Question 1: Correct

In the context of Oracle FastConnect, what are the two types of virtual circuits?

Intra-Region and Inter-Region

Layer 3 and Layer 4

Standard and High-Performance

Private and Public

(Correct)

Explanation
VIRTUAL CIRCUIT is an isolated network path that runs over one or more physical network connections to
provide a single, logical connection between the edge of your existing network and Oracle Cloud
Infrastructure. Private virtual circuits support private peering, and public virtual circuits support public
peering.
Question 2: Incorrect
What is the purpose of identity federation in the context of OracleDB for Azure?

To provide a way for customers to manage database resources in OracleDB for Azure without using
the OCI Console

To link Azure subscriptions to your OCI tenancy

To enable bidirectional communication between applications in the Azure tenancy and the
database resources in OracleDB for Azure

(Incorrect)

To allow users to log in to the OCI Console using the same Azure credentials
 (Correct)

Explanation
Azure users log into OracleDB for Azure using their Azure credentials, and OracleDB for Azure streams much of
the day-to-day operational data from the OracleDB for Azure managed OCI databases to Azure Application
Insights and Azure Log Analytics. Because of this, Azure developers spend most of their time in Azure.

In some instances, an OracleDB for Azure user must log into the OCI Console to perform specific tasks that
aren’t enabled or available in OracleDB for Azure today. To make this process easier, Azure customers setup
identity federation between the Azure and OCI tenancies. With this in place, authorized users use a single set
of credentials, their Azure credentials, to log into Azure and OCI

Question 3: Incorrect
Which step is NOT valid while implementing an OCI-Azure Interconnect?

Select FastConnect Direct as the connection type.

(Correct)

Set up an Azure ExpressRoute circuit.

Create a Dynamic Routing Gateway and attach it to the OCI VCN.

(Incorrect)

Set up an Oracle FastConnect virtual circuit.

Explanation
As you can see in the below screenshot (from the OCI Console), while implementing OCI-Azure Interconnect
you need to select Connection type: FastConnect partner and select Microsoft Azure ExpressRoute as the
Partner.

Hence, "Select FastConnect Direct as the connection type" is NOT VALID and hence the correct answer.
 Question 4: Incorrect
Which is true regarding fully automated and guided onboarding for the OracleDB for Azure service?

An Azure user who completes fully automated onboarding can log in to the OracleDB for Azure
portal, but cannot deploy and provision databases.

Guided onboarding is simpler and faster than fully automated onboarding.

An Azure user who completes guided onboarding cannot log in to the OracleDB for Azure portal.

(Incorrect)

Fully automated onboarding requires more permissions to be granted than guided onboarding.

(Correct)

Explanation
The fully-automated onboarding option for OracleDB for Azure is faster and more convenient than the
guided account linking. Hence the option "Guided onboarding is simpler and faster than fully automated
onboarding" is NOT TRUE.

When the automated configuration finishes, OracleDB for Azure is fully operational. The Azure user that
completed onboarding can login and use the OracleDB for Azure portal to deploy and provision databases for
use in their Azure environment. Hence the option "An Azure user who completes fully automated onboarding
can log in to the OracleDB for Azure portal, but cannot deploy and provision databases" is NOT TRUE.

If you used the guided onboarding process, the user who completed onboarding can login to the OracleDB for
Azure portal, but not really do anything there. Before users can do anything productive using OracleDB for
Azure, you must first complete configuration steps for each user or user group. Hence the option "An Azure
user who completes guided onboarding cannot log in to the OracleDB for Azure portal" is NOT TRUE.

Now, let's look at the only option left which is "Fully automated onboarding requires more permissions to be
granted than guided onboarding". This option is TRUE as the automated onboarding process requires that the
Azure user onboarding to OracleDB for Azure have at least one of the following admin roles: Application
Administrator, Cloud Application Administrator, Privileged Role Administrator, or Global Administrator. Guided
onboarding is provided for customers who do not want to grant OracleDB for Azure all the Azure permissions
required for fully automated onboarding. Hence this is the correct answer.

Question 5: Incorrect
Which feature is supported in all Oracle Database editions in Oracle Cloud Infrastructure?

Transparent Data Encryption

(Correct)

Data Guard

Diagnostic Packs

(Incorrect)

In-Memory Database
Explanation
All editions include Oracle Database Transparent Data Encryption, Machine Learning, and Spatial and Graph.

 Standard Edition includes Oracle Database Standard Edition.

 Enterprise Edition includes Oracle Database Enterprise Edition, Data Masking and Subsetting
Pack, Diagnostics and Tuning Packs, and Real Application Testing.
 Enterprise Edition High Performance extends Enterprise Edition with the following options:
Multitenant, Partitioning, Advanced Compression, Advanced Security, Label Security, Database Vault,
OLAP, Database Lifecycle Management Pack and Cloud Management Pack for Oracle Database.
 Enterprise Edition Extreme Performance extends High Performance with the following options: In-
Memory Database, Active Data Guard, Real Application Clusters.

Data Guard is not supported Oracle Database Standard Edition.

Question 6: Incorrect
What is the primary purpose of the MySQL Database Service HeatWave option in Oracle Cloud Infrastructure
(OCI)?

To offer a serverless MySQL deployment

To enable seamless database migration from on-premises to OCI

To ensure high availability and fault tolerance

(Incorrect)

To provide a distributed in-memory query accelerator

(Correct)

Explanation
HeatWave is an in-memory query accelerator developed for Oracle MySQL Database Service. It’s a massively
parallel, hybrid, columnar, query-processing engine with state-of-art algorithms for distributed query
processing which provide very high performance for queries.
Question 7: Incorrect
What is NOT required for the OracleDB for Azure setup?

Specific roles for the Oracle Database Service (ODS) enterprise application in Azure

An existing Azure account with the necessary ARM roles

An OCI tenancy with the necessary admin permissions for the OCI user

(Incorrect)

A preprovisioned Azure Virtual Network (VNet)

 (Correct)

Explanation
To set up and use OracleDB for Azure, you need an existing Azure account with the necessary Azure roles.
Hence "An existing Azure account with the necessary ARM roles" is required.

If you already have an OCI account, you can use that account to onboard with OracleDB for Azure. Be sure to
perform the onboarding with an OCI user that has admin permissions if you are using an existing OCI account.
If you don’t have an OCI account, the OracleDB for Azure onboarding process allows you to create a new
account during OracleDB for Azure setup. Hence "An OCI tenancy with the necessary admin permissions for
the OCI user" is also required.

For Guided Onboarding, the OracleDB for Azure administrative user setting up the service have the
"Multicloudlink Administrator" role in the Oracle Database Service (ODS) multitenant application that
OracleDB for Azure deploys in the Azure tenancy.

For each subscription being linked, the onboarding user or an Azure administrator must grant the Oracle
Database Service multitenant application the following roles:

 Contributor
 EventGrid Data Sender
 Monitoring Metrics Publisher
 Network Contributor

Hence "Specific roles for the Oracle Database Service (ODS) enterprise application in Azure" is also required.

When provisioning Oracle Base Database systems or Oracle Exadata Cloud VM clusters, you must have an
Azure Virtual Network available to OracleDB for Azure to complete the provisioning operation. However this is
NOT required for OracleDB for Azure setup. Hence "A preprovisioned Azure Virtual Network (VNet)" is the
CORRECT ANSWER.

Question 8: Incorrect
What is the purpose of the SAML metadata file in the OCI Federation setup with Azure Active Directory (AD)?

It is used to exchange metadata information between Azure AD and OCI.

(Correct)

It is used to establish trust between Azure AD and OCI.

It is used to configure attribute mapping between Azure AD and OCI.

(Incorrect)
 

It is used to store user credentials for authentication.

Explanation
In general, SAML metadata is used to share configuration information between the Identity Provider (IdP) and
the Service Provider (SP).
Question 9: Incorrect
What is the primary difference between using Oracle FastConnect with an Oracle partner and using
FastConnect with colocation with Oracle?

The geographical locations available for connections

The method of establishing the physical connection to Oracle Cloud Infrastructure

(Correct)

The type of virtual circuits supported

(Incorrect)

The number of available redundancy models

Explanation
FastConnect: With an Oracle Partner:

You can establish a FastConnect connection from your on-premise or remote data center to the data center
where your Oracle Cloud resources are provisioned by requesting cloud connectivity services from any of
Oracle's FastConnect partners. Oracle has integrated the FastConnect service with a geographically diverse set
of IP, VPN, and Ethernet network providers and cloud exchanges to make it easy for you to establish a
connection to Oracle Cloud services.
FastConnect: Colocation with Oracle:

If you have purchased colocation space from a data center provider, you can use Oracle FastConnect to
establish connectivity from your network equipment in that colocation facility to your Oracle Cloud services
provisioned at this location. Oracle will provide you a letter of authorization (LOA) that the data center
provider will need in order to establish a direct cross-connect into Oracle's FastConnect edge devices
 Question 10: Incorrect
Which type of routing does Oracle FastConnect use to exchange routing information between on-premises
networks and Oracle Cloud Infrastructure?

Static routing

Dynamic routing with BGP

(Correct)
 

OSPF

(Incorrect)

RIP
Explanation
The exchange of routes is accomplished by industry standard BGP routing protocol.
Question 11: Correct
Which database system is NOT available in Oracle Database Service for Azure?

Autonomous Database on shared Exadata infrastructure

Base Database using Oracle Enterprise Edition or Oracle Standard Edition 2 databases

Autonomous Database on dedicated Exadata infrastructure

(Correct)

Oracle Exadata Database

Explanation
Oracle Database Service for Azure offers the following products:
 Oracle Exadata Database: You can provision flexible Exadata systems that allow you to add database
compute servers and storage servers to your system at any time after provisioning.
 Autonomous Database on shared Exadata infrastructure: Autonomous Database provides an easy-
to-use, fully autonomous database that scales elastically, delivers fast query performance, and
requires no database administration.
 Base Database: Using OracleDB for Azure, you can deploy Oracle Enterprise Edition or Oracle
Standard Edition 2 databases on virtual machine DB systems. You can deploy single-node systems or
2-node RAC systems.
 MySQL Database with HeatWave: MySQL Database Service is a fully managed Oracle Cloud native
service available through OracleDB for Azure. It is developed, managed, and supported by the MySQL
team in Oracle. Optionally, you can add a HeatWave cluster to a MySQL DB system. HeatWave is a
distributed, scalable, shared-nothing, in-memory, hybrid columnar, query processing engine designed
for extreme performance.
Hence, "Autonomous Database on dedicated Exadata infrastructure" is NOT available and hence the CORRECT
ANSWER.

Question 12: Correct

An organization has decided to implement a multicloud solution by using Microsoft Azure for their frontend
data analytics applications and Oracle Cloud Infrastructure (OCI) for their backend Oracle Autonomous Data
Warehouse. In this scenario, how can the organization ensure secure and low latency data transfer between
the frontend applications and the backend data warehouse?

Implement a hybrid cloud approach by integrating on-premises infrastructure with both Azure and
OCI.

Establish a dedicated, private connection between Azure and OCI using Azure ExpressRoute and
Oracle FastConnect.

(Correct)

Use public internet connections to transfer data between Azure and OCI, encrypting the data in
transit.

Leverage a VPN Gateway to create an encrypted tunnel between Azure and OCI for secure data
transfer.
Explanation
In the question, frontend is in Azure and backend is in OCI. And the keywords are SECURE and LOW LATENCY
data transfer.

Use public internet connections to transfer data between Azure and OCI, encrypting the data in transit
- INCORRECT as this option won't provide LOW LATENCY data transfer (as it is using public internet).

Leverage a VPN Gateway to create an encrypted tunnel between Azure and OCI for secure data transfer
- INCORRECT as Site-to-Site VPN Connection won't provide LOW LATENCY data transfer as the connection
traverses through public internet.

Implement a hybrid cloud approach by integrating on-premises infrastructure with both Azure and OCI
- INCORRECT as there is no mention of on-premises environment in the question. This option is irrelevant
here.
Establish a dedicated, private connection between Azure and OCI using Azure ExpressRoute and Oracle
FastConnect - CORRECT as it provides a direct Interconnect between OCI and Microsoft Azure which in
turn provides <2ms latency for superior multicloud network performance.

Question 13: Incorrect

A company has deployed a multi-tier application in Oracle Cloud Infrastructure (OCI), with web servers in a
public subnet and database servers in a private subnet. The database servers need to access data from OCI
Object Storage, and the company wants to ensure that this communication is secure and not exposed to the
public internet. Which OCI feature should be used to achieve this objective?

Use a Service Gateway to establish a secure connection to Object Storage.

(Correct)

Use a Local Peering Gateway to peer with the Object Storage subnet.

(Incorrect)

Use a VPN Gateway to create an encrypted tunnel to Object Storage.

Use a NAT Gateway to enable private access to Object Storage.

Explanation
A service gateway lets your virtual cloud network (VCN) privately access specific Oracle services without
exposing the data to the public internet. No internet gateway or NAT gateway is required to reach those
specific services.

The resources in the VCN can be in a private subnet and use only private IP addresses. The traffic from the VCN
to the Oracle service travels over the Oracle network fabric and never traverses the internet.

Question 14: Incorrect

What is a key benefit of using Oracle Autonomous Database on Shared Exadata Infrastructure?

Unlimited storage capacity

Automatic database tuning and patching

 (Correct)

Dedicated hardware resources for each database

(Incorrect)

Seamless integration with third-party cloud providers

Explanation
With Autonomous Database on shared Exadata infrastructure, you do not need to configure or manage any
hardware or install any software. Autonomous Database handles provisioning the database, backing up the
database, patching and upgrading the database, and growing or shrinking the database. Autonomous
Database is a completely elastic service.An autonomous database is a cloud database that uses machine
learning to automate database tuning, security, backups, updates, and other routine management tasks
traditionally performed by DBAs.
Question 15: Incorrect
Which components are required to establish a cross-cloud connection between Microsoft Azure and Oracle
Cloud Infrastructure?

Azure Virtual Network and OCI Virtual Cloud Network

Azure Load Balancer and OCI Load Balancer

(Incorrect)

Azure Site-to-Site VPN and OCI Site-to-Site VPN

Azure ExpressRoute circuit and Oracle FastConnect virtual circuit

(Correct)

Explanation
For cross-cloud networking between Oracle Cloud and Microsoft Azure, set up a connection between
a FastConnect circuit in Oracle Cloud and an ExpressRoute circuit in Microsoft Azure.
 Question 16: Incorrect
What components are required for setting up an Azure VNet to Oracle Cloud Infrastructure VCN connection as
part of the OCI-Azure Interconnect?

An Azure VNet with subnets and a virtual network gateway, and an OCI VCN with subnets and an
attached dynamic routing gateway

(Correct)

An Azure VNet with subnets and a virtual network gateway, and an OCI VCN with subnets and an
attached NAT gateway

An Azure VNet with subnets and a virtual network gateway, and an OCI VCN with subnets and an
attached service gateway

(Incorrect)

An Azure VNet with subnets and a virtual network gateway, and an OCI VCN with subnets and an
attached internet gateway
Explanation
If you closely look at the options, you can start eliminating some of them.

We can easily eliminate "An Azure VNet with subnets and a virtual network gateway, and an OCI VCN with
subnets and an attached service gateway" as we don't require service gateway to setup OCI-Azure
Interconnect.

On similar lines, we can also eliminate the options where internet gateway and NAT gateway is present.
Hence "An Azure VNet with subnets and a virtual network gateway, and an OCI VCN with subnets and an
attached internet gateway" and "An Azure VNet with subnets and a virtual network gateway, and an OCI VCN
with subnets and an attached NAT gateway".

As you can see in the architecture below, on the OCI side you require a Dynamic Routing Gateway and on the
Azure side you need a Virtual Network Gateway.

Hence the option "An Azure VNet with subnets and a virtual network gateway, and an OCI VCN with subnets
and an attached dynamic routing gateway" is CORRECT.

Question 17: Incorrect

A consulting company that employs Oracle Cloud Infrastructure (OCI) architects has successfully completed
resource migration from Microsoft Azure to OCI, and no longer requires the Oracle FastConnect circuit to
Azure. The project manager has asked you to delete all resources involved in this cross-cloud connectivity.
From the Azure side, you delete the Resource Group. After a while, you notice that all Azure resources have
been deleted, except for the Azure ExpressRoute circuit.

What could be a potential reason for this issue?

You need to first delete the Oracle FastConnect circuit for the ExpressRoute circuit to be
decommissioned, and then you can delete the ExpressRoute virtual circuit.

(Correct)

You need to remove all routes that point to the cross-cloud connection on both OCI and Azure
before you can delete the circuit.

(Incorrect)


 Your bill from the OCI side needs to be paid in full before you can remove the Azure ExpressRoute
circuit.

You need to remove the Azure ExpressRoute Partner Service Key from the Oracle FastConnect
circuit, and then you can delete the ExpressRoute virtual circuit.
Explanation
To delete the interconnect, perform these steps in the order given. Failure to do so results in a failed
state ExpressRoute circuit.

1. Delete the ExpressRoute connection. Delete the connection by selecting the Delete icon on the page
for your connection.

2. Delete the Oracle FastConnect circuit from the Oracle Cloud Console.

3. Once the Oracle FastConnect circuit has been deleted, you can delete the Azure ExpressRoute
circuit.

Hence "You need to first delete the Oracle FastConnect circuit for the ExpressRoute circuit to be
decommissioned, and then you can delete the ExpressRoute virtual circuit." is the CORRECT ANSWER.

Question 18: Incorrect

What does the term "multicloud" mean and how can it help organizations manage their IT infrastructure?

The integration of on-premises infrastructure with cloud services for a hybrid cloud approach

The use of multiple cloud services from a single provider for redundancy and high availability

The deployment of a single cloud service across multiple regions and data centers for better
performance

(Incorrect)

The use of cloud services from multiple providers to leverage the best features and services of each
 (Correct)

Explanation
The keyword here is multiple providers. Multicloud is a cloud computing strategy that uses the best services
from more than one cloud provider to deploy a solution.

The use of multiple cloud services from a single provider for redundancy and high availability is INCORRECT as
it talks about single provider.

The deployment of a single cloud service across multiple regions and data centers for better performance is
also INCORRECT as there is no mention of multiple cloud service providers. Rather it talks about single cloud
service across multiple regions.

The use of multiple cloud services from a single provider for redundancy and high availability is
also INCORRECT as it also talks about single provider.

Hence the correct answer is The use of cloud services from multiple providers to leverage the best features
and services of each.

Question 19: Correct

Which components are required to establish a Site-to-Site VPN connection in Oracle Cloud Infrastructure?

Internet Gateway (IG), Network Address Translation (NAT) Gateway, and IPsec tunnel

Internet Gateway, Customer Premises Equipment (CPE), and IPsec tunnel

Dynamic Routing Gateway (DRG), Customer Premises Equipment (CPE), and IPsec tunnel

(Correct)

Dynamic Routing Gateway (DRG), NAT Gateway, and IPsec tunnel

Explanation
Site-to-Site VPN Components:

CPE OBJECT: At your end of Site-to-Site VPN is the actual device in your on-premises network (whether
hardware or software). The term customer-premises equipment (CPE) is commonly used in some industries to
refer to this type of on-premises equipment.

DYNAMIC ROUTING GATEWAY (DRG): At Oracle's end of Site-to-Site VPN is a virtual router called a dynamic
routing gateway, which is the gateway into your VCN from your on-premises network.

IPSEC CONNECTION: After creating the CPE object and DRG, you connect them by creating an IPSec
connection, which you can think of as a parent object that represents the Site-to-Site VPN.
TUNNEL: An IPSec tunnel is used to encrypt traffic between secure IPSec endpoints. Oracle creates two tunnels
in each IPSec connection for redundancy.

So, Internet Gateway, NAT Gateway are NOT valid Site-to-Site VPN Components.

Hence, Dynamic Routing Gateway (DRG), Customer Premises Equipment (CPE), and IPsec tunnel is the
CORRECT answer.

Question 20: Incorrect

What is the primary purpose of an Oracle Cloud Infrastructure Identity Domain?

Create isolated networks for resources within the tenancy for enhanced security.

Provide a centralized location for storing and managing user credentials and access.

(Correct)

Establish a secure, private connection between the tenancy and other Oracle Cloud services.

(Incorrect)

Define the roles and privileges assigned to a user or group of users within the tenancy.
Explanation
Oracle Cloud Infrastructure (OCI) Identity Domain is the access control plane for Oracle Cloud. An identity
domain is a container for managing users and roles, federating and provisioning of users, secure application
integration through Oracle Single Sign-On (SSO) configuration, and SAML and OAuth based Identity Provider
administration.
Question 21: Incorrect
A company has deployed an application in Oracle Cloud Infrastructure consisting of multiple web servers,
database servers, and application servers. The company wants to restrict communication between these
components, allowing only the necessary traffic between them. Which OCI feature would be most suitable to
achieve this objective?

Use Route Tables to define custom routing policies between each component.


 Use Security Lists to configure network access rules for the entire Virtual Cloud Network.

(Incorrect)

Use Virtual Cloud Networks to create isolated networks for each component.

Use Network Security Groups to apply specific firewall rules for each component.

(Correct)

Explanation
Network security groups (NSGs) act as a virtual firewall for your compute instances .

An NSG consists of a set of ingress and egress security rules that apply only to a set of VNICs of your choice in a
single VCN (for example: all the compute instances that act as web servers in the web tier of a multi-tier
application in your VCN).

Hence, "Use Network Security Groups to apply specific firewall rules for each component." is the CORRECT
answer.

In this question , you can straightaway reject "Use Virtual Cloud Networks to create isolated networks for each
component." and "Use Route Tables to define custom routing policies between each component." options.

NSG wins here due to the keywords "restrict communication between these components" in the question. A
network security group (NSG) provides a virtual firewall for a set of cloud resources that all have the same
security posture.

Question 22: Incorrect

To achieve high availability in a 2-node RAC DB System in Oracle Cloud Infrastructure, what would you use to
distribute your nodes to provide database instance fault isolation?

Fault Domains

(Correct)

Availability Domains

(Incorrect)


 Remote region

Local region
Explanation
A fault domain is a grouping of hardware and infrastructure within an availability domain.

Fault domains provide anti-affinity: they let you distribute your instances so that the instances are not on the
same physical hardware within a single availability domain.

To control the placement of your compute instances, bare metal DB system instances, or virtual machine DB
system instances, you can optionally specify the fault domain for a new instance or instance pool at launch
time.

Question 23: Correct

A company wants to seamlessly build a private interconnection between their OCI and Microsoft Azure
environments with consistent performance and low latency. They want to enable their cloud engineers to set
up Single Sign-On (SSO) between Microsoft Azure and OCI for their Oracle applications, such as PeopleSoft, JD
Edwards EnterpriseOne, and E-Business Suite.

Which technology integration can the company use to achieve this goal?

Oracle FastConnect and Azure ExpressRoute

(Correct)

OCI Site-to-Site VPN and Azure Site-to-Site VPN

Cloud Interconnect and Virtual WAN

Direct Connect and Azure VPN Gateway

Explanation
By using Oracle FastConnect and Azure ExpressRoute, customers can seamlessly build a private
interconnection between their OCI and Microsoft Azure environments. The Interconnect also enables joint
customers to take advantage of a unified identity and access management platform that leads to cost savings.
Cloud engineers can set up SSO between Microsoft Azure and OCI for their Oracle applications, such as
PeopleSoft, JD Edwards EnterpriseOne, and E-Business Suite. Having a federated SSO makes the integration
seamless and allows users to authenticate only once to access multiple applications, without signing in
separately to access each application.
Question 24: Incorrect
Which type of traffic is NOT supported by the OCI-Azure Interconnect?

Traffic between an Azure VNet and peered OCI VCNs in different regions

Traffic between an Azure VNet and an OCI VCN

Traffic between an Azure VNet and peered OCI VCNs in the same region

(Incorrect)

Traffic between an on-premises network and Azure VNet through the OCI VCN

(Correct)

Explanation
You can connect your VNet and VCN so that traffic that uses private IP addresses goes over the cross-cloud
connection.

The connection enables traffic to flow from the VNet through the connected VCN to a peered VCN in the
same Oracle Cloud Infrastructure region, or a different region.

The Cross-cloud connection does not enable traffic between your on-premises network through the VCN to
the VNet, or from your on-premises network through the VNet to the VCN.

Question 25: Incorrect

Which is a database service that CANNOT be provisioned in the Oracle Public Cloud?

Autonomous Database on Dedicated Infrastructure

Exadata Database Service on Shared Infrastructure

(Correct)

Exadata Database Service on Dedicated Infrastructure

 

Autonomous Database on Shared Infrastructure

(Incorrect)

Explanation
As you can see in the screenshot, Exadata Database Service on Shared Infrastructure is NOT supported.

Question 26: Incorrect

Which workload type is NOT optimized for Oracle Autonomous Database on Shared Exadata Infrastructure?

Data warehousing

High-performance computing

(Correct)

Transaction processing

Mixed workloads

(Incorrect)

Explanation
Autonomous Database supports different workload types, including: Data Warehouse, Transaction Processing,
JSON Database, and APEX Service.
Autonomous Database provides all of the performance of the market-leading Oracle Database in an
environment that is tuned and optimized to meet the demands of a variety of applications, including: mission-
critical transaction processing, mixed transactions and analytics, IoT, and JSON document store.
Question 27: Incorrect
What should you do to prepare your Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) for
potential security risks when connected to a Microsoft Azure VNet?

Allow all traffic from the Azure VNet without restrictions.

Remove all OCI security rules.

Limit all inbound and outbound traffic from the Azure VNet to expected and well-defined traffic.

(Correct)


 Disable the connection between Azure VNet and OCI VCN.

(Incorrect)

Explanation
Controlling Traffic Flow Over the Connection

Even if a connection has been established between your VCN and VNet, you can control the packet flow over
the connection with route tables in your VCN. For example, you can restrict traffic to only specific subnets in
the VNet.

Controlling the Specific Types of Traffic Allowed

It's important that you ensure that all outbound and inbound traffic with the VNet is intended or expected and
well defined. Implement Azure network security group and Oracle security rules that explicitly state the types
of traffic one cloud can send to the other and accept from the other.

Question 28: Correct

What is the purpose of using Oracle Cloud Infrastructure (OCI) Identity and Access Management (IAM) policies
in a cross-cloud connection between Microsoft Azure and OCI?

To control the bandwidth of the connection between the Azure VNet and the OCI VCN

To control the location of the cross-cloud connection

To control the type of traffic allowed between the Azure VNet and the OCI VCN

To control who can manage OCI route tables, network security groups, and security lists

(Correct)

Explanation
Controlling the Establishment of a Connection

With Oracle Cloud Infrastructure IAM policies, you can control:

 Who in your organization has the authority to create a FastConnect virtual circuit.
 Who can manage route tables, network security groups, and security lists.

Oracle and Microsoft have created a cross-cloud connection between Oracle Cloud Infrastructure and
Microsoft Azure in certain regions. So, the option "To control the location of the cross-cloud connection" has
nothing to do with IAM policies and hence is INCORRECT.
The option "To control the type of traffic allowed between the Azure VNet and the OCI VCN" is also
INCORRECT as you use Security Lists/Network Security Group to filter traffic and not IAM policies.

IAM policies also have no role to play in determining the bandwidth of the connection.

Question 29: Incorrect

An enterprise has a workload running in a VNet in Microsoft Azure and a database running in a VCN in Oracle
Cloud Infrastructure. The enterprise wants to set up a private, secure, and isolated network connection
between the two clouds to enable traffic flow between the workload and the database. Which option can be
used to achieve this requirement?

Use Azure ExpressRoute and Oracle FastConnect to create a private interconnection between the
Azure VNet and the OCI VCN.

(Correct)

Use Azure VPN and Oracle FastConnect to establish a private and secure tunnel between the Azure
VNet and the OCI VCN.

Use Azure Private Link to create a private connection between the workload and the database.

(Incorrect)

Use public internet to establish connectivity between the Microsoft Azure VNet and the OCI VCN.
Explanation
As per the question, the keywords are "The enterprise wants to set up a private, secure, and isolated network
connection between the two clouds"

Use public internet to establish connectivity between the Microsoft Azure VNet and the OCI VCN
- INCORRECT as this option won't provide private, secure and isolated connection.

Use Azure VPN and Oracle FastConnect to establish a private and secure tunnel between the Azure VNet and
the OCI VCN is INCORRECT as it won't provide a isolated connection.

Use Azure Private Link to create a private connection between the workload and the database is INCORRECT as
Azure Private Link enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database)
and Azure hosted customer-owned/partner services over a private endpoint in your virtual network.
Use Azure ExpressRoute and Oracle FastConnect to create a private interconnection between the Azure VNet
and the OCI VCN. is CORRECT. To create an integrated multi-cloud experience, Microsoft and Oracle offer
direct interconnection between Azure and Oracle Cloud Infrastructure (OCI) through ExpressRoute and
FastConnect. Through the ExpressRoute and FastConnect interconnection, customers can experience low
latency, high throughput, private direct connectivity between the two clouds.

Question 30: Incorrect

What encryption protocol is used to secure data transmission in an OCI Site-to-Site VPN connection?

Datagram Transport Layer Security (DTLS)

Transport Layer Security (TLS)

Internet Protocol Security (IPSec)

(Correct)

Secure Sockets Layer (SSL)

(Incorrect)

Explanation
Site-to-Site VPN provides a site-to-site IPSec connection between your on-premises network and your virtual
cloud network (VCN). The IPSec protocol suite encrypts IP traffic before the packets are transferred from the
source to the destination and decrypts the traffic when it arrives.
Continue
Retake test

Question 1:
Skipped
An organization wants to deploy Oracle Database Service for Azure in the existing Oracle Cloud Infrastructure
and Azure tenancies that are in the supported regions. However, they want to have full control over the Azure
permissions that should be granted.

Which option should they choose during the sign-up process?

 Fully automated configuration

  Fully scripted configuration

 Guided account linking (Correct)

 Auto pilot linking

Explanation
The keyword mentioned in the question is "However, they want to have full control over the Azure
permissions that should be granted. "

The fully-automated onboarding option for OracleDB for Azure is faster and more convenient than the guided
account linking, but some organizations may have security policies that do not allow them to grant the
required permissions to the Oracle Database Service enterprise application that runs in their Azure account.

Guided onboarding is provided for customers who do not want to grant OracleDB for Azure all the Azure
permissions required for fully automated onboarding.

The remaining two options - Auto pilot linking and Fully scripted configuration are INVALID. There doesn't
exist anything like these in Oracle Database Service for Azure onboarding.

Hence the correct answer is Guided account linking

Question 2:
Skipped
Which is NOT a security capability available with OracleDB for Azure?

 Automatic security updates for the database

 IPsec tunnel (Correct)

 Encryption of data at rest and in transit

 Security features such as network isolation and access controls

Question 3:
Skipped
What Azure admin roles are required for an Azure user to use the fully-automated onboarding option for
OracleDB for Azure?

 Resource Group Contributor, Subscription Contributor, Backup Contributor, or Storage Account

Contributor

 Application Administrator, Cloud Application Administrator, Privileged Role Administrator, or

Global Administrator (Correct)

 Network Contributor, Security Reader, User Access Administrator, or Virtual Machine

Contributor
  Key Vault Administrator, Log Analytics Contributor, or Security Manager

Explanation
The automated onboarding process requires that the Azure user onboarding to OracleDB for Azure have at
least one of the following admin roles:

Application Administrator, Cloud Application Administrator, Privileged Role Administrator, or Global

Administrator.

Reference: Fully-Automated Onboarding (oracle.com)

Question 4:
Skipped
Which is NOT an Azure resource that is created when you provision a database using Oracle Database Service
for Azure?

Custom Dashboard workspace

Log Analytics workspace

Oracle Database Service

(Correct)

Application Insights workspace

Explanation
Log Analytics Workspace, Application Insights and Custom Dashboard are Azure resources and hence we can
eliminate these options.

We are left with Oracle Database Service which is the CORRECT answer.

Question 5:
Skipped
How does Oracle Database Service for Azure enable bidirectional communication between applications in the
Azure tenancy and database resources in OracleDB for Azure?

By granting the Oracle Database Service enterprise application specific roles in Azure
 

By federating the Azure tenant’s Azure Active Directory (AAD) with an OCI identity domain

By creating a custom Azure dashboard for each database

By configuring DNS on both sides of the Interconnect

(Correct)

Explanation
With OCI multicloud's OracleDB for Azure, your database resources reside in an OCI account that is linked to
your Azure account through Oracle Interconnect for Microsoft Azure, an Oracle-managed tunnel connection.

OracleDB for Azure configures DNS on both sides of the Interconnect to enable bi-directional
communication between applications in the Azure tenancy and database resources in OracleDB for Azure.

Question 6:
Skipped
Which database system does NOT require an Azure Virtual Network during provisioning?

Autonomous Database on shared Exadata infrastructure

(Correct)

Oracle Exadata Database

MySQL Database with HeatWave

Base Database with Oracle Enterprise Edition or Oracle Standard Edition 2

Explanation
See the screenshots below for the databases mentioned in the question:
You can see the Azure Virtual Network option for Base Database, MySQL Database with HeatWave and Oracle
Exadata Database.

Base Database: Requires Azure Virtual Network

MySQL Database with HeatWave: Requires Azure Virtual Network

Oracle Exadata Database : Requires Azure Virtual Network

Autonomous Database on shared Exadata infrastructure: DOES NOT require an Azure VNeT
 Question 7:
Skipped
What is the primary Oracle Cloud Infrastructure region associated with an OCI account during OracleDB for
Azure setup?

The home region of the OCI account

The region with the lowest latency for Azure communication

The region specified during OracleDB for Azure onboarding

(Correct)

The region with the most available resources for OracleDB for Azure
Explanation
Identify the primary OCI region you want to use as your default region for OracleDB for Azure resource
provisioning.

During OracleDB for Azure setup, this region becomes the primary OCI region associated with your OCI
account.

Question 8:
Skipped
You plan to use OracleDB Service for Azure to easily provision, access, and operate enterprise-grade Oracle
Database services in Oracle Cloud Infrastructure (OCI) with a familiar Azure-like experience. What should you
do to sign up for the OracleDB for Azure service?

Visit the sign up website at https://signup.multicloud.azure.com/oracle

Visit the Azure portal and navigate to the Oracle Database Service page.

Contact Oracle support to request access to the service.

Visit the sign up website at https://signup.multicloud.oracle.com/azure

(Correct)

Explanation
To start OracleDB for Azure onboarding, go to https://signup.multicloud.oracle.com/azure

Reference: OracleDB for Azure Onboarding Steps

Question 9:
Skipped
How do Azure administrators and developers connect their applications to Oracle databases using Oracle
Database Service for Azure?

By connecting to the Oracle databases using database links

By manually creating complex cross-cloud deployments using the Interconnect

By connecting to the Oracle databases using connection strings

(Correct)


 By learning OCI and working in the OCI Console
Explanation
The same way you do in Azure today. Each database resource created by Oracle Database Service for Azure
gets an Azure connection string you can use to connect to the database from any Azure application.

During onboarding, Oracle Database Service for Azure creates network connections between the cloud
environments.

During database provisioning, Oracle Database Service for Azure defines the DNS entries and connection
strings needed to access the resource from Azure.

Azure developers (and applications) don’t need to know anything about Oracle Database Service for Azure—all
they need is the connection string. Oracle publishes the connection string on the custom dashboard it creates
for the database in Azure, so developers don’t have to leave the Azure portal to get what they need to access
the database from their applications.

Hence, the CORRECT ANSWER is "By connecting to the Oracle databases using connection strings"

Question 10:
Skipped
How does Oracle Database Service for Azure simplify cross-cloud deployments for customers?

By offering more database types than any other cloud service provider

By allowing customers to manually create cross-cloud deployments using the Interconnect

By using an automated service–based approach for cross-cloud deployment

(Correct)

By providing more storage and computing resources than any other cloud service provider
Explanation
Oracle Database Service for Azure (OracleDB for Azure) is an Oracle managed service delivering Oracle
Database services in Oracle Cloud Infrastructure (OCI) directly to Microsoft Azure customers through the OCI
Azure Interconnect (a capability available between the two cloud environments in regions located around the
world).

OracleDB for Azure uses a service-based approach, and is an alternative to manually creating complex cross-
cloud deployments using the Interconnect.

Question 11:
Skipped
What is the role of the Oracle Database Service enterprise application in OracleDB for Azure?
 

It allows you to add database compute servers and storage servers to your system at any time after
provisioning.

It provides a distributed, scalable, shared-nothing, in-memory, hybrid columnar, query processing

engine designed for extreme performance.

It allows users to log in to the OCI Console with the same Azure credentials for Azure and the
OracleDB for Azure portal.

It creates and manages resources in the Azure subscription, streams OCI Database metrics to Azure
App Insights and events to Azure Log Analytics, and configures network settings in Azure so that
Azure resources can access database resources in OCI.

(Correct)

Explanation
The Oracle Database Service multitenant application can:

 Create and manage resources in the subscription (for example, the custom dashboard, Azure App
Insights, and Azure Log Analytics workspaces OracleDB for Azure creates for each provisioned
database).
 Stream OCI Database metrics to Azure App Insights and events to Azure Log Analytics.
 Configure network settings in Azure so Azure resources can access the database resources in OCI.
 Submit events to Azure Event Grid.

More read: Preparation and Prerequisites for OracleDB for Azure