01.
Your customer recently ordered for a 1-Gbps Fast Connect connection in
ap-tokyo-1 region of Oracle Cloud Infrastructure (OC). They will us this to one
Virtual cloud Network (VCN) in their production (OCI) tenancy and VCN in their
development OCI tenancy As a Solution Architect.
How should you configure and architect the connectivity between on premises and VCNs in OCI?
02.
You are working as a solution architect for an online retail store to create a
portal to allow the users to pay for their groceries using credit cards. Since
the application is not fully compliant with the Payment Card Industry Data
Security Standard (PCI DSS), your company is looking to use a third party
payment service to process credit card payments.
The
third party service allows a maximum of Spelunk IP addresses 5 public IP
addresses at a time However, your website is using Oracle Cloud Infrastructure
(OC) Instance Pool Auto Scaling policy to create up to create up to 15
instances during peak traffic demand, which are launched in VCN private in VCN
private subnets and attached to an OCI public Load Balancer. Upon user payment,
the portal connects to the payment service over the Internet to complete the
transaction.
What solution can you implement to make sure that all compute Instances can connect to the third party system to process the payments aw peak traffic demand?
• Route credit card payment request from the compute instances through the NAT Gateway. On the third-party services. Whitest the public associated with the NAT Gateway.
• Whitelist the Internet Gateway Public IP on the third party service and route all payment requests through the internet Gateway.
• Create an OCI Command Line Interface (CLI) script to automatically reserve public IP address for the compute instances. On the third services, whitelist the Reserved public IP.
• Route payment request from the compute instances through the OCI Load Balancer, which will then be routed to the third party service.
03.
Your company needs to migrate a business critical application from your data
center to Oracle Cloud Infrastructure (OCI). The application runs on Oracle
Database and both the application and database servers run on Oracle Linux
version 7. The application server is WebLogic server running on multiple 4-core
servers and the database is deployed as an Oracle Database Enterprise Edition
RAC database on 2 servers (4-cores each).
Which method of database migration should you choose so that the application has minimal impact?
04.
You are responsible for migrating your on-premises legacy databases on 11.2.0.4
version to Autonomous Transaction Processing-Dedicated (ATP-D) in Oracle Cloud
Infrastructure (OCI). As a solution architect, you need to plan your migration
approach.
Which two options do you need to implement together to migrate your on-premises databases to OCI?
• Use Oracle GoldenGate replication to keep on-premises database online during migration.
• Convert on-premises databases to PDB, upgrade to 19c, and encrypt.
• Use Oracle Data Guard to keep on-premises database always active during migration.
• Retain changes to Oracle shipped privileges, stored procedures or views in the on-premises databases.
• Retain all legacy structures and unsupported features (e.g. legacy LOBS) in the on-premises databases for migration.
05. What is the most effective service to use to migrate the data to OCI given the time constraints?
• Setup an OCI Storage Gateway to connect your data center and your VCN. Once the connection has been established, upload all data to OCI using OCI Storage Gateway Cloud Sync tool.
• Setup a hybrid network by launching a 1 Gbps FastConnect virtual circuit between your data center and OCI. Use OCI Object storage multipart upload tool to automate the migration of your data to OCI.
• Use multiple OCI Data Transfer Appliances to transfer data to OCI.
• Upload the data to OCI using OCI Object Storage multipart upload tool.
• Storage Gateway to connect your data center and your VCN. Once the connection has been established, upload all data to OCI.
|
Q6. You work for a German
company as the Lead Oracle Cloud Infrastructure architect. You have designed
a highly scalable architecture for your company's business critical
application, which uses the Load Balancer service auto, which uses the Load
Balancer service, autoscaling configuration for the application servers and a
2 Node VM Oracle RAC database. During the peak utilization
period of the application, you notice that the application is running slow
and customers are complaining. This is resulting in support tickets being
created for API timeouts and negative sentiment from the customer base. What are two possible
reasons for this application slowness? • Autoscaling configuration for the application servers
did not happen due to 1AM policy that is blocking access to the application
server compartment. |
07.
An online stock trading application is deployed to multiple Availability
Domains in the us-phoenix-1 region. Considering the high volume of financial
transactions that the trading application handles, the company has hired you to
ensure that the data stored by the application is scalable, highly-available,
and disaster resilient.
In
the event of failure, the Recovery Time Objective (RTO) must be less than 2
hours to meet regulatory compliance requirements.
Which Disaster Recovery strategy should be used to achieve the RTO requirement in the event of system failure?
• Configure your application to use synchronous master-slave data replication between Availability Domains.
• Configure hourly block volumes backups through the Storage Gateway service.
• Store hourly block volumes backup to NVME device under a compute instance and generate a custom image every 5 minutes.
• Configure hourly block volumes backups using the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI).
08.
A hospital in Austin has hosted its web-based medical records portal entirely
in Oracle Cloud Infrastructure (OCI) using compute instances for its web-tier
and DB System database for its data tier. To validate compliance with Health Insurance
Portability and Accountability (HIPAA), the hospital hired an IT security
professional to check their systems.
It
was found that there were a lot of unauthorized requests coming from a set of
IP addresses originating from a county in Southeast Asia.
Which option can mitigate this type of attack?
• Block the attacking IP address by creating by Network Security Group rule to deny access to the compute Instance where the web server is running
• Block the attacking IP address by implementing a OCI Web Application Firewall policy using Access Control Rules
• Mitigate the attack by changing the Route fable to redirect the unauthorized traffic to a dummy Compute instance
• Block the attacking IP address by creating a Security List rule to deny access to the subnet where the web server is running
09.
A civil engineering company is running an online portal in which engineers can
upload their constructions photos, videos, and other digital files.
There
is a new requirement for you to implement: the online portal must offload the
digital content to an Object Storage bucket for a period of 72 hours. After the
provided time limit has elapsed, the portal will hold all the digital content
locally and wait for the next offload period.
Which
option fulfills this requirement?
• Create a pre-authenticated URL for the entire Object Storage bucket to read and list the content with an expiration of 72 hours.
• Create a Dynamic Group with matching rule for the portal compute instance and grant access to the Object Storage bucket for 72 hours.
• Create a pre-authenticated URL for the entire Object Storage bucket to write content with an expiration of 72 hours
• Create a pre-authenticated URL for each object that is uploaded to the Object Storage bucket with an expiration of 72 hours.
10.
Your company has recently deployed a new web application that uses Oracle
functions. Your manager Instructed you to implement major manage your systems
more effectively. You know that Oracle functions automatically monitors
functions on your behalf reports metrics through Service Metrics.
Which two metrics are collected and made available by this feature?
• Length of time a function runs
• Number of times a function is removed
• Number of times a function is invoked
• Amount of CPU used by a function
• Number of concurrent connections
11.
As a part of migration exercise for an existing on premises application to
Oracle Cloud Infrastructure (OCT), you are required to transfer a 7 TB file to
OCI Object Storage. You have decided to upload functionality of Object Storage.
Which two statements are true?
• Active multipart upload can be checked by listing all parts that have been uploaded; however, it is not possible to list information for individual object part in an active multipart upload.
• It is possible to spill this file into multiple parts using the APIs provided by Object Storage.
• It is possible to split this file into multiple parts using rclone tool provided by Object Storage.
• After initiating a multipart upload by making a CreateMultiPartUpload RESI API Call, the upload remains active until you explicitly commit it or abort.
• Contiguous numbers need to be assigned for each part so that Object Storage constructs the object by ordering, part numbers in ascending order.
12.
A retail company runs their online shopping platform entirely on Oracle cloud
Infrastructure (OCI). This 3-tier web application includes an Mbps Load
Balancer. Virtual Machine Instances for web and an Oracle DB Systems Virtual
Machine Due to unprecedented growth, they noticed an Increase in the Incoming
traffic to their website and all users start getting 503 (Service Unavailable)
errors.
What is the potential problem in this scenario?
• The Load Balancer health check status Indicates critical situation for half of the backend webservers.
• All the web servers are too busy and not able to answer any request from users.
• The Database is down hence users cannot access the web site.
• The Traffic Management Policy is not set to load Balancer the traffic to the web servers.
• You did not configure a Service Gateway to allow connection between web servers and load Balance.
13.
A company runs a public-facing application that uses a Java-based web service
via a RESTful API in their on premises data center. Use of the API is expected
to double with a new product launch. The business wants to migrate their
application to Oracle Cloud Infrastructure (OCI) to meet the scale and
reliability requirements. In order to achieve this, they will divert only 40%
of the traffic to the new Apache Tomcat web servers running on OCI and serve
the remaining 60% traffic through their on-premises infrastructure. Once the
migration is complete and application works fine, they will divert all traffic
to OCI.
• Use OCI Traffic management service with failover steering policy and distribute the traffic between OC1 and on premises infrastructure.
• Use OCI Traffic management service with Load Balancing steering policy and distribute the traffic between OCI and on premises infrastructure.
• Use an OCI load Balancer and distribute the traffic between OCI and on premises infrastructure.
• Use VPN connectivity between on premises Infrastructure and OCI and create routing tables to distribute the traffic between them.
14.
You work for a large bank where security and compliance are critical. As part
of the security overview meeting, your company decided to minimize the
installation of local tools on your laptop. You have been running Ansible and
kubectl to spin up Oracle Container Engine for Kubernetes (OKE) clusters and
deployed your application. For authentication, you are using an Oracle Cloud
Infrastructure (OCI) CLI config file that contains OCIDs, Fingerprint, and a
locally stored PEM file. Your security team does not want you to store any
local API key and certificate, or any other local tools.
Which two actions should you perform to spin up the OKE cluster and interact with it?
• Create a developer workstation on OCI. Install Ansible and kubectl on it. Use resource principal to authenticate against OCI API and create the OKE Cluster.
• Develop your own code using OCI SDK to deploy the OKE cluster.
• Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Use OCI_CLI_AUTH=instance_obo_user environment variable to authenticate using built-in token.
• Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Bring in your own config file and certificate to authenticate against OCI API.
• Create a developer workstation on OCI. Install Ansible and kubectl on it. Use instance principal to authenticate against OCI API and create the OKE Cluster.
15.
A company runs a public-facing application that uses a Java-based web service
via a RESTful API in their on premises data center. Use of the API is expected
to double with a new product launch. The business wants to migrate their
application to Oracle Cloud Infrastructure (OCI) to meet the scale and
reliability requirements. In order to achieve this, they will divert only 40%
of the traffic to the new Apache Tomcat web servers running on OCI and serve
the remaining 60% traffic through their on-premises infrastructure. Once the
migration is complete and application works fine, they will divert all traffic
to OCI.
How
can these requirements be met with the LEAST amount of effort?
• Use OCI Traffic management service with failover steering policy and distribute the traffic between OC1 and on premises infrastructure.
• Use OCI Traffic management service with Load Balancing steering policy and distribute the traffic between OCI and on premises infrastructure.
• Use an OCI load Balancer and distribute the traffic between OCI and on premises infrastructure.
• Use VPN connectivity between on premises Infrastructure and OCI and create routing tables to distribute the traffic between them.
16. Which three scenarios are suitable for the Oracle infrastructure (OC) Autonomous transaction Processing Server less (ATP-S) deployment?
• A small startup is deploying a new application fen e-commerce and it requires database to store customers' transactions the team b of what the load will look like since it is a new application.
17.You
are using the Oracle Cloud Infrastructure (OCI) OS Management service to manage
updates and patches for the Oracle Linux 8 environments on your compute
instances in OCI. You have verified that the OS Management Service Agent
(osms-agent) is installed and running properly in the instances.
One of the compute instances is not getting the updates from OS Management Service. You use the following command to validate that your instance cannot reach the OS Management ingestion service by running curl https://ingestion.osms.<region>.oci.oraclecloud.com/.
Which Is NOT a possible reason for this issue?
• The instance is in a private subnet with a NAT gateway.
• The instance is in a private subnet with a private endpoint with security rules configured to access the OS Management ingestion service.
• The instance is in a private subnet with a service gateway that uses the All <region> Services in Oracle Services Network CIDR label.
• The Instance is in a public subnet with an internet gateway.
18.
You are creating a compute instance using Oracle Cloud Infrastructure (OCI)
Console. You decide to use Oracle provided image for the compute instance
launch.
Which option is TRUE when using Oracle provided images?
• On Windows images, custom user data scripts are executed using cloud-init to perform various tasks such as enabling GPU support.
• Oracle provided images do not support the ability to supply a custom metadata during instance launch.
• For a Linux based image, access to host over the internet is permitted only via SSH protocol and all other remote access is disabled.
• If you choose a non-Windows image, the only way to download and update packages is by running apt or yum commands.
19.
After performing maintenance on an Oracle Linux compute instance, the system is
returned to a running state. You attempt to connect using SSH but are unable to
do so. You decide to create an instance console connection to troubleshoot the
issue.
Which three tasks would enable you to connect to the console connection and begin troubleshooting?
• Stop the compute instance using the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI).
• Reboot the compute instance using the Oracle Cloud Infrastructure (OCI) Management Console.
• Edit the Linux boot menu to enable access to console.
• Upload an API signing key for console connection authentication.
• Use SSH to connect to the public IP address of the compute instance and provide the console connection OCID as the username.
• Use SSH to connect to the service endpoint of the console connection service.
20.
A large E-commerce company is looking to run seasonal workloads in Oracle Cloud
Infrastructure. The Oracle database used by their E-commerce application can
use up to 52 cores at peak workloads. Due to the seasonal nature of the
business, the database will be not be used for 10 months in a year and can also
be shut down during non-business hours.
What is the most efficient and cost-effective mechanism of modifying the database deployment architecture to meet these application goals?
• Autonomous Transaction Processing with shared Exadata infrastructure
• Oracle Cloud Infrastructure Exadata DB Systems
• Oracle Cloud Infrastructure Virtual Machine DB Systems
• Oracle Cloud Infrastructure Bare Metal DB Systems
21.You
are advising the database administrator responsible for managing non-production
environment for Oracle Autonomous Database running on Oracle Cloud
Infrastructure. You need to help the database administrator ensure that the
non-production environments have a copy of the current data from the production
environment in a manner that is most time-efficient.
Which method should you recommend?
• Create a full clone of the production Autonomous Database and create the non-production database from it.
• Take a full database backup of the production Autonomous Database and create the non-production database from it.
• Take a Data Pump export of the production Autonomous Database and import into the non-production database.
• Create a metadata clone of the production Autonomous Database and create the non-production database from it.
21. Ans: A
22.
A small business specializing in video processing wants to leverage cloud
storage in order to lower its costs. They are looking to backup all video data
generated, from an existing on-premises file server to Oracle Cloud
Infrastructure (OCI). The requirement is to setup continuous data sync as
changes are made to on premises file server.
What is the most cost effective solution for this scenario?
• Set up a Fastconnect virtual Circuit and nightly back up all videos to OCI Archive Storage.
• Set up file storage service on OCI and mount the file system to an instance running on-premises. Move all the data to this on-premise instance and then sync the videos to the shared file system.
• Set up a VPN connect connection and back up all videos to Object storage standard bucket. Create a lifecycle policy to move files older than 30 days to Archive Storage.
• Setup an on-premises OCI Storage Gateway Cloud Sync to back up videos to OCI Object Storage Archive tier.
Confusion
22. Ans: D
23.
Which IAM Policy statement allows the VolumeAdmins group to copy volume backups
between regions?
• Allow group VolumeAdmins to use volumes tenancy
• Allow group VolumeAdmins to copy volume' backups in tenancy
• Allow group VolumeAdmins to manage volume-family in tenancy
• Allow group VolumeAdmins to inspect volumes in tenancy
23. Ans: A
Allow group VolumeAdmins to use volume-backups in tenancy where request.permission='VOLUME_BACKUP_COPY'
The specific permissions needed to copy volume
backups across regions are:
·
Source region: VOLUME_BACKUP_READ, VOLUME_BACKUP_COPY
·
Destination region: VOLUME_BACKUP_CREATE
24.
Your company will soon start moving critical systems Into Oracle Cloud
Infrastructure (OCI) platform. These systems will reside in the us-phoenix-1
and us-ashburn 1 regions. As part of the migration planning, you are reviewing
the company's existing security policies and written guidelines for the OCI
platform usage within the company, you have to work with the company managed
key.
Which two options ensure compliance with this policy?
• When you create a new compute instance through OCI console, you use the default options for "configure boot volume" to speed up the process to create this compute instance.
• When you create a new block volume through OCI console, select "Encrypt using Customer-Managed Keys" checkbox and use encryption keys generated and stored in OCI Vault.
• When you create a new compute instance through OCI console, you use the default shape to speed up the process to create this compute instance.
• When you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option.
24.Ans: BD
25.
You are tasked with building a highly available, fault tolerant web application
for your current employer. The security team is concerned about an increase in
malicious web-based attacks across the internet and asked what you can do to
add a higher level of security to the website.
How should you architect the solution on Oracle Cloud Infrastructure (OCI) to meet all requirements defined by your organizations?
• Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Deploy a Web Application Firewall (WAF) and configure the load balancer public IP address as the origin.
• Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Create a Geolocation steering policy in Traffic Management and add an answer pool that directs to the public IP address of the load balancer. Configure a global catch-all rule to use this answer pool.
• Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Ensure that each web application server is assigned a public IP address. Deploy a Web Application Firewall (WAF) and configure one Origin for each public IP address.
• Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Use the OCI Traffic Management service to create a load balancing policy that will resolve DNS evenly between all web servers.
25.Ans: A
26.
All three Data Guard Configuration are fully supported on Oracle Cloud
infrastructure (OCI). You want to deploy a maximum availability architecture
(MAA) for database workload.
Which option should you consider while designing your Data Guard configuration to ensure best RTO and PRO without causing any data loss?
• Configure "Maximum Protection" mode, which provides zero data loss if the primary database fails.
• Configure "Maximum Performance mode in SYNC mode between two availability domains (same region) which provides. The highest level of data protection that is possible without affecting the performance of the primary database.
• Configure "Maximum Scalability" mode which provides the highest level of scalability without compromising the availability of the primary database.
• Configure "Maximum Availability" mode in SYNC mode between two availability domains (same region), and use the Maximum Availability mode in SYNC mode between two regions.
26.Ans: D
27. You have provisioned a new VM.Densel02.24 compute instance with local NVMe drives. The compute instance is running production application. This is a write heavy application; with a significant impact to the business, it the application goes down.
What should you do to help maintain write performance and protect against NVMe devices failure?
• NVMe drive have built in capability to recover them self, so no other actions are required
• Configure RAID 6 for NVMe devices.
• Configure RAID 1 for NVMe devices.
• Configure RAID 10 for NVMe devices
27. Ans: D
28. A data analytics company has been building. Its now generation big data and analytics platform on Oracle Cloud Infrastructure (OCI). They need a storage service that provide the scale and performance that their big data applications require such as high throughput to compute nodes with low latency file operations in addition, their data needs to be stored redundantly across multiple nodes in a single availability domain and allows concurrent connections from multiple compute Instances hosted on multiple availability domains.
Which OCI storage service can you use to meet this requirement?
• Object Storage
• File System Storage
• Archive storage
• Block Volume
28.Ans: B
29. An organization has its mission critical application consisting of multiple application servers and databases running inside Virtual Cloud Network (VCN) in uk-london-1 region. Their solution architect wants to further strengthen their architecture by planning for Disaster Recovery (DR) in eu-frankfurt-1 region.
Which two solutions should their architect keep in mind while designing for DR?
• A remote VCN peering connection is required to establish secure and reliable connectivity between different VCNS created in uk-london-1 and eu-frankfurt-1 region.
• rsync utility can be used to asynchronously copy file systems or snapshot data to another region.
• Load balancer will automatically distribute traffic between both the regions.
• The RTO is the acceptable timeframe of lost data that application can tolerate.
• It is not possible to use Active Data Guard to synchronize a database in uk-london-1 region to equivalent database in eu-frankfurt-1 region.
29. Ans: AC
30. The Finance department of your company has reached out to you. They have customer sensitive data on compute Instances in Oracle Cloud Infrastructure (OCI) which they want to store in OCI Storage for long term retention and archival To meet security requirements they want to ensure this data is NOT transferred over public internet, even if encrypted which they want to store In OCI Object Storage for long term retention and archival. To meet security requirements they want to ensure this data is NOT transferred over public Internet, even it encrypted.
Which option meets these requirements?
• Configure a NAT instance and all traffic between compute In Private subnet should use this NAT instance with Private IP as the route target.
• Use NAT gateway with appropriate route table when transferring data. Then use NAT gateways' toggle (on/off) once data transfer is complete.
• Use Service gateway with appropriate route table.
• Use Storage gateway with appropriate firewall rule.
30.Ans: C
A retail company has several on-premises data centers, which span multiple geographical locations. They plan to move some of their applications from on-premises data centers to Oracle Cloud Infrastructure (OCI). For these applications running in OCI, they still need to interact with applications running on their on-premises data centers to Oracle Cloud Infrastructure (OCI), for these applications running in OCI. They still need to interact with applications running on their on-premises data centers. These applications require highly available, fault-tolerant network connections between on premises data centers and OCI.
Which option should you recommend to provide the highest level of redundancy?
• Oracle cloud Infrastructure provides network redundancy by default so that no other operations are required
• If your data centers span multiple, geographical locations, use only the specific IP address as a static route for the specific geographical location
• Set up both IPSec VPN and FastConnect to connect your on premises data centers to Oracle Cloud Infrastructure.
• Use FastConnect private peering only to ensure secure access from your data center to Oracle Cloud Infrastructure
• Set up a single IPSec VPN connection (rom your data center to Oracle Cloud Infrastructure since it is cost effective
31.Ans: B
32.You are working as a cloud consultant for a major media company. In the US and your client requested to consolidate all of their log streams, access logs, application logs, and security logs into a single system. The client wants to analyze all of their logs in real-time based on heuristics and the result should be validated as well. This validation process requires going back to data samples extracted from the last 8 hours.
What approach should you take for this scenario?
• Create an auto scaling pool of syslog-enabled servers using compute instances which will store the logs In Object storage, then use map reduce jobs to extract logs from Object storage, and apply heuristics on the logs.
• Create a bare-metal instance big enough to host a syslog enabled server to process the logs and store logs on the locally attached NVMe SSDs for rapid retrieval of logs when needed.
• Set up an OCI Audit service and ingest all the API arils from Audit service pragmatically to a client side application to apply heuristics and save the result in an OCI Object storage.
• Stream all the logs and cloud events of Events service to Oracle Streaming Service. Build a client process that will apply heuristics on the logs and store them in an Object Storage.
32. Ans: D
33. Multiple departments in your company use a shared Oracle Cloud Infrastructure (OCI) tenancy to implement their projects. You are in charge of managing the cost of OCI resources in the tenancy and need to obtain better Insights Into department's usage.
Which three options can you implement together to accomplish this?
• Create a budget that matches your commitment amount and an alert at 100 percent of the forecast.
• Set up a consolidated budget tracking tags to analyze costs in, 1 granular manner.
• Set up different compartments for each department then track and analyze cost per compartment.
• Use the billing cost tracking report to analyze costs.
• Set up a tag default that automatically applies tags to all specified resources created in a compartment then use these tags for cost analysis.
33. Ans: ACE
34.You
work for a public health care company based in the United States. Their
existing patient records system runs in an on-premise data center and the
customer is sending tape backups offsite as part of their disaster recovery
planning. You developed an alternative archival solution using Oracle Cloud
Infrastructure (OC) that will save the company a significant amount of money on
a yearly basis. The solution involves storing data in an OCI Object Storage
Bucket. After reviewing your solution with the customer Global Risk and
Compliance. (GRC) team, they highlighted four security requirements:
All
data less than 1 year old must be accessible within 2 hours
All
data must be retained for at least 10 years and be accessible within 48 hours
All
data must be encrypted at rest
No
data may be transmitted across the public internet
Which
two options meet the requirements outlined by the customer GRC team?
• Provision a Fast Connect link to the closest OCI region and configure a private peering virtual circuit.
• Provision a Fast Connect link to the closest OCI region and configure a public peering virtual circuit
• Create an OCI Object Storage Standard tier bucket Configure lifecycle policy to archive any object that is older than 365 days.
• Create in OCI Object Storage Standard tier bucket. Configure a lifecycle policy to delete any object that is older than 7 years
• Create a VPN connection between your on-premises data center and OCI. Create a Virtual Cloud Network (VCN) along with an OC Service Gateway for OCI Object Storage.
34.Ans: BC
35.
The development team has deployed quite a few instances under 'Compute'
Compartment and the operations team needs to list the instances under the same
compartment for their testing. Both teams, development and operations are part
of a group called 'Eng-group' You have been looking for an option to allow the
operations team to list the instances without access any confidential
information or metadata of the resources.
Which IAM policy should you write based on these requirements?
• Allow group Eng-group to inspect instance-family in compartment Dev-Team: Compute and attach the policy to Engineering Compartment
• Allow group Eng-group to inspect instance-family in compartment Dev-Team: Compute and attach the policy to SysTest Team' Compartment
• Allow group Eng-group read instance-family in compartment Compute and attach the policy to Engineering Compartment.
• Allow group Eng-group to read instance-family in compartment Dev-Team-Compute and attach the policy to Dev Team'
35. Ans: A
36.
You are designing the network infrastructure for two application servers:
appserver-1 and appserver-2 running in two different subnets inside the same
Virtual Cloud Network (VCN) Oracle Cloud Infrastructure (OCI). You have a
requirement where your end users will access appserver-1 from the internet and
appserver-2 from the on-premises network. The on premises network is connected
to your VCN over a FastConnect virtual circuit.
How should you design your routing configuration to meet these requirements?
• Configure a single routing table (Route Table-1) that has two set of rules. One that has route to internet via the internet Gateway and another that propagate specific routes for the on-premise network via the Dynamic Routing Gateway. Associate the routing table with all the VCN subnets.
• Configure a single routing table (Routing Table-1) that has two set of rules: one that has route to internet via the Internet Gateway and another that propagates specific routes for the on-premises network via Dynamic Routing Gateway (DRG). Associate the routing table with the VCN.
• Configure two routing tables: Route Table-1 that has a route to internet via the Internet gateway. Associate this route table to the subnet containing appserver-1. Route Table-2 that propagate specific routes for the on-premises network via the Dynamic Routing Gateway (DRG) Associate this route table to subnet containing appserver-2.
• Configure two routing table (Route table-1 Route Table-2) that have rule to route all traffic via the Dynamic Routing Gateway (DRG) Associate the two routing tables with all the VCN subnets.
36. Ans: C
37.
A company has an urgent requirement to migrate 300 TB of data to Oracle Cloud
Infrastructure (OCI) in two weeks. Their data center has been recently struck
by a massive hurricane and the building has been badly damaged, although still
operational. They have a 100 Mbps Internet line but the connection is
Intermittent due to the damages caused to the electrical grid in this scenario.
You
are a solutions architect for a global health care company, which has numerous
data centers around the globe. Due to the ever-growing data that your company
is storing, you were instructed to set up a durable, cost effective solution to
archive your data from your existing on-premises tape-based backup
infrastructure to Oracle Cloud Infrastructure (OCI).
What is the most-effective mechanism implement this requirement?
• Use the File Storage Service in OCI and copy the data from your existing tape-based backup to the shared file system.
• Setup an on-premise OCI Storage Gateway which will back up your data to OCI Object Storage Standard tier. Use Object Storage life cycle policy management to move any data older than 30 days from Standard to Archive tier.
• Setup FastConnect o connect your on-premises network to your OCI VCN and use rsync tool to copy your data to OCI Object Storage Archive tier.
• Setup an on-premise OCI Storage Gateway which will back up your data to OCI Object Storage Standard tier.
• Setup an on-premise OCI Storage Gateway which will back up your data to OCI Object Storage Archive tier.
37. Ans: E
To
serve web traffic for a popular product, your cloud engineer has provisioned
four BM.Standard2.52 instances, evenly spread across two availability domains
in the us-ashburn-1 region; Load Balancer is used to deliver the traffic across
instances. After several months, the product grows even more popular and you
need additional compute capacity.
As a result, an engineer provisioned two additional VM.Standard2.8 instances. You register the two VM.Standard2.8 instances with your Load Balancer Backend set and quickly find that the VM.Standard2.8 instances are now running at 100% of CPU utilization but the BM.Standard2.52 instances have significant CPU capacity that is unused.
Which option is the most cost effective and uses instances capacity most effectively?
• Configure Autoscaling instance pool with LoadBalancer to add up to 3 more BM.Standard2.52 instances when triggered. Shut off VM.Standard2.8 instances.
• Configure LoadBalancer with two VM.Standard2.8 instances and use Autoscaling instance pool to add up to two additional VM.Standard2.8 instances. Shut off BM.Standard2.52 instances.
• Route traffic to BM.Standard2.52 and VM.Standard2.8 instances directly using DNS and Health Checks. Shut off the Load Balancer.
• Configure your Load Balancer with weighted round robin policy to distribute traffic to the compute instances, with more weight assigned to bare metal instances.
38. Ans: D
39.
A large London based e-commerce company is running Oracle DB System Virtual RAC
database on Oracle Cloud Infrastructure (OCI) for their e-commerce application
activity. They are launching a new product soon, which is expected to sell in
large quantities all over the world. The application architecture should have
minimal cost, no data loss, no performance impacts during the database backup
windows and should have minimal downtime.
What is the most effective and cost-effective mechanism of modifying the database deployment architecture to meet these application goals?
• Launch a new VM RAC database in another availability domain, launch a compute instance, deploy Oracle GoldenGate on it and then configure it to replicate the data from the e-commerce Database over to the new RAC database using Golden Gate. Take backups from the new VM RAC database.
• Turn off automated backups from the e-commerce database; implement Oracle Data Guard with the Standby database deployed on another availability domain, take backups from the standby database.
• Launch a new VM RAC database in another availability domain, launch a compute instance, deploy Oracle GoldenGate on it and then configure bi-directional replication from the e-commerce Database over to the new VM. RAC database using GoldenGate. Take backups from the new VM RAC database.
• Turn off automatic backups from the e-commerce database; implement Oracle Active Data Guard with the standby database deployed on another availability domain, and take backups from the standby database.
39. Ans: C have to check
40.
A digital marketing company is planning to host a website on Oracle Cloud
Infrastructure (OCI) and leverage OCI Container Engine for Kubernetes (OKE).
The web server will make API calls to access OCI Object Storage to store all
images uploaded by users. For security purposes, your manager instructed you to
ensure that the credentials used by the web server to allow access not stored
locally on the compute instance.
What solution results in an Implementation with the least effort for this scenario?
• Configure the credentials using Instance Principal to allow the web server to make API calls to OCI Object Storage.
• Configure the credentials using OCI Registry (OC1R), which will automatically connect with OKE allowing the web server to make API calls to OCI Object Storage.
• Configure the credentials to use Transparent Data Encryption (TDE), which will automatically allow the web server to make API calls to OCI Object Storage.
• Configure the credentials using OCI Key Management to allow an instance to make API calls and grant access to OCI Object Storage.
40. Ans : A
41.
You work for a large bank where your main application is a payment processing
gateway APL You deployed the application on Oracle Container Engine for
Kubernetes (OKE) and used API Gateway with several policies to control the
access of the API endpoint. However, your customers are complaining about the
unavailability of the API endpoint. Upon checking, you noticed that the Gateway
URL is throwing Service Unavailable error. You need to check the backend
latency and backend responses when this error started last night.
What
should you do to get this data?
• Check with the application owner and search the log file for the container to get the metrics from the log file.
• Go to Governance Menu and click on Audit to see the Audit log for the API Gateway. Filter it using Start and End date with a 503 response status.
• Go to Developer Services and click on API Gateway. Go to the detail page of the gateway and select Metrics. Change the Start and End time to filter the metrics.
• Go to Monitoring and click on Service Metrics. Choose the Metric Namespace as oci_apigateway. Change the Start and End time accordingly. Add a Dimension and select httpStatusCode: 503. Check the backend latency and backend responses metric.
41. Ans: D
42.
An online gaming application is deployed to multiple Availability Domains in
the Oracle Cloud Infrastructure (OCI) us ashburn-1 region. Considering the high
volume of traffic that the gaming application handles, the company has hired
you to ensure that the data stored by the application is scalable, highly
available, and disaster resilient. In the event of failure, the Recovery Time
Objective (RTO) and Recovery Point Objective (RPO) must be less than 2 hours.
Which
Disaster Recovery strategy should be used to achieve the RTO and RPO
requirements in the event of a system failure?
• Configure hourly block volumes backups using the OCI Command Line Interface (CLI).
• Create a user defined backup policy with a schedule of generating daily backups for block volumes.
• Configure hourly block volumes backups through the OCI Storage Gateway service.
• Create a user defined backup policy with a schedule of generating hourly backups for block volumes.
• You do not need to perform any additional actions because the OCI Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption.
42. Ans: A
43.
You work for a retail company, and they developed a Microservices based
shopping application that needs to access Oracle Autonomous Database from the
application. As an Architect, you have been tasked to treat all of the
application components as Kubernetes native objects, such as the Microservices,
Oracle Autonomous database, Kubernetes services, etc.
What should you do to make sure that you can use Kubernetes constructs to manage the life cycle of the application components, including Oracle Autonomous Database?
• Create an Oracle Cloud Infrastructure (OCI) Service Gateway and connect to the Oracle Autonomous Database using the private IP address from the microservice.
• Provision an Oracle Autonomous Database and then use OCI Service Broker to access the database as a native component to your Kubernetes cluster.
• Create a service from the Kubernetes cluster and point to the Oracle Autonomous Database using its FQDN.
• Install and secure the OCI Service Broker for Kubernetes. Then provision and bind to the required Oracle Cloud Infrastructure services.
43. Ans: D
44.
You are working for a Travel company and your travel portal application is a
collection of microservices that run on Oracle Cloud Infrastructure Container
Engine for Kubernetes. As per the recent security overview, you have noticed
that Oracle has published a newer image of the Operating System used by the
worker nodes. You want to make sure that your application does not face any
downtime but at the same time, the worker node gets upgraded to the latest
version of the Operating System.
What should you do to get this upgrade done without application downtime?
• 1. Shutdown the worker nodes 2. Create a new node pool 3. Manually schedule the pods on the newly built node pool.
• 1. Create a new node pool using the latest available Operating System image. 2. Run kubectl cordon <node name> against all the worker nodes in the old pool to stop any new application pods to get scheduled 3. Run kubectl drain <node name> """"delete""local""data """"force """"ignore” “daemonsets to evict any Pods that are running 4. Delete the old node pool.
• 1. Create a new node pool using the latest available Operating System image 2. Run kubectl taint nodes """"all node""role.kubernetes.io/master"" 3. Delete the old node pool.
• 1. Run kubectl cordon <node name> against all the worker nodes in the old pool to stop any new application pods to get scheduled 2. Run kubectl drain <node name> """"delete""local""data """"force """"ignore” “daemonsets to evict any Pods that are running 3. Download the patches for the new Operating System image 4. Patch the worker nodes to the latest Operating System image.
44. Ans: B
No comments:
Post a Comment