Correct: Incorrect
Correct: Incorrect
Correct: Incorrect
Question 1: Correct
Your company has been running several small applications in Oracle Cloud Infrastructure and is
planning a proof of concept (POC) to deploy PeopleSoft. If your existing resources are being
maintained In the root compartment, what is the recommended approach for defining security
for the upcoming POC ?
Explanation
as per You already had existing resources are being maintained In the root compartment
so is the recommended approach for defining security for the upcoming POC to Create a new
compartment for the POC and grant appropriate permissions to create and manage resources within
the compartment.
Question 2: Incorrect
Which two statements about file storage service (FSS) are accurate? (Choose two.)
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 1/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
All data is encrypted at rest. and In-transit encryption provides a way to secure your data between
instances and mounted file systems using TLS v. 1.2 (Transport Layer Security) encryption.
File Storage service supports the AUTH_UNIX style of authentication and permission checking for
remote NFS client requests.
Reference: https://docs.cloud.oracle.com/en-us/iaas/Content/File/Tasks/intransitencryption.htm?
Highlight=oci-fss-utils
2- Answer # 4 Should be correct which you have to configure the Security rules and list even if they
Mount Target and instance in same subnet
Reference: https://docs.cloud.oracle.com/en-us/iaas/Content/File/Tasks/securitylistsfilestorage.htm
Question 3: Incorrect
You have been notified of an application failure indicating that one or more of the Oracle Cloud
Infrastructure (0C1) resources have become unavailable. After scanning the Compute and
Database consoles, you notice that one of the DD Systems is missing.
What would you do to identify the reason for this missing resource?
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 2/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
You can filter results by request actions to zero in on only the events with operations that interest you.
For example, say that you only want to know about instances that were deleted during a specific time
frame. Select a delete request action filter to see only the events with delete operations.
Question 4: Incorrect
You are deploying a highly available web application in Oracle Cloud Infrastructure and have
decided to use a public load balancer. The back end web servers will be distributed across all
three availability domains (ADS).
How many subnets should you create to deliver a secure, highly available application?
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 3/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
To accept traffic from the internet, you create a public load balancer. The service assigns it a public IP
address that serves as the entry point for incoming traffic. You can associate the public IP address
with a friendly DNS name through any DNS vendor.
A public load balancer is regional in scope. If your region includes multiple availability domains, a
public load balancer requires either a regional subnet (recommended) or two availability domain-
specific (AD-specific) subnets, each in a separate availability domain. With a regional subnet, the
Load Balancing service creates a primary load balancer and a standby load balancer, each in a
different availability domain, to ensure accessibility even during an availability domain
outage. If you create a load balancer in two AD-specific subnets, one subnet hosts the primary load
balancer and the other hosts a standby load balancer. If the primary load balancer fails, the public IP
address switches to the secondary load balancer. The service treats the two load balancers as
equivalent and you cannot specify which one is "primary".
Whether you use regional or AD-specific subnets, each load balancer requires one private IP address
from its host subnet. The Load Balancing service supplies a floating public IP address to the primary
load balancer. The floating public IP address does not come from your backend subnets.
You cannot specify a private subnet for your public load balancer.
The backend servers (Compute instances) associated with a backend set can exist anywhere, as long
as the associated network security groups (NSGs), security lists, and route tables allow the intended
traffic flow.
Oracle recommends that you create your load balancer in a regional subnet.
Oracle recommends that you distribute your backend servers across all availability domains within the
region.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 4/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Which two statements ate true about restoring a block volume from a manual or policy based
block volume backup?
Explanation
When you restour the backup you select a name for the block volume and choose the availability
domain in which you want to restore it.
You can restore a block volume backup to a larger volume size. To do this, check Custom Block
Volume Size (GB), and then specify the new size.
You must implement a backup solution for your Autonomous Data Warehouse (ADW) that will
enable you to restore data as old as one year with a recovery point objective (RPO) of 10 days.
Which database backup strategy would you select?
Explanation
Oracle Cloud Infrastructure automatically backs up your Autonomous Databases and retains these
backups for 60 days. Automatic backups are weekly full backups and daily incremental backups. You
can also create manual backups to supplement your automatic backups. Manual backups are stored
in an Object Storage bucket that you create, and are retained for 60 days
The retention period for manual backups is the same as automatic backups which is 60 days. So we
cannot preserve the backup for 12 months
https://docs.oracle.com/en/cloud/paas/autonomous-data-warehouse-cloud/user/backup-
manual.html#GUID-D95E5D6A-C470-4A68-9545-CC99D937E7D1
Explanation
The database name must be unique among all Autonomous Data Warehouses and Autonomous
Databases in your tenancy in the same region.
Terminating an Autonomous Transaction Processing database permanently deletes the instance and
removes all automatic backups. You cannot recover a terminated database.
the maximum number of CPUs and maximum storage capacity that can be provisioned in Oracle
Autonomous Database In the current release up to 128 CPUs and 128TB can be provisioned from the
cloud console. Customers requiring more resources need to call their Oracle account team
Which two options are available when setting up DNS for your bare metal and virtual machine
DB Systems? (Choose two.)
Explanation
Choices for DNS in Your VCN
DEFAULT CHOICE: INTERNET AND VCN RESOLVER
CUSTOM RESOLVER
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 7/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
You have been tasked with creating one virtual cloud network (VCN) each for two line of
business (LOB) applications. LOB A and LOB B will need to communicate with each other. To
ensure that you can utilize VCN peering, which network CIDR ranges should be used
Explanation
VCN A (10.0.0.0/16) will use a range of IPS from 10.0.0.0 to 10.0.255.255 and VCN B (10.1.0.0/16) will
use a range of IPS from 10.1.0.0 to 10.1.255.255 so will not be any Overlap between 2 VCNs
Which two Oracle Cloud Infrastructure database services allow you to dynamically scale CPU
and storage? (Choose two.)
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 8/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
If a bare metal DB system requires more compute node processing power, you can scale up (increase)
the number of enabled CPU cores in the system without impacting the availability of that system but
you can't increase the storage
If the original DB system VM shape uses a single node, running databases on the DB system nodes
are sequentially stopped and then restarted on the new shape so not dynamic
You have created a virtual cloud network (VCN) with three private subnets. Two of the subnets
contain application servers and the third subnet contains a DB System. The application requires
a shared file system so you have provisioned one using the file storage service (FSS). You also
created the corresponding mount target in one of the application subnets. The VCN security
lists are properly configured so that both application servers and the DB System can access the
file system. The security team determines that the DB System should have read-only access to
the file system.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 9/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
NFS export options enable you to create more granular access control than is possible using just
security list rules to limit VCN access. You can use NFS export options to specify access levels for IP
addresses or CIDR blocks connecting to file systems through exports in a mount target.
What is true about data guard set up with fast-start failover (FSFO) in Oracle Cloud
Infrastructure (OCI)?
Explanation
The best practice for high availability and durability is to run the primary, standby, and observer in
separate availability domains. The observer determines whether or not to failover to a specific target
standby database
https://docs.cloud.oracle.com/en-
us/iaas/Content/Database/Tasks/usingDG.htm#ConfiguringObserverOptional
Which two actions will occur when a back-end server that is registered with a backend set is
marked to drain connections? (Choose two.)
Explanation
if you set the server's drain status to true, the load balancer stops forwarding new TCP connections
and new non-sticky HTTP requests to this backend server. This setting allows an administrator to take
the server out of rotation for maintenance purposes.
You deployed a compute instance (VM.Standard2.16) to run a SQL database. After a few weeks,
you need to increase disk performance by using NVMe disks; the number of CPUs will not
change. As a first step you terminate the instance and preserve the boot volume.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 11/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
to Increase disk performance by using NVMe disks you can use Dense IO Shape also as the number
of CPUs will not change so we should VM.DenseIO2.16
Where do you find the tnsnames.ora for your Autonomous Data Warehouse (ADW) database?
Explanation
To download client credentials from the Autonomous Transaction Processing Service Console:
- On the Download Client Credentials (Wallet) page, enter a wallet password in the Password field and
confirm the password in the Confirm Password field. The password must be at least 8 characters long
and must include at least 1 letter and either 1 numeric character or 1 special character. This password
protects the downloaded Client Credentials wallet.
- Click Download to save the client security credentials zip file. By default the filename is:
Wallet_databasename.zip. You can save this file as any filename you want. You must protect this file to
prevent unauthorized database access.
cwallet.sso and ewallet.p12: Auto-open SSO wallet and PKCS12 file. PKCS12 file is protected by the
wallet password provided in the UI.
keystore.jks and truststore.jks: Java keystore and truststore files. They are protected by the wallet
password provided while downloading the wallet.
ojdbc.properties: Contains the wallet related connection property required for JDBC connection. This
should be in the same path as tnsnames.ora.
You have multiple applications installed on a compute Instance and these applications generate
a large amount of log files. These log files must reside on the boot volume for a minimum of 15
days. Any files over 15 days do not have to reside on boot volume but still must be retained for
at least 60 days. The 60-day retention requirement Is causing an Issue with available disk space.
What are the two recommended methods to provide additional boot volume space for this
compute instance?
Explanation
These log files must reside on the boot volume for a minimum of 15 days so you have to increase
the boot Volume
Which two statements are true about adding secondary VNICs to an existing compute
instance? (Choose two.)
Explanation
Each secondary VNIC can be in a subnet in the same VCN as the primary VNIC, or in a different
subnet that is either in the same VCN or a different one. However, all the VNICs must be in the
same availability domain as the instance.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 14/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
You are about to upload a large log file (5 TiB size) to Oracle Cloud Infrastructure object
storage and have decided to use multipart upload capability for a more efficient and resilient
upload.
Which two statements are true about multipart upload? (Choose two.)
Explanation
With multipart upload, you split the object you want to upload into individual parts. Individual parts
can be as large as 50 GiB or as small as 10 MiB. (Object Storage waives the minimum part size
restriction for the last uploaded part.) Decide what part number you want to use for each part. Part
numbers can range from 1 to 10,000. You do not need to assign contiguous numbers, but Object
Storage constructs the object by ordering part numbers in ascending order.
While a multipart upload is still active, you can keep adding parts as long as the total number is less
than 10,000.
Which two use Oracle dynamic routing gateway (DRG) for connectivity? (Choose two.)
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 15/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
You use a DRG when connecting your existing on-premises network to your virtual cloud network
(VCN) with one (or both) of these:
IPSec VPN
Which two statements about fault domains are true? (Choose two.)
Explanation
A fault domain is a grouping of hardware and infrastructure within an availability domain. Each
availability domain contains three fault domains. Fault domains provide anti-affinity: they let you
distribute your instances so that the instances are not on the same physical hardware within a single
availability domain.
You have provisioned an Autonomous Transaction Processing (ATP) database and logged into
the ATP service console.
What are three abilities that can be performed from this service console? (Choose three.
Explanation
In ATP Service Console,
In the activity screen allows you to perform some basic monitor database activity and SQL queries
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 17/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
In the administration screen allows you to perform some basic administration of the service, like reset
the admin password and set resource management rules
You are running a mission-critical database application in Oracle Cloud Infrastructure (OCI). You
take regular backups of your DB system to OCI object storage. Recently, you notice a failed
database backup status in the console.
What two steps can you take to determine the cause of the backup failure? (Choose two.)
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 18/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Make sure that the database is not active and running while
the backup is in progress
Explanation
Database backups can fail for various reasons. Typically, a backup fails because either the database
host cannot access the object store, or there are problems on the host or with the database
configuration.
First need to determining the Problem
In the Console, a failed database backup either displays a status of Failed or hangs in the Backup in
Progress or Creating state. If the error message does not contain enough information to point you to
a solution, you can use the database CLI and log files to gather more data. Then, refer to the
applicable section in this topic for a solution.
Backing up your database to Oracle Cloud Infrastructure Object Storage requires that the host can
connect to the applicable Swift endpoint. You can test this connectivity by using a Swift user.
Host Issues
One or more of the following conditions on the database host can cause backups to fail:
Database Issues
- Archiving Mode Set to NOARCHIVELOG (When you provision a new database, the archiving mode is
set to ARCHIVELOG by default. This is the required archiving mode for backup operations)
- Stuck Database Archiver Process and Backup Failures
As this is not new provisioned database and already in the ARCHIVELOG , regular backups of DB
system to OCI object storage in places, so the best answers are,
- Ensure that your database host can connect to the OCI object storage
- Restart the database service agent
Your company has decided to move a few applications to Oracle Cloud Infrastructure (OCI) and
you have been asked to design a cloud-based disaster recovery (DR) solution. One of the
requirements is to deploy the DR resources at least 300 miles from the home OCI region and
minimize the network latency.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 20/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
Remote VCN peering is the process of connecting two VCNs in different regions
The peering allows the VCNs' resources to communicate using private IP addresses without routing
the traffic over the internet or through your on-premises network.
In what two ways does Oracle Cloud Infrastructure (OCI) file storage service differ from OCI
object storage and block volume services?
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 21/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
The mount target provides the IP address or DNS name that is used together with a unique export
path to mount the file system.
You can move mount targets from one compartment to another.
You are designing a high bandwidth, redundant connection between your data center and
Oracle Cloud Infrastructure (OCI). While researching for OCI FastConnect locations, you notice
that you are co-located with Oracle at one of the Oracle FastConnect locations in the Ashburn
region.
Explanation
You could have multiple private virtual circuits, for example, to isolate traffic from different parts of
your organization (one virtual circuit for 10.0.1.0/24; another for 172.16.0.0/16), or to provide
redundancy.
Explanation
With FastConnect, you can choose to use private peering, public peering, or both.
Private peering: To extend your existing infrastructure into a virtual cloud network (VCN) in Oracle
Cloud Infrastructure (for example, to implement a hybrid cloud, or a lift and shift scenario).
Communication across the connection is with IPv4 private addresses (typically RFC 1918).
Public peering: To access public services in Oracle Cloud Infrastructure without using the internet.
For example, Object Storage, the Oracle Cloud Infrastructure Console and APIs, or public load
balancers in your VCN. Communication across the connection is with IPv4 public IP addresses.
Without FastConnect, the traffic destined for public IP addresses would be routed over the internet.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 23/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Which two statements are true about encryption on Oracle Cloud Infrastructure (OCI)?
You are designing a lab exercise for your team that has a large number of graphics with large
file sizes. The application becomes unresponsive if the graphics are embedded in the
application. You have uploaded the graphics to Oracle Cloud Infrastructure and only added the
URL in the application. You need to ensure these graphics are accessible without requiring any
authentication for an extended period of time.
Explanation
Pre-authenticated requests provide a way to let you access a bucket or an object without having your
own credentials. For example, you can create a request that lets you upload backups to a bucket
without owning API keys.
When you create a bucket, the bucket is considered a private bucket and the access to the bucket and
bucket contents requires authentication and authorization. However, Object Storage supports
anonymous, unauthenticated access to a bucket. You make a bucket public by enabling read access
to the bucket.
pre-authe
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 25/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
You have hired a new employee to run reports from the Autonomous Data Warehouse (ADW)
and are not confident in their SQL writing ability. Into which consumer group will you assign
this Individual to minimize the impact of their code?
Lowest
Low (Correct)
Medium
High
Highest
Explanation
in ADW, The tnsnames.ora file provided with the credentials zip file contains three database service
names identifiable as high, medium, and low. The predefined service names provide different levels of
performance and concurrency for Autonomous Data Warehouse.
high: The High database service provides the highest level of resources to each SQL statement
resulting in the highest performance, but supports the fewest number of concurrent SQL statements.
Any SQL statement in this service can use all the CPU and IO resources in your database. The number
of concurrent SQL statements that can be run in this service is 3, this number is independent of the
number of OCPUs in your database.
medium: The Medium database service provides a lower level of resources to each SQL statement
potentially resulting a lower level of performance, but supports more concurrent SQL statements. Any
SQL statement in this service can use multiple CPU and IO resources in your database. The number of
concurrent SQL statements that can be run in this service depends on the number of OCPUs in your
database.
low: The Low database service provides the least level of resources to each SQL statement, but
supports the most number of concurrent SQL statements. Any SQL statement in this service can use a
single CPU and multiple IO resources in your database. The number of concurrent SQL statements
that can be run in this service can be up to 300 times the number of OCPUs.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 26/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
The predefined service names provide different levels of performance and concurrency for
Autonomous DB
Choose whichever database service offers the best balance of performance and concurrency.
Use the low database service name. to minimize the impact of their SQLs to by low consumer group
object storage
groups
Explanation
Availability Domain-Specific Resources
DB Systems
subnets: When you create a subnet, you choose whether it is regional or specific to an availability
domain. Oracle recommends using regional subnets.
volumes: They can be attached only to an instance in the same availability domain.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 27/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Which service would you use if your big data workload required shared access and NFS-based
connectivity ?
archive storage
object storage
block volume
Explanation
The File Storage service is designed to meet the needs of applications and users that need an
enterprise file system across a wide range of use cases, including the following:
General Purpose File Storage: Access to an unlimited pool of file systems to manage growth of
structured and unstructured data.
Big Data and Analytics: Run analytic workloads and use shared file systems to store persistent data.
Lift and Shift of Enterprise Applications: Migrate existing Oracle applications that need NFS
storage, such as Oracle E-Business Suite and PeopleSoft.
Databases and Transactional Applications: Run test and development workloads with Oracle,
MySQL, or other databases.
Backups, Business Continuity, and Disaster Recovery: Host a secondary copy of relevant file
systems from on premises to the cloud for backup and disaster recovery purposes.
MicroServices and Docker: Deliver stateful persistence for containers. Easily scale as your container-
based environments grow.
You have an application running on Oracle Cloud Infrastructure. You identified that the read
and write operations are slowing your application down enough to impair user access. The
application is currently using a VM.Standard1.2 compute without any block storage attached to
it.
Which two options allow you to increase disk performance? (Choose two.)
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 28/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
You can permanently terminate (delete) instances that you no longer need.By default, the instance's
boot volume is deleted when you terminate the instance, however you can preserve the boot volume
associated with the instance, so that you can attach it to a different instance as a data volume, or use
it to launch a new instance.
You can use a boot volume backup to create an instance or you can attach it to another instance as a
data volume. However before you can use a boot volume backup, you need to restore it to a
boot volume.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841910/result/303066578#overview 29/29
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
You are designing a two-tier web application in Oracle Cloud Infrastructure (OCI). Your clients
want to access the web servers from anywhere, but want to prevent access to the database
servers from the Internet.
Explanation
When you create a subnet, by default it's considered public, which means instances in that subnet are
allowed to have public IP addresses. Whoever launches the instance chooses whether it will have a
public IP address. You can override that behavior when creating the subnet and request that it be
private, which means instances launched in the subnet are prohibited from having public IP
addresses. Network administrators can therefore ensure that instances in the subnet have no internet
access, even if the VCN has a working internet gateway, and security rules and firewall rules allow the
traffic.
There are two optional gateways (virtual routers) that you can add to your VCN depending on the
type of internet access you need:
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 1/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Internet gateway: For resources with public IP addresses that need to be reached from the internet
(example: a web server) or need to initiate connections to the internet.
NAT gateway: For resources without public IP addresses that need to initiate connections to the
internet (example: for software updates) but need to be protected from inbound connections from
the internet.
Just having an internet gateway alone does not expose the instances in the VCN's subnets directly to
the internet. The following requirements must also be met:
The internet gateway must be enabled (by default, the internet gateway is enabled upon creation).
The subnet must have security list rules that allow the traffic (and each instance's firewall must allow
the traffic).
The instance must have a public IP address.
You are about to deploy an e-business application on Oracle Cloud Infrastructure and one of
the requirements is to use a shared file system that supports the NFS protocol.
object storage
block volume
Explanation
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 2/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Use the File Storage service when your application or workload includes big data and analytics, media
processing, or content management, and you require Portable Operating System Interface (POSIX)-
compliant file system access semantics and concurrently accessible storage. The File Storage service is
designed to meet the needs of applications and users that need an enterprise file system across a
wide range of use cases, including the following:
General Purpose File Storage: Access to an unlimited pool of file systems to manage growth of
structured and unstructured data.
Big Data and Analytics: Run analytic workloads and use shared file systems to store persistent data.
Lift and Shift of Enterprise Applications: Migrate existing Oracle applications that need NFS
storage, such as Oracle E-Business Suite and PeopleSoft.
Databases and Transactional Applications: Run test and development workloads with Oracle,
MySQL, or other databases.
Backups, Business Continuity, and Disaster Recovery: Host a secondary copy of relevant file
systems from on premises to the cloud for backup and disaster recovery purposes.
MicroServices and Docker: Deliver stateful persistence for containers. Easily scale as your container-
based environments grow.
You are managing a tier-1 OLTP application on an Autonomous Transaction Processing (ATP)
database. Your business needs to run hourly batch processes on this ATP database that may
consume more CPUs than what is available on the server.
How can you limit these batch processes to not interfere with the OLTP transactions?
Copy OLTP data into new tables in a new table space and
run batch processes against these new tables
ATP is designed for OLTP workload only; you should not run
batch processes on ATP
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 3/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
Autonomous Transaction Processing comes with predefined CPU/IO shares assigned to different
consumer groups. You can modify these predefined CPU/IO shares if your workload requires different
CPU/IO resource allocations.
By default, the CPU/IO shares assigned to the consumer groups TPURGENT, TP, HIGH, MEDIUM, and
LOW are 12, 8, 4, 2, and 1, respectively. The shares determine how much CPU/IO resources a
consumer group can use with respect to the other consumer groups. With the default settings the
consumer group TPURGENT will be able to use 12 times more CPU/IO resources compared to LOW,
when needed. The consumer group TP will be able to use 4 times more CPU/IO resources compared
to MEDIUM, when needed.
Which two statements are true about an Oracle Cloud Infrastructure (OCI) virtual cloud
network (VCN)?
Explanation
VCN resides in a single Oracle Cloud Infrastructure region and covers a single, contiguous IPv4 CIDR
block of your choice.The allowable VCN size range is /16 to /30
Which three load-balancing policies can be used with a backend set? (Choose three.)
IP hash (Correct)
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 4/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
throughput
CPU utilization
Explanation
you can apply policies to control traffic distribution to your backend servers. The Load Balancing
service supports three primary policy types:
Round Robin
Least Connections
IP Hash
You are a network architect and have designed the network infrastructure of a three-tier
application on Oracle Cloud Infrastructure (OCI). In the architecture, back-end DB servers are in
a private subnet. One of your DB administrators requests to have access to OCI object storage
service.
Explanation
A service gateway lets resources in your VCN privately access specific Oracle services, without
exposing the data to an internet gateway or NAT. The resources in the VCN can be in a private subnet
and use only private IP addresses. The traffic from the VCN to the service of interest travels over the
Oracle network fabric and never traverses the internet.
To give your VCN access to a given service CIDR label, you must enable that service CIDR label for the
VCN's service gateway. You can do that when you create the service gateway, or later after it's
created. You can also disable a service CIDR label for the service gateway at any time.
For traffic to be routed from a subnet in your VCN to a service gateway, you must add a rule
accordingly to the subnet's route table. The rule must use the service gateway as the target.
Explanation
A policy is a document that specifies who can access which Oracle Cloud Infrastructure resources that
your company has, and how. A policy simply allows a group to work in certain ways with specific
types of resources in a particular compartment
In general, here’s the process an IAM administrator in your organization needs to follow:
Define users, groups, and one or more compartments to hold the cloud resources for your
organization.
Provide the users with the one-time passwords that they need in order to access the Console and
work with the compartments. For more information,
A company currently uses Microsoft Active Directory as its identity provider. The company
recently purchased Oracle Cloud Infrastructure (OCI) to leverage the cloud platform for its test
and development operations. As the administrator, you are now tasked with giving access only
to developers so that they can start creating resources in their OCI accounts.
Create a new user account for each user, and then create
policies to provide access to developers
Explanation
When working with your IdP, your administrator defines groups and assigns each user to one or more
groups according to the type of access the user needs. Oracle Cloud Infrastructure also uses the
concept of groups (in conjunction with IAM policies) to define the type of access a user has. As part of
setting up the relationship with the IdP, your administrator can map each IdP group to a similarly
defined IAM group, so that your company can re-use the IdP group definitions when authorizing user
access to Oracle Cloud Infrastructure resources.
block volume
Explanation
You can use the Console or API to export images, and the exported images are stored in the Oracle
Cloud Infrastructure Object Storage service. To perform an image export, you need write access to the
Object Storage bucket for the image.
You can define the backup window and set custom backup
retention period for the automatic database backup
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 8/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
retention period for the automatic database backup
schedule
Explanation
An Oracle Data Guard implementation requires two DB systems, one containing the primary database
and one containing the standby database. When you enable Oracle Data Guard for a virtual machine
DB system database, a new DB system with the standby database is created and associated with the
primary database. For a bare metal DB system, the DB system with the database that you want to use
as the standby must already exist before you enable Oracle Data Guard.
- If your primary and standby databases are in different regions, then you must peer the virtual cloud
networks (VCNs) for each database. See Remote VCN Peering (Across Regions).
- Configure the security list ingress and egress rules for the subnets of both DB systems in the Oracle
Data Guard association to enable TCP traffic to move between the applicable ports. Ensure that the
rules you create are stateful (the default).
Which two options ate necessary for achieving high availability on Oracle Cloud Infrastructure?
another region
Explanation
All details can find in "Best Practices for Deploying High Availability Architecture on Oracle Cloud
Infrastructure"
https://docs.cloud.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/best-practices-
deploying-ha-architecture-oci.pdf
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 10/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
You can permanently terminate (delete) instances that you no longer need. Any attached VNICs and
volumes are automatically detached when the instance terminates. Eventually, the instance's public
and private IP addresses are released and become available for other instances. By default, the
instance's boot volume is deleted when you terminate the instance, however you can preserve the
boot volume associated with the instance, so that you can attach it to a different instance as a data
volume, or use it to launch a new instance.
You need to create a high performance shared file system, and have been advised to use file
storage service (FSS). You have logged into the Oracle Cloud Infrastructure console, created a
file system, and followed the steps to mount the shared file system on your Linux instance.
However, you are still unable to access the shared file system from your Linux instance.
Explanation
to have access to file system At least one Virtual Cloud Network (VCN) in a compartment.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 11/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Correctly configured security rules for the file system mount target. Security rules can be created in
the security list for the mount target subnet, or in a Network Security Group (NSG) that you add the
mount target to. See Security Rules for information about how security rules work in Oracle Cloud
Infrastructure. Use the instructions in Configuring VCN Security Rules for File Storage to set up
security rules correctly for your file systems
Your organization has deployed a large, complex application across multiple compute instances
in Oracle
Cloud Infrastructure (OCI). These compute instances also have block volume storage attached
to them. You want to create a time consistent backup of this block volume storage.
Explanation
The Oracle Cloud Infrastructure Block Volume service provides you with the capability to group
together multiple volumes in a volume group. A volume group can include both types of volumes,
boot volumes, which are the system disks for your Compute instances, and block volumes for your
data storage. You can use volume groups to create volume group backups and clones that are point-
in-time and crash-consistent.
This simplifies the process to create time-consistent backups of running enterprise applications that
span multiple storage volumes across multiple instances. You can then restore an entire group of
volumes from a volume group backup.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 12/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Your application front end consists of several Oracle Cloud Infrastructure compute instances
behind a load balancer. You have configured the load balancer to perform health checks on
these instances.
If an instance fails to pass the configured health checks, what will happen?
The instance is taken out of the back end set by the load
balancer
Explanation
One or more of the backend servers reports as unhealthy.
A backend server might be unhealthy or the health check might be misconfigured.
Which two choices are true for Autonomous Data Warehouse (ADW)? (Choose two.)
Billing stops for both CPU usage and storage usage when
ADW is stopped
Explanation
When Autonomous Databas instance is stopped,
CPU billing is halted based on full-hour cycles of usage
and When Autonomous Database instance is started, the CPU billing is initiated
You have created a public subnet in a VCN, and your public subnet has a Route Table, a Security
List, and an Internet Gateway. However, none of the compute instances can connect to the
Internet.
Which two are possible reasons for the connectivity issue? (Choose two.)
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 14/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
An internet gateway as an optional virtual router that connects the edge of the VCN with the internet.
To use the gateway, the hosts on both ends of the connection must have public IP addresses for
routing. Connections that originate in your VCN and are destined for a public IP address (either inside
or outside the VCN) go through the internet gateway. Connections that originate outside the VCN
and are destined for a public IP address inside the VCN go through the internet gateway.
For traffic to flow between a subnet and an internet gateway, you must create a route rule accordingly
in the subnet's route table (for example, destination CIDR = 0.0.0.0/0 and target = internet gateway).
If the internet gateway is disabled, that means no traffic will flow to or from the internet even if
there's a route rule that enables that traffic. For more information, see Route Tables.
For the purposes of access control, you must specify the compartment where you want the internet
gateway to reside. If you're not sure which compartment to use, put the internet gateway in the same
compartment as the cloud network. For more information, see Access Control.
You may optionally assign a friendly name to the internet gateway. It doesn't have to be unique, and
you can change it later. Oracle automatically assigns the internet gateway a unique identifier called an
Oracle Cloud ID (OCID). For more information, see Resource Identifiers.
To delete an internet gateway, it does not have to be disabled, but there must not be a route table
that lists it as a target.
AS per compute instances can connect to the Internet so you use egress no ingress
You have successfully configured identity federation between Oracle Cloud Infrastructure (OCI)
and Oracle Identity Cloud Services (IDCS). A new project manager wants access to OCI for her
team and provides the name of an existing group within IDCS to use when granting access.
How do you configure federation to allow the project team access to OCI resources?
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 15/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
When working with your IdP, your administrator defines groups and assigns each user to one or more
groups according to the type of access the user needs. Oracle Cloud Infrastructure also uses the
concept of groups (in conjunction with IAM policies) to define the type of access a user has. As part of
setting up the relationship with the IdP, your administrator can map each IdP group to a similarly
defined IAM group, so that your company can re-use the IdP group definitions when authorizing user
access to Oracle Cloud Infrastructure resources. Here's a screenshot from the mapping process:
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 16/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Your on-premises hosted application uses Oracle database server. Your database administrator
must have access to the database server for managing the application. Your database server is
sized for seasonal peak workloads, which results in high licensing costs. You want to move your
application to Oracle Cloud Infrastructure (OCI) to take advantage of CPU scaling options.
VM DB systems
Explanation
- In, Oracle Autonomous Database, Customers are not given OS logons or SYSDBA privileges to
prevent phishing attacking.
- If a bare metal DB system requires more compute node processing power, you can scale up
(increase) the number of enabled CPU cores in the system without impacting the availability of that
system.
You cannot change the number of CPU cores for a virtual machine DB system in the same way as
metal DB system. Instead, you must change the shape to one with a different number of OCPUs
Changing the shape does not impact the amount of storage available to the DB system. However, the
new shape can have different memory and network bandwidth characteristics, and you might need to
reapply any customizations to these aspects after the change.
You have one database style application that frequently makes many random reads and writes
across the dataset Which storage offering supports this application?
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 17/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
The Oracle Cloud Infrastructure Block Volume service lets you dynamically provision and
manage block storage volumes . You can create, attach, connect, and move volumes, as well as
change volume performance, as needed, to meet your storage, performance, and application
requirements. After you attach and connect a volume to an instance, you can use the volume like a
regular hard drive. You can also disconnect a volume and attach it to another instance without the
loss of data.
As the Cloud Architect for your company, you have been tasked with designing a high
performance (HPC) cluster in Oracle Cloud Infrastructure (OCI). The following requirements
have been defined :
* The cluster must be a minimum of three nodes, but may increase to six nodes when
demand requires.
* Adding or replacing nodes within the cluster should take no more than 30 minutes.
Which two steps should be performed to satisfy these requirements in OCI? (Choose two.)
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 18/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
A fault domain is a grouping of hardware and infrastructure within an availability domain. Each
availability domain contains three fault domains. Fault domains provide anti-affinity: they let you
distribute your instances so that the instances are not on the same physical hardware within a single
availability domain. A hardware failure or Compute hardware maintenance event that affects one fault
domain does not affect instances in other fault domains. In addition, the physical hardware in a fault
domain has independent and redundant power supplies, which prevents a failure in the power supply
hardware within one fault domain from affecting other fault domains.
To control the placement of your compute instances, bare metal DB system instances, or virtual
machine DB system instances, you can optionally specify the fault domain for a new instance or
instance pool at launch time. If you don't specify the fault domain, the system selects one for you.
Oracle Cloud Infrastructure makes a best-effort anti-affinity placement across different fault domains,
while optimizing for available capacity in the availability domain. To change the fault domain for an
instance, terminate it and launch a new instance in the preferred fault domain.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 19/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
You are designing a networking infrastructure in multiple Oracle Cloud Infrastructure regions
and require connectivity between workloads in each region. You have created a dynamic
routing gateway (DRG) and a remote peering connection. However, your workloads are unable
to communicate with each other. What are two reasons for this?
Explanation
Setting Up a Remote Peering
Create the RPCs: Each VCN administrator creates an RPC for their own VCN's DRG.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 20/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Update security rules: Each administrator updates their VCN's security rules to enable traffic
between the peered VCNs as desired.
You have an application deployed in Oracle Cloud Infrastructure running only in the Phoenix
region. You were asked to create a disaster recovery (DR) plan that will protect against the loss
of critical data. The DR site must be at least 500 miles from your primary site and data transfer
between the two sites must not traverse the public Internet.
Which is the recommended disaster recovery plan?
Explanation
Remote VCN peering is the process of connecting two VCNs in different regions (but the
same tenancy ). The peering allows the VCNs' resources to communicate using private IP addresses
without routing the traffic over the internet or through your on-premises network. Without peering, a
given VCN would need an internet gateway and public IP addresses for the instances that need to
communicate with another VCN in a different region.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 21/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
At a high level, the Networking service components required for a remote peering include:
Two VCNs with non-overlapping CIDRs, in different regions that support remote peering. The VCNs
must be in the same tenancy.
A dynamic routing gateway (DRG) attached to each VCN in the peering relationship. Your VCN already
has a DRG if you're using an IPSec VPN or an Oracle Cloud Infrastructure FastConnect private virtual
circuit.
A remote peering connection (RPC) on each DRG in the peering relationship.
Supporting security rules to control the types of traffic allowed to and from the instances in the
subnets that need to communicate with the other VCN.
You want an Oracle Cloud Infrastructure (OCI) compute instance in your compartment to make
API calls to other services within OCI without storing credentials in a configuration file.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 22/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
You have an Oracle Cloud Infrastructure (OCI) load balancer distributing traffic via an evenly-
weighted round robin policy to your backend web servers. You notice that one of your web
servers is receiving more traffic than other web servers.
Explanation
Session persistence is a method to direct all requests originating from a single logical client to a
single backend web server. Backend servers that use caching to improve performance, or to enable
log-in sessions or shopping carts, can benefit from session persistence
Which two options are true for Autonomous Transaction Processing (ATP) database? (Choose
two.)
Explanation
You can scale up/down your Autonomous Database to scale both in terms of compute and storage
only when needed, allows people to pay per use.
Oracle allows you to scale compute and storage independently, no need to do it together. these
scaling activities fully online (no downtime required)
in Details page Autonomous Database click Scale Up/Down. Click on arrow to select a value for CPU
Core Count or Storage (TB).
Or Select auto scaling to allow the system to automatically use up to three times more CPU and IO
resources to meet workload demand, compared to the database operating with auto scaling disabled.
You are an administrator with an application running on OCI. The company has a fleet of OCI
compute virtual instances behind an OCI Load Balancer. The OCI Load Balancer Backend Set
health check API is providing a ‘Critical’ level warning. You have confirmed that your
application is running healthy on the backend servers.
The Backend Server VCN’s Route Table does not include the
route for OCI LB
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 24/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
A SECURITY RULE IS MISCONFIGURED. Health status indicators help you diagnose two cases of
misconfigured security rules: l All entity health status indicators report OK, but traffic does not flow (as
with misconfigured listeners). If the listener is not at fault, check the security rule configuration. l All
entity health statuses report as unhealthy. You have checked your health check configuration and
your services run properly on your backend servers. In this case, your security rules might not include
the IP range for the source of the health check requests. You can find the health check source IP on
the Details page for each backend server. You can also use the API to find the IP in the
sourceIpAddress field of the HealthCheckResult object
Which two statements are true about DB Systems in Oracle Cloud Infrastructure? (Choose two.)
Explanation
All databases created in Oracle Cloud Infrastructure are encrypted using transparent data encryption
(TDE).
Oracle Cloud Infrastructure encrypts all managed backups in the object store. Oracle uses the
Database Transparent Encryption feature by default for encrypting the backups. and the customers
can manage the TDE Wallet after DB Systems are provisioned.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 25/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Which two are a valid image source when launching a new compute instance? (Choose two.)
object storage
Explanation
A template of a virtual hard drive that determines the operating system and other software for an
instance. For details about Oracle Cloud Infrastructure platform images, see Oracle-Provided Images.
You can also launch instances from:
Trusted third-party images published by Oracle partners from the Partner Image catalog. For more
information about partner images, see Overview of Marketplace and Working with Listings.
Pre-built Oracle enterprise images and solutions enabled for Oracle Cloud Infrastructure
Which statement is true about Oracle Cloud Infrastructure (OCI) object storage support for
server-side encryption?
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 26/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
- Oracle Object Storage supports server-side encryption. All data stored in Oracle Object Storage is
automatically encrypted
- Encryption is automatically enabled for all data with no action required on the part of customers.
- Oracle encrypt both the object data and the user-defined metadata associated with the object.
Ref : https://www.oracle.com/cloud/storage/object-storage-faq.html
Which two statements are true about an Oracle Cloud Infrastructure object storage bucket?
(Choose two.)
Explanation
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 27/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
You can't edit or append data to an object, but you can replace the entire object.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841688/result/303280260#overview 28/28
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
You can create a clone from a volume using the Block Volume service. Cloning enables you to make a
copy of an existing block volume without needing to go through the backup and restore process.
A cloned volume is a point-in-time direct disk-to-disk deep copy of the source volume, so all the data
that is in the source volume when the clone is created is copied to the clone volume.
You can only create a clone for a volume within the same region, availability domain and tenant. You
can create a clone for a volume between compartments as long as you have the required access
permissions for the operation.
during create a clone you can do the following
If you want to clone the block volume to a larger size volume, check Custom Block Volume Size
(GB) and then specify the new size. You can only increase the size of the volume, you cannot decrease
the size. If you clone the block volume to a larger size volume, you need to extend the volume's
partition. See Extending the Partition for a Block Volume for more information.
If you want to change the elastic performance setting when cloning the volume, check Custom Block
Volume Performance and select the elastic performance setting you want the volume clone to use.
See Block Volume Elastic Performance for more information. You can also change the elastic
performance setting after you have cloned the volume, see Block Volume Elastic Performance. If you
leave Custom Block Volume Performanceunchecked, the cloned volume will use the same elastic
performance setting as the source volume.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 1/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
You have created a new compartment called Production to host some production apps. You
have also created users in your tenancy and added them to a Group called "production group".
Your users are still unable to access the Production compartment. How can you resolve this
situation?
Explanation
When creating a compartment, you must provide a name for it (maximum 100 characters, including
letters, numbers, periods, hyphens, and underscores) that is unique within its parent compartment.
You must also provide a description, which is a non-unique, changeable description for the
compartment, from 1 through 400 characters.
After creating a compartment, you need to write at least one policy for it, otherwise no one can
access it (except administrators or users who have permissions set at the tenancy level). When
creating a compartment inside another compartment, the compartment inherits access permissions
from compartments higher up its hierarchy.
When you create an access policy, you need to specify which compartment to attach it to. This
controls who can later modify or delete the policy. Depending on how you've designed your
compartment hierarchy, you might attach it to the tenancy, a parent, or to the specific compartment
itself.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 2/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Which two options are available within the service console of Autonomous Transaction
Processing?
Explanation
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 3/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
You are running several Linux based operating systems in your on .premises environment that
you want to import to OCI as custom images. You can launch your imported images as OCI
compute Virtual machines. Which two modes below can be used to launch these imported
Linux VMs?
Emulated (Correct)
Paravirtualized (Correct)
Mixed
Native
Explanation
You can use the Console or API to import exported images from Object Storage. To import an image,
you need read access to the Object Storage object containing the image.
during the Import you can select the Launch mode:
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 4/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
For custom images where the image format is .oci , Oracle Cloud Infrastructure selects the
applicable launch mode based on the launch mode for the source image.
For custom images exported from Oracle Cloud Infrastructure where the image type is QCOW2,
select Native Mode.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 5/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 6/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
You have an application deployed in Oracle Cloud Infrastructure running in the US East region.
You have been asked to create a disaster recovery plan that will protect against the loss of
critical data. The DR site must be at least a few hundred miles from your primary site and data
transfer between the two sites must not traverse the public Internet. Which is the lowest
latency and lowest cost recommended disaster recovery plan?
Explanation
Remote VCN peering is the process of connecting two VCNs in different regions (but the
same tenancy ). The peering allows the VCNs' resources to communicate using private IP addresses
without routing the traffic over the internet or through your on-premises network. Without peering, a
given VCN would need an internet gateway and public IP addresses for the instances that need to
communicate with another VCN in a different region.
At a high level, the Networking service components required for a remote peering include:
- Two VCNs with non-overlapping CIDRs, in different regions that support remote peering. The VCNs
must be in the same tenancy.
- A dynamic routing gateway (DRG) attached to each VCN in the peering relationship. Your VCN
already has a DRG if you're using an IPSec VPN or an Oracle Cloud Infrastructure FastConnect private
virtual circuit.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 7/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Supporting security rules to control the types of traffic allowed to and from the instances in the
subnets that need to communicate with the other VCN.
Which three items must be configured for a load balancer to accept incoming traffic?
SSL certificate
A listener (Correct)
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 8/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
The essential components for load balancing include:
1- A load balancer with pre-provisioned bandwidth.
Optionally, you can associate your listeners with SSL server certificate bundles to manage how your
system handles SSL traffic.
Explanation
Oracle automatically takes care of Operating system Installation/Configuration, Grid Infrastructure,
ASM diskgroup Creation/Configuration , and database software Installation and first database on the
DB System. that's all when Creating DB Systems. and then the customer responsible to apply the
patches to the database and OS
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 9/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Which two statements are true about Oracle Cloud Infrastructure IPSec VPN Connect?
Explanation
VPN Connect provides a site-to-site IPSec VPN between your on-premises network and your virtual
cloud network (VCN). The IPSec protocol suite encrypts IP traffic before the packets are transferred
from the source to the destination and decrypts the traffic when it arrives.
Tunnel mode (supported by Oracle): IPSec encrypts and authenticates the entire packet. After
encryption, the packet is then encapsulated to form a new IP packet that has different header
information.
Oracle Cloud Infrastructure supports only the tunnel mode for IPSec VPNs.
Each Oracle IPSec VPN consists of multiple redundant IPSec tunnels. For a given tunnel, you can use
either Border Gateway Protocol (BGP) dynamic routing or static routing to route that tunnel's
traffic. More details about routing follow.
The internal IP addresses of the participating networks and nodes are hidden from external users.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 10/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
The entire communication between the source and destination sites is encrypted, significantly
lowering the chances of information theft.
Which two Oracle Cloud Infrastructure services use a Dynamic Routing Gateway?
Internet Gateway
Local Peering
Explanation
You can think of a DRG as a virtual router that provides a path for private traffic (that is, traffic that
uses private IPv4 addresses) between your VCN and networks outside the VCN's region.
You use a DRG when connecting your existing on-premises network to your virtual cloud network
(VCN) with one (or both) of these:
IPSec VPN
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 11/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
A customer has launched a compute instance In the Virtual Cloud Network (VCN), which has an
internet gateway, a service gateway, a default security lists and a default route table. Customer
has opened up Port 22 In the security lists attached to the compute Instance subnet, however is
still unable to connect to compute Instances using ssh.
Explanation
You create an internet gateway in the context of a specific VCN. In other words, the internet gateway
is automatically attached to a VCN. However, you can disable and re-enable the internet gateway at
any time.
For traffic to flow between a subnet and an internet gateway, you must create a route rule accordingly
in the subnet's route table (for example, destination CIDR = 0.0.0.0/0 and target = internet gateway).
If the internet gateway is disabled, that means no traffic will flow to or from the internet even if
there's a route rule that enables that traffic.
For the purposes of access control, you must specify the compartment where you want the internet
gateway to reside. If you're not sure which compartment to use, put the internet gateway in the same
compartment as the cloud network.
You have two NFS clients running in two different subnets within the same Oracle Cloud
Infrastructure (OCI) Virtual Cloud Network (VCN). You have created a shared file system for the
two NFS clients who want to connect to the same file system, but you want to restrict one of
the clients to have READ access while the other has READ/Write access. Which OCr feature
would you leverage to meet this requirement?
Use VCN security rules to control access for the NFS clients
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 13/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
Oracle Cloud Infrastructure File Storage service provides a durable, scalable, secure, enterprise-grade
network file system. You can connect to a File Storage service file system from any bare metal, virtual
machine, or container instance in your Virtual Cloud Network (VCN). You can also access a file system
from outside the VCN using Oracle Cloud Infrastructure FastConnect and Internet Protocol security
(IPSec) virtual private network (VPN).
EXPORT
Exports control how NFS clients access file systems when they connect to a mount target. File systems
are exported (made available) through mount targets. Each mount target maintains an export set
which contains one or many exports. A file system must have at least one export in one mount target
in order for instances to mount the file system. The information used by an export includes the file
system OCID, mount target OCID, export set OCID, export path, and client export options. For more
information, see Managing Mount Targets.
EXPORT SET
Collection of one or more exports that control what file systems the mount target exports using
NFSv3 protocol and how those file systems are found using the NFS mount protocol. Each mount
target has an export set. Each file system associated with the mount target has at least one export in
the export set.
EXPORT PATH
A path that is specified when an export is created. It uniquely identifies the file system within the
mount target, letting you associate up to 100 file systems to a single mount target. This path is
unrelated to any path within the file system itself, or the client mount point path.
EXPORT OPTIONS
NFS export options are a set of parameters within the export that specify the level of access granted
to NFS clients when they connect to a mount target. An NFS export options entry within an export
defines access for a single IP address or CIDR block range. For more information, see Working with
NFS Export Options.
Which two statements are true about the Oracle Cloud Infrastructure object storage service?
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 14/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
STRONG CONSISTENCYWhen a read request is made, Object Storage always serves the most recent
copy of the data that was written to the system.DURABILITYObject Storage is a regional service. Data
is stored redundantly across multiple storage servers. Object Storage actively monitors data integrity
using checksums and automatically detects and repairs corrupt data. Object Storage actively monitors
and ensures data redundancy. If a redundancy loss is detected, Object Storage automatically creates
more data copies. For more details about Object Storage durability, see the Oracle Cloud
Infrastructure Object Storage FAQ.CUSTOM METADATAYou can define your own extensive metadata
as key-value pairs for any purpose. For example, you can create descriptive tags for objects, retrieve
those tags, and sort through the data. You can assign custom metadata to objects and buckets using
the Oracle Cloud Infrastructure CLI or SDK. See Software Development Kits and Command Line
Interface for details.ENCRYPTIONObject Storage employs 256-bit Advanced Encryption Standard
(AES-256) to encrypt object data on the server. Each object is encrypted with its own data encryption
key. Data encryption keys are always encrypted with a master encryption key that is assigned to the
bucket. Encryption is enabled by default and cannot be turned off. By default, Oracle manages the
master encryption key. However, you can optionally configure a bucket so that it's assigned an Oracle
Cloud Infrastructure Vault master encryption key that you control and rotate on your own schedule.
You deployed a web server in Oracle Cloud Infrastructure using an Ephemeral Public IP address.
While making configuration changes, an admin inadvertently deleted your web seNer. You
redeploy your web server, but many of your LOB apps depend on this web server's public IP
address and would need an update. What can you do to prevent this from happening again?
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 15/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
A public IP address is an IPv4 address that is reachable from the internet. If a resource in your tenancy
needs to be directly reachable from the internet, it must have a public IP address. Depending on the
type of resource, there might be other requirements.
Reserved: Think of it as persistent and existing beyond the lifetime of the instance it's assigned to.
You can unassign it and then reassign it to another instance whenever you like. Exception: reserved
public IPs on public load balancers.
Open the navigation menu. Under Core Infrastructure, go to Networking and click Public IPs.
Click Create Reserved Public IP.
Compartment: Leave as is.
Tags:Optionally, you can apply tags. If you have permissions to create a resource, you also have
permissions to apply free-form tags to that resource. To apply a defined tag, you must have
permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you
are not sure if you should apply tags, skip this option (you can apply tags later) or ask your
administrator.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 16/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Confirm you're viewing the compartment that contains the instance with the private IP you're
interested in.
Open the navigation menu. Under Core Infrastructure, go to Compute and click Instances.
The primary VNIC and any secondary VNICs attached to the instance are displayed.
Click the VNIC you're interested in.
For the private IP you're interested in, click the Actions icon (three dots), and then click Edit.
In the Public IP Address section, for Public IP Type, select the radio button for Reserved Public IP.
Reserved Public IP: The reserved public IP you want to assign. You have three choices:
Create a new reserved public IP. You may optionally provide a friendly name for it. The name doesn't
have to be unique, and you can change it later. Avoid entering confidential information.
Click Update.
Which statement is true about the Oracle Cloud Infrastructure File Storage Service Snapshots?
You can restore the whole snapshot, but not the individual
files
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 17/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
The File Storage service supports snapshots for data protection of your file system. Snapshots are a
consistent, point-in-time view of your file systems. Snapshots are copy-on-write, and scoped to the
entire file system. The File Storage service encrypts all file system and snapshot data at rest. You can
take as many snapshots as you need.
Data usage is metered against differentiated snapshot data. If nothing has changed within the file
system since the last snapshot was taken, the new snapshot does not consume more storage
Snapshots are accessible under the root directory of the file system at .snapshot/name . For data
protection, you can use a tool that supports NFSv3 to copy your data to a different availability
domain, region, file system, object storage, or remote location.
You have five different company locations spread across the US. For a proof-of-concept (POC)
you need to setup secure and encrypted connectivity to your workloads running in a single
virtual cloud network (VCN) in the Oracle Cloud Infrastructure Ashburn region from all
company locations.
to your VCN.
Explanation
Access to Your On-Premises Network
There are two ways to connect your on-premises network to Oracle Cloud Infrastructure:
VPN Connect: Offers multiple IPSec tunnels between your existing network's edge and your VCN, by
way of a DRG that you create and attach to your VCN.
Oracle Cloud Infrastructure FastConnect: Offers a private connection between your existing network's
edge and Oracle Cloud Infrastructure. Traffic does not traverse the internet. Both private peering and
public peering are supported. That means your on-premises hosts can access private IPv4 addresses
in your VCN as well as regional public IPv4 addresses in Oracle Cloud Infrastructure (for example,
Object Storage or public load balancers in your VCN).
You can use one or both types of the preceding connections. If you use both, you can use them
simultaneously, or in a redundant configuration. These connections come to your VCN by way of a
single DRG that you create and attach to your VCN. Without that DRG attachment and a route rule for
the DRG, traffic does not flow between your VCN and on-premises network. At any time, you can
detach the DRG from your VCN but maintain all the remaining components that form the rest of the
connection. You could then reattach the DRG again, or attach it to another VCN.
The Oracle Cloud Infrastructure Block Volume service lets you expand the size of block and
boot volumes. Which three options below can you use to increase the size of your block
volumes?
You can only expand block volumes and not boot volumes
Explanation
The Oracle Cloud Infrastructure Block Volume service lets you expand the size of block volumes and
boot volumes. You have three options to increase the size of your volumes:
Expand an existing volume in place with offline resizing. See Resizing a Volume Using the
Console for the steps to do this.
Restore from a volume backup to a larger volume. See Restoring a Backup to a New
Volumeand Restoring a Boot Volume.
Clone an existing volume to a new, larger volume. See Cloning a Volume and Cloning a Boot Volume.
Which two statements are true about Autonomous Data Warehouse (ADW) backup
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 20/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
Autonomous Database automatically backs up your database for you.In addition to automatic
backups Autonomous Database also allows you take manual backups to your Oracle Cloud
Infrastructure Object Storage. for example if you want to take a backup before a major change to
make restore and recovery faster.
Also, Manual backups are only supported with buckets created in the standard storage tier
if you provision an Autonomous Data Warehouse instance named ADWC1, the bucket name should
be backup_adwc1 (the bucket name is lowercase)
You have an instance running in a development compartment that needs to make API calls
against other OCI services, but you do not want to configure user credentials or a store a
configuration file on the instance. How can you meet this requirement?
Explanation
Dynamic groups allow you to group Oracle Cloud Infrastructure computer instances as "principal"
actors (similar to user groups).
When you create a dynamic group, rather than adding members explicitly to the group, you instead
define a set of matching rules to define the group members. For example, a rule could specify that all
instances in a particular compartment are members of the dynamic group. The members can change
dynamically as instances are launched and terminated in that compartment.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 21/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
A dynamic group has no permissions until you write at least one policy that gives that dynamic group
permission to either the tenancy or a compartment. When writing the policy, you can specify the
dynamic group by using either the unique name or the dynamic group's OCID. Per the preceding
note, even if you specify the dynamic group name in the policy, IAM internally uses the OCID to
determine the dynamic group.
Which of the following two tasks can be performed in the Oracle Cloud Infrastructure Console
for Autonomous Data Warehouse?
Explanation
You can scale up/down your Autonomous Database to scale both in terms of compute (CPU) and
storage only when needed, allows people to pay per use.
Oracle allows you to scale compute and storage independently, no need to do it together. these
scaling activities fully online (no downtime required)
in Details page Autonomous Database in OCI console, click Scale Up/Down. Click on arrow to select a
value for CPU Core Count or Storage (TB).
Or Select auto scaling to allow the system to automatically use up to three times more CPU and IO
resources to meet workload demand, compared to the database operating with auto scaling disabled.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 22/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Which two characteristics do you need to consider when choosing a method to migrate a
database to Oracle Cloud Infrastructure (OCI)?
Explanation
You can migrate your on-premises Oracle Database to an Oracle Cloud Infrastructure Database
service database using a number of different methods that use several different tools. The method
that applies to a given migration scenario depends on several factors, including the version, character
set, and platform endian format of the source and target databases.
Choosing a Migration Method
Not all migration methods apply to all migration scenarios. Many of the migration methods apply
only if specific characteristics of the source and destination databases match or are compatible.
Moreover, additional factors can affect which method you choose for your migration from among the
methods that are technically applicable to your migration scenario.
Some of the characteristics and factors to consider when choosing a migration method are:
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 23/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Network bandwidth
To determine which migration methods are applicable to your migration scenario, gather the
following information.
2) For on-premises Oracle Database 12c Release 2 and Oracle Database 12c Release 1 databases, the
architecture of the database:
Multitenant container database (CDB)
Non-CDB
The Oracle Cloud Infrastructure Database uses the Linux platform, which is little endian.
4) Database character set of your on-premises database and the Oracle Cloud Infrastructure Database
database.
Some migration methods require that the source and target databases use compatible database
character sets.
5) Database version of the Oracle Cloud Infrastructure Database database you are migrating to:
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 24/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
You have launched a compute instance running Oracle database in a private subnet in the
Oracle Cloud Infrastructure US East region. You have also created a Service Gateway to back up
the data files to OCI Object Storage in the same region. You have modified the security list
associated with the private subnet to allow traffic to the Service Gateway, but your instance
still cannot access OCI Object Storage. How can you resolve this issue?
Use the default Security List, which has ports open for OCI
Object Storage
Add a stateful rule that enables egress HTTPS (TCP port 443)
traffic to OCI Object Storage in the security list associated
with the private subnet
Explanation
A service gateway lets your virtual cloud network (VCN) privately access specific Oracle services
without exposing the data to the public internet. No internet gateway or NAT is required to reach
those specific services. The resources in the VCN can be in a private subnet and use only private IP
addresses. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and
never traverses the internet.
The service gateway is regional and enables access only to supported Oracle services in the same
region as the VCN.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 25/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
For traffic to be routed from a subnet in your VCN to a service gateway, you must add a rule
accordingly to the subnet's route table. The rule must use the service gateway as the target. For the
destination, you must use the service CIDR label that is enabled for the service gateway. This means
that you don't have to know the specific public CIDRs, which could change over time.
You have the following compartment structure in your tenancy. Root compartment->Training-
>Training-subl ->Training-sub2 You create a policy in the root compartment to allow the
default admin for the account (Administrators) to manage block volumes in compartment
Training-sub2. What policy would you write to meet this requirement?
Explanation
a policy statement must specify the compartment for which access is being granted (or the tenancy).
Where you create the policy determines who can update the policy. If you attach the policy to the
compartment or its parent, you can simply specify the compartment name. If you attach the policy
further up the hierarchy, you must specify the path. The format of the path is each compartment
name (or OCID) in the path, separated by a colon:
<compartment_level_1>:<compartment_level_2>: . . . <compartment_level_n>
For example, assume you have a three-level compartment hierarchy, shown here:
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 26/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
You want to create a policy to allow NetworkAdmins to manage VCNs in CompartmentC. If you want
to attach this policy to CompartmentC or to its parent, CompartmentB, write this policy statement:
However, if you want to attach this policy to CompartmentA (so that only administrators of
CompartmentA can modify it), write this policy statement that specifies the path:
To attach this policy to the tenancy, write this policy statement that specifies the path from
CompartmentA to CompartmentC:
Which statement is true about the Oracle Cloud Infrastructure File Storage Service Mount
Target?
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 27/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
A mount target is an NFS endpoint that lives in a VCN subnet of your choice and provides network
access for file systems. The mount target provides the IP address or DNS name that is used together
with a unique export path to mount the file system. A single mount target can export many file
systems. Typically, you create your first mount target and export when you create your first file
system. The mount target maintains an export set which contains all of the exports for its associated
file systems.
Limitations and Considerations
Each availability domain is limited to two mount targets by default. However, you can export up to
100 file systems through each mount target.
See Service Limits for a list of applicable limits and instructions for requesting a limit increase.
Each mount target requires three internal IP addresses in the subnet to function. Two of the IP
addresses are used during mount target creation. The third IP address must remain available for the
mount target to use for high availability failover.
The File Storage service doesn't "reserve" the third IP address required for high availability failover.
Use care when designing your subnets and file systems to ensure that sufficient IP addresses remain
available for your mount targets.
Your IT department wants to cut down storage costs, but also meet compliance requirements
as set up by the central audit group. You have a legacy bucket with both Word does (*.docx)
and Excel files (*.xlsx). Your auditors want to retain only Excel files for compliance purposes.
Your IT departments wants to keep all other files for 365 days only. What two steps can you
take to meet this requirement?
Explanation
Object Lifecycle Management lets you automatically manage the archiving and deletion of objects. By
using Object Lifecycle Management to manage your Object Storage and Archive Storagedata, you can
reduce your storage costs and the amount of time you spend managing data.
Use object name filters to specify which objects the lifecycle rule applies to.
You can add object filters in any order. Object Lifecycle Management evaluates the precedence of the
rules as follows:
Pattern exclusions
Pattern inclusions
Prefix inclusions
You have a working application in the US East region. The app is a 3-tier app with a database
backend - you take regular backups of the database into OCI Object Storage in the US East
region. For Business continuity; you are leveraging OCI Object Storage cross-region copy
feature to copy database backups to the US West region. Which of the following three steps do
you need to execute to meet your requirement?
Explanation
You can copy objects to other buckets in the same region and to buckets in other regions.
You must have the required access to both the source and destination buckets when performing an
object copy. You must also have permissions to manage objects in the source and destination
buckets.
Because Object Storage is a regional service, you must authorize the Object Storage service for each
region carrying out copy operations on your behalf. For example, you might authorize the Object
Storage service in region US East (Ashburn) to manage objects on your behalf. Once you authorize
the Object Storage service, you can copy an object stored in a US East (Ashburn) bucket to a bucket in
another region.
You can use overwrite rules to control the copying of objects based on their entity tag (ETag) values.
Specify an existing target bucket for the copy request. The copy operation does not automatically
create buckets.
You have deployed a compute instance (VM.Standard2.24) to run an Oracle database. With this
set up, you run into some performance issues and want to leverage an OCI Dense IO shape
(VM.DenseIO2.24), with which you get 25.6 TB local NVMe SSD. You do not want to lose the
configuration changes you made to the instance. Which of the following TWO steps ARE
NOT required to make this transition?
Explanation
Question is "ARE NOT"
You can permanently terminate (delete) instances that you no longer need. Any attached VNICs and
volumes are automatically detached when the instance terminates. Eventually, the instance's public
and private IP addresses are released and become available for other instances. By default, the
instance's boot volume is deleted when you terminate the instance, however you can preserve the
boot volume associated with the instance, so that you can attach it to a different instance as a data
volume, or use it to launch a new instance.
Dense I/O Shapes Designed for large databases, big data workloads, and applications that require
high-performance local storage. DenseIO shapes include locally-attached NVMe-based SSDs.
so once you create the VM.DenseIO you need to moce the Database to locally-attached NVMe-
based SSDs
You are a network architect of an application running on Oracle Cloud Infrastructure (OCI).
Your security team has informed you about a security patch that needs to be applied
immediately to one of the backend web servers. What should you do to ensure that the OCI
load balancer does not forward traffic to this backend server during maintenance?
St th l db l f i t d t t th l d
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 31/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Stop the load balancer for maintenance and restart the load
balancer after the maintenance is finished
Explanation
A load balancer improves resource utilization, facilitates scaling, and helps ensure high
availability. You can configure multiple load balancing policies and application-specific health
checks to ensure that the load balancer directs traffic only to healthy instances. The load
balancer can reduce your maintenance window by draining traffic from an unhealthy
The Load Balancing service considers a server marked drain available for existing persisted
sessions. New requests that are not part of an existing persisted session are not sent to that
server.
Edit Drain State: Opens a dialog box in which you can change the drain state.
If you set the server's drain status to true, the load balancer stops forwarding
new TCP connections and new non-sticky HTTP requests to this backend server.
This setting allows an administrator to take the server out of rotation for
maintenance purposes.
e. Edit Offline State: Opens a dialog box in which you can change the offline
status.
If you set the server's offline status to true, the load balance forwards no ingress
You have two line of business operations (LOB1, LOB2) leveraging Oracle Cloud Infrastructure.
LOB1 is deployed in VCN1 in the OCI US East region, while LOB2 is deployed in VCN2 in the US
West region. You need to peer VCN1 and VCN2 for disaster recovery and data backup purposes.
To ensure you can utilize the OCI Virtual Cloud Network remote peering feature, which CIDR
ranges should be used?
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 32/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
VCN1 (10.0.0.0/16) will use the IP Range from 10.0.0.0 to 10.0.255.255 and the VNC 2 (172.16.0.0/16)
will use the IP Range from 172.16.0.0 to 172.16.255.255 the will not be overlap between the 2 VCN
Which of the following statement is true regarding Oracle Cloud Infrastructure Object Storage
Pre-Authenticated Requests?
Explanation
Pre-authenticated requests provide a way to let users access a bucket or an object without having
their own credentials, as long as the request creator has permissions to access those objects. For
example, you can create a request that lets an operations support user upload backups to a bucket
without owning API keys. Or, you can create a request that lets a business partner update shared data
in a bucket without owning API keys.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 33/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
When you create a pre-authenticated request, a unique URL is generated. Anyone you provide this
URL to can access the Object Storage resources identified in the pre‑authenticated request, using
standard HTTP tools like curl and wget.
There is no time limit to the expiration date that you can set.
You can't edit a pre-authenticated request. If you want to change user access options in response to
changing requirements, you must create a new pre‑authenticated request.
The target and actions for a pre-authenticated request are based on the creator's permissions. The
request is not, however, bound to the creator's account login credentials. If the creator's login
credentials change, a pre-authenticated request is not affected.
You cannot delete a bucket that has a pre-authenticated request associated with that bucket or with
an object in that bucket.
Changing the type of access is bi-directional. You can change a bucket's access from public to private
or from private to public.
Changing the type of access doesn't affect existing pre-authenticated requests. Existing pre-
authenticated requests still work.
Which two statements are true about Oracle Cloud Infrastructure (OCI) DB Systems Data Guard
service?
Explanation
An Oracle Data Guard implementation requires two DB systems, one containing the primary database
and one containing the standby database. When you enable Oracle Data Guard for a virtual machine
DB system database, a new DB system with the standby database is created and associated with the
primary database. For a bare metal DB system, the DB system with the database that you want to use
as the standby must already exist before you enable Oracle Data Guard.
- If your primary and standby databases are in different regions, then you must peer the virtual cloud
networks (VCNs) for each database.
- Configure the security list ingress and egress rules for the subnets of both DB systems in the Oracle
Data Guard association to enable TCP traffic to move between the applicable ports. Ensure that the
rules you create are stateful (the default).
Your application consists of three Oracle Cloud Infrastructure compute instances running
behind a public load balancer. You have configured the load balancer to perform health checks
on these instances, but one of the three instances fails to pass the configured health check.
Which of the following action will the load balancer perform?
Remove the instance that failed the health check from the
backend set
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 35/36
5/7/2020 Oracle Cloud Infrastructure 2019 Architect Associate | Udemy
Explanation
health check A test to confirm the availability of backend servers. A health check can be a request or a
connection attempt. Based on a time interval you specify, the load balancer applies the health check
policy to continuously monitor backend servers. If a server fails the health check, the load balancer
takes the server temporarily out of rotation. If the server subsequently passes the health check, the
load balancer returns it to the rotation.
You configure your health check policy when you create a backend set. You can configure TCP-level or
HTTP-level health checks for your backend servers.
- TCP-level health checks attempt to make a TCP connection with the backend servers and validate
the response based on the connection status.
- HTTP-level health checks send requests to the backend servers at a specific URI and validate the
response based on the status code or entity data (body) returned.
The service provides application-specific health check capabilities to help you increase availability and
reduce your application maintenance window.
https://www.udemy.com/course/oracle-cloud-infrastructure-2019-architect-associate-1z0-1072/learn/quiz/4841986/result/303281942#overview 36/36