Certification Industry: Cloud
Certificate Name: (OCI) Oracle Cloud Infrastructure Architect Professional
Certificate Issuing Authority: Oracle
Certification Price: 245 USD
Exam Title: Oracle Cloud Infrastructure 2019 Certified Architect Professional Certification [1Z0-997]
Exam Duration: 120 minutes
Number of Questions: 50 (MCQ)
Passing marks: 70%
Exam Cost: $245 – If you are an Oracle Partner Network, you will get a 25 % discount after filling the OPN number.
The (OCI) Oracle Cloud Infrastructure Architect Professional exam is conducted at a test centre or online at your home/office which is monitored by an offsite proctor. The system requirements required for the online exam are available here.
Don't forget to take the OCI Architect Professional (1Z0-997-20) Practice Exams available on Marketplace.
Preparation Tips for OCI Architect Professional Exam (1Z0-997)
Check out this informative blog in order to jumpstart your exam prep!
ORACLE CLOUD INFRASTRUCTURE 2019 CERTIFICATIONS
Over the past 3 months, I passed 4 of the Oracle Cloud Infrastructure exams and Certifications namely Foundation Associate, Architect Associate, Cloud Operations Associate, and Architect Professional. These exams were provided by Oracle Learning University FREE TO EVERYONE wanting to get fantastic learnings and gain invaluable knowledge.
Anyone who would like to get into the domain of Cloud Computing, can start with the entry-level exam of Foundation Associate and gradually progress right up to the Professional level exam. I would strongly suggest going through all the Oracle Learning Video Lectures by the many teachers, mentors, and tutors from Oracle, who very diligently and dedicatedly help you understand the various conceptual fine line points across the board.
They ensure to start from basic level to expert level, with in-depth understandings on topics like Regions, AD, FD, IAM, COMPUTE, STORAGE, HA, DR, SLA, COSTS, BUDGETS, EVENTS, FUNCTIONS, etc. You can, sure enough, pass the exams with dedicated studies, relevant help pages reference, and video lectures at learn.oracle.com. You can also download the freely made available Oracle video lectures slide decks from oracle.com. You can also take the freely available practice Tests at reviewnprep.com and paid practice tests available at udemy.com
You can easily learn, prepare at your own set pace and appear for the exam right from the convenience of your home via Remote Proctored Exam courtesy Pearson VUE https://home.pearsonvue.com/oracle. YOu can schedule your exam by booking a slot of your convenient time and give it from the comfort of your home.
Thank you for reading my review and hope it helps you achieve success at the exam. God Bless :)...
Preparation Guide for OCI Architect Professional Certification
Earlier this month, I cleared all 5 OCI certifications along with Oracle Autonomous Db. In this post, I’ll talk about my preparation journey starting from Foundations all the way to OCI Professional. This post was originally meant for OCI Professional only, but I believe it is important to talk about the background on how to get there. So, we will go one certification at a time as it is important to start from the basics.
I’ve never worked on OCI before and one reason I got into OCI is because of the Free certifications and training materials offered by Oracle. So, for those of you who are giving these free exams, all the way up to OCI Professional Architect, I would highly recommend go in order from OCI Foundations, OCI Architect Associate, OCI Developer, OCI Operations, OCI Architect Professional. The reason being with each OCI certification you learn something new and there is obviously an overlap in all these certifications. Having prior experience on AWS and Azure definitely helped me in the OCI certifications.
I’ve tried to include the official feedback from Oracle Exams as an FYI for all you, so that you can learn from my mistakes.
OCI Foundations (1Z0-1085)
This is perhaps the easiest of all the OCI certifications. The objective of this certification is to make you familiar with the different OCI services available. Overall, I prepared for a couple of days for this cert. You can check out my earlier blog here for this OCI Foundation cert. Important things to remember for this cert:
OCI Architect Associate (1Z0-1072)
To begin with check out Mukesh Sharma’s blog that talks about in depth of all the topics covered in the exam. It is important that you provision the resources at least once in OCI so that you have hands on experience. This exam is a little more practical (mostly multiple-choice answers) when compared to foundations. Here are the tips:
OCI Developer (1Z0-1084)
If you have been a developer in your career on a distributed architecture, this exam would not be that difficult for you. Here are some important tips:
OCI Operations (1Z0-1067)
Why is the Operations exam always tough? One reason I thought this was slightly difficult exam in comparison to others because the Oracle learning videos lack depth and does not cover all the relevant points that you are being judged on in the exam. Here are my preparation tips:
OCI Architect Professional (1Z0-997)
So, all of the above certifications lead to the grand finale – OCI Architect Professional Exam. There is no set recipe on how to go about preparing for this certification but to take one step at a time and do the associate level certifications first. Here are my tips for this cert:
Common Tips Applicable for all Certs:
- Free Exams:
- Architect Associate Practice Exams – 2 Exams
- Architect Professional Practice Exam – 1 Exam
- OCI Architect Professional (Part 1- Part 5)
- OCI Operations
- OCI Developer
- OCI Preparation Blogs
- OCI ARCHITECT PROFESSIONAL STUDY GUIDE 1Z0-997
- Exam Tips for OCI Architect Associate 1Z0-1072
- Preparation Guide for OCI Architect Associate 1Z0-1072
- Preparation Tips for OCI Developer Associate 1Z0-1084
- Preparation Tips for OCI Operations Associate 1Z0-1067
- Preparation Tips for OCI Foundation 1Z0-1085
- Preparation Tips for OCI Autonomous Db 1Z0-931
- Learning Path available from Oracle University:
- Oracle Cloud Infrastructure Foundations Associate
- Oracle Cloud Infrastructure Cloud Operations Associate
- Oracle Cloud Infrastructure Developer Associate
- Oracle Cloud Infrastructure Architect Associate
- Oracle Cloud Infrastructure Architect Professional
- Slides used in the Learning Path training videos:
- Foundations Associate Certification
- Architect Associate Certification
- Operations Associate Certification
- Developer Associate Certification
- Architect Professional Certification
- OCI Official Documentation
Preparing for the Oracle Cloud Infrastructure (OCI) 2019 Architect Professional Exam (1Z0-997)
The Oracle Cloud Infrastructure (OCI) 2019 Architect Professional exam (1Z0-997) is designed for individuals who possess strong enterprise knowledge in architecting using Oracle Cloud Infrastructure services. This certification validates advanced concepts of OCI services to control infrastructure, such as but not limited to: High Availability and Disaster Recovery, Data Migration, Network Connectivity, Monitoring, Data Retention, Storage and Databases. This certification is available to all professionals that were previously passed the OCI Architect Associate Exam.
Job of a professional Oracle Cloud Infrastructure Cloud Architect
• Design a cloud solution using architectural principles based on customer requirements.
• Has a strong understanding of cloud computing concepts
• Design and deploy, highly available, fault-tolerant, and reliable applications on OCI
• Translates on-premises operations to a typical cloud-based infrastructure.
• Works with enterprise level architecture day to day
· Certification Name: 1Z0-997 - Oracle Cloud Infrastructure 2019 Architect Professional
· Target Audience: Professionals responsible for architecting Oracle Cloud Infrastructure services
· Platform: Available on Oracle University and delivered via Pearson VUE
· Exam Duration: 120 minutes
· Exam Cost: $245 (25% discount on this list price if you are OPN (Oracle Partner Network) and have the OPN number with you while registering for the exam)
· Passing Score: 70%
· Oracle Cloud Infrastructure Documentations
· Oracle Cloud Infrastructure Product Documentation
· Oracle Cloud Infrastructure 2019 Architect Professional Certification learning path
· Oracle Cloud Infrastructure White Papers
· Oracle Cloud Infrastructure Blog
Course Learning Resources
· Oracle Cloud Infrastructure 2019 Architect Professional Certification learning path
Instructor Led Course
· Oracle Cloud Infrastructure Administration Essentials Ed 2
· Architecting Oracle Cloud Infrastructure Solutions Ed 2
OCI Learning Subscription
· Oracle Cloud Infrastructure Learning Subscription
· Unlimited Cloud Learning Subscription
Exam Topics – This has been compiled using exam-prep guide and exam study guide for Oracle cloud infrastructure professional exam.
High Level Objective
Concepts That are tested
Plan and design solutions in Oracle
Cloud Infrastructure (OCI)
• Plan and design solutions to meet business and technical requirements.
• Create architecture patterns including N-tier applications, microservices, and serverless architectures.
• Design scalable and elastic solutions for high availability and disaster recovery.
This section tests your ability to create basic and complex architectures using multiple services like IAM, Compute, Storage, Load Balancer, Kubernetes and Functions. Also concepts of DR and HA will be applied on this section
Implement and operate solutions
• Implement solutions to meet business and technical requirements.
• Operate and troubleshoot solutions on OCI.
This section will evaluate your skills on how to choose the best set of services to deploy new applications on OCI using the core infrastructure services. Also, you need to understand how to troubleshoot the services on event of a problem.
Design, implement, and operate databases in OCI
• Evaluate and implement databases.
• Operate and troubleshoot databases.
This section will evaluate how to design architectures that include databases options like ADW, ATP and DB system on OCI
Design for hybrid cloud
• Design and implement hybrid network architectures to meet high availability, bandwidth, and latency requirements.
• Evaluate multi-cloud solution architectures.
You need to understand how to deploy applications using multi cloud environments using services like VCN and FastConnect and other networking services.
Migrate on-premises workloads to
Design strategy for migrating on-premises
workloads to OCI.
• Implement and troubleshoot database
This section will cover migration strategies from on-premises to OCI. You need to be familiar with services like Storage Gateway, Data Transfer Appliance, Object Storage, file storage and Database migration using RMAN and data pump.
Design for Security and
• Design, implement, and operate solutions for security and governance.
• Design, implement, and operate solutions to meet compliance requirements.
This topic will apply concepts used under the Governance and Administration section covering IAM, KMS, Policies and Quotas etc.
As we delve deeper into technical aspect of the exam, I want to be clear that if you have already gone through the free courses offered by Oracle then most of the information may appear to be repeated. However, I have tried to put document most of the information from the professional exam perspective. Also, as you understand the different OCI services please make an effort to determine –
1. The scope of the service as it is provisioned/launched – region/zone/global.
2. The operating ability of the service as if it is moved to a different compartment and the effect of the IAM policy attached to the service or IAM policies attached to users operating the service.
3. Review information contained in links attached to the documentation below.
Please review following blogs that you may find helpful if you have not completed the associate architect exam –
· How to prepare for OCI 2019 Architect Associate exam
· Tips on how to pass OCI Architect Associate Exam
Plan, design, implement, operate & Migrate On-premises workloads solutions in Oracle Cloud Infrastructure (OCI)
Networking and Compute
· Configuring Compute Quotas
Compute Quota allow administrators -
a) To allocate resources to compartments using the OCI console. The allocation is controlled by set, unset, zero commands. The IAM policy references help manage the quotas.
b) To control how resources are managed using policies in OCI.
c) Effective cost management by controlling allocation of resources
Check resource quota & policies for more information.
· Instance Pools - Instance pools allow users to provision and create multiple Compute instances based off the same configuration, within the same region.
· Instance Configurations – are used when we want to create one or more instances in an instance pool.
· Compute Instance Metrics - monitor the health, capacity, and performance of your Compute instances by using metrics, alarms, and notifications.
· Compute Instance autoscaling configurations - With autoscaling you can adjust the number of Compute VM instances in an instance pool based on performance metrics such as CPU utilization. This helps you provide consistent performance for your end users during periods of high demand, and helps you reduce your costs during periods of low demand.
· Instance console connections – enables you to remotely troubleshoot malfunctioning instances.
· Custom VM Images in OCI
o Managing Custom Images
o Bring your own Image
o Image Import/Export
o Image Import Modes
Most newer OS versions support para-virtualization launch mode as they provide maximum performance. All older OS versions can be launched using emulation mode that provides fully emulated NIC, block boot and legacy BIOS boot.
· VCN Route Tables & Route Rules - OCI VCN uses virtual route tables to send traffic out of the VCN (for example, to the internet, to your on-premises network, or to a peered VCN). A route rule specifies a destination CIDR block and the target (the next hop) for any traffic that matches that CIDR. Here are the allowed types of targets for a route rule:
Dynamic routing gateway (DRG)
For subnets that need private access to networks connected to your VCN
· Connect your on-premises network connected with an IPSec VPN or FastConnect,
· Connect to another VCN via a peered VCN in another region.
For public subnets that need direct access to the internet.
For subnets with instances that do not have public IP addresses but need outbound access to the internet.
For subnets that need private access to Oracle services such as Object Storage.
Local peering gateway (LPG)
For subnets that need private access to a peered VCN in the same region.
For subnets that need to route traffic to an instance in the VCN. For more information, see Using a Private IP as a Route Target. Also see Advanced Scenarios: Transit Routing.
· OCI Load Balancing – It is imperative to understand load balancing concepts, public & private load balancers and policy types (Round Robin , Least Connections, IP Hash) supported by the load balancing service.
· OCI DNS & Traffic Management
· Advance Networking Scenarios.
· FastConnect with multiple DRG’s and VCNs.
· FastConnect Connectivity Options
· High Availability & Disaster Recovery in OCI
Please see IAM policies for networking.
· Local NVMe SSD devices – These devices act like instance store volumes attached to compute instances in your VCN.
· Block Volume Storage - The OCI Block Volume service allows to dynamically provision and manage block storage volumes. We can create, attach, connect, and move volumes, as well as change volume performance, as needed, to meet our storage, performance, and application requirements.
o Volume Groups
o Attaching a volume
o Attaching Volume to multiple VM instances
o Volume Resizing
o Block Volume Backups
o Block Volume Performance
o Moving Block Volume across compartments
· File Storage - OCI File Storage service provides a durable, scalable, secure, enterprise-grade network file system.
o Create a file system
o Managing a File System
o Mounting File System
o Managing Mount Targets
o Troubleshooting File Systems
· Object Storage - OCI offers two distinct storage class tiers to address the need for both performant, frequently accessed "hot" - Object - storage, and less frequently accessed "cold" -Archive - storage. Storage tiers help you maximize performance where appropriate and minimize costs where possible.
o Object Storage Namespaces
o Managing Objects
o Managing Buckets
o Object Storage Life Cycle Management
o Using Pre-Authenticated Requests
o Using Multi-Part Uploads
OCI Account Management
· Billing & Cost Management
· Cost Analysis Overview
· Billing & Payments
Design, implement, and operate databases in OCI
· Autonomous database concepts – Autonomous databases are fully managed, preconfigured database environment with two workload types available, Autonomous Transaction Processing and Autonomous Data Warehouse.
o Autonomous database deployment options
o Using Autonomous data warehouse
o Using Autonomous transaction processing database
o Security & Authentication in Autonomous transaction processing database
o Autonomous database complete overview & best practices
o Using Oracle DB CLI
o Incorporating high availability with Oracle Data Guard for bare metal & VM DB Systems
o Incorporating high availability with Oracle Exadata DB Systems
o Recovering Oracle Exadata DB Systems from object storage
o Database Migration Options to Oracle Cloud
Migrate on-premises workloads to OCI
· Data Transfer and Storage Gateway
Design for Security and Compliance
· Using Oracle Data Safe - Oracle Data Safe is a fully-integrated Cloud service focused on the security of your data. It provides a complete and integrated set of features for protecting sensitive and regulated data in Oracle Cloud databases.
· Using OCI Identify & Access Management
· Using OCI Key Management
· OCI Security Overview
· OCI Traffic Management Policies
· OCI Web Application Firewall
Additional Useful Services
· OCI Events
· OCI Kubernetes Service
· OCI Functions
· OCI Monitoring Service
· OCI Resource Manager
· OCI Vault
· OCI Notifications Service
· OCI Streaming Service
· OCI Tagging – Ensure that you understand the differences between using cost tracking tags, tag variables, tag defaults and predefined tags.
· Using Oracle Golden Gate - to replicate, filter, and transform data from one database to another database.
I added the last section above because the Oracle training for professional architect did not review the usage and applicability of these services, however, there were questions around them in the exam. I have added my notes below from the exam perspective –
· Most of the questions in the professional exam are around the basis concepts so it is imperative you have reviewed these links and understood them.
· As usual while answering any questions, you always need to look for special catch phrases or words that contain latency, performance, cost, high availability, redundancy, maximum availability modes for no data-loss etc.
· While connecting from Oracle VCN to managed service like object storage and ensuring that the traffic does not traverse the public internet – the only service that can be used is service gateway. Please review the service gateway service gateway supported Oracle cloud services in OCI network.
· While establishing console connection, please remember that three tasks are required before you can connect –
o Reboot the instance from the OCI console.
o Add or reset the SSH key for the opc user
o Edit the system configuration file at the linux boot menu to enable access to the console.
· Deep dive into NVMe performance differences while using a particular RAID configuration. A protected RAID array is the most recommended way to protect against an NVMe device failure. RAID 10 Stripes data across multiple mirrored pairs. As long as one disk in each mirrored pair is functional, data can be retrieved.
· WAF Access control rules can be used to block specific IP addresses from making unauthorized application requests.
· Review available connection options from OCI to other cloud providers like Microsoft Azure.
· Managing Compartments and moving resources between compartments is one of the most important features that had few questions related to them. During movement of compartments, some of IAM policies attached to the resources are not automatically updated. This is the reason to validate the IAM policies after compartments movement from one parent to another.
· OCI File storage service (FSS/NFS) provides export option feature to control access to your file system.
· VCN peering is a widely used feature considering that the VCNs are regional and you use local VCN peering for within region pairing or remote VCN peering for across region VCN connections.
· You may encounter compartment quotas limitations defined by quota policies during auto scaling actions. This may lead to system failures.
· Review that there are three ways to connect to ADW -
o Connecting to (ADW) from Public Internet
o Connecting to ADW (via NAT or Service Gateway) from a server running on a private subnet in OCI (in the same tenancy)
o Connecting to ADW (via internet Gateway) from a server running on a public subnet in OCI (in the same tenancy)
· You may encounter some questions to be not as detailed about compartment moves. So, you may see a question about moving compute instance across compartment. However, it may not be clear if the instance is moved to a compartment defined in the same region in the same VCN or across a compartment in another region. So, please do not overthink the scenario (Which I did). An instance with public and private IP that is moved to a different compartment will continue to have its original public and private IP addresses. The instance VNIC also continues to be associated with the original VCN.
· Autonomous Database is an Oracle Managed and Secure environment. A physical database can’t simply be migrated to autonomous because:
o Database must be converted to PDB, upgraded to 19c, and encrypted
o Any changes to Oracle shipped privileges, stored procedures or views must be removed
o All legacy structures and unsupported features must be removed (e.g. legacy LOBs)
· GoldenGate replication can be used to keep database online during migration.
· Oracle also recently introduced instance principals that now eliminates the need to configure user credentials on the services running on their compute instances, or rotate those credentials. Instances themselves are a new principal type in IAM.
· A Dynamic group is a special type of group that contains resources (such as compute instances) that match rules that you define (thus the membership can change dynamically as matching resources are created or deleted). These instances act as "principal" actors and can make API calls to services according to policies that you write for the dynamic group.
· STEERING POLICIES is A framework to define the traffic management behavior for your zones. Steering policies contain rules that help to intelligently serve DNS answers.
o FAILOVER - Failover policies allow you to prioritize the order in which you want answers served in a policy (for example, Primary and Secondary). Oracle Cloud Infrastructure Health Checks are used to determine the health of answers in the policy. If the Primary Answer is determined to be unhealthy, DNS traffic will automatically be steered to the Secondary Answer.
o LOAD_BALANCE - Load Balancer policies allow distribution of traffic across multiple endpoints. Endpoints can be assigned equal weights to distribute traffic evenly across the endpoints or custom weights may be assigned for ratio load balancing. Oracle Cloud Infrastructure Health Checks are leveraged to determine the health of the endpoint. DNS traffic will be automatically distributed to the other endpoints, if an endpoint is determined to be unhealthy.
o ROUTE_BY_GEO - Geolocation-based steering policies distribute DNS traffic to different endpoints based on the location of the end user. Customers can define geographic regions composed of originating continent, countries or states/provinces (North America) and define a separate endpoint or set of endpoints for each region.
o ROUTE_BY_ASN - ASN-based steering policies enable you to steer DNS traffic based on Autonomous System Numbers (ASN). DNS queries originating from a specific ASN or set of ASNs can be steered to a specified endpoint.
o ROUTE_BY_IP - IP Prefix-based steering policies enable customers to steer DNS traffic based on the IP Prefix of the originating query.
· OCI also provides an option to resize an instance using change shape feature in the OCI console.
· Autonomous transaction processing – serverless database option is not available for Oracle enterprise business suite.
I want to add a few tips from my experience during the exam –
§ I noticed most of the answers are in the question, so if you are not completely confident, select what you think is right, mark the question to come back for review and then revisit it as soon as you are reviewing your exam.
§ You will notice as you traverse through rest of the tests, some of the questions that follow latter may also have answer to what you could not answer earlier...