Oracle Cloud Infrastructure 2025 Architect Associate Practice Exam 2025: Latest Questions

You are designing IAM access for a team that manages only Object Storage buckets in a compartment named ProjectA. They must not be able to manage compute, networking, or IAM resources. What is the BEST approach?

A VCN has a public subnet with an Internet Gateway. Instances in that subnet still cannot be reached from the internet over SSH. Which configuration is MOST commonly missing?

A compute instance needs to run a data pipeline that requires 12 TB of local, very high IOPS scratch storage. The data can be regenerated if the instance fails. Which storage choice is BEST?

You need shared storage that can be mounted concurrently by multiple Linux compute instances in different subnets of the same VCN. Which OCI service should you use?

A security team wants to ensure that databases are NOT publicly accessible. They plan to use a detective control that evaluates OCI resources against rules and reports violations. Which OCI service BEST fits this requirement?

Two VCNs in the same region must communicate using private IP addresses. Over time, more VCNs will be added and all of them must have private connectivity without creating a full mesh of peerings. What is the BEST networking design?

A company runs an internal API on private subnets. Developers need temporary SSH access to troubleshoot instances, but the company does not want to expose any instance with a public IP. What is the recommended OCI solution?

You deploy a compute instance using a Network Security Group (NSG) that allows inbound TCP 443 from 0.0.0.0/0. The subnet security list does NOT include any inbound rules for 443. Users report they cannot reach the service. What is the MOST likely cause?

An application requires a highly available relational database with minimal administration, automatic backups, and automated patching. The workload is OLTP and should scale without the team managing the underlying VM or database software. Which OCI database option is the BEST fit?

You must allow instances in a private subnet (no public IPs) to pull images from OCIR and reach other Oracle public services without traversing the internet. Which combination is MOST appropriate?

A team needs a shared file system that can be mounted simultaneously by multiple Linux compute instances in the same region. The application requires POSIX-style file semantics and low operational overhead. Which OCI storage service best fits this requirement?

You need to allow an application running on a compute instance in a private subnet to call OCI APIs (for example, to read from Object Storage) without using user credentials stored on the instance. What is the recommended approach?

An application is deployed on instances in a private subnet. Users report that the application can be reached from the internet through a public load balancer, but the instances cannot download operating system updates from the internet. Which change fixes the issue with the least exposure of the instances?

You must ensure all newly created Object Storage buckets across a compartment are private by default and encrypted with customer-managed keys. What is the best way to enforce this consistently?

A company needs to connect its on-premises network to OCI for production workloads. They require high availability, predictable performance, and private connectivity. Which solution best meets these requirements?

You want to enforce least privilege for a group of developers who must manage only instances (create, start/stop, terminate) in compartment Dev, but must not manage networking or storage resources. Which IAM approach is most appropriate?

A compute instance is launched into a private subnet and should not have a public IP. It must still be accessible for administration from an on-premises network over FastConnect. What is the recommended access method?

A database workload needs automatic backups, automated patching, and minimal administration. The application requires a fully managed relational database service with built-in high availability options. Which OCI database offering best fits these requirements?

A security team requires that only specific private endpoints in a VCN can access Object Storage and that traffic must not traverse the public internet. They also want to restrict access to only Object Storage (not other OCI services). Which design best meets these requirements?

A mission-critical application runs on multiple compute instances behind an OCI Load Balancer. Instances are frequently added/removed by automation. The operations team needs near-real-time visibility and alerting when any backend instance becomes unhealthy or when the load balancer stops routing traffic to a backend. What is the best solution?

Your organization wants all Object Storage buckets to be private by default. Developers should still be able to create buckets, but a control must prevent creating buckets with public access. Which OCI feature best enforces this requirement across compartments?

An application in a private subnet must access a third-party SaaS endpoint on the public internet. The security team requires that outbound traffic use a static, allowlisted public IP address. Which architecture best meets this requirement?

A compute instance cannot resolve hostnames (for example, it cannot resolve "oracle.com"), but it can ping a known public IP address successfully. You suspect a networking configuration issue in the VCN. What is the most likely cause?

You need to provide NFS shared storage that can be mounted concurrently by a fleet of Linux compute instances across multiple availability domains within the same region. The workload requires POSIX file semantics and minimal operational overhead. Which OCI service should you choose?

A security team mandates that only instances in approved compartments can access specific secrets, and applications must retrieve secrets programmatically without embedding credentials in code. Additionally, the team wants short-lived access and auditability of secret usage. Which approach best satisfies these requirements?