Thursday, August 04, 2022

1z0-1072-21 | Oracle Cloud Infrastructure 2021 Architect Associate - Part 2

 Q50. Which service is NOT supported by Oracle Cloud Infrastructure CLI?

A.       Predefined values

B.       Free-form tags

C.       Tag variables

D.       Defined tags

E.       Cost-tracking tags

F.       Default tags

Answer: B, D

Q51. As a solution architect, you designed the network infrastructure of a three-tier web application on Oracle Cloud Infrastructure (OCI) and the back-end database servers are put in a private subnet. One of your database administrators requests to have private access to OCI Object Storage service.

How should you fulfill this request?

A.       Add a new route rule to the private subnet route table to route default traffic to the internet gateway.

B.       Attach a public IP address to the instances in the private subnet, and then add a new route rule to the private subnet route table to route default traffic to the internet gateway.

C.       Create a dynamic routing gateway (DRG) and attach it to your virtual cloud network (VCN). Add a default route rule to the private subnets route table and set the target as DRG.

D.       Create a service gateway, add a new route rule to the private subnet route table that uses Object Storage as target type.

Answer: D

Q52. A customer launched a compute instance in the Virtual Cloud Network (VCN), which has an internet gateway, a service gateway, a default security lists and a default route table. The customer opened up Port 22 in the security lists attached to the compute instance subnet, however is still unable to connect to compute instances using SSH.

Which action can resolve this issue?

A.       Modify the security list associated with the VCN subnet in which the instance resides. Add a stateful egress rule to allow ICMP traffic in addition to the port 22.

B.       Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table: Destination CIDR: 0.0.0.0/0 Target: Service Gateway (SGW)

C.       Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table: Destination CIDR: 0.0.0.0/0 Target: Dynamic Routing Gateway (DRG)

D.       Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table: Destination CIDR: 0.0.0.0/0 Target: Internet Gateway (IGW)

Answer: D

Q53. Your customer is using an Oracle Cloud Infrastructure (OCI) compartment named Production that hosts several resources such as compute instances, DB Systems and File Systems. Each resource in the Production compartment is tagged. The customer's security team wants to restrict access to DB Systems to only the authorized group of DBAs.

Which OCI Tagging capability can be used to meet this requirement?

A.       Tags Defaults with predefined values

B.       Tag Defaults

C.       Cost-Tracking Tags

D.       Tag-based Access Control

Answer: D

Q54. You have multiple applications installed on a compute instance and these applications generate a large amount of log files. These log files must reside on the boot volume for a minimum of 15 days. Any log files age over 15 days shouldn't be on boot volume but still must be retained for at least 60 days. The 60-day retention requirement is causing an issue with available disk space.

What are two Oracle recommended methods to retain the log files for 60 days without filling up the boot volume? (Choose TWO.)

A.       Terminate the instance while preserving the boot volume. Create a new instance from the boot volume and select a DenseIO shape to take advantage of local NVMe storage.

B.       Resize the boot volume of the instance.

C.       Create and attach a block volume to the compute instance and copy the log files.

D.       Create an object storage bucket and use a script that runs daily to move log files older than 15 days to the bucket.

E.       Write a custom script to remove the log files on a daily basis and free up the space on the boot volume.

Answer: B, D

Q55. You have an application server running in a public subnet on a compute instance in US West (us-phoenix-1) region of Oracle Cloud Infrastructure (OCI). The data sitting on this instance needs to be copied to OCI Object Storage Bucket available in the same region without traversing over the internet. To enable the connectivity between the instance and Object Storage, you created a Service Gateway with service CIDR of all Object Storage in us-phoenix-1 enabled. You also modified the security rules to allow the desired traffic.

However, when you tried sending the data to the Object Storage bucket, you notice that the data is going over the internet and not via the service gateway. What could be the possible reason for this behavior?

A.       Identity and Access Management (IAM) policies restrict the access to the object storage bucket.

B.       The service gateway created in the VCN resides in a different availability domain.

C.       The security list associated with the subnet has an egress rule that allows all traffic to be forwarded to a destination CIDR 0.0.0.0/0.

D.       The route table associated with the subnet has no route rule where the destination is object storage service.

Answer: D
Read more >>
at
Labels:

Monday, August 01, 2022

1z0-1072-21 | Oracle Cloud Infrastructure 2021 Architect Associate - Part 1

Q1. You have an Oracle Cloud Infrastructure (OCI) load balancer distributing traffic via an evenly-weighted round robin policy to your back-end web servers. You notice that one of your web servers is receiving more traffic than other web servers. How can you resolve this to make sure traffic is evenly distributed across all back-end webservers?

  1. Disable cookie-based session persistence on your backend set.
  2. Change keep-alive setting between the load balancer and backend server.
  3. Disable SSL configuration associated with your backend set.
  4. Create separate listeners for each backend web server.

Answer: A

Q2. Which two are Regional resources in Oracle Cloud Infrastructure? (Choose TWO.)

  1. Ephemeral public IPs
  2. Compartments
  3. Compute images
  4. Dynamic groups
  5. Block volume backups

Answer: C, E

Ref:  https://docs.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm


Q3. An Oracle Cloud Infrastructure tenancy administrator is not able to delete a user in the tenancy. What can cause this issue?

A.       User has multi-factor authentication (MFA) enabled.

B.       User is member of an Identity and Access Management (IAM) group.

C.       Users can be blocked but not deleted.

D.       User needs to be deleted from federation Identity Provider (IdP) before deleting from IAM.

Answer: B

Ref: https://docs.oracle.com/en-us/iaas/Content/Identity/Tasks/managingusers.htm


Q4. You are a system administrator of your company and you are asked to manage updates and patches across all your compute instances running Oracle Linux in Oracle Cloud Infrastructure (OCI). As part of your task, you need to apply all the latest kernel security updates to all instances.

Which OCI service will allow you to complete this task?

A.       Resource Manager

B.       OS Management

C.       Storage Gateway

D.       Streaming

E.       Registry

Answer: B

Ref: https://blogs.oracle.com/cloud-infrastructure/post/os-management-with-oracle-cloud-infrastructure


Q5. Which of the following statements is true about the Oracle Cloud Infrastructure (OCI) Object Storage server-side encryption?

A.       Encryption of data encryption keys with a master encryption key is optional.

B.       Customer-provided encryption keys are always stored in OCI Vault service.

C.       Encryption is enabled by default and cannot be turned off.

D.       Each object in a bucket is always encrypted with the same data encryption key.

Answer: B
Read more >>
at
Labels:
Subscribe to: Posts (Atom)