1z0-1072-20 Oracle Cloud Infrastructure 2020 Architect Associate Questions and Answers

You could have multiple private virtual circuits, for example, to isolate traffic from different parts of your organization (one virtual circuit for 10.0.1.0/24; another for 172.16.0.0/16), or to provide redundancy.

A public IP address is an IPv4 address that is reachable from the internet. If a resource in your tenancy needs to be directly reachable from the internet, it must have a public IP address. Depending on the type of resource, there might be other requirements.

There are two types of public IPs:

Ephemeral: Think of it as temporary and existing for the lifetime of the instance.

Reserved: Think of it as persistent and existing beyond the lifetime of the instance it's assigned to. You can unassign it and then reassign it to another instance whenever you like. Exception: reserved public IPs on public load balancers.

To create a new reserved public IP in your pool

Confirm you're viewing the region and compartment where you want to create the reserved public IP.

Open the navigation menu. Under Core Infrastructure, go to Networking and click Public IPs.

Click Create Reserved Public IP.

Enter the following:

Name: An optional friendly name for the reserved public IP. The name doesn't have to be unique, and you can change it later. Avoid entering confidential information.

Compartment: Leave as is.

Tags:Optionally, you can apply tags. If you have permissions to create a resource, you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure if you should apply tags, skip this option (you can apply tags later) or ask your administrator.

Click Create Reserved Public IP.

To assign a reserved public IP to a private IP

Prerequisite: The private IP must not have an ephemeral or reserved public IP already assigned to it. If it does, first delete the ephemeral public IP, or unassign the reserved public IP.

Confirm you're viewing the compartment that contains the instance with the private IP you're interested in.

Open the navigation menu. Under Core Infrastructure, go to Compute and click Instances.

Click the instance to view its details.

Under Resources, click Attached VNICs.

The primary VNIC and any secondary VNICs attached to the instance are displayed.

Click the VNIC you're interested in.

Under Resources, click IP Addresses.

The VNIC's primary private IP and any secondary private IPs are displayed.

For the private IP you're interested in, click the Actions icon (three dots), and then click Edit.

In the Public IP Address section, for Public IP Type, select the radio button for Reserved Public IP.

Enter the following:

Compartment: The compartment that contains the reserved public IP you want to assign.

Reserved Public IP: The reserved public IP you want to assign. You have three choices:

Create a new reserved public IP. You may optionally provide a friendly name for it. The name doesn't have to be unique, and you can change it later. Avoid entering confidential information.

Assign a reserved public IP that is currently unassigned.

Move a reserved public IP from another private IP.

Click Update.

VCN A  (10.0.0.0/16)  will use a range of IPS from 10.0.0.0 to 10.0.255.255 and VCN B (10.1.0.0/16) will use a range of IPS from 10.1.0.0 to 10.1.255.255 so will not be any Overlap between 2 VCNs

A – Backups are encrypted and stored in Oracle Cloud Infrastructure Object Storage, and can be restored as new volumes to any availability domain within the same region they are stored.

D- You can restore a block volume backup to a larger volume size. To do this, check Custom Block Volume Size (GB), and then specify the new size. You can only increase the size of the volume, you cannot decrease the size.

A load balancer improves resource utilization, facilitates scaling, and helps ensure high

availability. You can configure multiple load balancing policies and application-specific health

checks to ensure that the load balancer directs traffic only to healthy instances. The load

balancer can reduce your maintenance window by draining traffic from an unhealthy

application server before you remove it from service for maintenance.

The Load Balancing service considers a server marked drain available for existing persisted

sessions. New requests that are not part of an existing persisted session are not sent to that

server.

Edit Drain State: Opens a dialog box in which you can change the drain state.

If you set the server's drain status to true, the load balancer stops forwarding

new TCP connections and new non-sticky HTTP requests to this backend server.

This setting allows an administrator to take the server out of rotation for

maintenance purposes.

e. Edit Offline State: Opens a dialog box in which you can change the offline

status.

If you set the server's offline status to true, the load balance forwards no ingress

traffic to this backend server.

All databases created in Oracle Cloud Infrastructure are encrypted using transparent data encryption (TDE).

Oracle Cloud Infrastructure encrypts all managed backups in the object store. Oracle uses the Database Transparent Encryption feature by default for encrypting the backups. and the customers can manage the TDE Wallet after DB Systems are provisioned.

References:

References: https://docs.oracle.com/en/cloud/paas/autonomous-data-warehouse-cloud/user/connect-predefined.html#GUID-9747539B-FD46-44F1-8FF8-F5AC650F15BE

health check A test to confirm the availability of backend servers. A health check can be a request or a connection attempt. Based on a time interval you specify, the load balancer applies the health check policy to continuously monitor backend servers. If a server fails the health check, the load balancer takes the server temporarily out of rotation. If the server subsequently passes the health check, the load balancer returns it to the rotation.

You configure your health check policy when you create a backend set. You can configure TCP-level or HTTP-level health checks for your backend servers.

- TCP-level health checks attempt to make a TCP connection with the backend servers and validate the response based on the connection status.

- HTTP-level health checks send requests to the backend servers at a specific URI and validate the response based on the status code or entity data (body) returned.

The service provides application-specific health check capabilities to help you increase availability and reduce your application maintenance window.

Database backups can fail for various reasons. Typically, a backup fails because either the database host cannot access the object store, or there are problems on the host or with the database configuration.

First need to determining the Problem

In the Console, a failed database backup either displays a status of Failed or hangs in the Backup in Progress or Creating state. If the error message does not contain enough information to point you to a solution, you can use the database CLI and log files to gather more data. Then, refer to the applicable section in this topic for a solution.

Database Service Agent Issues

Your Oracle Cloud Infrastructure Database makes use of an agent framework to allow you to manage your database through the cloud platform. Occasionally you might need to restart the dcsagent program if it has the status of stop/waiting to resolve a backup failure.

Object Store Connectivity Issues

Backing up your database to Oracle Cloud Infrastructure Object Storage requires that the host can connect to the applicable Swift endpoint. You can test this connectivity by using a Swift user.

Host Issues

One or more of the following conditions on the database host can cause backups to fail:

- Interactive Commands in the Oracle Profile

- The File System Is Full

- Incorrect Version of the Oracle Database Cloud Backup Module

- Changes to the Site Profile File (glogin.sql)

Database Issues

An improper database state or configuration can lead to failed backups.

- Database Not Running During Backup

- Archiving Mode Set to NOARCHIVELOG (When you provision a new database, the archiving mode is set to ARCHIVELOG by default. This is the required archiving mode for backup operations)

- Stuck Database Archiver Process and Backup Failures

- Temporary Tablespace Errors

- RMAN Configuration and Backup Failures

- RMAN Retention Policy and Backup Failures

- Loss of Objectstore Wallet File and Backup Failures

TDE Wallet and Backup Failures

- Incorrect TDE Wallet Location Specification

- Incorrect State of the TDE Wallet

- Incorrect Configuration Related to the TDE Wallet

- Missing TDE Wallet File

As this is not new provisioned database and already in the ARCHIVELOG , regular backups of DB system to OCI object storage in places, so the best answers are,

- Ensure that your database host can connect to the OCI object storage

- Restart the database service agent

QUESTION 11

In Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE), what does a Replica Set do?

A. It provides declarative updates for Pods.

B. It maintains a stable set of replica Pods running at any given time.

C. It ensures that all Nodes run a copy of a Pod.

D. It exposes an application running on a set of Pods.

Answer: D

To accept traffic from the internet, you create a public load balancer. The service assigns it a public IP address that serves as the entry point for incoming traffic. You can associate the public IP address with a friendly DNS name through any DNS vendor.

A public load balancer is regional in scope. If your region includes multiple availability domains, a public load balancer requires either a regional subnet (recommended) or two availability domain-specific (AD-specific) subnets, each in a separate availability domain. With a regional subnet, the Load Balancing service creates a primary load balancer and a standby load balancer, each in a different availability domain, to ensure accessibility even during an availability domain outage. If you create a load balancer in two AD-specific subnets, one subnet hosts the primary load balancer and the other hosts a standby load balancer. If the primary load balancer fails, the public IP address switches to the secondary load balancer. The service treats the two load balancers as equivalent and you cannot specify which one is "primary".

Whether you use regional or AD-specific subnets, each load balancer requires one private IP address from its host subnet. The Load Balancing service supplies a floating public IP address to the primary load balancer. The floating public IP address does not come from your backend subnets.

You cannot specify a private subnet for your public load balancer.

The backend servers (Compute instances) associated with a backend set can exist anywhere, as long as the associated network security groups (NSGs), security lists, and route tables allow the intended traffic flow.

Oracle recommends that you create your load balancer in a regional subnet.

Oracle recommends that you distribute your backend servers across all availability domains within the region.

Availability Domain-Specific Resources

DB Systems

ephemeral public IPs

instances: They can be attached only to volumes in the same availability domain.

subnets: When you create a subnet, you choose whether it is regional or specific to an availability domain. Oracle recommends using regional subnets.

volumes: They can be attached only to an instance in the same availability domain.

“You can add secondary VNICs to an instance after it’s launched. Each secondary VNIC can be in a subnet in the same VCN as the primary VNIC, or in a different subnet that is either in the same VCN or a different one. However, all the VNICs must be in the same availability domain as the instance.”

https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/managingVNICs.htm

References:

References:

Regions and Availability DomainsVolumes are only accessible to instances in the same availability domain . You cannot move a volume between availability domains or regions.

FYI: https://docs.cloud.oracle.com/iaas/Content/Block/Concepts/overview.htm

Data Guard in Maximum Performance protection mode is supported not simply Maximum Protection mode, however, you can configure additional protection modes and transport types by logging on to the DB system and accessing Data Guard command-line interface( DGMGRL).

https://docs.cloud.oracle.com/iaas/Content/Balance/Tasks/managingcertificates.htm

STRONG CONSISTENCYWhen a read request is made, Object Storage always serves the most recent copy of the data that was written to the system.DURABILITYObject Storage is a regional service. Data is stored redundantly across multiple storage servers. Object Storage actively monitors data integrity using checksums and automatically detects and repairs corrupt data. Object Storage actively monitors and ensures data redundancy. If a redundancy loss is detected, Object Storage automatically creates more data copies. For more details about Object Storage durability, see the Oracle Cloud Infrastructure Object Storage FAQ.CUSTOM METADATAYou can define your own extensive metadata as key-value pairs for any purpose. For example, you can create descriptive tags for objects, retrieve those tags, and sort through the data. You can assign custom metadata to objects and buckets using the Oracle Cloud Infrastructure CLI or SDK. See Software Development Kits and Command Line Interface for details.ENCRYPTIONObject Storage employs 256-bit Advanced Encryption Standard (AES-256) to encrypt object data on the server. Each object is encrypted with its own key. Data encryption keys are encrypted with a master encryption key that is frequently rotated. Encryption is enabled by default and cannot be turned off.