A financial firm is designing an application architecture for its online trading platform that should
have high availability and fault tolerance. What should the architect do to avoid any costly service
disruptions and ensure data durability?
B
Explanation:
For an online trading platform requiring high availability and fault tolerance, it's critical to ensure
data durability and avoid any costly service disruptions. In Oracle Cloud Infrastructure (OCI), Object
Storage is often used to store critical data, such as transaction logs or user data, due to its scalability,
durability, and reliability.
Option B is the most suitable approach for ensuring data durability and availability across regions.
Here's why:
Cross-Region Replication (CRR): OCI offers a feature called Cross-Region Replication for Object
Storage. This feature allows you to automatically and asynchronously replicate objects in a bucket
from one OCI region to another. This setup ensures that even if one region experiences a failure, the
data is still available in another region, thereby meeting the requirements for high availability and
fault tolerance.
Data Durability: By replicating data to another region, you protect against regional outages. OCI
guarantees 99.95% availability for replicated data, which is critical for a financial firm's trading
platform where data consistency and durability are paramount.
Disaster Recovery: With data replicated in another region, the trading platform can quickly switch to
using the data in the secondary region in case of a disaster in the primary region. This setup
significantly reduces recovery time objectives (RTO) and ensures business continuity.
Reference:
Oracle Cloud Infrastructure Documentation: Cross-Region Replication for Object Storage
Oracle Whitepaper: High Availability and Disaster Recovery in Oracle Cloud Infrastructure
Explanation of Incorrect Options:
Option A: Creating a new Object Storage bucket in another region and configuring a recycle policy to
move data every 5 days does not provide real-time data availability or the fault tolerance required for
a financial application. Recycle policies are intended for managing the lifecycle of data, not for high
availability or disaster recovery.
Option C: While lifecycle policies are useful for moving less frequently accessed data to a more cost-
effective storage tier (e.g., from Standard to Archive), they do not address cross-region redundancy
or real-time availability, which are critical for this use case.
Option D: Copying an Object Storage bucket to a block volume is not a recommended practice for
ensuring data durability and fault tolerance. Block volumes are used for persistent storage attached
to compute instances, and copying object storage data to block volumes does not achieve the same
level of redundancy and cross-region availability as replication policies.
Thus, Option B is the correct and most efficient method for ensuring high availability and fault
tolerance in this scenario.
Which TWO statements are TRUE about Private IP addresses in Oracle Cloud Infrastructure (OCI)?
C, D
Explanation:
In Oracle Cloud Infrastructure (OCI), understanding how private IP addresses work is crucial for
configuring network interfaces and managing instances within your Virtual Cloud Network (VCN).
Primary VNIC and Private IP Address:
When an instance is launched in OCI, it is attached to a Virtual Network Interface Card (VNIC). The
primary VNIC, which is automatically created during the instance launch, is associated with a primary
private IP address by default. This private IP address is essential for the instance to communicate
within the VCN. The primary private IP address is automatically assigned and cannot be removed
from the primary VNIC while the instance is running. This supports the statement C.
Additional Private IPs:
Contrary to statement B, each VNIC can indeed have multiple private IP addresses, but by default,
the primary VNIC comes with only one primary private IP. You can manually add secondary private
IPs if needed. However, the additional IPs are not assigned by default; hence, A is incorrect.
Public IP Association:
For instances requiring internet access, a public IP address can be optionally assigned to the private
IP address if the instance is in a public subnet. This is critical for scenarios where an instance needs to
communicate with the internet or external networks. This aligns with statement D.
Relevant OCI Documentation:
Oracle Cloud Infrastructure Networking Overview
VNICs and Private IPs
These references provide additional context and detail on how private IP addresses work within OCI
and clarify the correct statements.
What happens to the performance level of a volume when it is detached from an instance?
D
Explanation:
In Oracle Cloud Infrastructure (OCI), when a block volume is detached from an instance, its
performance level is automatically adjusted to the "Lower Cost" tier, which provides 0 VPUs (Volume
Performance Units) per GB. This adjustment helps reduce costs when the block volume is not actively
being used by a compute instance.
Key Points:
Volume Performance Levels: OCI offers various performance tiers for block volumes, including
"Higher Performance," "Balanced," and "Lower Cost." These tiers determine the level of IOPS
(Input/Output Operations Per Second) and throughput available to the volume.
Automatic Adjustment: When a block volume is detached from an instance, OCI automatically
optimizes the cost by switching the volume to the "Lower Cost" performance tier. This tier offers
minimal performance, suitable for data that is not actively accessed.
Cost Management: This automatic adjustment is beneficial for managing costs, as it prevents users
from incurring unnecessary charges for higher performance levels when the volume is not in use.
Reference:
Oracle Cloud Infrastructure Documentation: Block Volume Performance Levels
Which compute capacity type would you select to meet these requirements?
C
Explanation:
On-demand capacity is the compute capacity type in Oracle Cloud Infrastructure (OCI) that allows
you to provision and use compute instances whenever needed, without any long-term commitment.
This flexibility is ideal for various workloads, including development, testing, and production
environments, where immediate availability and scalability are crucial.
Key Points:
On-Demand Capacity: On-demand compute instances provide users with the flexibility to spin up
instances as required and only pay for the time the instances are running. This model is most suitable
for workloads with unpredictable usage patterns or short-term requirements.
Flexibility and Scalability: With on-demand capacity, you can quickly scale your resources up or down
based on your application's needs, ensuring that you only pay for the resources you actually use.
No Commitment: Unlike reserved capacity, on-demand capacity does not require any long-term
commitment or upfront payment, making it an attractive option for organizations looking to avoid
capital expenditures.
Reference:
Oracle Cloud Infrastructure Documentation: OCI Compute Pricing
Oracle Cloud Infrastructure Documentation: Compute Instance Lifecycle
Explanation of Incorrect Options:
A . Capacity reservation: This option allows you to reserve capacity in advance, ensuring that
resources are available when needed. It's ideal for predictable workloads but may not be as cost-
effective for fluctuating demands.
B . Preemptible capacity: Preemptible instances are a lower-cost option where instances can be
terminated by OCI if resources are needed elsewhere. This is suitable for non-critical workloads that
can tolerate interruptions.
D . Dedicated host: Dedicated hosts provide physical servers for your exclusive use, offering isolation
and predictable performance. This option is more suitable for workloads requiring dedicated
resources or compliance needs.
Thus, Option C: On-demand capacity is the correct choice for most general-purpose workloads
needing flexibility and immediate availability without long-term commitment.
Which TWO options will accomplish a fully redundant connection from an on-premises data center to
a Virtual Cloud Network (VCN) in the us-ashburn-1 region?
B, D
Explanation:
For a fully redundant connection from an on-premises data center to a VCN in the OCI us-ashburn-1
region, it is important to ensure high availability and fault tolerance. Here's how each option
contributes to redundancy:
Option B: Two FastConnect Virtual Circuits:
FastConnect provides a dedicated, private connection with higher bandwidth and more consistent
performance compared to a VPN. To achieve redundancy, you can configure two FastConnect circuits
in the same region (us-ashburn-1), each terminated on diverse hardware on-premises. This setup
ensures that even if one circuit or its associated hardware fails, the other circuit can maintain the
connection. This ensures no single point of failure in the connectivity to OCI. Thus, option B is
correct.
Option D: FastConnect and Site-to-Site VPN:
Another approach to redundancy is to have a mix of connection types. By setting up one FastConnect
circuit and one Site-to-Site VPN, both terminating in the same region (us-ashburn-1), you create a
diverse connection path. If the FastConnect connection fails, traffic can automatically route through
the VPN connection, maintaining connectivity. This setup adds an extra layer of redundancy, making
option D correct as well.
Incorrect Options:
Option A: Only configuring a Site-to-Site VPN from a single on-premises CPE does not provide
redundancy because it involves just one connection path. If that connection or the CPE fails, there
would be no fallback.
Option C: Configuring FastConnect circuits to different regions (us-ashburn-1 and us-phoenix-1) does
not provide redundancy within a single region but rather across regions, which is not required for
regional redundancy.
Relevant OCI Documentation:
OCI FastConnect Overview
Using Site-to-Site VPN and FastConnect for Redundancy
These references offer more detailed information on setting up redundant connections and the
benefits of each connection type within OCI.
Which components are required for establishing remote peering between two Virtual Cloud
Networks (VCNs) in Oracle Cloud Infrastructure (OCI)?
D
Explanation:
Remote peering in Oracle Cloud Infrastructure allows two VCNs in different regions to communicate
securely. To establish remote peering, the following components are required:
Two VCNs with Nonoverlapping CIDRs:
The CIDR blocks of the two VCNs must not overlap. This is crucial to avoid routing conflicts and
ensure that traffic is correctly routed between the VCNs.
Dynamic Routing Gateway (DRG) Attached to Each VCN:
A DRG is a virtual router that provides a path for traffic between the VCN and networks outside the
VCN, such as other VCNs via remote peering, on-premises networks, or other cloud services. Each
VCN needs its own DRG.
Remote Peering Connection (RPC):
An RPC is a specialized connection on the DRG used specifically for remote peering. You need to
create an RPC on each DRG associated with the VCNs you wish to peer.
Connection Between RPCs:
Finally, a connection must be established between the RPCs of the two DRGs. This connection
facilitates the secure and private exchange of traffic between the VCNs over Oracle's backbone
network.
Incorrect Options:
Option A involves a single VCN, which does not fulfill the requirement of remote peering between
two VCNs.
Option B involves overlapping CIDRs and VPN gateways, which are incorrect for remote peering.
Option C suggests peering within the same region, which would be considered local peering rather
than remote peering.
Relevant OCI Documentation:
OCI Remote VCN Peering
Dynamic Routing Gateway (DRG) Overview
These resources provide a detailed guide on configuring remote peering in OCI, ensuring secure and
effective communication between VCNs across regions.
What would be the total meteredBytes shown by the File Storage service after the hourly update
cycle is complete when you overwrite 0.5 GB of a 1 GB file?
B
Explanation:
In Oracle Cloud Infrastructure (OCI) File Storage, when you overwrite a portion of a file, the service
does not immediately reclaim the space occupied by the previous version of the file. The total
meteredBytes reflects both the original data and the new data written.
Scenario Explanation: You start with a 1 GB file. When you overwrite 0.5 GB of this file, the file
system retains both the 0.5 GB of the original file and the new 0.5 GB you wrote.
Calculation: The original 1 GB file contributes 1 GB to meteredBytes. When 0.5 GB is overwritten, the
total usage becomes 1.5 GB (1 GB original + 0.5 GB new).
Thus, after the hourly update cycle, the total meteredBytes shown by the File Storage service will be
1.5 GB.
Reference:
Oracle Cloud Infrastructure Documentation: File Storage Service Overview
Which statement is NOT correct regarding the Oracle Cloud Infrastructure (OCI) File System
snapshots?
A
Explanation:
In OCI File Storage, snapshots are point-in-time, read-only copies of a file system that do not
immediately consume additional storage beyond the space needed to track changes.
Incorrect Statement: The statement that a new snapshot consumes more storage even if nothing has
changed is incorrect. Snapshots are space-efficient; they only consume additional storage as changes
are made to the file system after the snapshot is taken. If no changes are made between snapshots,
the storage consumption remains minimal.
Correct Statements:
B . Before cloning a file system, at least one snapshot must exist, as the clone operation relies on this
snapshot to create a copy.
C . Snapshots are accessible under the .snapshot directory, allowing users to view and restore files
from specific snapshots.
D . Snapshots provide a consistent, point-in-time view of the file system, ensuring data integrity.
Reference:
Oracle Cloud Infrastructure Documentation: Managing File System Snapshots
Which THREE protocols are supported by the Oracle Cloud Infrastructure (OCI) private Network Load
Balancers?
B, D, E
Explanation:
The OCI Private Network Load Balancer supports multiple protocols for managing traffic efficiently
across your instances within a private subnet. Specifically, it supports:
UDP (User Datagram Protocol): Commonly used for applications that require fast, connectionless
communication, such as video streaming or DNS services.
TCP (Transmission Control Protocol): A reliable, connection-oriented protocol, widely used for web
traffic and other applications requiring data integrity.
HTTP (Hypertext Transfer Protocol): Frequently used for web traffic, it is an application-layer protocol
built on top of TCP and enables communication between web browsers and servers.
The combination of these protocols allows the OCI Network Load Balancer to manage diverse
workloads, including web services and real-time applications.
For reference:
OCI Load Balancer Documentation
Which policy would you write to provide admin access to all three of your existing admin groups for a
shared Test compartment?
A
Explanation:
In Oracle Cloud Infrastructure (OCI), policies are written to define permissions for user groups. The
correct policy to provide admin access to all three existing admin groups in a shared compartment (in
this case, the "Test" compartment) would be:
"Allow all-group to manage all-resources in compartment Test where
request.principal.group.tag.EmployeeGroup.Role=’Admin’".
"Allow all-group": Grants access to all groups.
"to manage all-resources": Specifies full access permissions (manage includes all CRUD operations).
"in compartment Test": Limits the scope of the policy to the "Test" compartment.
"where request.principal.group.tag.EmployeeGroup.Role=’Admin’": Adds a condition to restrict this
admin-level access to only groups tagged with the role 'Admin'.
This policy ensures that only users in the groups tagged as Admin will be allowed to manage
resources in the Test compartment, making it the most suitable choice for providing admin access.
For reference:
OCI Policy Syntax Documentation
Which Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) policy is invalid?
C
Explanation:
In Oracle Cloud Infrastructure (OCI), Identity and Access Management (IAM) policies are used to
control access to resources. The policy in option C is invalid because "any-user" is not a valid principal
in OCI IAM policies. OCI policies can only grant permissions to groups or dynamic groups, but not to
arbitrary users.
Here’s an explanation for each option:
A . Allow dynamic-group 'Default'/'FrontEnd' to manage instance-family in compartment Project-A:
This is valid. It grants the dynamic group 'FrontEnd' the ability to manage instances within the
Project-A compartment.
B . Allow group 'Default'/'A-Admins' to manage all-resources in compartment Project-A: This is valid.
It provides full administrative access to all resources in the Project-A compartment for the 'A-Admins'
group.
C . Allow any-user to inspect users in tenancy: This is invalid because OCI does not allow the use of
"any-user" in policies. You must specify a valid group or dynamic group to define permissions.
D . Allow group 'Default'/'A-Developers' to create volumes in compartment Project-A: This is valid. It
permits the 'A-Developers' group to create volumes in the Project-A compartment.
For reference:
OCI Policy Reference
What would happen if you choose not to proactively reboot the instance before the scheduled
maintenance due date?
C
Explanation:
In OCI, if you choose not to proactively reboot your instance before the scheduled maintenance due
date, the system will handle the maintenance automatically to ensure that the instance remains
operational.
Reboot-Migration or Rebuild in Place: If you don't reboot the instance yourself, OCI will automatically
perform a reboot-migration or rebuild in place for the instance. This ensures that the instance is
moved to new hardware or updated without your intervention, maintaining uptime and applying
necessary updates or fixes.
Impact on Instance: The exact action taken (reboot-migration or rebuild in place) depends on the
type of maintenance required. However, either action will temporarily interrupt the instance,
typically involving a reboot, but the instance's data and configuration will be preserved.
Relevant OCI Documentation:
Instance Maintenance
OCI Maintenance Events
These references discuss the procedures and options available for handling instance maintenance in
OCI.
Which statement is TRUE about restoring a volume from a block volume backup in the Oracle Cloud
Infrastructure (OCI) Block Volume service?
B
Explanation:
Restoring a block volume from a backup in OCI provides flexibility and options for scaling and
recovery:
Restoring to a Larger Volume Size: When restoring a block volume from a backup, you have the
option to restore it to a volume that is larger than the original. This is particularly useful if you
anticipate needing more storage capacity after the restore.
Full and Incremental Backups: OCI supports both full and incremental backups. You can restore from
any backup type, which makes it possible to restore data efficiently depending on the backup
strategy used.
Multiple Restores: Multiple volumes can be restored from a single backup, providing flexibility in
disaster recovery scenarios.
Availability Domain: The restored volume can be created in any availability domain within the same
region, not necessarily the same one where the original volume was located.
Relevant OCI Documentation:
Block Volume Service Overview
Restoring a Block Volume
These references explain the process and options available for restoring block volumes from backups.
Which TWO are key benefits of setting up Site-to-Site VPN on Oracle Cloud Infrastructure (OCI)?
B, C
Explanation:
Setting up a Site-to-Site VPN on Oracle Cloud Infrastructure offers several key benefits related to
connectivity and reliability:
Static or Dynamic Routing (BGP): OCI allows customers to configure Site-to-Site VPN with either static
routing or dynamic routing using Border Gateway Protocol (BGP). This flexibility enables customers
to choose the routing method that best suits their network configuration and requirements.
Redundant VPN Tunnels: OCI automatically provisions redundant VPN tunnels when you set up a
Site-to-Site VPN. These redundant tunnels ensure high availability and fault tolerance, so if one
tunnel fails, traffic can continue to flow through the other tunnel without interruption.
Bandwidth Considerations: While the VPN provides a reliable connection, it typically does not exceed
2 Gbps in bandwidth. Higher bandwidth connections usually require FastConnect.
Private Connection: The VPN does create a secure and private connection between on-premises data
centers and OCI, but it does not inherently provide a consistent network experience in the way that a
dedicated connection like FastConnect does.
Relevant OCI Documentation:
Site-to-Site VPN Overview
Configuring Routing for VPNs
These references detail the benefits and technical specifications of setting up Site-to-Site VPNs on
OCI.
What is the primary function of the Network Path Analyzer (NPA) tool provided by Oracle Cloud
Infrastructure (OCI)?
A
Explanation:
The primary function of the Network Path Analyzer (NPA) tool in Oracle Cloud Infrastructure (OCI) is
to help users troubleshoot and diagnose network connectivity issues by analyzing the network path
between a source and a destination within OCI. The tool collects and analyzes the configuration of
the virtual network, identifying any misconfigurations or issues that might impact connectivity.
NPA Usage: The Network Path Analyzer allows administrators to trace the network path and check
for issues such as incorrect security list rules, route table misconfigurations, or any other factors that
could prevent network traffic from reaching its destination.
Reference:
Oracle Cloud Infrastructure Documentation: Network Path Analyzer