Oracle Oracle Certifications 1Z0-1115-23 Questions & Answers

• Question 21:

  Which components are required to establish a Site-to-Site VPN connection in Oracle Cloud Infra-structure?

  A. Internet Gateway, Customer Premises Equipment (CPE), and IPsec tunnel

  B. Internet Gateway (IG), Network Address Translation (NAT) Gateway, and IPsec tun-nel

  C. Dynamic Routing Gateway (DRG), Customer Premises Equipment (CPE), and IPsec tunnel

  D. Dynamic Routing Gateway (DRG), NAT Gateway, and IPsec tunnel

  Correct Answer: C

  Site-to-Site VPN Components:

  CPE OBJECT: At your end of Site-to-Site VPN is the actual device in your on-premises network (whether hardware or software). The term customer-premises equipment (CPE) is commonly used in some industries to refer to this type of on-

  premises equipment. DYNAMIC ROUTING GATEWAY (DRG): At Oracle's end of Site-to-Site VPN is a virtual router called a dynamic routing gateway, which is the gateway into your VCN from your on- premises network.

  IPSEC CONNECTION: After creating the CPE object and DRG, you connect them by creating an IPSec connection, which you can think of as a parent object that represents the Site-to-Site VPN.

  TUNNEL: An IPSec tunnel is used to encrypt traffic between secure IPSec endpoints. Oracle cre-ates two tunnels in each IPSec connection for redundancy. So, Internet Gateway, NAT Gateway are NOT valid Site-to-Site VPN Components.

  Hence, Dynamic Routing Gateway (DRG), Customer Premises Equipment (CPE), and IPsec tunnel is the CORRECT answer.

• Question 22:

  How does Oracle Database Service for Azure enable bidirectional communication between applica-tions in the Azure tenancy and database resources in OracleDB for Azure?

  A. By creating a custom Azure dashboard for each database

  B. By configuring DNS on both sides of the Interconnect

  C. By granting the Oracle Database Service enterprise application specific roles in Azure

  D. By federating the Azure tenant's Azure Active Directory (AAD) with an OCI identity domain

  Correct Answer: B

  With OCI multicloud's OracleDB for Azure, your database resources reside in an OCI account that is linked to your Azure account through Oracle Interconnect for Microsoft Azure, an Oracle-managed tunnel connection. OracleDB for Azure configures DNS on both sides of the Interconnect to enable bi- directional communication between applications in the Azure tenancy and database resources in OracleDB for Azure.

• Question 23:

  Which is NOT a security capability available with OracleDB for Azure?

  A. IPsec tunnel

  B. Encryption of data at rest and in transit

  C. Automatic security updates for the database

  D. Security features such as network isolation and access controls

  Correct Answer: A

• Question 24:

  An organization wants to deploy Oracle Database Service for Azure in the existing Oracle Cloud Infrastructure and Azure tenancies that are in the supported regions. However, they want to have full control over the Azure permissions that should be granted.

  Which option should they choose during the sign-up process?

  A. Fully automated configuration

  B. Guided account linking

  C. Fully scripted configuration

  D. Auto pilot linking

  Correct Answer: B

  The keyword mentioned in the question is "However, they want to have full control over the Az-ure permissions that should be granted. "

  The fully-automated onboarding option for OracleDB for Azure is faster and more convenient than the guided account linking, but some organizations may have security policies that do not allow them to grant the required permissions to the

  Oracle Database Service enterprise applica-tion that runs in their Azure account. Guided onboarding is provided for customers who do not want to grant OracleDB for Azure all the Azure permissions required for fully automated onboarding.

  The remaining two options - Auto pilot linking and Fully scripted configuration are INVALID. There doesn't exist anything like these in Oracle Database Service for Azure onboarding. Hence the correct answer is Guided account linking

• Question 25:

  What is the primary difference between using Oracle FastConnect with an Oracle partner and using FastConnect with colocation with Oracle?

  A. The method of establishing the physical connection to Oracle Cloud Infrastructure

  B. The number of available redundancy models

  C. The type of virtual circuits supported

  D. The geographical locations available for connections

  Correct Answer: A

  FastConnect: With an Oracle Partner:

  You can establish a FastConnect connection from your on-premise or remote data center to the data center where your Oracle Cloud resources are provisioned by requesting cloud connectivity services from any of Oracle's FastConnect

  partners. Oracle has integrated the FastConnect service with a geographically diverse set of IP, VPN, and Ethernet network providers and cloud exchanges to make it easy for you to establish a connection to Oracle Cloud services.

  A close-up of a

  white box

  FastConnect: Colocation with Oracle:

  If you have purchased colocation space from a data center provider, you can use Oracle FastCon-nect to establish connectivity from your network equipment in that colocation facility to your Oracle Cloud services provisioned at this location.

  Oracle will provide you a letter of authorization (LOA) that the data center provider will need in order to establish a direct cross-connect into Oracle's FastConnect edge devices provider will need in order to establish a direct cross

• Question 26:

  What encryption protocol is used to secure data transmission in an OCI Site-to-Site VPN connec-tion?

  A. Transport Layer Security (TLS)

  B. Datagram Transport Layer Security (DTLS)

  C. Secure Sockets Layer (SSL)

  D. Internet Protocol Security (IPSec)

  Correct Answer: D

  Site-to-Site VPN provides a site-to-site IPSec connection between your on-premises network and your virtual cloud network (VCN). The IPSec protocol suite encrypts IP traffic before the packets are transferred from the source to the destination and decrypts the traffic when it arrives.

• Question 27:

  What is the role of the Oracle Database Service enterprise application in OracleDB for Azure?

  A. It allows you to add database compute servers and storage servers to your system at any time after provisioning.

  B. It allows users to log in to the OCI Console with the same Azure credentials for Azure and the OracleDB for Azure portal.

  C. It creates and manages resources in the Azure subscription, streams OCI Database metrics to Azure App Insights and events to Azure Log Analytics, and configures net-work settings in Azure so that Azure resources can access database resources in OCI.

  D. It provides a distributed, scalable, shared-nothing, in-memory, hybrid columnar, query processing engine designed for extreme performance.

  Correct Answer: C

  The Oracle Database Service multitenant application can:

  Create and manage resources in the subscription (for example, the custom dashboard, Azure App Insights, and Azure Log Analytics workspaces OracleDB for Azure creates for each provisioned database).

  Stream OCI Database metrics to Azure App Insights and events to Azure Log Analytics. Configure network settings in Azure so Azure resources can access the database resources in OCI.

  Submit events to Azure Event Grid.

  More read: Preparation and Prerequisites for OracleDB for Azure

• Question 28:

  What components are required for setting up an Azure VNet to Oracle Cloud Infrastructure VCN connection as part of the OCI-Azure Interconnect?

  A. An Azure VNet with subnets and a virtual network gateway, and an OCI VCN with subnets and an attached internet gateway

  B. An Azure VNet with subnets and a virtual network gateway, and an OCI VCN with subnets and an attached NAT gateway

  C. An Azure VNet with subnets and a virtual network gateway, and an OCI VCN with subnets and an attached dynamic routing gateway

  D. An Azure VNet with subnets and a virtual network gateway, and an OCI VCN with subnets and an attached service gateway

  Correct Answer: C

  If you closely look at the options, you can start eliminating some of them. We can easily eliminate "An Azure VNet with subnets and a virtual network gateway, and an OCI VCN with subnets and an attached service gateway" as we don't

  require service gateway to setup OCI-Azure Interconnect.

  On similar lines, we can also eliminate the options where internet gateway and NAT gateway is pre-sent.

  Hence "An Azure VNet with subnets and a virtual network gateway, and an OCI VCN with sub-nets and an attached internet gateway" and "An Azure VNet with subnets and a virtual network gateway, and an OCI VCN with subnets and an

  attached NAT gateway". As you can see in the architecture below, on the OCI side you require a Dynamic Routing Gate-way and on the Azure side you need a Virtual Network Gateway. Hence the option "An Azure VNet with subnets and a

  virtual network gateway, and an OCI VCN with subnets and an attached dynamic routing gateway" is CORRECT.

  

• Question 29:

  A company has deployed an application in Oracle Cloud Infrastructure consisting of multiple web servers, database servers, and application servers. The company wants to restrict communication be-tween these components, allowing only the necessary traffic between them. Which OCI feature would be most suitable to achieve this objective?

  A. Use Virtual Cloud Networks to create isolated networks for each component.

  B. Use Security Lists to configure network access rules for the entire Virtual Cloud Net- work.

  C. Use Network Security Groups to apply specific firewall rules for each component.

  D. Use Route Tables to define custom routing policies between each component.

  Correct Answer: C

  Network security groups (NSGs) act as a virtual firewall for your compute instances . An NSG consists of a set of ingress and egress security rules that apply only to a set of VNICs of your choice in a single VCN (for example: all the compute

  instances that act as web servers in the web tier of a multi-tier application in your VCN). Hence, "Use Network Security Groups to apply specific firewall rules for each component." is the CORRECT answer.

  In this question , you can straightaway reject "Use Virtual Cloud Networks to create isolated net-works for each component." and "Use Route Tables to define custom routing policies between each component." options.

  NSG wins here due to the keywords "restrict communication between these components" in the question. A network security group (NSG) provides a virtual firewall for a set of cloud re-sources that all have the same security posture.

• Question 30:

  A company has deployed a multi-tier application in Oracle Cloud Infrastructure (OCI), with web servers in a public subnet and database servers in a private subnet. The database servers need to ac-cess data from OCI Object Storage, and the company wants to ensure that this communication is secure and not exposed to the public internet. Which OCI feature should be used to achieve this objective?

  A. Use a Local Peering Gateway to peer with the Object Storage subnet.

  B. Use a Service Gateway to establish a secure connection to Object Storage.

  C. Use a NAT Gateway to enable private access to Object Storage.

  D. Use a VPN Gateway to create an encrypted tunnel to Object Storage.

  Correct Answer: B

  A service gateway lets your virtual cloud network (VCN) privately access specific Oracle services without exposing the data to the public internet. No internet gateway or NAT gateway is required to reach those specific services. The resources in the VCN can be in a private subnet and use only private IP addresses. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.