50 Oracle Database@AWS Architect Professional Practice Questions: Question Bank 2025

A team is designing a multicloud data platform where Oracle Database@AWS will run in AWS, but several applications remain in OCI. They want a private, predictable-latency network path between OCI and Oracle Database@AWS without traversing the public internet. What is the recommended connectivity approach?

An enterprise requires single sign-on for administrators managing Oracle Database@AWS using their existing corporate identity provider (IdP). They want to avoid creating local users for each administrator. Which approach best meets this requirement?

A database running on Oracle Database@AWS must be reachable only from application subnets inside the same AWS VPC. Security reviews prohibit exposure to the public internet. Which network design best satisfies this requirement?

A company needs an operational approach for patching Oracle Database@AWS that minimizes unplanned outages and ensures changes are controlled. Which practice is most appropriate?

After onboarding Oracle Database@AWS, administrators can connect to the database host but cannot reach the database listener from an application in another subnet within the same VPC. Security groups appear correct. What is the MOST likely additional configuration to verify first?

A financial services customer must ensure administrative access to Oracle Database@AWS is granted only to approved teams and is auditable. They already use a corporate IdP and want role-based access control. Which design best supports least privilege and centralized auditability?

A retail company runs Oracle Database@AWS in one AWS Region. They require a disaster recovery copy in another Region with a defined RPO and a controlled failover procedure. Which strategy best aligns with these requirements?

A company wants to extend an existing OCI-centric architecture to Oracle Database@AWS while keeping security controls consistent across clouds. They require centralized policy management for administrators and separation of duties between platform operators and database administrators. What is the BEST approach?

You are designing a high-availability architecture for a mission-critical Oracle Database@AWS workload. Requirements include minimizing single points of failure and enabling rapid failover during infrastructure issues within an AWS Region. Which design is MOST appropriate?

A security team mandates that all database connections to Oracle Database@AWS must be encrypted in transit, and they want to prevent accidental plaintext connections from applications. Which control most directly enforces this requirement at the database service level?

You are onboarding a new enterprise that must centrally manage identities in their existing AWS IAM Identity Center (SSO) while granting least-privilege access to Oracle Database@AWS administrative functions. Which approach best meets this requirement?

An application running in a private subnet must connect to Oracle Database@AWS with traffic staying on private IP space and not traversing the public internet. What is the recommended networking setup?

You need a repeatable way to deploy Oracle Database@AWS resources across multiple AWS accounts using consistent configuration and approvals. Which approach is most appropriate?

After migrating an application to a new VPC, database connections intermittently fail. DNS resolves the database hostname to multiple IPs, but only some succeed. Security groups and NACLs are unchanged. What is the MOST likely cause?

A security team requires that database credentials are never stored in application configuration files and are rotated regularly without downtime. Which design best satisfies this requirement for an application on AWS connecting to Oracle Database@AWS?

Your organization uses a hub-and-spoke network model. Multiple application VPCs (spokes) must connect to Oracle Database@AWS in a shared services VPC (hub) with minimal operational overhead and centralized routing controls. Which option best fits?

A production workload requires high availability. During a maintenance event, you must minimize application downtime and ensure client connections fail over automatically. Which strategy is MOST appropriate?

You must enable cross-account access for a centralized operations team to monitor multiple Oracle Database@AWS environments while ensuring teams cannot access each other's databases. Which access model is best practice?

A regulated customer requires that data exfiltration risks are reduced by restricting database egress to only necessary endpoints, while still allowing patching/updates and required service communications. Which is the BEST approach?

A mission-critical application requires disaster recovery with a strict RPO and the ability to perform regular DR tests without impacting production performance. Which DR design is MOST appropriate?

Your organization wants developers to sign in to the Oracle Database@AWS console using corporate credentials managed in AWS. The goal is centralized access control and short-lived sessions without creating local Oracle users for each developer. Which approach best meets this requirement?

A database team needs to ensure that only application subnets in a specific AWS VPC can connect to an Oracle Database@AWS private endpoint. What is the most appropriate control to implement first?

You are designing an onboarding runbook for Oracle Database@AWS. A key requirement is that infrastructure deployment and database provisioning are repeatable, auditable, and can be promoted across environments (dev/test/prod) with minimal drift. What is the recommended approach?

An application intermittently fails to connect to Oracle Database@AWS from private subnets in AWS. DNS resolution of the database endpoint sometimes returns a different IP, and only one of the IPs works. What is the MOST likely cause and best fix?

A security team requires that database administrators use least-privilege access and that all administrative actions against Oracle Database@AWS are traceable to an individual identity. What is the BEST practice to meet this requirement?

A company requires near-zero downtime maintenance for an Oracle Database@AWS-backed application. They plan to apply database maintenance while keeping the application available, and they can tolerate brief connection retries but not long outages. Which design is MOST appropriate?

A team wants to standardize cross-account access from a central AWS networking account to Oracle Database@AWS resources deployed in multiple application accounts. They need to avoid long-lived credentials and ensure access can be revoked centrally. What is the BEST approach?

A regulated workload requires encryption in transit from AWS applications to Oracle Database@AWS, and the security team mandates certificate validation to prevent man-in-the-middle attacks. Which configuration best satisfies this requirement?

You need a DR design for Oracle Database@AWS with the following goals: minimize data loss, enable controlled failover, and support periodic DR testing without impacting production. Which solution is MOST appropriate?

During an outage simulation, an application fails to reconnect after the database performs an HA failover. The database is healthy, but client sessions remain stuck until the application is restarted. Which change is MOST likely to resolve this issue with minimal operational overhead?

An enterprise wants to let developers sign in once using their corporate IdP and then provision Oracle Database@AWS resources without creating separate local users in multiple systems. Which approach best supports centralized identity and least administrative overhead?

Your Oracle Database@AWS deployment uses multiple subnets for separation of duties. You need to ensure only application servers can connect to the database listener port, while administrators can connect for management from a dedicated bastion subnet. Which AWS control is the most appropriate first line of enforcement at the network layer?

A team is onboarding a new environment and wants to standardize how Oracle Database@AWS resources are created to reduce configuration drift and speed up repeated deployments. Which approach aligns best with infrastructure-as-code best practices?

Your organization requires database audit logs to be retained centrally and protected from modification by database administrators. Which design best meets tamper-resistance and centralized retention goals?

A production Oracle Database@AWS system experiences intermittent connection timeouts from application instances in a private subnet. The database instances are reachable from a bastion in another subnet. Which is the MOST likely network misconfiguration to check first?

You need to design high availability for an Oracle database used by a customer-facing application. The requirement is automatic failover within the same AWS Region and minimal manual intervention during node failure. Which approach best fits?

A security team mandates that database credentials must not be hardcoded in application configuration files. The application runs on AWS and must retrieve credentials at runtime with rotation support. Which solution best meets this requirement?

A company is setting up Oracle Database@AWS in a multi-account AWS environment. They want to ensure teams can provision only into approved network constructs and use only sanctioned configurations. Which governance approach is MOST appropriate?

You are designing a cross-region disaster recovery strategy for Oracle Database@AWS with a strict RPO objective and the need to keep the DR copy closely synchronized. What is the BEST architectural choice?

After enabling federated access for administrators, you notice that some users can assume a role that grants provisioning permissions in accounts outside their business unit. You must quickly reduce the blast radius while keeping federation. Which action is MOST effective?

A team is onboarding to Oracle Database@AWS and wants administrators to authenticate using their corporate identity provider (IdP) with temporary credentials. They also need to enforce least privilege using AWS IAM roles. Which approach best meets this requirement?

An architect needs a simple way to route application traffic privately to an Oracle Database@AWS endpoint within the same AWS Region without traversing the public internet. Which connectivity option is the most appropriate?

Operations wants to ensure database access is auditable and that no one uses direct network paths that bypass approved inspection points. Which control is the best first step to enforce this in AWS networking?

A company uses Oracle Database@AWS and has multiple AWS accounts (dev, test, prod). They want a standardized, repeatable onboarding process that creates required IAM roles, networking prerequisites, and logging configurations with minimal drift. Which approach is most appropriate?

An application in a VPC cannot connect to Oracle Database@AWS. DNS resolves the database hostname to a private IP, but TCP connections time out. VPC Flow Logs show REJECT entries for the destination port from the application subnet. What is the most likely cause?

A regulated workload requires that database backups be encrypted with customer-controlled keys and that key usage be auditable. Which design best satisfies this requirement in AWS?

A company needs to implement a cross-account break-glass procedure for Oracle Database@AWS administration. Access must be time-bound, require approval, and be fully logged. Which solution best fits these requirements?

Operations wants to reduce mean time to detect issues affecting Oracle Database@AWS connectivity. They need visibility into both network behavior and database service health, and they want automated alerting when error rates or latency spikes occur. Which combination is the best practice approach?

A company must design for business continuity with an RTO of minutes for critical applications using Oracle Database@AWS. They want to minimize data loss while ensuring failover can be executed predictably during a regional disruption. Which approach is most appropriate?

A multicloud architecture connects Oracle Database@AWS to workloads in another cloud provider. Security requires that traffic be inspected, least-privilege routing be enforced, and lateral movement be minimized across environments. Which design best meets these goals?