50 Oracle Cloud Infrastructure Foundations Associate Practice Questions: Question Bank 2025

A startup wants to deploy a web application quickly without managing operating systems or runtime patching. Which OCI compute option best fits this requirement?

Your organization needs to logically isolate resources for different teams (Dev, Test, Prod) while using the same OCI tenancy. Which OCI construct is designed for this purpose?

A team wants to store large amounts of unstructured data (images, backups) and access it over HTTP APIs. Which OCI storage service should they choose?

A user can see a compartment in the Console but cannot create a compute instance in it. Which is the most likely cause?

A company needs a highly available public endpoint for an application running on multiple compute instances across different availability domains within the same region. Which OCI service should they use?

A security policy requires that all access to OCI resources be controlled centrally and that authentication can integrate with a corporate identity provider. Which OCI service supports this best?

A workload runs on compute instances in a private subnet. The instances need to download OS updates from the public internet, but they must not be directly reachable from the internet. What is the recommended solution?

A team wants to be alerted when a compute instance’s CPU utilization exceeds a threshold for 5 minutes. Which OCI capability should they use?

An enterprise wants to enforce that only approved OCI resources (for example, specific instance shapes or regions) can be used, and that violations are blocked at creation time. Which OCI feature best meets this requirement?

A company must ensure business continuity for a critical application in the event an entire OCI region becomes unavailable. Which architecture approach best addresses this requirement?

A team wants to allow a group of developers to manage only compute instances in a specific compartment, without granting access to networking or storage resources. Which OCI feature should they use to enforce this?

You need to store application logs that are rarely accessed but must be retained long-term for compliance. The logs can tolerate slower retrieval times. Which OCI storage option best fits?

Which statement best describes the shared responsibility model in Oracle Cloud Infrastructure?

A security team wants to enforce that all newly created Object Storage buckets are private and cannot be made public. Which OCI service helps define and enforce this guardrail across compartments?

A company wants instances in a private subnet to access Object Storage without traversing the public internet and without using public IP addresses. Which design is recommended?

An administrator created an IAM policy intended to let a group manage buckets in compartment A, but users still get authorization errors when creating buckets. Which is the most likely cause?

A workload needs shared POSIX-compliant file storage that can be mounted simultaneously by multiple compute instances in different availability domains within the same region. Which OCI service should you choose?

A company wants to automate infrastructure deployment and ensure consistent, repeatable environments using an infrastructure-as-code approach within OCI. Which OCI service best supports this requirement?

A company wants to allow an application running on a compute instance to call OCI APIs (for example, to write objects to a bucket) without storing user credentials or API keys on the instance. Which approach is the most secure and recommended?

You are designing a highly available web application deployed across multiple subnets. You need to distribute incoming traffic across multiple backend instances and perform health checks to route traffic only to healthy backends. Which OCI service provides these capabilities?

An organization wants to prevent accidental deletion of Object Storage data while still allowing applications to read and write objects. Which Object Storage feature best meets this requirement?

A new team member must sign in to OCI using the company's SSO provider. The company wants OCI to rely on the external identity provider for authentication. Which OCI capability enables this?

A customer wants Oracle to notify them when maintenance events or service incidents could affect their OCI resources. Which OCI service should they use?

A security team wants to ensure that compute instances cannot have public IP addresses in a specific compartment. Which approach best enforces this requirement centrally?

A team wants to automatically run a function whenever a new object is uploaded to a specific Object Storage bucket. Which OCI services combination is the most appropriate?

A company needs to connect its on-premises data center to OCI with consistent, private connectivity and predictable performance. Which connectivity option best fits this requirement?

A project requires storing database credentials and API keys securely, with tight access controls and auditability. Which OCI service is designed for this purpose?

An application running on multiple compute instances needs to access Object Storage without storing long-lived user credentials on the instances. Which OCI feature is the recommended solution?

A company wants to ensure workloads continue operating even if an entire Availability Domain becomes unavailable. The workload is deployed in a region with multiple Availability Domains. Which design is most appropriate?

A developer created an alarm in OCI Monitoring but is not receiving any notifications when the alarm fires. The alarm status shows "FIRING". What is the most likely cause?

A startup wants to reduce operational overhead by using managed services instead of maintaining operating systems and middleware. Which cloud service model best fits this requirement?

You need to provide internet access to a private subnet in OCI without allowing unsolicited inbound connections from the internet. Which component should you use?

A security team wants to ensure that any new block volume created in a specific compartment is always encrypted with a customer-managed key. Which OCI feature is most appropriate to help enforce this requirement?

An administrator created an IAM policy allowing a group to manage objects in an Object Storage bucket. Users in that group can list buckets but get an authorization error when uploading objects. Which is the MOST likely cause?

A team wants to access Object Storage from compute instances in a private subnet without sending traffic over the public internet. What is the recommended solution?

A company needs to restrict inbound traffic to a set of application servers so that only a specific load balancer and a bastion host can reach them on defined ports. The company also wants easy reuse of the rules across multiple subnets. Which OCI feature best meets this need?

An operations engineer needs to troubleshoot why an instance in a public subnet is not reachable via SSH from the internet. The route table includes a rule to an Internet Gateway, and the instance has a public IP. What is the NEXT item to check in OCI to allow inbound SSH?

Your organization requires that all OCI API calls made by users and services are recorded for audit and retained for investigation. Which OCI service provides this capability by default for supported events?

A regulated workload must ensure that no one, including OCI operators, can access or export data from a block volume without explicit authorization and cryptographic assurance. Which OCI capability is designed to address this requirement?

A company runs workloads in multiple compartments and needs a centralized view of budgets, cost trends, and spend by tags across the tenancy for operational reporting. Which OCI capability best supports this requirement?

A team wants a quick way to estimate network latency and bandwidth between their on-premises environment and OCI before committing to a dedicated connectivity design. Which OCI service is intended for this purpose?

A new OCI user can see their compartment but receives "NotAuthorizedOrNotFound" when trying to list compute instances in it. The instances are known to exist. What is the most likely cause?

Which statement best describes the purpose of compartments in OCI?

A company must ensure objects in an OCI Object Storage bucket cannot be deleted for 30 days after upload, even by administrators. Which feature should they use?

A developer needs to store a database password for an application running on OCI and retrieve it programmatically without embedding it in code. What is the recommended OCI approach?

A customer wants to centralize audit events from multiple OCI services and compartments to support compliance investigations. Which OCI capability provides a record of API calls and console actions?

A web application is deployed on two compute instances in a private subnet. Users must access the app from the internet, but the instances must not have public IP addresses. Which OCI design meets this requirement?

A team wants to automate the provisioning of a repeatable OCI environment (VCN, subnets, compute, and policies) using declarative templates that can be version-controlled. Which OCI service is best suited?

A security team requires that only instances launched from approved, hardened images can be created in a specific compartment. They also want violations to be detectable automatically. Which combination best meets this requirement?

A company is designing IAM for multiple teams. They want to ensure that members of Team A can manage only their own compute instances in Compartment A but cannot create or modify networking resources anywhere. What is the best practice approach?