You are designing a high bandwidth, redundant connection between your data center and Oracle Cloud Infrastructure (OCI). While researching for OCI FastConnect locations, you notice that you are co-located with Oracle at one of the Oracle FastConnect locations in the Ashburn region.
What is the recommended design in this scenario?
You could have multiple private virtual circuits, for example, to isolate traffic from different parts of your organization (one virtual circuit for 10.0.1.0/24; another for 172.16.0.0/16), or to provide redundancy.
You deployed a web server in Oracle Cloud Infrastructure using an ephemeral public IP. After a few changes in your web server configuration, you rebooted the server and a new public IP was associated to your instance.
What should you do to prevent this from happening again?
A public IP address is an IPv4 address that is reachable from the internet. If a resource in your tenancy needs to be directly reachable from the internet, it must have a public IP address. Depending on the type of resource, there might be other requirements.
There are two types of public IPs:
Ephemeral: Think of it as temporary and existing for the lifetime of the instance.
Reserved: Think of it as persistent and existing beyond the lifetime of the instance it's assigned to. You can unassign it and then reassign it to another instance whenever you like. Exception: reserved public IPs on public load balancers.
To create a new reserved public IP in your pool
Confirm you're viewing the region and compartment where you want to create the reserved public IP.
Open the navigation menu. Under Core Infrastructure, go to Networking and click Public IPs.
Click Create Reserved Public IP.
Enter the following:
Name: An optional friendly name for the reserved public IP. The name doesn't have to be unique, and you can change it later. Avoid entering confidential information.
Compartment: Leave as is.
Tags:Optionally, you can apply tags. If you have permissions to create a resource, you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure if you should apply tags, skip this option (you can apply tags later) or ask your administrator.
Click Create Reserved Public IP.
To assign a reserved public IP to a private IP
Prerequisite: The private IP must not have an ephemeral or reserved public IP already assigned to it. If it does, first delete the ephemeral public IP, or unassign the reserved public IP.
Confirm you're viewing the compartment that contains the instance with the private IP you're interested in.
Open the navigation menu. Under Core Infrastructure, go to Compute and click Instances.
Click the instance to view its details.
Under Resources, click Attached VNICs.
The primary VNIC and any secondary VNICs attached to the instance are displayed.
Click the VNIC you're interested in.
Under Resources, click IP Addresses.
The VNIC's primary private IP and any secondary private IPs are displayed.
For the private IP you're interested in, click the Actions icon (three dots), and then click Edit.
In the Public IP Address section, for Public IP Type, select the radio button for Reserved Public IP.
Enter the following:
Compartment: The compartment that contains the reserved public IP you want to assign.
Reserved Public IP: The reserved public IP you want to assign. You have three choices:
Create a new reserved public IP. You may optionally provide a friendly name for it. The name doesn't have to be unique, and you can change it later. Avoid entering confidential information.
Assign a reserved public IP that is currently unassigned.
Move a reserved public IP from another private IP.
You have been tasked with creating one virtual cloud network (VCN) each for two line of business (LOB) applications. LOB A and LOB B will need to communicate with each other. To ensure that you can utilize VCN peering, which network CIDR ranges should be used?
VCN A (10.0.0.0/16) will use a range of IPS from 10.0.0.0 to 10.0.255.255 and VCN B (10.1.0.0/16) will use a range of IPS from 10.1.0.0 to 10.1.255.255 so will not be any Overlap between 2 VCNs
Which two statements are true about restoring a block volume from a manual or policy-based block volume backup? (Choose two.)
A – Backups are encrypted and stored in Oracle Cloud Infrastructure Object Storage, and can be restored as new volumes to any availability domain within the same region they are stored.
D- You can restore a block volume backup to a larger volume size. To do this, check Custom Block Volume Size (GB), and then specify the new size. You can only increase the size of the volume, you cannot decrease the size.
You are a network architect of an application running on Oracle Cloud Infrastructure (OCI). Your security team has informed you about a security patch that needs to be applied immediately to one of the backend web servers. What should you do to ensure that the OCI load balancer does not forward traffic to this backend server during maintenance?
A load balancer improves resource utilization, facilitates scaling, and helps ensure high
availability. You can configure multiple load balancing policies and application-specific health
checks to ensure that the load balancer directs traffic only to healthy instances. The load
balancer can reduce your maintenance window by draining traffic from an unhealthy
application server before you remove it from service for maintenance.
The Load Balancing service considers a server marked drain available for existing persisted
sessions. New requests that are not part of an existing persisted session are not sent to that
Edit Drain State: Opens a dialog box in which you can change the drain state.
If you set the server's drain status to true, the load balancer stops forwarding
new TCP connections and new non-sticky HTTP requests to this backend server.
This setting allows an administrator to take the server out of rotation for
e. Edit Offline State: Opens a dialog box in which you can change the offline
If you set the server's offline status to true, the load balance forwards no ingress
traffic to this backend server.
Which two statements are true about Oracle Cloud Infrastructure (OCI) DB Systems?
All databases created in Oracle Cloud Infrastructure are encrypted using transparent data encryption (TDE).
Oracle Cloud Infrastructure encrypts all managed backups in the object store. Oracle uses the Database Transparent Encryption feature by default for encrypting the backups. and the customers can manage the TDE Wallet after DB Systems are provisioned.
Which two statements are true about data guard service on DB Systems in Oracle Cloud Infrastructure (OCI)?
You have provisioned an Autonomous Data Warehouse (ADW) database with 16 enabled OCPUs and need to configure the consumer group for your application.
Which two are true when deciding the number of sessions for each application? (Choose two.)
Your application consists of three Oracle Cloud Infrastructure compute instances running behind a public load balancer. You have configured the load balancer to perform health checks on these instances, but one of the three instances fails to pass the configured health check. Which of the following action will the load balancer perform?
health check A test to confirm the availability of backend servers. A health check can be a request or a connection attempt. Based on a time interval you specify, the load balancer applies the health check policy to continuously monitor backend servers. If a server fails the health check, the load balancer takes the server temporarily out of rotation. If the server subsequently passes the health check, the load balancer returns it to the rotation.
You configure your health check policy when you create a backend set. You can configure TCP-level or HTTP-level health checks for your backend servers.
- TCP-level health checks attempt to make a TCP connection with the backend servers and validate the response based on the connection status.
- HTTP-level health checks send requests to the backend servers at a specific URI and validate the response based on the status code or entity data (body) returned.
The service provides application-specific health check capabilities to help you increase availability and reduce your application maintenance window.
With regard to Oracle Cloud Infrastructure Load Balancing service, which two actions will occur when a backend server that is registered with a backend set is marked to drain connections?
You are running a mission-critical database application in Oracle Cloud Infrastructure (OCI). You take regular backups of your DB system to OCI object storage. Recently, you notice a failed database backup status in the console.
What step can you take to determine the cause of the backup failure?
Database backups can fail for various reasons. Typically, a backup fails because either the database host cannot access the object store, or there are problems on the host or with the database configuration.
First need to determining the Problem
In the Console, a failed database backup either displays a status of Failed or hangs in the Backup in Progress or Creating state. If the error message does not contain enough information to point you to a solution, you can use the database CLI and log files to gather more data. Then, refer to the applicable section in this topic for a solution.
Database Service Agent Issues
Your Oracle Cloud Infrastructure Database makes use of an agent framework to allow you to manage your database through the cloud platform. Occasionally you might need to restart the dcsagent program if it has the status of stop/waiting to resolve a backup failure.
Object Store Connectivity Issues
Backing up your database to Oracle Cloud Infrastructure Object Storage requires that the host can connect to the applicable Swift endpoint. You can test this connectivity by using a Swift user.
One or more of the following conditions on the database host can cause backups to fail:
- Interactive Commands in the Oracle Profile
- The File System Is Full
- Incorrect Version of the Oracle Database Cloud Backup Module
- Changes to the Site Profile File (glogin.sql)
An improper database state or configuration can lead to failed backups.
- Database Not Running During Backup
- Archiving Mode Set to NOARCHIVELOG (When you provision a new database, the archiving mode is set to ARCHIVELOG by default. This is the required archiving mode for backup operations)
- Stuck Database Archiver Process and Backup Failures
- Temporary Tablespace Errors
- RMAN Configuration and Backup Failures
- RMAN Retention Policy and Backup Failures
- Loss of Objectstore Wallet File and Backup Failures
TDE Wallet and Backup Failures
- Incorrect TDE Wallet Location Specification
- Incorrect State of the TDE Wallet
- Incorrect Configuration Related to the TDE Wallet
- Missing TDE Wallet File
As this is not new provisioned database and already in the ARCHIVELOG , regular backups of DB system to OCI object storage in places, so the best answers are,
- Ensure that your database host can connect to the OCI object storage
- Restart the database service agent
A financial firm is designing an application architecture for its online trading platform that must have high availability and fault tolerance.
Their solutions architect configured the application to use an Oracle Cloud Infrastructure Object Storage bucket located in the US West (us-phoenix-1) region to store large amounts of financial data. The stored financial data in the bucket must not be affected even if there is an outage in one of the Availability Domains or a complete region.
What should the architect do to avoid any costly service disruptions and ensure data durability?
In Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE), what does a Replica Set do?
A. It provides declarative updates for Pods.
B. It maintains a stable set of replica Pods running at any given time.
C. It ensures that all Nodes run a copy of a Pod.
D. It exposes an application running on a set of Pods.
Which two statements are true about Oracle Cloud Infrastructure storage services?
You are deploying a highly available web application In Oracle Cloud Infrastructure and have decided to use a public load balancer. The back-end web servers will be distributed across all three availability domains (ADs).
How many subnets should you create to deliver a secure, highly available application?
To accept traffic from the internet, you create a public load balancer. The service assigns it a public IP address that serves as the entry point for incoming traffic. You can associate the public IP address with a friendly DNS name through any DNS vendor.
A public load balancer is regional in scope. If your region includes multiple availability domains, a public load balancer requires either a regional subnet (recommended) or two availability domain-specific (AD-specific) subnets, each in a separate availability domain. With a regional subnet, the Load Balancing service creates a primary load balancer and a standby load balancer, each in a different availability domain, to ensure accessibility even during an availability domain outage. If you create a load balancer in two AD-specific subnets, one subnet hosts the primary load balancer and the other hosts a standby load balancer. If the primary load balancer fails, the public IP address switches to the secondary load balancer. The service treats the two load balancers as equivalent and you cannot specify which one is "primary".
Whether you use regional or AD-specific subnets, each load balancer requires one private IP address from its host subnet. The Load Balancing service supplies a floating public IP address to the primary load balancer. The floating public IP address does not come from your backend subnets.
You cannot specify a private subnet for your public load balancer.
The backend servers (Compute instances) associated with a backend set can exist anywhere, as long as the associated network security groups (NSGs), security lists, and route tables allow the intended traffic flow.
Oracle recommends that you create your load balancer in a regional subnet.
Oracle recommends that you distribute your backend servers across all availability domains within the region.
You deployed a database on a Standard Compute instance in Oracle Cloud Infrastructure (OCI) due to cost concerns. The database requires additional storage with high I/O and you decided to use OCI Block Volume service for it.
With this requirement in mind, which elastic performance option should you choose for the Block Volume?
You have been asked to create an Identity and Access Management (IAM) user that will authenticate to Oracle Cloud Infrastructure (OCI) API endpoints. This user must not be given credentials that would allow them to log into the OCI console.
Which two authentication options can you use? (Choose two.)
You need to set up instance principals so that an application running on an instance can call Oracle Cloud Infrastructure (OCI) public services, without the need to configure user credentials.
A developer in your team has already configured the application built using an OCI SDK to authenticate using the instance principals provider.
Which is NOT a necessary step to complete this set up?
Which two resources reside exclusively in a single Oracle Cloud Infrastructure Availability Domain? (Choose two.)
Availability Domain-Specific Resources
ephemeral public IPs
instances: They can be attached only to volumes in the same availability domain.
subnets: When you create a subnet, you choose whether it is regional or specific to an availability domain. Oracle recommends using regional subnets.
volumes: They can be attached only to an instance in the same availability domain.
Which two statements below are correct with respect to adding secondary Virtual Network Interface Cards
(VNICs) to an existing compute instance in Oracle Cloud Infrastructure? (Choose two.)
“You can add secondary VNICs to an instance after it’s launched. Each secondary VNIC can be in a subnet in the same VCN as the primary VNIC, or in a different subnet that is either in the same VCN or a different one. However, all the VNICs must be in the same availability domain as the instance.”
Which of the following statements is true about the Oracle Cloud Infrastructure (OCI) Object Storage serverside encryption?
Which two statements about Oracle Cloud Infrastructure File Storage Service are accurate? (Choose two.)
Given: When creating multiple subnets within a Virtual Cloud Network (VCN), security lists are often made to group common services, for example, SSH and RDP (remote access), 80 and 443 (HTTP), and so on.
By default, what is the maximum number of security lists that can be associated with a subnet upon creation?
Your company has decided to move a few applications to Oracle Cloud Infrastructure and you have been asked to design it for Disaster Recovery (DR). One of the items of your design is to deploy the DR at least 300 miles from the home site and minimize the network latency as much as possible.
Based on that, what will be the recommended deployment?
You had an outage in your application caused by the loss of a shared volume provisioned by File Storage Service (FSS). At this point, you need to restore the data from a snapshot you created of the FSS.
What are the steps to restore the data?
For a compute instance that is launched in a private subnet in a Virtual Cloud Network (VCN), which action needs to be performed to connect to the Internet, assuming that the required security list is properly set up?
You are responsible for setting up access for all the cloud users of a large enterprise. You log in to the Phoenix region and start creating users and policies. You then realize that some users might be creating resources in the Ashburn region.
Which step should you perform to enable those users?
Which two are true for achieving High Availability on Oracle Cloud Infrastructure? (Choose two.)
Which two statements are true about Oracle Cloud Infrastructure Compute Service? (Choose two.)
Regions and Availability DomainsVolumes are only accessible to instances in the same availability domain . You cannot move a volume between availability domains or regions.
Your company is moving an Internet-facing, 2-tier web application into Oracle Cloud Infrastructure. The application must have a highly available architecture.
Which two design options would you consider? (Choose two.)
Which two features are offered natively on Oracle Cloud Infrastructure Database Cloud Service (DBCS)? (Choose two.)
Data Guard in Maximum Performance protection mode is supported not simply Maximum Protection mode, however, you can configure additional protection modes and transport types by logging on to the DB system and accessing Data Guard command-line interface( DGMGRL).
Which certificate format is used with the load balancer?
Which two statements are true about the Oracle Cloud Infrastructure Object Storage Service? (Choose two.)
STRONG CONSISTENCYWhen a read request is made, Object Storage always serves the most recent copy of the data that was written to the system.DURABILITYObject Storage is a regional service. Data is stored redundantly across multiple storage servers. Object Storage actively monitors data integrity using checksums and automatically detects and repairs corrupt data. Object Storage actively monitors and ensures data redundancy. If a redundancy loss is detected, Object Storage automatically creates more data copies. For more details about Object Storage durability, see the Oracle Cloud Infrastructure Object Storage FAQ.CUSTOM METADATAYou can define your own extensive metadata as key-value pairs for any purpose. For example, you can create descriptive tags for objects, retrieve those tags, and sort through the data. You can assign custom metadata to objects and buckets using the Oracle Cloud Infrastructure CLI or SDK. See Software Development Kits and Command Line Interface for details.ENCRYPTIONObject Storage employs 256-bit Advanced Encryption Standard (AES-256) to encrypt object data on the server. Each object is encrypted with its own key. Data encryption keys are encrypted with a master encryption key that is frequently rotated. Encryption is enabled by default and cannot be turned off.