Oracle Oracle Certifications 1Z0-997-20 Questions & Answers

• Question 131:

  You have been asked to review some network proposals by a major client. The client's IT director needs to provision two Virtual Cloud Network (VCN) for a major application. Both applications use a large number of virtual machine instances, and so will ideally occupy VCNs with as many address spaces as possible. Additionally, in the future, VCN peering will be required to allow communication between the VCNs.

  Which of the following are valid IP ranges to consider for the VCNs?

  A. 10.0.0.0/24 and 10.0.1.0/24

  B. 10.0.1.0/24 and 10.0.1.0/27

  C. 10.0.0.0/16 and 10.0.64.0/24

  D. 10.0.0.0/8 and 11.0.0.0/8

  Correct Answer: A

• Question 132:

  Your organization is planning on using Oracle Cloud Infrastructure (OCI) File Storage Service (FSS). You will be deploying multiple compute instance in Oracle Cloud Infrastructure (OCI) and mounting the file system to these compute instances. The file system will hold payment data processed by a Database instance and utilized by compute instances to create a overall inventory report. You need to restrict access to this data for specific compute instances and must be allowed/blocked per compute instance's CIDR block.

  Which option can you use to secure access?

  A. Use stateless Security List rule to restrict access from known IP addresses only.

  B. Create a new VCN security list, choose SOURCE TYPE as Service and SOURCE SERVICE as FSS. Add stateless ingress and egress rules for specific P address and CIDR blocks.

  C. Use 'Export option' feature of FSS to restrict access to the mounted file systems.

  D. Create and configure OCI Web Application Firewall service with built in DNS based intelligent routing.

  Correct Answer: C

  NFS export options enable you to create more granular access control than is possible using just security list rules to limit VCN access. You can use NFS export options to specify access levels for IP addresses or CIDR blocks connecting to file systems through exports in a mount target. Access can be restricted so that each client's file system is inaccessible and invisible to the other, providing better security controls in multi-tenant environments. Using NFS export option access controls, you can limit clients' ability to connect to the file system and view or write data. For example, if you want to allow clients to consume but not update resources in your file system, you can set access to Read Only. You can also reduce client root access to your file systems and map specified User IDs (UIDs) and Group IDs (GIDs) to an anonymous UID/GID of your choice. For more information about how NFS export options work with other security layers

• Question 133:

  Your Oracle database is deployed on-premises and has produced 100 TB database backup locally. You have a disaster recovery plan that requires you to create redundant database backups in Oracle Cloud Infrastructure (OCI).

  Once the initial backup is completed, the backup must be available for retrieval in less than 30 minutes to support the Recovery Time Objective (RTO) of your solution.

  Which is the most cost effective option to meet these requirements?

  A. Setup an IPsec VPNConnect between on-premises data center and OCI. Then to use OCI CLI command to upload database backups to OCI Object Storage Archive tier as the final destination.

  B. Use OCI Storage Gateway to transfer the backup files to OCI Object Storage Archive tier as the final destination.

  C. Setup a FastConnect connection between on-premises data center and OCI. Then to use OCI CLI command to upload database backups to OCI Object Storage Standard tier as the final destination.

  D. Use OCI Storage Gateway to transfer the backup files to OCI Object Storage Standard tier as the final destination.

  Correct Answer: D

• Question 134:

  You are working as a solution architect for an online retail store to create a portal to allow the users to pay for their groceries using credit cards. Since the application is not fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), your company is looking to use a third party payment service to process credit card payments.

  The third party service allows a maximum of Spelunk IP addresses 5 public IP addresses at a time However, your website is using Oracle Cloud Infrastructure (OCI) Instance Pool Auto Scaling policy to create up to create up to 15 Instances during peak traffic demand, which are launched In VCN private in VCN private subnets and attached to an OCI public Load Balancer. Upon user payment, the portal connects to the payment service over the Interne! to complete the transaction

  What solution can you implement to make sure that all compute Instances can connect to the third party system to process the payments aw peak traffic demand?

  A. Route credit card payment request from the compute instances through the NAT Gateway. On the third-party services, whitelist the public IP associated with the NAT Gateway.

  B. Create an OCI Command Line Interface (CLI) script to automatically reserve public IP address for the compute instances. On the third-party services, whitelist the Reserved public IP.

  C. Whitelist the Internet Gateway Public IP on the third party service and route all payment requests through the Internet Gateway.

  D. Route payment request from the compute instances through the OCI Load Balancer, which will then be routed to the third party service.

  Correct Answer: A

  Explanation: https://docs.oracle.com/en-us/iaas/Content/Balance/Concepts/balanceoverview.htm

• Question 135:

  You have configured backups for your Oracle Cloud Infrastructure (OCI) 2-node RAC DB systems on virtual machines. In the console, the database backup displays a Failed status.

  Which of the following options is the most likely reason for this backup issue?

  A. The master key stored in OCI Key Management for encryption and decryption of data in the database is not accessible to the backup service.

  B. The auth token being used by the Object Store Swift endpoint is incorrect.

  C. The allocated storage on the OCI File Storage service file system attached with the database is full.

  D. The RMAN backup agent is not compatible with the version of database being used.

  Correct Answer: B

• Question 136:

  A cost conscious fashions design company which sells bags, clothes, and other luxury items has recently decided to more all of the their on-premises infrastructure Oracle Cloud Infrastructure (OCI), One of their on-premises application is running on an NGINX server and the Oracle Database is running in a 2 node Oracle Real Application Clusters (RAC) configuration.

  Based on cost considerations, what is an effective mechanism to migrate the customer application to OCI and set up regular automated backups?

  A. Launch a compute Instance and run a NGINX server to host the application. Deploy a 2 node VM DB Systems with oracle RAC enabled import the on premises database to OCI VM DB Systems using oracle Data Pump and then enable automatic backups.

  B. Launch a compute Instance and run an NGINX server to host the application. Deploy Exadata Quarter Rack, enable automatic backups and import the database using Oracle Data Pump.

  C. Launch a compute Instance for both the NGINX application server and the database server. Attach block volumes on the database server compute instance and enable backup policy to backup the block volumes.

  D. Launch a Compute instance and run a NGINX Server to host the application. Deploy a 2 node VM DB Systems with Oracle RAC enabled Import the on premises database to OCI VM DB Systems using data pump and then enable automatic backup- Also, enable Oracle Data Guard on the database server

  Correct Answer: A

  Based on cost considerations will exclude the Exadata. and there's no need for Data Guard Cost Estimator https://www.oracle.com/cloud/cost-estimator.html

  

• Question 137:

  A manufacturing company is planning to migrate their on-premises database to Oracle Cloud Infrastructure and has hired you for the migration. Customer has provided following information regarding their existing on-premises database:

  Database version, database character set, storage for data staging, acceptable length of system outage.

  What additional information do you need from customer in order to recommend a suitable migration method? (Choose Two)

  A. On-Premises host operating system and version.

  B. Number of active connections.

  C. Data types used in the on-premises database.

  D. Elapsed time since database was last patched.

  E. Top 5 longest running queries.

  Correct Answer: AC

• Question 138:

  You are developing a Serverless function for your company's IoT project. This function should access Oracle Cloud Infrastructure (OCI) Object Storage to store some files. You choose Oracle Functions to deploy this function on OCI. However, your security team doesn't allow you to carry any API Token or RSA Key to authenticate the function against the OCI API to access the Object Storage.

  What should you do to get this function to access OCI Object Storage without carrying any static authentication files? (Choose the best answer.)

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: A

  Explanation: https://blogs.oracle.com/cloud-infrastructure/getting-started-with-oracle- functions-and-object-storage

• Question 139:

  You are creating an Oracle Cloud Infrastructure Dynamic Group. To determine the members of this group you are defining a set of matching rules.

  Which of the following are the supported variables to define conditions in the matching rules? (Choose Two)

  A. iam.policy.id - the OCID of the IAM policy to apply to the group.

  B. instance.tenancy.id - the OCID of the tenancy where the instance resides.

  C. tag...value - the tag namespace and tag key.

  D. instance.compartment.id - the OCID of the compartment where the instance resides.

  Correct Answer: CD

  You can define the members of the dynamic group based on the following:

  -compartment ID

  -instance ID

  -

  tag namespace and tag key

  -

  tag namespace, tag key, and tag value

  Supported variables are:

  instance.compartment.id - the OCID of the compartment where the instance resides instance.id - the OCID of the instance

  tag...value - the tag namespace and tag key. For example, tag.department.operations.value .

  tag...value='' - the tag namespace, tag key, and tag value. For

  example, tag.department.operations.value='45'

• Question 140:

  A company is running High Performance Computing workloads on Oracle Cloud Infrastructure and are using OCI bare metal compute shape. They have decided to create a custom image of the bare metal instance's boot disk and use it to launch other instances.

  Which of the following is a NOT a true statement?

  A. Before you create a custom image of an instance, you must disconnect all iSCSI attachments and remove all iscsid node configurations from the instance.

  B. Editing custom Windows images is not supported due to hardware differences between shapes.

  C. Custom images do not include the data from any attached block volumes.

  D. You can create additional custom images of an instance while the instance is engaged in the image creation process.

  Correct Answer: D