If you are looking for free 1z0-1085-22 dumps than here we have some sample question answers available. You can prepare from our Oracle 1z0-1085-22 exam questions notes and prepare exam with this practice test. Check below our updated 1z0-1085-22 exam dumps.
DumpsGroup are top class study material providers and our inclusive range of 1z0-1085-22 Real exam questions would be your key to success in Oracle Oracle Cloud Solutions Infrastructure Certification Exam in just first attempt. We have an excellent material covering almost all the topics of Oracle 1z0-1085-22 exam. You can get this material in Oracle 1z0-1085-22 PDF and 1z0-1085-22 practice test engine formats designed similar to the Real Exam Questions. Free 1z0-1085-22 questions answers and free Oracle 1z0-1085-22 study material is available here to get an idea about the quality and accuracy of our study material.
Sample Question 4
Which statement about Oracle Cloud Infrastructure (OCI) shared security model is true?
A. You are responsible for managing security controls within the physical OCInetwork. B. You are not responsible for any aspect of security in OCI. C. You are responsible for securing all data that you place in OCI D. You are responsible for securing the hypervisor within OCI Compute service.
Answer: C Explanation: Oracle Cloud Infrastructureoffers best-in-class security technology and operational processes to secure its enterprise cloud services. However, for you to securely run your workloads in Oracle Cloud Infrastructure, you must be aware of your security and compliance responsibilities.By design, Oracle provides security of cloud infrastructure and operations (cloud operator access controls, infrastructure security patching, and so on), and you are responsible for securely configuring your cloud resources. Security in the cloud
is a shared responsibility between you and Oracle.
In a shared, multi-tenant compute environment, Oracle is responsible for the security of the
underlying cloud infrastructure (such as data-center facilities, and hardware and software
systems) and you are responsible for securing your workloads and configuring your
services (such as compute, network, storage, and database) securely.
In a fully isolated, single-tenant, bare metal server with no Oracle software on it, your
responsibility increases as you bring the entire software stack (operating systems and
above) on which you deploy your applications. In this environment, you are responsible for
securing your workloads, and configuring your services (compute, network, storage,
database) securely, and ensuring that the software components that you run on the bare
metal servers are configured, deployed, and managed securely.
More specifically, your and Oracle's responsibilities can be divided into the following areas:
Identity and Access Management (IAM): As with all Oracle cloud services, you should
protect your cloud access credentials and set up individual user accounts. You are
responsible for managing and reviewing access for your own employee accounts and for all
activities that occur under your tenancy. Oracle isresponsible for providing effective IAM
services such as identity management, authentication, authorization, and auditing.
Workload Security: You are responsible for protecting and securing the operating system
and application layers of your compute instances from attacks and compromises. This
protection includes patching applications and operating systems, operating system
configuration, and protection against malware and network attacks. Oracle is responsible
for providing secure images that are hardenedand have the latest patches. Also, Oracle
makes it simple for you to bring the same third-party security solutions that you use today.
Data Classification and Compliance: You are responsible for correctly classifying and
labeling your data and meeting anycompliance obligations. Also, you are responsible for
auditing your solutions to ensure that they meet your compliance obligations.
Host Infrastructure Security: You are responsible for securely configuring and managing
your compute (virtual hosts, containers), storage (object, local storage, block volumes), and
platform (database configuration) services. Oracle has a shared responsibility with you to
ensure that the service is optimally configured and secured. This responsibility includes
hypervisor security and the configuration of the permissions and network access controls
required to ensure that hosts can communicate correctly and that devices are able to
attach or mount the correct storage devices.
Network Security: You are responsible for securely configuring network elements such as
virtual networking, load balancing, DNS, and gateways. Oracle is responsible for providing
a secure network infrastructure.
Client and Endpoint Protection: Your enterprise uses various hardware and software
systems, such as mobile devices and browsers, to access your cloud resources. You are
responsible for securing all clients and endpoints that you allow to access Oracle Cloud Infrastructure services.
Physical Security: Oracle is responsible for protecting the global infrastructure that runs all
of the services offered in Oracle Cloud Infrastructure. This infrastructure consists of the
hardware, software, networking, and facilities that run Oracle Cloud Infrastructure services.
Reference:
https://www.oracle.com/a/ocom/docs/oracle-cloud-infrastructure-security-architecture.pdf
Sample Question 5
Your company hasdeployed a business critical application in Oracle Cloud Infrastructure.
What should you do to ensure that your application has the highest level of resilience and
availability?
A. Deploy the application across multiple Availability Domains and Subnets B. Deploy the application across multiple Virtual Cloud Networks C. Deploy the application across multiple Regions and Availability Domains D. Deploy the application across multiple Availability Domains and Fault Domains
Answer: C Explanation: To design a high availability architecture, three key elements should be considered— redundancy, monitoring, and failover: 1) Redundancy means that multiple components can perform the same task. The problem of a single point of failure is eliminated because redundant components cantake over a task performed by a component that has failed. 2) Monitoring means checking whether or not a component is working properly. 3) Failover is the process by which a secondary component becomes primary when the primary component fails. The best practices introduced here focus on these three key elements. Although high availability can be achieved at many different levels, including the application level and the cloud infrastructure level, here we will focus on the cloud infrastructure level. An Oracle Cloud Infrastructure region is a localized geographic area composed of one or
more availability domains, each composed of three fault domains. High availability is
ensured by a redundancy of fault domains within the availability domains.
An availability domain is one or more data centers located within a region. Availability
domains are isolated from each other, fault tolerant, and unlikely to fail simultaneously.
Because availability domains do not share physical infrastructure, such as power or
cooling, or the internal availability domain network, a failure that impacts one availability
domain is unlikely to impact the availability of others.
A fault domain is a grouping of hardware and infrastructure within an availability domain.
Each availability domain contains three fault domains. Fault domains let you distribute your
instances so that they are not on the same physical hardware within a single availability
domain. As a result, an unexpected hardware failure or a Compute hardware maintenance
that affects one fault domain does not affect instances in other fault domains. You can
optionally specify the fault domain for a new instance at launch time, or you can let the
system select one for you.
All the availability domains in a region are connected toeach other by a low-latency, high
bandwidth network. This predictable, encrypted interconnection between availability
domains provides the building blocks for both high availability and disaster recovery.
Reference: https://docs.oracle.com/en/solutions/design-ha/index.html#GUID-76ECDDB4-
4CB1-4D93-9A6D-A8B620F72369
Sample Question 6
Which Oracle Cloud Infrastructure storage service can provide a shared file system across
multiple compute instances?
A. file Storage B. Local NVMe C. Object Storage D. Archive storage
Answer: A Explanation: Oracle Cloud Infrastructure File Storage service provides a durable, scalable,
secure, enterprise-grade network file system. You can connect to a File Storage service file
system from any bare metal, virtual machine, or container instance in your Virtual Cloud
Network (VCN). You can also access a file system from outside the VCN using Oracle
Cloud Infrastructure FastConnect and Internet Protocol security (IPSec) virtual private
network (VPN).
Large Compute clusters of thousands of instances can use the File Storage service
for high-performance shared storage. Storage provisioning is fully managed and automatic
as your use scales from a single byte to exabytes withoutupfront provisioning.
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/File/Concepts/filestorageoverview.htm
Sample Question 7
What purpose does an Oracle Cloud Infrastructure (OCI) Dynamic Routing Gateway
Serve?
A. Enables OCI Compute Instance to privately connect to OCI Object Storage B. Enables OCI Compute instance to connect to on-promises environments C. Enable OCI Compute instances to connect to the internal D. Enables OCI Compute instances to be reached from internet
Answer: B Explanation: You can think of a Dynamic Routing Gateway (DRG) as a virtual router that provides a path for private traffic (that is, traffic thatuses private IPv4 addresses) between your VCN and networks outside the VCN's region. For example, if you use an IPSec VPN or Oracle Cloud Infrastructure FastConnect (or both) to connect your on-premises network to your VCN, that private IPv4 address traffic goes through a DRG that you create and attach to your VCN. For scenarios for using a DRG to connect a VCN to your on-premises network, see Networking Scenarios. For important details about routing to your on-premises network, see Routing Details for Connections toYour On-Premises Network. Also, if you decide to peer your VCN with a VCN in another region, your VCN's DRG routes traffic to the other VCN over a private backbone that connects the regions (without traffic traversing the internet). For information about connecting VCNs in different regions, see Remote VCN Peering (Across Regions). Reference: https://docs.cloud.oracle.com/en-us/iaas/tools/ocicli/2.9.1/oci_cli_docs/cmdref/network/drg.html
Sample Question 8
Which feature allows you to group and logically isolate your Oracle Cloud
Infrastructure (OCI) resources?
A. Tenancy B. Identity and Access Management Groups C. Availability Domains D. Compartments
Answer: D Explanation: It is collection of related resources. Compartments are a fundamental component of Oracle Cloud Infrastructure for organizing and isolating your cloud resources. You use them to clearly separate resources for the purposes of measuring usage and billing, access (through the use of IAM Service policies), and isolation (separating the resources for one project or business unit from another). A common approach is to create a compartment for each major part of your organization. For more information, see Overview of the IAM Service and also Setting Up Your Tenancy. To place a resource in a compartment, simply specify the compartment ID in the "Create" request object when initially creating the resource. For example, to launch an instance into a particular compartment, specify that compartment's OCID in the LaunchInstance request. You can't move an existing resource from one compartment to another. To use any of the API operations, you must be authorized in an IAM policy. If you're not authorized, talk to an administrator. Ifyou're an administrator who needs to write policies to give users access, see Getting Started with Policies. Reference: https://docs.cloud.oracle.com/en-us/iaas/tools/ocicli/2.9.9/oci_cli_docs/cmdref/iam/compartment.htm...
Sample Question 9
You want to leverage a managed Real Application Cluster (RAC) offering in Oracle Cloud
Infrastructure. which OCIManaged database service would you choose?
A. Autonomous Transaction Processing (shared) B. VM DB System C. Autonomous Data Warehousing (shared) D. Bare Metal DB Systems
Answer: B Explanation: There are 2 types of DB systems on virtual machines: A 1-node VMDB system consists of one VM. A 2-node VM DB system consists of two VMs clustered with RAC enabled. Reference: https://docs.cloud.oracle.com/en-us/iaas/Content/Database/Concepts/overview.htm Oracle Cloud Infrastructure offers single-node DB systems on either bare metal or virtual machines, and 2-node RAC DB systems on virtual machines. If you need to provision a DB system for development or testing purposes, then a special fast provisioning single-node virtual machine system is available. You can manage these systems by using the Console, the API, the OracleCloud Infrastructure CLI, the Database CLI (DBCLI), Enterprise Manager, Enterprise Manager Express, or SQL Developer. Reference: https://docs.cloud.oracle.com/enus/iaas/Content/Database/Concepts/overview.htm
Sample Question 10
Which of the following is an example of an edge service in OCI?
A. DNS ZoneManagement B. Virtual Machines C. OCI compute instances D. Oracle Data Guard
Answer: A Explanation: The Oracle Cloud Infrastructure Domain Name System (DNS) service lets you create and manage your DNS zones. You can create zones, add records to zones, and allow Oracle Cloud Infrastructure's edge network to handle your domain's DNS queries.
Which is NOT considered a security resource within Oracle Cloud Infrastructure?
A. Network Security Group B. Web Application Firewall C. File Storage Service D. Security Lists
Answer: C
Explanation: Oracle Cloud Infrastructure File Storage service provides a durable, scalable,
secure, enterprise-grade network file system. You can connect to a File Storage service file
system from any bare metal, virtualmachine, or container instance in your Virtual Cloud
Network (VCN).
You can control the access of the file system from FSS by applying some security rules
and others but the services it self not related to security but it related to shared storage
nce:
https://docs.cloud.oracle.com/en-us/iaas/Content/File/Concepts/filestorageoverview.htm
Sample Question 12
Which three components are part of Oracle Cloud Infrastructure Identity and Access
Management service?
A. Virtual Cloud Networks B. Policies C. Regional Subnets D. Dynamic Groups E. Roles F. Compute Instances G. Users
Answer: B,D,G Explanation: IAM components are
RESOURCE
Thecloud objects that your company's employees create and use when interacting with
Oracle Cloud Infrastructure. For example: compute instances, block storage volumes,
virtual cloud networks (VCNs), subnets, route tables, etc.
USER
An individual employee or system that needs to manage or use your company's Oracle
Cloud Infrastructure resources. Users might need to launch instances, manage remote
disks, work with your virtual cloud network, etc. End users of your application are not
typically IAM users. Users have one or more IAM credentials (see User Credentials).
POLICY
A document that specifies who can access which resources, and how. Access is granted
atthe group and compartment level, which means you can write a policy that gives a group
a specific type of access within a specific compartment, or to the tenancy itself. If you give
a group access to the tenancy, the group automatically gets the same typeof access to all
the compartments inside the tenancy. For more information, see Example
Scenario and How Policies Work. The word "policy" is used by people in different ways: to
mean an individual statement written in the policy language; to mean a collection of
statements in a single, named "policy" document(which has an Oracle Cloud ID (OCID)
assigned to it); and to mean the overall body of policies your organization uses to control
access to resources.
GROUP
A collection of users who all need the same type of access to a particular set of resources
or compartment.
DYNAMIC GROUP
A special type of group that contains resources (such as compute instances) that match
rules that you define (thus the membership can change dynamically as matching resources
are created or deleted). These instances act as "principal" actors and can make API calls
to services according to policies that you write for the dynamic group.
NETWORK SOURCE
A group of IP addresses that are allowed to access resources in your tenancy. The IP
addresses can be public IP addresses or IP addressesfrom a VCN within your tenancy.
After you create the network source, you use policy to restrict access to only requests that
originate from the IPs in the network source. COMPARTMENT
A collection of related resources. Compartments are a fundamental component of Oracle
Cloud Infrastructure for organizing and isolating your cloud resources. You use them to
clearly separate resources for the purposes of measuring usage and billing, access
(through the use of policies), and isolation (separating the resourcesfor one project or
business unit from another). A common approach is to create a compartment for each
major part of your organization. For more information, see Setting Up Your Tenancy.
TENANCY
The root compartment that contains all of your organization's Oracle Cloud Infrastructure
resources. Oracle automatically creates your company's tenancy for you. Directly within the
tenancy are your IAM entities (users, groups, compartments, and some policies; you can
also put policies into compartments inside the tenancy). You place the other types of cloud
resources (e.g., instances, virtual networks, block storage volumes, etc.) inside the
compartments that you create.
HOME REGION
The region where your IAM resources reside. All IAM resources are global and available
across all regions, but the master set of definitions reside in a single region, the home
region. You must make changes to your IAM resources in your homeregion. The changes
will be automatically propagated to all regions. For more information, see Managing
Regions.
FEDERATION
A relationship that an administrator configures between an identity provider and a service
provider. When you federate Oracle Cloud Infrastructure with an identity provider, you
manage users and groups in the identity provider. You manage authorization in Oracle
Cloud Infrastructure'sIAM service. Oracle Cloud Infrastructure tenancies are federated with
Oracle Identity Cloud Service by default.
Reference:
https://docs.cloud.oracle.com/en-us/iaas/data-safe/doc/iam-components.html
Sample Question 13
Which Oracle Cloud Infrastructure (OCI) database solution will be most economical for a
customer looking to have the elasticity of the cloud with minimal administration and maintenance effort for their DBA team?
A. OCI Bare Metal DB Systems B. OCI Virtual Machine DB Systems C. OCI Exadata DB Systems. D. OCI Autonomous Database
Answer: C Explanation: Exadata DB systems allow you to leverage the power of Exadata within the Oracle Cloud Infrastructure. An Exadata DB system consists of a basesystem, quarter rack, half rack, or full rack of compute nodes and storage servers, tied together by a highspeed, low-latency InfiniBand network and intelligent Exadata software. You can configure automatic backups, optimize for different workloads, and scale up the system to meet increased demands. Oracle now offers the Zero Downtime Migration service, a quick and easy way to move onpremises Oracle Databases and Oracle Cloud Infrastructure Classic databases to Oracle Cloud Infrastructure. You can migrate databases to the following types of Oracle Cloud Infrastructure systems: Exadata, Exadata Cloud@Customer, bare metal, and virtual machine. Zero Downtime Migration leverages Oracle Active Data Guard to create a standby instance of your database in an Oracle Cloud Infrastructure system. You switch over only when you are ready, and your source database remains available as a standby. Use the Zero Downtime Migration service to migrate databases individually or at the fleet level. See Move to Oracle Cloud Using Zero Downtime Migration for more information. Reference: https://docs.cloud.oracle.com/enus/iaas/Content/Database/Concepts/exaoverview.htm
Sample Question 14
What does compute instance vertical scaling mean?
A. Providing Fault tolerance B. Adding additional compute instances C. Enabling Disaster recovery D. Changing to a large or smaller shape
Answer: D Explanation: Changing the Shape of an Instance (Horizontal Scaling) You can change the shape of a virtual machine (VM) instance without having to rebuild your instances or redeploy your applications. This lets you scale up your Compute resources for increased performance, or scale down to reduce cost. Autoscaling (vertical scaling) Autoscaling lets youautomatically adjust the number of Compute instances in an instance pool based on performance metrics such as CPU utilization. This helps you provide consistent performance for your end users during periods of high demand, and helps you reduce your costs during periods of low demand. As load increases, instances are automatically provisioned: the instance pool scales out. As load decreases, instances are automatically removed: the instance pool scales in.
Sample Question 15
Which statement about the Oracle Cloud Infrastructure (OCI) shared-security model is
true?
A. You are responsible for securing all data that you place in OCI B. You are not responsible for any aspect of security in OCI C. You are responsible for securing the hypervisor within OCIcompute service D. You are responsible for managing security controls within the physical OCI network
Answer: A Explanation: ExplanationOracle Cloud Infrastructure offers best-in-class security
technology and operational processes to secure its enterprise cloud services. However, for
you to securely run your workloads in Oracle Cloud Infrastructure, you must be aware of
your security and compliance responsibilities. By design, Oracle provides security of cloud
infrastructure and operations (cloud operator access controls, infrastructure security
patching, and so on), and you are responsible for securely configuring your cloud
resources. Security in the cloud is a shared responsibility between you and Oracle.
In a shared, multi-tenant compute environment, Oracle is responsible for the security of the
underlying cloud infrastructure (such as data-center facilities, and hardware and software
systems) and you are responsible for securing your workloads and configuring your
services (such as compute, network, storage, anddatabase) securely.
In a fully isolated, single-tenant, bare metal server with no Oracle software on it, your
responsibility increases as you bring the entire software stack (operating systems and
above) on which you deploy your applications. In this environment, you are responsible for securing your workloads, and configuring your services (compute, network, storage,
database) securely, and ensuring that the software components that you run on the bare
metal servers are configured, deployed, and managed securely.
The responsibilities can be divided as:
Sample Question 16
You are setting up a proof of concept (POC) and need to quickly establish a secure
between an on-premises data center andOracle Cloud Infrastructure (OCI).
Which OCI service should you implement?
A. VCN Peering B. FastConnect C. Internet Gateway D. IPSec VPN
Answer: D Explanation: You can set up a single IPSec VPN with a simple layout that you might use for a proof of concept (POC). erence: https://docs.cloud.oracle.com/en-us/iaas/Content/Network/Tasks/settingupIPsec.htm
It is possible to set up a site-to-site Virtual Private Network(VPN) Connection between your
on-premises network (a data center or corporate LAN) and your Oracle virtual cloud
network (VCN) over a secure encrypted VPN. The VPN connection uses industry-standard
IPSec protocols. The Oracle service that provides site-to-site connectivity is named VPN
Connect (also referred to as an IPSec VPN).
Reference: https://docs.cloud.oracle.com/enus/iaas/Content/Network/Tasks/managingIPsec.htm
Sample Question 17
Which feature is not component of Oracle cloud Infrastructure identity and Access
management service?
A. federation B. User Credential C. Network SecurityGroup D. Policies
Answer: C Explanation: Components of IAM RESOURCE The cloud objects that your company's employees create and use when interacting with Oracle Cloud Infrastructure. For example: compute instances, block storage volumes virtual cloud networks (VCNs),subnets, route tables, etc.
USER
An individual employee or system that needs to manage or use your company's Oracle
Cloud Infrastructure resources. Users might need to launch instances, manage remote
disks, work with your virtual cloud network, etc. Endusers of your application are not
typically IAM users. Users have one or more IAM credentials (see User Credentials).
GROUP
A collection of users who all need the same type of access to a particular set of resources
or compartment.
DYNAMIC GROUP
A special type of group that contains resources (such as compute instances) that match
rules that you define (thus the membership can change dynamically as matching resources
are created or deleted). These instances act as "principal" actors and can make API calls
to services according to policies that you write for the dynamic group.
NETWORK SOURCE
A group of IP addresses that are allowed to access resources in your tenancy. The IP
addresses can be public IP addresses or IP addresses from a VCN within your tenancy.
After you create the network source, you use policy to restrict access to only requests that
originate from the IPs in the network source.
COMPARTMENT
Acollection of related resources. Compartments are a fundamental component of Oracle
Cloud Infrastructure for organizing and isolating your cloud resources. You use them to
clearly separate resources for the purposes of measuring usage and billing,
access(through the use of policies), and isolation (separating the resources for one project
or business unit from another). A common approach is to create a compartment for each
major part of your organization. For more information, see Setting Up Your Tenancy.
TENANCY
The root compartment that contains all of your organization's Oracle Cloud Infrastructure
resources. Oracle automatically creates your company's tenancy for you. Directly within the
tenancy are your IAM entities (users, groups, compartments, and some policies; you can
also put policies into compartments inside the tenancy). You place the other types of cloud
resources (e.g., instances, virtual networks, block storage volumes, etc.) inside the
compartments that you create.
POLICY
A document that specifies who can access which resources, and how. Access is granted at
the group and compartment level, which means you can write a policy that gives a groupa
specific type of access within a specific compartment, or to the tenancy itself. If you give a
group access to the tenancy, the group automatically gets the same type of access to all
the compartments inside the tenancy. For more information, see Example
Scenario and How Policies Work. The word "policy" isused by people in different ways: to mean an individual statement written in the policy language; to mean a collection of
statements in a single, named "policy" document (which has an Oracle Cloud ID (OCID)
assigned to it); and to mean the overall body ofpolicies your organization uses to control
access to resources.
HOME REGION
The region where your IAM resources reside. All IAM resources are global and available
across all regions, but the master set of definitions reside in a single region, the home
region. You must make changes to your IAM resources in your home region. The changes
will be automatically propagated to all regions. For more information, see Managing
Regions.
FEDERATION
A relationship that an administrator configures between an identity provider and a service
provider. When you federate Oracle Cloud Infrastructure with an identity provider, you
manage users and groups in the identityprovider. You manage authorization in Oracle
Cloud Infrastructure's IAM service. Oracle Cloud Infrastructure tenancies are federated with
Oracle Identity Cloud Service by default.
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Concepts/overview.htm
Sample Question 18
A company has developed an eCommerce web application In Oracle CloudInfrastructure.
What should they do to ensure that the application has the highest level of resilience?
A. Deploy the application across multiple Regions and Availability Domains. B. Deploy the application across multiple Availability Domains and subnet. C. Deploy the application across multiple Virtual Cloud Networks. D. Deploy the application across multiple Availability Domains and Fault Domains.
Answer: A Explanation: For highest level of resilience you can deploy the application between regions and distribute onavailability domain and fault domains. Reference: https://www.oracle.com/cloud/iaas/faq.html
Sample Question 19
Which OCI service is the most cost-effective?
A. File Storage B. Object Storage (standard) C. Block Volume D. Archive Storage
Answer: B
Sample Question 20
Which OCI Identity and access management capability helps you to organize multiple
users into teams?
A. Policies B. Groups C. Dynamic Groups D. Users
Answer: B Explanation: IAM Group is A collection of users who all need the same type of access to a particular set of resources or compartment. IAM DYNAMIC GROUP is A special type of group that contains resources (suchas compute instances) that match rules that you define (thus the membership can change dynamically as matching resources are created or deleted). These instances act as "principal" actors and can make API calls to services according to policies that you write for the dynamic group. Reference: https://docs.cloud.oracle.com/en-us/iaas/Content/Identity/Concepts/overview.htm GROUP: A collection of users who all need the same type of access to a particular set of resources or compartment. Reference: https://docs.cloud.oracle.com/enus/iaas/Content/Identity/Tasks/managinggroups.htm
Sample Question 21
Which Oracle Cloud Infrastructure (OCI) service can be used to protect sensitive and
regulated data in OCI database services?
A. Oracle Data Guard B. OCI Audit C. Oracle Data Safe D. OCI OS management
Answer: C Explanation: Oracle Data Safe is a unified control center for your Oracle databases which helps you understand the sensitivity of your data, evaluate risks to data, mask sensitive data, implement andmonitor security controls, assess user security, monitor user activity, and address data security compliance requirements. Whether you’re using an Autonomous Database or an Oracle DB system, Oracle Data Safe delivers essential data security capabilities asa service on Oracle Cloud Infrastructure. Features of Oracle Data Safe: Oracle Data Safe provides the following set of features for protecting sensitive and
regulated data in Oracle Cloud databases, all in a single, easy-to-use management
console:
1) Security Assessment helps you assess the security of your cloud database
configurations. It analyzes database configurations, user accounts, and security controls,
and then reports the findings with recommendations for remediation activities that follow
best practices to reduce or mitigate risk.
2) User Assessment helps you assess the security of your database users and identify high
risk users. It reviews information about your users in the data dictionary on your target
databases, and calculates a risk score for each user. For example, it evaluates the user
types, how users are authenticated, the password policies assigned to each user, and how
long it has been since each user has changed their password. It also provides a direct link
to audit records related to each user. With this information, you can then deploy
appropriate security controls and policies.
3) Data Discovery helps you find sensitive data in your cloud databases. You tell Data
Discovery what kind of sensitive data to search for, and it inspects the actual data in your
database and its data dictionary, and then returns to you a list of sensitive columns. By
default, Data Discovery can search for a wide variety of sensitive data pertaining to
identification, biographic, IT, financial, healthcare, employment, and academic information.
4) Data Masking provides a way for you to mask sensitive data so that the data is safe for
non-production purposes. For example, organizations often need to create copies of their
production data to support development and test activities. Simply copying the production
data exposes sensitive data to new users. To avoid a security risk, you can use Data
Masking to replace the sensitive data with realistic, but fictitious data.
5) Activity Auditing lets you audit user activity on your databases so you can monitor
database usage and be alerted of unusual database activities.
Reference: https://docs.cloud.oracle.com/en-us/iaas/data-safe/doc/oracle-data-safeoverview.html
Sample Question 22
Which is a key benefit of using oracle cloud infrastructure autonomous data warehouse?
A. No username and password required B. Scale both CPU and Storage without downtime C. Apply databasepatches as they become available D. Maintain root level acress to the underlying operating system
Answer: B
Explanation: Oracle Autonomous Data Warehouse is a cloud data warehouse service
that eliminates virtually all the complexities of operating a data warehouse andsecuring
data. It automates provisioning, configuring, securing, tuning, scaling, patching, backing up,
and repairing of the data warehouse. Unlike other “fully managed” cloud data warehouse
solutions that only patch and update the service, it also features elastic, automated scaling,
performance tuning, security, and a broad set of built-in capabilities that enable machine
learning analysis, simple data loading, and data visualizations.
Data Warehouse uses continuous query optimization, table indexing,data summaries, and
auto-tuning to ensure consistent high performance even as data volume and number of
users grows. Autonomous scaling can temporarily increase compute and I/O by a factor of
three to maintain performance. Unlike other cloud services whichrequire downtime to scale,
Autonomous Data Warehouse scales while the service continues to run.
Reference: https://www.oracle.com/autonomous-database/autonomous-data-warehouse/
Sample Question 23
What two statements regarding the Virtual Cloud Network(VCN) are true?
A. A single VCN can contain both private and public Subnets. B. VCN is a regional resource that span across all the Availability Domains in a Region. C. You can only create one VCN per region. D. The VCN is the IPSec-based connection witha remote on premises location. E. VCN is a global resource that span across all the Regions
Answer: A,B Explanation: When you work with Oracle Cloud Infrastructure, one of the first steps is to set up a virtual
cloud network (VCN) for your cloud resources.
VIRTUAL CLOUD NETWORK (VCN) :
A virtual, private network that you set up in Oracle data centers. It closely resembles a
traditional network, with firewall rules and specific types of communication gateways that
you can choose to use. A VCN resides in a singleOracle Cloud Infrastructure region and
covers a single, contiguous IPv4 CIDR block of your choice. See Allowed VCN Size and
Address Ranges. The terms virtual cloud network, VCN, and cloud network are used
interchangeably in this documentation. For more information, see VCNs and Subnets.
SUBNETS :
Subdivisions you define in a VCN (for example, 10.0.0.0/24 and 10.0.1.0/24). Subnets
contain virtual network interface cards (VNICs), which attach to instances. Each subnet
consists of a contiguous range of IP addresses that do not overlap withother subnets in the
VCN. You can designate a subnet to exist either in a single availability domainavailability
domain
or across an entire region (regional subnets are recommended). Subnets act as a unit of
configuration within the VCN: All VNICs in a given subnet use the same route table,
security lists, and DHCP options (see the definitions that follow). You can designate a
subnet as either public or private when you create it. Private means VNICs in the subnet
can't have public IP addresses. Public means VNICs in the subnet can have public IP
addresses at your discretion. See Access to the Internet.
Reference: https://docs.cloud.oracle.com/enus/iaas/Content/Network/Concepts/overview.htm
Sample Question 24
What does Oracle's Payment Card Industry Data Security Standard (PCI DSS) attestation
of compliance provide to customers?
A. Customers can use these services for workloads that provides validation of card holder transaction but only as 3rd party B. Customers can use these services for workloads that process, or transmit cardholder data but not store it. C. Customers can use these services for workloads to process applications for credit card approval securely. D. Customers can use these services for workloads that store, process, or transmit cardholder data.
Answer: D Explanation: The Payment Card Industry Data Security Standard (PCI DSS) isa global set of security standard designed to encourage and enhance cardholder data security and promote the adoption of consistent data security measures around the technical and operational components related to cardholder data. Oracle has successfully completed a Payment Card Industry Data Security Standard (PCI DSS) audit and received an Attestation of Compliance (AoC) covering several Oracle Cloud Infrastructure services and the Oracle RightNow Service Cloud Service. As a PCI Level 1 Service Provider, customers can now use these services for workloads that store, process or transmit cardholder data. Reference: https://www.oracle.com/cloud/cloud-infrastructure-compliance/
Sample Question 25
Which gateway can be used to provide internet access to an Oracle Cloud Infrastructure
compute instance in a private subnet?
A. NAT Gateway B. Service Gateway C. Dynamic Routing Gateway D. Internet Gateway
Answer: A Explanation: A NAT gateway gives cloud resources without public IP addresses access to the internet without exposingthose resources to incoming internet connections.
Sample Question 26
Which option provides the best performance for running OLTP workloads in Oracle Cloud
Infrastructure?
A. OCI Exadata DB Systems B. OCI Autonomous Data Warehouse C. OCI Virtual Machine Instance D. OCI Dedicated Virtual Host
Answer: A Explanation: ExplanationOn an Exadata DB system, alldatabases share dedicated storage servers which include flash storage. By default, the databases are given equal priority with respect to these resources. The Exadata storage management software uses a first come, first served approach for query processing. If a database executes a major query that overloads I/O resources, overall system performance can be slowed down. The I/O Resource Management (IORM) allows you to assign priorities to your databases to ensure critical queries are processed first when workloads exceed their resource allocations. You assign priorities by creating directives that specify the number of shares for each database. The number of shares corresponds to a percentage of resources given to that database when I/O resources are stressed. Directives work together with an overall optimization objective you set for managing the resources. The following objectives are available: 1) Auto - Recommended. IORM determines the optimization objective and continuously and dynamically determines the optimal settings, based on the workloads observed, and resource plans enabled. 2) Balanced - For critical OLTP and DSS workloads. This setting balances low disk latency and high throughput. This setting limits disk utilization of large I/Os to a lesserextent than low latency to achieve a balance between good latency and good throughput. 3) High throughput - For critical DSS workloads that require high throughput. 4) Low latency - For critical OLTP workloads. This setting provides the lowest possible latency by significantly limiting disk utilization. Reference: https://docs.cloud.oracle.com/enus/iaas/Content/Database/Tasks/examanagingiorm.htm
