File Storage service, and thus do not directly support quick file recovery for file storage. Exporting file system data to a local server periodically. -> Incorrect. Exporting data to a local server can be part of a broader backup strategy but does not offer the quick, point -in-time recovery capabilities that are inherent to file system snapshots. An enterprise is deploying a critical web application in Oracle Cloud Infrastructure (OCI) that requires both vertical and horizontal scaling capabilities to efficiently manage fluctuating workloads. Which combination of OCI services and configurations should the enterprise implement to meet these scaling requirements?
D. Place the database tier behind a public Load Balancer and configure source IP -based restrictions. Explanation: Implement a Network Security Group (NSG) with specific rules to only allow traffic from the application tier to the database tier. -> Correct. NSGs allow for fine -grained control over traffic between OCI resources. By creating rules that only permit traffic from the application tier, you can enhance database security without exposing it to direct internet access. Deploy an Internet Gateway in the VCN and use security list rules to restrict traffic to the database subnet. -> Incorrect. Deploying an Internet Gateway provides internet access to resources in a VCN but does not offer the granularity needed to restrict database access effectively from the internet. Use OCI Identity and Access Management (IAM) to apply policies that restrict external access to the database instances. -> Incorrect. While IAM policies control access to OCI resources, they do not manage network -level traffic between application components. Place the database tier behind a public Load Balancer and configure source IP-based restrictions. -> Incorrect. Using a public Load Balancer for the database tier would unnecessarily expose it to the internet, contrary to the security requirement. A healthcare company leveraging Oracle Cloud Infrastructure (OCI) wants to implement a security policy ensuring that sensitive patient data stored in Object Storage is accessed only by applications running on OCI compute instances within the same region. Which IAM strategy should be employed to enforce this security requirement?
access must originate from compute instances within the same region. Create a policy that allows access only from a list of predefined IP addresses. -> Incorrect. This approach does not dynamically adapt to potential changes in the IP addresses of compute instances and does not ensure that access is restricted to instances within the same region. Implement a Virtual Cloud Network (VCN) with strict route tables and security lists to control traffic flow. -> Incorrect. While VCNs control network traffic, they do not directly manage access permissions at the IAM level, necessary for enforcing access policies on Object Storage. A multinational corporation is expanding its operations into new global markets and has chosen Oracle Cloud Infrastructure (OCI) for its flexibility and global reach. As part of the infrastructure team, you're tasked with ensuring that the corporation's OCI deployments remain operational and resilient to OCI's scheduled maintenance events. What strategy would you employ to prepare for and mitigate the impact of these maintenance events on the corporation's mission -critical applications?
cost and automatic restart features after maintenance. -> Incorrect. Preemptible instances offer cost savings for flexible workloads but are not suitable for mission -critical applications due to their temporary nature and the potential for unexpected termination. A company is migrating its on -premises file servers to Oracle Cloud Infrastructure (OCI) and requires a scalable file storage solution that supports the NFS protocol. The solution must allow for the secure sharing of file systems between multiple compute instances. Which of the following OCI services would best meet these requirements?
OCI does not allow the creation of subnets with overlapping CIDR blocks within the same VCN, ensuring clear and non -conflicting network addressing. Peering two VCNs in the same region without using a Dynamic Routing Gateway (DRG). -> Incorrect. Local VCN peering is supported in OCI, allowing two VCNs within the same region to communicate without the need for a DRG. Assigning a public IP address to a compute instance within a private subnet via a NAT Gateway. -> Incorrect. While a NAT Gateway allows instances in a private subnet to initiate outbound Internet connections, it does not assign public IP addresses to these instances. For inbound connections, a different method such as an Internet Gateway or a Load Balancer is required. Configuring a Security List with stateful rules to automatically allow return traffic. -> Incorrect. OCI Security Lists support stateful rules, where if an outbound connection is allowed, the return traffic for that connection is automatically allowed as well. A multinational corporation is expanding its disaster recovery strategy to include cross -region replication of critical data stored in Oracle Cloud Infrastructure (OCI) to ensure business continuity in the event of a regional outage. The company's IT architecture team needs to select the most appropriate OCI storage service and configuration to meet their requirements for durability, availability, and automatic synchronization of data across regions. Which OCI storage service and configuration should the architecture team use to implement cross -region replication for their critical data?
Explanation of Incorrect Options: Option A: Creating a new Object Storage bucket in another region and configuring a recycle policy to move data every 5 days does not provide real-time data availability or the fault tolerance required for a financial application. Recycle policies are intended for managing the lifecycle of data, not for high availability or disaster recovery. Option C: While lifecycle policies are useful for moving less frequently accessed data to a more cost - effective storage tier (e.g., from Standard to Archive), they do not address cross -region redundancy or real-time availability, which are critical for this use case. Option D: Copying an Object Storage bucket to a block volume is not a recommended practice for ensuring data durability and fault tolerance. Block volumes are used for persistent storage attached to compute instances, and copying object storage data to block volumes does not achieve the same level of redundancy and cross -region availability as replication policies. Thus, Option B is the correct and most efficient method for ensuring high availability and fault tolerance in this scenario. Which TWO statements are TRUE about Private IP addresses in Oracle Cloud Infrastructure (OCI)?
