50 Oracle Cloud Infrastructure 2025 Observability Professional Practice Questions: Question Bank 2025

You need to quickly determine whether an OCI compute instance is experiencing CPU pressure over the last hour. Which OCI Observability capability is the most direct way to visualize this time-series data?

An administrator wants all audit-relevant events from a specific compartment to be retained and searchable for troubleshooting. Which approach best fits OCI Observability for retaining and searching these events?

You created an alarm that should notify the on-call engineer when a metric threshold is exceeded. Which OCI component is responsible for delivering the alarm message to an email or PagerDuty-like endpoint?

A developer wants to identify which web requests are slow and see a breakdown across services involved in each request. Which OCI Observability feature is primarily designed for end-to-end request analysis?

Your team wants to publish application-specific metrics (for example, number of orders processed per minute) and then alarm on them. Which is the most appropriate approach in OCI?

A central platform team wants to route logs from multiple compartments into a single analytics workflow where teams can run advanced queries and create dashboards based on parsed fields. Which solution best aligns with OCI Observability capabilities?

You have an alarm on a metric that frequently fluctuates around the threshold, generating noise. Which alarm configuration change is the best practice to reduce alert flapping while still detecting real issues?

Users report intermittent high latency in a microservices application. You need to determine whether the latency originates from the database calls or from an upstream service. Which combination of APM data is most useful to isolate the source quickly?

A security team requires that only specific groups can create or modify alarms and notification topics, while developers can view alarms but not change them. What is the best way to implement this in OCI?

A large enterprise wants to standardize log onboarding across many teams. They need consistent parsing so queries can reliably filter by fields like "requestId" and "errorCode" even when log formats vary. Which Log Analytics capability best addresses this requirement?

Your team wants to visualize overall service health by showing the percentage of successful HTTP requests (2xx/total) for the last 15 minutes on an OCI Monitoring dashboard. Which approach is most appropriate?

An operations team needs to route notifications for critical alarms to an external incident management tool via HTTPS, while also sending informational alarms to email. Which OCI capability best meets this requirement with minimal custom code?

You are onboarding a new application to OCI Logging. You need to ensure logs are searchable quickly and can be routed to Log Analytics later. What is the recommended first step?

A platform team wants a single place to analyze logs from multiple compartments and subscriptions, apply consistent parsing, and run advanced queries. They also want to detect patterns and outliers in logs. Which OCI service is best suited?

An alarm is configured to trigger when CPU utilization is above 80% for 5 minutes, but it frequently flaps (rapidly switches between OK and FIRING) during load tests. Which change most directly reduces flapping while still detecting sustained high CPU?

You need to correlate a spike in application latency with underlying infrastructure signals. Which combination provides the most direct end-to-end troubleshooting workflow in OCI Observability?

A security team requires that only a specific group of administrators can create or modify alarm destinations (notification topics) in a compartment, while application teams can still create alarms that publish to existing topics. What is the best practice approach?

You are ingesting application logs into Log Analytics. Queries are returning inconsistent fields because different teams log the same concept (for example, "userId", "user_id", "uid"). What is the most effective way to standardize analysis without changing application code immediately?

A new release caused intermittent errors. You can see elevated error rates in APM, but traces show many requests missing downstream span details. What is the most likely cause to investigate first?

You need an alarm that triggers when the 95th percentile latency of a public endpoint exceeds 700 ms for at least 10 minutes, across multiple availability domains, while minimizing false positives from a single noisy instance. Which design is most appropriate?

You created a custom metric and can see datapoints arriving in OCI Monitoring. However, an alarm based on that metric never triggers, even though the threshold is clearly exceeded in the Metrics chart. What is the MOST likely reason?

You need to let an on-call team receive notifications from multiple OCI alarms and also integrate with an external incident tool. Which OCI component should you configure as the alarm destination to fan out messages to multiple subscribers?

A team wants to reduce noise in Log Analytics by parsing incoming application logs and extracting fields like requestId, statusCode, and latencyMs for searching and aggregation. Which feature is primarily used to define how raw log lines are parsed into fields?

Your security team requires that only approved compartments can create or modify alarms that notify external HTTPS endpoints. What is the BEST approach in OCI to enforce this governance requirement?

A microservices application shows intermittent high latency. APM traces show that end-to-end latency spikes correlate with a specific downstream call, but the service owner claims the downstream service is healthy. Which APM view is MOST useful to validate whether the downstream dependency is actually causing the latency increase and to see its contribution?

You want to create a Log Analytics dashboard that shows the top 10 sources by error count and trends over time. The query works, but results are inconsistent because multiple log sources use different field names for the same concept (for example, status, httpStatus, responseCode). What is the BEST way to normalize these fields for consistent querying?

An operations team receives repeated alarm notifications during a known maintenance window, causing alert fatigue. They still want to collect metrics and keep the alarm configured for normal operations. What is the MOST appropriate way to prevent notifications during maintenance without deleting the alarm?

You have 200 compute instances across multiple compartments. You need an alarm when ANY instance’s filesystem usage exceeds 90%, but you do not want to create 200 separate alarms. Which approach is BEST?

A service emits logs to OCI Logging, and you forward them to Log Analytics. Queries in Log Analytics show frequent duplicates of the same events. You confirm the application is not duplicating logs. What is the MOST likely architectural cause?

An application is instrumented with OCI APM. You can see metrics and spans for most requests, but some user transactions are missing end-to-end traces. Logs show requests completing successfully. Which action is MOST likely to restore complete traces across services?

Your team wants all OCI services to emit logs to a central location so they can be searched later. You also want to keep raw logs in object storage for compliance. Which OCI approach best meets this requirement with minimal operational overhead?

An SRE wants an alarm to page only when an application’s error rate is consistently high, not for short spikes. Which alarm configuration best reduces noise while still detecting sustained problems?

You are troubleshooting a compute instance and need to quickly confirm whether high CPU is correlated with memory pressure using OCI Monitoring. What is the most direct way to do this in the Console?

A developer wants to investigate an intermittent 5xx issue and needs end-to-end visibility across microservices, including which downstream call is slow. Which OCI Observability capability is most appropriate?

A security team wants to detect repeated failed logins across multiple compute instances and then notify a SOC tool. They need to search and aggregate log content and keep detections consistent. Which design is most appropriate?

A team manages resources in multiple compartments and wants a single alarm that evaluates a fleet-wide metric (for example, average CPU across all instances with a specific tag). What is the recommended approach?

You ingest application logs into Log Analytics. Many fields are embedded in JSON (for example, userId, statusCode, latencyMs). Analysts want to run fast queries and dashboards by these fields. What should you do?

An application’s p95 latency increased after a deployment. APM shows the slowest spans are database calls, but the DB team claims the database is healthy. What is the best next step using OCI Observability to identify the root cause?

You need to implement an enterprise alerting pattern where multiple teams receive different notifications based on alarm severity, and message delivery must be resilient even if a downstream endpoint is temporarily unavailable. Which design best fits OCI capabilities?

A platform team wants to allow application teams to create APM traces and custom metrics, but they must prevent teams from viewing each other’s telemetry data. Which approach best enforces this separation in OCI Observability?

You want to quickly validate that a new Compute instance is publishing basic telemetry without building any custom dashboards. Which OCI Observability feature provides the fastest way to view built-in metrics for common resources?

A team is standardizing operational dashboards and wants a single chart showing CPU utilization averaged across all instances in a compartment. What is the most appropriate approach in OCI Monitoring?

Your security team wants an email whenever a critical alarm fires. Which OCI component is responsible for delivering that email once the alarm is triggered?

A platform team routes OCI service logs (Audit, Load Balancer, API Gateway) into a central compartment. They want to ensure only the logging pipeline can write to the destination and that producers cannot overwrite or delete prior log records. What is the best-practice design?

You created a metric-based alarm but it never fires, even though the chart in Metrics explorer shows the metric crossing the threshold. The alarm uses a dimension filter for "resourceId". What is the most likely cause?

An application team wants to correlate a spike in API latency with specific upstream calls and see the distribution of latency across endpoints. Which APM capability best fits this requirement?

You need an automated way to forward selected log entries (for example, only ERROR level) from Logging to an external HTTPS endpoint for incident enrichment. What is the recommended OCI pattern?

A single alarm must notify different on-call teams depending on the environment (dev/test/prod) without duplicating alarm logic across many resources. Which design best meets this requirement?

An APM-instrumented microservices application shows increased end-to-end latency. Traces indicate most time is spent in one service, but that service’s CPU and memory metrics look normal. What is the most effective next step to identify the bottleneck within that service?

Your organization must prove that operational alerts are generated even if one Observability component is misconfigured. You need a resilient design for critical health alerts for a regional service deployed across multiple availability domains. Which approach best increases alerting reliability within OCI’s native services?