Use this for last‑mile review. Pair it with the Syllabus.
1) Canonical 3‑tier placement (public edge, private tiers)
flowchart LR
U["Users"] --> LB["Load Balancer (public subnet)"]
LB --> APP["App tier (private subnet)"]
APP --> DB["DB tier (private subnet)"]
Exam rule: if a design exposes databases directly to the internet, it’s almost always wrong.
2) Networking decision table (high-yield)
| Requirement | Prefer | Why |
|---|
| Public ingress to app | IGW + public LB | controlled entry point |
| Private subnet outbound | NAT gateway | outbound only, no inbound |
| Private access to Oracle services | Service gateway | no public internet path |
| On-prem / cross-VCN routing | DRG | hub for routing |
Security Lists vs NSGs
| You need… | Prefer |
|---|
| Simple subnet-wide rules | Security lists |
| Granular per-app rules | NSGs |
3) Connectivity (concept-level selection)
| Requirement | Prefer |
|---|
| Fast setup / lower cost | IPSec VPN |
| Higher bandwidth / consistent latency | FastConnect |
| Many VCNs / hub-spoke | DRG-based hub |
4) Compute + storage + database pickers
Storage
| Workload | Prefer |
|---|
| App artifacts, logs, backups | Object Storage |
| VM boot/data disks | Block Volumes |
| Shared filesystem | File Storage |
Database (purpose-level)
| Requirement | Prefer |
|---|
| Managed Oracle DB with automation | Autonomous Database |
| More control over configuration | DB System |
5) HA basics (what the associate exam expects)
- Use multiple fault domains/availability domains for resilience.
- Put app tier behind load balancers with health checks.
- Prefer managed services where possible; ensure backups are configured.