OCI 2023 Multicloud Architect Associate (1z0-1115-23)

Question 1: 
Skipped
What components are required for setting up an Azure VNet to Oracle Cloud
Infrastructure VCN connection as part of the OCI-Azure Interconnect?

An Azure VNet with subnets and a virtual network gateway, and an OCI VCN
with subnets and an attached service gateway

An Azure VNet with subnets and a virtual network gateway, and an OCI VCN
with subnets and an attached internet gateway

An Azure VNet with subnets and a virtual network gateway, and an OCI VCN
with subnets and an attached dynamic routing gateway

(Correct)

An Azure VNet with subnets and a virtual network gateway, and an OCI VCN
with subnets and an attached NAT gateway
Explanation
If you closely look at the options, you can start eliminating some of them.

We can easily eliminate "An Azure VNet with subnets and a virtual network gateway,
and an OCI VCN with subnets and an attached service gateway" as we don't require
service gateway to setup OCI-Azure Interconnect.

On similar lines, we can also eliminate the options where internet gateway and NAT
gateway is present.

Hence "An Azure VNet with subnets and a virtual network gateway, and an OCI VCN
with subnets and an attached internet gateway" and "An Azure VNet with subnets
and a virtual network gateway, and an OCI VCN with subnets and an attached NAT
gateway".
As you can see in the architecture below, on the OCI side you require a Dynamic
Routing Gateway and on the Azure side you need a Virtual Network Gateway.

Hence the option "An Azure VNet with subnets and a virtual network gateway, and an
OCI VCN with subnets and an attached dynamic routing gateway" is CORRECT.

Question 2: 
Skipped
Which components are required to establish a cross-cloud connection between
Microsoft Azure and Oracle Cloud Infrastructure?

Azure Virtual Network and OCI Virtual Cloud Network

Azure Load Balancer and OCI Load Balancer

Azure Site-to-Site VPN and OCI Site-to-Site VPN

Azure ExpressRoute circuit and Oracle FastConnect virtual circuit

(Correct)

Explanation
For cross-cloud networking between Oracle Cloud and Microsoft Azure, set up a
connection between a FastConnect circuit in Oracle Cloud and an ExpressRoute
circuit in Microsoft Azure.

Question 3: 
Skipped
What does the term "multicloud" mean and how can it help organizations manage
their IT infrastructure?

The use of multiple cloud services from a single provider for redundancy and
high availability

The integration of on-premises infrastructure with cloud services for a hybrid

cloud approach

The deployment of a single cloud service across multiple regions and data centers
for better performance

The use of cloud services from multiple providers to leverage the best features
and services of each

(Correct)

Explanation
The keyword here is multiple providers. Multicloud is a cloud computing strategy
that uses the best services from more than one cloud provider to deploy a solution.
The use of multiple cloud services from a single provider for redundancy and high
availability is INCORRECT as it talks about single provider.

The deployment of a single cloud service across multiple regions and data centers
for better performance is also INCORRECT as there is no mention of multiple cloud
service providers. Rather it talks about single cloud service across multiple regions.

The use of multiple cloud services from a single provider for redundancy and high
availability is also INCORRECT as it also talks about single provider.

Hence the correct answer is The use of cloud services from multiple providers to
leverage the best features and services of each.

Question 4: 
Skipped
Which workload type is NOT optimized for Oracle Autonomous Database on Shared
Exadata Infrastructure?

Transaction processing

High-performance computing

(Correct)

Mixed workloads

Data warehousing
Explanation
Autonomous Database supports different workload types, including: Data
Warehouse, Transaction Processing, JSON Database, and APEX Service.
Autonomous Database provides all of the performance of the market-leading Oracle
Database in an environment that is tuned and optimized to meet the demands of a
variety of applications, including: mission-critical transaction processing, mixed
transactions and analytics, IoT, and JSON document store.
Question 5: 
Skipped
To achieve high availability in a 2-node RAC DB System in Oracle Cloud
Infrastructure, what would you use to distribute your nodes to provide database
instance fault isolation?

Local region

Fault Domains

(Correct)

Availability Domains

Remote region
Explanation
A fault domain is a grouping of hardware and infrastructure within an availability
domain.

Fault domains provide anti-affinity: they let you distribute your instances so that the
instances are not on the same physical hardware within a single availability domain.

To control the placement of your compute instances, bare metal DB system

instances, or virtual machine DB system instances, you can optionally specify the
fault domain for a new instance or instance pool at launch time.

Question 6: 
Skipped
Which database system is NOT available in Oracle Database Service for Azure?

Autonomous Database on dedicated Exadata infrastructure

(Correct)


 Autonomous Database on shared Exadata infrastructure

Base Database using Oracle Enterprise Edition or Oracle Standard Edition 2

databases

Oracle Exadata Database

Explanation
Oracle Database Service for Azure offers the following products:
 Oracle Exadata Database: You can provision flexible Exadata systems that
allow you to add database compute servers and storage servers to your
system at any time after provisioning.
 Autonomous Database on shared Exadata infrastructure: Autonomous
Database provides an easy-to-use, fully autonomous database that scales
elastically, delivers fast query performance, and requires no database
administration.
 Base Database: Using OracleDB for Azure, you can deploy Oracle Enterprise
Edition or Oracle Standard Edition 2 databases on virtual machine DB
systems. You can deploy single-node systems or 2-node RAC systems.
 MySQL Database with HeatWave: MySQL Database Service is a fully managed
Oracle Cloud native service available through OracleDB for Azure. It is
developed, managed, and supported by the MySQL team in Oracle. Optionally,
you can add a HeatWave cluster to a MySQL DB system. HeatWave is a
distributed, scalable, shared-nothing, in-memory, hybrid columnar, query
processing engine designed for extreme performance.

Hence, "Autonomous Database on dedicated Exadata infrastructure" is NOT

available and hence the CORRECT ANSWER.

Question 7: 
Skipped
A consulting company that employs Oracle Cloud Infrastructure (OCI) architects has
successfully completed resource migration from Microsoft Azure to OCI, and no
longer requires the Oracle FastConnect circuit to Azure. The project manager has
asked you to delete all resources involved in this cross-cloud connectivity. From the
Azure side, you delete the Resource Group. After a while, you notice that all Azure
resources have been deleted, except for the Azure ExpressRoute circuit.

What could be a potential reason for this issue?


 You need to first delete the Oracle FastConnect circuit for the ExpressRoute
circuit to be decommissioned, and then you can delete the ExpressRoute virtual
circuit.

(Correct)

You need to remove all routes that point to the cross-cloud connection on both
OCI and Azure before you can delete the circuit.

Your bill from the OCI side needs to be paid in full before you can remove the
Azure ExpressRoute circuit.

You need to remove the Azure ExpressRoute Partner Service Key from the
Oracle FastConnect circuit, and then you can delete the ExpressRoute virtual
circuit.
Explanation
To delete the interconnect, perform these steps in the order given. Failure to do so
results in a failed state ExpressRoute circuit.

1. Delete the ExpressRoute connection. Delete the connection by selecting

the Delete icon on the page for your connection.

2. Delete the Oracle FastConnect circuit from the Oracle Cloud Console.

3. Once the Oracle FastConnect circuit has been deleted, you can delete the
Azure ExpressRoute circuit.

Hence "You need to first delete the Oracle FastConnect circuit for the ExpressRoute
circuit to be decommissioned, and then you can delete the ExpressRoute virtual
circuit." is the CORRECT ANSWER.

Question 8: 
Skipped
What is the primary purpose of the MySQL Database Service HeatWave option in
Oracle Cloud Infrastructure (OCI)?

To provide a distributed in-memory query accelerator

(Correct)

To ensure high availability and fault tolerance

To offer a serverless MySQL deployment

To enable seamless database migration from on-premises to OCI

Explanation
HeatWave is an in-memory query accelerator developed for Oracle MySQL
Database Service. It’s a massively parallel, hybrid, columnar, query-processing
engine with state-of-art algorithms for distributed query processing which provide
very high performance for queries.
Question 9: 
Skipped
Which type of routing does Oracle FastConnect use to exchange routing information
between on-premises networks and Oracle Cloud Infrastructure?

RIP

Static routing

Dynamic routing with BGP

(Correct)
 

OSPF
Explanation
The exchange of routes is accomplished by industry standard BGP routing protocol.
Question 10: 
Skipped
Which type of traffic is NOT supported by the OCI-Azure Interconnect?

Traffic between an Azure VNet and peered OCI VCNs in the same region

Traffic between an Azure VNet and an OCI VCN

Traffic between an on-premises network and Azure VNet through the OCI VCN

(Correct)

Traffic between an Azure VNet and peered OCI VCNs in different regions
Explanation
You can connect your VNet and VCN so that traffic that uses private IP addresses
goes over the cross-cloud connection.

The connection enables traffic to flow from the VNet through the connected VCN to
a peered VCN in the same Oracle Cloud Infrastructure region, or a different region.

The Cross-cloud connection does not enable traffic between your on-premises

network through the VCN to the VNet, or from your on-premises network through the
VNet to the VCN.

Question 11: 
Skipped
What is the purpose of identity federation in the context of OracleDB for Azure?


 To enable bidirectional communication between applications in the Azure
tenancy and the database resources in OracleDB for Azure

To provide a way for customers to manage database resources in OracleDB for

Azure without using the OCI Console

To link Azure subscriptions to your OCI tenancy

To allow users to log in to the OCI Console using the same Azure credentials

(Correct)

Explanation
Azure users log into OracleDB for Azure using their Azure credentials, and OracleDB
for Azure streams much of the day-to-day operational data from the OracleDB for
Azure managed OCI databases to Azure Application Insights and Azure Log
Analytics. Because of this, Azure developers spend most of their time in Azure.

In some instances, an OracleDB for Azure user must log into the OCI Console to
perform specific tasks that aren’t enabled or available in OracleDB for Azure today.
To make this process easier, Azure customers setup identity federation between the
Azure and OCI tenancies. With this in place, authorized users use a single set of
credentials, their Azure credentials, to log into Azure and OCI

Question 12: 
Skipped
Which is true regarding fully automated and guided onboarding for the OracleDB for
Azure service?

Guided onboarding is simpler and faster than fully automated onboarding.

An Azure user who completes fully automated onboarding can log in to the
OracleDB for Azure portal, but cannot deploy and provision databases.


 An Azure user who completes guided onboarding cannot log in to the OracleDB
for Azure portal.

Fully automated onboarding requires more permissions to be granted than

guided onboarding.

(Correct)

Explanation
The fully-automated onboarding option for OracleDB for Azure is faster and more
convenient than the guided account linking. Hence the option "Guided onboarding is
simpler and faster than fully automated onboarding" is NOT TRUE.

When the automated configuration finishes, OracleDB for Azure is fully

operational. The Azure user that completed onboarding can login and use the
OracleDB for Azure portal to deploy and provision databases for use in their Azure
environment. Hence the option "An Azure user who completes fully automated
onboarding can log in to the OracleDB for Azure portal, but cannot deploy and
provision databases" is NOT TRUE.

If you used the guided onboarding process, the user who completed onboarding can
login to the OracleDB for Azure portal, but not really do anything there. Before users
can do anything productive using OracleDB for Azure, you must first complete
configuration steps for each user or user group. Hence the option "An Azure user
who completes guided onboarding cannot log in to the OracleDB for Azure portal" is
NOT TRUE.

Now, let's look at the only option left which is "Fully automated onboarding requires
more permissions to be granted than guided onboarding". This option is TRUE as the
automated onboarding process requires that the Azure user onboarding to OracleDB
for Azure have at least one of the following admin roles: Application Administrator,
Cloud Application Administrator, Privileged Role Administrator, or Global
Administrator. Guided onboarding is provided for customers who do not want to
grant OracleDB for Azure all the Azure permissions required for fully automated
onboarding. Hence this is the correct answer.

Question 13: 
Skipped
What encryption protocol is used to secure data transmission in an OCI Site-to-Site
VPN connection?


 Datagram Transport Layer Security (DTLS)

Secure Sockets Layer (SSL)

Internet Protocol Security (IPSec)

(Correct)

Transport Layer Security (TLS)

Explanation
Site-to-Site VPN provides a site-to-site IPSec connection between your on-premises
network and your virtual cloud network (VCN). The IPSec protocol suite encrypts IP
traffic before the packets are transferred from the source to the destination and
decrypts the traffic when it arrives.
Question 14: 
Skipped
What is NOT required for the OracleDB for Azure setup?

A preprovisioned Azure Virtual Network (VNet)

(Correct)

An existing Azure account with the necessary ARM roles

Specific roles for the Oracle Database Service (ODS) enterprise application in
Azure

An OCI tenancy with the necessary admin permissions for the OCI user
Explanation
To set up and use OracleDB for Azure, you need an existing Azure account with the
necessary Azure roles. Hence "An existing Azure account with the necessary ARM
roles" is required.

If you already have an OCI account, you can use that account to onboard with
OracleDB for Azure. Be sure to perform the onboarding with an OCI user that
has admin permissions if you are using an existing OCI account. If you don’t have an
OCI account, the OracleDB for Azure onboarding process allows you to create a new
account during OracleDB for Azure setup. Hence "An OCI tenancy with the necessary
admin permissions for the OCI user" is also required.

For Guided Onboarding, the OracleDB for Azure administrative user setting up the
service have the "Multicloudlink Administrator" role in the Oracle Database Service
(ODS) multitenant application that OracleDB for Azure deploys in the Azure tenancy.

For each subscription being linked, the onboarding user or an Azure administrator

must grant the Oracle Database Service multitenant application the following roles:

 Contributor
 EventGrid Data Sender
 Monitoring Metrics Publisher
 Network Contributor

Hence "Specific roles for the Oracle Database Service (ODS) enterprise application in
Azure" is also required.

When provisioning Oracle Base Database systems or Oracle Exadata Cloud VM

clusters, you must have an Azure Virtual Network available to OracleDB for Azure to
complete the provisioning operation. However this is NOT required for OracleDB for
Azure setup. Hence "A preprovisioned Azure Virtual Network (VNet)" is the CORRECT
ANSWER.

Question 15: 
Skipped
A company wants to seamlessly build a private interconnection between their OCI
and Microsoft Azure environments with consistent performance and low latency.
They want to enable their cloud engineers to set up Single Sign-On (SSO) between
Microsoft Azure and OCI for their Oracle applications, such as PeopleSoft, JD
Edwards EnterpriseOne, and E-Business Suite.

Which technology integration can the company use to achieve this goal?


 Direct Connect and Azure VPN Gateway

Oracle FastConnect and Azure ExpressRoute

(Correct)

OCI Site-to-Site VPN and Azure Site-to-Site VPN

Cloud Interconnect and Virtual WAN

Explanation
By using Oracle FastConnect and Azure ExpressRoute, customers can seamlessly
build a private interconnection between their OCI and Microsoft Azure environments.
The Interconnect also enables joint customers to take advantage of a unified identity
and access management platform that leads to cost savings. Cloud engineers
can set up SSO between Microsoft Azure and OCI for their Oracle applications, such
as PeopleSoft, JD Edwards EnterpriseOne, and E-Business Suite. Having a
federated SSO makes the integration seamless and allows users to authenticate only
once to access multiple applications, without signing in separately to access each
application.
Question 16: 
Skipped
In the context of Oracle FastConnect, what are the two types of virtual circuits?

Intra-Region and Inter-Region

Layer 3 and Layer 4

Private and Public

(Correct)


 Standard and High-Performance
Explanation
VIRTUAL CIRCUIT is an isolated network path that runs over one or more physical
network connections to provide a single, logical connection between the edge of
your existing network and Oracle Cloud Infrastructure. Private virtual
circuits support private peering, and public virtual circuits support public peering.
Question 17: 
Skipped
What is the primary purpose of an Oracle Cloud Infrastructure Identity Domain?

Provide a centralized location for storing and managing user credentials and
access.

(Correct)

Establish a secure, private connection between the tenancy and other Oracle
Cloud services.

Create isolated networks for resources within the tenancy for enhanced security.

Define the roles and privileges assigned to a user or group of users within the
tenancy.
Explanation
Oracle Cloud Infrastructure (OCI) Identity Domain is the access control plane for
Oracle Cloud. An identity domain is a container for managing users and roles,
federating and provisioning of users, secure application integration through Oracle
Single Sign-On (SSO) configuration, and SAML and OAuth based Identity Provider
administration.
Question 18: 
Skipped
What is a key benefit of using Oracle Autonomous Database on Shared Exadata
Infrastructure?


 Dedicated hardware resources for each database

Unlimited storage capacity

Seamless integration with third-party cloud providers

Automatic database tuning and patching

(Correct)

Explanation
With Autonomous Database on shared Exadata infrastructure, you do not need to
configure or manage any hardware or install any software. Autonomous Database
handles provisioning the database, backing up the database, patching and
upgrading the database, and growing or shrinking the database. Autonomous
Database is a completely elastic service.An autonomous database is a cloud
database that uses machine learning to automate database tuning, security,
backups, updates, and other routine management tasks traditionally performed by
DBAs.
Question 19: 
Skipped
Which components are required to establish a Site-to-Site VPN connection in Oracle
Cloud Infrastructure?

Internet Gateway (IG), Network Address Translation (NAT) Gateway, and IPsec
tunnel

Internet Gateway, Customer Premises Equipment (CPE), and IPsec tunnel

Dynamic Routing Gateway (DRG), Customer Premises Equipment (CPE), and

IPsec tunnel

(Correct)
 

Dynamic Routing Gateway (DRG), NAT Gateway, and IPsec tunnel

Explanation
Site-to-Site VPN Components:

CPE OBJECT: At your end of Site-to-Site VPN is the actual device in your on-
premises network (whether hardware or software). The term customer-premises
equipment (CPE) is commonly used in some industries to refer to this type of on-
premises equipment.

DYNAMIC ROUTING GATEWAY (DRG): At Oracle's end of Site-to-Site VPN is a virtual

router called a dynamic routing gateway, which is the gateway into your VCN from
your on-premises network.

IPSEC CONNECTION: After creating the CPE object and DRG, you connect them by
creating an IPSec connection, which you can think of as a parent object that
represents the Site-to-Site VPN.

TUNNEL: An IPSec tunnel is used to encrypt traffic between secure IPSec endpoints.
Oracle creates two tunnels in each IPSec connection for redundancy.

So, Internet Gateway, NAT Gateway are NOT valid Site-to-Site VPN Components.

Hence, Dynamic Routing Gateway (DRG), Customer Premises Equipment (CPE), and
IPsec tunnel is the CORRECT answer.

Question 20: 
Skipped
An organization has decided to implement a multicloud solution by using Microsoft
Azure for their frontend data analytics applications and Oracle Cloud Infrastructure
(OCI) for their backend Oracle Autonomous Data Warehouse. In this scenario, how
can the organization ensure secure and low latency data transfer between the
frontend applications and the backend data warehouse?

Leverage a VPN Gateway to create an encrypted tunnel between Azure and OCI
for secure data transfer.

Use public internet connections to transfer data between Azure and OCI,
encrypting the data in transit.
 

Implement a hybrid cloud approach by integrating on-premises infrastructure

with both Azure and OCI.

Establish a dedicated, private connection between Azure and OCI using Azure
ExpressRoute and Oracle FastConnect.

(Correct)

Explanation
In the question, frontend is in Azure and backend is in OCI. And the keywords
are SECURE and LOW LATENCY data transfer.

Use public internet connections to transfer data between Azure and OCI, encrypting
the data in transit - INCORRECT as this option won't provide LOW LATENCY data
transfer (as it is using public internet).

Leverage a VPN Gateway to create an encrypted tunnel between Azure and OCI for
secure data transfer - INCORRECT as Site-to-Site VPN Connection won't provide
LOW LATENCY data transfer as the connection traverses through public internet.

Implement a hybrid cloud approach by integrating on-premises infrastructure with

both Azure and OCI - INCORRECT as there is no mention of on-premises
environment in the question. This option is irrelevant here.

Establish a dedicated, private connection between Azure and OCI using Azure
ExpressRoute and Oracle FastConnect - CORRECT as it provides a  direct
Interconnect between OCI and Microsoft Azure which in turn provides <2ms latency
for superior multicloud network performance.

Question 21: 
Skipped
What is the purpose of the SAML metadata file in the OCI Federation setup with
Azure Active Directory (AD)?


 It is used to exchange metadata information between Azure AD and OCI.

(Correct)

It is used to configure attribute mapping between Azure AD and OCI.

It is used to store user credentials for authentication.

It is used to establish trust between Azure AD and OCI.

Explanation
In general, SAML metadata is used to share configuration information between the
Identity Provider (IdP) and the Service Provider (SP).
Question 22: 
Skipped
A company has deployed an application in Oracle Cloud Infrastructure consisting of
multiple web servers, database servers, and application servers. The company wants
to restrict communication between these components, allowing only the necessary
traffic between them. Which OCI feature would be most suitable to achieve this
objective?

Use Virtual Cloud Networks to create isolated networks for each component.

Use Network Security Groups to apply specific firewall rules for each
component.

(Correct)

Use Route Tables to define custom routing policies between each component.


 Use Security Lists to configure network access rules for the entire Virtual Cloud
Network.
Explanation
Network security groups (NSGs) act as a virtual firewall for your compute instances .

An NSG consists of a set of ingress and egress security rules that apply only to a set
of VNICs of your choice in a single VCN (for example: all the compute instances that
act as web servers in the web tier of a multi-tier application in your VCN).

Hence, "Use Network Security Groups to apply specific firewall rules for each
component." is the CORRECT answer.

In this question , you can straightaway reject "Use Virtual Cloud Networks to create
isolated networks for each component." and "Use Route Tables to define custom
routing policies between each component." options.

NSG wins here due to the keywords "restrict communication between these

components" in the question. A network security group (NSG) provides a virtual
firewall for a set of cloud resources that all have the same security posture.

Question 23: 
Skipped
Which is a database service that CANNOT be provisioned in the Oracle Public Cloud?

Autonomous Database on Dedicated Infrastructure

Autonomous Database on Shared Infrastructure

Exadata Database Service on Shared Infrastructure

(Correct)

Exadata Database Service on Dedicated Infrastructure

Explanation
As you can see in the screenshot, Exadata Database Service on Shared
Infrastructure is NOT supported.
Question 24: 
Skipped
A company has deployed a multi-tier application in Oracle Cloud Infrastructure (OCI),
with web servers in a public subnet and database servers in a private subnet. The
database servers need to access data from OCI Object Storage, and the company
wants to ensure that this communication is secure and not exposed to the public
internet. Which OCI feature should be used to achieve this objective?

Use a Local Peering Gateway to peer with the Object Storage subnet.

Use a Service Gateway to establish a secure connection to Object Storage.

(Correct)

Use a NAT Gateway to enable private access to Object Storage.

Use a VPN Gateway to create an encrypted tunnel to Object Storage.

Explanation
A service gateway lets your virtual cloud network (VCN) privately access specific
Oracle services without exposing the data to the public internet. No internet gateway
or NAT gateway is required to reach those specific services.

The resources in the VCN can be in a private subnet and use only private IP
addresses. The traffic from the VCN to the Oracle service travels over the Oracle
network fabric and never traverses the internet.

Question 25: 
Skipped
What should you do to prepare your Oracle Cloud Infrastructure (OCI) Virtual Cloud
Network (VCN) for potential security risks when connected to a Microsoft Azure
VNet?

Limit all inbound and outbound traffic from the Azure VNet to expected and
well-defined traffic.
 (Correct)

Disable the connection between Azure VNet and OCI VCN.

Allow all traffic from the Azure VNet without restrictions.

Remove all OCI security rules.

Explanation
Controlling Traffic Flow Over the Connection

Even if a connection has been established between your VCN and VNet, you
can control the packet flow over the connection with route tables in your VCN. For
example, you can restrict traffic to only specific subnets in the VNet.

Controlling the Specific Types of Traffic Allowed

It's important that you ensure that all outbound and inbound traffic with the VNet is
intended or expected and well defined. Implement Azure network security group and
Oracle security rules that explicitly state the types of traffic one cloud can send to
the other and accept from the other.

Question 26: 
Skipped
What is the purpose of using Oracle Cloud Infrastructure (OCI) Identity and Access
Management (IAM) policies in a cross-cloud connection between Microsoft Azure
and OCI?

To control the location of the cross-cloud connection

To control the type of traffic allowed between the Azure VNet and the OCI VCN

To control who can manage OCI route tables, network security groups, and
security lists
 (Correct)

To control the bandwidth of the connection between the Azure VNet and the
OCI VCN
Explanation
Controlling the Establishment of a Connection

With Oracle Cloud Infrastructure IAM policies, you can control:

 Who in your organization has the authority to create a FastConnect virtual

circuit.
 Who can manage route tables, network security groups, and security lists.

Oracle and Microsoft have created a cross-cloud connection between Oracle Cloud
Infrastructure and Microsoft Azure in certain regions. So, the option "To control the
location of the cross-cloud connection" has nothing to do with IAM policies and
hence is INCORRECT.

The option "To control the type of traffic allowed between the Azure VNet and the
OCI VCN" is also INCORRECT as you use Security Lists/Network Security Group to
filter traffic and not IAM policies.

IAM policies also have no role to play in determining the bandwidth of the
connection.

Question 27: 
Skipped
What is the primary difference between using Oracle FastConnect with an Oracle
partner and using FastConnect with colocation with Oracle?

The type of virtual circuits supported

The method of establishing the physical connection to Oracle Cloud

Infrastructure

(Correct)
 

The number of available redundancy models

The geographical locations available for connections

Explanation
FastConnect: With an Oracle Partner:

You can establish a FastConnect connection from your on-premise or remote data
center to the data center where your Oracle Cloud resources are provisioned by
requesting cloud connectivity services from any of Oracle's FastConnect partners.
Oracle has integrated the FastConnect service with a geographically diverse set of
IP, VPN, and Ethernet network providers and cloud exchanges to make it easy for you
to establish a connection to Oracle Cloud services.
FastConnect: Colocation with Oracle:

If you have purchased colocation space from a data center provider, you can use
Oracle FastConnect to establish connectivity from your network equipment in that
colocation facility to your Oracle Cloud services provisioned at this location. Oracle
will provide you a letter of authorization (LOA) that the data center provider will need
in order to establish a direct cross-connect into Oracle's FastConnect edge devices
Question 28: 
Skipped
Which feature is supported in all Oracle Database editions in Oracle Cloud
Infrastructure?

Data Guard

Transparent Data Encryption

(Correct)
 

In-Memory Database

Diagnostic Packs
Explanation
All editions include Oracle Database Transparent Data Encryption, Machine
Learning, and Spatial and Graph.

 Standard Edition includes Oracle Database Standard Edition.

 Enterprise Edition includes Oracle Database Enterprise Edition, Data Masking
and Subsetting Pack, Diagnostics and Tuning Packs, and Real Application
Testing.
 Enterprise Edition High Performance extends Enterprise Edition with the
following options: Multitenant, Partitioning, Advanced Compression,
Advanced Security, Label Security, Database Vault, OLAP, Database Lifecycle
Management Pack and Cloud Management Pack for Oracle Database.
 Enterprise Edition Extreme Performance extends High Performance with the
following options: In-Memory Database, Active Data Guard, Real Application
Clusters.

Data Guard is not supported Oracle Database Standard Edition.

Question 29: 
Skipped
Which step is NOT valid while implementing an OCI-Azure Interconnect?

Set up an Azure ExpressRoute circuit.

Select FastConnect Direct as the connection type.

(Correct)

Set up an Oracle FastConnect virtual circuit.

 

Create a Dynamic Routing Gateway and attach it to the OCI VCN.

Explanation
As you can see in the below screenshot (from the OCI Console), while implementing
OCI-Azure Interconnect you need to select Connection type: FastConnect partner and
select Microsoft Azure ExpressRoute as the Partner.

Hence, "Select FastConnect Direct as the connection type" is NOT VALID and hence
the correct answer.

Question 30: 
Skipped
An enterprise has a workload running in a VNet in Microsoft Azure and a database
running in a VCN in Oracle Cloud Infrastructure. The enterprise wants to set up a
private, secure, and isolated network connection between the two clouds to enable
traffic flow between the workload and the database. Which option can be used to
achieve this requirement?

Use Azure Private Link to create a private connection between the workload and
the database.

Use public internet to establish connectivity between the Microsoft Azure VNet
and the OCI VCN.


 Use Azure VPN and Oracle FastConnect to establish a private and secure tunnel
between the Azure VNet and the OCI VCN.

Use Azure ExpressRoute and Oracle FastConnect to create a private

interconnection between the Azure VNet and the OCI VCN.

(Correct)

Explanation
As per the question, the keywords are "The enterprise wants to set up a private,
secure, and isolated network connection between the two clouds"

Use public internet to establish connectivity between the Microsoft Azure VNet and
the OCI VCN - INCORRECT as this option won't provide private, secure and isolated
connection.

Use Azure VPN and Oracle FastConnect to establish a private and secure tunnel
between the Azure VNet and the OCI VCN is INCORRECT as it won't provide a
isolated connection.

Use Azure Private Link to create a private connection between the workload and the
database is INCORRECT as Azure Private Link enables you to access Azure PaaS
Services (for example, Azure Storage and SQL Database) and Azure hosted
customer-owned/partner services over a private endpoint in your virtual network.

Use Azure ExpressRoute and Oracle FastConnect to create a private interconnection

between the Azure VNet and the OCI VCN. is CORRECT. To create an integrated
multi-cloud experience, Microsoft and Oracle offer direct interconnection between
Azure and Oracle Cloud Infrastructure (OCI) through ExpressRoute and FastConnect.
Through the ExpressRoute and FastConnect interconnection, customers can
experience low latency, high throughput, private direct connectivity between the two
clouds.

Part-2

Question 1: 
Skipped
What is the primary Oracle Cloud Infrastructure region associated with an OCI
account during OracleDB for Azure setup?
 

The region with the most available resources for OracleDB for Azure

The region with the lowest latency for Azure communication

The home region of the OCI account

The region specified during OracleDB for Azure onboarding

(Correct)

Explanation
Identify the primary OCI region you want to use as your default region for OracleDB
for Azure resource provisioning.

During OracleDB for Azure setup, this region becomes the primary OCI
region associated with your OCI account.

Question 2: 
Skipped
Which is NOT an Azure resource that is created when you provision a database using
Oracle Database Service for Azure?

Custom Dashboard workspace

Log Analytics workspace

Oracle Database Service

(Correct)
 

Application Insights workspace

Explanation
Log Analytics Workspace, Application Insights and Custom Dashboard  are  Azure
resources and hence we can eliminate these options.

We are left with Oracle Database Service which is the CORRECT answer.

Question 3: 
Skipped
An organization wants to deploy Oracle Database Service for Azure in the existing
Oracle Cloud Infrastructure and Azure tenancies that are in the supported regions.
However, they want to have full control over the Azure permissions that should be
granted.

Which option should they choose during the sign-up process?

Fully automated configuration

Guided account linking

(Correct)

Fully scripted configuration

Auto pilot linking

Explanation
The keyword mentioned in the question is "However, they want to have full control
over the Azure permissions that should be granted. "

The fully-automated onboarding option for OracleDB for Azure is faster and more

convenient than the guided account linking, but some organizations may have
security policies that do not allow them to grant the required permissions to the
Oracle Database Service enterprise application that runs in their Azure account.
Guided onboarding is provided for customers who do not want to grant OracleDB for
Azure all the Azure permissions required for fully automated onboarding.

The remaining two options  - Auto pilot linking and Fully scripted configuration are
INVALID. There doesn't exist anything like these in Oracle Database Service for Azure
onboarding.

Hence the correct answer is Guided account linking

Question 4: 
Skipped
You plan to use OracleDB Service for Azure to easily provision, access, and operate
enterprise-grade Oracle Database services in Oracle Cloud Infrastructure (OCI) with a
familiar Azure-like experience. What should you do to sign up for the OracleDB for
Azure service?

Contact Oracle support to request access to the service.

Visit the sign up website at https://signup.multicloud.azure.com/oracle

Visit the Azure portal and navigate to the Oracle Database Service page.

Visit the sign up website at https://signup.multicloud.oracle.com/azure

(Correct)

Explanation
To start OracleDB for Azure onboarding, go
to https://signup.multicloud.oracle.com/azure

Reference: OracleDB for Azure Onboarding Steps

Question 5: 
Skipped
What Azure admin roles are required for an Azure user to use the fully-automated
onboarding option for OracleDB for Azure?


 Key Vault Administrator, Log Analytics Contributor, or Security Manager

Resource Group Contributor, Subscription Contributor, Backup Contributor,

or Storage Account Contributor

Network Contributor, Security Reader, User Access Administrator, or Virtual

Machine Contributor

Application Administrator, Cloud Application Administrator, Privileged Role

Administrator, or Global Administrator

(Correct)

Explanation
The automated onboarding process requires that the Azure user onboarding to
OracleDB for Azure have at least one of the following admin roles:

Application Administrator, Cloud Application Administrator, Privileged Role

Administrator, or Global Administrator.

Reference: Fully-Automated Onboarding (oracle.com)

Question 6: 
Skipped
Which database system does NOT require an Azure Virtual Network during
provisioning?

Autonomous Database on shared Exadata infrastructure

(Correct)

MySQL Database with HeatWave

Base Database with Oracle Enterprise Edition or Oracle Standard Edition 2

 

Oracle Exadata Database

Explanation
See the screenshots below for the databases mentioned in the question:

You can see the Azure Virtual Network option for Base Database, MySQL Database
with HeatWave and Oracle Exadata Database.

Base Database:  Requires Azure Virtual Network

MySQL Database with HeatWave: Requires Azure Virtual Network

Oracle Exadata Database : Requires Azure Virtual Network

Autonomous Database on shared Exadata infrastructure: DOES NOT require an

Azure VNeT
Question 7: 
Skipped
What is the role of the Oracle Database Service enterprise application in OracleDB for
Azure?

It provides a distributed, scalable, shared-nothing, in-memory, hybrid columnar,

query processing engine designed for extreme performance.

It allows you to add database compute servers and storage servers to your
system at any time after provisioning.

It allows users to log in to the OCI Console with the same Azure credentials for
Azure and the OracleDB for Azure portal.

It creates and manages resources in the Azure subscription, streams OCI

Database metrics to Azure App Insights and events to Azure Log Analytics, and
configures network settings in Azure so that Azure resources can access database
resources in OCI.

(Correct)
Explanation
The Oracle Database Service multitenant application can:

 Create and manage resources in the subscription (for example, the custom

dashboard, Azure App Insights, and Azure Log Analytics workspaces
OracleDB for Azure creates for each provisioned database).
 Stream OCI Database metrics to Azure App Insights and events to Azure Log
Analytics.
 Configure network settings in Azure so Azure resources can access the
database resources in OCI.
 Submit events to Azure Event Grid.

More read: Preparation and Prerequisites for OracleDB for Azure

Question 8: 
Skipped
How does Oracle Database Service for Azure simplify cross-cloud deployments for
customers?

By providing more storage and computing resources than any other cloud
service provider

By offering more database types than any other cloud service provider

By allowing customers to manually create cross-cloud deployments using the

Interconnect

By using an automated service–based approach for cross-cloud deployment

(Correct)

Explanation
Oracle Database Service for Azure (OracleDB for Azure) is an Oracle managed
service delivering Oracle Database services in Oracle Cloud Infrastructure (OCI)
directly to Microsoft Azure customers through the OCI Azure Interconnect (a
capability available between the two cloud environments in regions located around
the world).

OracleDB for Azure uses a service-based approach, and is an alternative to

manually creating complex cross-cloud deployments using the Interconnect.

Question 9: 
Skipped
How do Azure administrators and developers connect their applications to Oracle
databases using Oracle Database Service for Azure?

By learning OCI and working in the OCI Console

By connecting to the Oracle databases using connection strings

(Correct)

By manually creating complex cross-cloud deployments using the Interconnect

By connecting to the Oracle databases using database links

Explanation
The same way you do in Azure today. Each database resource created by Oracle
Database Service for Azure gets an Azure connection string you can use to connect
to the database from any Azure application.

During onboarding, Oracle Database Service for Azure creates network connections
between the cloud environments.

During database provisioning, Oracle Database Service for Azure defines the DNS
entries and connection strings needed to access the resource from Azure.

Azure developers (and applications) don’t need to know anything about Oracle
Database Service for Azure—all they need is the connection string. Oracle publishes
the connection string on the custom dashboard it creates for the database in Azure,
so developers don’t have to leave the Azure portal to get what they need to access
the database from their applications.
Hence, the CORRECT ANSWER is "By connecting to the Oracle databases using
connection strings"

Question 10: 
Skipped
How does Oracle Database Service for Azure enable bidirectional communication
between applications in the Azure tenancy and database resources in OracleDB for
Azure?

By configuring DNS on both sides of the Interconnect

(Correct)

By granting the Oracle Database Service enterprise application specific roles in

Azure

By creating a custom Azure dashboard for each database

By federating the Azure tenant’s Azure Active Directory (AAD) with an OCI
identity domain
Explanation
With OCI multicloud's OracleDB for Azure, your database resources reside in an OCI
account that is linked to your Azure account through Oracle Interconnect for
Microsoft Azure, an Oracle-managed tunnel connection.

OracleDB for Azure configures DNS on both sides of the Interconnect to enable bi-
directional communication between applications in the Azure tenancy and database
resources in OracleDB for Azure.

Question 11: 
Skipped
Which is NOT a security capability available with OracleDB for Azure?


 Automatic security updates for the database

IPsec tunnel

(Correct)

Encryption of data at rest and in transit

Security features such as network isolation and access controls