1. Home
  2. Oracle
  3. 1Z0-997-20

Oracle Cloud Infrastructure 2020 Architect Professional

Exam Details

  • Exam Code
    :1Z0-997-20
  • Exam Name
    :Oracle Cloud Infrastructure 2020 Architect Professional
  • Certification
    :Oracle Certifications
  • Vendor
    :Oracle
  • Total Questions
    :165 Q&As
  • Last Updated
    :Mar 29, 2025

Oracle Oracle Certifications 1Z0-997-20 Questions & Answers

  • Question 51:

    Your customer has gone through a recent departmental re structure. As part of this change, they are organizing their Oracle Cloud Infrastructure (OCI) compartment structure to align with the company's new organizational structure.

    They have made the following change:

    Compartment x Is moved, and its parent compartment is now compartment c.

    Policy defined in compartment A: Allow group networkadmins to manage subnets in compartment X Policy defined in root compartment: Allow group admins to read subnets in compartment Finance:A:X After you move the compartment, which two IAM policies would be required to ensure both groups retain the same permissions to compartment X that they had before? (Choose two.)

    A. Define a policy in the root compartment as follows: Allow group admins to manage subnets in compartment Finance:A:X

    B. Define a policy in compartment HR as follows: Allow group networkadmins to manage subnets in compartment C:X.

    C. Define a policy in the root compartment as follows: Allow group admins to read subnets in compartment HR:C:X

    D. Define a policy in compartment C as follows: Allow group networkadmins to read subnets in compartment X

  • Question 52:

    You work for a retail company and they developed a Microservices based shopping application that needs to access Oracle Autonomous Database from the application. As an Architect, you have been tasked to treat all of the application

    components as Kubernetes native objects, such as the microservices, Oracle

    Autonomous database, Kubernetes services, etc.

    What should you do to make sure that you can use Kubernetes constructs to manage the life cycle of the application components, including Oracle Autonomous Database? (Choose the best answer.)

    A. Create an Oracle Cloud Infrastructure (OCI) Service Gateway and connect to the Oracle Autonomous Database using the private IP address from the microservice.

    B. Provision an Oracle Autonomous Database and then use OCI Service Broker to access the database as a native component to your Kubernetes cluster.

    C. Create a service from the Kubernetes cluster and point to the Oracle Autonomous Database using its FQDN.

    D. Install and secure the OCI Service Broker for Kubernetes. Then provision and bind to the required Oracle Cloud Infrastructure services.

  • Question 53:

    The Finance department of your company has reached out to you. They have customer sensitive data on compute Instances In Oracle Cloud Infrastructure (OCI) which they want to store in OCI Storage for long term retention and archival.

    To meet security requirements they want to ensure this data is NOT transferred over public internet, even if encrypted.

    which they want to store In OCI Object Storage fin long term retention and archival

    To meet security requirements they want to ensure this data is NOT transferred over public Internet, even it encrypted.

    Which option meets this requirements?

    A. Configure a NAT instance and all traffic between compute In Private subnet should use this NAT instance with Private IP as the route target.

    B. Use NAT gateway with appropriate route table when transferring data. Then use NAT gateways' toggle (on/off) once data transfer is complete.

    C. Use Service gateway with appropriate route table.

    D. Use Storage gateway with appropriate firewall rule.

  • Question 54:

    A new international hacktivist group, based in London, launched wide scale cyber attacks including SQL Injection and Cross-Site Scripting (XSS) across multiple websites which are hosted in Oracle Cloud Infrastructure (OCI). As an IT consultant, you must configure a Web Application Firewall (WAF) to protect these websites against the attacks.

    How should you configure your WAF to protect the website against those attacks? (Choose the best answer.)

    A. Enable an Access Rule that contains XSS Filters Categories and SQL Filters Categories.

    B. Enable a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL strings.

    C. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

    D. Enable an Access Rule to block the IP Address range from London.

    E. Enable a Protection Rule to block requests that came from London.

  • Question 55:

    You want to automate the processing of new Image files to generate thumbnails. the expected rate is 10 new files every hour. Which of the following is the most cost effective option to meet this requirement in Oracle Cloud Infrastructure (OCI)?

    A. Upload files to an OCI Object storage bucket. Every time a file is uploaded, an event is emitted. Write a rule to filter these events with an action to trigger a function in Oracle Functions. The function processes the image in the file and stores the thumbnails back in an Object storage bucket.

    B. Upload files to an OCI Object storage bucket. Every time a file is uploaded, trigger an event with an action to provision a compute instance with a cloud-init script to access the file, process it and store it back in an Object storage bucket. Terminate the instance using Autoscaling policy after the processing is finished.

    C. Build a web application to ingest the files and save them to a NoSQL Database. Configure OCI Events service to trigger a notification using Oracle Notification Service (ONS). ONS invokes a custom application to process the image files to generate thumbnails. Store thumbnails in a NoSQL Database table.

    D. Upload all files to an Oracle Streaming Service (OSS) stream. Set up a cron job to invoke a function in Oracle Functions to fetch data from the stream. Invoke another function to process the image files and generate thumbnails. Store thumbnails in another OSS stream.

  • Question 56:

    A large financial services company has used 2 types of Oracle DB Systems. In Oracle Cloud Infrastructure (OCI) to store user data. One is running on a VM.Standard2.8 shape and the other on a VM.Standard 2.4 shape.

    As business grows, data is growing rapidly on both the databases and performance is also degrading. The company wants to address this problem with a viable and economical solution.

    As the solution architect for that company you have suggested that they move their databases to Autonomous Transaction Processing Serverless (ATP-S) database.

    Which two factors should you consider before you arrived at that recommendation?

    A. You verified that ATP S supports the database features and options currently being used by the 2 databases.

    B. Validate that ATP-S will support the storage and processing requirements for the 2 databases over the life cycle of the business applications.

    C. Confirm that ATP-S allows customers to compress tablespaces to reduce storage costs

    D. Upon provisioning, ATP-S automatically scales up CPU to meet the application's processing requirements.

  • Question 57:

    An insurance company is storing critical financial data in the Oracle Cloud Infrastructure block volume. This volume is currently encrypted using oracle managed keys. Due to regulatory compliance, the customer wants to encrypt the data using the keys that they can control and not the keys which are controlled by Oracle.

    What of the following series of tasks are required to encrypt the block volume using customer managed keys?

    A. Create a master encryption key, create a data encryption key, decrypt the block volume using existing oracle managed keys, encrypt the block volume using the data encryption key.

    B. Create a vault import your master encryption key into the vault, generate data encryption key, assign data encryption key to the block volume.

    C. Create a master encryption key, create a new version of the encryption key, decrypt the block volume using existing oracle managed keys and encrypt using new version of the encryption key.

    D. Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume.

  • Question 58:

    There are two compartments: Networks and Devlnstances There are two groups: NetworkAdmins with a user named Nick, and Devs with a user named Dave The following IAM policies are being used: *Allow group NetworkAdmins to manage virtual-network-family in compartment Networks *Allow group NetworkAdmins to manage instance-family in compartment Networks *Allow group Devs to use virtual-network-family in compartment Networks *Allow group Devs to manage all-resources in compartment Devlnstances Nick creates a VCN in Networks compartment. Dave creates a VCN in Devlnstances compartment. Which of the following statements is INCORRECT?

    A. Dave launches instances in Devlnstances using the VCN in Networks compartment

    B. Nick cannot launch new instances in Devlnstances compartment

    C. Nick launches instances in Networks using VCN in Devlnstances compartment

    D. Dave cannot launch new instances in Networks compartment

  • Question 59:

    An Oracle Cloud Infrastructure (OCI) Public Load Balancer's SSL certificate is expiring soon. You noticed the Load Balancer is configured with SSL Termination only. When the certificate expires, data traffic can be interrupted and security compromised.

    What steps do you need to take to prevent this situation?

    A. Add the new SSL certificate to the Load Balancer, update backend servers to work with a new certificate and edit listeners so they can use the new certificate bundle.

    B. Add the new SSL certificate to the Load Balancer, update listeners and backend sets so they can use the new certificate bundle.

    C. Add the new SSL certificate to the Load Balancer and implement end to end SSL so it can encrypt the traffic from clients all the way to the backend servers.

    D. Add the new SSL certificate to the Load Balancer and update backend servers to use the new certificate bundle.

    E. Add the new SSL certificate to the Load Balancer and update listeners to use the new certificate bundle.

  • Question 60:

    You are working as a security consultant with a global insurance organization which is using Microsoft Azure Active Directory as an identity provider to manage user login/passwords. When a user logs in to Oracle Cloud Infrastructure (OCI) console, it should get authenticated by Azure AD.

    Which set of steps are required to be configured in OCI to meet this requirement?

    A. Setup Azure AD as an Identity Provider, import users and groups from Azure AD to OCI, set up IAM policies to govern access to Azure AD groups.

    B. Setup Azure AD as an Enterprise Application, configure OCI for single sign-on, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups.

    C. Setup Azure AD as an Enterprise Application, map Azure AD users, groups and policies to OCI groups and users.

    D. Setup Azure AD as an Identity Provider, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Oracle exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 1Z0-997-20 exam preparations and Oracle certification application, do not hesitate to visit our Vcedump.com to find your solutions here.