OCI architect associate sample Questions and Answers with complete

Your company uses the OCI Object Storage serve to share large data sets with it's data science team. The data Science team consists of 20 people from offices in Washington, D.C and Tokyo. While working in these offices, employees are assigned an IP address from the public IP range 129.146.31.0/27Which two steps should you take to ensure that the Object Storage bucket used in this scenario was only accessible from these office locations? - Create a network source named CorpNetwork with a CIDR block of 129.146.0.0/16 - Create a network source named CorpNetwork with a CIDR block of 129.146.31.0/27 - Create a pre-authenticated request for each data set and only share with the data science team via email - Set the bucket visibility to public and only share the URL with the data science team via email - Write an IAM policy that includes the conditional statement where n = 129.146.31.0/27 - Write an IAM policy - Create a network source named CorpNetwork with a CIDR block of 129.146.31.0/27 Write an IAM policy that includes the conditional statement where rkS = "CorpNetwork" You need to set up instance principals so that an application running on instance can call OCI public servers, without the need to configure user credentials. A developer in your team has already configured the app built using an OCI SDK to authenticate using the instance principal provider. Which is NOT a necessary step to complete this set up? - Create a dynamic group with matching rules to specify which instances you want to allow to make APU calls against services - Deploy the application and the SDK to all the instances that belong to the dynamic group - Generate Auth Tokens to enable instances in the dynamic group to authenticate with APIs - Create a policy granting permissions to the dynamic group to access services in your compartment or tenancy - Generate Auth Tokens to enable instances in the dynamic group to authenticate with APIs(tokens are associated with users) An Oracle Cloud Infrastructure tenancy administrator is not able to delete a user in the tenancy. What can cause the issue? - User is a member of an Identity and Access Management (IAM) group - Users can be blocked but not deleted - User needs to be deleted from federation identity provider before deleting from IAM - User has multi-factor authentication (MFA) enabled - User is a member of an Identity and Access Management (IAM) group You have compartments C and D under the root compartment in your OCI tenancy; compartment C contains a sub-compartment also named D. You are trying to move this sub-compartment D to the parent compartment D like shown in the picture, but the move fails. What is the reason for this error? - Sub-compartment D needs to be empty before it can be moved - You cannot move a sub compartment to another parent compartment - Both parent and child compartments cannot have the same name - You need to move all the compartments in the hierarchy to the new parent compartment - Both parent and child compartments cannot have the same name Which two are Regional resources in Oracle Cloud Infrastructure? - Ephemeral public IPs - Block volume backups - Compute images - Compartments - Dynamic Groups - Compartments Dynamic GroupsWhich two resources reside Exclusively in a single Oracle Cloud Infrastructure Availability Domain? - Identity and Access Management Groups - Web Application Firewall policy - Object Storage - Block volume - Compute instance - block volume compute instance together in same AD to decrease latency A customer launched a compute instance in the Virtual Cloud Network (VCN) which has an internet gateway, a service gateway, a default security lists and default route table. The customer opened up Port 22 in the security lists attached to the compute instance subnet, however is still unable to connect to compute instance using SSH. What action can resolve this issue? - Modify the route table attached with the VCN subnet in which the instance resides. Add a following route to the route table: Destination CIDR: 0.0.0.0/0, Target: Service Gateway (SGW) - Modify the security list associated with the VCN subnet in which the instance resides. Add a stateful egress rule to allow ICMP traffic in addition to the port 22. - Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table: Destination CIDR: 0..0.0/0, Target: Dynamic Routing Gateway (DRG) - Modify the - Modify the route table associated with the VCN subnet in which the instance resides. Add a following route to the route table: Destination CIDR: 0.0.0.0/0, Target: Internet Gateway (IGW) You are running a a mission-critical database application in Oracle Cloud Infrastructure(OCI). You take regular backups of your DB system to OCI object storage. Recently, you notice a failed database backup status in the console. What step can you take to determine the cause of the backup failure? - Make sure the database is not active and running while the backup is in progress- Ensure that your database host can connect to OCI Object Storage - Ensure the database archiving mode is set to NOARCHIVELOG - Don't restart the dcsagent program even if it has a status of stop/waiting - Ensure that your database host can connect to OCI Object Storage You are deploying a highly available web application in Oracle Cloud Infrastructure and have decided to use a public load balancer. The back-end web servers will be distributed across all three availability domains (ADs). How many subnets should you create to deliver a secure highly available application? - Two in total; one regional public subnet to host your back-end web servers and one regional private subnet to host your public load instance balancer - Two subnets in total; one regional private subnet to host your back-end web servers and your public load balancer - One subnet in total; one regional private subnet to host your back-end web servers and your public load balancer - Three subnets in total ; one regional public subnet to host your back-end web servers and two ADspecific private subnets to host your private load load balancer - Two subnets in total; one regional private subnet to host your back-end web servers and your public load balancer As a solutions architect, you designed the network infrastructure of a three-tier web application on Oracle Cloud Infrastructure (OCI). with the back-end database servers in a private subnet. One of your database administrators requests private network access to OCI Object Storage service to create on demand backups of those database servers How should you fulfill this request? - Add a new route rule to the private subnet route table to route default traffic to the internet gateway - Attach a public IP address to the instances in the private subnet, then add a new route rule to the private subnet table to route default traffic to the internet gateway - Create a dynamic routing gateway and attach it to your virtual cloud network. Add a default route rule to the private subnet's route table and set the target as the DRG - Create a service gateway, add a new route rule to the private subnet route table that uses OCI O - Create a service gateway, add a new route rule to the private subnet route table that uses OCI Object Storage as the target type, and configure required security rules to allow traffic to Object StorageYou are designing a networking infrastructure in multiple Oracle Cloud Infrastructure regions and require connectivity between workloads in each region. You have created a dynamic routing gateway (DRG) and a remote peering connection. However, your workloads are unable to communicate with each other. What are two reasons for this? - Identity and Access Management (IAM) policies have not been defined to allow connectivity across the two VCNs in different regions - The route table associated with subnets in each VCN do not have a route rule defined to forward the traffic to their respective DRGs - A local peering gateway needs to be created in each VCN with a default route rule added in the route table forwarding the traffic to the local peering gateway - An internet gateway needs to be created in each VCN with a default route rule added in the route table forwarding the traffic to the internet gateway - The securit - The route table associated with subnets in each VCN do not have a route rule defined to forward the traffic to their respective DRGs What statement is true about interconnecting Virtual Cloud Network (VCN)? - The only way to interconnect VCNs is through peering - Peering VCNs should not have overlapping CIDR blocks - VCNs must be in the same tenancy to be peered - VCNs support transitive peering - Peering VCNs should not have overlapping CIDR blocks You created a public subnet and an internet gateway in your virtual cloud network (VCN) of Oracle Cloud Infrastructure. The public subnet has an associated route table and security list. However, after creating several compute instances in the public subnet, none can reach the Internet. Which two are are possible reasons for the connectivity issue? - There is no dynamic routing gateway (DRG) associated with the VCN- There is no stateful egress rule in the security list associated with the public subnet - There is no stateful ingress rule in the security list associated with the public subnet - The route table has no default route for routing traffic to the internet gateway - A NAT gateway is needed to enable the communication flow to internet - There is no stateful egress rule in the security list associated with the public subnet The route table has no default route for routing traffic to the internet gateway You have an application server running in a public subnet on a compute instance in US West (us-phoenix- 1) region of Oracle Cloud Infrastructure (OCI). The data sitting on this instance needs to be copied to OCI Object Storage bucket available in the same region without traversing over the internet. To enable the connectivity between the instance and Object Storage, you created a service gateway with service CIDR of all Object Storage in us-phoenix-1 enabled. You also modified the security rules to allow the desired traffic. However when you tried sending the data to the Object Storage bucket, you notice that the data is going over the internet and no via the service gateway. What could be the possible reason for this behavior? - The security list associated with the subnet has an egress rule that allows all traffic to be forwarded to a destination CIDR 0.0.0.0/0 - Identity and Access Management (IAM) policies rest - The route table associated with the subnet has no route rule where the destination is object storage service A company currently uses Microsoft Active Directory as its identity provider. They recently subscribed to Oracle Cloud Infrastructure (OCI) to leverage the cloud platform for test and development. As the administrator, you configured the OCI tenancy to be federated with Microsoft Active Directory. Your Development team users are already part of a Microsoft Active Directory group called AD-Developersgrp. What step should you perform to provide management access to compartment name DevCompartment to your development team users? - look up documentation on connecting with Microsoft Active Directory You are running your warehouse using Oracle Autonomous Data Warehouse (ADW) service and you have noticed that a newly configured batch job is always running in serial even though nothing else is running in the database. All your other jobs are configured to run with parallelism enabled.What could be the reason for this batch job to run in serial? - Parallelism on the database is controlled by the application, not the database - The parallelism of batch jobs depends on the number of ADW databases involved in the query - The new batch job runs on database tables that are not enabled for parallel execution - The new batch job is connected to LOW consumer group - The batch job depends on only one table and parallelism cannot be enabled on single-table queries - The new batch job is connected to LOW consumer group