Oracle Cloud Infrastructure 2019 Architect Associate

1. You are designing a lab exercise for your team that has a large number of graphics with large file
sizes. The application becomes unresponsive if the graphics are embedded in the application. You
have uploaded the graphics to Oracle Cloud Infrastructure and only added the URL in the
application. You need to ensure these graphics are accessible without requiring any
authentication for an extended period of time. How can you achieve these requirements?

A) Create PARs and do not specify an expiration date.

B) Make the object storage bucket private and all objects public and use the URL found in the
Object “Details”.
C) Create pre-authenticated requests (PAR) and specify 00:00:00 as the expiration time.
D) Make the object storage bucket public and use the URL found in the Object “Details”.

ANSWER: D

2. You have an application server that needs to copy data on Oracle Cloud Infrastructure (OCI)
object storage in the same region. You have created a service gateway for OCI object storage in
your Virtual Cloud Network (VCN) and modified security lists associated with the subnet to allow
traffic to the service gateway. You are able to connect to the OCI object storage, however you
notice that the connectivity is over the internet instead of the service gateway. What is the
reason for this behaviour?

A) Identy and Access Management (IAM) policies restrict the access to the object storage bucket.
B) The service gateway created in the VCN resides in a different availability domain.
C) The security list associated with the subnet has an egress rule that allows all traffic to be
forwarded to a destination CIDR 0.0.0.0/0.
D) The route table associated with the subnet has no route rule where the destination is object
storage service.

ANSWER: D

3. You have just created an Autonomous Data Warehouse (ADW) and you want to connect to the
ADW using SQL Developer. What three items are needed to connect to the ADW using SQL
Developer?

A) The public IP address of the ADW server.

B) The admin password.
C) The keystore password.
D) The client credentials file.
E) A security list with an ingress rule for TCP port 1521.

ANSWER: B-C-D
 4. Which two statements are true about DB Systems?

A) Data Guard as a Service is offered between regions.

B) You have full control over the backup schedule and retention periods.
C) You can manage Oracle parameters at a global system level.
D) You cannot manage the database as sys/sysdba.

ANSWER: B-C

5. Which two are a valid image source when launching a new compute instance?

A) Custom image
B) Boot volume
C) Bare metal instance
D) Object storage

ANSWER: A-B

6. Which two Oracle Cloud Infrastructure database services allow you to dynamically scale CPU and
storage?

A) Bare metal DB system

B) Autonomous Data Warehouse (ADW)
C) Autonomous Transaction Processing (ATP)
D) Virtual machine DB system

ANSWER: B-C

7. You have an application running on Oracle Cloud Infrastructure. You identified that the read and
write operations are slowing your application down enough to impair user access. The
application is currently using a VM.Standard1.2 compute without any block storage attached to
it. Which two options allow you to increase disk performance?

A) Terminate the compute instance preserving the boot volume. Create a new compute instance
using a VM Standard shape and attach a new block volume to host your application.
B) Terminate the compute instance and create a backup of the boot volume. Create a new
compute instance using a VM Dense IO shape and restore the backup.
C) Create a backup of the boot volume. Create a new compute instance using a VM Dense IO
shape and restore the backup.
D) Terminate the compute instance preserving the boot volume. Create a new compute instance
using a VM Dense IO shape using the boot volume preserved.
ANSWER: C-D

8. You have an application running on Oracle Cloud Infrastructure. You identified that the read and
write operations are slowing your application down enough to impair user access. The
application is currently using a VM.Standard2.1 compute without any block storage attached to
it. Which two options allow you to increase disk IOPS performance?

A. Terminate the compute instance preserving the boot volume. Create a new compute instance using
the VM.Standard2.2 shape using the boot volume preserved, but no block volume attached..
B. Terminate the compute instance preserving the boot volume. Create a new compute instance using
the VM.DenseIO2.8 shape using the boot volume preserved and use the NVMe devices to host your
application
C. Terminate the compute instance preserving the boot volume. Create a new compute instance using
the BM.GPU2.2 shape using the boot volume preserved, but no block volume attached.
D. Terminate the compute instance preserving the boot volume. Create a new compute instance using
the VM.Standard2.2 shape using the boot volume preserved and attach a new block volume to host
your application.

ANSWER: B-D

9. You have an external facing web server running in the Oracle Cloud Infrastructure (OCI) London
Region. You are notified that customers in North America and Australia are facing high latency
while connecting to your web server. Which services are available on OCI that can help you get
current latency statistics to your web server from these markets?

A) Use DNS Zone Management service to check latency over that connection.
B) Setup a IPsec VPN with customers in those markets and check latency over that connection.
C) Setup a FastConnect with customers in those markets and check latency over that connection.
D) Use the Internet Intelligence tool. Run tests using the web server’s public IP address and review
traceroute details from different vantage points.

ANSWER: D

10. Your Operations team has recently created a new, standard image that will be used to launch all
new application servers in the Finance compartment. The custom image currently exists in the
Operations compartment. You have access to manage all-resources in the Finance compartment
and do not have access to the Operations compartment. Which two methods would make the
new image available for you to use when deploying new servers in the Finance compartment?

A) Instruct the Operations team to export the image to an object storage bucket, create a pre-
authenticated request (PAR), and provide you with URL. Download the custom image to your
laptop and import it as a custom image in the Finance compartment.
 B) Instruct the Operations team to export the image to an object storage bucket. Instruct the
Administration team to grant you access to the object storage bucket where the custom image
is stored. Use the download URL of the custom image as the image source when launching new
compute resources in the Finance compartment.
C) Instruct the Administrators team to grant you access to use instance-images in the Operations
compartment. Use the Oracle Cloud Identifier (OCID) of the custom image when launching new
compute resources in the Finance compartment.
D) Instruct the Operations team to reassign the custom image to the Finance compartment so you
can select it from a drop-down list when launching new compute resources.
E) Instruct the Operations team to export the image to an object storage bucket, create a PAR,
and provide you with the URL. Use that Url as the source when importing a custom image.
Import the custom image into the Finance compartment.

ANSWER: C-E

11. You have been notified of an application failure indicating that one or more of the Oracle Cloud
Infrastructure (OCI) resources have become unavailable. After scanning the Compute and
Database consoles, you notice that one of the DB Systems is missing. What would you do to
identify the reason for this missing resource?

A) Navigate to the Audit console and search the previous 24 hours for all List actions to get a list of
every event that occurred in the past 24 hours.
B) View the service limits associated with your account to ensure that you have not exceed the
allowable number of DB Systems in your tenancy.
C) Navigate to the Audit console and search the previous 24 hours for all Delete actions to get a
list of any resource that was deleted in the past 24 hours.
D) Create a serial console connection to the DB System that does not appear in the management
console. Connect to the serial console connection, and then review the system logs under
/var/log/messages.

ANSWER: C

12. Which two actions will occur when a backend server that is registered with a backend set is
marked to drain connections?

A) It forcibly closes all connections to that instance after a timeout period.

B) It disallows new connections to that backend server.
C) It redirects the requests to a user-defined error page.
D) It immediately closes all existing connections to that instance.
E) It keeps the connections to that instance open and attempts to complete any in-flight requests.

ANSWER: B-E

13. What is the maximum number of security lists that can be associated with a subnet?
 A) Five
B) Two
C) Three
D) Four

ANSWER: A

14. Where are DB Systems backups stored by default?

A) Locally attached NVMe on virtual machine

B) Block volume
C) ASM disk group
D) Object storage on Oracle Cloud Infrastructure

ANSWER: D

15. What is the maximum CIDR range that can be assigned when configuring a virtual cloud network?

A) /24
B) /16
C) /8
D) /26

ANSWER: B

16. What is a valid option when exporting a custom image?

A) Object storage URL

B) Block volume
C) Archive storage URL
D) File storage service

ANSWER: A

17. How can you provide users access to an existing compartment?

A) By granting access directly to the user when the user is created

B) By adding users to a compartment; all users in the compartment will have access to the objects
in the compartment
C) By granting users access to compartment when the compartment is created
 D) By adding users to a group and defining a policy to provide the group access to the
compartment.

ANSWER: D

18. Which statement is true regarding Autonomous Transaction Processing (ATP)?

A) A maximum of 8 cores can be enabled for an ATP database

B) After terminating a database, the database name is available for immediate reuse
C) A maximum of 2 TB of storage can be enabled for an ATP database
D) A database name cannot be used concurrently for both an Autonomous Data Warehouse
(ADW) and an ATP database

ANSWER: D

19. You are an administrator with an application running in Oracle Cloud Infrastructure (OCI). The
company has a fleet of OCI compute virtual instances behind a load balancer. The load balancer
backend set health check API is providing a ‘Critical’ level warning. You have confirmed that your
application is running healthy on the backend servers. What is the possible reason for this
‘Critical’ warning?

A) The security list associated with the subnet in which the backend server is provisioned does not
include the IP range for the source of the health check requests.
B) The load balancer listener is not configured correctly
C) The route table associated with the subnet in which the backend server is provisioned does not
include the route for the OCI load balancer
D) A user does not have correct Identity and Access Management (IAM) credentials on the
backend servers.

ANSWER: A

20. You have successfully configured identity federation between Oracle Cloud Infrastructure (OCI)
and Oracle Identity Cloud Services (IDCS). A new project manager wants access to OCI for her
team and provides the name of an existing group within IDCS to use when granting access. How
do you configure federation to allow the project team access to OCI resources?

A) Create a new IAM group in OCI and map it to the existing IDCS group. Create a new IAM policy
and reference the name of the IAM group in each policy statement
B) Create a new IAM group in OCI and map it to the existing IDCS group. Create a new policy in
IDCS and reference the name of the IAM group
C) Create a new compartment in OCI with the same name as the existing IDCS group. Create an
IAM policy that references the new compartment and the name of the IDCS group.
D) Create a new Identity and Access Management (IAM) policy in OCI and reference the name of
the IDCS group in each policy statement
ANSWER: A

21. Which two options are necessary for achieving high availability on Oracle Cloud Infrastructure?

A) Distribute your application servers across all availability domains (Ads) within a region
B) Configure data guard in sync mode between multiple Ads in the same region
C) Attach your block volume from AD1 to a compute instance in AD2 (and vice versa) so that they
are highly available
D) Store your database across multiple regions so that half of the data resides in one region and
the other half resides in another region
E) Store your database files on object storage so that they are available in all Ads in all regions

ANSWER: A-B

22. Your company has been running several small applications in Oracle Cloud Infrastructure and is
planning a proof-of-concept (POC) to deploy PeopleSoft. If your existing resources are being
maintained in the root compartment, what is the recommended approach for defining security
for the upcoming POC?

A) Create a new compartment for the POC and grant appropriate permissions to create and
manage resources within the compartment
B) Provision all new resources into the root compartment. Use defined tags to separate resources
that belong to different applications
C) Provision all new resources into the root compartment. Grant permissions that only allow for
creation and management of resources specific to the POC
D) Create a new tenancy for the POC. Provision all new resources into the root compartment.
Grant appropriate permissions to create and manage resources within the root compartment

ANSWER: A

23. Your company is developing a new database application in Oracle Cloud Infrastructure. You need
to test application functionality including a hardware failure scenario. Since the application is still
in the development phase, you want to minimize infrastructure costs. Which database service
deployment option meets this requirement?

A) Two node real application cluster (RAC) system

B) Autonomous Data Warehouse (ADW) system as it provides auto fail over functionality
C) Single node bare metal system
D) Two node bare metal system with data guard enabled
ANSWER: A

24. You deployed a web server in Oracle Cloud Infrastructure using an ephemeral public IP. After a
few changes in your web server configuration, you rebooted the server and a new public IP was
associated to your instance. What should you do to prevent this from happening again?

A) Create a reserved public IP and associate it with the hosts file of your web server
B) Create a reserved public IP and associate it with the security list that your compute instance is
using
C) Create a reserved public IP and associate it with the subnet of your compute instance
D) Create a reserved public IP and associate it with the VNIC of your compute instance

ANSWER: D

25. Which two statements are true about data guard service on DB Systems in Oracle Cloud
Infrastructure (OCI)?

A) Data guard implementation requires two DB Systems, one running the primary database on a
virtual machine and the standby database running on bare metal
B) Data guard implementation requires two DB Systems, one containing the primary database and
one containing the standby database
C) Data guard configuration on the OCI is limited to one standby database per primary database
D) Data guard configuration on the OCI is limited to a virtual machine only.

ANSWER: B-C

26. Which statement is true about data guard implementation in DB Systens?

A. Both DB Systens must be in the same compartment, and they must be the same shape
B. You cannot manage Oracle database initialization parameters at a global level
C. You can define the backup windows and set custom backup retention period for the
automatic database backup schedule
D. You cannot manage the database as sys(sysdba

ANSWER: A-C

Please correct Correct answer is only A

27. You are a network architect and have designed the network infrastructure of a three-tier
application on Oracle Cloud Infrastructure (OCI). In the architecture, back-end DB servers are in a
 private subnet. One of your DB administrators requests to have access to OCI object storage
services. How can you meet this requirement?

A) Attach a public IP address to the instances in the private subnet, and then add a new route rule
to the private subnet route table to route default traffic to the internet gateway
B) Create a service gateway, add a new route rule to the private subnet route table that uses
object storage as your service gateway target type
C) Add a new route rule to the private subnet route table to route default traffic to the internet
gateway
D) Create a dynamic routing gateway (DRG) and attach it your virtual cloud network (VCN). Add a
default route rule to the private subnets route table and set the target as DRG.

ANSWER: B

28. You are designing a two-tier web application in Oracle Cloud Infrastructure (OCI). Your clients
want to access the web servers from anywhere, but want to prevent access to the database
servers from the Internet. Which is the recommended way to design the network architecture?

A) Create public subnets for web servers and private subnets for database servers in your virtual
cloud network (VCN), and associate separate internet gateways for each subnet.
B) Create a single public subnet for your web servers and database servers, and associate only
your web servers to internet gateway.
C) Create public subnets for web servers and associate a dynamic routing gateway with that
subnet, and a private subnet for database servers with no association to dynamic routing
gateway.
D) Create public subnets for web servers and private subnets for database servers in your VCN,
and associate separate security lists and route tables for each subnet.

ANSWER: D

29. You want an Oracle Cloud Infrastructure (OCI) compute instance in your compartment to make
API calls to other services within OCI without storing credentials in a configuration file. What do
you need to do?

A) By default, all VM instances are created with an instance principal. Reference this instance
principal in your IAM policy statement.
B) Create a dynamic group with appropriate matching rules to include the instance, and reference
this group in your IAM policy statement.
C) VM instances are treated as users. Create a user, assign the user to that VM instance, and
reference the instance in your Identity and Access Management (IAM) policy statement.
D) Instances cannot access services outside their compartment.

ANSWER: B
 30. You are about to upload a large log file (5 TiB size) to Oracle Cloud Infrastructure object storage
and have decided to use multipart upload capability for a more efficient and resilient upload.
Which two statements are true about multipart upload?

A) You do not have to commit the upload after you have uploaded all the object parts.
B) The maximum size for an uploaded object is 10 TiB.
C) While a multipart upload is still active, you cannot add parts even if the total number of parts is
less than 10,000.
D) Individual object parts can be as small as 10 MiB or as large as 50 GiB.

ANSWER: B-D

31. Where do you find the tnsnames.ora for your Autonomous Data Warehouse database?

A) The tnsnames.ora file is included in credentials.zip file that you download form service console
of ADW.
B) You can download tnsnames.ora from Oracle Cloud Infrastructure web console under ADW
details page.
C) The ADW database will place the tnsnames.ora file in an object storage bucket.
D) You are automatically prompted to download the tnsnames.ora file upon creation of the ADW
database.

ANSWER: A

32. You are tasked with creating a highly available clustered application on Oracle Cloud
Infrastructure consisting of three nodes. The round-trip latency between nodes must be less than
500 μs and your cluster should be resilient to hardware failure. What is the recommended
deployment strategy?

A) Deploy the cluster nodes in a single region and deploy each node into a different AD.
B) Deploy the cluster nodes in a single region and deploy each node in different fault domains
within a single AD.
C) Deploy the cluster nodes in a single region and deploy each node into a different AD. Select the
same fault domain in each AD to ensure consistency.
D) Deploy the cluster nodes in two separate regions and take advantage of multiple availability
domains (Ads) in each region.

ANSWER: A

33. In what two ways does Oracle Cloud Infrastructure (OCI) file storage service (FSS) differ from OCI
object storage and block volume services?
 A) Object storage and block volume services offer default encryption, but FSS does not
B) FSS uses the network file system (NFS) protocol, whereas block volume uses iSCSI.
C) A file system is created within an availability domain, whereas object storage buckets exist at
the region level.
D) Block volume service is NVMe based, while FSS is not.

ANSWER: B-C

34. In what two ways does Oracle Cloud Infrastructure (OCI) file storage service (FSS) differ from OCI
object storage and block volume services?

A) File storage mout target does not provide a private IP address, while the object storage nucket
provide one
B) File Storage uses the network file system (NFS) protocol whereas block volume uses ISCSI
C) You can move object storage buckets, block volumes and file storage mount targets between
compartments
D) Block volume service is NVME based while file storage service is not

ANSWER: B-C

35. Which two options are available when setting up DNS for your bare metal and virtual machine DB
Systems?

A) Internet and custom resolver.

B) Custom resolver.
C) Google DNS servers
D) Internet and virtual cloud network (VCN) resolver.

ANSWER: B-D

36. Which two options are true for Autonomous Transaction Processing (ATP) database?

A) You can add more Pluggable Database for consolidating multiple databases in ATP.
B) You can add new ORACLE_HOME for bringing older versions of on-premises databases to ATP.
C) You can scale CPU up or down in ATP.
D) You can add/remove Diskgroup in ATP.
E) You can scale storage up or down in ATP.

ANSWER: C-E

37. Which two use Oracle dynamic routing gateway (DRG) for connectivity?
 A) Oracle IPsec VPN.
B) Oracle Cloud Infrastructure FastConnect public peering.
C) Local VCN peering.
D) Remote Virtual Cloud Network (VCN) peering across region.

ANSWER: A-D

38. When terminating a compute instance, which statement is true?

A) Users can preserve the boot volume associated with the instance.
B) All block volumes attached to the instance are terminated.
C) The boot volume is always deleted.
D) The instance needs to be stopped first, and then terminated.

ANSWER: A

39. You have been tasked with creating one virtual cloud network (VCN) each for two line of business
(LOB) applications. LOB A and LOB B will need to communicate with each other. To ensure that
you can utilize VCN peering, which network CIDR ranges should be used?

A) VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25).

B) VCN A (172.16.0.0/24) and VCN B (172.16.0.0/28).
C) VCN A (10.0.0.0/16) and VCN B (10.0.16.0/24).
D) VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16).

ANSWER: D

40. Which statement is true about Oracle Cloud Infrastructure FastConnect?

A) For Private peering, FastConnect extends your existing infrastructure to allow you to consume
object storage from your on-premises data center.
B) For private peering, FastConnect extends your existing infrastructure to a virtual cloud network.
C) The FastConnect provider network offers only 1 Gbps port connection speed increments.
D) For public peering, a dynamic routing gateway must be configured and attached to the virtual
cloud network (VCN).

ANSWER: B
 41. You need to create a high performance shared file system, and have been advised to use file
storage service (FSS). You have logged into the Oracle Cloud Infrastructure console, created a file
system, and followed the steps to mount the shared file system on your Linux instance. However,
you are still unable to access the shared file system from your Linux instance. What is the likely
reason for this?

A) There is no route in your virtual cloud network’s (VCN) route table for mount target traffic.
B) There is no Identity and Access Management (IAM) policy set up to allow you to access the
mount target.
C) There are no security list rules for mount target traffic.
D) There is no internet gateway set up for mount target traffic.

ANSWER: C

42. You are designing a high bandwidth, redundant connection between your data center and Oracle
Cloud Infrastructure (OCI). While researching for OCI FastConnect locations, you notice that you
are co-located with Oracle at one of the Oracle FastConnect locations in the Ashburn region.
What is the recommended design in this scenario?

A) Create a cross-connect group and have two or more cross-connects in that group. Create an
IPsec VPN connection on this group.
B) Create a cross-connect group and have at least one cross-connect in that group. Create at least
one virtual circuit in the group.
C) Setup two IPsec connections between your data center and OCI Ashburn region. Create a OCI
load balancer to distribute the traffic across the two connections.
D) Create a cross-connect group and have at least two or more cross-connects in that group.
Create at least two or more virtual circuits in the group.

ANSWER: D

43. Which service would you use if your big data workload required shared access and NFS-based
connectivity?

A) File storage.
B) Block volume.
C) Object storage.
D) Archive storage.

ANSWER: A

44. You are deploying a highly available web application in Oracle Cloud Infrastructure and have
decided to use a public load balancer. The back-end web servers will be distributed across all
three availability domains (Ads). How many subnets should you create to deliver a secure, highly
available application?
 A) Three subnets in total; one regional public subnet to host your bacj-end web servers and two
AD specific private subnets to host your private load load balancer.
B) One subnet in total; one regional private subnet to host your back-end web servers and your
public load balancer
C) Two subnets in total; one regional private subnet to host your back-end web servers and one
regional public subnet to host your public load balancer.
D) Two subnets in total; one regional public subnet to host your back-end web servers and one
regional private subnet to host your public load load balancer..

ANSWER: C

45. You have hired a new employee to run reports from the Autonomous Data Warehouse (ADW)
and are not confident in their SQL writing ability. Into which consumer group will you assign this
individual to minimize the impact of their code?

A) High
B) Medium
C) Lowest
D) Highest
E) Low

ANSWER: E

46. Which two are valid options when migrating a database from on-premises to Oracle Cloud
Infrastructure (OCI)?

A) Performing a backup to OCI object storage, and then restoring to a database server on OCI.
B) Converting the Oracle database to a NoSQL database and migrating to OCI by using rsync file
copy.
C) Performing RMAN backup to an on-premises storage device, and then shipping to OCI.
D) Snapping or cloning storage from on-premises to OCI.

ANSWER: A-C

47. Which two statements about file storage service (FSS) are accurate?

A) Identity and Access Management (IAM) controls which file systems are mountable by which
instances.
B) Encryption of file system in FSS is optional.
C) Data in transit to an FSS mount target is encrypted.
D) Security lists can be used as a virtual firewall to prevent an instance from mounting an FSS
mount target within the same subnet.
 E) FSS leverages UNIX user group and permission checking for file access security.

ANSWER: D-E

48. You have created a public subnet and an internet gateway in your virtual cloud network (VCN).
The public subnet has an associated route table and security list. However, after creating several
compute instances in the public subnet, none can reach the Internet. Which two are possible
reasons for the connectivity issue?

A) The route table has no default route for routing traffic to the internet gateway.
B) There is no stateful egress rule in the security list associated with the public subnet.
C) There is no dynamic routing gateway (DRG) associated with the VCN.
D) There is no stateful ingress rule in the security list associated with the public subnet.

ANSWER: A-B

49. Your application front end consists of several Oracle Cloud Infrastructure compute instances
behind a load balancer. You have configured the load balancer to perform health checks on these
instances. What will happen if an instance fails to pass the configured health checks?

A) The instance is taken out of the backend set by the load balancer.
B) The load balancer stops sending traffic to that instance.
C) The instance is replaced automatically by the load balancer.
D) The instance is terminated automatically by the load balancer.

ANSWER: B

50. You have provisioned an Autonomous Data Warehouse (ADW) database with 16 enabled OCPUs
and need to configure the consumer group for your application. Which two are true deciding the
number of sessions for each application?

A) The HIGH consumer group can run 3 concurrent SQL statements when MEDIUM consumer
group has 0 SQL statements.
B) The HIGH consumer group can run up to 16 concurrent SQL statements as long as MEDIUM and
LOW consumer groups have 0 SQL statements.
C) The HIGH consumer group can run up to 16 concurrent SQL statements in addition to 32
concurrent SQL statements in MEDIUM and LOW consumer group each.
D) The MEDIUM consumer group can run 20 concurrent SQL statements when HIGH consumer
group has 0 SQL statements.
E) The MEDIUM and LOW consumer group can run up to 16 concurrent SQL statements if HIGH
consumer group has 0 SQL.

ANSWER: A-D
Explanation from

https://docs.oracle.com/en/cloud/paas/autonomous-data-warehouse-cloud/user/manage-
priorities.html#GUID-80E464A7-8ED4-45BB-A7D6-E201DD4107B7

Note:

The HIGH consumer group is configured for low concurrency, even a single query in this consumer
group can use all resources in your database. If your workload has concurrent queries Oracle
recommends using the MEDIUM consumer group. If your concurrency requirements are not met
with the MEDIUM consumer group, you can use the LOW consumer group or you can scale up
your compute capacity and continue using the MEDIUM consumer group.

For example, for an Autonomous Data Warehouse with 16 OCPUs, the HIGH consumer group will
be able to run 3 concurrent SQL statements when the MEDIUM consumer group is not running any
statements. The MEDIUM consumer group will be able to run 20 concurrent SQL statements when
the HIGH consumer group is not running any statements. The LOW consumer group will be able to
run 1600 concurrent SQL statements. The HIGH consumer group can run at least 1 SQL statement
when the MEDIUM consumer group is also running statements. When these concurrency levels are
reached for a consumer group new SQL statements in that consumer group will be queued until one
or more running statements finish.

51. You have one database-style application that frequently makes many random reads and writes
across the dataset. Which storage offering support this application?

A) Object storage service

B) Archive storage service
C) Block storage service
D) File storage service

ANSWER: C

52. You are planning to deploy a multi-region web application in Oracle Cloud Infrastructure (OCI).
You have customers in North America, Asia and Europe who will access the application. What
service is available in OCI to help you choose the regions the lowest latency to these markets?

A) DNS Zone Management

B) IPsec VPN
C) FastConnect
D) Internet Intelligence

ANSWER: D

53. Which two statements are true about an Oracle Cloud Infrastructure object storage bucket?
 A) You cannot change a bucket from private to public after it is created.
B) You can associate a bucket with only a single compartment.
C) You can associate a bucket with multiple compartments.
D) You cannot edit or append data to an object, but you can replace the entire object.

ANSWER: B-D

54. Your organization has deployed a large, complex application across multiple compute instances
also have block volume storage attached to them. You want to create a time consistent backup of
these block volume storage. Which implementation strategy should be used?

A) Use scripts available in OCI to backup block volume storage.

B) Group volumes in a volume group and create a manual backup of the volume group.
C) Create a manual backup of each volume.
D) Group volumes in a volume group first and then use available scripts in OCI.

ANSWER: B

55. Which two statements are true about restoring a block volume from a manual or policy-based
block volume backup?

A) It can be restored as a new volume to any AD in the same region.

B) It must be restored as a new volume to the same availability domain (AD) on which the original
block volume backup resides.
C) It can be restored as new volumes with different sizes from the backups.
D) It can be restored as a new volume to any AD across different regions.

ANSWER: A-C

56. You have created a virtual cloud network (VCN) with three private subnets. Two of the subnets
contain application servers and the third subnet contains a DB System. The application requires a
shared file system so you have provisioned one using the file storage service (FSS). You also
created the corresponding mount target in one of the application subnets. The VCN security lists
are properly configured so that both application servers and the DB System can access the file
system. The security team determines that the DB System should have read-only access to the
file system. What change would you make to satisfy this requirement?

A) Modify the security list associated with the subnet where the mount target resides. Change the
ingress rules corresponding to the DB System subnet to be stateless.
B) Create an instance principal for the DB System. Write an Identity and Access Management
(IAM) policy that allows the instance principal read-only access to the file storage service.
 C) Create an NFS export option that allows READ_ONLY access where the source is the CIDR range
of the DB System subnet.
D) Connect via SSH to one of the application servers where the file system has been mounted. Use
the Unix command chmod to change permissions on the file system directory, allowing the
database user read only access.

ANSWER: C

57. Which three load-balancing policies can be used with a backend set?

A) IP hash
B) Least connection
C) Throughput
D) Weighted round robin
E) CPU utilization

ANSWER: A-B-D

58. Your on-premises hosted application uses Oracle database server. Your database administrator
must have access to the database server for managing the application. Your database server is
sized for seasonal peak workload, which results in high licensing costs. You want to move your
application to Oracle Cloud Infrastructure (OCI) to take advantage of CPU scaling options. Which
database offering on OCI would you select?

A) Autonomous Data Warehouse

B) VM DB Systems
C) Bare metal DB Systems
D) Autonomous Transaction Processing (ATP)

Risposta C

59. Your company has decided to move a few applications to Oracle Cloud Infrastructure (OCI) and
you have been asked to design a cloud-based disaster recovery (DR) solution. One of the
requirements is to deploy the DR resources at least 300 miles from the home OCI. What will be
the recommended deployment?

A) Deploy production and DR applications in the same VCN. Create production subnets in one AD,
and DR subnets in another AD.
B) Deploy production and DR applications in two separate VCNs in different availability domains
(ADs) within your home region, and then use a VCN remote peering connection for
connectivity.
C) Deploy production and DR applications in two separate virtual cloud networks (VCNs), each in
different regions, and then use VCN local peering gateways for connectivity.
 D) Deploy production and DR applications in two separate VCNs, each in different regions.
Connect them using a VCN remote peering connection.

ANSWER: D

60. Which two statements are true about the Oracle Cloud Infrastructure object storage service?

A) It can be directly attached to or detached from a compute instance.

B) It provides strong consistency.
C) Data is stored redundantly in a single AD.
D) Data is stored redundantly across multiple availability domains (ADs).
E) It provides higher IOPS than block storage.

ANSWER: B-D

61. Which two statements are true about encryption on Oracle Cloud Infrastructure (OCI)?

A) A customer is responsible for data encryption in all services of OCI.

B) By default, DB Systems offers an encrypted database.
C) By default, object storage and block storage are encrypted at rest.
D) By default, NVMe drives are encrypted, but the block volume service is not.

ANSWER: B-C

62. Which two statements are true about an Oracle Cloud Infrastructure (OCI) virtual cloud network
(VCN)?

A) A VCN creates the dynamic routing gateway by default.

B) A VCN covers a single, contiguous IPv4 CIDR block of your choice.
C) The allowable VCN size range is: /16 to /30.
D) A VCN can reside in multiple OCI regions and availability domains.

ANSWER: B-C

63. Which two identity providers can your administrator federate with Oracle Cloud Infrastructure?

A) Google Directory Federation Services.

B) AWS Directory Services.
C) Oracle Identity Cloud Services.
D) Microsoft Active Directory.
ANSWER: C-D

64. You have an application deployed In Oracle Cloud Infrastructure running only in the Phoenix
region. You were asked to create a disaster recovery (DR) plan that will protect against the loss of
critical data. The DR site must be at least 500 miles from your primary site and data transfer
between the two sites must not traverse the public internet. Which is the recommended disaster
recovery plan?

A) Create a DR environment in Ashburn and provision a FastConnect virtual circuit using DRG
between the regions.
B) Create a DR environment in Ashburn. Associate a dynamic routing gateway (DRG) with the VCN
in each region and configure an IPsec VPN connection between the two regions.
C) Create a new virtual cloud network (VCN) in the Phoenix region and create a subnet in one
availability domain (AD) that is not currently being used by your production systems. Establish
VCN peering between the production and DR sites.
D) Create a DR environment in Ashburn. Associate a DRG with the VCN in each region and create a
remote peering connection between the two VCNs.

ANSWER: D

65. You have multiple applications installed on a compute instance and these applications generate a
large amount of log files. These log files must reside on the boot volume for a minimum of 15
days and must be retained for at least 60 days. The 60-day retention requirement is causing an
issue with available disk space. What are the two recommended method to provide additional
boot volume space for this compute instance?

A) Create an object storage bucket and use a script that runs daily to move log files older than 15
days to the bucket.
B) Write a custom script to remove the log files on a daily basis and free up the space on the boot
volume.
C) Terminate the instance while preserving the boot volume. Create a new instance from the boot
volume and select a DenseIO shape to take of local NVMe storage.
D) Create and attach a block volume to the compute instance and copy the log files.
E) Create a custom image and launch a new compute instance with a large boot volume size.

ANSWER: A-E

66. A company currently uses Microsoft Active Directory as its identity provider. The company
recently purchased Oracle Cloud Infrastructure (OCI) to leverage the cloud platform for its test
and development operations. As the administrator, you are now tasked with giving access only to
 developers so that they can start creating resources in their OCI accounts. Which step will you
perform to achieve this requirement?

A) Create a group for developers on OCI, export all the developers from Microsoft Active
Directory, and then import them into the Identity and Access Management (IAM) group.
B) Create a new user account for each user, and then create policies to provide access to
developers.
C) Federate all Microsoft Active Directory groups with OCI to allow users to use their existing
credentials.
D) Create a group for developers on OCI and map the group to a similar group in Microsoft Active
Directory during the federation process.

ANSWER: D

67. You are designing a networking infrastructure in multiple Oracle Cloud Infrastructure regions and
require connectivity between workloads in each region. You have created a dynamic routing
gateway (DRG) and a remote peering connection. However, your workloads are unable to
communicate with each other. What are two reasons for this?

A) A local peering gateway needs to be created in each VCN with a default route rule added in the
route table forwarding the traffic to the local peering gateway.
B) The route table associated with subnets in each VCN do not have a route rule defined to
forward the traffic to their respective DRGs.
C) The security lists associated with the subnets in each virtual cloud network (VCN) do not have
the appropriate ingress rules.
D) Identity and Access Management (IAM) policies have not been defined to allow connectivity
across the two VCNs in different regions.
E) An internet gateway needs to be created in each VCN with a default route rule added in the
route table forwarding the traffic to the internet gateway.

ANSWER: B-C

68. You are running a mission-critical database application in Oracle Cloud Infrastructure (OCI). You
take regular backups of your DB system to OCI object storage. Recently, you notice a failed
database backup status in the console. What two steps can you take to determine the cause of
the backup failure?

A) Make sure that the database is not active and running while the backup is in progress.
B) Ensure that your database host can connect to the OCI object storage.
C) Restart the dcsagent program if it has a status of stop or waiting.
D) Ensure the database archiving mode is set to NOARCHIVELOG.

ANSWER: B-C
 69. As the Cloud Architect for your company, you have been tasked with designing a high
performance compute (HPC) cluster in Oracle Cloud Infrastructure (OCI). The following
requirements have been defined:
 The cluster must be a minimum of three nodes, but may increase to six nodes when
demand requires.
 The cluster must be resilient to any potential infrastructure failures.
 To minimize latency, all nodes must be deployed within the same availability domain
(AD).
 Adding or replacing nodes within the cluster should take no more than 30 minutes.

Which two steps should be performed to satisfy these requirements in OCI?

A) Deploy the cluster in a single AD with a shared file system that leverages the file storage
service (FSS). Deploy a standby cluster in another AD and configure it to use the same
shared file system.
B) Deploy the cluster in a single AD. Place each of the nodes in a different virtual cloud
network (VCN) subnet.
C) Deploy the cluster in a single AD. Place each of the nodes in one of the three different fault
domain in AD.
D) Create a backup of your HPC node compute instance boot volume. Launch new compute
instances directly from the backup to reduce provisioning time.
E) Create a custom image of your HPC node compute instance. Launch new compute
instances using this image to reduce provisioning time.

ANSWER: C-E

NOTE THAT MAYBE QUESTION N. 68 WILL ASK YOU FOR A SINGLE ANSWER. IN THIS CASE INDICATE AS
THE CORRECT ANSWER ONLY C

70. Which two choices are true for Autonomous Data Warehouse (ADW)?

A) Billing for compute stops when ADW is stopped.

B) Billing stops for both CPU usage and storage usage when ADW is stopped.
C) Billing for storage continues when ADW is stopped.
D) Billing stops only when ADW is stopped.

ANSWER: A-C

71. A customer has established an Oracle Cloud Infrastructure (OCI) FastConnect connection to OCI.
The virtual circuit is up and routes are being advertised from the customer’s end, however the
customer is unable to ping from compute instances inside the virtual cloud network (VCN) to
servers residing in its on-premises data center. Which two options on OCI would remedy this
situation?
 A) Modify the default VCN route table and add a route to the customer’s on premises network via
the DRG.
B) Modify the security list associated with the vcn subnet in which the instance reside. Add a
stateful egress rule to allow ICMP traffic to the customer’s on-premise network.
C) Modify the route table associated with the vcn subnet in which the instance reside. Add a route
to the customer’s on premises network via the dynamic routing gateway (DRG).
D) Modify the security list associated with the vcn subnet in which the instance reside. Add a
stateful ingress rule to allow ICMP traffic from anywhere.

ANSWER: B-C

72. What is true about data guard set up with faster-start failover (FSFO) in Oracle Cloud
Infrastructure (OCI)?

A) You cannot use database command line interface (CLI) to set up data guard with FSFO.
B) When you configure data guard using OCI console, the default mode is set to maxprotection.
C) The best practice for high availability and durability is to run the primary, standby, and observer
in separate availability domains (ADs).
D) You cannot create the standby DB system in a different AD from the primary DB system.

ANSWER: C

73. Which two resources reside exclusively in a single availability domain?

A) Compute instance
B) Object storage
C) Groups
D) Virtual cloud network
E) Block volume

ANSWER: A-E

74. You have provisioned an Autonomous Transaction Processing (ATP) database and logged into the
ATP Service Console. What are three abilities that can be performed from this service console?
A) Scale up/down the CPUs.
B) Create ATP database users.
C) Monitor database activity and SQL queries.
D) Set resource management rules.
E) Reset the admin password.

ANSWER: C-D-E

75. Which two statements about fault domains are true?

A) A failed instance in a fault domain is automatically relaunched.
 B) A fault domain is a grouping of hardware and infrastructure within an availability domain.
C) A fault domain is selected automatically based on usage data.
D) Each availability domain contains three fault domains.

ANSWER: B-D

76. You have five different company locations spread across the US. For a Proof-of-Concept (POC)
you need to set up secure and encrypted connectivity to your workloads running in a single
Virtual Cloud Network (VCN) in the Oracle Cloud Infrastructure Ashburn Region from all company
locations. What would meet these requirement?

A) Create five internet gateways in your VCN and have separate route tables for each internet
gateway.
B) Create five IPsec VPN connections with each company location and terminate those
connections on five separate DRGs. Attach those DRGs to your VCN.
C) Create five IPsec connections with each company location and terminate those connections
on a single DRG. Attach that DRG to your VCN.
D) Create five virtual circuits using FastConnect for each company location and terminate
those connections on a single Dynamic Routing Gateway (DRG). Attach that DRG to your
VCN.

ANSWER: C

77. You are asked to create a user that will access programmatic endpoints in Oracle Cloud
Infrastructure. This user must not be allowed to authenticate by username and password. Which
two authentication options can you use?

A) SSH Key pair.

B) Windows password.
C) Auth tokens.
D) PEM certificate file.
E) API signing key.

ANSWER: C-E

78. Which statement is true about cloning a volume?

A) You need to detach a volume before cloning from it.

B) A cloned volume is the same as a snapshot that has a dependency on the source volume.
C) You can change the block volume size when cloning a volume.
 D) You can create a clone of one volume in another region.

ANSWER: C

79. You are designing a shared storage solution for your company in Oracle Cloud Infrastructure. The
proposed storage solution should allow users to create hierarchical structure (similar to the
Directory structure in Linux or Windows-based systems). The solution should provide data
encryption and a large amount of storage space. Which would be the best implementation
strategy?

A) Use object storage. Create multiple namespaces with one bucket each. Make the buckets
publicly accessible.
B) Use file storage service. Create a file system and a mount target. Share the private ip of the
mount target.
C) Use object storage. Create a single namespace and multiple buckets to create the hierarchical
directory structure.
D) Use block storage. Create and attach a large block storage volume to one compute instance.
Assign a public ip to the compute instance. Store data on the block storage and access it by
connecting to the compute instance.

ANSWER: B

80. Which two statements are true about data guard service on db systems in Oracle Cloud
Infrastructure (OCI)?

A) Data guard implementation requires two db systems, one running the primary database on a
Virtual Machine and the standby database running on Bare Metal.
B) Data guard implementation requires two db systems, one containing the primary database and
one containing the standby database.
C) Data guard configuration on the OCI is limited to a Virtual Machine only.
D) Both db systems must use the same VCN, and port 1521 must be open.

ANSWER: B-D

81. A customer has established an oracle cloud infrastructure (OCI) FastConnect connection to OCI.
The Virtual Circuit is up and routes are being advertised from the customer’s end, however the
customer is unable to ping from compute instances inside the Virtual Cloud Network (VCN) to
servers residing in their on-premises data center. Which two options on OCI would remedy this
situation?
A) Modify the default VCN route table and add a route to the customer’s on-premises network via
the DRG.
B) Modify the route table associated with the VCN subnet in which the instance resides. Add a
route to customer’s on-premises network via the Dynamic Routing Gateway (DRG).
C) Modify the security list associated with the VCN subnet in which the instance resides. Add a
stateful ingress rule to allow ICMP traffic from anywhere.
 D) Modify the security list associated with the VCN subnet in which the instance resides. Add a
stateful egress rule to allow ICMP traffic to the customer’s on-premises network.

ANSWER: B-D

82. You must implement a backup solution for your Autonomous Data Warehouse (ADW) that will
enable you to restore data as old as one year with a recovery point objective (RPO) of 10 days.
Which database backup strategy would you select?

A) Use the automated backups.

B) Take weekly manual backups to supplement the automatic backups and preserve them for 12
months.
C) Take quarterly manual backups to supplement the automatic backups and preserve them for
12 months.
D) Take monthly manual backups to supplement the automatic backups and preserve them for 12
months.

ANSWER: B

83. Which two options are available when configuring DNS resolution for your Virtual Cloud
Network?

A) Internet and Custom resolver.

B) Internet and Virtual Cloud Network (VCN) resolver.
C) Google DNS server.
D) Custom resolver.

ANSWER: B-D

84. Which two statements are true about adding secondary VNICs to an existing compute instance?

A) The primary and secondary VNIC association can be in different Virtual Cloud Networks (VCNs).
B) You can assign an ephemeral public IP to a secondary VNIC.
C) You can remove the primary VNIC after the secondary VNIC’s attachment is complete.
D) The primary and secondary VNIC association must be in the same availability domain.

ANSWER: B-D

85. Which statement is true about Oracle Cloud Infrastructure (OCI) object storage support for
server-side encryption?

A) You must manually decrypt the data when retrieving from OCI object storage.
 B) You must manually enable server-encryption for each object as you upload to OCI object
storage.
C) Only the object data is encrypted and the user-defined metadata that is associated with the
object is not encrypted.
D) Objects are automatically encrypted as they are uploaded to object storage and decrypted
upon retrieval.

ANSWER: D

86. You are implementing Oracle Cloud Infrastructure (OCI) FastConnect to access OCI public access
point (e.g. – object storage). You want other internet traffic from your on-premises environment
to use your existing connection with your ISP. What is the correct way to establish OCI
fastconnect to access this OCI public endpoint?

A) Configure public peering on your fastconnect link with a static route that points to OCI object
storage service
B) Configure public peering on your fastconnect link. Redistribute BGP routes learned into your
existing routing table and advertise a specific routes for your network infrastructure to OCI
C) Configure private peering on your fastconnect link with a static route that points to OCI object
storage service
D) Configure private peering on your fastconnect link. Redistribute BGP routes learned into your
existing routing table and advertise a default route from your network infrastructure to OCI

ANSWER: B

87. You deployed a compute instance (VM.Standard2.16) to run a SQL database. After a few weeks,
you need to increase disk performance by using NVMe disk; the number of CPUs will not change.
As a first step you terminate the instance and preserve the boot volume. What is the next step?

A) Create a new instance using a VM.DenseIO2.16 shape using the preserved boot volume and move
the SQL database data to block volume
B) Create a new instance using a VM.DenseIO2.8 shape using the preserved boot volume and move
the SQL database data to NVMe disk
C) Create a new instance using a VM.Standard1.16 shape using the preserved boot volume and move
the SQL database data to NVMe disk
D) Create a new instance using a VM.DenseIO2.16 shape using the preserved boot volume and move
the SQL database data to NVMe disk

ANSWER: D

88. You have an oracle cloud infrastructure (OCI) load balancer distributing traffic via an evenly-
weighted round robin policy to your back-end web servers. You notice that one of your web
servers is receiving more traffic then other web servers. How can you resolve this imbalance?
 A) Create separate listeners for each back-end web server
B) Check security lists and route tables of your virtual cloud network (VCN) and fix any issues
associated with the rules
C) Delete and re-create your OCI load balancer
D) Disable session persistence on your backend set

ANSWER: D

89. You are managing a tier-1 OLTP application on an Autonomous Transaction Processing (ATP)
database. Your business needs to run hourly batch processes on this ATP database that may
consume more CPUs than what is available on the server. How can you limit these batch
processes to not interfere with the oltp transactions?

A) ATP is designed for OLTP workload only, you should not run batch processes on ATP
B) Copy OLTP data into new tables in a new table space and run batch processes against these new
tables
C) Configure ATP resource management rules to manage runtime and IO consumption for the
consumer group of batch processes
D) Disable automated backup during the batch process operations

ANSWER: C

90. You are responsible for creating and maintaining an enterprise application that consists of
multiple storage volumes across multiple instances. The storage volumes include boot volumes
and block volumes for your data storage. You need to create backups of these storage volumes in
the most time efficient manner. How can you meet this requirement?

A) You can create on-demand one-off backups of boot volumes, but not block volumes
B) You can create clones of storage volumes one at a time
C) You can create on-demand one-off backups of block volumes, but not boot volumes
D) You can group together multiple storage volumes in a volume group and create volume group
backups

ANSWER: D

91. Which two options are valid for loading data directly into autonomous data warehouse (ADW)?

A) Data Integrator
B) Data Pump
C) Data Transfer Service
D) SQL*Loader

ANSWER: B-D
 92. Which two statements are true about DB Systems in oracle Cloud Infrastructure?

A) Customers can consolidate multiple database homes on a single virtual machine database host
B) The database and backups are encrypted by default
C) Customers have no control over database patching
D) Customers can manage the TDE wallet after DB Systems is provisioned

ANSWER: B – D

93. You are running your warehouse using Autonomous Data Warehouse )ADW) service and you
noticed that a newly configured batch job is always running in serial even though nothing else is
running in the database. All your jobs are configured to run with parallelism enabled. What could
be the reason for this batch job to run in serial?

A) Parallelism on the database is controlled by the application, not the database

B) The batch job depends on only one table and parallelism cannot be enabled on single-table queries
C) The parallelism of batch job depends on the number of ADW database involved in the query
D) The new batch job is connected to LOW consumer group
E) The new batch job runs on database tables that are not enabled for parallel execution

ANSWER: D

94. A customer has launched a compute instance in the Virtual Cloud Network (VCN), which has an
internet gateway, a service gatway, a default security lists and a default route table. Customer
has opened up Port 22 in the security lists attached to the compute instance subnet, however is
still unable to connect to compute instance using ssh. Which option would remedy this situation?
A) Modify the security list associated with the VCN subnet in which the instance resides. Add a stateful
egress rule to allow ICMP tragfic in addition to the port 22
B) Modify the route table associated with the VCN subnet in which the instance resides. Add a
following route to the route table
Destination CIDR: 0.0.0.0/0
Target: Dynamic Routing Gateway (DRG)

C) Modify the route table associated with the VCN subnet in which the instance resides. Add a
following route to the route table
Destination CIDR: 0.0.0.0/0
Target: Internet Gateway (IGW)

D) Modify the route table associated with the VCN subnet in which the instance resides. Add a
following route to the route table.
Destination CIDR: 0.0.0.0/0
Target: Service Gateway (SGW)

ANSWER: C