1. Home
  2. Oracle
  3. 1Z0-997-21

Oracle Cloud Infrastructure 2021 Architect Professional

Exam Details

  • Exam Code
    :1Z0-997-21
  • Exam Name
    :Oracle Cloud Infrastructure 2021 Architect Professional
  • Certification
    :Oracle Certifications
  • Vendor
    :Oracle
  • Total Questions
    :137 Q&As
  • Last Updated
    :Mar 26, 2025

Oracle Oracle Certifications 1Z0-997-21 Questions & Answers

  • Question 1:

    Your company needs to migrate a business critical application from your data center to Oracle Cloud Infrastructure (OCI). The application runs on Oracle Database and both the application and database servers run on Oracle Linux version 7. The application server is WebLogic server running on multiple 4-core servers and the database is deployed as an Oracle Database Enterprise Edition RAC database on 2 servers (4-cores each). Which method of database migration should you choose so that the application has minimal impact? (Choose the best answer.)

    A. Deploy Virtual Machine RAC DB system on OCI and use the Oracle Database Backup module with RMAN to migrate the data from customer on-premises to OCI.

    B. Deploy Virtual Machine RAC DB system on OCI and use the ZDM tool for the database migration.

    C. Deploy Autonomous Transaction Processing Database on OCI and use the MV2ADB tool for the database migration.

    D. Deploy Exadata Cloud Service Base rack and use Oracle Data Pump tool to migrate the data from customer on-premises to OCI.

  • Question 2:

    Your company developed a function that needs to access the Oracle Database to inject some data to it at runtime. You are tasked to move this function to the Oracle Cloud Infrastructure (OCI) and use Oracle Functions and access Oracle Autonomous Database. You created a Dockerfile below to run this function, however, you are getting this error "cx_Oracle.DatabaseError: ORA""12560: TNS:protocol adapter error".

    What should you do to make sure that Oracle Functions can run this Dockerfile properly? (Choose the best answer.)

    A. Add these two lines to your Dockerfile: groupadd """"gid 1000 fn andand \ adduser """"uid 1000 """"gid fn fn

    B. Use """"privileged flag while running the Docker container to add runtime privilege

    C. Use """"cap""add=ALL flag while running the Docker container to add runtime capability

    D. You ned to run this Container as root, so add this line: USER root

  • Question 3:

    Given this compartment structure:

    You are managing a compute instance that currently resides in the Compute compartment. The Virtual Cloud Network (VCN) into which the compute instance was originally deployed, also resides in this compartment. To support a project-related task, you need to move just the compute instance to the SysTest-Team compartment. You log into your Oracle Cloud Infrastructure (OCI) account and use the Move Resource option to place the compute instance in the new compartment. What will be the result of your attempt to move the compute instance to the new compartment? (Choose the best answer.)

    A. The move will be successful. The compute instance's public and private IP addresses will stay the same. The compute instance will remain associated with the VCN from the source compartment.

    B. The move will fail and you will be prompted to move the VCN first. Once VCN is moved to the target compartment, the compute instance can be moved.

    C. After moving the compute instance, you must move the compute instance VNIC as a separate action. The public and private IP addresses of the instance will remain unchanged and it will still be associated with the VCN from the source compartment.

    D. The move will be successful. However, the compute instance's public and private IP addresses will change, and it will be associated to the first VCN that was created in the new, target compartment.

  • Question 4:

    You are tasked with building a highly available, fault tolerant web application for your current employer. The security team is concerned about an increase in malicious web-based attacks across the internet and asked what you can do to add a higher level of security to the website. How should you architect the solution on Oracle Cloud Infrastructure (OCI) to meet all requirements defined by your organization? (Choose the best answer.)

    A. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Deploy a Web Application Firewall (WAF) and configure the load balancer public IP address as the origin.

    B. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Create a Geolocation steering policy in Traffic Management and add an answer pool that directs to the public IP address of the load balancer. Configure a global catch-all rule to use this answer pool.

    C. Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Ensure that each web application server is assigned a public IP address. Deploy a Web Application Firewall (WAF) and configure one Origin for each public IP address.

    D. Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Use the OCI Traffic Management service to create a load balancing policy that will resolve DNS evenly between all web servers.

  • Question 5:

    You are advising the database administrator responsible for managing non-production environment for Oracle Autonomous Database running on Oracle Cloud Infrastructure. You need to help the database administrator ensure that the non-production environments have a copy of the current data from the production environment in a manner that is most time-efficient. Which method should you recommend? (Choose the best answer.)

    A. Take a full database backup of the production Autonomous database and create the non- production database from it.

    B. Create a metadata clone of the production Autonomous Database and create the non-production database from it.

    C. Create a full clone of the production Autonomous Database and create the non-production database from it.

    D. Take a Data Pump export of the production Autonomous database and import into the non- production database.

  • Question 6:

    You work for a retail company and they developed a Microservices based shopping application that needs to access Oracle Autonomous Database from the application. As an Architect, you have been tasked to treat all of the application components as Kubernetes native objects, such as the microservices, Oracle Autonomous database, Kubernetes services, etc. What should you do to make sure that you can use Kubernetes constructs to manage the life cycle of the application components, including Oracle Autonomous Database? (Choose the best answer.)

    A. Create an Oracle Cloud Infrastructure (OCI) Service Gateway and connect to the Oracle Autonomous Database using the private IP address from the microservice.

    B. Provision an Oracle Autonomous Database and then use OCI Service Broker to access the database as a native component to your Kubernetes cluster.

    C. Create a service from the Kubernetes cluster and point to the Oracle Autonomous Database using its FQDN.

    D. Install and secure the OCI Service Broker for Kubernetes. Then provision and bind to the required Oracle Cloud Infrastructure services.

  • Question 7:

    You work for a bank as the lead Oracle Cloud Infrastructure architect. You designed a highly scalable solution for your company's banking application. The architecture includes a load balancer, application servers with autoscaling configuration based on CPU utilization, and an Autonomous Database with Transaction Processing workload type running in a Virtual Cloud Network (VCN). During the peak utilization period, the application users complain that the application runs slow. What are two possible reasons for the application running slow at times? (Choose two.)

    A. The VCN does not have a Network Security Group configured to allow traffic from the load balancer to all the application servers in the backend set.

    B. Instance pool in autoscaling configuration for the application servers did not scale out due to compartment quota breach of the VM shapes used by the application servers.

    C. The load balancer is not configured correctly to send traffic to all the listeners of the application servers in the backend set.

    D. Instance pool in autoscaling configuration for the Autonomous Database did not scale out due to misconfigured scaling policy.

    E. Instance pool in autoscaling configuration for the application servers did not scale out due to service limit breach of the VM shapes used by the application servers.

  • Question 8:

    You are developing a Serverless function for your company's IoT project. This function should access Oracle Cloud Infrastructure (OCI) Object Storage to store some files. You choose Oracle Functions to deploy this function on OCI. However, your security team doesn't allow you to carry any API Token or RSA Key to authenticate the function against the OCI API to access the Object Storage. What should you do to get this function to access OCI Object Storage without carrying any static authentication files? (Choose the best answer.)

    A. Option A

    B. Option B

    C. Option C

    D. Option D

  • Question 9:

    You work for a large bank where your main application is a payment processing gateway API. You deployed the application on Oracle Container Engine for Kubernetes (OKE) and used API Gateway with several policies to control the access of the API endpoint. However, your customers are complaining about the unavailability of the API endpoint. Upon checking, you noticed that the Gateway URL is throwing Service Unavailable error. You need to check the backend latency and backend responses when this error started last night. What should you do to get this data? (Choose the best answer.)

    A. Check with the application owner and search the log file for the container to get the metrics from the log file.

    B. Go to Governance Menu and click on Audit to see the Audit log for the API Gateway. Filter it using Start and End date with a 503 response status.

    C. Go to Developer Services and click on API Gateway. Go to the detail page of the gateway and select Metrics. Change the Start and End time to filter the metrics.

    D. Go to Monitoring and click on Service Metrics. Choose the Metric Namespace as oci_apigateway. Change the Start and End time accordingly. Add a Dimension and select httpStatusCode: 503. Check the backend latency and backend responses metric.

  • Question 10:

    You work for a large bank where security and compliance are critical. As part of the security overview meeting, your company decided to minimize the installation of local tools on your laptop. You have been running Ansible and kubectl to spin up Oracle Container Engine for Kubernetes (OKE) clusters and deployed your application. For authentication, you are using an Oracle Cloud Infrastructure (OCI) CLI config file that contains OCIDs, Fingerprint, and a locally stored PEM file. Your security team doesn't want you to store any local API key and certificate, or any other local tools. Which two actions should you perform to spin up the OKE cluster and interact with it? (Choose two.)

    A. Create a developer workstation on OCI. Install Ansible and kubectl on it. Use resource principal to authenticate against OCI API and create the OKE Cluster.

    B. Develop your own code using OCI SDK to deploy the OKE cluster.

    C. Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Use OCI_CLI_AUTH=instance_obo_user environment variable to authenticate using built-in token.

    D. Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Bring in your own config file and certificate to authenticate against OCI API.

    E. Create a developer workstation on OCI. Install Ansible and kubectl on it. Use instance principal to authenticate against OCI API and create the OKE Cluster.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Oracle exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 1Z0-997-21 exam preparations and Oracle certification application, do not hesitate to visit our Vcedump.com to find your solutions here.