OCI Architect 2021 Professional [1Z0-997-21]

DUMPS
1)You work for a public health care company based in the United States. Their
existing patient records system runs in an on-premise data center and the customer
is sending tape backups offsite as part of their disaster recovery planning.
You developed an alternative archival solution using Oracle Cloud Infrastructure
(OCI) that will save the company a significant amount of money on a yearly basis.
The solution involves storing data in an OCI Object Storage bucket. After reviewing
your solution with the customer Global Risk and Compliance (GRC) team, they
highlighted four security requirements:
✑ All data less than 1 year old must be accessible within 2 hours.
✑ All data must be retained for at least 10 years and be accessible within 48 hours.
✑ All data must be encrypted at rest.
✑ No data may be transmitted across the public internet
Which two options meet the requirements outlined by the customer GRC team?
(Choose two.)

• A. Provision a FastConnect link to the closest OCI region and configure a

private peering virtual circuit.
• B. Provision a FastConnect link to the closest OCI region and configure a
public peering virtual circuit.
• C. Create an OCI Object Storage Standard tier bucket. Configure a lifecycle
policy to archive any object that is older than 365 days.
• D. Create an OCI Object Storage Standard tier bucket. Configure a lifecycle
policy to delete any object that is older than 7 years.
• E. Create a VPN connection between your on-premises data center and OCI.
Create a Virtual Cloud Network (VCN) along with an OCI Service Gateway for
OCI Object Storage.

2)You developed a microservices based application that runs on Oracle Cloud

Infrastructure (OCI) Container Engine for Kubernetes (OKE). You want to provide
access to this cluster to other team members.
What should you do to provide access to this cluster using as fewest steps as
possible?

• A. Create a group in OCI Infrastructure Access Management (IAM). Create a

policy to grant access to the OKE cluster. Other team members should use
OCI Cloud Shell to generate the kubeconfig into their own cloud shell
environment and access the cluster using kubectl from cloud shell.
• B. Create a group in OCI Infrastructure Access Management (IAM). Create a
policy to grant access to the OKE cluster. Create individual users and access
token for each team member. Other team members should use OCI Cloud
Shell to generate the kubeconfig into their own cloud shell environment and
access the cluster using kubectl from cloud shell.
• C. Create a group in OCI Infrastructure Access Management (IAM). Create a
policy to grant access to the OKE cluster. Create a cluster role and cluster
 role binding to provide access to the cluster for each team member. Other
team members should install oci cli and kubectl locally on their laptop. Use the
oci cli to generate the kubeconfig and use kubectl to access the cluster.
• D. Create a group in OCI Infrastructure Access Management (IAM). Create a
policy to grant access to the OKE cluster. Other team members should install
oci cli and kubectl locally on their laptop. Use the oci cli to generate the
kubeconfig and use kubectl to access the cluster.

3)You developed a microservices based application that runs on Oracle Cloud

Infrastructure (OCI) container engine for kubernetes (OKE). Your security team
wants to Use SSL termination for this application. What should you do to create a
secure SSL termination for this application using fewest steps?

• Create a self-signed certificate and it's corresponding key. Create a

kubernetes secret using the certificate and the key, then add these
annotations to the kubernetes service:

Service.beta.kubernete.io/oci-load-balancer-ssl-ports: "443"
Service.beta.kubernetes.io/oci-load-balancer-tls-secret: SSL-CERTIFICATE-
SECRET

4)Your company developed a function that needs to access the Oracle Database to
inject some data to it at runtime. You are tasked to move this function to the
Oracle Cloud Infrastructure (OCI) and use Oracle Functions and access Oracle
Autonomous Database. You created a Dockerfile below to run this function,
however, you are getting this error "cx_Oracle.DatabaseError: ORA""12560:
TNS:protocol adapter error".

5)What should you do to make sure that Oracle Functions can run this Dockerfile
properly? (Choose the best answer.)

• A. Add these two lines to your Dockerfile: groupadd """"gid 1000 fn && \
adduser """"uid 1000 """"gid fn fn
 • B. Use """"privileged flag while running the Docker container to add runtime
privilege
• C. Use """"cap""add=ALL flag while running the Docker container to add
runtime capability
• D. You ned to run this Container as root, so add this line: USER root

6) Which three scenarios are suitable for the use of Oracle Cloud Infrastructure
(OCI) Autonomous Transaction Processing "" Serverless (ATP-S) deployment?
(Choose three.)

• A. A manufacturing company is running Oracle E-Business Suite application

on-premises. They are looking to move this application to OCI and they want
to use a managed database offering for their database tier.
• B. A midsize company is considering migrating its legacy on-premises
MongoDB database to Oracle Cloud Infrastructure (OCI). The database has
significantly higher workloads on weekends than weekdays.
• C. A small startup is deploying a new application for eCommerce and it
requires a database to store customers' transactions. The team is unsure of
what the load will look like since it is a new application.
• D. A well-established, online auction marketplace is running an application
where there is database usage 24x7, but also has peaks of activity that are
hard to predict. When the peaks happen, the total activities may reach 3 times
the normal activity level.
• E. A developer working on an internal project needs to use a database during
work hours but doesn't need it during nights or weekends. The project budget
requires her to keep costs low.

7)You are working as a solution architect with a global automotive provider who is
looking to create a multi-cloud solution. They want to run their application tier in
Microsoft Azure while utilizing the Oracle DB Systems in the Oracle Cloud
Infrastructure (OCI).
What is the most-fault tolerant and secure solution for this customer? (Choose the
best answer.)

• A. Deploy the Oracle database system into a public subnet in your VCN and
assign a public IP address. Connect your application tier running in Azure to
the public IP address of the database system over the internet.
• B. Create a FastConnect virtual circuit with Microsoft Azure as the provider to
establish a private interconnect between the application tier running in the
Azure Virtual Network and the OCI VCN that contains the Oracle Databases.
• C. Create an encrypted, Virtual Private Network connection between the
Microsoft Azure Virtual Network that contains the application tier and the OCI
Virtual Cloud Network (VCN) that contains the Oracle Databases.
• D. Use an OCI Virtual Cloud Network remote peering connection to create a
remote network connection between the application tier running in Microsoft
Azure Virtual Network and Oracle Databases running in the OCI Virtual Cloud
Network (VCN).
8)Your customer recently provisioned a 1-Gbps FastConnect connection in ap-tokyo-
1 region of Oracle Cloud Infrastructure (OCI). They will use this to connect to one
Virtual Cloud Network (VCN) in their production OCI tenancy compartment and
another VCN in their development OCI tenancy.
How should you configure the connectivity between on-premises and the two VCNs
in OCI using the single FastConnect connection? (Choose the best answer.)

• A. Provision a Dynamic Routing Gateway (DRG) and create a private virtual

circuit for the FastConnect connection. Create one additional route table in
your production VCN that includes two routes rules. One with a destination of
the on-premises network using the DRG, and a second with a destination of
the development VCN, also using the DRG.
• B. Create two private virtual circuits on the FastConnect link. Create two
Dynamic Routing Gateways, one for each VCNs. Attach the virtual circuits to
the dynamic routing gateways.
• C. Create a hub-VCN that uses DRG to communicate with the on-premises
network over FastConnect. Connect the hub-VCN to the production VCN
spoke and with development VCN spoke, each peered via their respective
Local Peering Gateway (LPG).
• D. Create a single private virtual circuit over FastConnect and attach
Fastconnect to either of the VCN's DRG. Use Remote Peering to peer
production and development VCNs.

9)You work for a bank as the lead Oracle Cloud Infrastructure architect. You
designed a highly scalable solution for your company's banking application. The
architecture includes a load balancer, application servers with autoscaling
configuration based on CPU utilization, and an Autonomous Database with
Transaction
Processing workload type running in a Virtual Cloud Network (VCN).
During the peak utilization period, the application users complain that the application
runs slow.
What are two possible reasons for the application running slow at times? (Choose
two.)

• A. The VCN does not have a Network Security Group configured to allow
traffic from the load balancer to all the application servers in the backend set.
• B. Instance pool in autoscaling configuration for the application servers did not
scale out due to compartment quota breach of the VM shapes used by the
application servers.
• C. The load balancer is not configured correctly to send traffic to all the
listeners of the application servers in the backend set.
• D. Instance pool in autoscaling configuration for the Autonomous Database
did not scale out due to misconfigured scaling policy.
• E. Instance pool in autoscaling configuration for the application servers did not
scale out due to service limit breach of the VM shapes used by the application

10)An automobile company wants to deploy their CRM application for Oracle
Database on Oracle Cloud Infrastructure (OCI) DB Systems for one of its major
clients.
In compliance with the business continuity program of the client, they need to
provide a Recovery Point Objective (RPO) of 24 hours and a Recovery Time
Objective (RTO) of 1 hour. The CRM application should be available even in the
event that an entire OCI Region is down.
Which approach meets these requirements in the most cost effective manner?
(Choose the best answer.)

• A. Deploy a 1 node VM Oracle database in one region. Manually Configure a

Recovery Manager (RMAN) database backup schedule to take hourly
database backups. Asynchronously copy the database backups to object
storage in another OCI region. If the primary OCI region is unavailable, launch
a new 1 node VM Database in the other OCI region and restore the
production database from the backup.
• B. Deploy a 1 node VM Oracle database in one region and replicate the
database to a 1 node VM Oracle database in another region using a manual
setup and configuration of Oracle Data Guard.
• C. Deploy an Autonomous Transaction Processing database in one region
and replicate it to an Autonomous Transaction Processing database in
another region using Oracle GoldenGate.
• D. Deploy a 2 node Virtual Machine (VM) Oracle RAC database in one region
and replicate the database to a 2 node VM Oracle RAC database in another
region using a manual setup and configuration of Oracle Data Guard.

11)A telecom company has an application running in Oracle Cloud Infrastructure

(OCI) Germany Central (eu-frankfurt-1) region. They want to configure Disaster
Recovery (DR) site in the OCI UK South (uk-london-1) region. Which is the most
cost effective option to help set up application and persistence layers in the DR
site?

Application layer: configure Traffic Management steering policy with Load

Balancing policy between servers in eu-frankfurt-1 and uk-london-1 regions.
Persistence layer: set up policy to schedule cross-region automated backups of
block volumes between eu-frankfurt-1 and uk-london-1 regions.

12)You are the Solution Architect that designed this Oracle Cloud Infrastructure
(OCI) compartment layout for your organization:
 The development team has deployed quite a few instances under "˜Compute'
Compartment and the operations team needs to list the instances under the
same compartment for their testing. Both teams, development and operations are
part of a group called "˜Eng-group'.
You have been looking for an option to allow the operations team to list the
instances without access any confidential information or metadata of the
resources.
Which IAM policy should you write based on these requirements? (Choose the
best answer.)

• A. Allow group Eng-group to inspect instance-family in compartment Dev-

Team:Compute and attach the policy to "˜SysTest-Team' Compartment.
• B. Allow group Eng-group to read instance-family in compartment Dev-
Team:Compute and attach the policy to "˜Dev-Team' Compartment.
• C. Allow group Eng-group to inspect instance-family in compartment
Dev-Team:Compute and attach the policy to "˜Engineering'
Compartment.
• D. Allow group Eng-group to read instance-family in compartment Compute
and attach the policy to "˜Engineering' Compartment.

13)You are working for a Travel company and your travel portal application is a
collection of microservices that run on Oracle Cloud Infrastructure Container Engine
for Kubernetes. As per the recent security overview, you have noticed that Oracle
has published a newer image of the Operating System used by the worker nodes.
You want to make sure that your application doesn't face any downtime but at the
same time the worker nodes gets upgraded to the latest version of the
Operating System.
What should you do to get this upgrade done without application downtime? (Choose
the best answer.)

• A. 1. Shutdown the worker nodes 2. Create a new node pool 3. Manually

schedule the pods on the newly built node pool
• B. 1. Create a new node pool using the latest available Operating System
image. 2. Run kubectl cordon <node name> against all the worker nodes in
 the old pool to stop any new application pods to get scheduled 3. Run kubectl
drain <node name> """"delete""local""data """"force """"ignore""daemonsets to
evict any Pods that are running 4. Delete the old node pool
• C. 1. Create a new node pool using the latest available Operating System
image 2. Run kubectl taint nodes """"all node""role.kubernetes.io/master"" 3.
Delete the old node pool
• D. 1. Run kubectl cordon <node name> against all the worker nodes in the old
pool to stop any new application pods to get scheduled 2. Run kubectl drain
<node name> """"delete""local""data """"force """"ignore""daemonsets to evict
any Pods that are running 3. Download the patches for the new Operating
System image 4. Patch the worker nodes to the latest Operating System
image

14)You work for a large bank where security and compliance are critical. As part of
the security overview meeting, your company decided to minimize the installation of
local tools on your laptop. You have been running Ansible and kubectl to spin up
Oracle Container Engine for Kubernetes (OKE) clusters and deployed your
application.
For authentication, you are using an Oracle Cloud Infrastructure (OCI) CLI config file
that contains OCIDs, Fingerprint, and a locally stored PEM file. Your security team
doesn’t want you to store any local API key and certificate, or any other local tools.
Which two actions should you perform to spin up the OKE cluster and interact with
it? (Choose two.)

• A. Create a developer workstation on OCI. Install Ansible and kubectl on it.

Use resource principal to authenticate against OCI API and create the OKE
Cluster.
• B. Develop your own code using OCI SDK to deploy the OKE cluster.
• C. Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy
the OKE cluster. Use OCI_CLI_AUTH=instance_obo_user environment
variable to authenticate using built-in token.
• D. Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the
OKE cluster. Bring in your own config file and certificate to authenticate
against OCI API.
• E. Create a developer workstation on OCI. Install Ansible and kubectl on
it. Use instance principal to authenticate against OCI API and create the
OKE Cluster

15)A large E-commerce company is looking to run seasonal workloads in Oracle

Cloud Infrastructure. The Oracle database used by their E-commerce application can
use up to 52 cores at peak workloads. Due to the seasonal nature of the business,
the database will be not be used for 10 months in a year and can also be shut down
during non-business hours.

Autonomous Transaction Processing with shared Exadata infrastructure

16)You work for a public health care company based in the United States. Their
existing patient records system runs in an on-premise data center and the customer
is sending tape backups offsite as part of their disaster recovery planning.
You developed an alternative archival solution using Oracle Cloud Infrastructure
(OCI) that will save the company a significant amount of money on a yearly basis.
The solution involves storing data in an OCI Object Storage bucket. After reviewing
your solution with the customer Global Risk and Compliance (GRC) team, they
highlighted four security requirements:
✑ All data less than 1 year old must be accessible within 2 hours
✑ All data must be retained for at least 10 years and be accessible within 48 hours
✑ All data must be encrypted at rest
✑ No data may be transmitted across the public internet
Which two options meet the requirements outlined by the customer GRC team?
(Choose two.)

• A. Provision a FastConnect link to the closest OCI region and configure a

private peering virtual circuit.
• B. Provision a FastConnect link to the closest OCI region and configure a
public peering virtual circuit.
• C. Create an OCI Object Storage Standard tier bucket. Configure a lifecycle
policy to archive any object that is older than 365 days.
• D. Create an OCI Object Storage Standard tier bucket. Configure a lifecycle
policy to delete any object that is older than 7 years.
• E. Create a VPN connection between your on-premises data center and OCI.
Create a Virtual Cloud Network (VCN) along with an OCI Service Gateway for
OCI Object Storage.

17)You designed and deployed your Autonomous Data Warehouse (ADW) so that it
is accessible from your on-premise data center and servers running on both private
and public networks in Oracle Cloud Infrastructure (OCI).

As you are testing the connectivity to your ADW database from the different access
paths, you notice that the server running on the private network is unable to connect
to ADW.
Which two steps do you need to take to enable connectivity from the server on the
private network to ADW? (Choose two.)
 • A. Add an entry in the Security List of the ADW allowing ingress traffic for
CIDR block 10.2.2.0/24
• B. Add an entry in the route table (associated with the private subnet)
with destination of 0.0.0.0/0; target type of NAT Gateway, add a stateful
egress rule to the security list (associated with the private subnet) with
destination of 0.0.0.0/0 and for all IP protocols.
• C. Add an entry in the access control list of ADW for IP address
129.146.160.11
• D. Add an entry in the route table (associated with the private subnet) with
destination of 0.0.0.0/0; target type of Internet Gateway, add a stateful egress
rule to the security list (associated with the private subnet) with destination of
0.0.0.0/0 and for all IP protocols.
• E. Add an entry in the access control list of ADW for CIDR block 10.2.2.0/24.

18)A hospital in Austin has hosted its web-based medical records portal entirely in
Oracle Cloud Infrastructure (OCI) using compute instances for its web-tier and DB
System database for its data tier. To validate compliance with Health Insurance
Portability and Accountability (HIPAA), the hospital hired an IT security professional
to check their systems.
It was found that there were a lot of unauthorized requests coming from a set of IP
addresses originating from a county in Southeast Asia.
Which option can mitigate this type of attack? (Choose the best answer.)

• A. Block the attacking IP addresses by creating a Security List rule to deny

access to the subnet where the web server is running.
• B. Block the attacking IP addresses by creating a Network Security Group rule
to deny access to the compute instance where the web server is running.
• C. Implementing an OCI Web Application Firewall Bot Management policy to
identify the attacking IP addresses and mitigate the threat.
• D. Block the attacking IP addresses by implementing an OCI Web
Application Firewall policy using Access Control Rules.

19)You work for a large bank where your main application is a payment processing
gateway API. You deployed the application on Oracle Container Engine for
Kubernetes (OKE) and used API Gateway with several policies to control the access
of the API endpoint.
However, your customers are complaining about the unavailability of the API
endpoint. Upon checking, you noticed that the Gateway URL is throwing Service
Unavailable error. You need to check the backend latency and backend responses
when this error started last night.
What should you do to get this data? (Choose the best answer.)

• A. Check with the application owner and search the log file for the container to
get the metrics from the log file.
• B. Go to Governance Menu and click on Audit to see the Audit log for the API
Gateway. Filter it using Start and End date with a 503 response status.
• C. Go to Developer Services and click on API Gateway. Go to the detail page
of the gateway and select Metrics. Change the Start and End time to filter the
metrics.
 • D. Go to Monitoring and click on Service Metrics. Choose the Metric
Namespace as oci_apigateway. Change the Start and End time accordingly.
Add a Dimension and select httpStatusCode: 503. Check the backend latency
and backend responses metric.

20)You work as a solutions architect for an online retail store creating a portal to
allow the users to pay for their groceries using credit cards. Since the application is
not fully compliant with the Payment Card Industry Data Security Standard (PCI
DSS), your company is looking to use a third-party payment service to process credit
card payments.
The third-party service allows a maximum of 5 public IP addresses at a time.
However, your website is using Oracle Cloud Infrastructure (OCI) Instance Pool Auto
Scaling policy to create up to 15 instances during peak traffic demand, which are
launched in VCN private subnets and attached to an OCI public Load Balancer.
Upon user payment, the portal connects to the payment service over the Internet to
complete the transaction
What solution can you implement to make sure that all 15 compute instances can
connect to the third party system to process the payments during peak traffic
demand? (Choose the best answer.)

• A. Route credit card payment request from the compute instances through the
NAT Gateway. On the third-party services, whitelist the public IP associated
with the NAT Gateway.
• B. Create an OCI Command Line Interface (CLI) script to automatically
reserve public IP address for the compute instances. On the third-party
services, whitelist the Reserved public IP.
• C. Whitelist the Internet Gateway Public IP on the third party service and route
all payment requests through the Internet Gateway.
• D. Route payment request from the compute instances through the OCI Load
Balancer, which will then be routed to the third party service.

21)You work for a retail company and they developed a Microservices based
shopping application that needs to access Oracle Autonomous Database from the
application. As an Architect, you have been tasked to treat all of the application
components as Kubernetes native objects, such as the microservices, Oracle
Autonomous database, Kubernetes services, etc.
What should you do to make sure that you can use Kubernetes constructs to
manage the life cycle of the application components, including Oracle Autonomous
Database? (Choose the best answer.)

• A. Create an Oracle Cloud Infrastructure (OCI) Service Gateway and connect

to the Oracle Autonomous Database using the private IP address from the
microservice.
• B. Provision an Oracle Autonomous Database and then use OCI Service
Broker to access the database as a native component to your Kubernetes
cluster.
• C. Create a service from the Kubernetes cluster and point to the Oracle
Autonomous Database using its FQDN.
 • D. Install and secure the OCI Service Broker for Kubernetes. Then provision
and bind to the required Oracle Cloud Infrastructure services.

22)You are developing a Serverless function for your company's IoT project. This
function should access Oracle Cloud Infrastructure (OCI) Object Storage to store
some files. You choose Oracle Functions to deploy this function on OCI. However,
your security team doesn't allow you to carry any API Token or RSA Key to
authenticate the function against the OCI API to access the Object Storage.
What should you do to get this function to access OCI Object Storage without
carrying any static authentication files? (Choose the best answer.)

• A. Set up a Dynamic Group using the format

below:

Create a policy using the format below to give access to OCI Object
Storage:

Include a call to a "˜resource principal provider' in your function code as

below:

• B. Add these two policy statements for your compartment and then include a
call to a "˜resource principal provider' in your function
code:

• C. There is no way that you can access the OCI resources from a running
function.
• D. Add these two policy statements for your compartment to give your
function automatic access to all other OCI
resources:

23)A large London based eCommerce company is running Oracle DB Systems

Virtual Machine RAC database on Oracle Cloud Infrastructure (OCI) for their
eCommerce application in the uk-london-1 region. They are currently taking
automatic backups of the database, as configured during the database provisioning
activity. They are launching a new product soon, which is expected to sell in large
quantities all over the world.
The application architecture should have minimal cost, no data loss, no performance
impacts during the database backup windows and should have minimal downtime.
What is the most efficient and cost-effective mechanism of modifying the database
deployment architecture to meet these application goals? (Choose the best answer.)
 • A. Launch a new VM RAC database in another availability domain, launch a
compute instance, deploy Oracle GoldenGate on it and then configure it to
replicate the data from the eCommerce Database over to the new VM RAC
database using GoldenGate. Take backups from the new VM RAC database.
• B. Turn off automatic backups from the eCommerce database, implement
Oracle Active Data Guard with the standby database deployed on another
availability domain, and take backups from the standby database.
• C. Launch a new VM RAC database in another availability domain, launch a
compute instance, deploy Oracle GoldenGate on it and then configure bi-
directional replication from the eCommerce Database over to the new VM
RAC database using GoldenDate. Take backup from the new VM RAC
database.
• D. Turn off automatic backups from the eCommerce database, implement
Oracle Data Guard with the standby database deployed on another availability
domain, take backups from the standby database.

24)You have an Oracle database system in a virtual cloud network (VCN) that needs
to be accessible on port 1521 from your on-premises network CIDR
172.17.0.0/24.
You have the following configuration currently:
✑ Virtual cloud network (VCN) is associated with a Dynamic Routing Gateway
(DRG), and DRG has an active IPSec connection with your on-premises data center.
✑ Oracle database system is hosted in a private subnet.
✑ The private subnet route table has following configuration.

✑ The private subnet security list has following INGRESS security rule.

✑ The Oracle database system is part of a network security group with following
security rules.

However, you are still unable to connect to the Oracle Database system.
Which action will resolve this issue? (Choose the best answer.)
 • A. Add an EGRESS rule in private subnet security list as
following.

• B. Add an EGRESS rule in network security group as

following.

• C. Add a route rule in the private subnet route table as

following.

• D. Add an Egress rule in private subnet security list as

following.

25)A retail company runs their online shopping platform entirely on Oracle Cloud
Infrastructure (OCI). This is a 3-tier web application that includes a 100 Mbps Load
Balancer, Virtual Machine Instances for web and application tiers, and an Oracle DB
Systems Virtual Machine. Due to unprecedented growth, they noticed an increase in
the incoming traffic to their website and all users start getting 503 (Service
Unavailable) errors.
What is the potential problem in this scenario? (Choose the best answer.)

• A. You did not configure a Service Gateway to allow connection between web
servers and Load Balancer.
• B. The Traffic Management Policy is not set to Load Balancer the traffic to the
web servers.
• C. The Load Balancer health check status indicates critical situation for half of
the backend web servers.
• D. The Database is down hence users cannot access the web site.
• E. All the web servers are too busy and not able to answer any request from
users.

26)Your team is conducting a root cause analysis (RCA) following a recent,

unplanned outage. One of the block volumes attached to your production WebLogic
server was deleted and you have been tasked with identifying the source of the
action. You search the Audit logs and find several Delete actions that occurred in the
previous 24 hours. Given the sample excerpt of this event:
Which item from the event log helps you identify the individual or service that
initiated the DeleteVolume API call? (Choose the best answer.)

• A. eventId
• B. requestAgent
• C. eventource
• D. requestOrigin
• E. principalId

27)You are advising the database administrator responsible for managing non-
production environment for Oracle Autonomous Database running on Oracle Cloud
Infrastructure. You need to help the database administrator ensure that the non-
production environments have a copy of the current data from the production
environment in a manner that is most time-efficient.
Which method should you recommend? (Choose the best answer.)

• A. Take a full database backup of the production Autonomous database and

create the non-production database from it.
• B. Create a metadata clone of the production Autonomous Database and
create the non-production database from it.
• C. Create a full clone of the production Autonomous Database and create the
non-production database from it.
• D. Take a Data Pump export of the production Autonomous database and
import into the non-production database.

28)To serve web traffic for a popular product, your cloud engineer has provisioned
four BM.Standard2.52 instances, evenly spread across two availability domains in
the us-ashburn-1 region; LoadBalancer is used to deliver the traffic across instances.
After several months, the product grows even more popular and you need additional
compute capacity. As a result, an engineer provisioned two additional
VM.Standard2.8 instances.
You register the two VM.Standard2.8 instances with your Load Balancer Backend
set and quickly find that the VM.Standard2.8 instances are now running at
100% of CPU utilization but the BM.Standard2.52 instances have significant CPU
capacity that's unused.
Which option is the most cost effective and uses instances capacity most effectively?
(Choose the best answer.)

• A. Configure Autoscaling instance pool with LoadBalancer to add up to 3

more BM.Standard2.52 instances when triggered. Shut off VM.Standard2.8
instances.
• B. Configure LoadBalancer with two VM.Standard2.8 instances and use
Autoscaling instance pool to add up to two additional VM.Standard2.8
instances. Shut off BM.Standard2.52 instances.
• C. Route traffic to BM.Standard2.52 and VM.Standard2.8 instances directly
using DNS and Health Checks. Shut off the Load Balancer.
• D. Configure your Load Balancer with weighted round robin policy to distribute
traffic to the compute instances, with more weight assigned to bare metal
instances.

29)Your customer went through a recent departmental re-structure. As part of this

change, they are organizing their Oracle Cloud Infrastructure (OCI) compartment
structure to align with the company's new organizational structure.
They made the following change:
Compartment x is moved, and its parent compartment is now compartment c.

Policy defined in compartment A: Allow group networkadmins to manage subnets in

compartment X
Policy defined in root compartment: Allow group admins to read subnets in
compartment Finance:A:X
After you move the compartment, which two IAM policies would be required to
ensure both groups retain the same permissions to compartment X that they had
before? (Choose two.)
 • A. Define a policy in the root compartment as follows: Allow group admins to
manage subnets in compartment Finance:A:X
• B. Define a policy in compartment HR as follows: Allow group networkadmins
to manage subnets in compartment C:X.
• C. Define a policy in the root compartment as follows: Allow group admins to
read subnets in compartment HR:C:X
• D. Define a policy in compartment C as follows: Allow group networkadmins to
read subnets in compartment X

30)You are responsible for migrating your on-premises legacy databases on 11.2.0.4
version to Autonomous Transaction Processing "" Dedicated (ATP""D) in Oracle
Cloud Infrastructure (OCI). As a solution architect, you need to plan your migration
approach.
Which two options do you need to implement together to migrate your on-premises
databases to OCI? (Choose two.)

• A. Use Oracle GoldenGate replication to keep on-premises database online

during migration.
• B. Convert on-premises databases to PDB, upgrade to 19c, and encrypt.
• C. Use Oracle Data Guard to keep on-premises database always active
during migration.
• D. Retain changes to Oracle shipped privileges, stored procedures or views in
the on-premises databases.
• E. Retain all legacy structures and unsupported features (e.g. legacy LOBs) in
the on-premises databases for migration.

31)You are designing the network infrastructure for an application consisting

of a web server (server-1) and a
Domain Name Server (server-2) running intwo different subnets inside
the same Virtual Cloud Network
(VCN) in Oracle Cloud Infrastructure (OCI). You have a requirement where your
end users will access server-1 from the internet and server-2 from your
customer's on-premises network. The on-premises network
is connected to your VCN over a FastConnect virtual circuit.
How should you design your routing configuration to meet these requirements?

A. Configure a single routing table with two set of rules: one that has route to
internet via an Internet Gateway and another that propagates specific
routes for the on-premises network via a Dynamic Routing Gateway. Don't
associate this routing table with any of the subnets in the VCN
B. Configure a single routing table with two set of rules: one that has route to
internet via an Internet Gateway and another that propagate specific routes
to the on-premises network via a Dynamic Routing Gateway. Associate the
routing table with all the VCN subnets.
C. Configure two routing tables: first one with a route to internet via an
Internet gateway; associate this route table to the subnet containing
 server-1 .Configure the second route table to propagate specific routes to
the on-premises network via a Dynamic Routing Gateway; associate this
route table to subnet containing server-2.
D. Configure two routing tables that have rules to route all traffic via a
Dynamic Routing Gateway. Associate the two routing tables with all the
VCN subnets.

32)You are a solutions architect for a global health care company which has
numerous data centers around the globe. Due to the ever growing data that your
company is storing, you were instructed to set up a durable, cost-effective solution to
archive your data from your existing on-premises tape-based backup infrastructure
to Oracle Cloud Infrastructure (OCI).
What is the most-effective mechanism to implement this requirement? (Choose the
best answer.)

• A. Use the File Storage Service in OCI and copy the data from your existing
tape-based backup to the shared file system.
• B. Setup an on-premises OCI Storage Gateway which will back up your data
to OCI Object Storage Standard tier. Use Object Storage life cycle policy
management to move any data older than 30 days from Standard to Archive
tier.
• C. Setup FastConnect to connect your on-premises network to your OCI VCN
and use rsync tool to copy your data to OCI Object Storage Archive tier.
• D. Setup an on-premises OCI Storage Gateway which will back up your data
to OCI Object Storage Standard tier.
• E. Setup an on-premises OCI Storage Gateway which will back up your data
to OCI Object Storage Archive tier.

33)Your company will soon start moving critical systems into Oracle Cloud
Infrastructure (OCI) platform. These systems will reside in the us-phoenix-1 and us-
ashburn-1 regions. As part of the migration planning, you are reviewing the
company's existing security policies and written guidelines for the OCI platform
usage within the company.
Your security processes for critical systems require that all data is encrypted at rest
using Customer-Managed Keys.
Which two options ensure compliance with this policy? (Choose two.)

• A. You do not need to perform any additional actions because the OCI Block
Volume service always encrypts all block volumes, boot volumes, and volume
backups at rest by using the Advanced Encryption Standard (AES) algorithm
with 256-bit encryption.
• B. When you create a new OCI Object Storage bucket through OCI console,
you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS"
option.
• C. When you create a new block volume through OCI console, select "Encrypt
using Customer-Managed Keys" checkbox and use encryption keys
generated and stored in OCI Vault.
 • D. When you create a new compute instance through OCI console, you use
the default options for "configure boot volume" to speed up the process to
create this compute instance.
• E. When you create a new compute instance through OCI console, you use
the default shape to speed up the process to create this compute instance.

34)Your customer has gone through a recent departmental re structure. As

part of this change, they are organizing their Oracle Cloud Infrastructure (OCI)
compartment structure to align with the company's new organizational
structure.
They have made the following change:
Compartment x Is moved, and its parent compartment is now compartment c.

Policy defined in compartment A: Allow group networkadmins to manage

subnets in compartment X Policy
defined in root compartment: Allow group admins to read subnets in
compartment Finance:A:X After you move the compartment, which two IAM
policies would be required to ensure bothgroups retain the
same permissions to compartment X that they had before? (Choose two.)
A. Define a policy in the root compartment as follows: Allow group admins
to manage subnets in compartment Finance:A:X
B. Define a policy in compartment HR asfollows: Allow group
networkadmins to manage subnets in compartment C:X
C. Define a policy in the root compartment as follows: Allow group
admins to read subnets in compartment HR:C:X
D. Define a policy in compartment C as follows: Allow group
networkadmins to read subnets in compartment X

35)A small business specializing in video processing wants to leverage

cloud storage in order to lower its costs. They are looking to backup all
video data generated, from an existing on-premises file server to Oracle
Cloud Infrastructure (OCI). The requirement is to setup continuous data
sync as changes are made to on-premises file server. What is the most
cost effective solution for this scenario?
Setup an on-premises OCI Storage Gateway Cloud Sync to back up
videos to OCI Object Storage Archive tier.
36)A company has an urgent requirement to migrate 300 TB of data to Oracle Cloud
Infrastructure (OCI) in two weeks. Their data center has been recently struck by a
massive hurricane and the building has been badly damaged, although still
operational. They have a 100 Mbps Internet line but the connection is intermittent
due to the damages caused to the electrical grid.
In this scenario, what is the most effective service to use to migrate the data to OCI
given the time constraints? (Choose the best answer.)

• A. Use multiple OCI Data Transfer Appliances to transfer data to OCI.

• B. Setup an OCI Storage Gateway to connect your data center and your VCN.
Once the connection has been established, upload all data to OCI.
• C. Setup a hybrid network by launching a 1Gbps FastConnect virtual circuit
between your data center and OCI. Use OCI Object Storage multipart upload
tool to automate the migration of your data to OCI.
• D. Setup an OCI Storage Gateway to connect your data center and your VCN.
Once the connection has been established, upload all data to OCI using OCI
Storage Gateway Cloud Sync tool.
• E. Upload the data to OCI using OCI Object Storage multipart upload tool.

37)A data analytics company has been building Its now generation big data
and analytics platform on Oracle Cloud Infrastructure (OCI). They need a
storage service that provide the scale and performance that their big data
applications require such as high throughput to compute nodes with low
latency file operations in addition, their data needs to be stored redundantly
across multiple nodes In a single availability domain and allows concurrent
connections from multiple compute Instances hosted on multiple availability
domains.
Which OCI storage service can you use to meet i his requirement?
A. Object Storage
B. File System Storage
C. Archive storage
D. Block Volume
 38)

39)A company has an application that processes confidential data. The data
is currently stored in an on-premises data center. A solution architect needs
to move this data to Oracle Cloud Infrastructure (OCI) Object Storage and
ensure data is encrypted in-transit to OCI. Which two steps should the
solution architect perform to set up the most cost-effective connection
between on-premises data center and OCI?
D. Set up VPN Connect between the customer equipment and the Dynamic
Routing Gateway.
E. Configure a service gateway accessing Object Storage.
40) A large financial company has a web application hosted in their on-premises
data center. They are migrating their application to Oracle Cloud Infrastructure (OCI)
and require no downtime while the migration is on-going. In order to achieve this,
they have decided to divert only 30% of the traffic to the new application running in
OCI and keep the rest 70% traffic to their on-premises infrastructure. Once the
migration is complete and application works fine, they will divert all traffic to OCI.
As a solution architect working with this customer, which suggestion should you
provide them? (Choose the best answer.)

• A. Use OCI Traffic management with Failover steering policy and distribute
the traffic between OCI and on-premises infrastructure.
• B. Use an OCI Load Balancer and distribute the traffic between OCI and on-
premises infrastructure.
• C. Use VPN connectivity between on-premises infrastructure and OCI, and
create routing tables to distribute the traffic between them.
• D. Use OCI Traffic management with Load Balancing steering policy and
distribute the traffic between OCI and on-premises infrastructure.
41)A civil engineering company is running an online portal in which engineers can
upload their constructions photos, videos, and other digital files.
There is a new requirement for you to implement: the online portal must offload the
digital content to an Object Storage bucket for a period of 72 hours. After the
provided time limit has elapsed, the portal will hold all the digital content locally and
wait for the next offload period.
Which option fulfills this requirement? (Choose the best answer.)

• A. Create a pre-authenticated URL for the entire Object Storage bucket to

read and list the content with an expiration of 72 hours.
• B. Create a Dynamic Group with matching rule for the portal compute
instance and grant access to the Object Storage bucket for 72 hours.
• C. Create a pre-authenticated URL for the entire Object Storage bucket to
write content with an expiration of 72 hours.
• D. Create a pre-authenticated URL for each object that is uploaded to the
Object Storage bucket with an expiration of 72 hours.

42)Your company needs to migrate a business critical application from your data
center to Oracle Cloud Infrastructure (OCI). The application runs on Oracle
Database and both the application and database servers run on Oracle Linux version
7. The application server is WebLogic server running on multiple 4-core servers and
the database is deployed as an Oracle Database Enterprise Edition RAC database
on 2 servers (4-cores each).
Which method of database migration should you choose so that the application has
minimal impact? (Choose the best answer.)

• A. Deploy Virtual Machine RAC DB system on OCI and use the Oracle
Database Backup module with RMAN to migrate the data from customer on-
premises to OCI.
• B. Deploy Virtual Machine RAC DB system on OCI and use the ZDM tool for
the database migration.
• C. Deploy Autonomous Transaction Processing Database on OCI and use the
MV2ADB tool for the database migration.
• D. Deploy Exadata Cloud Service Base rack and use Oracle Data Pump tool
to migrate the data from customer on-premises to OCI.

43)After performing maintenance on an Oracle Linux compute instance the system is

returned to a running state. You attempt to connect using SSH but are unable to do
so. You decide to create an instance console connection to troubleshoot the issue.
Which three tasks would enable you to connect to the console connection and begin
troubleshooting? (Choose three.)

• A. Stop the compute instance using the Oracle Cloud Infrastructure (OCI)
Command Line Interface (CLI).
• B. Reboot the compute instance using the Oracle Cloud Infrastructure (OCI)
Management Console.
• C. Edit the Linux boot menu to enable access to console.
 • D. Upload an API signing key for console connection authentication.
• E. Use SSH to connect to the public IP address of the compute instance and
provide the console connection OCID as the username.
• F. Use SSH to connect to the service endpoint of the console connection
service.

44)A digital marketing company is planning to host a website on Oracle Cloud

Infrastructure (OCI) and leverage OCI Container Engine for Kubernetes (OKE). This
web server will make API calls to access OCI Object Storage to store all images
uploaded by users.
For security purposes, your manager instructed you to ensure that the credentials
used by the web server to allow access to OCI Object Storage are not stored locally
on the compute instance.
What solution results in an implementation with the least effort for this scenario?
(Choose the best answer.)

• A. Configure the credentials using OCI Registry (OCIR) which will

automatically connect with OKE allowing the web server to make API calls to
OCI Object Storage.
• B. Configure the credentials using Instance Principal to allow the web server
to make API calls to OCI Object Storage.
• C. Configure the credentials using OCI Key Management to allow an instance
to make API calls and grant access to OCI Object Storage.
• D. Configure the credentials to use Transparent Data Encryption (TDE) which
will automatically allow the web server to make API calls to OCI Object
Storage.

45) You are currently working for a public health care company based in the United
Stats. Their existing patient records runs in an on-premises data center and the
customer is sending tape backups offsite as part of their recovery planning.
You have developed an alternative archival solution using Oracle Cloud
Infrastructure (OCI) that will save the company a significant amount of mom on a
yearly basis. The solution involves storing data in an OCI Object Storage bucket
After reviewing your solution with the customer global Compliance (GRC) team they
have highlighted the following security requirements:
All data less than 1 year old must be accessible within 2 hour.
All data must be retained for at least 10 years and be accessible within 48 hours
AH data must be encrypted at rest
No data may be transmitted across the public Internet
Which two options meet the requirements outlined by the customer GRC team?

• A: Provision a FastConnect link to the closest OCI region and configure a

private peering virtual circuit.
• B: Create an OCI Object Storage Standard tier bucket Configure a lifecycle
policy to archive any object that Is older than 365 days
 • C: Create a VPN connection between your on premises data center and OCI.
Create a Virtual Cloud Network (VCN) along with an OCI Service Gateway for
OCI Object Storage.
• D: Provision a FastConnect link to the closest OCI region and configure a
public peering virtual circuit
• E: Create an OCI Object Storage Standard tier bucket. Configure a lifecycle
policy to delete any object that is older than 7 years

46) An online Stock trading application is deployed to multiple Availability Domains in

the us phoenix-1 region. Considering the high volume of transactions that the trading
application handles, the company has hired you to ensure that the data stored by the
application available, and disaster resilient. In the event of failure, the Recovery lime
Objective (UK)) must be less than 2 hours to meet regulator requirements.
Which Disaster Recovery strategy should be used to achieve the RTO requirement
In the event of system failure?

• A: Configure hourly block volumes backups through the Storage Gateway

service.
• B: Configure hourly block volumes backups using the Oracle Cloud
Infrastructure (OCI) Command Line Interface (CLI)
• C: Store hourly block volumes backup to NVMe device under a compute
instance and generate a custom Image every 5 minutes.
• D: Configure your application to use synchronous master slave data
replication between Availability Domains.

47) Given this compartment structure:

 You are managing a compute instance that currently resides in the Compute
compartment. The Virtual Cloud Network (VCN) intowhich the compute
instance was originally deployed, also resides in this compartment. To
support a project-related task, you need to move just the compute instance to
the SysTest-Team compartment. You log into your Oracle Cloud
Infrastructure (OCI) accountand use the Move Resource option to place the
compute instance in the new compartment. What will be the result of your
attempt to move the compute instance to the new compartment? (Choose the
best answer.)
A. The move will be successful. The compute instance's public and private IP
addresses will stay the same. The compute instance will remain
associated with the VCN from the source compartment.
B. The move will fail and you will be prompted to move the VCN first.
Once VCN is moved to the target compartment, the compute instance
can be moved.
C. After moving the compute instance, you must move the compute instance
VNIC as a separate action. The public and private IP addresses of the
instance will remain unchanged and it will still be associated with the
VCN from the source compartment
D. The move will be successful. However, the compute instance's public and
private IP addresses will change, and it will be associated to the first VCN
that was created in the new, target compartment

48) By copying block volume backups to another region at regular intervals, it makes
it easier for you to rebuild applications and data in the destination region if a region-
wide disaster occurs in the source region.

Which IAM Policy statement allows the VolumeAdmins group to copy volume
backups between regions '

A. Allow group VolumeAdmins to use volumes in tenancy

B. Allow group VolumeAdmins to copy volume' backups in tenancy
C. Allow group VolumeAdmins to manage volume-family In tenancy
D. Allow group VolumeAdmins to inspect volumes in tenancy

49) Multiple departments in your company use a shared Oracle Cloud Infrastructure
(OCI) tenancy to implement their projects. You are in charge of managing the cost of
OCI resources in the tenancy and need to obtain better insights into department's
usage.
Which three options can you implement together to accomplish this? (Choose three.)

• A. Create a budget that matches your commitment amount and an alert at 100
percent of the forecast.
• B. Set up a tag default that automatically applies tags to all specified
resources created in a compartment. Then use these tags for cost analysis.
 • C. Set up different compartments for each department. Then track and
analyze cost per compartment.
• D. Use the billing cost tracking report to analyze costs.
• E. Set up a consolidated budget-tracking tags to analyze costs in a granular
manner.

50)You are running a legacy application in a compute instance on Oracle Cloud

Infrastructure (OCI). To provide enough space for it to store internal data, a block
volume is attached to the instance in paravirtualized mode.
Your application is not resilient to crash-consistent backup.
What should you do to backup the block volume in a secure and cost effective way?
(Choose the best answer.)

• A. Save your application data, detach the block volume and create a clone.
• B. Create a volume group, add the boot volume and then run the volume
group backup.
• C. Create a backup, detach the block volume and save your application data.
• D. Save your application data, detach the block volume and create a backup.

51)
52)