50 Oracle Cloud Infrastructure 2025 Cloud Operations Professional Practice Questions: Question Bank 2025

An operations team wants to receive an email when any compute instance in a compartment stops responding (instance becomes unreachable) so they can open an incident. Which OCI feature best fits this requirement with minimal custom code?

Your organization wants to ensure all newly created block volumes are encrypted with a customer-managed key (CMK) and to prevent creation if a CMK is not used. Which governance approach is most appropriate?

A FinOps analyst needs to attribute OCI spend to internal teams, even when some resources were created without tags. What is the most practical first step to improve cost allocation going forward?

A nightly batch job occasionally leaves behind temporary compute instances. The operations team wants an automated way to detect and terminate instances matching a naming convention (for example, prefix 'tmp-batch-') after 8 hours. Which OCI-native automation approach is most appropriate?

An administrator wants to quickly identify why a user cannot create a compute instance in a compartment. The error returned is "NotAuthorizedOrNotFound." What is the best initial troubleshooting step?

You are asked to reduce cost for a fleet of non-production compute instances that run only during business hours. The team wants a solution that minimizes manual effort and reduces waste. Which approach best aligns with OCI best practices?

A security team wants to continuously assess misconfigurations across OCI (for example, public buckets, overly permissive security lists, or exposed databases) and provide actionable recommendations. Which service is primarily designed for this purpose?

An application team reports intermittent timeouts to a private backend service hosted on instances in a private subnet. You suspect security list or NSG rules. Which OCI logging/monitoring combination provides the most direct evidence to confirm whether traffic is being allowed or denied at the VNIC level?

A regulated workload requires that only approved OCI services can be used and that resources must comply with strict security policies (for example, no public IPs, encryption enforced, and restricted network paths). The team also wants noncompliant resource creation to be blocked. Which design best meets these requirements?

A platform team manages hundreds of resources across multiple compartments. They need an automated way to deploy and update standard infrastructure stacks (networks, IAM policies, and compute) consistently, with change tracking and the ability to roll back. Which OCI service best supports this operating model?

A security team requires that any new Object Storage bucket created in the tenancy must be private (no public access). They want an automatic prevention mechanism rather than manual reviews. Which OCI capability best meets this requirement?

An operations engineer wants to be notified when a specific compute instance becomes unreachable (for example, fails health checks) and also wants to trigger an automated remediation function. Which combination of OCI services is the most appropriate?

A finance team wants to allocate monthly OCI costs by application without relying on manual spreadsheets. Resource ownership changes often, so they need a consistent approach that works across compartments. What is the recommended method?

A team uses Instance Pools for a stateless web tier behind a Load Balancer. They notice that during peak hours, users experience latency spikes, but CPU utilization on the instances remains low. Which metric/area should they investigate first to identify the bottleneck?

A company wants to automatically remediate non-compliant security list rules when a rule allowing inbound SSH (port 22) from 0.0.0.0/0 is created. The remediation should remove or update the rule immediately after detection. Which design is most appropriate?

A cloud operations team wants to reduce cost without affecting availability for a set of development compute instances that should only run during business hours. Which approach is most operationally efficient and scalable?

After a new compliance requirement, an organization must ensure that only approved OCI regions are used for creating resources. They want an enforcement control that blocks resource creation in disallowed regions. What should they implement?

A team needs a centralized, searchable view of logs from hundreds of compute instances across multiple compartments. They also want to create queries to troubleshoot intermittent application errors without SSH access. Which OCI service best addresses this requirement?

A company uses Resource Manager (Terraform) to manage network and compute resources. They need to ensure changes are reviewed and do not cause unexpected downtime. Which practice is most appropriate to reduce risk before applying changes?

A regulated enterprise must prove that all changes to IAM policies are traceable, retained, and tamper-resistant. They also need to quickly answer: "Who changed this policy and when?" Which OCI approach best satisfies these requirements?

Your team needs to receive an email when a specific compute instance’s CPU utilization stays above 90% for 10 minutes. Which OCI capability should you use?

You want a weekly report that shows cost by compartment and also breaks down spend by tags (for chargeback). Which is the most appropriate OCI feature to use?

A security administrator needs to ensure all newly created block volumes and boot volumes are encrypted using an OCI Vault customer-managed key. What is the best approach?

A batch workload runs nightly and you must ensure it never uses more than a fixed monthly budget. When forecasted spend exceeds the threshold, operations must be notified and the workload should be prevented from scaling further. Which solution best meets the requirement using OCI native capabilities?

An operations engineer wants to automatically run a script on a fleet of compute instances to rotate application logs and upload them to Object Storage. The instances are spread across multiple compartments. Which approach is most appropriate for repeatable, centrally managed automation?

A compartment has a policy that allows a group to manage instances. Users report they can launch instances but cannot attach a block volume. Which additional permission is most likely missing?

You need to troubleshoot intermittent connectivity to a private backend from a compute instance in a subnet. You want to confirm whether traffic is being allowed/denied by security rules without capturing packets on the instance. Which OCI feature is best suited?

A regulated workload requires that only approved regions can be used, and any attempt to create resources in other regions must be blocked. What is the best OCI governance control to enforce this across the tenancy?

Your organization requires that operations staff can restart instances and read metrics, but must not be able to view or download objects from Object Storage buckets that may contain sensitive data. The operations team uses a single IAM group. What is the best design?

A mission-critical application must automatically recover from an Availability Domain outage. You deploy multiple instances behind a load balancer. Which additional design choice best supports automated recovery with minimal operator intervention?

You manage multiple OCI instances across compartments. You need a single place to view CPU, memory, disk, and filesystem metrics and to create alarms on those OS-level metrics without logging into each host. What is the recommended approach?

A finance team wants to be alerted when daily spending for a specific compartment is trending higher than expected. They want alerts without building custom scripts. Which OCI capability best fits this requirement?

An application team wants a standard set of tags (CostCenter, Owner, Environment) to be required on every new compute instance created in a tenancy. What is the best way to enforce this?

Operations needs a quick way to verify whether an instance can reach an on-premises IP over a Site-to-Site VPN. They suspect a route table issue. Which OCI tool or artifact most directly helps validate what routes are configured for the instance’s subnet?

A team wants to automatically remediate security list changes that open SSH (22) to the internet. When such a change happens, they want a function to run that reverts it and notifies SecOps. Which combination is most appropriate?

Your organization uses a hub-and-spoke network with a central DRG. A new spoke VCN cannot reach on-premises networks, but other spokes can. DNS works and the IPSec tunnel is up. Which is the most likely OCI configuration issue to check first?

A cost optimization initiative wants to identify always-on instances in non-production compartments that are consistently underutilized and could be resized or scheduled off-hours. Which OCI feature best supports this analysis without building a custom data pipeline?

Security requires that all OCI API actions be retained for long-term analysis and that the data be queryable for investigations. Operations wants minimal ongoing management. Which approach best meets this requirement?

You must enforce that object data in a sensitive bucket cannot be exfiltrated to the public internet, while still allowing access from OCI services and from on-premises over a private connection. Which design best accomplishes this?

A production environment uses many alarms. During an incident, the on-call engineer was flooded with notifications and missed the critical signal. You must redesign alerting so that related symptoms are correlated into a single actionable incident with routing and escalation, while preserving raw metric and log data. Which approach is most appropriate?

A new operator needs to quickly see whether any OCI resources in a compartment are failing and which service is responsible, without creating custom dashboards. Which OCI capability best fits this requirement?

Your finance team wants a consistent way to allocate OCI spend to internal departments for reporting. Teams already use free-form tags inconsistently. What is the recommended approach to enforce consistent cost attribution going forward?

An operator needs to grant a junior team member permissions to restart instances and manage instance console connections, but not to create or delete instances. What is the best OCI IAM approach?

A production application uses several OCI services. You need an automated notification when specific API calls occur (for example, changes to security lists) so the on-call team can respond immediately. Which solution best meets this requirement with minimal operational overhead?

You are troubleshooting a sudden increase in 5xx errors on an application behind an OCI Load Balancer. Backend instances appear healthy at the OS level. Which is the most appropriate first OCI-level check?

A team wants to reduce costs from abandoned resources. They need an automated way to identify block volumes that are not attached to any instance and have not been backed up recently. Which OCI approach is most suitable?

You must ensure that all new Object Storage buckets created in a specific compartment are encrypted with customer-managed keys (CMK) rather than Oracle-managed keys. What is the best governance control to enforce this requirement?

Operations wants a repeatable, auditable way to perform routine instance patching and service restarts across many compute instances, with minimal custom code. Which OCI capability is best suited?

Your organization requires that security operations can investigate configuration changes even if the actor deletes related resources afterward. You also need to minimize the risk of tampering. Which design best addresses this requirement?

An application uses OCI Compute instances in a regional subnet across multiple availability domains. During an AD outage simulation, monitoring showed that traffic still routed to backends in the failed AD for several minutes, causing errors. Which change most directly reduces this exposure at the load balancer layer?