OCI object storage service?

Answer 63

It provides strong consistency.

Data is stored redundantly across multiple availability domains (ADs) in a multi-AD region.