1z0-1072-21 | Oracle Cloud Infrastructure 2021 Architect Associate - Part 2

 Q50. Which service is NOT supported by Oracle Cloud Infrastructure CLI?

A.       Predefined values

B.       Free-form tags

C.       Tag variables

D.       Defined tags

E.       Cost-tracking tags

F.       Default tags

Answer: B, D

Q51. As a solution architect, you designed the network infrastructure of a three-tier web application on Oracle Cloud Infrastructure (OCI) and the back-end database servers are put in a private subnet. One of your database administrators requests to have private access to OCI Object Storage service.

How should you fulfill this request?

A.       Add a new route rule to the private subnet route table to route default traffic to the internet gateway.

B.       Attach a public IP address to the instances in the private subnet, and then add a new route rule to the private subnet route table to route default traffic to the internet gateway.

C.       Create a dynamic routing gateway (DRG) and attach it to your virtual cloud network (VCN). Add a default route rule to the private subnets route table and set the target as DRG.

D.       Create a service gateway, add a new route rule to the private subnet route table that uses Object Storage as target type.

Answer: D

Q52. A customer launched a compute instance in the Virtual Cloud Network (VCN), which has an internet gateway, a service gateway, a default security lists and a default route table. The customer opened up Port 22 in the security lists attached to the compute instance subnet, however is still unable to connect to compute instances using SSH.

Which action can resolve this issue?

A.       Modify the security list associated with the VCN subnet in which the instance resides. Add a stateful egress rule to allow ICMP traffic in addition to the port 22.

B.       Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table: Destination CIDR: 0.0.0.0/0 Target: Service Gateway (SGW)

C.       Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table: Destination CIDR: 0.0.0.0/0 Target: Dynamic Routing Gateway (DRG)

D.       Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table: Destination CIDR: 0.0.0.0/0 Target: Internet Gateway (IGW)

Answer: D

Q53. Your customer is using an Oracle Cloud Infrastructure (OCI) compartment named Production that hosts several resources such as compute instances, DB Systems and File Systems. Each resource in the Production compartment is tagged. The customer's security team wants to restrict access to DB Systems to only the authorized group of DBAs.

Which OCI Tagging capability can be used to meet this requirement?

A.       Tags Defaults with predefined values

B.       Tag Defaults

C.       Cost-Tracking Tags

D.       Tag-based Access Control

Answer: D

Q54. You have multiple applications installed on a compute instance and these applications generate a large amount of log files. These log files must reside on the boot volume for a minimum of 15 days. Any log files age over 15 days shouldn't be on boot volume but still must be retained for at least 60 days. The 60-day retention requirement is causing an issue with available disk space.

What are two Oracle recommended methods to retain the log files for 60 days without filling up the boot volume? (Choose TWO.)

A.       Terminate the instance while preserving the boot volume. Create a new instance from the boot volume and select a DenseIO shape to take advantage of local NVMe storage.

B.       Resize the boot volume of the instance.

C.       Create and attach a block volume to the compute instance and copy the log files.

D.       Create an object storage bucket and use a script that runs daily to move log files older than 15 days to the bucket.

E.       Write a custom script to remove the log files on a daily basis and free up the space on the boot volume.

Answer: B, D

Q55. You have an application server running in a public subnet on a compute instance in US West (us-phoenix-1) region of Oracle Cloud Infrastructure (OCI). The data sitting on this instance needs to be copied to OCI Object Storage Bucket available in the same region without traversing over the internet. To enable the connectivity between the instance and Object Storage, you created a Service Gateway with service CIDR of all Object Storage in us-phoenix-1 enabled. You also modified the security rules to allow the desired traffic.

However, when you tried sending the data to the Object Storage bucket, you notice that the data is going over the internet and not via the service gateway. What could be the possible reason for this behavior?

A.       Identity and Access Management (IAM) policies restrict the access to the object storage bucket.

B.       The service gateway created in the VCN resides in a different availability domain.

C.       The security list associated with the subnet has an egress rule that allows all traffic to be forwarded to a destination CIDR 0.0.0.0/0.

D.       The route table associated with the subnet has no route rule where the destination is object storage service.

Answer: D

Q56. Which two choices are true for Oracle Autonomous Database with Shared Exadata Infrastructure? (Choose TWO.)

A.       Autonomous database does not support per-second billing.

B.       Billing for compute usage stops when autonomous database is stopped.

C.       Billing for storage usage continues when autonomous database is stopped.

D.       Billing stops for both CPU and storage usage when autonomous database is stopped.

E.       Billing does not stop when autonomous database is terminated.

Answer: B, C

Q57. You are responsible for creating and maintaining an enterprise application that consists of multiple storage volumes across multiple compute instances in Oracle Cloud Infrastructure (OCI). The storage volumes include boot volumes and block volumes for your data storage. You need to create backups of these storage volumes in the most time- efficient manner.

How can you meet this requirement?

A.       Create clones of all boot volumes and block volumes one at a time.

B.       Create on-demand full backups of boot volumes, and copy data in block volumes to Object Storage using OCI CLI.

C.       Create on-demand full backups of block volumes, and create custom images from the boot volumes.

D.       Group together multiple storage volumes in a volume group and create volume group backups.

Answer: D

Q58. As an Oracle Cloud Infrastructure tenancy administrator, you created predefined lists of values and associated them with tag key definitions. One of the users in your tenancy complains that she cannot see these predefined values.

What is causing this issue?

A.       The user is trying to use free-form tags.

B.       Some of the predefined values are null.

C.       The user is not part of an Identity and Access Management group that gives access to tagging.

D.       The user has breached either the quota or service limit for using tags.

Answer: A

Q59. You have compartments C and D under the root compartment in your Oracle Cloud Infrastructure (OCI) tenancy; compartment C contains a sub-compartment also named D. You are trying to move this sub-compartment D to the parent compartment D like shown in the picture, but the move fails.

 

What is the reason for this error?

A.       You need to move all the compartments in the hierarchy to the new parent compartment.

B.       You cannot move a sub-compartment to another parent compartment.

C.       Both parent and child compartments cannot have the same name.

D.       Sub-compartment D needs to be empty before it can be moved.

Answer: C

Q60. You are working for a financial institution that is currently running two web applications in Oracle Cloud Infrastructure (OCI). All resources were created in the root compartment. Your manager asked you to deploy new resources to support a proof-of-concept (PoC) for Oracle FlexCube. You must ensure that the FlexCube resources are secured and cannot be affected by the team that manages the two web applications.

Which two tasks should you complete to ensure the required security of your resources? (Choose TWO.)

A.       Create a new compartment for the two web applications and move the existing resources into the compartment. Deploy the FlexCube application into the root compartment. Create a new policy in the root compartment that gives the FlexCube project team the ability to manage all resources in the tenancy.

B.       Create a new policy in the root compartment for the FlexCube project team. Assign a policy statement that grants the FlexCube project team the ability to manage all resources in the tenancy, where a specific tag key and tag value are present.

C.       Create a Tag Default within the root compartment with a default value of ${iam.principle.name} so that each new resource created is tagged with the name of the person who created it. Create a new IAM policy that allows users to only modify resources they created.

D.       Create a new compartment for the two web applications and move the existing resources into this compartment. Modify the existing policy for the team that manages these applications so that the scope of access is defined as this new compartment.

E.       Create a new compartment for the FlexCube application deployment. Create a policy in this compartment for the project team that gives them the ability to manage all resources within the scope of this compartment.

Answer: C, D

Q61. Which deployment architecture is offered when you deploy the Platform Service Manager based Database Cloud Service (DBCS) onto Oracle Cloud Infrastructure?

A.       Two node Primary RAC database leveraging ACFS for the shared file system

B.       Single Instance database with a Single Instance Data Guard in Maximum Performance mode

C.       Single Instance database with a Single Instance Data Guard in Maximum Protection mode

D.       Two node Primary RAC database with a two node RAC Data Guard Standby in Maximum Performance mode

Answer: B

Q62. You are implementing Oracle Cloud Infrastructure (OCI) FastConnect to access OCI public access points (e.g. - object storage). You want other Internet traffic from your on-premises environment to use your existing connection with your ISP.

What is the correct way to establish OCI FastConnect to access these OCI public endpoints?

A.       Configure private peering on your FastConnect link. Redistribute BGP routes learned into your existing routing table and advertise a default from your network infrastructure to OCI.

B.       Configure private peering on your FastConnect link with a static route that points to OCI object storage service.

C.       Configure public peering on your FastConnect link with a static route that points to OCI object storage service.

D.       Configure public peering on your FastConnect link. Redistribute BGP routes learned into your existing routing table and advertise a specific route for your network infrastructure to OCI.

Answer: D

Q63. Which statement is true about Oracle Cloud Infrastructure FastConnect?

A.       For private peering, FastConnect extends your existing infrastructure to allow you to consume object storage from your on-premises data center

B.       For private peering, FastConnect extends your existing infrastructure to a virtual cloud network

C.       The FastConnect provider network offers only 1 Gbps port connection speed increments

D.       For public peering, a dynamic routing gateway must be configured and attached to the virtual cloud network (VCN)

Answer: B

Q64. Your Operations team has recently created a new, standard image that will be used to launch all new application servers in the Finance compartment. The custom image currently exists in the Operations compartment. You have access to manage all-resources in the Finance compartment and do not have access to the Operations compartment.

Which two methods would make the new image available for you to use when deploying new servers in the Finance compartment? (Choose two.)

A.       Instruct the Operations team to reassign the custom image to the Finance compartment so you can select it from a drop-down list when launching new compute resources.

B.       Instruct the Administrators team to grant you access to use instance-images in the Operations compartment. Use the Oracle Cloud Identifier (OCID) of the custom image when launching new compute resources in the Finance compartment.

C.       Instruct the Operations team to export the image to an object storage bucket. Instruct the Administrators team to grant you access to the object storage bucket where the custom image is stored. Use the download URL of the custom image as the image source when launching new compute resources in the Finance compartment.

D.       Instruct the Operations team to export the image to an object storage bucket, create a pre-authenticated request (PAR), and provide you with the URL. Download the custom image to your laptop and import it as a custom image in the Finance compartment.

E.       Instruct the Operations team to export the image to an object storage bucket, create a PAR, and provide you with the URL. Use that URL as the source when importing a custom image. Import the custom image into the Finance compartment.

Answer: B, C

Q65. You are designing a lab exercise for your team that has a large number of graphics with large file sizes. The application becomes unresponsive if the graphics are embedded in the application. You have uploaded the graphics to Oracle Cloud Infrastructure and only added the URL in the application. You need to ensure these graphics are accessible without requiring any authentication for an extended period of time.

How can you achieve these requirements?

A.       Create pre-authenticated requests (PAR) and specify 00:00:0000 as the expiration time.

B.       Make the object storage bucket private and all objects public and use the URL found in the Object "Details".

C.       Make the object storage bucket public and use the URL found in the Object "Details".

D.       Create PARs and do not specify an expiration date.

Answer: C

Q66. Which statement is true about Oracle Cloud Infrastructure Object Storage Service?

A.       Data retrieval in Archive Object Storage is instantaneous.

B.       You cannot directly download an object from an Archive Object Storage bucket.

C.       An existing Standard Object Storage tier bucket can be downgraded to the Archive Object Storage tier.

D.       An Archive Object Storage tier bucket can be upgraded to the Standard Object Storage tier.

Answer: B

Q67. Which two are true for achieving High Availability on Oracle Cloud Infrastructure? (Choose two.)

A.       Store your database across multiple regions so that half of the data resides in one region and the other half resides in another region.

B.       Distribute your application servers across all Availability Domains within a region.

C.       Configure your database to have Data Guard in another Availability Domain in Sync mode within a region.

D.       Store your database files on Object Storage so that they are available in all Availability Domains in all regions.

E.       Attach your block volume form Availability Domain 1 to a compute instance in Availability Domain 2 (and vice versa) so that they are highly available.

Answer: B, C

Q68. Which three must be configured for a load balancer to accept incoming traffic? (Choose two.)

A.       a listener

B.       a back-end server

C.       a back end set

D.       a security list that is open on a listener port

E.       a certificate

Answer: A, B, C

Q69. Which two options are true for Autonomous Transaction Processing (ATP) database? (Choose two.)

A.       You can add/remove Diskgroup in ATP

B.       You can scale storage up or down in ATP

C.       You can scale CPU up or down in ATP

D.       You can add more Pluggable Database for consolidating multiple databases in ATP

E.       You can add new ORACLE_HOME for bringing older versions of on-premises databases to ATP

Answer: B, C

Q70. Which two statements are true about Oracle Cloud Infrastructure (OCI) DB Systems?

A.       Customers have no control over database patching.

B.       The database and backups are encrypted by default.

C.       Customers can consolidate multiple database homes on a single virtual machine database host.

D.       Customers can manage the TDE Wallet after DB Systems is provisioned.

Answer: B, D

Q71. What happens when you run terraform plan?

A.       It configures, reconfigures, and instantiates resources and their dependencies.

B.       It shows the operator the course of action that would be taken if a change is applied.

C.       It deletes all existing resources and re-creates them.

D.       It shows a dependency graph.

Answer: B

Q72. You have provisioned an Autonomous Transaction Processing (ATP) database and logged into the ATP service console.

What are three abilities that can be performed from this service console? (Choose three.)

A.       scale up/down the CPUs

B.       create ATP database users

C.       reset the admin password

D.       set resource management rules

E.       monitor database activity and SQL queries

Answer: C, D, E

Q73. What is the maximum IP address size range that you can have in a Virtual Cloud Network?

A.       /16

B.       /26

C.       /24

D.       /8

Answer: A

Q74. You have a working application in the US East region. The app is a 3-tier app with a database backend - you take regular backups of the database into OCI Object Storage in the US East region. For Business continuity; you are leveraging OCI Object Storage cross-region copy feature to copy database backups to the US West region. Which of the following three steps do you need to execute to meet your requirement?

A.       Write an IAM policy and authorize the Object Storage service to manage objects on your behalf

B.       Specify an existing destination bucket

C.       Specify the bucket visibility for both the source and destination buckets

D.       Provide a destination object name

E.       Provide an option to choose bulk copying of objects

F.       Choose an overwrite rule

Answer: A, B, F

Q75. Which two are required parameters to create a public load balancer instance? (Choose two.)

A.       certificate

B.       load balancer name

C.       listener

D.       back end set

E.       two public subnets

Answer: C, D

Q76. Which two are NOT an image source when launching a new compute instance? (Choose two.)

A.       custom image

B.       bare metal instance

C.       boot volume

D.       Object Storage

Answer: B, D

Q77. Which statement is true about the Oracle Cloud Infrastructure File Storage Service Mount Target?

A.       You can access multiple file systems through a single mount target

B.       Mount target has a public IP address and DNS name

C.       Mount target lives in a single subnet of your choice, but is not highly available

D.       Each mount target requires six internal IP addresses in the subnet to function

Answer: A

Q78. Which two Oracle Cloud Infrastructure database services allow you to dynamically both scale CPU and storage? (Choose two.)

A.       bare metal DB system

B.       virtual machine DB system

C.       Autonomous Data Warehouse (ADW)

D.       Autonomous Transaction Processing (ATP)

Answer: C, D

Q79. You have one database-style application that frequently makes many random reads and writes across the dataset.

Which storage offering supports this application?

A.       Block Storage Service

B.       File Storage Service

C.       Archive Storage Service

D.       Object Storage Service

Answer: A

Q80. You have successfully configured identity federation between Oracle Cloud Infrastructure (OCI) and Oracle Identity Cloud Services (IDCS). A new project manager wants access to OCI for her team and provides the name of an existing group within IDCS to use when granting access.

How do you configure federation to allow the project team access to OCI resources?

A.       Create a new IAM group in OCI and map it to the existing IDCS group. Create a new policy in IDCS and reference the name of the IAM group.

B.       Create a new Identity and Access Management (IAM) policy in OCI and reference the name of the IDCS group in each policy statement.

C.       Create a new compartment in OCI with the same name as the existing IDCS group. Create an IAM policy that references the new compartment and the name of the IDCS group.

D.       Create a new IAM group in OCI and map it to the existing IDCS group. Create a new IAM policy and reference the name of the IAM group in each policy statement.

Answer: D

Q81. Which of the following two tasks can be performed in the Oracle Cloud Infrastructure Console for Autonomous Data Warehouse?

A.       Adjust Network Bandwidth

B.       Scale up/down Memory

C.       Increase Storage allocated for Database

D.       Scale up/down CPU

Answer: C, D

Q82. Which service is NOT supported by Oracle Cloud Infrastructure CLI?

A.       load balancer

B.       compute

C.       database

D.       block volumes

Answer: D

Q83. Which statement is true about a pre-authenticated request in Oracle Cloud Infrastructure Object Storage?

A.       You can create only 1, 000 pre-authenticated requests per bucket.

B.       You can create a pre-authenticated request only for public buckets.

C.       You cannot retire a pre-authenticated request before it expires.

D.       You cannot extend the expiration date on a pre-authenticated request.

Answer: D

Q84. You want an instance in your compartment to make API calls to other services within Oracle Cloud Infrastructure without storing credentials in a configuration file. What do you need to do?

A.       No action is required. By default, all VM instances are created with an Instance Principal.

B.       Instances cannot access services outside their compartment.

C.       VM instances are treated as users. Create a user and assign the user to that VM instance.

D.       Create appropriate matching rules in the Dynamic Group to create an Instance Principal.

Answer: D

Q85. Which three are default Virtual Cloud Network (VCN) components? (Choose three.)

A.       Security List

B.       Dynamic Routing Gateway

C.       DHCP options

D.       Internet Gateway

E.       Route Table

Answer: A, C, E

Q86. Which statement is true about restoring a block volume from a manual or policy-based block volume backup?

A.       It can be restored as new volumes to any Availability Domain within the same region.

B.       It must be restored as new volumes to the same Availability Domain on which the original block volume backup resides.

C.       It can be restored as new volumes to any Availability Domain across different regions.

D.       It can be restored as new volumes with different sizes from the backups.

Answer: A

Q87. Your application consists of three Oracle Cloud Infrastructure compute instances running behind a public load balancer. You have configured the load balancer to perform health checks on these instances, but one of the three instances fails to pass the configured health check. Which of the following action will the load balancer perform?

A.       Stop sending traffic to the instance that failed health check

B.       Terminate the instance that failed health check

C.       Stop the instances that failed health check

D.       Remove the instance that failed the health check from the backend set

Answer: A

Q88. Within your tenancy you have a compute instance with a boot volume and a block volume attached. The boot volume contains the OS and the attached block volume contains the instance's important data. Logs on the boot volume have filled the boot volume and are causing issues with the OS.

What should you do to resolve this situation?

A.       Stop the instance that is full. Create a manual backup of the block storage before making changes. Detach the block volume, create a new instance of the same shape with a larger custom boot volume and attach the block volume to the new instance. Configure the OS and any related application(s) to access the block volume under the same mount point as before.

B.       Create a new instance with a larger boot volume size as well a new block volume which is the same size or larger than the one attached to the full instance. rsync the state of the boot volume and the state of the block volume between the two instances.

C.       Detach the block volume from the full instance. Create a new instance of the same shape with a larger boot volume and rsync the state of the boot volume between the instances. Attach the block volume to the new instance.

D.       Create a manual backup of the block storage instance. Create a custom image of the full instance. Once that completes deploy the custom image to a new instance.

Answer: A

Q89. You have deployed a compute instance (VM.Standard2.24) to run an Oracle database. With this set up, you run into some performance issues and want to leverage an OCI Dense IO shape (VM.DenseIO2.24), with which you get 25.6 TB local NVMe SSD. You do not want to lose the configuration changes you made to the instance. Which of the following TWO steps ARE NOT required to make this transition?

A.       Terminate the VM.Standard2.24 instance and do not preserve the boot volume

B.       Create a new instance using the VM.Dense102.24 shape using the preserved boot volume and move the Oracle Database data to NVMe disks

C.       Terminate the VM.Standard2.24 instance and preserve the boot volume

D.       Create a new instance using a VM.DenseIO2.24 shape using the preserved boot volume and move the Oracle Database data to block volumes

Answer: A, D

Q90. Your organization has deployed a large, complex application across multiple compute instances in Oracle Cloud Infrastructure (OCI). These compute instances also have block volume storage attached to them. You want to create a time consistent backup of these block volume storage.

Which implementation strategy should be used?

A.       Create a manual backup of each volume

B.       Use scripts available in OCI to backup block volume storage

C.       Group volumes in a volume group first and then use available scripts in OCI

D.       Group volumes in a volume group and create a manual backup of the volume group

Answer: D

Q91. You had an outage in your application caused by the loss of a shared volume provisioned by File Storage Service (FSS). At this point, you need to restore the data from a snapshot you created of the FSS.

What are the steps to restore the data?

A.       Open OCI Console, select File Storage Service, find the shared storage, then click on snapshot and restore.

B.       Access the directory where the shared volume is mounted, then cd into .snapshot folder, find the snapshot folder you want to recover and use cp or rsync tool to copy the files to the original location.

C.       Open OCI Console, select File Storage Service, find the snapshot you created and click restore.

D.       Access the directory, where you mounted the shared volume, then cd into .snapshot folder and find the snapshot folder you want to recover and rename that folder to the original folder name.

Answer: A

Q92. What is a "transfer package" when transferring data to OCI via the OCI Data Transfer Service?

A.       A transfer package is the logical representation of the physical shipment containing the HDD transfer devices that you ship to Oracle to upload to OCI.

B.       A transfer package is the software Oracle provides for you to prepare transfer devices for shipment to Oracle

C.       A transfer package contains the physical devices.

D.       A transfer package is the archive file that the Data Transfer Service Utility (dts) writes to the transfer device.

Answer: A

Q93. Which two statements are true about Oracle Cloud Infrastructure (OCI) DB Systems Data Guard service?

A.       Both DB systems must use the same VCN, and port 1521 must be open

B.       Data guard configuration on the OCI is limited to a virtual machine only

C.       Data guard implementation for Bare Metal shapes requires two DB Systems, one containing the primary database and one containing the standby Database.

D.       Data guard implementation requires two DB Systems, one running the primary database on a virtual machine and the standby database running on bare metal.

Answer: A, C

Q94. You are asked to create a user that will access programmatic endpoints in Oracle Cloud Infrastructure. The user must not be allowed to authenticate by username and password.

Which two authentication options can you use? (Choose two.)

A.       SSH key pair

B.       Auth tokens

C.       Windows password

D.       API signing key

E.       PEM Certificate file

Answer: B, D

Q95. You create a public Load Balancer instance and configure a back end set "BES1" with one back end server running a service on port 80. You also create a listener on port 80 and configure that listener to use the back end set "BES1". A client makes one HTTP request to the Load Balancer with the correct protocol and port.

How many connections does the Load Balancer maintain?

A.       1

B.       2

C.       4

D.       3

Answer: B

Q96. You are designing a shared storage solution for your company in Oracle Cloud Infrastructure. The proposed storage solution should allow users to create a hierarchical structure (similar to the directory structure in Linux or Windows based systems). The solution should provide data encryption and a large amount of storage space.

Which would be the best implementation strategy?

A.       Use file storage service. Create a file system and a mount target. Share the private IP of the mount target.

B.       Use block storage. Create and attach a large block storage volume to one compute instance. Assign a public IP to the compute instance. Store data on the block storage and access it by connecting to the compute instance.

C.       Use object storage. Create multiple namespaces with one bucket each. Make the buckets publicly accessible.

D.       Use object storage. Create a single namespace and multiple buckets to create the hierarchical directory structure.

Answer: A

Q97. You want an Oracle Cloud Infrastructure (OCI) compute instance in your compartment to make API calls to other services within OCI without storing credentials in a configuration file. What do you need to do?

A.       By default, all VM instances are created with an instance principal. Reference this instance principal in your IAM policy statement

B.       Create a dynamic group with appropriate matching rules to include the instance, and reference this group in your IAM policy statement

C.       Instances cannot access services outside their compartment

D.       VM instances are treated as users. Create a user, assign the user to that VM instance, and reference the instance in your Identity and Access Management (IAM) policy statement

Answer: B

Q98. A customer has established an Oracle Cloud Infrastructure (OCI) FastConnect connection to OCI. The virtual circuit is up and routes are being advertised from the customer's end, however the customer is unable to ping from compute instances inside the virtual cloud network (VCN) to servers residing in its on-premises data center.

Which two options on OCI would remedy this situation? (Choose two.)

A.       Modify the route table associated with the VCN subnet in which the instance resides. Add a route to the customer's on-premises network via the Dynamic Routing Gateway (DRG).

B.       Modify the security list associated with the VCN subnet in which the instance resides. Add a stateful egress rule to allow ICMP traffic to the customer's on-premises network.

C.       Modify the security list associated with the VCN subnet in which the instance resides. Add a stateful ingress rule to allow ICMP traffic from anywhere.

D.       Modify the default VCN route table to add a route back to the customer's on-premises network via the DRG.

Answer: A, B

Q99. You have an instance running in a development compartment that needs to make API calls against other OCI services, but you do not want to configure user credentials or a store a configuration file on the instance. How can you meet this requirement?

A.       Create a dynamic group with matching rules to include your instance

B.       Instances can automatically make calls to other OCI services

C.       Instances are secure and cannot make calls to other OCI services

D.      Create a dynamic group with matching rules to include your instance and write a policy for this dynamic group

Answer: D