Question 1:

Your company has been running several small applications in Oracle Cloud Infrastructure and
is planning a proof of concept (POC) to deploy PeopleSoft. If your existing resources are
being maintained In the root compartment, what is the recommended approach for defining
security for the upcoming POC ?

A. Create a new tenancy tor the POC. Provision all new resources Into the root compartment. Grant
appropriate permissions to create and manage resources within the root compartment
B. Provision all new resources Into the root compartment. Grant permissions that only allow for creation
and management of resources specific to the POC.
C. Create a new compartment for the POC and grant appropriate permissions to create and manage
resources within the compartment.
D. Provision all new resources into the root compartment. Use defined tags to separate resources that
belong to different applications.

Question 2:

You have been tasked with creating one virtual cloud network (VCN) each for two line of
business (LOB) applications. LOB A and LOB B will need to communicate with each other. To
ensure that you can utilize VCN peering, which network CIDR ranges should be used
A. VCN A (10.0.0.0/16) and VCN B (10.1.0.0/16)
B. VCN A (10.0.2.0/16) and VCN B (10.0.2.0/25)
C. VCN A (10.0.0.0/16) and VCN B (10.0.16.0/24)
D. VCN A (172.16.0.0/24) and VCN B (172.16.0.0/28)

Question 3:

Which service would you use if your big data workload required shared access and NFS-
based connectivity ?
A. block volume
B. archive storage
C. object storage
D. file storage

Question 4:

You have hired a new employee to run reports from the Autonomous Data Warehouse
(ADW) and are not confident in their SQL writing ability. Into which consumer group will you
assign this Individual to minimize the impact of their code?
A. Low
B. Lowest
C. Medium
D. High
E. Highest
Question 5:

Where do you find the tnsnames.ora for your Autonomous Data Warehouse (ADW)
database?
A. You can download tnsnames.ora from Oracle Cloud Infrastructure web console under ADW details page
B. The tnsnames.ora file is included in credentials.zip file that you download from service console of ADW
C. The ADW database will place the tnsnames.ora file in an object storage bucket
D. You are automatically prompted to download the tnsnames.ora file upon creation of the ADW database

Question 6:

Which two resources reside exclusively in a single availability domain?

A. compute instance
B. object storage
C. groups
D. block volume
E. Web Application Firewall Policy

Question 7:

Which two use Oracle dynamic routing gateway (DRG) for connectivity? (Choose two.)
A. Remote virtual cloud network (VCN) peering across region
B. Oracle IPsec VPN
C. Local VCN peering
D. Oracle Cloud Infrastructure FastConnect public peering

Question 8:

You are running a mission-critical database application in Oracle Cloud Infrastructure (OCI).
You take regular backups of your DB system to OCI object storage. Recently, you notice a
failed database backup status in the console.

What two steps can you take to determine the cause of the backup failure? (Choose two.)
A. Ensure the database archiving mode is set to NOARCHIVELOG
B. Ensure that your database host can connect to the OCI object storage
C. Restart the dcsagent program if it has a status of stop or waiting
D. Make sure that the database is not active and running while the backup is in progress

Question 9:

Which statement is true about Oracle Cloud Infrastructure FastConnect?

A. For private peering, FastConnect extends your existing infrastructure to allow you to consume object
storage from your on-premises data center
B. For private peering, FastConnect extends your existing infrastructure to a virtual cloud network
C. For public peering, FastConnect extends your existing infrastructure to a virtual cloud network
 D. For public peering, a dynamic routing gateway must be configured and attached to the virtual cloud
network (VCN)

Question 10:

Which two actions will occur when a back-end server that is registered with a backend set is
marked to drain connections? (Choose two.)
A. It disallows new connections to that backend server
B. It keeps the connections to that instance open and attempts to complete any in-flight requests
C. It redirects the requests to a user-defined error page.
D. It immediately closes all existing connections to that instance
E. It forcibly closes all connections to that instance after a timeout period

Question 11:

Which two statements ate true about restoring a block volume from a manual or policy
based block volume backup?
A. It can be restored as new volumes with different sizes from the backups
B. It can be restored as a new volume to any AD across different regions
C. It must be restored as a new volume to the same availability domain (AD) on which the original block
volume backup resides
D. It can be restored as a new volume to any AD in the same region

Question 12:

In what two ways does Oracle Cloud Infrastructure (OCI) file storage service differ from OCI
object storage and block volume services?
A. File storage mount target does not provide a private IP address, while the object storage bucket provides
one
B. File Storage uses the network file system (NFS) protocol, whereas block volume uses ISCSI(Correct)
C. Block volume service is NVMe based, while file storage service is not.
D. You can move object storage buckets, block volumes and file storage mount targets between
compartments

Question 13:

You are designing a high bandwidth, redundant connection between your data center and
Oracle Cloud Infrastructure (OCI). While researching for OCI FastConnect locations, you
notice that you are co-located with Oracle at one of the Oracle FastConnect locations in the
Ashburn region.

What is the recommended design in this scenario?

A. Create a cross-connect group and have two or more cross-connects in that group.
Create an IPsec VPN connection on this group.
 B. Setup two IPsec connections between your data center and OCI Ashburn region. Create
an OCI load balancer to distribute the traffic across the two connections
C. Create a cross-connect group and have at least two or more cross-connects in that
group. Create at least two or more virtual circuits in the group.
D. Create a cross-connect group and have at least one cross-connect in that group. Create
at least one virtual circuit in the group

Question 14:

You have created a virtual cloud network (VCN) with three private subnets. Two of the
subnets contain application servers and the third subnet contains a DB System. The
application requires a shared file system so you have provisioned one using the file storage
service (FSS). You also created the corresponding mount target in one of the application
subnets. The VCN security lists are properly configured so that both application servers and
the DB System can access the file system. The security team determines that the DB System
should have read-only access to the file system.

What change would you make to satisfy this requirement?

A. Create an NFS export option that allows READ_ONLY access where the source is the CIDR range of the
DB System subnet
B. Connect via SSH to one of the application servers where the file system has been mounted. Use the Unix
command chmod to change permissions on the file system directory, allowing the database user read-
only access
C. Modify the security list associated with the subnet where the mount target resides. Change the ingress
rules corresponding to the DB System subnet to be stateless.
D. Create an instance principal for the DB System. Write an Identity and Access Management (IAM) policy
that allows the instance principal read-only access to the file storage service

Question 15:

Which two Oracle Cloud Infrastructure database services allow you to dynamically scale CPU
and storage? (Choose two.)
A. bare metal DB system
B. virtual machine DB system
C. Autonomous Data Warehouse (ADW)
D. Autonomous Transaction Processing (ATP)

Question 16:

Your company has decided to move a few applications to Oracle Cloud Infrastructure (OCI)
and you have been asked to design a cloud-based disaster recovery (DR) solution. One of the
requirements is to deploy the DR resources at least 300 miles from the home OCI region and
minimize the network latency.

What will be the recommended deployment?

 A. Deploy production and DR applications in the same VCN. Create production subnets in one AD, and DR
subnets in another AD.
B. Deploy production and DR applications in two separate VCNs in different availability domains (ADs)
within your home region, and then use a VCN remote peering connection for connectivity
C. Deploy production and DR applications in two separate VCNs, each in different regions. Connect them
using a VCN remote peering connection
D. Deploy production and DR applications in two separate virtual cloud networks (VCNs), each in different
regions, and then use VCN local peering gateways for connectivity

Question 17:

Which two statements are true about encryption on Oracle Cloud Infrastructure (OCI)?
A. By default, object storage and block storage are encrypted at rest.
B. A customer is responsible for data encryption in all services of OCI
C. By default, DB Systems offers an encrypted database.
D. By default, NVMe drives are encrypted but the block volume service is not

Question 18:

Which two options are available when setting up DNS for your bare metal and virtual
machine DB Systems? (Choose two.)
A. Internet and custom resolver
B. Google DNS servers
C. custom resolver
D. Internet and virtual cloud network (VCN) resolver

Question 19:

You have multiple applications installed on a compute Instance and these applications
generate a large amount of log files. These log files must reside on the boot volume for a
minimum of 15 days. Any files over 15 days do not have to reside on boot volume but still
must be retained for at least 60 days. The 60-day retention requirement Is causing an Issue
with available disk space.

What are the two recommended methods to provide additional boot volume space for this
compute instance?
A. Terminate the instance while preserving the boot volume. Create a new instance from the boot volume
and select a DenseIO shape to take advantage of local NVMe storage.
B. Create an object storage bucket and use a script that runs daily to move log files older than 15 days to
the bucket
C. Create and attach a block volume to the compute instance and copy the log files
D. Create a custom image and launch a new compute instance with a larger boot volume size
E. Write a custom script to remove the log files on a daily basis and free up the space on the boot volume
Question 20:

Which two statements about file storage service (FSS) are accurate? (Choose two.)
A. FSS leverages UNIX user group and permission checking for file access security
B. Encryption of file system in FSS is optional
C. Identity and Access Management (IAM) controls which file systems are mountable by which instances
D. Security lists can be used as a virtual firewall to prevent an instance from mounting an FSS mount target
within the same subnet
E. Data in transit to an FSS mount target is encrypted

Question 21:

What is true about data guard set up with fast-start failover (FSFO) in Oracle Cloud
Infrastructure (OCI)?
A. The best practice for high availability and durability is to run the primary, standby, and observer in
separate availability domains (ADs).
B. When you configure data guard using OCI console, the default mode is set to maxprotection.
C. You cannot create the standby DB system in a different AD from the primary DB system.
D. You cannot use database command line interface (CLI) to set up data guard with FSFO.

Question 22:

You are about to upload a large log file (5 TiB size) to Oracle Cloud Infrastructure object
storage and have decided to use multipart upload capability for a more efficient and resilient
upload.

Which two statements are true about multipart upload? (Choose two.)

1. Individual object parts can be as small as 10 MiB or as large as 50 GiB (Correct)

2. While a multipart upload is still active, you cannot add parts even if the total number of parts is less than
10,000
3. The maximum size for an uploaded object is 10 TiB(Correct)
4. You do not have to commit the upload after you have uploaded all the object parts
Question 23:

Which three load-balancing policies can be used with a backend set? (Choose three.)
A. throughput
B. IP hash
C. weighted round robin
D. CPU utilization
E. least connections
Question 24:
Which two statements are true about an Oracle Cloud Infrastructure object storage bucket?
(Choose two.)
A. You can associate a bucket with multiple compartments
B. You cannot change a bucket from private to public after it is created
C. You can associate a bucket with only a single compartment
D. You cannot edit or append data to an object, but you can replace the entire object
Question 25
You are a network architect and have designed the network infrastructure of a three-tier
application on Oracle Cloud Infrastructure (OCI). In the architecture, back-end DB servers are in
a private subnet. One of your DB administrators requests to have access to OCI object storage
service.
How can you meet this requirement?

A. Create a service gateway, add a new route rule to the private subnet route table that uses storage as
your service gateway target type
B. Create a dynamic routing gateway (DRG) and attach it your virtual cloud network (VCN). Add a default
route rule to the private subnets route table and set the target as DRG
C. Attach a public IP address to the instances in the private subnet, and then add a new route rule to the
private subnet route table to route default traffic to the internet gateway
D. Add a new route rule to the private subnet route table to route default traffic to the internet gateway
Question 26
What is a valid option when exporting a custom image?

A. object storage URL

B. archive storage URL
C. file storage service
D. block volume

Question 27:

You are an administrator with an application running on OCI. The company has a fleet of OCI
compute virtual instances behind an OCI Load Balancer. The OCI Load Balancer Backend Set
health check API is providing a ‘Critical’ level warning. You have confirmed that your application
is running healthy on the backend servers.
What is the possible reason for this ‘Critical’ warning?
A. A user does not have correct IAM credentials on the Backend Servers
B. The Backend Server VCN’s Route Table does not include the route for OCI LB
C. OCI Load Balancer Listener is not configured correctly
D. The Backend Server VCN’s Security List does not include the IP range for the source of the health check
requests
Question 28:
You have created a public subnet in a VCN, and your public subnet has a Route Table, a Security
List, and an Internet Gateway. However, none of the compute instances can connect to the
Internet.
Which two are possible reasons for the connectivity issue? (Choose two.)
A. There is no Dynamic Routing Gateway (DRG) associated with the VCN.
B. The Route Table has no default route for routing traffic to the Internet Gateway
C. There is no stateful ingress rule in the Security List associated with the public subnet
D. There is no stateful egress rule in the Security List associated with the public subnet

Question 29:
Your on-premises hosted application uses Oracle database server. Your database administrator
must have access to the database server for managing the application. Your database server is
sized for seasonal peak workloads, which results in high licensing costs. You want to move your
application to Oracle Cloud Infrastructure (OCI) to take advantage of CPU scaling options.
Which database offering on OCI would you select?
A. bare metal DB systems
B. VM DB systems
C. Autonomous Transactions Processing (ATP)
D. Autonomous Data Warehouse (ADW)
Question 30:
You want an Oracle Cloud Infrastructure (OCI) compute instance in your compartment to make
API calls to other services within OCI without storing credentials in a configuration file.
What do you need to do?
A. Create a dynamic group with appropriate matching rules to include the instance, and reference this
group in your IAM policy statement
B. Instances cannot access services outside their compartment
C. VM instances are treated as users. Create a user, assign the user to that VM instance, and reference the
instance in your Identity and Access Management (IAM) policy statement
D. By default, all VM instances are created with an instance principal. Reference this instance principal in
your IAM policy statement
Question 31:
You have successfully configured identity federation between Oracle Cloud Infrastructure (OCI)
and Oracle Identity Cloud Services (IDCS). A new project manager wants access to OCI for her
team and provides the name of an existing group within IDCS to use when granting access.
How do you configure federation to allow the project team access to OCI resources?
A. Create a new IAM group in OCI and map it to the existing IDCS group. Create a new policy in IDCS and
reference the name of the IAM group.
B. Create a new Identity and Access Management (IAM) policy in OCI and reference the name of the IDCS
group in each policy statement.
 C. Create a new compartment in OCI with the same name as the existing IDCS group. Create an IAM policy
that references the new compartment and the name of the IDCS group
D. Create a new IAM group in OCI and map it to the existing IDCS group. Create a new IAM policy and
reference the name of the IAM group in each policy statement.
Question 32:
You are managing a tier-1 OLTP application on an Autonomous Transaction Processing (ATP)
database. Your business needs to run hourly batch processes on this ATP database that may
consume more CPUs than what is available on the server.
How can you limit these batch processes to not interfere with the OLTP transactions?
A. Copy OLTP data into new tables in a new table space and run batch processes against these new tables
B. ATP is designed for OLTP workload only; you should not run batch processes on ATP
C. Disable automated backup during the batch process operations
D. Configure ATP resource management rules to manage runtime and IO consumption for the consumer
group of batch processes
Question 33:
You need to create a high performance shared file system, and have been advised to use file
storage service (FSS). You have logged into the Oracle Cloud Infrastructure console, created a file
system, and followed the steps to mount the shared file system on your Linux instance. However,
you are still unable to access the shared file system from your Linux instance.
What is the likely reason for this?
A. There are no security list rules for mount target traffic
B. There is no internet gateway set up for mount target traffic
C. There is no Identity and Access Management (IAM) policy set up to allow you to access the mount target
D. There is no route in your virtual cloud network’s (VCN) route table for mount target traffic
Question 34:
You have one database style application that frequently makes many random reads and writes
across the dataset Which storage offering supports this application?
A. block volume service
B. file storage service
C. object storage service
D. archive storage service

Question 35:
Which statement is true about Data Guard Implementation in DB systems?
A. Both DB systems must be in the same compartment, and they must be the same shape
B. You cannot manage Oracle database Initialization parameters at a global level
C. You can define the backup window and set custom backup retention period for the automatic database
backup schedule
D. You cannot manage the database as ays/sysdba
Question 36:
You have an Oracle Cloud Infrastructure (OCI) load balancer distributing traffic via an evenly-
weighted round robin policy to your backend web servers. You notice that one of your web servers
is receiving more traffic than other web servers.
How can you resolve this imbalance?
A. Check security lists and route tables of your virtual cloud network (VCN) and fix any issues associated
with the rules
B. Create separate listeners for each backend web server
C. Delete and re-create your OCI load balancer
D. Disable session persistence on your backend set

Question 37:
Your organization has deployed a large, complex application across multiple compute instances in
Oracle
Cloud Infrastructure (OCI). These compute instances also have block volume storage attached to
them. You want to create a time consistent backup of this block volume storage.
Which implementation strategy should be used?
A. Create a manual backup of each volume
B. Use scripts available in OCI to backup block volume storag
C. Group volumes in a volume group first and then use available scripts in OCI
D. Group volumes in a volume group and create a manual backup of the volume group
Question 38:
Which two statements are true about an Oracle Cloud Infrastructure (OCI) virtual cloud network
(VCN)?
A. A VCN creates the dynamic routing gateway by default
B. A VCN can reside In multiple OCI regions and availability domains
C. A VCN covers a single, contiguous IPv4 CIDR block of your choice
D. The allowable VCN size range is:/16 to /30(Correct)

Question 39:
Which two options ate necessary for achieving high availability on Oracle Cloud Infrastructure?
A. Store your database across multiple regions so that half of the data resides in one region and the other
half resides in another region
B. Attach your block volume form Availability Domain 1 to a compute instance in Availability Domain 2 (and
vice versa) so that they are highly available.
C. Configure your database to have Data Guard in another Availability Domain in Sync mode within a region
D. Store your database files on Object Storage so that they are available in all Availability Domains in all
regions
E. Distribute your application servers across all Availability Domains within a region
Question 40:
You are designing a two-tier web application in Oracle Cloud Infrastructure (OCI). Your clients
want to access the web servers from anywhere, but want to prevent access to the database servers
from the Internet.
Which is the recommended way to design the network architecture?
A. Create public subnets for web servers and private subnets for database servers in your virtual cloud
network (VCN), and associate separate internet gateways for each subnet
B. Create a public subnet for web servers and associate a dynamic routing gateway with that subnet, and a
private subnet for database servers with no association to dynamic routing gateway
C. Create public subnets for web servers and private subnets for database servers in your VCN, and
associate separate security lists and route tables for each subnet
D. Create a single public subnet for your web servers and database servers, and associate only your web
servers to internet gateway
Question 41:
Which two statements are true about DB Systems in Oracle Cloud Infrastructure? (Choose two.)
A. Customers can consolidate multiple database homes on a single virtual machine database host
B. Customers have no control over database patching
C. Customers can manage the TDE Wallet after DB Systems are provisioned
D. The database and backups are encrypted by default

Question 42:
A company currently uses Microsoft Active Directory as its identity provider. The company
recently purchased Oracle Cloud Infrastructure (OCI) to leverage the cloud platform for its test
and development operations. As the administrator, you are now tasked with giving access only to
developers so that they can start creating resources in their OCI accounts.
Which step will you perform to achieve this requirement?
A. Create a group for developers on OCI and map the group to a similar group in Microsoft Active Directory
during the federation process
B. Federate all Microsoft Active Directory groups with OCI to allow users to use their existing credentials
C. Create a new user account for each user, and then create policies to provide access to developers
D. Create a group for developers on OCI, export all the developers from Microsoft Active Directory, and
then import them into the Identity and Access Management (IAM) group
Question 43:
Which two choices are true for Autonomous Data Warehouse (ADW)? (Choose two.)
A. Billing stops only when the ADW is terminated
B. Billing stops for both CPU usage and storage usage when ADW is stopped
C. Billing for compute stops when ADW is stopped
D. Billing for storage continues when ADW is stopped
Question 44:
As the Cloud Architect for your company, you have been tasked with designing a high
performance (HPC) cluster in Oracle Cloud Infrastructure (OCI). The following requirements
have been defined :
* The cluster must be a minimum of three nodes, but may increase to six nodes when demand
requires.
* The cluster must be resilient to any potential infrastructure failures.
* To minimize latency, all nodes must be deployed within the same availability domain (AD).
* Adding or replacing nodes within the cluster should take no more than 30 minutes.
Which two steps should be performed to satisfy these requirements in OCI? (Choose two.)
A. Deploy the cluster in a single AD with a shared file system that leverages the file storage service (FSS).
Deploy a standby cluster in another AD and configure it to use the same shared file system
B. Deploy the cluster in a single AD. Place each of the nodes in one of the three different fault domains in
that AD.
C. Create a backup of your HPC node compute instance boot volume. Launch new compute instances
directly from the backup reduce provisioning time
D. Create a custom image of your HPC node compute instance. Launch new compute instances using this
image to reduce provisioning time
E. Deploy the cluster in a single AD. Place each of the nodes in a different virtual cloud network (VCN)
subnet.
Question 45:
When terminating a compute instance, which statement is true?
A. The instance needs to be stopped first, and then terminated
B. The boot volume is always deleted
C. All block volumes attached to the instance are terminated
D. Users can preserve the boot volume associated with the instance
Question 46:
Your application front end consists of several Oracle Cloud Infrastructure compute instances
behind a load balancer. You have configured the load balancer to perform health checks on these
instances.
If an instance fails to pass the configured health checks, what will happen?
A. The instance is replaced automatically by the load balancer
B. The instance is terminated automatically by the load balancer
C. The instance is taken out of the back end set by the load balancer
D. The load balancer stops sending traffic to that instance

Question 47:

Which two options are true for Autonomous Transaction Processing (ATP) database? (Choose
two.)
A. You can add/remove Diskgroup in ATP
B. You can scale storage up or down in ATP
C. You can scale CPU up or down in ATP
D. You can add more Pluggable Databases for consolidating multiple databases in ATP
E. You can add new ORACLE_HOME for bringing older versions of on-premises databases to ATP
Question 48:
How can you provide users access to an existing compartment?
A. by granting users access to a compartment when the compartment is created
B. by adding users to a group and defining a policy to provide the group access to the compartment
A. by adding users to a compartment; all users in the compartment will have access to the objects in the
compartment.
C. by granting access directly to the user when the user is created
Question 49:
Which two are a valid image source when launching a new compute instance? (Choose two.)
A. bare metal instance
B. object storage
C. custom image
D. boot volume

Question 50:
You have an application deployed in Oracle Cloud Infrastructure running in the US East region.
You have been asked to create a disaster recovery plan that will protect against the loss of critical
data. The DR site must be at least a few hundred miles from your primary site and data transfer
between the two sites must not traverse the public Internet.
Which is the lowest latency and lowest cost recommended disaster recovery plan?
A. Create a DR environment in the US West region and provision a FastConnect virtual circuit using
Dynamic Routing Gateways between the regions
 B. Create a DR environment in the US West region. Associate a Dynamic Routing Gateway (DRG) with the
VCN in each region and configure an IPsec VPN connection between the two regions
C. Create a DR environment in the US West region. Associate a Dynamic Routing Gateway (DRG) with the
VCN in each region and create a remote peering connection between the two VCNs
D. Create a DR environment in the US West region. Associate a Local Peering Gateway with the VCN in each
region and create a local peering connection between the two VCNs
Question 51:
You have an instance running in a development compartment that needs to make API calls against
other OCI services, but you do not want to configure user credentials or a store a configuration file
on the instance.
How can you meet this requirement?
A. Create a dynamic group with matching rules to include your instance
B. Instances can automatically make calls to other OCI services
C. Instances are secure and cannot make calls to other OCI services
D. Create a dynamic group with matching rules to include your instance and write a policy for this dynamic
group
Question 52:
Your application consists of three Oracle Cloud Infrastructure compute instances running behind
a public load balancer. You have configured the load balancer to perform health checks on these
instances, but one of the three instances fails to pass the configured health check. Which of the
following action will the load balancer perform?
A. Stop sending traffic to the instance that failed health check
B. Terminate the instance that failed health check
C. Stop the instances that failed health check
D. Remove the instance that failed the health check from the backend set

Question 53:
A customer has launched a compute instance In the Virtual Cloud Network (VCN), which has an
internet gateway, a service gateway, a default security lists and a default route table. Customer has
opened up Port 22 In the security lists attached to the compute Instance subnet, however is still
unable to connect to compute Instances using ssh.
Which option would remedy this situation?
A. Modify the route table associated with the VCN subnet in which the instance resides. Add a following
route to the route table. Destination CIDB: 0.0.0.0/0 Target: Internet Gateway <"GM)
B. Modify the route table associated with the VCN subnet in which the instance resides. Add a following
route to the route table. Destination CIDP: 0.0.0.0/0 Target: Dynamic Routing Gateway (ORG)
C. Modify the security list associated with the VCN subnet In which the Instance resides. Add a stateful
egress rule to allow ichp traffic in addition to the port 22
D. Modify the route table associated with the VCN subnet In which the Instance resides. Add a following
route to the route table. Destination CIDR: 0.0.0.0/0 Target: Service Gateway (SGW)
Question 54:
Which two statements are true about the Oracle Cloud Infrastructure object storage service?
A. It provides strong consistency
B. It provides higher lOPS than block storage.
C. It can be directly attached to or detached from a compute instance
D. Data is stored redundantly across multiple availability domains (ADs) in a multi-AD region

Question 55:
You have two NFS clients running in two different subnets within the same Oracle Cloud
Infrastructure (OCI) Virtual Cloud Network (VCN). You have created a shared file system for the
two NFS clients who want to connect to the same file system, but you want to restrict one of the
clients to have READ access while the other has READ/Write access. Which OCr feature would
you leverage to meet this requirement?
A. Use VCN security rules to control access for the NFS clients
B. Use OCI Identity Access Management to control access for the NFS clients
C. Use File Storage NFS Export Options to control access for the NFS clients
D. Use NFS security to control access for the NES clients

Question 56:
Which two Oracle Cloud Infrastructure services use a Dynamic Routing Gateway?
A. OCI FastConnect Public Peering
B. Local Peering
C. OCI FastConnect Private Peering
D. Internet Gateway
E. OCI IPSec VPN Connect

Question 57:
What is the maximum IP address size range that you can have in a Virtual Cloud Network?
A. /16
B. /26
C. /24
D. /8

Question 58:
You are asked to create a user that will access programmatic endpoints in Oracle Cloud
Infrastructure. The user must not be allowed to authenticate by username and password.
Which two authentication options can you use? (Choose two.)

A. PEM Certificate file

B. Auth tokens
C. API signing key
D. Windows password
E. SSH key pair
Question 59:
You are deploying a highly available web application In Oracle Cloud Infrastructure and have
decided to use a public load balancer. The back-end web servers will be distributed across all three
availability domains (ADs).
How many subnets should you create to deliver a secure, highly available application?

A. two subnets in total; one regional private subnet to host your back-end web servers
and one regional public subnet to host your public load load balancer.
B. two subnets in total; one regional public subnet to host your back-end web servers
and one regional private subnet to host your public load load balancer.
C. three subnets in total; one regional public subnet to host your back-end web servers
and two AD specific private subnets to host your private load load balancer.
D. one subnet in total; one regional private subnet to host your back-end web servers
and your public load balancer.

Question 60:
Your company has decided to move a few applications to Oracle Cloud Infrastructure and you
have been asked to design it for Disaster Recovery (DR). One of the items of your design is to
deploy the DR at least 300 miles from the home site and minimize the network latency as much as
possible.
Based on that, what will be the recommended deployment?
A. Deploy applications in two separated VCNs in different Availability Domains and use
VCN Remote Peering
B. Deploy applications in different regions and have them connected using VCN Remote
Peering
C. Deploy applications in two separated VCNs in different regions and use VCN Local Peering
D. Deploy applications on the same region splitting workloads across Availability Domains.

Question 61:

You must implement a backup solution for your Autonomous Data Warehouse (ADW) that
will enable you to restore data as old as one year with a recovery point objective (RPO) of 10
days.

Which database backup strategy would you select?

A. Take weekly manual backups to supplement the automated backups and preserve them for 12 months.
B. Use the automated backups
C. Take monthly manual backups to supplement the automated backups and preserve them for 12 months
D. Take quarterly manual backups to supplement the automated backups and preserve them for 12 months
Question 62:

You are running your warehouse using Autonomous Data Warehouse (ADW) service and you
noticed that a newly configured batch job is always running in serial even through nothing
else is running in the database. All your jobs are configured to run with parallelism enabled.

What could be the reason for this batch job to run in serial?
A. The batch job depends on only one table and parallelism cannot be enabled on single-table
queries.
B. The parallelism of batch job depends on the number of ADW databases involved in the
query.
C. The new batch job is connected to LOW consumer group.
D. The new batch job runs on database tables that are not enable for parallel execution.
E. Parallelism on the database is controlled by the application, not the database.

Question 63:

You have five different company locations spread across the US. For a proof-of-concept
(POC) you need to setup secure and encrypted connectivity to your workloads running in a
single virtual cloud network (VCN) in the Oracle Cloud Infrastructure Ashburn region from all
company locations.

What would meet this requirement?

A. Create five internet gateways in your VCN and have separate route table for each internet
gateway.
B. Create five virtual circuits using FastConnect for each company location and terminate those
connections on a single dynamic routing gateway (DRG). Attach that DRG to your VCN.
C. Create five IPsec connections with each company location and terminate those connections
on a single DRG. Attach that DRG to your VCN.
D. Create five IPsec VPN connections with each company location and terminate those
connections on five separate DRGs. Attach those DRGs to your VCN.
Question 64:
You are about to deploy an e-business application on Oracle Cloud Infrastructure and one of the
requirements is to use a shared file system that supports the NFS protocol.
Which storage service would meet this requirement?
A. object storage
B. block volume
C. data transfer appliance
D. file storage
Question 65:
Which two options are valid for loading data directly into Autonomous Data Warehouse (ADW)?
(Choose two.)
A. Data Integrator
B. Data Pump
C. Data Transfer Service
D. SQL *Loader
Question 66:
You deployed a compute instance (VM.Standard2.16) to run a SQL database. After a few
weeks, you need to increase disk performance by using NVMe disks; the number of CPUs will
not change. As a first step you terminate the instance and preserve the boot volume.

What is the next step?

A. Create a new instance using a VM.DenseIO2.16 shape using the preserved boot volume and move the
SQL Database data to block volume
B. Create a new instance using a VM.DenseIO2.8 shape using the preserved boot volume and move the SQL
Database data to NVMe disks
C. Create a new instance using a VM.Standard1.16 shape using the preserved boot volume and move the
SQL Database data to NVMe disks
D. Create a new instance using a VM.DenseIO2.16 shape using the preserved boot volume move the SQL
Database data to NVMe disks
Question 67:
You have provisioned an Autonomous Transaction Processing (ATP) database and logged
into the ATP service console.

What are three abilities that can be performed from this service console? (Choose three.
A. scale up/down the CPUs
B. create ATP database users
C. reset the admin passwor
D. set resource management rules
E. monitor database activity and SQL queries

Question 68:

Which statement is true regarding Autonomous Transaction Processing (ATP)?

A. A database name cannot be used concurrently for both an Autonomous Data Warehouse (ADW) and an
ATP database
B. After terminating a database, the database name is available for immediate reuse
C. A maximum of 8 cores can be enabled for an ATP database
D. A maximum of 2 TB of storage can be enabled for an ATP database
Question 69:

You have been notified of an application failure indicating that one or more of the Oracle
Cloud Infrastructure (0C1) resources have become unavailable. After scanning the Compute
and Database consoles, you notice that one of the DD Systems is missing.

What would you do to identify the reason for this missing resource?
A. Navigate to the Audit console and search the previous 24 hours for all Delete actions to get a list of any
resource that was deleted in the past 24 hours
B. Create a serial console connection to the DB System that does not appear in the management console.
Connect to the serial console connection, and then review the system logs under /var/log/messages
C. View the service limits associated with your account to ensure that you have not exceeded the allowable
number of DB Systems in your tenancy
D. Navigate to the Audit console and search the previous 24 hours for all List actions to get a list of every
event that occurred in the past 24 hours.

Question 70:

Which two statements are true about adding secondary VNICs to an existing compute
instance? (Choose two.)
A. The primary and secondary VNIC association must be in the same availability domain
B. You can assign an Ephemeral Public IP to a secondary VNIC
C. You can remove the primary VNIC after the secondary VNIC’s attachment is complete
D. The primary and secondary VNIC association can be in different virtual cloud networks (VCNs

Question 71:

You are designing a lab exercise for your team that has a large number of graphics with large
file sizes. The application becomes unresponsive if the graphics are embedded in the
application. You have uploaded the graphics to Oracle Cloud Infrastructure and only added
the URL in the application. You need to ensure these graphics are accessible without
requiring any authentication for an extended period of time.

How can you achieve these requirements?

A. Create pre-authenticated requests (PAR) and specify 00:00:0000 as the expiration time.
B. Make the object storage bucket private and all objects public and use the URL found in the Object
“Details”
C. Make the object storage bucket public and use the URL found in the Object “Details"
D. Create PARs and do not specify an expiration date
Question 72:

You are deploying a highly available web application in Oracle Cloud Infrastructure and have
decided to use a public load balancer. The back end web servers will be distributed across all
three availability domains (ADS).

How many subnets should you create to deliver a secure, highly available application?
A. two subnets in total; one regional private subnet to host your back-end web servers and one regional
public subnet to host your public load load balancer
B. three subnets in total; one regional public subnet to host your back-end web servers and two AD specific
private subnets to host your private load toad balancer
C. one subnet In total; one regional private subnet to host your back-end web servers and your public load
balancer.
D. two subnets in total; one regional public subnet to host your back-end web servers and one regional
private subnet to host your public load load balancer

Question 73:

Which two statements about fault domains are true? (Choose two.)
A. A fault domain is a grouping of hardware and infrastructure within an availability domain
B. Each availability domain contains three fault domain
C. A failed instance in a fault domain is automatically relaunched
D. A fault domain is selected automatically based on usage data

Question 74:

You have an application running on Oracle Cloud Infrastructure. You identified that the read
and write operations are slowing your application down enough to impair user access. The
application is currently using a VM.Standard1.2 compute without any block storage attached
to it.

Which two options allow you to increase disk performance? (Choose two.)
A. Terminate the compute instance preserving the boot volume. Create a new compute instance using a
VM Dense IO shape using the boot volume preserved
B. Terminate the compute instance preserving the boot volume. Create a new compute instance using a
VM Standard shape and attach a new block volume to host your application.
C. Create a backup of the boot volume. Create a new compute instance using a VM Dense IO shape and
restore the backup
D. Terminate the compute instance and create a backup of the boot volume. Create a new compute
instance using a VM Dense IO shape and restore the backup
Question 75:
You have an application deployed in Oracle Cloud Infrastructure running only in the Phoenix
region. You were asked to create a disaster recovery (DR) plan that will protect against the loss of
critical data. The DR site must be at least 500 miles from your primary site and data transfer
between the two sites must not traverse the public Internet.
Which is the recommended disaster recovery plan?
A. Create a new virtual cloud network (VCN) in the Phoenix region and create a subnet in one availability
domain (AD) that is not currently being used by your production systems. Establish VCN peering
between the production and DR sites
B. Create a DR environment in Ashburn. Associate a DRG with the VCN in each region and create a remote
peering connection between the two VCNs.
C. Create a DR environment in Ashburn and provision a FastConnect virtual circuit using DRG between the
regions.
D. Create a DR environment in Ashburn. Associate a dynamic routing gateway (DRG) with the VCN in each
region and configure an IPsec VPN connection between the two regions.
Question 76:
Which statement is true about Oracle Cloud Infrastructure (OCI) object storage support for
server-side encryption?
A. You must manually enable server-side encryption for each object as you upload to OCI object storage
B. Objects are automatically encrypted as they are uploaded to object storage and decrypted upon
retrieval
C. You must manually decrypt the data when retrieving from OCI object storage
D. Only the object data is encrypted and the user-defined metadata that is associated with the object is not
encrypted
Question 77:
You are designing a networking infrastructure in multiple Oracle Cloud Infrastructure regions
and require connectivity between workloads in each region. You have created a dynamic routing
gateway (DRG) and a remote peering connection. However, your workloads are unable to
communicate with each other. What are two reasons for this?
A. The security lists associated with subnets in each virtual cloud network (VCN) do not have the
appropriate ingress rules
B. Identity and Access Management (IAM) policies have not been defined to allow connectivity across the
two VCNs in different regions
C. A local peering gateway needs to be created in each VCN with a default route rule added in the route
table forwarding the traffic to the local peering gateway
D. An Internet gateway needs to be created in each VCN with a default route rule added in the route table
forwarding the traffic to the Internet Gateway
E. The route table associated with subnets in each VCN do not have a route rule defined to forward the
traffic to their respective DRGs
Question 78:
The Oracle Cloud Infrastructure Block Volume service lets you expand the size of block and boot
volumes.
Which three options below can you use to increase the size of your block volumes?
A. Clone an existing volume to a new, larger volume
B. You can only expand block volumes and not boot volumes
C. Expand an existing volume in place with offline resizing
D. Take a backup of your existing volume and restore from the volume backup to a larger volume
E. Expand an existing volume in place with online resizing

Question 79:
Which two statements are true regarding cloning a block volume?
A. You can change the block volume performance when creating a clone
B. You can clone block volumes across regions
C. You can change the block volume size when creating a clone
D. You can skip block volume encryption when creating a clone
Question 80:
You have deployed a compute instance (VM.Standard2.24) to run an Oracle database. With this
set up, you run into some performance issues and want to leverage an OCI Dense IO shape
(VM.DenseIO2.24), with which you get 25.6 TB local NVMe SSD. You do not want to lose the
configuration changes you made to the instance.
Which of the following TWO steps ARE NOT required to make this transition?
A. Terminate the VM.Standard2.24 instance and do not preserve the boot volume
B. Create a new instance using the VM.Dense102.24 shape using the preserved boot volume and move the
Oracle Database data to NVMe disks
C. Terminate the VM.Standard2.24 instance and preserve the boot volume
D. Create a new instance using a VM.DenseIO2.24 shape using the preserved boot volume and move the
Oracle Database data to block volumes

Question 81:
You are running several Linux based operating systems in your on .premises environment that
you want to import to OCI as custom images. You can launch your imported images as OCI
compute Virtual machines.
Which two modes below can be used to launch these imported Linux VMs?
A. Native
B. Mixed
C. Paravirtualized
D. Emulated
Question 82:
Which two statements are true about Oracle Cloud Infrastructure IPSec VPN Connect?
A. Each OCI IPSec VPN consists of multiple redundant IPSec tunnels
B. OCI IPSec VPN tunnel supports only static routes to route traffic
C. OCI IPSec VPN can be configured in tunnel mode only
D. OCI IPSec VPN can be configured in trans port mode only
Question 83:
You have the following compartment structure in your tenancy. Root compartment->Training-
>Training-subl ->Training-sub2 You create a policy in the root compartment to allow the default
admin for the account (Administrators) to manage block volumes in compartment Training-sub2.
What policy would you write to meet this requirement?
A. Allow group Administrators to manage volume-family in root compartment
B. Allow group Administrators to manage volume-family in compartment Training-sub1 :Training-sub2
C. Allow group Administrators to manage volume-family in compartment Training: Training-sub 1 :Training-
sub2
D. Allow group Administrators to manage volume-family in compartment Training-sub2
Question 84:
You have created a new compartment called Production to host some production apps. You have
also created users in your tenancy and added them to a Group called "production group". Your
users are still unable to access the Production compartment. How can you resolve this situation?
A. Every compartment you create comes with a predefined set of policies, so no further action is needed
B. Your users get automatic access to all compartments, so no further action is needed
C. Write an IAM Policy for each specific user granting them access to the production compartment
D. Write an IAM Policy for "production_group" granting it access to the production compartment(Correct)

Question 85:
You have two line of business operations (LOB1, LOB2) leveraging Oracle Cloud Infrastructure.
LOB1 is deployed in VCN1 in the OCI US East region, while LOB2 is deployed in VCN2 in the US
West region. You need to peer VCN1 and VCN2 for disaster recovery and data backup purposes.
To ensure you can utilize the OCI Virtual Cloud Network remote peering feature, which CIDR
ranges should be used?
A. VCN1 (10.0.0.0/16) and VCN2 (10.0.1.0/24)
B. VCN1 (10.0.0.0/16) and VCN2 (172.16.0.0/16)
C. VCN1 (172.16.1.0/24) and VCN2 (172.16.1.0/27)
D. VCN1 (192.168.0.0/16) and VCN2 (192.168.1.0/27)
Question 86:
You deployed a web server in Oracle Cloud Infrastructure using an Ephemeral Public IP address.
While making configuration changes, an admin inadvertently deleted your web seNer. You
redeploy your web server, but many of your LOB apps depend on this web server's public IP
address and would need an update. What can you do to prevent this from happening again?
A. Create a reserved public IP and associate it with the security list for the subnet being used by your
compute instance
B. Create a reserved public I P and associate it with the hosts file of your web server
C. Create a reserved public IP and associate it with the subnet of your compute instance
D. Create a reserved public IP and associate it with the virtual NIC of your compute instance

Question 87:
You have launched a compute instance running Oracle database in a private subnet in the Oracle
Cloud Infrastructure US East region. You have also created a Service Gateway to back up the
data files to OCI Object Storage in the same region. You have modified the security list associated
with the private subnet to allow traffic to the Service Gateway, but your instance still cannot
access OCI Object Storage. How can you resolve this issue?
A. Add a stateful rule that enables ingress HTTPS (TOP port 443) traffic to 001 Object Storage in the security
list associated with the private subnet
B. Add a stateful rule that enables egress HTTPS (TCP port 443) traffic to OCI Object Storage in the security
list associated with the private subnet
C. Add a rule in the Route Table associated with the private subnet with Target type as "Service Gateway"
and destination service as all IAD services in the Oracle Service Network.
D. Use the default Security List, which has ports open for OCI Object Storage
Question 88:
You are a network architect of an application running on Oracle Cloud Infrastructure (OCI).
Your security team has informed you about a security patch that needs to be applied immediately
to one of the backend web servers. What should you do to ensure that the OCI load balancer does
not forward traffic to this backend server during maintenance?
A. Drain all existing connections to this backend server and mark the backend web server offline
B. Create another OCI load balancer for the backend web servers, which are active and handling traffic
C. Edit the security list associated with the subnet to avoid traffic connectivity to this backend serve
D. Stop the load balancer for maintenance and restart the load balancer after the maintenance is finished

Question 89:
Which three items must be configured for a load balancer to accept incoming traffic?
A. A route table entry pointing to the listener IP address
B. A security list that is open on the listener port
C. A backend set with at least one backend server
D. SSL certificate
E. A listener
Question 90:
Your IT department wants to cut down storage costs, but also meet compliance requirements as
set up by the central audit group. You have a legacy bucket with both Word does (*.docx) and
Excel files (*.xlsx). Your auditors want to retain only Excel files for compliance purposes. Your IT
departments wants to keep all other files for 365 days only.
What two steps can you take to meet this requirement?
A. Create Object Storage Lifecycle rules to archive objects from the legacy bucket after 365 days without
any pattern matching
B. Create Object Storage Lifecycle rules to delete objects from the legacy bucket after 365 days with a filter
type - include by pattern: ''.docx
C. It is not possible to meet this requirement
D. Create Object Storage Lifecycle rules to delete objects from the legacy bucket after 365 days with a filter
type - exclude by pattern: ''.xlsx"
E. Create Object Storage Lifecycle rules to delete objects from the legacy bucket after 365 days without any
pattern matching
Question 91:
You have a working application in the US East region. The app is a 3-tier app with a database
backend - you take regular backups of the database into OCI Object Storage in the US East
region. For Business continuity; you are leveraging OCI Object Storage cross-region copy feature
to copy database backups to the US West region. Which of the following three steps do you need to
execute to meet your requirement?
A. Write an IAM policy and authorize the Object Storage service to manage objects on your behalf
B. Specify an existing destination bucket
C. Specify the bucket visibility for both the source and destination buckets
D. Provide a destination object name
E. Provide an option to choose bulk copying of objects
F. Choose an overwrite rule
Question 92:
Which of the following statement is true regarding Oracle Cloud Infrastructure Object Storage
Pre-Authenticated Requests?
A. It Is not possible to create pre-authenticated requests for "archive" storage tier
B. Changing the bucket visibility does not change existing pre-authenticated requests
C. It is not possible to create pre-authenticated requests for the buckets, but only for the objects
D. Pre-authenticated requests don't have an expiration
Question 93:
Which statement is true about the Oracle Cloud Infrastructure File Storage Service Mount
Target?
A. You can access multiple file systems through a single mount target(Correct)
B. Mount target has a public IP address and DNS name
C. Mount target lives in a single subnet of your choice, but is not highly available
 D. Each mount target requires six internal IP addresses in the subnet to function

Question 94:
Which statement is true about the Oracle Cloud Infrastructure File Storage Service Snapshots?
A. Snapshots are created under the root folder of file system, in a hidden directory named .snapshot
B. Snapshots are not incremental
C. You can restore the whole snapshot, but not the individual files
D. It Is not possible to create snapshots from OCI console, but just the CLI

Question 95:
Which two statements are true about Oracle Cloud Infrastructure (OCI) DB Systems Data Guard
service?
A. Both DB systems must use the same VCN, and port 1521 must be open
B. Data guard configuration on the OCI is limited to a virtual machine only
C. Data guard implementation for Bare Metal shapes requires two DB Systems, one containing the primary
database and one containing the standby database
D. Data guard implementation requires two DB Systems, one running the primary database on a virtual
machine and the standby database running on bare metal.
Question 96:
Which two characteristics do you need to consider when choosing a method to migrate a database
to Oracle Cloud Infrastructure (OCI)?
A. On-premises connectivity using remote and local virtual cloud network (VCN) peering
B. On-premises database character set and application version
C. On-premises host operating system platform and network bandwidth
D. On-premises database version and quantity of data, including indexes

Question 97:
Which is a customer's responsibility on an Oracle Cloud Infrastructure DB System?
A. Applying patches to the database and OS
B. Installing the operating system (OS), Grid Infrastructure, and database software
C. Creating the first database on the DB System
D. Creating an ASM diskgroup for data file or temp file storage

Question 98:
Which two options are available within the service console of Autonomous Transaction
Processing?
A. Monitor the health of the database server including CPU, memory and query performance
B. Configure resource management rules and reset the admin password
C. Perform a manual backup of the ATP database
D. Fine tune a long running query using optimizer hints
Question 99:
Which of the following two tasks can be performed in the Oracle Cloud Infrastructure Console for
Autonomous Data Warehouse?
A. Adjust Network Bandwidth
B. Scale up/down Memory
C. Increase Storage allocated for Database
D. Scale up/down CPU
Question 100:
Which two statements are true about Autonomous Data Warehouse (ADW) backup
A. You can perform manual backups to OCI object storage in addition to automated backups available on
ADW
B. You can backup ADW database only to a standard bucket type in OCI object storage
C. Oracle Cloud Infrastructure (OCI) recommends backing up ADW databases manually to on-premises
storage devices
D. You must backup ADW database to object storage bucket named ADW_backup