Oracle Oracle Certifications 1Z0-997 Questions & Answers

• Question 31:

  Give this compartment structure:

  

  You want to move a compute instance that is in 'Compute' compartment to 'SysTes-Team'. You login to your Oracle Cloud Infrastructure (OCI)account and use the 'Move Resource' option. What will happen when you attempt moving the compute resource?

  A. The move will be successful though Compute Instance and its Public and Private IP address will stay the same. The Compute instance VNIC will need to be moved separately. The Compute instance will still be associated with the original VCN.

  B. The move will fail and you will be prompted to move the VCN first. Once VCN is moved to the target compartment, the Compute instance can be moved.

  C. The move will be successful though Compute Instance Public and Private IP address changed, and it will be associated to the VCN in target compartment.

  D. The move will be successful though Compute Instance and its Public and Private IP address will stay the same. The Compute instance VNIC will still be associated with the original VCN.

  Correct Answer: D

  Moving Resources to a Different Compartment Most resources can be moved after they are created. There are a few resources that you can't move from one compartment to another. Some resources have attached resource dependencies and some don't. Not all attached dependencies behave the same way when the parent resource moves. For some resources, the attached dependencies move with the parent resource to the new The parent resource moves immediately, but in some cases attached dependencies move asynchronously and are not visible in the new compartment until the move is complete. For other resources, the attached resource dependencies do not move to the new compartment. You can move these attached resources independently. You can move Compute resources such as instances, instance pools, and custom images from one compartment to another. When you move a Compute resource to a new compartment, associated resources such as boot volumes and VNICs are not moved. You can move a VCN from one compartment to another. When you move a VCN, its associated VNICs, private IPs, and ephemeral IPs move with it to the new compartment.

• Question 32:

  Your customer has gone through a recent departmental re structure. As part of this change, they are

  organizing their Oracle Cloud Infrastructure (OCI) compartment structure to align with the company's new

  organizational structure.

  They have made the following change:

  Compartment x Is moved, and its parent compartment is now compartment c.

  

  Policy defined in compartment A: Allow group networkadmins to manage subnets in compartment X Policy defined in root compartment: Allow group admins to read subnets in compartment Finance:A:X After the compartment move, which action will provide users of group networkadmins and admins with similar privileges as before the move?

  A. Define a policy in Compartment C as follows: Allow group network admins to manage subnets in compartment X.

  B. No change in any policy statement is required as compartments move automatically moves alt the policy statements associated with compartments as well.

  C. Define a policy in compartment C as follows: Allow group admins to read subnets in compartment HR:C:X

  D. Define a policy in compartment HR as follows: Allow group network admins to manage subnets in compartment X.

  E. Define a policy in compartment C as follows Allow group admins to read subnets in compartment HR:C:X

  Correct Answer: A

  You can move a compartment to a different parent compartment within the same tenancy. When you move a compartment, all its contents (subcom partments and resources) are moved with it. After you move a compartment to a new parent compartment, the access policies of the new parent take effect and the policies of the previous parent no longer apply. Before you move a compartment, ensure that:

  -

  You are aware of the policies that govern access to the compartment in its current position.

  -

  You are aware of the polices in the new parent compartment that will take effect when you move the compartment. 1- Policy that defined in root compartment: Allow group admins to read subnets in compartment Finance:A:X

  you move compartment X from Finance:A to HR:C. The policy that governs compartment X is attached to the shared parent, root compartment. When the compartment X is moved, the policy statement is automatically updated by the IAM service to specify the new compartment location. The policy Allow group admins to read subnets in compartment Finance:A:X

• Question 33:

  You are working as a solutions architect for an online retail store In Frankfurt which uses multiple compute instance VMs spread among three availability domains In the eu-frankfurt-1 region.

  You noticed the website Is having very high traffic, so you enabled autoscaling to sun tee me no f your application but, you observed that one of the availability domains is not receiving any traffic. What could be wrong In this situation?

  A. Autoscaling only works with single availability domains.

  B. You have to manually acid all three availability domains to your load balancer configuration.

  C. Autoscaling can be enabled for multiple availability domains only in uk-london t region.

  D. Autoscaling is using an Instance Pool configured to create instances in two availability Domains.

  E. You forgot to attach a load balancer to your instance pool configuration.

  Correct Answer: D

  Autoscaling lets you automatically adjust the number of Compute instances in an instance pool based on performance metrics such as CPU utilization. This helps you provide consistent performance for your end users during periods of high demand, and helps you reduce your costs during periods of low demand. you can associate a load balancer with an instance pool. If you do this, when you add an instance to the instance pool, the instance is automatically added to the load balancer's backend set . After the instance reaches a healthy state (the instance is listening on the configured port number), incoming traffic is automatically routed to the new instance. Instance pools let you provision and create multiple Compute instances based off the same configuration, within the same region. By default, the instances in a pool are distributed across all fault Domains in a best-effort manner based on capacity. If capacity isn't available in one fault domain, the instances are placed in other fault domains to allow the instance pool to launch successfully. In a high availability scenario, you can require that the instances in a pool are evenly distributed across each of the fault domains that you specify. When sufficient capacity isn't available in one of the fault domains, the instance pool will not launch or scale successfully, and a work request for the instance pool will return an "out of capacity" error. To fix the capacity error, either wait for capacity to become available, or use the UpdateInstancePool operation to update the placement configuration (the availability domain and fault domain) for the instance pool. during create the instance pool you can select the location where you want to place the instances" In the Availability Domain list, select the availability domain to launch the instances in. If you want the instances in the pool to be placed evenly in one or more fault domains, select the Distribute instances evenly across selected fault domains check box. Then, select the fault domains to place the instances in.

• Question 34:

  Your company will soon start moving critical systems Into Oracle Cloud Infrastructure (OCI) platform.

  These systems will reside in the us-phoenix-1and us-ashburn 1 regions. As part of the migration planning,

  you are reviewing the company's existing security policies and written guidelines for the OCI platform

  usage within the company. you have to work with the company managed key.

  Which two options ensure compliance with this policy?

  A. When you create a new compute instance through OCI console, you use the default options for "configure boot volume" to speed up the process to create this compute instance.

  B. When you create a new block volume through OCI console, select Encrypt using Key Management checkbox and use encryption keys generated and stored in OCI Key Management Service.

  C. When you create a new compute instance through OCI console, you use the default shape to speed up the process to create this compute instance.

  D. When you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option.

  E. You do not need to perform any additional actions because the OCI Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption.

  Correct Answer: BD

  Block Volume Encryption By default all volumes and their backups are encrypted using the Oracle-provided encryption keys. Each time a volume is cloned or restored from a backup the volume is assigned a new unique encryption key. You have the option to encrypt all of your volumes and their backups using the keys that you own and manage using the Vault service.If you do not configure a volume to use the Vault service or you later unassign a key from the volume, the Block Volume service uses the Oracle-provided encryption key instead.

  

  This applies to both encryption at-rest and in-transit encryption. Object Storage Encryption Object Storage employs 256-bit Advanced Encryption Standard (AES-256) to encrypt object data on the server. Each object is encrypted with its own data encryption key. Data encryption keys are always encrypted with a master encryption key that is assigned to the bucket. Encryption is enabled by default and cannot be turned off. By default, Oracle manages the master encryption key. However, you can optionally configure a bucket so that it's assigned an Oracle Cloud Infrastructure Vault master encryption key that you control and rotate on your own schedule. Encryption: Buckets are encrypted with keys managed by Oracle by default, but you can optionally encrypt the data in this bucket using your own Vault encryption key. To use Vault for your encryption needs, select Encrypt Using Customer-Managed Keys. Then, select the Vault Compartment and Vault that contain the master encryption key you want to use. Also select the Master Encryption Key Compartment and Master Encryption Key.

  

• Question 35:

  You are responsible for migrating your on premises legacy databases on 11.2.0.4 version to Autonomous Transaction Processing Dedicated (ATP-D) In Oracle Cloud Infrastructure (OCI). As a solution architect, you need to plan your migration approach. Which two options do you need to implement together to migrate your on premises databases to OCI?

  A. Use Oracle Data Guard to keep on premises database always active during migration

  B. Retain changes to Oracle shipped privileges, stored procedures or views In the on-premises databases.

  C. Use Oracle GoldenGate replication to keep on premises database online during migration.

  D. Convert on-premises databases to PDB, upgrade to 19c, and encrypt Migration.

  E. Retain all legacy structures and unsupported features (e.g. taw U>Bs) In the onuses databases for migration.

  Correct Answer: CD

  Autonomous Database is an Oracle Managed and Secure environment. A physical database can't simply be migrated to autonomous because:

  -

  Database must be converted to PDB, upgraded to 19c, and encrypted

  -

  Any changes to Oracle shipped privileges, stored procedures or views must be removed

  -

  All legacy structures and unsupported features must be removed (e.g. legacy LOBs) GoldenGate replication can be used to keep database online during migration

• Question 36:

  You have multiple IAM users who launch different types of compute Instances and block volumes every day. As a result, your Oracle cloud Infrastructure (OCF) tenancy quickly hit the service limit and you can no longer create any new instances. As you are cleaning up environment, you notice that the majority of the Instances and block volumes are untagged. Therefore, It is difficult to pinpoint the owner of these resources verify if they are safe to terminate. Because of this, your company has issued a new mandate, which requires adding compute instances. Which option is the simplest way to implement this new requirement?

  A. Create a policy to automatically tag a resource with the user name.

  B. Create a policy using 1AM requiring users to tag specific resources. This will allow a user to launch compute instances on\y if certain tags were defined.

  C. Create tag variables to automatically tag a resource with the user name.

  D. Create a default tag for each compartment, which ensure that appropriate tags are applied at resource creation

  E. Create tag variables for each compartment to automatically tag a resource with the user name.

  Correct Answer: C

  Tag Variables You can use a variable to set the value of a defined tag. When you add the tag to a resource, the variable resolves to the data it represents. You can use tag variables in defined tags and default tags.

  Supported Tag Variables The following tag variables are supported. ${iam.principal.name} The name of the principal that tagged the resource ${iam.principal.type} The type of principal that tagged the resource. ${oci.datetime} The date and time that the tag was created. Consider the following example: Operations.CostCenter=" ${iam.principal.name} at ${oci.datetime} " Operations is the namespace, CostCenter is the tag key, and the tag value contains two tag variables ${iam.principal.name} and ${oci.datetime} . When you add this tag to a resource, the variable resolves to your user name (the name of the principal that applied the tag) and a time date stamp for when you added the tag. user_name at 2019-06-18T18:00:57.604Z The variable is replaced with data at the time you apply the tag. If you later edit the tag, the variable is gone and only the data remains. You can edit the tag value in all the ways you would edit any other tag value. To create a tag variable, you must use a specific format. ${} Type a dollar sign followed by open and close curly brackets. The tag variable goes between the curly brackets. You can use tag variables with other tag variables and with string values. Tag defaults let you specify tags to be applied automatically to all resources, at the time of creation, in a specific compartment. This feature allows you to ensure that appropriate tags are applied at resource creation without requiring the user who is creating the resource to have access to the tag namespaces. https://docs.cloud.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingtagdefaults.htm

• Question 37:

  A digital marketing company is planning to host a website on Oracle Cloud Infrastructure (OCI) and leverage OCI Container Engine for Kubernetes (OKE). The web server will make API calls to access OCI Object Storage to store all images uploaded by users. For security purposes, your manager instructed you to ensure that the credentials used by the web server to allow access not stored locally on the compute instance. What solution results in an Implementation with the least effort for this scenario?

  A. Configure the credentials using Instance Principal to allow the web server to make API calls to OCl Object Storage

  B. Configure the credentials using OCI Registry (OC1R) which will automatically connect with OKE allowing the web server to make API calls to OCI Object Storage.

  C. Configure the credentials to use Transparent Data Encryption (TDE) which will automatically allow the web server to make API calls to OCl Object Storage.

  D. Configure the credentials using OCI Key Management to allow an instance to make API calls and grant access to OCl Object Storage.

  Correct Answer: C

  INSTANCE PRINCIPALS The IAM service feature that enables instances to be authorized actors (or principals) to perform actions on service resources. Each compute instance has its own identity, and it authenticates using the certificates that are added to it. These certificates are automatically created, assigned to instances and rotated, preventing the need for you to distribute credentials to your hosts and rotate them. Dynamic groups A special type of group that contains resources (such as compute instances) that match rules that you define (thus the membership can change dynamically as matching resources are created or deleted). These instances act as "principal" actors and can make API calls to services according to policies that you write for the dynamic group. The following steps summarize the process flow for setting up and using instances as principals. The subsequent sections provide more details. 1 Create a dynamic group. In the dynamic group definition, you provide the matching rules to specify which instances you want to allow to make API calls against services. 2 Create a policy granting permissions to the dynamic group to access services in your tenancy (or compartment). 3 A developer in your organization configures the application built using the Oracle Cloud Infrastructure SDK to authenticate using the instance principals provider. The developer deploys the application and the SDK to all the instances that belong to the dynamic group. 4 The deployed SDK makes calls to Oracle Cloud Infrastructure APIs as allowed by the policy (without needing to configure API credentials). 5 For each API call made by an instance, the Audit service logs the event, recording the OCID of the instance as the value of principalId in the event log.

• Question 38:

  A company has an urgent requirement to migrate 300 TB of data to Oracle Cloud Infrastructure (OCI) In two weeks. Their data center has been recently struck by a massive hurricane and the building has been badly damaged, although still operational. They have a 100 Mbps Internet line but the connection is Intermittent due to the damages caused to the electrical grid in this scenario, what is the most effective service to use to migrate the data to OCI given the time constraints?

  A. Setup a OCI Storage Gateway to connect your data center and your VCN. Once the connection has been established, upload all data to OCI using OCI Storage Gateway Cloud Sync tool.

  B. Setup a hybrid network by launching aIGbpsFastConnect virtual circuit between your data center and OCI. Use OCI Object storage multipart upload tool to automate the migration of your data to OCI.

  C. Use multiple OCI Data Transfer Appliances to transfer data to OCI.

  D. Upload the data to OCI using OCI Object Storage multipart upload tool.

  E. Storage Gateway to connect your data center and your VCN. Once the connection has been established, upload all data to OCI.

  Correct Answer: C

  Due to the network speed is not good enough and the connection is Intermittent due to the damages caused to the electrical grid Oracle offers offline data transfer solutions that let you migrate data to Oracle Cloud Infrastructure. You have 2 Options of Data Transfer DISK-BASED DATA TRANSFER You send your data as files on encrypted commodity disk to an Oracle transfer site. Operators at the Oracle transfer site upload the files into your designated Object Storage bucket in your tenancy. APPLIANCE-BASED DATA TRANSFER you send your data as files on secure, high-capacity, Oracle-supplied storage appliances to an Oracle transfer site. Operators at the Oracle transfer site upload the data into your designated Object Storage bucket in your tenancy.

• Question 39:

  You work for a German company as the Lead Oracle Cloud Infrastructure architect. You have designed a highly scalable architecture for your company's business critical application which uses the Load Balancer service auto which uses the Load Balancer service, autoscaling configuration for the application servers and a 2 Node VM Oracle RAC database. During the peak utilization period of the- application yon notice that the application is running slow and customers are complaining. This is resulting in support tickets being created for API timeouts and negative sentiment from the customer base. What are two possible reasons for this application slowness?

  A. Autoscaling configuration for the application servers didn't happen due to 1AM policy that's blocking access to the application server compartment

  B. The Load Balancer configuration is not sending traffic to the listener of the application servers.

  C. Autoscaling configuration for the application servers didn't happen due to compartment quota breach of the VM shapes used by the application servers.

  D. Autoscaling configuration for the application servers didn't happen due to service limit breach of the VM shapes used by the application servers E. The Load Balancer doesn't have a Network Security Group to allow traffic to the application servers.

  Correct Answer: CD

  Autoscaling Autoscaling enables you to automatically adjust the number of Compute instances in an instance pool based on performance metrics such as CPU utilization. This helps you provide consistent performance for your end users during periods of high demand, and helps you reduce your costs during periods of low demand. Prerequisites

  -

  You have an instance pool. Optionally, you can attach a load balancer to the instance pool. For steps to create an instance pool and attach a load balancer, see Creating an Instance Pool.

  -

  Monitoring is enabled on the instances in the instance pool. For steps to enable monitoring, see Enabling Monitoring for Compute Instances.

  -

  The instance pool supports the maximum number of instances that you want to scale to. This limit is determined by your tenancy's service limits. About Service Limits and Usage When you sign up for Oracle Cloud Infrastructure, a set of service limits are configured for your tenancy. The service limit is the quota or allowance set on a resource. For example, your tenancy is allowed a maximum number of compute instances per availability domain. These limits are generally established with your Oracle sales representative when you purchase Oracle Cloud Infrastructure. Compartment Quotas Compartment quotas are similar to service limits; the biggest difference is that service limits are set by Oracle, and compartment quotas are set by administrators, using policies that allow them to

• Question 40:

  You have designed and deployed your Autonomous Data Warehouse (ADW) such that it is accessible from your on-premises data center and servers running on both private and public networks in Oracle Cloud Infrastructure (OCI).

  

  As you are testing the connectivity to your ADW database from the different access paths, you notice that the sewer lunninq on the private network is unable to connect to ADW. Which two steps do you need to take to enable connectivity from the server on the private network to ADW?

  A. Add an entry in the Security List of the ADW allowing ingress traffic for C10R block 10.2.2.0/24

  B. Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/; target type of NAT Gateway, add a stateful egress rule to the security list (associated with the private subnet) with destination of 0.0.0.0./0 and for all IP protocols.

  C. Add an entry in the access table list of ASW for CIDR block 10.2.2.0/24.

  D. Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0./0; target type of internet Gateway, add a stateful egress in the security list (associated with the private subnet) with destination of 0.0.0.0/0 and for all IP protocols.

  E. Add an entry in the access control list of ADW for IP address 129.146.160.11

  Correct Answer: BE

  There are 3 connections to ADW 1- Connecting to (ADW) from Public Internet 2- Connecting to ADW (via NAT or Service Gateway) from a server running on a private subnet in OCI (in the same tenancy) 3- Connecting to ADW (via internet Gateway) from a server running on a public subnet in OCI (in the same tenancy