50 Oracle Cloud Infrastructure 2025 Architect Associate Practice Questions: Question Bank 2025

Your team wants developers to manage only compute instances in a single compartment named Dev, but not networking or storage resources. Which IAM policy best meets this requirement?

A web application is deployed on two subnets: a public subnet for a load balancer and a private subnet for application servers. The application servers need to download updates from the internet, but must not be reachable from the internet. What is the recommended design?

You need to persist shared application files that are read and written concurrently by multiple compute instances across different availability domains in the same region. Which OCI storage service is the best fit?

A security administrator wants to enforce that all new Object Storage buckets are encrypted with customer-managed keys stored in OCI Vault. What OCI capability is most appropriate to help govern this requirement?

You have an application deployed in a private subnet. It needs to access Object Storage without sending traffic over the public internet. Which networking component should you configure?

A Linux compute instance in a private subnet cannot reach an external software repository on the internet. You confirm the subnet’s security list allows egress to 0.0.0.0/0. What is the MOST likely missing configuration?

Your application must withstand a single availability domain failure. It uses stateless web servers and a backend database. Which architecture best improves availability for the web tier while keeping the design simple?

A team wants to ensure only approved OCI images are used to launch compute instances. They also want to manage these images centrally and share them to multiple compartments. Which OCI approach is most appropriate?

You need to allow an on-premises network to reach multiple VCNs in OCI using a single connection, and you want to control traffic between VCNs as well. Which design best fits?

A database administrator wants an OCI-managed relational database with minimal administration effort, built-in automated backups, and the ability to scale compute resources without managing the underlying VM. Which database offering best meets these requirements?

You need to allow an application running on an OCI compute instance to call OCI APIs (for example, to read an Object Storage bucket) without storing any API keys on the instance. Which approach is recommended?

A team wants to ensure a compute instance can only be reached from a corporate public IP range over SSH, while allowing the instance to initiate outbound internet connections for patching. Which OCI networking feature best meets this requirement?

Your architecture requires a database to store large binary objects (images) with low latency access from applications in the same region, and it should support automated backups and scaling typical of a managed database service. Which OCI service is the best fit?

A web application uses private subnets for app servers and must reach the public internet to download OS updates, but the app servers must not have public IP addresses. Which design should you implement?

You must restrict access so that developers can manage compute instances only in the "Dev" compartment but cannot create or modify networking resources anywhere. Which IAM policy best matches the requirement?

An application team reports that instances in a private subnet cannot access Object Storage using public endpoints, and the security team does not want to allow internet egress. What is the best solution to enable private access to Object Storage from the VCN?

You need to provide shared POSIX-compliant storage that can be mounted concurrently by multiple Linux compute instances in the same region. The storage must be managed and scalable. Which OCI storage option should you choose?

A workload requires consistent low-latency disk performance for a database running on Compute. You must be able to adjust performance independently of capacity and use the volume as the database grows. Which OCI Block Volume feature should you use?

Your organization needs governance controls so that resources missing required tags (for example, CostCenter and Environment) are denied at creation time across multiple compartments. Which OCI capability is designed for this?

A company must connect an on-premises data center to OCI with private connectivity. They require automatic failover between two circuits from different providers and want to use BGP for dynamic routing. Which OCI connectivity option best meets these requirements?

A DevOps engineer wants all instances in a compartment to automatically include a set of mandatory tags (for cost center and application name). The tags must be enforced at resource creation time. Which OCI feature should be used?

You need to give a third-party auditor read-only access to view billing and usage reports in a tenancy, but you must not allow access to manage resources. Which OCI approach is most appropriate?

A web application running on an OCI instance is reachable from inside the VCN but not from the internet. The instance is in a public subnet and has a public IPv4 address. Which missing or incorrect configuration is the MOST likely cause?

A compute instance must access Object Storage without traversing the public internet. The instance is in a private subnet with no public IP. What is the recommended OCI networking configuration?

A team wants to ensure that all block volumes attached to production instances are encrypted with a customer-managed key (CMK) rather than Oracle-managed keys. What is the best solution?

Your company requires centralized security monitoring. You want to detect misconfigurations such as publicly exposed buckets and overly permissive security lists, and then review findings in one place. Which OCI service best fits this requirement?

A scalable API runs on multiple compute instances in a regional subnet. The team wants a consistent, predictable way to direct traffic to healthy instances and terminate TLS centrally. Which OCI service is most appropriate?

A company needs to run a batch workload that can be interrupted and restarted without data loss. They want to minimize cost and are willing to accept occasional instance termination by OCI. Which compute option should they choose?

A security team wants instances to authenticate to OCI services without storing long-lived user credentials on the instances. They also want fine-grained permissions based on the instance identity. Which solution meets this requirement?

A mission-critical database workload requires automatic failover within the same region, synchronous replication, and minimal data loss. Which Oracle Database deployment on OCI best matches these requirements?

You created an IAM policy in the root compartment to allow a group to manage Object Storage buckets in a child compartment. Users in the group still cannot create buckets. The policy statement is correct. What is the MOST likely reason?

A workload in a private subnet must access Oracle services (such as Object Storage) without traversing the public internet. Which networking component should you use?

You need to store large, infrequently accessed compliance records for several years at the lowest operational overhead. The data is rarely retrieved but must remain durable. Which OCI storage option is the best fit?

An application requires a shared POSIX-compliant file system that can be mounted simultaneously on multiple compute instances in the same region. Which OCI service should you choose?

A team wants to enforce that all newly created block volumes and object storage buckets are encrypted with customer-managed keys stored in OCI Vault. What should they implement to enforce this at scale?

You need to connect two VCNs in different OCI regions with private IP connectivity. The solution must be resilient and support high throughput without using the public internet. Which option is MOST appropriate?

A compute instance in a public subnet has a public IP, but users on the internet cannot reach the web server on TCP/443. The instance OS firewall is disabled and the application is listening. What OCI configuration should you check FIRST?

A team needs to deploy a stateless web tier that can automatically scale out and in based on CPU utilization. They also want instances to be replaced automatically if they become unhealthy. Which OCI feature best meets this requirement?

You must design an architecture for a mission-critical application where a single database must remain available during an Availability Domain failure within a region, with minimal data loss and automatic failover. Which OCI database approach is MOST appropriate?

A security team wants to ensure that only approved OCI services can create, update, or delete specific resources (for example, allowing only an OCI DevOps pipeline to deploy to a compartment). They want to avoid managing long-lived user credentials. What is the BEST approach?

You created a VCN with an internet gateway (IGW) and added a route rule in the subnet route table to send 0.0.0.0/0 to the IGW. Instances in a public subnet still cannot be reached from the internet. Which missing configuration is the MOST likely cause?

A security administrator wants to ensure that all users can change only their own Console password and cannot modify other users. What is the MOST appropriate OCI IAM approach?

A team needs to share a 5 GB file with external partners for 48 hours. The partners should not need OCI accounts. Which OCI feature is BEST suited for this requirement?

A private subnet hosts application instances that must pull container images from an external internet registry. The subnet has no public IPs. Which design enables outbound internet access while preventing inbound internet-initiated connections?

A company requires that new compute instances are automatically configured with OS patches and corporate hardening settings at first boot, consistently across regions. Which OCI feature is MOST appropriate?

An application uses Autonomous Database and must access Object Storage without storing any user credentials in the application configuration. Which approach BEST meets this requirement?

A workload requires shared POSIX-compliant storage that can be mounted concurrently by multiple compute instances across different availability domains within the same region. Which OCI storage service should you choose?

A database administrator wants to provide read-only access to an Autonomous Database to analysts while ensuring they cannot create or modify schemas. Which OCI capability is MOST appropriate to implement this requirement?

Your organization uses OCI Compartments for isolation. You must ensure that the Security team can view audit events across the entire tenancy but cannot create, update, or delete any resources. Which is the BEST solution?

A company has two VCNs in different regions that must communicate privately. They choose DRG-based connectivity between regions. After configuration, instances in VCN-A cannot reach instances in VCN-B. Security lists allow the traffic. What is the MOST likely missing step?