50 Oracle Cloud Infrastructure Architect Associate Practice Questions: Question Bank 2025

You need to launch a new VM instance in OCI and ensure it always keeps the same private IP address after stop/start operations. Which approach meets this requirement?

A workload requires very low latency and the highest possible IOPS for a database hosted on a VM instance. Which storage option is the best fit?

You want to allow an on-premises data center to privately access OCI services such as Object Storage without sending traffic over the public internet. Which OCI feature supports this?

An application team needs temporary, time-limited access to a specific object in an Object Storage bucket without making the bucket public. What should you use?

A security policy requires that only instances in a public subnet can have public IP addresses and that back-end instances must not be directly reachable from the internet. Which design best satisfies this?

A compute instance in a private subnet cannot reach the internet to download patches. The subnet route table has a default route (0.0.0.0/0) pointing to a NAT Gateway, and the security list allows egress. What is the most likely missing configuration?

Your organization wants to centrally manage IAM policies and compartments for multiple OCI tenancies (for example, separate tenancies for different subsidiaries) while allowing local administrators limited control. Which OCI capability is designed for this?

You run an Oracle Database on a VM instance. The database files are on Block Volumes. You need crash-consistent backups of multiple volumes (data and redo) at the same point in time with minimal impact. What should you use?

A company deploys a three-tier application on OCI. They require end-to-end encryption from clients to the backend instances and also want to inspect HTTP headers at the load balancer for routing decisions. Which solution best meets both requirements?

A database running on a bare metal instance uses local NVMe for performance. The business requires rapid recovery if the bare metal host fails. Which architecture is most appropriate?

A startup wants developers to SSH to Linux VM instances without exposing any public IP addresses. They also want access to be centrally controlled and auditable. Which OCI approach is recommended?

You need to allow an on-premises network to communicate with multiple VCNs in the same region. The VCNs must also communicate with each other. What is the OCI best-practice connectivity design?

A database team needs shared file storage mounted concurrently by a pool of VM instances for a content management application. The data must persist independently of instance lifecycle and support POSIX-style permissions. Which OCI storage service fits best?

A web application deployed on OCI has two public subnets (one per AD) and two private subnets (one per AD). Users report intermittent timeouts to the public load balancer from the internet. The load balancer exists, but instances in private subnets can’t fetch OS updates. What is the most likely missing component?

A security architect wants to minimize the blast radius in OCI by isolating resources and controlling who can manage networking versus compute. Which design aligns best with OCI best practices?

A team wants to increase the size of an existing block volume attached to a VM and then immediately use the additional space in the OS. They increased the volume size in OCI, but the OS still shows the old capacity. What should they do next?

An application requires extremely low-latency, high IOPS storage for a scratch workspace. Data can be regenerated and does not need to persist if the instance is restarted or replaced. Which storage option is most appropriate?

A company is migrating an Oracle Database to OCI. They require automated backups, automatic failover to a standby database in another availability domain, and read scaling using a standby. Which OCI database option best meets these requirements with minimal management overhead?

A security team wants to ensure that all Object Storage buckets in a compartment are private and cannot be made public by developers. They also want to prevent creation of buckets without encryption using customer-managed keys. What is the best control mechanism in OCI to enforce this proactively?

You have a VCN with a public subnet hosting a load balancer and a private subnet hosting application instances. The application instances must access Object Storage privately (no internet) to retrieve artifacts. What is the correct networking configuration?

You need to deploy a web server VM in OCI. The VM must have a private IP and also be reachable from the internet using a public IP. Which networking setup is required to enable inbound access from the internet?

A VM instance needs to read objects from an Object Storage bucket securely without distributing user API keys. What is the recommended approach?

An application needs persistent block storage for an OCI compute instance, and the data must remain available even if the instance is terminated. Which storage option meets this requirement?

You deploy a VM instance in a private subnet (no public IP). It must install OS patches by reaching public package repositories on the internet, but it must not accept inbound internet connections. What is the best solution?

A company wants to prevent accidental deletion of critical backups stored in an Object Storage bucket. They want older backups to be protected from deletion for a defined retention period. Which Object Storage feature should be used?

You need to migrate an on-premises Oracle database to OCI with minimal changes and want OCI to handle database patching and backups. The application will continue to use standard Oracle database connectivity. Which service best fits?

A security team wants to enforce a rule: 'No compute instances may have a public IP in the production compartment.' They want this enforced centrally and automatically at resource creation time. Which OCI capability should they use?

Your company has two VCNs in the same region: VCN-A (10.0.0.0/16) and VCN-B (10.0.0.0/16). You must enable private communication between them. What is the main issue you must address before peering can work?

A database workload on an OCI VM experiences inconsistent I/O latency. The VM uses a Block Volume with default performance settings. The application is latency-sensitive and needs more consistent IOPS. Which action is most appropriate?

A multi-tier application is deployed across two Availability Domains. The database is on a DB System, and the application tier uses multiple VMs behind a load balancer. The requirement is to minimize downtime for planned maintenance on the application VMs and allow safe rollouts. Which approach best meets this requirement?

You created a new VCN with a public subnet and launched a VM instance in that subnet. The instance has a public IP assigned, but you cannot SSH to it from the internet. The subnet route table has a default route (0.0.0.0/0) to an Internet Gateway. What is the MOST likely missing configuration?

An application requires a shared POSIX-compliant file system that can be mounted concurrently by multiple compute instances in different subnets within the same region. Which OCI storage service best meets this requirement?

A team wants to run a web server on an OCI VM instance and ensure that it can be reached from the internet on HTTP (80) and HTTPS (443). Which OCI configuration is required in addition to placing the instance in a public subnet with a route to an Internet Gateway?

You need to automate the provisioning of multiple OCI resources (VCN, subnets, compute instances) in a repeatable way and manage changes using version control. Which OCI service or approach is most appropriate?

A VM instance in a private subnet needs outbound access to download software updates from the internet, but it must not accept inbound connections from the internet. What should you implement?

You deployed a public load balancer in OCI to distribute traffic to backend web servers. Health checks are failing even though the application is running on port 8080. What is the MOST likely cause?

A database architect wants to protect an OCI database from accidental deletion and also enforce that backups must be created before certain administrative actions are performed. Which feature should be used to enforce this governance control?

A company needs to replicate objects to a second OCI region to improve disaster recovery posture. They want replication to be automatic and continuous after initial configuration. Which Object Storage capability should they use?

You have an Autonomous Database (ADB) used by a business-critical application. The security team requires that the database not be reachable from the public internet and that application traffic stays within OCI private networking. Which approach best satisfies this requirement?

A company has a hub-and-spoke network design in OCI. Multiple spoke VCNs must communicate with each other and with an on-premises network. The company wants a scalable routing model that avoids manually managing numerous local peering gateways between spokes. Which OCI design is MOST appropriate?

You must deploy a public-facing web server VM and ensure it receives a predictable public IP that will not change when you stop/start the instance. Which OCI resource should you use?

A developer needs to upload large media files to OCI Object Storage using a CLI. The target bucket must accept uploads only if the object key starts with "media/". Which capability should you use to meet this requirement with least operational overhead?

You need to add additional block volumes to an existing Linux VM. After attachment, the volumes are not visible as usable filesystems. What is the next required step on the VM to use the volumes?

A production application uses an OCI Load Balancer in a public subnet to distribute traffic to web servers in a private subnet. Users report intermittent 502 errors. Backend health checks show some backends as "critical". Which is the MOST likely configuration issue?

A company wants to ensure all new compute instances automatically meet a security baseline: only approved images can be used, and instances must be launched in specific compartments. Which approach aligns best with OCI governance best practices?

You have an application running on multiple compute instances in different availability domains within the same region. You need shared storage that can be mounted concurrently by all instances. Which OCI service should you choose?

A team needs private access from a VCN to Oracle services such as Object Storage and OCI APIs without traversing the public internet. The instances are in a private subnet with no public IPs. Which networking component provides this capability?

A database is experiencing a surge in read-only traffic from a reporting application. You want to reduce load on the primary database while keeping the reporting data near-real-time. Which OCI database capability best fits this requirement?

You are designing a highly available web tier that must survive a complete availability domain failure in a region. Which design best meets this requirement?

Your security team requires that database credentials never be stored in application configuration files or instance metadata. Applications running on OCI compute should retrieve secrets at runtime with fine-grained access control and auditing. Which OCI service and access pattern should you use?