Interview Questions and Answers
Intermediate / 1 to 5 years experienced level questions & answers
Ques 1. Explain OCI Identity and Access Management (IAM).
OCI Identity and Access Management (IAM) is the security framework used to control access to OCI resources. IAM defines users, groups, policies, and dynamic groups to manage permissions. Policies specify what actions a user or group can perform on which resources in a specific compartment. OCI IAM follows a policy-based access model written in a human-readable language such as 'Allow group Developers to manage instances in compartment Dev'. IAM also supports federated identity providers such as Oracle Identity Cloud Service (IDCS), enabling single sign-on (SSO) integration with enterprise identity systems. Dynamic groups allow OCI resources such as compute instances to be granted permissions without requiring user credentials. IAM is critical for enforcing least-privilege access and protecting cloud resources from unauthorized usage.
Example:
An administrator may create a policy: 'Allow group DatabaseAdmins to manage autonomous-database-family in compartment Production'.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 2. What is the difference between Security Lists and Network Security Groups (NSGs) in OCI?
Security Lists and Network Security Groups (NSGs) are both used to control network traffic within a Virtual Cloud Network. Security Lists are applied at the subnet level and define ingress and egress rules that apply to all resources in that subnet. Network Security Groups, on the other hand, operate at the individual resource level and provide more granular control. NSGs allow grouping of resources and applying security rules specifically to those groups. While Security Lists are simpler to configure, NSGs offer better flexibility for micro-segmentation and modern application architectures where multiple services exist in the same subnet.
Example:
In a microservices architecture, all application servers may be placed in the same subnet but separated into different NSGs such as WebTier, AppTier, and DBTier with different allowed ports.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 3. What are OCI Gateways and what types are available?
OCI Gateways enable connectivity between a Virtual Cloud Network and external networks or Oracle services. There are several types of gateways in OCI. Internet Gateway allows resources in a public subnet to communicate with the internet. NAT Gateway allows private subnet resources to access the internet for updates without exposing them to inbound internet traffic. Service Gateway allows private access to Oracle services such as Object Storage without using the public internet. Dynamic Routing Gateway (DRG) enables connectivity between on-premises networks and OCI through VPN or FastConnect. These gateways help organizations securely control network traffic and implement hybrid cloud architectures.
Example:
A private compute instance may download patches using a NAT Gateway while preventing inbound internet connections.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 4. What is the difference between OCI Load Balancer and Network Load Balancer?
OCI provides two types of load balancing services: Load Balancer and Network Load Balancer. The OCI Load Balancer operates at Layer 7 and supports HTTP/HTTPS traffic with features such as SSL termination, session persistence, path-based routing, and health checks. The Network Load Balancer operates at Layer 4 and is designed for ultra-low latency and high throughput workloads. It distributes TCP/UDP traffic without modifying the traffic itself and preserves the source IP address. The choice between them depends on the application requirements. Web applications usually use the standard Load Balancer, while high-performance or non-HTTP workloads such as gaming or financial systems may use the Network Load Balancer.
Example:
A web application running on multiple compute instances may use an OCI Load Balancer to distribute HTTPS requests and terminate SSL certificates.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 5. What is OCI Autonomous Database and what are its key advantages?
OCI Autonomous Database is a fully managed database service that uses machine learning and automation to eliminate manual database administration tasks. It automatically handles database provisioning, patching, backups, scaling, tuning, and security updates. Autonomous Database supports multiple workloads including Autonomous Transaction Processing (ATP) and Autonomous Data Warehouse (ADW). The service is designed to reduce operational overhead while improving reliability and performance. It includes built-in features such as auto-scaling, automated indexing, high availability, and continuous security monitoring. Organizations benefit from lower operational costs and faster deployment times because they no longer need to manually manage infrastructure or database tuning.
Example:
A data analytics platform can use Autonomous Data Warehouse (ADW) to automatically scale compute resources during heavy query workloads and scale back when demand decreases.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 6. What are Dynamic Groups in OCI IAM and when should they be used?
Dynamic Groups in OCI IAM are used to grant permissions to OCI resources themselves rather than individual users or groups. They are commonly used for compute instances, functions, or other services that need to interact with OCI resources securely. Dynamic groups are defined using matching rules that identify resources based on attributes such as compartment ID, instance ID, or resource tags. Once a resource becomes part of a dynamic group, IAM policies can grant permissions to that group. This eliminates the need to store credentials within applications. Instead, the OCI instance principal automatically authenticates using OCI's identity service.
Example:
A compute instance running an application may need to upload files to Object Storage. The administrator creates a dynamic group for that instance and a policy like: 'Allow dynamic-group AppServers to manage objects in compartment DataStorage'.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 7. What is OCI FastConnect and how does it differ from VPN connectivity?
OCI FastConnect is a dedicated private network connection between an organization's on-premises data center and Oracle Cloud Infrastructure. Unlike VPN connections that operate over the public internet, FastConnect uses private network circuits to provide more reliable bandwidth, lower latency, and predictable performance. FastConnect supports high-bandwidth connectivity options such as 1 Gbps, 10 Gbps, or higher depending on the provider. VPN connections are easier to set up and cost less but may experience latency fluctuations due to internet congestion. Many enterprises use VPN initially and later migrate to FastConnect for production workloads that require consistent performance and secure connectivity.
Example:
A financial institution running critical transaction processing systems connects its on-premises servers to OCI using FastConnect to ensure low latency and secure communication.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 8. What is the purpose of the OCI Service Gateway?
The OCI Service Gateway allows resources within a Virtual Cloud Network to privately access Oracle services such as Object Storage, Autonomous Database, and other Oracle-managed services without traversing the public internet. Traffic between the VCN and Oracle services stays within the Oracle network, improving security and performance. Service Gateway is especially useful for private subnet architectures where resources should not have direct internet access. By using Service Gateway, organizations can ensure that communication with Oracle services remains internal and secure.
Example:
A compute instance in a private subnet uploads backup files to OCI Object Storage using a Service Gateway without needing an Internet Gateway.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 9. What is OCI Resource Manager and how is it used in infrastructure automation?
OCI Resource Manager is a managed service that enables infrastructure provisioning using Infrastructure as Code (IaC) principles. It uses Terraform, an open-source tool, to define infrastructure in configuration files. These configuration files describe resources such as compute instances, networks, databases, and load balancers. Resource Manager allows users to create stacks that contain Terraform configurations and execute them to automatically provision infrastructure. This approach improves consistency, repeatability, and version control of infrastructure deployments. It also simplifies managing complex environments and supports CI/CD pipelines for automated infrastructure deployment.
Example:
A DevOps team writes a Terraform script that creates a VCN, subnet, compute instance, and load balancer. They upload it to OCI Resource Manager as a stack and run it to deploy the entire environment automatically.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 10. What is OCI Monitoring and how does it help manage cloud resources?
OCI Monitoring is a service that provides metrics and alarms for OCI resources and custom applications. It collects performance metrics such as CPU usage, memory utilization, network throughput, and disk activity from OCI resources. Users can create alarms based on these metrics to trigger notifications when thresholds are exceeded. Monitoring integrates with OCI Notifications to send alerts through email, SMS, or other messaging services. It helps administrators detect performance issues, system failures, and abnormal behavior before they impact users. Monitoring also supports custom metrics, allowing applications to push their own operational data.
Example:
An administrator creates an alarm that sends an email notification when CPU utilization on a compute instance exceeds 80% for five minutes.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 11. What is OCI Functions and how does serverless computing work in OCI?
OCI Functions is a serverless platform that allows developers to run code without managing servers or infrastructure. It is based on the open-source Fn Project. Developers write functions in supported languages such as Java, Python, Node.js, or Go and deploy them to OCI Functions. The platform automatically handles scaling, execution, and resource management. Functions are typically triggered by events such as HTTP requests, object uploads to Object Storage, database changes, or messages from OCI Streaming. Serverless computing allows applications to scale automatically and reduces operational overhead since developers only focus on writing code.
Example:
A function is triggered whenever a file is uploaded to Object Storage. The function automatically processes the file and stores the results in a database.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 12. What is OCI API Gateway and why is it used?
OCI API Gateway is a fully managed service that allows organizations to securely expose backend services through APIs. It acts as an entry point for client applications to access services such as compute instances, functions, or containerized applications. API Gateway provides features such as authentication, rate limiting, request transformation, logging, and routing. It integrates with OCI Identity services for authentication and supports OAuth tokens, API keys, and other security mechanisms. By using an API Gateway, organizations can protect backend services, enforce access policies, and manage traffic efficiently.
Example:
An enterprise exposes its internal microservices through an API Gateway. External clients access the services via the gateway using OAuth authentication.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 13. What is OCI Container Engine for Kubernetes (OKE)?
OCI Container Engine for Kubernetes (OKE) is a fully managed Kubernetes service that simplifies the deployment, management, and scaling of containerized applications. It allows developers to run Kubernetes clusters without worrying about managing the control plane infrastructure. OCI manages the Kubernetes master nodes, while users manage worker nodes where containers run. OKE integrates with OCI networking, identity management, monitoring, and load balancing services. It supports auto-scaling, high availability, and integration with CI/CD pipelines. This service enables organizations to deploy microservices-based applications using containers efficiently.
Example:
A company builds a microservices architecture where each service runs as a container in Kubernetes pods deployed on an OKE cluster.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 14. What is OCI Streaming and what are its common use cases?
OCI Streaming is a fully managed real-time messaging and event streaming service that allows applications to ingest and process large volumes of streaming data continuously. It is similar to Apache Kafka and is designed for building event-driven architectures. Streaming allows producers to publish messages to streams while consumers read and process the messages in real time. It is commonly used for log processing, telemetry data collection, IoT event ingestion, financial transaction processing, and real-time analytics pipelines.
Example:
An e-commerce platform streams real-time user activity logs to OCI Streaming, which are then processed by analytics applications for monitoring user behavior.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 15. What is the OCI Events Service?
OCI Events Service enables event-driven automation by detecting changes in cloud resources and triggering automated actions. Events are generated whenever certain resource changes occur such as instance creation, deletion, or status changes. These events can be routed to services like OCI Functions, Notifications, or Streaming for automated responses. The Events service helps automate operational tasks, enforce governance policies, and integrate OCI services with event-driven architectures.
Example:
When a new compute instance is created in a compartment, an event rule triggers an OCI Function that automatically installs required security patches.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 16. What is the difference between Vertical Scaling and Horizontal Scaling in OCI?
Vertical scaling refers to increasing the capacity of an existing resource by upgrading its configuration such as adding more CPU, memory, or storage to a compute instance. Horizontal scaling refers to increasing system capacity by adding more instances or nodes to distribute the workload. Vertical scaling is simpler but has limits depending on the maximum instance size available. Horizontal scaling provides better fault tolerance and scalability because multiple instances share the workload. OCI supports both approaches through instance resizing, auto-scaling groups, and load balancers.
Example:
A web application experiencing high traffic may scale horizontally by adding additional compute instances behind a load balancer.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 17. What is OCI Vault and how does it help with security?
OCI Vault is a key management service used to securely store and manage encryption keys and secrets. It allows organizations to create, rotate, disable, and delete encryption keys used to protect sensitive data. Vault integrates with many OCI services such as Object Storage, Block Volumes, and databases to provide encryption capabilities. It also supports storing secrets such as API keys, passwords, and certificates securely. By centralizing key management, OCI Vault helps organizations meet security compliance requirements and implement strong encryption practices.
Example:
An application retrieves database credentials securely from OCI Vault instead of storing them in configuration files.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 18. What is OCI Logging Service and how does it assist in troubleshooting?
OCI Logging Service collects, stores, and analyzes log data generated by OCI resources and applications. Logs provide insights into system operations, security events, and performance issues. The logging service allows users to search, filter, and analyze logs through the OCI Console or APIs. Logs can also be exported to Object Storage or integrated with external analytics tools. Logging is essential for monitoring application behavior, troubleshooting issues, performing security audits, and ensuring compliance with operational standards.
Example:
A DevOps engineer checks the load balancer logs in OCI Logging Service to identify why certain requests are failing.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 19. What is the OCI Bastion Service and why is it used?
OCI Bastion Service provides secure and controlled access to private resources such as compute instances that are located in private subnets. Traditionally, organizations deployed bastion host servers in public subnets to allow administrators to SSH into private servers. OCI Bastion eliminates the need to maintain a dedicated bastion host by providing managed secure access sessions. It supports SSH access and port forwarding without exposing private resources to the internet. Access is controlled using IAM policies and session time limits, improving security and reducing operational overhead.
Example:
A system administrator uses OCI Bastion to securely connect via SSH to a compute instance located in a private subnet without assigning it a public IP address.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 20. What is OCI Autoscaling and how does it work?
OCI Autoscaling is a feature that automatically adjusts the number of compute instances in an instance pool based on performance metrics or predefined schedules. It helps maintain application performance during high traffic while reducing costs during low usage periods. Autoscaling works by defining scaling policies that monitor metrics such as CPU utilization, memory usage, or custom metrics from OCI Monitoring. When thresholds are reached, the autoscaling policy adds or removes compute instances from the instance pool. Autoscaling can be reactive (based on metrics) or scheduled (based on time-based rules). This feature improves application availability and ensures efficient resource utilization.
Example:
A web application configured with autoscaling may increase the number of compute instances from 2 to 6 when CPU usage exceeds 70% during peak traffic hours.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 21. What is an Instance Pool in OCI?
An Instance Pool in OCI is a group of identical compute instances that are managed together as a single entity. Instance pools simplify scaling, load balancing, and lifecycle management of compute instances. All instances in a pool are created using the same configuration, such as instance shape, image, and networking settings. Instance pools are commonly used with autoscaling policies and load balancers to support high-availability applications. If an instance fails, the pool can automatically replace it to maintain the desired number of instances.
Example:
An e-commerce application runs in an instance pool of 5 compute instances behind an OCI Load Balancer. If one instance fails, the instance pool automatically launches a new instance.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 22. What is the OCI Dynamic Routing Gateway (DRG)?
Dynamic Routing Gateway (DRG) is a virtual router in OCI that provides a path for private network traffic between a Virtual Cloud Network (VCN) and external networks. DRG is typically used for hybrid cloud connectivity between on-premises networks and OCI through Site-to-Site VPN or FastConnect. It supports dynamic routing using BGP (Border Gateway Protocol), which allows automatic route updates between networks. DRG enables secure and scalable communication between enterprise data centers and cloud environments.
Example:
A company connects its on-premises data center to OCI using FastConnect. The DRG routes traffic between the on-prem network and the VCN.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 23. What is OCI Data Integration?
OCI Data Integration is a cloud-native service used to perform ETL (Extract, Transform, Load) operations to move and transform data between different data sources. It provides a visual interface to design data pipelines without requiring complex coding. Data Integration supports connecting to multiple data sources such as databases, object storage, and external systems. It allows organizations to prepare data for analytics, reporting, and machine learning workflows. Pipelines can be scheduled or triggered automatically for continuous data processing.
Example:
An organization extracts sales data from an operational database, transforms it using OCI Data Integration, and loads it into an Autonomous Data Warehouse for analytics.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 24. What is OCI Data Flow?
OCI Data Flow is a fully managed service for running Apache Spark applications in the cloud without managing infrastructure. It allows developers and data engineers to process large-scale datasets using Spark jobs. Users submit Spark applications, and OCI automatically provisions the required compute resources, executes the job, and shuts down resources after completion. Data Flow integrates with Object Storage and other OCI data services, making it suitable for big data analytics and batch data processing workloads.
Example:
A data engineering team runs a Spark job in OCI Data Flow to process terabytes of log data stored in Object Storage.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 25. What is OCI DevOps Service?
OCI DevOps Service is a platform that enables continuous integration and continuous deployment (CI/CD) for applications running in OCI. It provides tools for source code management integration, build pipelines, artifact repositories, and deployment pipelines. DevOps service supports automated testing, container image builds, and deployments to compute instances, Kubernetes clusters, or serverless functions. It helps development teams automate software delivery processes and maintain faster release cycles while ensuring reliability and security.
Example:
A development team pushes code to GitHub, triggering an OCI DevOps pipeline that builds a container image and deploys it to an OKE cluster.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 26. What is OCI WAF (Web Application Firewall)?
OCI Web Application Firewall (WAF) is a security service designed to protect web applications from common internet threats such as SQL injection, cross-site scripting (XSS), and distributed denial-of-service (DDoS) attacks. WAF operates at the application layer and filters incoming HTTP/HTTPS traffic before it reaches the application servers. It provides features such as traffic inspection, rate limiting, bot protection, IP blocking, and security rules management. WAF integrates with OCI Load Balancer and other edge services to enhance application security.
Example:
An online banking application uses OCI WAF to block malicious requests attempting SQL injection attacks before they reach the backend servers.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 27. What is the difference between OCI ADW and ATP?
Autonomous Data Warehouse (ADW) is optimized for analytical workloads such as data warehousing, reporting, and large-scale queries. It is designed to handle complex queries and large datasets efficiently. Autonomous Transaction Processing (ATP) is optimized for transactional workloads such as online transaction processing (OLTP), applications, and microservices that require fast inserts, updates, and small queries. Both services are part of OCI Autonomous Database but are optimized for different types of workloads.
Example:
A banking system processing daily transactions uses ATP, while a business intelligence system analyzing historical transaction data uses ADW.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 28. What are Security Lists and Network Security Groups in OCI?
Security Lists and Network Security Groups (NSGs) are used to control network traffic in OCI. Security Lists apply at the subnet level and define ingress and egress rules for all resources in that subnet. Network Security Groups apply at the individual resource level and provide more granular traffic control. NSGs allow administrators to define security rules that apply only to specific instances or resources rather than the entire subnet.
Example:
A database server may have an NSG that allows inbound traffic only from application servers while blocking all other traffic.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 29. What is OCI Cloud Guard and how does it enhance security in Oracle Cloud Infrastructure?
OCI Cloud Guard is a native security posture management service that continuously monitors OCI resources to detect misconfigurations, risky activities, and potential security threats. It uses predefined and customizable detector recipes to identify security issues such as publicly exposed storage buckets, overly permissive IAM policies, or unusual API activities. Once a problem is detected, Cloud Guard can trigger responder recipes to automatically remediate the issue or notify administrators. This helps organizations maintain strong security posture and comply with governance policies. Cloud Guard works across the entire tenancy and provides centralized visibility of security issues.
Example:
If an Object Storage bucket is accidentally made public, Cloud Guard detects the issue and automatically changes the policy to restrict public access or alerts the security team.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 30. What is OCI Security Zones and how do they help enforce security policies?
OCI Security Zones are compartments that enforce strict security best practices automatically. When resources are created within a security zone, OCI ensures that they comply with predefined security policies. These policies prevent risky configurations such as public access to Object Storage, disabling encryption, or assigning public IP addresses to sensitive resources. Security Zones help organizations enforce strong security controls automatically without relying solely on manual governance.
Example:
An organization creates a security zone for sensitive financial systems. OCI prevents administrators from creating public subnets or publicly accessible storage within that zone.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 31. What is OCI Logging Analytics and how is it different from basic Logging service?
OCI Logging Analytics is an advanced log analysis service that provides machine learning-based insights and automated anomaly detection on log data. While the basic OCI Logging service collects and stores logs, Logging Analytics provides deeper analysis, visualization, pattern recognition, and troubleshooting capabilities. It can ingest logs from OCI resources, applications, operating systems, and third-party systems. It helps DevOps and security teams quickly detect performance issues, security threats, and operational anomalies.
Example:
A DevOps team uses Logging Analytics dashboards to identify abnormal spikes in failed login attempts across multiple servers.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 32. What is OCI GoldenGate and what problem does it solve?
OCI GoldenGate is a real-time data replication and integration service that enables organizations to replicate data between heterogeneous databases with minimal latency. It supports bidirectional replication and migration between on-premises and cloud databases. GoldenGate allows organizations to synchronize data across multiple systems, enabling real-time analytics, database migrations, and disaster recovery strategies without downtime.
Example:
A company migrating from an on-premises Oracle Database to OCI Autonomous Database uses OCI GoldenGate to replicate data in real time until the final migration cutover.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 33. What is OCI Data Safe and how does it protect sensitive data?
OCI Data Safe is a security service designed to protect sensitive data stored in databases. It provides capabilities such as data discovery, data masking, security assessments, activity auditing, and user risk analysis. Data Safe helps organizations identify sensitive data like personal information, monitor database user activities, and enforce security policies. It improves database security and helps organizations meet regulatory compliance requirements.
Example:
A financial institution uses OCI Data Safe to identify and mask customer credit card numbers in development databases.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 34. What is OCI Traffic Management and how does it improve application availability?
OCI Traffic Management is a DNS-based traffic routing service that helps distribute application traffic across multiple endpoints or regions. It supports different routing policies such as failover routing, load balancing routing, and geographic routing. Traffic Management can automatically redirect traffic to healthy endpoints if a service becomes unavailable, ensuring high availability for global applications.
Example:
A global application runs in two regions. If the primary region fails, OCI Traffic Management automatically routes users to the secondary region.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 35. What is OCI Container Registry (OCIR)?
OCI Container Registry (OCIR) is a managed Docker-compatible container image registry that allows developers to store, manage, and deploy container images. It integrates with OCI services such as Container Engine for Kubernetes (OKE), DevOps pipelines, and compute instances. OCIR provides secure storage with fine-grained access control using IAM policies. It also supports image versioning and vulnerability scanning to improve container security.
Example:
A development team builds a Docker image for a microservice and pushes it to OCI Container Registry before deploying it to an OKE cluster.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 36. What is OCI FastConnect and when should it be used?
OCI FastConnect is a dedicated private network connection between an organization's on-premises data center and Oracle Cloud Infrastructure. Unlike internet-based connections, FastConnect provides higher bandwidth, lower latency, and more reliable connectivity because traffic does not traverse the public internet. It is commonly used in hybrid cloud architectures where enterprises need secure, consistent connectivity between on-prem systems and cloud resources. FastConnect supports multiple bandwidth options ranging from 1 Gbps to 100 Gbps and can be configured using partner providers or direct connections to Oracle edge locations.
Example:
A large financial institution connects its on-premise data center to OCI using FastConnect to ensure secure and low-latency communication with its Autonomous Database.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 37. What is the OCI Service Gateway and how does it differ from an Internet Gateway?
OCI Service Gateway allows resources in a VCN to privately access Oracle services such as Object Storage, Autonomous Database, and other OCI services without routing traffic through the public internet. The traffic remains within the Oracle cloud network, improving security and performance. In contrast, an Internet Gateway enables communication between resources in a VCN and the public internet. Service Gateway is typically used when applications need to access OCI services securely while remaining in private subnets.
Example:
A compute instance in a private subnet uploads backup files to Object Storage using a Service Gateway without exposing traffic to the internet.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 38. What is OCI Resource Manager and how does it support Infrastructure as Code (IaC)?
OCI Resource Manager is a service that enables infrastructure provisioning using Infrastructure as Code (IaC) principles. It uses Terraform to define, deploy, and manage cloud resources through configuration files. Instead of manually creating resources through the console, developers can write Terraform scripts that define compute instances, networks, databases, and other OCI services. Resource Manager executes these scripts and maintains the infrastructure state. This approach improves automation, consistency, and repeatability in cloud deployments.
Example:
A DevOps team writes Terraform scripts to automatically create a VCN, compute instances, and a load balancer for a new application deployment using OCI Resource Manager.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 39. What is OCI Functions and how does it support serverless architecture?
OCI Functions is a fully managed serverless platform that allows developers to run code in response to events without managing servers. It is based on the open-source Fn Project. Developers write functions in languages such as Python, Java, or Node.js and deploy them to OCI. The platform automatically provisions resources, scales based on demand, and charges only for the execution time of functions. OCI Functions is commonly used for event-driven architectures, automation tasks, and lightweight microservices.
Example:
When a file is uploaded to Object Storage, an OCI Function is triggered to automatically process the file and store the results in a database.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 40. What is OCI Object Storage lifecycle management?
OCI Object Storage lifecycle management allows administrators to automatically manage the lifecycle of objects stored in buckets. Policies can be created to move objects between storage tiers or delete them after a specified time period. For example, frequently accessed data can remain in Standard Storage while older data can be moved to Archive Storage to reduce costs. Lifecycle policies help optimize storage costs and automate data retention policies.
Example:
Backup files older than 30 days are automatically moved from Standard Storage to Archive Storage using lifecycle policies.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 41. What is the purpose of Pre-Authenticated Requests in OCI Object Storage?
Pre-Authenticated Requests (PAR) allow users to grant temporary access to specific objects or buckets in Object Storage without requiring authentication credentials. A PAR generates a unique URL that can be shared with external users to upload or download objects. The request can be configured with expiration times and access permissions such as read, write, or both. This feature is useful for securely sharing files without exposing full access to the storage bucket.
Example:
A developer generates a pre-authenticated request URL so an external partner can upload files directly to an Object Storage bucket.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 42. What is OCI Edge Services and why are they important?
OCI Edge Services are a set of services deployed at Oracle's edge locations to improve application performance, security, and user experience. These services include Web Application Firewall (WAF), DNS, Traffic Management, and Content Delivery Network (CDN). By processing requests closer to the end user, edge services reduce latency and improve response times for globally distributed applications. They also help protect applications from security threats such as DDoS attacks and malicious traffic.
Example:
A global streaming platform uses OCI Edge Services with CDN and WAF to deliver video content quickly while protecting the application from cyber attacks.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 43. What is OCI Bastion Service and why is it used?
OCI Bastion Service provides secure and controlled access to resources that are located in private subnets without exposing them to the public internet. Instead of assigning public IP addresses to compute instances, administrators can create a bastion session that allows SSH or RDP access through the OCI Bastion service. The connection is temporary, audited, and restricted by IAM policies. This improves security by minimizing attack surfaces and enforcing least-privilege access to private infrastructure.
Example:
A database server is running in a private subnet without a public IP. An administrator creates a Bastion session to securely SSH into the server for maintenance.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 44. What is OCI File Storage Service (FSS)?
OCI File Storage Service (FSS) is a fully managed network file system that provides shared file storage accessible by multiple compute instances simultaneously. It supports the NFS protocol and is commonly used for applications that require shared file access such as content management systems, development environments, and analytics workloads. File Storage Service automatically handles scaling, durability, and high availability.
Example:
Multiple application servers mount a shared file system using OCI File Storage to access common configuration files and media content.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 45. What is OCI Container Engine for Kubernetes (OKE)?
OCI Container Engine for Kubernetes (OKE) is a managed Kubernetes service that allows organizations to deploy, manage, and scale containerized applications using Kubernetes. OCI manages the control plane, including Kubernetes API servers and etcd, while users manage worker nodes where containers run. OKE integrates with other OCI services such as Container Registry, Load Balancer, and IAM, making it easier to run microservices-based architectures in the cloud.
Example:
A development team deploys microservices containers using Kubernetes on an OKE cluster and uses an OCI Load Balancer to distribute traffic.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 46. What is OCI Streaming service and when should it be used?
OCI Streaming is a real-time messaging service used for ingesting and processing high-volume data streams. It allows producers to continuously send data and consumers to process it in real time. Streaming is commonly used for event-driven architectures, log aggregation, telemetry data collection, and real-time analytics. The service is compatible with Apache Kafka APIs, making it easier for developers to migrate existing streaming workloads to OCI.
Example:
A mobile application sends user activity events to OCI Streaming, and a real-time analytics system processes the events for user behavior insights.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 47. What is OCI Queue service?
OCI Queue service is a fully managed message queuing service that allows applications to exchange messages asynchronously. It decouples different components of distributed applications so they can communicate reliably even if some components are temporarily unavailable. Messages are stored in queues until they are processed by consumers. Queue services improve scalability, reliability, and fault tolerance in microservices architectures.
Example:
An e-commerce system places order processing requests into an OCI Queue, and backend workers retrieve messages from the queue to process orders.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 48. What is OCI Events service?
OCI Events service allows applications to respond automatically to changes in cloud resources. It monitors OCI resources for events such as instance creation, deletion, or scaling actions. When an event occurs, the service can trigger actions such as invoking OCI Functions, sending notifications, or initiating automation workflows. Events enable event-driven automation in cloud environments.
Example:
When a new compute instance is created, an OCI Event triggers a function that automatically installs required monitoring agents.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 49. What is OCI Vault service and how does it secure sensitive data?
OCI Vault is a key management service that helps organizations securely store and manage encryption keys and secrets such as passwords, API keys, and certificates. Vault supports both Oracle-managed keys and customer-managed keys stored in Hardware Security Modules (HSM). It enables encryption for various OCI services and ensures that sensitive information is securely stored and accessed only by authorized users or applications.
Example:
An application retrieves its database password securely from OCI Vault instead of storing the credential in application code.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 50. What is OCI Bastion Service and why is it used?
OCI Bastion is a managed service that allows secure access to private resources inside a Virtual Cloud Network (VCN) without exposing those resources to the public internet. Traditionally, organizations create a Bastion Host (a public VM) to SSH into private instances, but OCI Bastion eliminates the need for maintaining such servers.nnKey Features:n1. Provides temporary and secure SSH sessions to private compute instances.n2. No public IP required for the target instance.n3. Uses IAM policies for access control.n4. Session-based access with expiration time.n5. Supports SSH port forwarding and SSH access.nnBenefits:n- Eliminates maintenance of bastion servers.n- Improves security by reducing attack surface.n- Centralized access management.nnIt is commonly used when compute instances are deployed in private subnets and administrators need secure remote access for troubleshooting or management.
Example:
Suppose a compute instance is running in a private subnet with no public IP. A DevOps engineer needs to log into it for debugging. Instead of exposing the instance publicly, the engineer creates an OCI Bastion session and connects securely using SSH through the Bastion service.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 51. What is OCI File Storage Service (FSS)?
OCI File Storage Service (FSS) is a fully managed, scalable, and highly available network file system in Oracle Cloud. It provides shared file storage that can be mounted on multiple compute instances simultaneously using the NFS protocol.nnKey Features:n1. Shared file system accessible by multiple instances.n2. Supports NFS v3 protocol.n3. Automatically scalable storage.n4. High availability within an Availability Domain.n5. Snapshots and backups supported.nnAdvantages:n- Ideal for workloads requiring shared storage.n- High throughput and low latency.n- Simplified storage management.nnTypical Use Cases:n- Application shared file systemsn- Data analytics pipelinesn- Media processing workloadsn- Enterprise applications requiring shared storage.
Example:
A web application runs on multiple compute instances behind a load balancer. All instances need access to the same uploaded images directory. OCI File Storage can be mounted to all instances so they share the same files.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 52. What is OCI Streaming Service?
OCI Streaming is a fully managed, scalable messaging service used for real-time data ingestion and streaming. It allows applications to produce and consume streams of messages continuously.nnKey Concepts:n1. Streams: Logical message pipelines.n2. Producers: Applications that send messages.n3. Consumers: Applications that read messages.n4. Partitions: Units of parallelism in streams.nnBenefits:n- Real-time data processing.n- Highly scalable architecture.n- Durable message storage.n- Supports Apache Kafka APIs.nnIt is similar to Apache Kafka and is used for event-driven architectures, real-time analytics, and log processing.
Example:
An e-commerce application sends every purchase event to OCI Streaming. A downstream analytics system reads the stream to update dashboards in real-time.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 53. What is the difference between OCI Notifications and OCI Streaming?
OCI Notifications and OCI Streaming are both messaging services but serve different purposes.nnOCI Notifications:n- Used for alerting and event notifications.n- Supports protocols like email, HTTPS, Slack, and PagerDuty.n- Typically triggered by monitoring alarms or events.nnOCI Streaming:n- Used for high-volume data streaming.n- Designed for real-time event pipelines.n- Supports large-scale message ingestion.nnKey Difference:nNotifications are meant for alert delivery while Streaming is meant for continuous data streaming and event processing.
Example:
If CPU usage exceeds 80%, OCI Monitoring triggers a notification email using OCI Notifications. However, if a system logs millions of events per minute for analytics, OCI Streaming is used.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 54. What is OCI Resource Manager?
OCI Resource Manager is a service that allows infrastructure to be managed using Terraform directly within Oracle Cloud. It enables infrastructure-as-code (IaC) to automate provisioning and lifecycle management of cloud resources.nnKey Features:n1. Built-in Terraform support.n2. Version-controlled infrastructure.n3. Automated deployment of OCI resources.n4. Drift detection and state management.nnAdvantages:n- Eliminates manual infrastructure provisioning.n- Ensures repeatable deployments.n- Simplifies DevOps workflows.nnIt is commonly used in CI/CD pipelines for automated infrastructure deployment.
Example:
A DevOps engineer creates a Terraform script that defines a VCN, subnets, compute instances, and load balancer. Using OCI Resource Manager, the script is executed to automatically create the infrastructure.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 55. What is OCI Service Gateway?
OCI Service Gateway allows resources in a private subnet to access Oracle Cloud services without using the public internet. Traffic remains inside the Oracle Cloud network.nnKey Benefits:n1. Secure access to OCI services.n2. No internet gateway required.n3. Reduced exposure to public networks.nnCommonly accessed services:n- Object Storagen- Autonomous Databasen- Oracle services endpointsnnService Gateway improves security and network efficiency for workloads running inside private subnets.
Example:
A compute instance in a private subnet needs to upload files to OCI Object Storage. Instead of using a public internet gateway, the instance connects through a Service Gateway.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 56. What is OCI Dynamic Group?
A Dynamic Group in OCI is a group of compute resources (such as instances) that match specific rules and can be granted IAM permissions automatically.nnInstead of assigning IAM policies to individual instances, dynamic groups allow policies to apply to instances that match defined criteria.nnKey Features:n1. Automatically includes instances based on rules.n2. Used with IAM policies.n3. Enables secure instance-to-service communication.nnDynamic groups are commonly used when compute instances need to access OCI services like Object Storage or Vault.
Example:
A rule defines a dynamic group containing all instances in compartment 'Production'. An IAM policy grants this dynamic group permission to read Object Storage buckets.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 57. What is OCI Functions?
OCI Functions is a serverless compute service that allows developers to run code without managing servers. It is based on the open-source Fn Project and supports multiple programming languages.nnKey Features:n1. Event-driven execution.n2. Automatic scaling.n3. Pay-per-execution pricing.n4. Integration with OCI Events, Streaming, and API Gateway.nnUse Cases:n- Data processingn- Event-driven workflowsn- Microservicesn- Automation tasksnnFunctions run inside containers managed by OCI and scale automatically based on demand.
Example:
Whenever a file is uploaded to Object Storage, an OCI Event triggers an OCI Function that processes the file and stores metadata in a database.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 58. What is OCI Event Service and how does it work?
OCI Events Service is a serverless service that automatically tracks changes in cloud resources and triggers actions based on defined rules. It allows applications and systems to respond to infrastructure events in real time.nnThe service monitors OCI resource lifecycle events such as creation, deletion, updates, or state changes. When an event occurs, it evaluates event rules and triggers configured targets.nnKey Components:n1. Event Source – OCI services generating events (Compute, Object Storage, Networking, etc.).n2. Event Rules – Conditions defining when an action should be triggered.n3. Actions – Targets such as OCI Functions, Streaming, Notifications, or Automation.nnBenefits:n- Enables event-driven automationn- Reduces manual monitoringn- Improves operational efficiencynnIt is commonly used for infrastructure automation and real-time system responses.
Example:
When a new Object Storage file is uploaded, an OCI Event rule triggers an OCI Function that automatically processes the file.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 59. What is OCI Logging Service?
OCI Logging is a centralized service that collects, stores, and analyzes logs from OCI resources and applications. It provides visibility into system behavior and helps in troubleshooting, monitoring, and auditing.nnTypes of Logs:n1. Service Logs – Generated by OCI services (Load Balancer, API Gateway, etc.).n2. Custom Logs – Generated by user applications.n3. Audit Logs – Security and governance logs for user activities.nnKey Features:n- Centralized log storagen- Integration with Monitoring and Eventsn- Query and search capabilityn- Log retention policiesnnLogs can also be exported to OCI Object Storage, Streaming, or external SIEM tools for advanced analysis.
Example:
An administrator enables logging for an OCI Load Balancer to track incoming requests and troubleshoot performance issues.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 60. What is OCI Monitoring Service?
OCI Monitoring is a service that tracks the performance and health of OCI resources by collecting metrics and triggering alarms when thresholds are exceeded.nnKey Features:n1. Collects metrics such as CPU usage, memory utilization, and network traffic.n2. Supports custom metrics from applications.n3. Alarm notifications through OCI Notifications.n4. Metric queries and dashboards.nnBenefits:n- Real-time infrastructure monitoringn- Proactive alertingn- Integration with automation workflowsnnIt helps DevOps teams detect system issues early and maintain high availability.
Example:
An alarm is configured to trigger when compute instance CPU usage exceeds 85%. When triggered, an email alert is sent to administrators using OCI Notifications.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 61. What is OCI Container Registry?
OCI Container Registry (OCIR) is a managed Docker registry service used to store, manage, and distribute container images securely.nnKey Features:n1. Private container image repositoriesn2. Integration with Kubernetes and OKEn3. Secure authentication using OCI IAMn4. High availability and scalabilitynnBenefits:n- Centralized container image storagen- Secure access controln- Easy deployment pipeline integrationnnIt is commonly used in CI/CD pipelines for storing container images before deployment.
Example:
A DevOps team builds a Docker image for a microservice and pushes it to OCI Container Registry. Kubernetes later pulls the image from the registry to deploy the application.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Ques 62. What is OCI Autonomous Database?
OCI Autonomous Database is a fully managed Oracle database service that automates database management tasks such as provisioning, patching, tuning, scaling, and backups using machine learning.nnKey Features:n1. Self-driving – Automatic performance tuning.n2. Self-securing – Automatic patching and security updates.n3. Self-repairing – Automatic failure detection and recovery.nnTypes of Autonomous Databases:n- Autonomous Transaction Processing (ATP)n- Autonomous Data Warehouse (ADW)nnBenefits:n- Reduced administrative overheadn- High availability and performancen- Built-in security and monitoring.
Example:
A data analytics team uses Autonomous Data Warehouse to analyze terabytes of data without needing a database administrator to manage the system.
Save For Revision
Save For Revision
Bookmark this item, mark it difficult, or place it in a revision set.
Log in to save bookmarks, difficult questions, and revision sets.
Most helpful rated by users:
Related interview subjects
| Oracle APEX вопросы и ответы для интервью - Total 23 questions |
| Oracle Cloud Infrastructure (OCI) вопросы и ответы для интервью - Total 100 questions |
| AWS вопросы и ответы для интервью - Total 87 questions |
| Microsoft Azure вопросы и ответы для интервью - Total 35 questions |
| Azure Data Factory вопросы и ответы для интервью - Total 30 questions |
| OpenStack вопросы и ответы для интервью - Total 30 questions |
| ServiceNow вопросы и ответы для интервью - Total 30 questions |
| Snowflake вопросы и ответы для интервью - Total 30 questions |