Oracle Oracle Certifications 1Z0-997-22 Questions & Answers

• Question 61:

  An insurance company is storing critical financial data in the Oracle Cloud Infrastructure block volume. This volume is currently encrypted using oracle managed keys. Due to regulatory compliance, the customer wants to encrypt the data using the keys that they can control and not the keys which are controlled by Oracle.

  What of the following series of tasks are required to encrypt the block volume using customer managed keys?

  A. Create a master encryption key, create a data encryption key, decrypt the block volume using existing oracle managed keys, encrypt the block volume using the data encryption key.

  B. Create a vault import your master encryption key into the vault, generate data encryption key, assign data encryption key to the block volume.

  C. Create a master encryption key, create a new version of the encryption key, decrypt the block volume using existing oracle managed keys and encrypt using new version of the encryption key.

  D. Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume.

  Correct Answer: D

• Question 62:

  An automobile company wants to deploy their CRM application for Oracle Database on Oracle Cloud Infrastructure (OC1) DB Systems for one of major clients. In compliance with the Business Continuity Program of the client, they need to provide a Recovery Point objective (RPO) of 24 hours and a Recovery time objective (RTO) of 24 hours and Recovery Time Objective (RTO) of 1 hour.

  The CRM application should be available oven in me event that an entire on Region is down.

  Which approach Is the most suitable and cost effective configuration for this scenario?

  A. Deploy a 1 node VM Oracle database in one region and replicate the database to a 1 node VM Oracle database in another region using a manual setup and configuration of Oracle Data Guard.

  B. Deploy a 2 node Virtual Machine (VM) Oracle RAC database in one region and replicate the database to a 2 node VM Oracle RAC database in another region using a manual setup and configuration of Oracle Data Guard.

  C. Deploy a 1 node VM Oracle database in one region. Manual Configure a Recovery Manager (RMAN) database backup schedule to take hourly database backups. Asynchronously copy the database backups to object storage in another OCI region, If the primary OCI region is unavailable launch a new 1 new VM Database in the other OCI region restore the production database from the backup.

  D. Deploy an Autonomous Transaction Processing (Serverless) database in one region and replicate it to an Autonomous Transaction Processing (Serverless) database in another region Oracle GoldenGate.

  Correct Answer: A

  You can configure the Autonomous Database instance as a target database for Oracle GoldenGate. But You can't set up Oracle Autonomous Database as a source database for Oracle GoldenGate. Recovery Point objective (RPO) of 24 hours and Recovery Time Objective (RTO) of 1 hour

  -To provision new VM and restore the production database from the backup on object storage, will exceed the RTO 1 hour

  - You can create the standby DB system in a different availability domain from the primary DB system for availability and disaster recovery purposes. With Data Guard and switchover/failover can meet RTO 1 hour.

  -RAC Database is not required in this solution. Standalone will be most suitable and cost effective

• Question 63:

  You are working as a security consultant with a global insurance organization which is using Microsoft Azure Active Directory as an identity provider to manage user login/passwords. When a user logs in to Oracle Cloud Infrastructure (OCI) console, it should get authenticated by Azure AD.

  Which set of steps are required to be configured in OCI to meet this requirement?

  A. Setup Azure AD as an Identity Provider, import users and groups from Azure AD to OCI, set up IAM policies to govern access to Azure AD groups.

  B. Setup Azure AD as an Enterprise Application, configure OCI for single sign-on, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups.

  C. Setup Azure AD as an Enterprise Application, map Azure AD users, groups and policies to OCI groups and users.

  D. Setup Azure AD as an Identity Provider, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups.

  Correct Answer: D

• Question 64:

  A company has an urgent requirement to migrate 300 TB of data to Oracle Cloud Infrastructure (OCI) In two weeks. Their data center has been recently struck by a massive hurricane and the building has been badly damaged, although still operational. They have a 100 Mbps Internet line but the connection is Intermittent due to the damages caused to the electrical grid.

  In this scenario, what is the most effective service to use to migrate the data to OCI given the time constraints?

  A. Setup a OCI Storage Gateway to connect your data center and your VCN. Once the connection has been established, upload all data to OCI using OCI Storage Gateway Cloud Sync tool.

  B. Setup a hybrid network by launching aIGbpsFastConnect virtual circuit between your data center and OCI. Use OCI Object storage multipart upload tool to automate the migration of your data to OCI.

  C. Use multiple OCI Data Transfer Appliances to transfer data to OCI.

  D. Upload the data to OCI using OCI Object Storage multipart upload tool.

  E. Storage Gateway to connect your data center and your VCN. Once the connection has been established, upload all data to OCI.

  Correct Answer: C

  Due to the network speed is not good enough and the connection is Intermittent due to the damages caused to the electrical grid Oracle offers offline data transfer solutions that let you migrate data to Oracle Cloud Infrastructure. You have 2 Options of Data Transfer DISK-BASED DATA TRANSFER You send your data as files on encrypted commodity disk to an Oracle transfer site. Operators at the Oracle transfer site upload the files into your designated Object Storage bucket in your tenancy. APPLIANCE-BASED DATA TRANSFER you send your data as files on secure, high-capacity, Oracle-supplied storage appliances to an Oracle transfer site. Operators at the Oracle transfer site upload the data into your designated Object Storage bucket in your tenancy.

• Question 65:

  Your company will soon start moving critical systems Into Oracle Cloud Infrastructure (OCI) platform. These systems will reside in the us-phoenix-1and us-ashburn 1 regions. As part of the migration planning, you are reviewing the company's existing security policies and written guidelines for the OCI platform usage within the company. you have to work with the company managed key.

  Which two options ensure compliance with this policy?

  A. When you create a new compute instance through OCI console, you use the default options for "configure boot volume" to speed up the process to create this compute instance.

  B. When you create a new block volume through OCI console, select Encrypt using Key Management checkbox and use encryption keys generated and stored in OCI Key Management Service.

  C. When you create a new compute instance through OCI console, you use the default shape to speed up the process to create this compute instance.

  D. When you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option.

  E. You do not need to perform any additional actions because the OCI Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption.

  Correct Answer: BD

  Block Volume Encryption

  By default all volumes and their backups are encrypted using the Oracle-provided encryption keys. Each time a volume is cloned or restored from a backup the volume is assigned a new unique encryption key.

  You have the option to encrypt all of your volumes and their backups using the keys that you own and manage using the Vault service.If you do not configure a volume to use the Vault service or you later

  unassign a key from the volume, the Block Volume service uses the Oracle-provided encryption key instead.

  

  This applies to both encryption at-rest and in-transit encryption. Object Storage Encryption

  Object Storage employs 256-bit Advanced Encryption Standard (AES-256) to encrypt object data on the server. Each object is encrypted with its own data encryption key. Data encryption keys are always encrypted with a master encryption key that is assigned to the bucket. Encryption is enabled by default and cannot be turned off. By default, Oracle manages the master encryption key. However, you can optionally configure a bucket so that it's assigned an Oracle Cloud Infrastructure Vault master encryption key that you control and rotate on your own schedule. Encryption: Buckets are encrypted with keys managed by Oracle by default, but you can optionally encrypt the data in this bucket using your own Vault encryption key. To use Vault for your encryption needs, select Encrypt Using Customer-Managed Keys. Then, select the Vault Compartment and Vault that contain the master encryption key you want to use. Also select the Master Encryption Key Compartment and Master Encryption Key.

  

• Question 66:

  You are responsible for migrating your on-premises legacy databases on 11.2.0.4 version to Autonomous Transaction Processing - Dedicated (ATP-D) in Oracle Cloud Infrastructure (OCI). As a solution architect, you need to plan your migration approach.

  Which three options do you need to implement together to migrate your on-premises databases to OCI?

  A. Retain all legacy structures and unsupported features (e.g. legacy LOBs) in the on- premises databases for migration.

  B. Use Oracle Data Guard to keep on-premises database always active during migration.

  C. Launch Autonomous Transaction Processing - Dedicated database in OCI.

  D. Retain changes to Oracle shipped privileges, stored procedures or views in the on- premises databases.

  E. Convert on-premises databases to PDB, upgrade to 19c, and encrypt.

  F. Use Oracle GoldenGate replication to keep on-premises database online during migration.

  Correct Answer: CEF

• Question 67:

  A customer is in a process of shifting their web based Sales application from their own data center located in US West to OCI India West (Mumbai) region. They want to do it in a controlled manner and initially only 1% of the traffic will be steered to the servers in OCI. After verification of everything is working as expected, the company is gradually planning to increase the ratio until they are comfortable with fully migrating all traffic to OCI.

  Which of the following solution can be used in this situation?

  A. OCI DNS and Traffic Management with Geolocation Steering policy

  B. OCI DNS and Traffic Management with Failover Steering policy

  C. OCI DNS and Traffic Management with Load Balancer Steering policy

  D. OCI DNS and OCI Load Balancer Service

  Correct Answer: A

  STEERING POLICIES is A framework to define the traffic management behavior for your zones. Steering policies contain rules that help to intelligently serve DNS answers.

  FAILOVER

  Failover policies allow you to prioritize the order in which you want answers served in a policy (for example, Primary and Secondary). Oracle Cloud Infrastructure Health Checks are leveraged to determine the health of answers in the policy. If

  the Primary Answer is determined to be unhealthy, DNS traffic will automatically be steered to the Secondary Answer.

  LOAD_BALANCE

  Load Balancer policies allow distribution of traffic across multiple endpoints. Endpoints can be assigned equal weights to distribute traffic evenly across the endpoints or custom weights may be assigned for ratio load balancing. Oracle Cloud

  Infrastructure Health Checks are leveraged to determine the health of the endpoint. DNS traffic will be automatically distributed to the other endpoints, if an endpoint is determined to be unhealthy.

  ROUTE_BY_GEO

  Geolocation-based steering policies distribute DNS traffic to different endpoints based on the location of the end user. Customers can define geographic regions composed of originating continent, countries or states/provinces (North America)

  and define a separate endpoint or set of endpoints for each region.

  ROUTE_BY_ASN

  ASN-based steering policies enable you to steer DNS traffic based on Autonomous System Numbers (ASN).

  DNS queries originating from a specific ASN or set of ASNs can be steered to a specified endpoint.

  ROUTE_BY_IP

  IP Prefix-based steering policies enable customers to steer DNS traffic based on the IP Prefix of the originating query.

• Question 68:

  An eCommerce company is running on Oracle Cloud Infrastructure (OCI) and many compute instances remain unused for the most part of the year except during Black Friday and Christmas. You suggest them to use OCI's

  Autoscaling feature and present them a slide to showcase the features of Autoscaling.

  Which option below is inaccurate in your presentation to the customer?

  A. A cooldown period between Autoscaling events lets the system stabilize at the updated level.

  B. When an instance pool scales in, instances are terminated in this order: the number of instances is balanced across Availability Domains, and then balanced across Fault Domains. Finally, within a Fault Domain, the newest instance is terminated first.

  C. Autoscaling relies on performance metrics such as CPU utilization that are collected by OCI Monitoring service to trigger an Autoscaling event.

  D. Autoscaling requires an instance pool as a pre-requisite so that it can automatically adjust the number of compute instances in an instance pool.

  Correct Answer: B

• Question 69:

  You are trying to delete a compartment. The delete operation is falling and you need to troubleshoot the problem.

  Which step should NOT be considered when troubleshooting this issue?

  A. Verify that there are no policies In the root compartment that reference the compartment you are trying to delete.

  B. Verify that you have removed all resources from the compartment.

  C. Make sure you have at least one more compartment in your tenancy other than the root compartment.

  D. Search for resources in the compartment for each region that your tenancy is subscribed to.

  Correct Answer: C

• Question 70:

  As an administrator you want to give users of ObjectWriters group full access to bucket Bucket-A and its objects in compartment comp-images. You want users of ObjectWriters to not be able to access or modify properties of any other buckets and its objects in the compartment comp-images.

  Select the statement(s) below that will best define your IAM policies.

  A. Allow group ObjectWriters to mange buckets in compartment comp- images Allow group ObjectWriters to manage objects in compartment comp-images where target.bucket.name= 'Eucket-A'

  B. Allow group ObjectWriters to manage buckets in compartment comp-images where target.bucket.name=' Bucket-A'

  C. Allow group ObjectWriters to inspect buckets in compartment comp-images Allow group ObjectWriters to read buckets in compartment comp-images where target.bucket.name=' Bucket-A" Allow group ObjectWriters to manage objects in compartment comp-images where target.bucket.name=' Bucket-A'

  D. Allow group ObjectWritexs to read buckets in compartmentcomp-images Allow group ObjectWriters to manage objects in compartment comp- images where target.bucket.name= 'Bucket-A'

  Correct Answer: C