Q201. You are about to deploy an E-Business application on Oracle Cloud Infrastructure and one of the requirements is to use a shared file system that supports the NFS protocol.How can you meet this requirement?
A. Create a service gateway, add a new route rule to the private subnet route table that uses object storage as your service gateway target type
B. Create a dynamic routing gateway (DRG) and attach it to your virtual cloud network (VCN). Add a default route rule to the private subnets route table and set the target as DRG
C. Attach a public IP address to the instances in the private subnet, and then add a new route rule to the private subnet route table to route default traffic to the internet gateway
D. Add a new route rule to the private subnet route table to route default traffic to the internet gateway
Answer: A
Q202. You have just created an Autonomous Data Warehouse (ADW) and you want to connect to the ADW using SQL Developer. What three items are needed to connect to the ADW using SQL Developer? (Choose three.)Which storage service would meet this requirement?
A. object storage
B. block volume
C. data transfer appliance
D. file storage
Answer: D
Q203. You are planning to deploy a multi-region web application in Oracle Cloud Infrastructure (OCI). You have customers in North America, Asia and Europe who will access the application.A. the keystore password
B. a security list with an ingress rule for TCP port 1521
C. the client credentials file
D. the public IP address of the ADW server
E. the admin password
Answer: A, C, E
Q204. Which two options are valid for loading data directly into Autonomous Data Warehouse (ADW)? (Choose two.)What service is available in OCI to help you choose the regions with the lowest latency to these markets?
A. Internet Intelligence
B. FastConnect
C. IPsec VPN
D. DNS Zone Management
Answer: A
Q205. Your company is developing a new database application in Oracle Cloud Infrastructure. You need to test application functionality including a hardware failure scenario. Since the application is still in the development phase, you want to minimize infrastructure costs.A. Data Integrator
B. Data Pump
C. Data Transfer Service
D. SQL*Loader
Answer: B, D
Q206. You have an application deployed in Oracle Cloud Infrastructure running only in the Phoenix region. You were asked to create a disaster recovery (DR) plan that will protect against the loss of critical data. The DR site must be at least 500 miles from your primary site and data transfer between the two sites must not traverse the public internet.Which database service deployment option meets this requirement?
A. two node real application cluster (RAC) system
B. Autonomous Data Warehouse (ADW) system as it provides auto fail over functionality
C. two node bare metal system with data guard enabled
D. single node bare metal system
Answer: B
Q207. You have multiple applications installed on a compute instance and these applications generate a large amount of log files. These log files must reside on the boot volume for a minimum of 15 days and must be retained for at least 60 days. The 60-day retention requirement is causing an issue with available disk space.Which is the recommended disaster recovery plan?
A. Create a new virtual cloud network (VCN) in the Phoenix region and create a subnet in one availability domain (AD) that is not currently being used by your production systems. Establish VCN peering between the production and DR sites.
B. Create a DR environment in Ashburn. Associate a DRG with the VCN in each region and create a remote peering connection between the two VCNs.
C. Create a DR environment in Ashburn and provision a FastConnect virtual circuit using DRG between the regions.
D. Create a DR environment in Ashburn. Associate a dynamic routing gateway (DRG) with the VCN in each region and configure an IPsec VPN connection between the two regions.
Answer: B
Q208. Which two statements about file storage service (FSS) are accurate? (Choose two.)What are the two recommended methods to provide additional boot volume space for this compute instance? (Choose two.)
A. Terminate the instance while preserving the boot volume. Create a new instance from the boot volume and select a DenseIO shape to take advantage of local NVMe storage.
B. Create an object storage bucket and use a script that runs daily to move log files older than 15 days to the bucket.
C. Create and attach a block volume to the compute instance and copy the log files.
D. Create a custom image and launch a new compute instance with a larger boot volume size.
E. Write a custom script to remove the log files on a daily basis and free up the space on the boot volume.
Answer: B, C
A. FSS leverages UNIX user group and permission checking for file access security
B. Encryption of file system in FSS is optional
C. Identity and Access Management (IAM) controls which file systems are mountable by which instances
D. Security lists can be used as a virtual firewall to prevent an instance from mounting an FSS mount target within the same subnet
E. Data in transit to an FSS mount target is encrypted
Answer: A, D
Q210. You are running a mission-critical database application in Oracle Cloud Infrastructure (OCI). You take regular backups of your DB system to OCI object storage. Recently, you notice a failed database backup status in the console.A. You can associate a bucket with multiple compartments
B. You cannot change a bucket from private to public after it is created
C. You can associate a bucket with only a single compartment
D. You cannot edit or append data to an object, but you can replace the entire object
Answer: C, D
Q211. You are designing a high bandwidth, redundant connection between your data center and Oracle Cloud Infrastructure (OCI). While researching for OCI FastConnect locations, you notice that you are co-located with Oracle at one of the Oracle FastConnect locations in the Ashburn region.What two steps can you take to determine the cause of the backup failure? (Choose two.)
A. Ensure the database archiving mode is set to NOARCHIVELOG
B. Ensure that your database host can connect to the OCI object storage
C. Restart the dcsagent program if it has a status of stop or waiting
D. Make sure that the database is not active and running while the backup is in progress
Answer: B, C
Q212. As the Cloud Architect for your company, you have been tasked with designing a high performance compute (HPC) cluster in Oracle Cloud Infrastructure (OCI).What is the recommended design in this scenario?
A. Create a cross-connect group and have two or more cross-connects in that group. Create an IPsec VPN connection on this group.
B. Setup two IPsec connections between your data center and OCI Ashburn region. Create an OCI load balancer to distribute the traffic across the two connections.
C. Create a cross-connect group and have at least two or more cross-connects in that group. Create at least two or more virtual circuits in the group.
D. Create a cross-connect group and have at least one cross-connect in that group. Create at least one virtual circuit in the group.
Answer: C
Q213. What is true about data guard set up with fast-start failover (FSFO) in Oracle Cloud Infrastructure (OCI)?The following requirements have been defined:
✑ The cluster must be a minimum of three nodes, but may increase to six nodes when demand requires.
✑ The cluster must be resilient to any potential infrastructure failures.
✑ To minimize latency, all nodes must be deployed within the same availability domain (AD).
✑ Adding or replacing nodes within the cluster should take no more than 30 minutes.
Which two steps should be performed to satisfy these requirements in OCI? (Choose two.)
A. Deploy the cluster in a single AD with a shared file system that leverages the file storage service (FSS). Deploy a standby cluster in another AD and configure it to use the same shared file system.
B. Deploy the cluster in a single AD. Place each of the nodes in one of the three different fault domains in that AD.
C. Create a backup of your HPC node compute instance boot volume. Launch new compute instances directly from the backup to reduce provisioning time.
D. Create a custom image of your HPC node compute instance. Launch new compute instances using this image to reduce provisioning time.
E. Deploy the cluster in a single AD. Place each of the nodes in a different virtual cloud network (VCN) subnet.
Answer: B, D
Q214. You have created a public subnet and an internet gateway in your virtual cloud network (VCN). The public subnet has an associated route table and security list. However, after creating several compute instances in the public subnet, none can reach the Internet.A. The best practice for high availability and durability is to run the primary, standby, and observer in separate availability domains (ADs).
B. When you configure data guard using OCI console, the default mode is set to Max Protection.
C. You cannot create the standby DB system in a different AD from the primary DB system.
D. You cannot use database command line interface (CLI) to set up data guard with FSFO.
Answer: A
Q215. Which two choices are true for Autonomous Data Warehouse (ADW)? (Choose two.)Which two are possible reasons for the connectivity issue? (Choose two.)
A. The route table has no default route for routing traffic to the internet gateway
B. There is no stateful egress rule in the security list associated with the public subnet
C. There is no dynamic routing gateway (DRG) associated with the VCN
D. There is no stateful ingress rule in the security list associated with the public subnet
Answer: A, B
Q216. You have created a virtual cloud network (VCN) with three private subnets. Two of the subnets contain application servers and the third subnet contains a DB System. The application requires a shared file system so you have provisioned one using the file storage service (FSS). You also created the corresponding mount target in one of the application subnets. The VCN security lists are properly configured so that both application servers and the DB System can access the file system. The security team determines that the DB System should have read-only access to the file system.A. Billing stops only when the ADW is terminated
B. Billing stops for both CPU usage and storage usage when ADW is stopped
C. Billing for compute stops when ADW is stopped
D. Billing for storage continues when ADW is stopped
Answer: B, D
Q217. What is the maximum number of security lists that can be associated with a subnet?What change would you make to satisfy this requirement?
A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the DB System subnet.
B. Connect via SSH to one of the application servers where the file system has been mounted. Use the Unix command chmod to change permissions on the file system directory, allowing the database user read-only access.
C. Modify the security list associated with the subnet where the mount target resides. Change the ingress rules corresponding to the DB System subnet to be stateless.
D. Create an instance principal for the DB System. Write an Identity and Access Management (IAM) policy that allows the instance principal read-only access to the file storage service.
Answer: A
Q218. In what two ways does Oracle Cloud Infrastructure (OCI) file storage service (FSS) differ from OCI object storage and block volume services? (Choose two.)A. four
B. three
C. five
D. two
Answer: C
Q219. Which two use Oracle dynamic routing gateway (DRG) for connectivity? (Choose two.)A. Block volume service is NVMe based, while FSS is not
B. Object storage and block volume services offer default encryption, but FSS does not
C. A file system is created within an availability domain, whereas object storage buckets exist at the region level
D. FSS uses the network file system (NFS) protocol, whereas block volume uses iSCSI
Answer: C, D
Q220. Which two statements are true about Data Guard Service on DB Systems in Oracle Cloud Infrastructure (OCI)? (Choose two.)A. Remote virtual cloud network (VCN) peering across region
B. Oracle IPsec VPN
C. Local VCN peering
D. Oracle Cloud Infrastructure FastConnect public peering
Answer: A, B
Q221. Which two options are available when setting up DNS for your bare metal and virtual machine DB Systems? (Choose two.)A. Data guard implementation requires two DB Systems, one running the primary database on a virtual machine and the standby database running on bare metal
B. Data guard configuration on the OCI is limited to one standby database per primary database
C. Data guard configuration on the OCI is limited to a virtual machine only
D. Data guard implementation requires two DB Systems, one containing the primary database and one containing the standby database
Answer: B, D
Q222. You have five different company locations spread across the US. For a proof-of-concept (POC) you need to setup secure and encrypted connectivity to your workloads running in a single virtual cloud network (VCN) in the Oracle Cloud Infrastructure Ashburn region from all company locations.A. Internet and custom resolver
B. Google DNS servers
C. custom resolver
D. Internet and virtual cloud network (VCN) resolver
Answer: C, D
Q223. You are tasked with creating a highly available clustered application on Oracle Cloud Infrastructure consisting of three nodes. The round-trip latency between nodes must be less than 500µs (micro-seconds) and your cluster should be resilient to hardware failure.What would meet this requirement?
A. Create five internet gateways in your VCN and have separate route table for each internet gateway.
B. Create five virtual circuits using FastConnect for each company location and terminate those connections on a single dynamic routing gateway (DRG). Attach that DRG to your VCN.
C. Create five IPsec connections with each company location and terminate those connections on a single DRG. Attach that DRG to your VCN.
D. Create five IPsec VPN connections with each company location and terminate those connections on five separate DRGs. Attach those DRGs to your VCN.
Answer: C
Q224. You are running your warehouse using Autonomous Data Warehouse (ADW) service and you noticed that a newly configured batch job is always running in serial even though nothing else is running in the database. All your jobs are configured to run with parallelism enabled.What is the recommended deployment strategy?
A. Deploy the cluster nodes in a single region and deploy each node into a different AD. Select the same fault domain in each AD to ensure consistency.
B. Deploy the cluster nodes in two separate regions and take advantage of multiple availability domains (ADs) in each region.
C. Deploy the cluster nodes in a single region and deploy each node into a different AD.
D. Deploy the cluster nodes in a single region and deploy each node in different fault domains within a single AD.
Answer: D
Q225. Which two statements are true about DB Systems? (Choose two.)What could be the reason for this batch job to run in serial?
A. The batch job depends on only one table and parallelism cannot be enabled on single-table queries.
B. The parallelism of batch job depends on the number of ADW databases involved in the query.
C. The new batch job is connected to LOW consumer group.
D. The new batch job runs on database tables that are not enabled for parallel execution.
E. Parallelism on the database is controlled by the application, not the database.
Answer: C
Q226. Which two statements are true about DB Systems in Oracle Cloud Infrastructure? (Choose two.)A. Data Guard as a Service is offered between regions.
B. You cannot manage the database as sys/sysdba.
C. You have full control over the automatic backup schedule and retention periods.
D. You can manage Oracle database initialization parameters at a global level.
Answer: A, C
Q227. Identify INCORRECT policy syntax for OCI Identity and Access Management (IAM)?A. Customers can consolidate multiple database homes on a single virtual machine database host.
B. Customers have no control over database patching.
C. Customers can manage the TDE Wallet after DB Systems are provisioned.
D. The database and backups are encrypted by default.
Answer: C, D
Q228. Solution Architect needs to peer two VCNs? Which TWO statements are correct?A. Allow dynamic group BackEnd to manage instance family in compartment Prod
B. Allow all-group to inspect users in tenancy
C. Allow group C Admins to manage all resource in compartment Prod
D. Allow any-user to inspect users in tenancy
Answer: B
Q229. Which statement is CORRECT about OCI Object Storage Versioning?A. VCNs Peering must have overlapping CIDRs
B. VCNs Peering may exist in the same OCI region
C. VCNs Peering may exist in different OCI region
D. VCNs Peered needs to be part of same Tenancy
Answer: B, C
Q230. A company uploaded graphics to OCI object storage bucket and added URL paths for each object separately. As a Solution Architect, you need to ensure that these graphics are accessible without requiring any authentication for extended period of timeA. Object versioning is disable on a bucket by default
B. Object versioning doesn’t protect data against accidental deletion or overwriting of objects
C. Objects are physically deleted from a bucket when versioning is enabled
D. Enabling versioning will ensure that only latest version of the object is always preserved
Answer: A
Q231. To identify potential issues, fixing issued and detect anomalies of log data so as to perform advanced analysis, which service should you use to monitor?A. Create pre-authenticated request without specifying expiration time
B. Create pre-authenticated request with expiration time set to 00:00:0000
C. Make Object storage bucket private and object containing it as public
D. Make Object storage bucket public and use URL path for each objects
Answer: D
Q232. Which statement is CORRECT regarding Object Storage?A. Monitoring
B. Logging Analytics
C. OCI Analytics
D. OCI Machine Learning
Answer: B
Q233. In shared security model of OCI, which components are NOT managed by Oracle? Select THREE correct answersA. Objects in buckets are always encrypted with same encryption key
B. OCI vault service stores customer-provided encryption keys
C. Encryption is turned on by default and cannot be turned off
D. Encryption of data encryption keys with master encryption key is not mandatory
Answer: C
Q234. Which VCN size range is allowed in OCI?A. Data
B. Account $ Identities
C. Physical security of data center premises
D. Application
Answer: A, B, D
Q235. Which THREE tasks can a user who belongs to the GroupAdmin group perform if the policy is associated with it as follows:A. /8 through /16
B. /0 through /32
C. /16 through /30
D. /8 through /24
Answer: C
Q236. In OCI, which type of logs are emitted by Object Storage, VCN Flow logs, Functions and API Gateways?Allow group GroupAdmin to manage volumes in tenancy where request.permission != ‘VOLUME_DELETE’
A. Create Volume
B. Delete Volume
C. Move Volume
D. Update Volume
Answer: A, C, D
Q237. Retention rules are configured at which level for OCI Object Storage?A. Audit logs
B. Custom Logs
C. Service logs
D. None of these
Answer: C
Q238. Which encryption algorithm is supported by OCI Vault Service? Select THREE correct answersA. Namespace level
B. Tenant level
C. Compartment level
D. Bucket level
Answer: D
Q239. A company wants to implement DataGuard in OCI virtual machine and Bare metal database system. Which statement is CORRECTA. Rivest-Shamir-Adleman (RSA)
B. Advanced Encryption standard (AES)
C. Elliptic Sine Digital Signature algorithm (ESDSA)
D. Elliptic Curve Digital Signature algorithm (ECDSA)
Answer: A, B, D
Q240. Which statements are CORRECT about OCI VCN Peering? (Choose TWO)A. Primary and standby database version and editions need to be different
B. Both DB systems must reside in the same compartment
C. Primary and standby databases should be in the same OCI region
D. Database systems should have different shape type
Answer: B
Q241. Which Load Balancer can distribute traffic based on destination port and IP address?A. Both VNCs should have overlapping CIDRs
B. A single DRG can be used for local peering
C. Internet Gateway is required
D. VCN should reside in same region but can be in different OCI tenancies
Answer: B, D
Q242. As a Solution Architect, how can you prevent unwanted bots while desirable bots are allowed to enter?A. Layer-7 (HTTP)
B. Layer-2
C. Layer-3
D. Layer-4 (TCP/UDP/ICMP)
Answer: D
A. Data Guard
B. Vault
C. Compartments
D. Web Application Firewall (WAF)
Answer: D
Q244. As a Solution Architect, you need to make sure that the instance can communicate directly with the internet. Which TWO statements can fulfill the above requirement?A. IP prefix steering
B. Geolocation Steering
C. Failover
D. ASM steering
Answer: B
Q245. Audit team need access to a bucket for duration of 1 day for auditing purpose who don’t have IAM user credentials. As a Solution Architect, what can be done to meet the requirement?A. Instances should reside in a private subnet
B. VCN of the instance should have an Internet Gateway
C. VCN of the instance should have a Dynamic Routing Gateway (DRG)
D. Instances should have a public IP address
Answer: B, D
Q246. As a Solution Architect, you need to divide your network into multiple VNCs such that the traffic shouldn’t over the internet or via on-prem network so that each VNC can have private and direct access.A. Delete the bucket so that audit team will postpone the audit to a future date
B. Make the bucket public for 1 day
C. Pre-authenticated request (PAR)
D. Archiving the data in the bucket
Answer: C
Q247. DEV team uses JavaScript Object Notation Document for developing NOSQL-style applications. Which database type can be used?Which Networking method should you use?
A. NAT Gateway
B. Service Gateway
C. FastConnect
D. VCN Peering
Answer: D
Q248. DEV team uploaded an object with the same name as a previously existing object. AS a Solution Architect, you have enabled versioning on this bucket.A. Terraform
B. SQL Server 2012
C. Autonomous Data Warehouse
D. Autonomous JSON Database
Answer: D
Q249. Which statements are TRUE about the OCI Compartments? Select THREE correct statementsWhat will be impact of uploading an object by the developer with the same name?
A. Existing object is moved to archive storage whereas new object remains on standard storage
B. Throws an error message, “Cannot copy object. Object already exists”
C. Existing object is overwritten which is unrecoverable
D. New object becomes the current version whereas existing object becomes previous version
Answer: D
A. One Compartment can reside inside another Compartment
B. One Compartment can have resources from multiple OCI regions
C. Single resource can be shared by multiple Compartments
D. Budget on a Compartment can be set such that if a budget exceeds then a notification will be sent
Answer: A, B, D