C. Creating a route table with a default route targeting an Internet Gateway (IGW) enables public subnets to access the internet. D. A Dynamic Routing Gateway (DRG) is primarily used within a VCN to route traffic between different subnets. E. Local Peering Gateways (LPGs) allow a VCN to directly access the internet without an Internet Gateway. Explanation: Creating a route table with a default route targeting an Internet Gateway (IGW) enables public subnets to access the internet. -> Correct. The route table associated with a public subnet typically contains a default route rule that directs internet -bound traffic to an Internet Gateway. NAT Gateway (NGW) is used to enable instances in a private subnet to initiate outbound traffic to the internet without providing inbound internet access to those instances. -> Correct. A NAT Gateway allows resources in a private subnet to access the internet or other OCI services while maintaining the private nature of the subnet by not allowing inbound connections from the internet. A Dynamic Routing Gateway (DRG) is primarily used within a VCN to route traffic between different subnets. -> Incorrect. A DRG is used to connect a VCN to external networks, such as another VCN, on - premises network, or the internet, and not for routing traffic internally between subnets within a VCN. Local Peering Gateways (LPGs) allow a VCN to directly access the internet without an Internet Gateway. -> Incorrect. LPGs are designed for connecting two VCNs in the same region, allowing them to communicate as if they were part of the same network, and do not provide internet access. Service Gateway (SGW) enables resources in a VCN to access Oracle Cloud Services without using public IP addresses or routing through the internet. -> Incorrect. While the Service Gateway does allow access to Oracle Cloud Services without going over the internet, this is not an incorrect action or configuration for routing traffic —it's a specific use case. In a multi -national enterprise's transition to Oracle Cloud Infrastructure (OCI), you're responsible for ensuring high availability and disaster recovery for their mission -critical applications. These applications have diverse requirements, including different operating systems and a mix of stateful and stateless components. Considering the need to optimize for both resilience and operational flexibility across global regions, which compute image strategy should be implemented?
Explanation: Utilize custom images based on external VM exports for all applications. -> Correct. Custom images created from external VM exports allow for the precise replication of existing environments into OCI, ensuring compatibility for both stateful and stateless components while facilitating disaster recovery across regions. Deploy applications using only Oracle -provided Linux images for consistency. -> Incorrect. Oracle - provided Linux images offer a quick start and security but may not meet the diverse OS requirements or the specific configurations needed for stateful components of the applications. Adopt a strategy using exclusively Windows images available in the OCI Marketplace for all deployments. -> Incorrect. Relying solely on Windows images from the Marketplace restricts flexibility, especially for applications requiring Linux environments or specific custom configurations not covered by Marketplace options. Standardize on a single custom image for Linux applications and another for Windows applications, regardless of the application architecture. -> Incorrect. While simplifying image management, this approach does not account for the unique dependencies of stateful versus stateless components or offer the best disaster recovery flexibility across diverse requirements. When configuring Local and Remote Peering in Oracle Cloud Infrastructure (OCI) Networking, which two of the following statements are accurate?
Local VCN Peering allows for connectivity between VCNs in different regions without the need for a Dynamic Routing Gateway (DRG). -> Incorrect. Local VCN Peering is used for connecting VCNs within the same region. For different regions, Remote Peering is required, which also necessitates a DRG. Remote Peering Connections (RPC) can be established without the use of a Dynamic Routing Gateway (DRG). -> Incorrect. A Dynamic Routing Gateway (DRG) is required for establishing Remote Peering Connections between VCNs in different regions to route traffic between them. Local Peering allows VCNs to share a single Internet Gateway (IGW). -> Incorrect. Even when VCNs are locally peered within the same region, they cannot share an Internet Gateway. Each VCN requires its own IGW for internet access. A corporation seeks to bolster its data encryption and key management practices within Oracle Cloud Infrastructure (OCI) by effectively utilizing OCI Vault. What two actions should the corporation undertake to properly configure and leverage OCI Vault for securing their cloud resources?
as a DNS resolver. DNS management is a separate concern within OCI networking services. Manually rotate encryption keys stored in OCI Vault every week to ensure compliance with internal security policies. -> Incorrect. While key rotation is a critical security practice, manual weekly rotation is not necessary with OCI Vault, which offers automated key rotation features to help comply with security policies without such frequent manual intervention. When configuring the File Storage service for a cloud -native application that requires shared file access, what is a crucial factor to consider for efficient usage and accurate metering?
Server -Side Encryption using Oracle -managed keys -> Correct. Server -Side Encryption with Oracle - managed keys automatically encrypts all data at rest in Object Storage, ensuring data security without additional action required from the user. Virtual Cloud Network (VCN) Service -> Incorrect. While VCNs secure your cloud network, they do not directly encrypt data at rest in Object Storage. Identity and Access Management (IAM) Policies -> Incorrect. IAM policies control access and permissions but do not handle encryption of data at rest. Data Safe -> Incorrect. Data Safe provides advanced data security features for databases but is not the mechanism for encrypting data at rest in Object Storage. A cloud architect is designing a highly available web application on Oracle Cloud Infrastructure (OCI) that requires both scalability and durability for its computing instances. The architect plans to deploy a series of virtual machine (VM) instances that will serve dynamic web content. These instances need to be backed by both block and boot volumes that can be easily replicated across multiple availability domains for disaster recovery purposes. Which approach should the cloud architect take to ensure the boot and block volumes meet the requirements for scalability, durability, and disaster recovery?
traffic and other applications requiring data integrity. HTTP (Hypertext Transfer Protocol): Frequently used for web traffic, it is an application -layer protocol built on top of TCP and enables communication between web browsers and servers. The combination of these protocols allows the OCI Network Load Balancer to manage diverse workloads, including web services and real -time applications. For reference: OCI Load Balancer Documentation Which policy would you write to provide admin access to all three of your existing admin groups for a shared Test compartment?
