Use this for last‑mile review. Pair it with the Syllabus.
1) Canonical 3‑tier placement (public edge, private tiers)
flowchart LR
U["Users"] --> LB["Load Balancer (public subnet)"]
LB --> APP["App tier (private subnet)"]
APP --> DB["DB tier (private subnet)"]
Exam rule: if a design exposes databases directly to the internet, it’s almost always wrong.
2) Networking decision table (high-yield)
| Requirement |
Prefer |
Why |
| Public ingress to app |
IGW + public LB |
controlled entry point |
| Private subnet outbound |
NAT gateway |
outbound only, no inbound |
| Private access to Oracle services |
Service gateway |
no public internet path |
| On-prem / cross-VCN routing |
DRG |
hub for routing |
Security Lists vs NSGs
| You need… |
Prefer |
| Simple subnet-wide rules |
Security lists |
| Granular per-app rules |
NSGs |
3) Connectivity (concept-level selection)
| Requirement |
Prefer |
| Fast setup / lower cost |
IPSec VPN |
| Higher bandwidth / consistent latency |
FastConnect |
| Many VCNs / hub-spoke |
DRG-based hub |
4) Compute + storage + database pickers
Storage
| Workload |
Prefer |
| App artifacts, logs, backups |
Object Storage |
| VM boot/data disks |
Block Volumes |
| Shared filesystem |
File Storage |
Database (purpose-level)
| Requirement |
Prefer |
| Managed Oracle DB with automation |
Autonomous Database |
| More control over configuration |
DB System |
5) HA basics (what the associate exam expects)
- Use multiple fault domains/availability domains for resilience.
- Put app tier behind load balancers with health checks.
- Prefer managed services where possible; ensure backups are configured.