07 ‐ OCI Interview questions - SanjeevOCI/Study GitHub Wiki

Here is the deduplicated list of OCI interview questions with concise answers:

1. How to set up full stack - DR?

Use OCI Disaster Recovery (DR) by replicating resources across regions or availability domains (ADs).
Use Data Guard for database replication and Object Storage replication for file backups.
Automate failover using Terraform or OCI CLI.

2. How to migrate 12c DB to 19c in multitenant architecture?

Steps:
1. Upgrade the 12c database to 19c using DBUA or manual upgrade.
2. Convert the non-CDB to a PDB (if applicable).
3. Test the migration in a staging environment.

3. What is the patching service used in OCI?

OCI OS Management Service is used for patching compute instances.
For databases, use OCI Database Management or Fleet Patching and Provisioning.

4. What is Web Application Firewall (WAF)?

OCI WAF protects web applications from threats like SQL injection, XSS, and DDoS attacks.
It filters traffic based on rules and integrates with Load Balancers.

5. How to access a VM when keys are lost?

Use the OCI Console to reset the SSH keys by editing the instance's metadata.
Alternatively, use the Serial Console to access the VM and update the keys.

6. Two types of attachments for Block Volume?

Paravirtualized: Easier setup, Linux-only, slightly lower performance.
iSCSI: Higher performance, supports Linux and Windows, requires manual configuration.

7. How do you encrypt the boot volume?

Enable encryption by default using OCI-managed keys or customer-managed keys in OCI Vault.

8. How do you configure OCI Vault?

Create a Vault in OCI.
Add Master Encryption Keys.
Use the keys to encrypt resources like block volumes, object storage, or secrets.

9. How to connect 2 Spoke VCNs in the same region?

Use a Hub-and-Spoke model with a Local Peering Gateway (LPG) in the hub VCN.
Configure route tables and security rules to allow traffic between the VCNs.

10. What are your day-to-day tasks as an OCI architect?

Designing and implementing OCI solutions.
Managing VCNs, compute instances, and databases.
Monitoring and optimizing costs.
Ensuring security and compliance.

11. What type of policies are there, and when to use them?

Compartment Policies: Restrict access to specific compartments.
Tag-Based Policies: Control access based on resource tags.
Dynamic Group Policies: Allow OCI resources to interact with others.

Example: Read-only policy:

Allow group Readers to inspect all-resources in compartment <compartment-name>

12. How to set up high availability and fault tolerance?

Use multiple ADs or regions for redundancy.
Deploy Load Balancers and Auto Scaling for compute.
Use Data Guard for database replication.

13. How to sync Azure AD with OCI for SSO?

Use OCI Identity Federation to integrate Azure AD.
Configure Azure AD as an Identity Provider (IdP) in OCI.

14. How to isolate a network environment while allowing certain services to access the internet?

Use Private Subnets with NAT Gateway for outbound internet access.
Use Service Gateway for OCI service access without public internet.

15. How to set up secure inter-region communication?

Use Remote Peering Connections (RPC) between DRGs in different regions.
Configure route tables and security rules for traffic flow.

16. What is asymmetric routing, and how does OCI handle it?

Asymmetric routing occurs when request and response traffic take different paths.
OCI handles it using stateful security rules and route tables.

17. How does transit routing work in a hub-and-spoke model across regions?

Use DRG in the hub VCN to route traffic between spoke VCNs.
Use RPC for multi-region connectivity.

18. How do we secure object storage buckets?

Use Bucket Policies to restrict access.
Enable encryption using OCI Vault.
Use Pre-Authenticated Requests (PARs) for temporary access.

19. How do route tables, security lists, and NSGs interact?

Order of operation:
1. Route Table: Determines traffic routing.
2. Security List: Applies to the entire subnet.
3. NSG: Applies to specific resources (e.g., VNICs).

20. What is the difference between paravirtualized and iSCSI attachment?

Paravirtualized: Easier setup, Linux-only, lower performance.
iSCSI: Higher performance, supports Linux and Windows, requires manual setup.

21. Migration steps end-to-end?

Assess the source environment.
Plan the migration (e.g., downtime, tools).
Use OCI Database Migration Service or Data Transfer Appliance.
Validate the migration.

22. How to troubleshoot compute issues?

Check instance logs and metrics in the OCI Console.
Use the Serial Console for debugging.
Verify network configurations (route tables, security rules).

23. How to harden Oracle Linux?

Disable unused services.
Apply security patches.
Configure firewalls and SELinux.
Use OCI OS Management for automation.

24. How to set up DR in two regions with RTO/RPO < 15 mins?

Use Data Guard for database replication.
Use Object Storage replication for files.
Automate failover using Terraform or OCI CLI.

25. How to analyze and resolve database performance issues in OCI?

Use OCI Database Management for monitoring.
Check AWR reports and SQL tuning.
Scale resources (e.g., CPU, memory).

26. How to optimize costs in OCI?

Use Cost Analysis in the OCI Console.
Identify underutilized resources.
Use Always Free Tier and Reserved Instances.

27. What to do if Terraform apply fails halfway?

Use terraform refresh to sync the state.
Fix the issue and re-run terraform apply.

28. How to migrate a critical DB setup with minimal downtime?

Use Data Guard for near-zero downtime migration.
Use GoldenGate for real-time replication.

29. Real-time example of migration using Terraform?

Use Terraform to define VCNs, subnets, and compute instances.
Automate the deployment of the target environment.
Migrate data using OCI Database Migration Service.

Here is the organized version of the answers based on the provided categories:

Infrastructure & Disaster Recovery (DR)

Question	Answer
How to set up full stack - DR?	Use OCI DR strategies with Data Guard for DB, Object Storage replication, Terraform for IaaC, and traffic routing via Global DNS/Load Balancer.
How to setup DR?	Deploy standby infrastructure in a secondary region, configure Data Guard, replicate storage, and automate failover via health checks.
DR in Jeddah and Riyadh with RTO/RPO <15 mins. What’s the approach?	Use Active Data Guard, Object Storage replication, DNS steering, and automation scripts for failover/failback.
If prod DB crashes, how will OCI analyze and how to use Terraform?	Use Monitoring/Logging and Alarms to detect crashes; use Terraform for auto recovery or redeployment.

Migration & Upgrade

Question	Answer
How to migrate 12c DB to 19c in multitenant architecture?	Use RMAN/Data Pump to export 12c PDB, upgrade via DBUA or manual SQL steps, and import to 19c CDB.
Migration steps end-to-end?	Assess → Plan → Provision OCI infra → Data Transfer → Validation → Cutover → Monitor.
Migration steps from On-Prem to OCI?	Use tools like Data Pump, GoldenGate, or Zero Downtime Migration (ZDM); validate and cutover.
Data migration steps from On-Prem to OCI with 0/minimal downtime?	Use GoldenGate for real-time sync, switch at low-traffic time, and ensure DNS/app pointing post cutover.
Real-time migration using Terraform (VCN, compute)?	Use Terraform to create OCI resources: VCN, subnets, compute, and storage. Integrate with Ansible for configuration management.
Steps for upgrading 12c to 19c and how to recover?	Pre-checks → Backup → Run DBUA/manual scripts → Validate → Reapply patches/data.

Security & IAM

Question	Answer
How do we secure Object Storage bucket?	Use bucket policies, pre-authenticated requests, encryption keys, and compartment isolation.
How to configure OCI Vault?	Create Vault → Add master key → Assign permissions → Use with block volumes, DB, and Object Storage.
How to encrypt boot volume?	Enable encryption with OCI Vault keys during instance creation.
What type of policies are there and when to use?	Resource, Identity, Tag-based policies. Use least privilege principle. Example: Read-only access:
Policy to allow only running instances?	`Allow group Developers to manage instances in compartment Development where target.instance.lifecycleState = 'RUNNING'`
How to allow IAM identity like Azure AD to manage OCI resources?	Use federated identity via Identity Providers. Integrate OCI with Azure AD for SSO and role-based access.
How AD Integration is done?	Use OCI Identity Federation → Register AD as IdP → Map AD groups to OCI policies.

Network & Security Architecture

Question	Answer
What is a Web Application Firewall (WAF)?	Protects apps from common web exploits (OWASP), supports rate limiting, bot protection, and access rules.
How to isolate a network but allow specific services internet access?	Use private subnets + Service Gateway or NAT Gateway, and configure security list + route table.
How to set up secure inter-region communication?	Use FastConnect with encryption, setup DRG peering, and configure route tables and security lists.
How to connect 2 spoke VCNs in the same region?	Use Hub-and-Spoke model with DRG, route tables, and local peering.
What is asymmetric routing and how does OCI handle it?	Happens when response traffic takes a different path. OCI enforces symmetric routing by default for security.
How does transit routing work in hub & spoke across regions?	DRG peering enables traffic routing via hub VCN across regions. Use route rules for direction control.
OCI to Azure connectivity?	Use VPN/IPSec or FastConnect + ExpressRoute for hybrid cloud. Setup via DRG and Azure VPN Gateway.
If route table, NSG, and security list are combined, what’s the order?	Traffic hits NSG → Security List → Route Table → Gateway. All must allow traffic for access.

Storage & Compute

Question	Answer
Two types of block volume attachments?	ISCSI (manual attach, needs iSCSI commands) and Paravirtualized (auto attach, OCI managed).
Difference between ISCSI & Paravirtualized?	ISCSI: More control but manual setup. Paravirtualized: Simple, fast setup with reduced overhead.
How to access VM when keys are lost?	Use serial console or reattach volume to another instance to reset SSH config.
When credentials fail & keys are lost – how to recover?	Use OCI Console → Stop instance → Boot volume attach to another VM → Reset password/keys → Reboot.
How to troubleshoot compute issues?	Check Monitoring/Logs → Console connection → Event logs → Check storage/network health.
Hardening in Oracle Linux?	Disable root SSH, update packages, configure firewall, set auditd, and secure SELinux settings.

OCI Services

Question	Answer
What is patching service in OCI?	OCI OS Management Service automates patching for compute and DB systems.
Notification service & subject line?	OCI Notifications service sends alerts via email, Slack, or custom endpoints. Subject line is customizable.
Load Balancer	Distributes traffic across backend sets, supports health checks, SSL, and custom routing.
Docker, Terraform, Ansible, Exadata, Autonomous DB	Docker: Container runtime. Terraform: IaC tool for OCI resources. Ansible: Config mgmt. Exadata: High-perf DB infra. Autonomous DB: Self-driving DB on OCI.
What are activities in Oracle DB management?	Backup, patching, monitoring, replication, tuning, user/role mgmt, and DR setup.
Current backup policy – full vs incremental?	Full: Complete DB backup. Incremental: Only changes since last backup. Policy varies by RPO needs.
How to recover missing logs from backup?	Use RMAN to restore archivelogs from backup and apply on standby.
If there is archive gap between prod & standby, how to fix?	Identify gap via v$archive_gap, fetch logs from RMAN or prod, and apply manually.

Performance & Cost

Question	Answer
How to analyze and resolve DB performance in OCI?	Use AWR/ASH reports, monitor metrics, optimize queries/indexes, and scale resources.
How to do cost optimization in OCI?	Use OCI Cost Analysis tool, identify underutilized resources, shut down idle instances, use auto-scaling and budgets.
If cost alert received, how to analyze resource usage?	Check Billing → Cost Analysis → Filter by service/date → Tag high-usage resources.

Operations & Troubleshooting

Question	Answer
What are day-to-day tasks as OCI architect?	Infra provisioning, cost control, automation, DR, IAM policies, migrations, security audits, and support.
What type of tickets are received for OCI access?	Login issues, key resets, policy changes, VM/network access, performance queries.
POC and client issues in POC?	Performance, security compliance, app integration, latency concerns.
If Terraform apply fails midway, what to do?	Check state file, fix code/config, run `terraform refresh`, then re-apply.
What is the size & backup extension of DB moved?	Depends on DB. Common extension: .dmp (Data Pump), RMAN uses .bak, .arc, .ctl.
How to troubleshoot when users can’t login?	Verify user status, IAM policies, reset keys, use serial console for recovery.

This organized structure groups related questions and answers for better clarity and focus.group Developers to manage instances in compartment Development where target.instance.lifecycleState = 'RUNNING'``` | | How to allow IAM identity like Azure AD to manage OCI resources? | Use federated identity via Identity Providers. Integrate OCI with Azure AD for SSO and role-based access. | | How AD Integration is done? | Use OCI Identity Federation → Register AD as IdP → Map AD groups to OCI policies. |

Network & Security Architecture

Question	Answer
What is a Web Application Firewall (WAF)?	Protects apps from common web exploits (OWASP), supports rate limiting, bot protection, and access rules.
How to isolate a network but allow specific services internet access?	Use private subnets + Service Gateway or NAT Gateway, and configure security list + route table.
How to set up secure inter-region communication?	Use FastConnect with encryption, setup DRG peering, and configure route tables and security lists.
How to connect 2 spoke VCNs in the same region?	Use Hub-and-Spoke model with DRG, route tables, and local peering.
What is asymmetric routing and how does OCI handle it?	Happens when response traffic takes a different path. OCI enforces symmetric routing by default for security.
How does transit routing work in hub & spoke across regions?	DRG peering enables traffic routing via hub VCN across regions. Use route rules for direction control.
OCI to Azure connectivity?	Use VPN/IPSec or FastConnect + ExpressRoute for hybrid cloud. Setup via DRG and Azure VPN Gateway.
If route table, NSG, and security list are combined, what’s the order?	Traffic hits NSG → Security List → Route Table → Gateway. All must allow traffic for access.

Storage & Compute

Question	Answer
Two types of block volume attachments?	ISCSI (manual attach, needs iSCSI commands) and Paravirtualized (auto attach, OCI managed).
Difference between ISCSI & Paravirtualized?	ISCSI: More control but manual setup. Paravirtualized: Simple, fast setup with reduced overhead.
How to access VM when keys are lost?	Use serial console or reattach volume to another instance to reset SSH config.
When credentials fail & keys are lost – how to recover?	Use OCI Console → Stop instance → Boot volume attach to another VM → Reset password/keys → Reboot.
How to troubleshoot compute issues?	Check Monitoring/Logs → Console connection → Event logs → Check storage/network health.
Hardening in Oracle Linux?	Disable root SSH, update packages, configure firewall, set auditd, and secure SELinux settings.

OCI Services

Question	Answer
What is patching service in OCI?	OCI OS Management Service automates patching for compute and DB systems.
Notification service & subject line?	OCI Notifications service sends alerts via email, Slack, or custom endpoints. Subject line is customizable.
Load Balancer	Distributes traffic across backend sets, supports health checks, SSL, and custom routing.
Docker, Terraform, Ansible, Exadata, Autonomous DB	Docker: Container runtime. Terraform: IaC tool for OCI resources. Ansible: Config mgmt. Exadata: High-perf DB infra. Autonomous DB: Self-driving DB on OCI.
What are activities in Oracle DB management?	Backup, patching, monitoring, replication, tuning, user/role mgmt, and DR setup.
Current backup policy – full vs incremental?	Full: Complete DB backup. Incremental: Only changes since last backup. Policy varies by RPO needs.
How to recover missing logs from backup?	Use RMAN to restore archivelogs from backup and apply on standby.
If there is archive gap between prod & standby, how to fix?	Identify gap via v$archive_gap, fetch logs from RMAN or prod, and apply manually.

Performance & Cost

Question	Answer
How to analyze and resolve DB performance in OCI?	Use AWR/ASH reports, monitor metrics, optimize queries/indexes, and scale resources.
How to do cost optimization in OCI?	Use OCI Cost Analysis tool, identify underutilized resources, shut down idle instances, use auto-scaling and budgets.
If cost alert received, how to analyze resource usage?	Check Billing → Cost Analysis → Filter by service/date → Tag high-usage resources.

Operations & Troubleshooting

Question	Answer
What are day-to-day tasks as OCI architect?	Infra provisioning, cost control, automation, DR, IAM policies, migrations, security audits, and support.
What type of tickets are received for OCI access?	Login issues, key resets, policy changes, VM/network access, performance queries.
POC and client issues in POC?	Performance, security compliance, app integration, latency concerns.
If Terraform apply fails midway, what to do?	Check state file, fix code/config, run `terraform refresh`, then re-apply.
What is the size & backup extension of DB moved?	Depends on DB. Common extension: .dmp (Data Pump), RMAN uses .bak, .arc, .ctl.
How to troubleshoot when users can’t login?	Verify user status, IAM policies, reset keys, use serial console for recovery.

This organized structure groups related questions and answers for better clarity and focus.

After removing duplicates, we are left with 50 unique OCI interview questions. Here's a refined list of the questions along with concise answers for each:

🔧 Infrastructure & DR How to set up full stack - DR? Use OCI DR strategies with data guard for DB, Object Storage replication, Terraform for IaaC, and traffic routing via Global DNS/Load Balancer.

How to setup DR? Deploy standby infrastructure in a secondary region, configure Data Guard, replicate storage, and automate failover via health checks.

There is a requirement to create a DR in Jeddah and Riyadh with RTO/RPO <15 mins. What’s the approach? Use Active Data Guard, Object Storage replication, DNS steering, and automation scripts for failover/failback.

If prod DB crashes, how will OCI analyze and how to use Terraform? Use Monitoring/Logging, Alarms to detect crash; use Terraform for auto recovery or redeployment.

🔄 Migration & Upgrade How to migrate 12c DB to 19c in multitenant architecture? Use RMAN/Datapump to export 12c PDB, upgrade via DBUA or manual SQL steps, import to 19c CDB.

Migration steps end-to-end? Assess → Plan → Provision OCI infra → Data Transfer → Validation → Cutover → Monitor.

Migration steps from On-Prem to OCI? Use tools like Data Pump, GoldenGate, or Zero Downtime Migration (ZDM); validate and cutover.

Tell me data migration steps from On-Prem to OCI with 0/minimal downtime? Use GoldenGate for real-time sync, switch at low-traffic time, ensure DNS/app pointing post cutover.

Tell me 1 example of real-time migration using Terraform (VCN, compute)? Use Terraform to create OCI resources: VCN, subnets, compute, and storage. Integrate with Ansible for config management.

What are the steps for upgrading 12c to 19c and how to recover? Pre-checks → Backup → Run DBUA/manual scripts → Validate → Reapply patches/data.

🔐 Security & IAM How do we secure Object Storage bucket? Use bucket policies, pre-authenticated requests, encryption keys, and compartment isolation.

How to configure OCI Vault? Create Vault → Add master key → Assign permissions → Use with block volumes, DB, and Object Storage.

How to encrypt boot volume? Enable encryption with OCI Vault keys during instance creation.

What type of policies are there and when to use? Resource, Identity, Tag-based policies. Use least privilege principle; eg. Read-only access:

pgsql Copy Edit Allow group Readers to inspect all-resources in compartment Demo Policy to allow only running instances?

vbnet Copy Edit Allow group Developers to manage instances in compartment Development where target.instance.lifecycleState = 'RUNNING' How to allow IAM identity like Azure AD to manage OCI resources? Use federated identity via Identity Providers. Integrate OCI with Azure AD for SSO and role-based access.

How AD Integration is done? Use OCI Identity Federation → Register AD as IdP → Map AD groups to OCI policies.

🛡️ Network & Security Architecture What is a Web Application Firewall (WAF)? Protects apps from common web exploits (OWASP), supports rate limiting, bot protection, and access rules.

How to isolate a network but allow specific services internet access? Use private subnets + Service Gateway or NAT Gateway, and configure security list + route table.

How to set up secure inter-region communication? Use FastConnect with encryption, setup DRG peering, configure route tables and security lists.

How to connect 2 spoke VCNs in same region? Use Hub-and-Spoke model with DRG, route tables, and local peering.

What is asymmetric routing and how does OCI handle it? Happens when response traffic takes a different path. OCI enforces symmetric routing by default for security.

How does transit routing work in hub & spoke across regions? DRG peering enables traffic routing via hub VCN across regions. Use route rules for direction control.

OCI to Azure connectivity? Use VPN/IPSec or FastConnect + ExpressRoute for hybrid cloud. Setup via DRG and Azure VPN Gateway.

If route table, NSG, and security list are combined, what’s the order? Traffic hits NSG → Security List → Route Table → Gateway. All must allow traffic for access.

💽 Storage & Compute Two types of block volume attachments?

ISCSI (manual attach, needs iSCSI commands)

Paravirtualized (auto attach, OCI managed)

Difference between ISCSI & Paravirtualized? ISCSI: More control but manual setup. Paravirtualized: Simple, fast setup with reduced overhead.

How to access VM when keys are lost? Use serial console or reattach volume to another instance to reset SSH config.

When credentials fail & keys are lost – how to recover? Use OCI Console → Stop instance → Boot volume attach to another VM → Reset password/keys → Reboot.

How to troubleshoot compute issues? Check Monitoring/Logs → Console connection → Event logs → Check storage/network health.

Hardening in Oracle Linux? Disable root SSH, update packages, configure firewall, set auditd, and secure SELinux settings.

☁️ OCI Services What is patching service in OCI? OCI OS Management Service automates patching for compute and DB systems.

Notification service & subject line? OCI Notifications service sends alerts via email, Slack, or custom endpoints. Subject line is customizable.

Load Balancer Distributes traffic across backend sets, supports health checks, SSL, and custom routing.

Docker, Terraform, Ansible, Exadata, Autonomous DB Docker: Container runtime. Terraform: IaC tool for OCI resources. Ansible: Config mgmt. Exadata: High-perf DB infra. Autonomous DB: Self-driving DB on OCI.

What are activities in Oracle DB management? Backup, patching, monitoring, replication, tuning, user/role mgmt, and DR setup.

Current backup policy – full vs incremental? Full: Complete DB backup. Incremental: Only changes since last backup. Policy varies by RPO needs.

How to recover missing logs from backup? Use RMAN to restore archivelogs from backup and apply on standby.

If there is archive gap between prod & standby, how to fix? Identify gap via v$archive_gap, fetch logs from RMAN or prod and apply manually.

📉 Performance & Cost How to analyze and resolve DB performance in OCI? Use AWR/ASH reports, monitor metrics, optimize queries/indexes, scale resources.

How to do cost optimization in OCI? Use OCI Cost Analysis tool, identify underutilized resources, shut down idle instances, use auto-scaling and budgets.

If cost alert received, how to analyze resource usage? Check Billing → Cost Analysis → Filter by service/date → Tag high-usage resources.

⚙️ Operations & Troubleshooting What are day-to-day tasks as OCI architect? Infra provisioning, cost control, automation, DR, IAM policies, migrations, security audits, and support.

What type of tickets are received for OCI access? Login issues, key resets, policy changes, VM/network access, performance queries.

POC and client issues in POC? Performance, security compliance, app integration, latency concerns.

If Terraform apply fails midway, what to do? Check state file, fix code/config, run terraform refresh, then re-apply.

Docker, Terraform, Ansible, Exadata, Autonomous DB (Already covered)

What is the size & backup extension of DB moved? Depends on DB. Common extension: .dmp (Data Pump), RMAN uses .bak, .arc, .ctl.

How to troubleshoot when users can’t login? Verify user status, IAM policies, reset keys, use serial console for recovery.

How to recover logs using backup? (Covered earlier)