Oracle Oracle Certifications 1Z0-997-21 Questions & Answers

• Question 11:

  You are working for a Travel company and your travel portal application is a collection of microservices that run on Oracle Cloud Infrastructure Container Engine for Kubernetes. As per the recent security overview, you have noticed that Oracle has published a newer image of the Operating System used by the worker nodes. You want to make sure that your application doesn't face any downtime but at the same time the worker nodes gets upgraded to the latest version of the Operating System. What should you do to get this upgrade done without application downtime? (Choose the best answer.)

  A. 1. Shutdown the worker nodes 2. Create a new node pool 3. Manually schedule the pods on the newly built node pool

  B. 1. Create a new node pool using the latest available Operating System image. 2. Run kubectl cordon against all the worker nodes in the old pool to stop any new application pods to get scheduled 3. Run kubectl drain """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 4. Delete the old node pool

  C. 1. Create a new node pool using the latest available Operating System image 2. Run kubectl taint nodes """"all node""role.kubernetes.io/master"" 3. Delete the old node pool

  D. 1. Run kubectl cordon against all the worker nodes in the old pool to stop any new application pods to get scheduled 2. Run kubectl drain """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 3. Download the patches for the new Operating System image 4. Patch the worker nodes to the latest Operating System image

  Correct Answer: B

  https://docs.cloud.oracle.com/enus/iaas/Content/ContEng/Tasks/contengupgradingk8sworkernode.htm

• Question 12:

  A developer is using Oracle Functions to deploy her code as part of an event-driven solution in Oracle Cloud Infrastructure (OCI). When she invokes her function, Oracle Functions returns a FunctionlnvokelmageNotAvailable message and a 502 error:

  

  Which of the following options is NOT a plausible reason for this error?

  A. Missing or invalid IAM policy to give Oracle Functions read access to images stored for functions in repositories in OCI Registry.

  B. The function does not exist in the specified location in OCI Registry.

  C. The VCN being used does not have an internet gateway or a service gateway configured for Oracle Functions to be able to access OCI Registry.

  D. OCI Events service rule is not configured with the correct location of the function in OCI Registry.

  Correct Answer: D

• Question 13:

  There are two compartments: Networks and Devlnstances

  There are two groups: NetworkAdmins with a user named Nick, and Devs with a user named Dave The

  following IAM policies are being used:

  Allow group NetworkAdmins to manage virtual-network-family in compartment Networks

  Allow group NetworkAdmins to manage instance-family in compartment Networks

  Allow group Devs to use virtual-network-family in compartment Networks

  Allow group Devs to manage all-resources in compartment

  Devlnstances Nick creates a VCN in Networks compartment. Dave creates a VCN in Devlnstances

  compartment.

  Which of the following statements is INCORRECT?

  A. Dave launches instances in Devlnstances using the VCN in Networks compartment

  B. Nick cannot launch new instances in Devlnstances compartment

  C. Nick launches instances in Networks using VCN in Devlnstances compartment D. Dave cannot launch new instances in Networks compartment

  Correct Answer: C

• Question 14:

  Which of the following features is NOT supported by Oracle Cloud Infrastructure Multi-factor authentication (MFA)?

  A. Only the user can enable MFA for their own account.

  B. Members of the Administrators group can disable MFA for other users.

  C. Users can disable MFA for their own accounts.

  D. Members of the Administrators group can enable MFA for other users.

  Correct Answer: D

• Question 15:

  A cloud consultant is working on a implementation project on Oracle Cloud Infrastructure (OCI). As part of the compliance requirements, the objects placed in OCI Object Storage should be automatically archived first and then deleted. He is testing a lifecycle policy on Object Storage and created a policy as below:

  

  What will happen after this policy is applied?

  A. All the objects having file extension "doc" will be archived for 5 days and will be deleted 10 days after object creation.

  B. All objects with names starting with "doc" will be deleted after 5 days of object creation.

  C. All the objects having file extension "doc" will be archived 5 days after object creation.

  D. All the objects with names starting with "doc" will be archived 5 days after object creation and will be deleted 5 days after archival.

  Correct Answer: B

• Question 16:

  Your customer has gone through a recent reorganization. As part of this change, they are organizing their Oracle Cloud Infrastructure (OCI) compartment structure to align with the company's new organizational structure. (Refer to the exhibit)

  

  They have made the following change: Compartment A is moved, and its new parent compartment is compartment Dev. Policy defined in compartment A: Allow group G1 to manage instance-family in compartment A Policy defined in root compartment: Allow group admins to manage instance-family in compartment Ops: Test: A After the compartment move, which action will provide users of group G1 and admins with similar privileges as before the move?

  A. Define the following policy in compartment Dev: Allow group G1 to manage instance-family in compartment A

  B. Define the following policies in compartment Dev: Allow group G1 to manage instance-family in compartment A Allow group admins to manage instance-family in compartment Ops: Dev: A

  C. Define the following policy in compartment: Dev: Allow group admins to manage instance-family in compartment Ops: Dev: A

  D. Mo change in any policy statement is required as all the policies associated with a compartment being moved is automatically updated

  Correct Answer: A

• Question 17:

  You notice that a majority of your Oracle Cloud Infrastructure (OCI) resources like compute instances, block volumes, and load balancers are not tagged. You have received a mandate from your CIO to add a predefined set of tags to identify owners for respective OCI resources. E.g. if Chris and Larry each create compute instances in a compartment, the instances that Chris creates include tags that contain his name as the value, while the instances that Larry creates have his name. Which option is the simplest way to implement this new tagging requirement?

  A. Create a default tag for each compartment, which ensure that appropriate tags are applied at the time of resource creation.

  B. Create an OCI Identity and Access Management policy requiring users to tag resources with their user name.

  C. Create an OCI Identity and Access Management policy to automatically tag a resource with the user name.

  D. Create tag variables to automatically tag a resource with the user name.

  Correct Answer: D

• Question 18:

  An insurance company is storing critical financial data in the Oracle Cloud Infrastructure block volume.

  This volume is currently encrypted using oracle managed keys. Due to regulatory compliance, the

  customer wants to encrypt the data using the keys that they can control and not the keys which are

  controlled by Oracle.

  What of the following series of tasks are required to encrypt the block volume using customer managed

  keys?

  A. Create a master encryption key, create a data encryption key, decrypt the block volume using existing oracle managed keys, encrypt the block volume using the data encryption key.

  B. Create a vault import your master encryption key into the vault, generate data encryption key, assign data encryption key to the block volume.

  C. Create a master encryption key, create a new version of the encryption key, decrypt the block volume using existing oracle managed keys and encrypt using new version of the encryption key.

  D. Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume.

  Correct Answer: D

• Question 19:

  As an administrator you want to give users of ObjectWriters group full access to bucket Bucket-A and its objects in compartment comp-images. You want users of ObjectWriters to not be able to access or modify properties of any other buckets and its objects in the compartment comp-images. Select the statement(s) below that will best define your IAM policies.

  A. Allow group ObjectWriters to mange buckets in compartment comp- images Allow group ObjectWriters to manage objects in compartment comp-images where target.bucket.name= 'Eucket-A'

  B. Allow group ObjectWriters to manage buckets in compartment comp-images where target.bucket.name=' Bucket-A'

  C. Allow group ObjectWriters to inspect buckets in compartment comp-images Allow group ObjectWriters to read buckets in compartment comp-images where target.bucket.name=' Bucket-A" Allow group ObjectWriters to manage objects in compartment comp-images where target.bucket.name=' Bucket-A'

  D. Allow group ObjectWritexs to read buckets in compartmentcomp-images Allow group ObjectWriters to manage objects in compartment comp- images where target.bucket.name= 'Bucket-A'

  Correct Answer: C

• Question 20:

  You have created compartment called Dev for developers. There are two IAM groups for developers: group-devl and group-dev2. You need to write an Identity and Access Management (IAM) policy to give users in these groups access to manage all resources in the compartment Dev. Which of the following IAM policy will accomplish this?

  A. Allow any-user to manage all resources in compartment Dev where request.group= /group-dev*/

  B. Allow group group-devl group-dev2 to manage all resources in compartment Dev

  C. Allow group /group-dev*/ to manage all resources in compartment Dev

  D. Allow any-user to manage all resources in tenancy where target.comparment= Dev

  Correct Answer: B