04 ‐ list of OCI interview questions - SanjeevOCI/Study GitHub Wiki

Here is the deduplicated list of OCI interview questions with concise answers:

1. How to set up full stack - DR?

Use OCI Disaster Recovery (DR) by replicating resources across regions or availability domains (ADs).
Use Data Guard for database replication and Object Storage replication for file backups.
Automate failover using Terraform or OCI CLI.

2. How to migrate 12c DB to 19c in multitenant architecture?

Steps:
1. Upgrade the 12c database to 19c using DBUA or manual upgrade.
2. Convert the non-CDB to a PDB (if applicable).
3. Test the migration in a staging environment.

3. What is the patching service used in OCI?

OCI OS Management Service is used for patching compute instances.
For databases, use OCI Database Management or Fleet Patching and Provisioning.

4. What is Web Application Firewall (WAF)?

OCI WAF protects web applications from threats like SQL injection, XSS, and DDoS attacks.
It filters traffic based on rules and integrates with Load Balancers.

5. How to access a VM when keys are lost?

Use the OCI Console to reset the SSH keys by editing the instance's metadata.
Alternatively, use the Serial Console to access the VM and update the keys.

6. Two types of attachments for Block Volume?

Paravirtualized: Easier setup, Linux-only, slightly lower performance.
iSCSI: Higher performance, supports Linux and Windows, requires manual configuration.

7. How do you encrypt the boot volume?

Enable encryption by default using OCI-managed keys or customer-managed keys in OCI Vault.

8. How do you configure OCI Vault?

Create a Vault in OCI.
Add Master Encryption Keys.
Use the keys to encrypt resources like block volumes, object storage, or secrets.

9. How to connect 2 Spoke VCNs in the same region?

Use a Hub-and-Spoke model with a Local Peering Gateway (LPG) in the hub VCN.
Configure route tables and security rules to allow traffic between the VCNs.

10. What are your day-to-day tasks as an OCI architect?

Designing and implementing OCI solutions.
Managing VCNs, compute instances, and databases.
Monitoring and optimizing costs.
Ensuring security and compliance.

11. What type of policies are there, and when to use them?

Compartment Policies: Restrict access to specific compartments.
Tag-Based Policies: Control access based on resource tags.
Dynamic Group Policies: Allow OCI resources to interact with others.

Example: Read-only policy:

Allow group Readers to inspect all-resources in compartment <compartment-name>

12. How to set up high availability and fault tolerance?

Use multiple ADs or regions for redundancy.
Deploy Load Balancers and Auto Scaling for compute.
Use Data Guard for database replication.

13. How to sync Azure AD with OCI for SSO?

Use OCI Identity Federation to integrate Azure AD.
Configure Azure AD as an Identity Provider (IdP) in OCI.

14. How to isolate a network environment while allowing certain services to access the internet?

Use Private Subnets with NAT Gateway for outbound internet access.
Use Service Gateway for OCI service access without public internet.

15. How to set up secure inter-region communication?

Use Remote Peering Connections (RPC) between DRGs in different regions.
Configure route tables and security rules for traffic flow.

16. What is asymmetric routing, and how does OCI handle it?

Asymmetric routing occurs when request and response traffic take different paths.
OCI handles it using stateful security rules and route tables.

17. How does transit routing work in a hub-and-spoke model across regions?

Use DRG in the hub VCN to route traffic between spoke VCNs.
Use RPC for multi-region connectivity.

18. How do we secure object storage buckets?

Use Bucket Policies to restrict access.
Enable encryption using OCI Vault.
Use Pre-Authenticated Requests (PARs) for temporary access.

19. How do route tables, security lists, and NSGs interact?

Order of operation:
1. Route Table: Determines traffic routing.
2. Security List: Applies to the entire subnet.
3. NSG: Applies to specific resources (e.g., VNICs).

20. What is the difference between paravirtualized and iSCSI attachment?

Paravirtualized: Easier setup, Linux-only, lower performance.
iSCSI: Higher performance, supports Linux and Windows, requires manual setup.

21. Migration steps end-to-end?

Assess the source environment.
Plan the migration (e.g., downtime, tools).
Use OCI Database Migration Service or Data Transfer Appliance.
Validate the migration.

22. How to troubleshoot compute issues?

Check instance logs and metrics in the OCI Console.
Use the Serial Console for debugging.
Verify network configurations (route tables, security rules).

23. How to harden Oracle Linux?

Disable unused services.
Apply security patches.
Configure firewalls and SELinux.
Use OCI OS Management for automation.

24. How to set up DR in two regions with RTO/RPO < 15 mins?

Use Data Guard for database replication.
Use Object Storage replication for files.
Automate failover using Terraform or OCI CLI.

25. How to analyze and resolve database performance issues in OCI?

Use OCI Database Management for monitoring.
Check AWR reports and SQL tuning.
Scale resources (e.g., CPU, memory).

26. How to optimize costs in OCI?

Use Cost Analysis in the OCI Console.
Identify underutilized resources.
Use Always Free Tier and Reserved Instances.

27. What to do if Terraform apply fails halfway?

Use terraform refresh to sync the state.
Fix the issue and re-run terraform apply.

28. How to migrate a critical DB setup with minimal downtime?

Use Data Guard for near-zero downtime migration.
Use GoldenGate for real-time replication.

29. Real-time example of migration using Terraform?

Use Terraform to define VCNs, subnets, and compute instances.
Automate the deployment of the target environment.
Migrate data using OCI Database Migration Service.

This concise list removes duplicates and provides clear answers for each question.