Option A is incorrect because adding an entry in the Security List of the ADW allowing ingress traffic for CIDR block 10.2.2.0/24 will not enable connectivity from the server on the private network to ADW.This is because ADW does not use security lists to control access to its database service2.

Option B is correct because adding an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/0; target type of NAT Gateway, will allow outbound internet access from the server on the private network without exposing its private IP address3. Additionally, adding a stateful egress rule to the security list (associated with the private subnet) with destination of 0.0.0.0/0 and for all IP protocols will allow outbound traffic from any source port to any destination port.

Option C is incorrect because adding an entry in the access control list of ADW for IP address 129.146.160.11 will not enable connectivity from the server on the private network to ADW. This is because this IP address belongs to the NAT gateway, not to the server on the private network.

Option D is incorrect because adding an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/0; target type of Internet Gateway, will expose the private IP address of the server on the private network to the public internet3. This is not recommended for security reasons and may also cause routing conflicts.

Option E is correct because adding an entry in the access control list of ADW for CIDR block 10.2.2.0/24 will allow access from any IP address within that range, including the server on the private network2.

To complete the task of creating a public API Gateway and invoking a private function in OCI, you can follow these steps:

To create a new public API Gateway in your compartment named exam-gateway, follow these steps:

In the OCI Console, go toDeveloper Servicesand clickAPI Gateway.

Select your assigned compartment from the list on the left.

ClickCreate Gateway.

Enterexam-gatewayas theNameand selectPublicas theType. You can also add a description for the gateway if you want.

Select your previously created VCN from theVCNdropdown menu and select any subnet from theSubnetdropdown menu. You can also enable logging for the gateway if you want.

ClickCreate. This will create a new public API Gateway in your compartment that can expose your functions to the internet.

To create a new API Deployment named exam-deployment using /v1 as the path prefix in exam-gateway, follow these steps:

In the OCI Console, go toDeveloper Servicesand clickAPI Gateway.

Select your assigned compartment from the list on the left and click on your previously created gateway (exam-gateway).

ClickDeploymentson the left panel and then clickCreate Deployment.

Enterexam-deploymentas theNameand selectFrom Scratchas theSpecification Type. You can also add a description for the deployment if you want.

Enter /v1 as thePath Prefixand leave the other fields as default. ClickNext.

To create a new route by using /hello as the path and GET as the method, follow these steps:

In the Create Deployment dialog box, clickAdd Route.

Enter /hello as thePath, select GET as theMethod, and select Oracle Functions as theType.

Select your previously created function (hello-python) from theFunction Namedropdown menu and leave the other fields as default. ClickSave Changes. This will create a new route that will invoke your function when you send a GET request to /v1/hello.

To create a new stateful CIDR Ingress Rule that allows for TCP HTTPS traffic (port 443) from all IP addresses and ports in the default Security List for exam-vcn, follow these steps:

In the OCI Console, go toNetworkingand clickVirtual Cloud Networks.

Select your assigned compartment from the list on the left and click on your previously created VCN (exam-vcn).

ClickSecurity Listson the left panel and then click on the default security list for your VCN.

ClickEdit All Rulesand then clickAdd Ingress Ruleunder the Ingress Rules section.

Enter 0.0.0.0/0 as theSource CIDR, select TCP as theIP Protocol, and enter 443 as both theSource Port Rangeand theDestination Port Range. You can also add a description for the rule if you want.

ClickSave Security List Rules. This will create a new stateful CIDR Ingress Rule that will allow HTTPS traffic from any source to reach your API Gateway.

To use curl to call the function via your API Gateway deployment, follow these steps:

In the OCI Console, go toDeveloper Servicesand clickAPI Gateway.

Select your assigned compartment from the list on the left and click on your previously created gateway (exam-gateway).

ClickDeploymentson the left panel and then click on your previously created deployment (exam-deployment).

Copy the value of the Endpoint URL field. This is the base URL for your API Deployment.

In a terminal window, enter the following command:

curl -k -X GET {deployment-endpoint}/v1/hello

where {deployment-endpoint} is the base URL that you copied.

For example, if your deployment endpoint is https://abc123xyz456.apigateway.us-ashburn-1.oci.customer-oci.com, your command would be:

curl -k -X GET https://abc123xyz456.apigateway.us-ashburn-1.oci.customer-oci.com/v1/hello

This will send a GET request to your API Deployment and invoke your function. You should see a response similar to this:

{'message': 'Hello World!'}

Topic 2, Multiple Choice Questions

Option A is correct because deploying a Virtual Machine RAC DB system on OCI and using the ZDM tool for the database migration is a method that can minimize the impact on the application. ZDM is a software solution that allows you to directly and seamlessly migrate your on-premises Oracle Databases to the Oracle Cloud, whether in OCI or ExaCC.ZDM supports a wide range of Oracle Database versions, and ensures that there is minimal to no production downtime during the migration1.ZDM also supports migrating RAC databases to RAC databases on OCI2.

Option B is incorrect because deploying an Autonomous Transaction Processing Database on OCI and using the MV2ADB tool for the database migration is not a suitable method for this scenario. MV2ADB is a command-line tool that allows migrating data from an Oracle database on-premise to Oracle Autonomous Database in ''one-click''.It is based on Oracle Data Pump export and import utility3.However, MV2ADB does not support migrating RAC databases to Autonomous Database, nor does it support migrating Enterprise Edition databases to Autonomous Database4.

Option C is incorrect because deploying an Exadata Cloud Service Base rack and using Oracle Data Pump tool to migrate the data from customer on-premises to OCI is not a method that can minimize the impact on the application.Oracle Data Pump is a technology that enables you to move data and metadata from one database to another5. However, Oracle Data Pump requires intermediate storage for the dump files, which can add complexity and overhead. It also requires downtime during the export and import operations, which can affect the availability of the application.

Option A is incorrect because rclone is not a tool provided by Object Storage.It is a third-party command-line program that can sync files to and from various cloud storage providers, including Object Storage1.

Option B is incorrect because contiguous numbers are not required for each part.Object Storage constructs the object by ordering part numbers in ascending order only if they are not specified in the commit operation1.

Option C is correct because after initiating a multipart upload, you need to explicitly commit or abort it.Otherwise, it remains active until it expires after 24 hours1.

Option D is incorrect because Object Storage does not provide APIs to split a file into multiple parts.You need to use your own tools or programs to do that1.

Option E is correct because you can list all parts that have been uploaded for an active multipart upload by using the ListMultipartUploadParts API or CLI command.However, you cannot list information for an individual object part by using the GetObject API or CLI command1.

Option A is incorrect because using OCI Traffic management service with failover steering policy will not distribute the traffic between OCI and on premises infrastructure.Failover steering policy will only route traffic to a secondary endpoint if the primary endpoint is unresponsive2. This is not suitable for a gradual migration scenario.

Option B is correct because using OCI Traffic management service with Load Balancing steering policy will distribute the traffic between OCI and on premises infrastructure based on a ratio or round robin algorithm2. This will allow you to control the percentage of traffic that goes to the new infrastructure in OCI and monitor the results.

Option C is incorrect because using an OCI load Balancer will not distribute the traffic between OCI and on premises infrastructure.A load balancer will only distribute the traffic among multiple compute instances within a single region in OCI2. This will not help you migrate from your on premises infrastructure.

Option D is incorrect because using VPN connectivity between on premises Infrastructure and OCI and creating routing tables to distribute the traffic between them will require more effort than using OCI Traffic management service.You will need to set up a VPN connection, configure routing rules, and monitor the network performance2. This will not be as simple and reliable as using a DNS-based solution.