Review By: Mukesh Sharma
Certified
Expiry Month
Expiry Year
Time taken to Prepare
Resources Used
Detailed Review Of Preparation
How to prepare for OCI 2019 Architect Associate exam
I recently prepared for an passed the Oracle Cloud
Infrastructure 1Z0-1072-OCI-Architect-Associate-2019 exam. The format and the
content for the exam is available on Oracle’s education site –
Become
an OCI architect Associate
I would absolutely recommend a refresh
of the OCI fundamentals before jumping into the OCI architect course.
I went through the course once at 2x speed and captured most of the information in a word document. The exam is supposedly not as difficult as any other AWS or GCP associate level exams. I am listing the main topics of the preparation course and some of the key elements you should understand and remember before you take the #FREE exam offered by Oracle.
All resources shared during the course are available at this training site location - OCI Architect Associate Resources
Getting Started with OCI
To better understand the OCI interface as well as all the services please review the Infrastructure as a service documentation available here at OCI IAAS Documentation site and services availability across regions across the world.
Lets now focus on individual services and some of the focus
areas to remember
1.
Identify
and Access Management
·
IAM – There are mainly 4 verbs used in IAM to
define a policy and they are inspect, read, use and manage.
o
Inspect – provided the ability to list resources
o
Read – Includes inspect and ability to get user
specified metadata/actual resource
o
Use – Includes read + ability to work with
existing resources (the actions vary by resource type). This verb does not
allow the ability to create or delete any type of resource.
o
Manage – Includes all permissions for the
resource
o
The most common format of an IAM policy is
listed below –
Allow
The subject can be an IAM user, group, resource group etcetera
Please pay special attention to managing users,
groups,
Dynamic
groups and network
resources. You must specially understand that if you want to provide a
specific role to a compute instance, you need to attach a dynamic group to it
so that it is identified as “principal” and it can make API calls against other
services on OCI.
·
IAM-Compartment
– Compartments are another way to manage your resources by relating them
together and accessed by groups that are given permission.
o
It must be understood that each resource can
belong to one and only one compartment. However, resources can be shared
across compartments.
o
Resources can also be moved across compartments
once they have been created.
o
Compartments can have sub compartments that can
go six level deep.
§
COMP1 > COMP2 > COMP3 > COMP4 >
COMP5 > COMP6
§
These sub compartments inherit access
permissions from compartments higher up the hierarchy
o
When an IAM policy is being created, it must be
specified which compartment to attach it to.
·
IAM Policy Inheritance and Attachment
o
Understand how IAM policy inheritance work when
resources are moved across compartments.
·
IAM-Tags
o
Tagging is an additional method to
identify/categorize your services inside your compartments.
o
Free form and custom tags are allowed under OCI.
It should be emphasized that you must have understanding of
creating public and private networks and how all private networks use CIDR
ranges identified under RFC 1918.
The major networking components of OCI networking is listed below -
o
VIRTUAL
CLOUD NETWORK (VCN) and Subnets
§
Default route table
§
Default Security list
§
Default DHCP options
o
VNIC
o
PRIVATE IP
o
PUBLIC IP
o
IPV6
o
DYNAMIC
ROUTING GATEWAY (DRG) – Connect on-premises networking and use it to peer
VCNs across regions with remote peering gateway. Please understand that DRG
connections are always private when used either with Fastconnect for in
premises or with RPC across regions to pair VCNs.
o
INTERNET GATEWAY
o
NETWORK ADDRESS TRANSLATION (NAT) GATEWAY
o
SERVICE GATEWAY – These provide a way to connect
resources in your VCN to other manager services like OCI object storage.
o
LOCAL PEERING GATEWAY (LPG)
o
REMOTE PEERING CONNECTION (RPC) – Understand the
user dynamic routing gateway (DRG) with on premises versus using DRG with RPC
in a multi-region configuration.
§
Difference between security lists and network
security groups.
o
VPN
Connect – Please do take a moment to understand how to establish cost
effective and redundant connectivity with OCI using VPN connect and DRG. I
found this
example very interesting to read and understand.
Overview of connectivity options on OCI
o
Concepts of load balancing on OCI
§
Service discovery
§
Health Check
§
Algorithm
o
Benefits of load balancing on OCI
§
Fault tolerance and high availability
§
Scale
§
Naming Abstraction
o
Concepts of a public load balancer
§
Listener
§
Backend server
§
Load balancing policy
§
Round Robin
§
IP Hash (sticky connections)
§
Least Connection
§
Back end sets
§
Health Checks – this is a test to confirm the
availability of backend servers. Health check is activated for backends,
backend sets and overall load balancer.
o
Concept of private load balancer
o
Bare Metal
o
Virtual Machines
o
Dedicated VM Hosts
o
Creating Custom Images of Boot Volumes
§
Emulation Mode
§
Para virtualized Mode
§
Native Mode
o
Cloning
a boot volume – Please ensure that you check out the difference between
boot volume backups and clones and how they are mutually exclusive to each
other.
o
Instance Configuration and pools – configure and
manage a set of instances/images together.
o
Instance Metadata
o
Instance Life Cycle –
start/stop/reboot/terminate
5.
Storage on OCI
§
Using
pre-authenticated requests
o
File
Storage – Please read through the concepts of creating/managing
files systems, managing
mount targets, snapshots
, using export
options (to provide
granular access to a file system mounted on same mount target and accessed by
two different clients/instances) etc. I found this complete section
extremely useful.
o
Bare
Metal and VB DB Systems
§
Autonomous
transaction processing
v Where does tnsames.ora reside -It resides in oracle home\NETWORK]\ADMIN directory
v
How to load
data into Autonomous databases with SQL*loader & Data
Pump
v
Loading
data on ADW using SQL*loader
& data
pump & OCI
object storage
Some additional resources that I think are extremely useful
to review that were not covered in the course are listed below –
§
Using
Data Guard for database services
I want to add a few tips from my experience during the exam
–
§
I noticed most of the answers are in the
question, so if you are not completely confident, select what you think is
right, mark the question to come back for review and then revisit it as soon as
you are reviewing your exam.
§
You will notice as you traverse through rest
of the tests, some of the questions that follow latter may also have answer to
what you could not answer earlier.
If you are interested in other
cloud certifications and how to prepare for them, check out our website.
More from same author
§
Cloud 101 for mainframe developer
§
Practical Comparisons of DynamoDB and VSAM
AUTHOR: Mukesh Sharma is a multi and hybrid cloud enthusiast with a bias for building robust hybrid cloud systems around mainframes for financial organizations. You can reach him on LinkedIn.
Benefits From Certification