Oracle 1Z0-997-21 Online Practice
Questions and Exam Preparation
1Z0-997-21 Exam Details
Exam Code
:1Z0-997-21
Exam Name
:Oracle Cloud Infrastructure 2021 Architect Professional
Certification
:Oracle Certifications
Vendor
:Oracle
Total Questions
:137 Q&As
Last Updated
:Jul 15, 2026
Oracle 1Z0-997-21 Online Questions &
Answers
Question 1:
You have multiple IAM users who launch different types of compute Instances and block volumes every day. As a result, your Oracle cloud Infrastructure (OCF) tenancy quickly hit the service limit and you can no longer create any new instances. As you are cleaning up environment, you notice that the majority of the Instances and block volumes are untagged. Therefore, It is difficult to pinpoint the owner of these resources verify if they are safe to terminate. Because of this, your company has issued a new mandate, which requires adding compute instances. Which option is the simplest way to implement this new requirement?
A. Create a policy to automatically tag a resource with the user name. B. Create a policy using IAM requiring users to tag specific resources. This will allow a user to launch compute instances on\y if certain tags were defined. C. Create tag variables to automatically tag a resource with the user name. D. Create a default tag for each compartment, which ensure that appropriate tags are applied at resource creation E. Create tag variables for each compartment to automatically tag a resource with the user name.
C. Create tag variables to automatically tag a resource with the user name.
Tag Variables You can use a variable to set the value of a defined tag. When you add the tag to a resource, the variable resolves to the data it represents. You can use tag variables in defined tags and default tags. Supported Tag Variables The following tag variables are supported. ${iam.principal.name} The name of the principal that tagged the resource ${iam.principal.type} The type of principal that tagged the resource. ${oci.datetime} The date and time that the tag was created. Consider the following example: Operations.CostCenter=" ${iam.principal.name} at ${oci.datetime} " Operations is the namespace, CostCenter is the tag key, and the tag value contains two tag variables ${iam.principal.name} and ${oci.datetime} . When you add this tag to a resource, the variable resolves to your user name (the name of the principal that applied the tag) and a time date stamp for when you added the tag. user_name at 2019-06-18T18:00:57.604Z The variable is replaced with data at the time you apply the tag. If you later edit the tag, the variable is gone and only the data remains. You can edit the tag value in all the ways you would edit any other tag value. To create a tag variable, you must use a specific format. ${} Type a dollar sign followed by open and close curly brackets. The tag variable goes between the curly brackets. You can use tag variables with other tag variables and with string values. Tag defaults let you specify tags to be applied automatically to all resources, at the time of creation, in a specific compartment. This feature allows you to ensure that appropriate tags are applied at resource creation without requiring the user who is creating the resource to have access to the tag namespaces. https://docs.cloud.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingtagdefaults.htm
Question 2:
Your company has recently deployed a new web application that uses Oracle functions Your manager Instructed you to Implement major manage your systems more effectively. You know that Oracle functions automatically monitors functions on your behalf reports metrics through Service Metrics. Which two metrics are collected and made available by this feature?
A. length of time a function runs B. number of times a function is removed C. number of times a function is invoked D. amount of CPU used by a function E. number of concurrent connections
A. length of time a function runs C. number of times a function is invoked
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Reference/functionsmetrics.htm you can monitor the health, capacity, and performance of functions you've deployed to Oracle Functions by using metrics
Oracle Functions monitors function execution, and collects and reports metrics such as:
The number of times a function is invoked.
The length of time a function runs for.
The number of times a function failed.
The number of requests to invoke a function that returned a '429 Too Many Requests' error in the response (known as 'throttled function invocations').
Question 3:
You have configured backups for your Oracle Cloud Infrastructure (OCI) 2-node RAC DB systems on virtual machines. In the console, the database backup displays a Failed status. Which of the following options is the most likely reason for this backup issue?
A. The master key stored in OCI Key Management for encryption and decryption of data in the database is not accessible to the backup service. B. The auth token being used by the Object Store Swift endpoint is incorrect. C. The allocated storage on the OCI File Storage service file system attached with the database is full. D. The RMAN backup agent is not compatible with the version of database being used.
B. The auth token being used by the Object Store Swift endpoint is incorrect.
Question 4:
By copying block volume backups to another region at regular intervals, it makes it easier for you to rebuild applications and data in the destination region if a region-wide disaster occurs in the source region. Which IAM Policy statement allows the VolumeAdmins group to copy volume backups between regions '
A. Allow group VolumeAdmins to use volumes in tenancy B. Allow group VolumeAdmins to copy volume' backups in tenancy C. Allow group VolumeAdmins to manage volume-family In tenancy D. Allow group VolumeAdmins to inspect volumes in tenancy
C. Allow group VolumeAdmins to manage volume-family In tenancy
The backups feature of the Oracle Cloud Infrastructure Block Volume service lets you make a point- intime snapshot of the data on a block volume.These backups can then be restored to new volumes either immediately after a backup or at a
later time that you choose. You can copy block volume backups between regions using the Console, command line interface (CLI), SDKs, or REST APIs.
To copy volume backups between regions, you must have permission to read and copy volume backups in the source region, and permission to create volume backups in the destination region. to do all things with block storage volumes,
volume backups, and volume groups in all compartments with the exception of copying volume backups across regions. Allow group VolumeAdmins to manage volume-family in tenancy The aggregate resource type volume-family does not
include the VOLUME_BACKUP_COPY permission, so to enable copying volume backups across regions you need to ensure that you include the third statement in that policy, which is:
Allow group VolumeAdmins to use volume-backups in tenancy where request.permission='VOLUME _BACKUP_COPY'
Question 5:
A data analytics company has been building Its now generation big data and analytics platform on Oracle Cloud Infrastructure (OCI). They need a storage service that provide the scale and performance that their big data applications require
such as high throughput to compute nodes with low latency file operations in addition, their data needs to be stored redundantly across multiple nodes In a single availability domain and allows concurrent connections from multiple compute
Instances hosted on multiple availability domains.
Which OCI storage service can you use to meet i his requirement?
A. Object Storage B. File System Storage C. Archive storage D. Block Volume
B. File System Storage
Oracle Cloud Infrastructure File Storage service provides a durable, scalable, secure, enterprise-grade network file system. You can connect to a File Storage service file system from any bare metal, virtual machine, or container instance in your Virtual Cloud Network (VCN). You can also access a file system from outside the VCN using Oracle Cloud Infrastructure FastConnect and Internet Protocol security (IPSec) virtual private network (VPN). Use the File Storage service when your application or workload includes big data and analytics, media processing, or content management, and you require Portable Operating System Interface (POSIX)- compliant file system access semantics and concurrently accessible storage. The File Storage service is designed to meet the needs of applications and users that need an enterprise file system across a wide range of use cases
Question 6:
You are building a highly available and fault tolerant web application deployment for your company. Similar application delayed by competitors experienced web site attack including DDoS which resulted in web server failing.
You have decided to use Oracle Web Application Firewall (WAF) to implement an architecture which will provide protection against such attacks and ensure additional configuration will you need to implement to make sure WAF is protecting
my web application 24?. Which additional configuration will you need to Implement to make sure WAF Is protecting my web application 24??
A. Configure auto scaling policy and it to WAF instance. B. Configure Control Rules to send traffic to multiple web servers C. Configure multiple origin servers D. Configure new rules based on now vulnerabilities and mitigations
C. Configure multiple origin servers
Origin Management
An origin is an endpoint (typically an IP address) of the application protected by the WAF. An origin can be
an Oracle Cloud Infrastructure load balancer public IP address. A load balancer IP address can be used for
high availability to an origin. Multiple origins can be defined, but only a single origin can be active for a WAF. You can set HTTP headers for outbound traffic from the WAF to the origin server. These name value pairs are then available to the
application.
Oracle Cloud Infrastructure Web Application Firewall (WAF) is a cloud-based, Payment Card Industry (PCI) compliant, global security service that protects applications from malicious and unwanted internet traffic.
WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications. WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting (XSS),
SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter. Access rules can limit based on geography or the signature of the request.
Distributed Denial of Service (DDoS)
A DDoS attack is an often intentional attack that consumes an entity's resources, usually using a large number of distributed sources. DDoS can be categorized into either Layer 7 or Layer 3/4 (L3/4) A layer 7 DDoS attack is a DDoS attack
that sends HTTP/S traffic to consume resources and hamper a website's ability to delivery content or to harm the owner of the site. The Web Application Firewall (WAF)
service can protect layer 7 HTTP-based resources from layer 7 DDoS and other web application attack vectors.
Question 7:
You have been asked to implement a bespoke financial application in Oracle Cloud Infrastructure using virtual machine instances controlled by Autoscaling across multiple Availability Domains. The application stores transaction logs,
intermediate transaction data, and audit data and needs to store this on a persistent, durable data store accessible from all of the application servers. The application requires the file system to be mounted in the /audit folder on the Linux file
system. The system needs to tolerate the failure of two or more Fault Domains and still maintain data integrity. The solution should be as low maintenance as possible.
What storage architecture should you suggest?
A. Use locally attached NVMe instances and configure RAID 0 replication between servers. B. Implement a single instance and install an NFS server, configure and create an NFS share, and mount this as /audit on the application instances. C. Store the data on Oracle Object Storage mounted at the /audit mount point on all the Linux instances using the default mount options. D. Use File Storage Service(FSS). Configure FSS to operate from all Availability Domains the application servers operate in and mount the file system in the /audit folder.
D. Use File Storage Service(FSS). Configure FSS to operate from all Availability Domains the application servers operate in and mount the file system in the /audit folder.
Question 8:
You are advising the database administrator responsible for managing non-production environment for Oracle Autonomous Database running on Oracle Cloud Infrastructure. You need to help the database administrator ensure that the non-
production environments have a copy of the current data from the production environment in a manner that is most time-efficient.
Which method should you recommend? (Choose the best answer.)
A. Take a full database backup of the production Autonomous database and create the non- production database from it. B. Create a metadata clone of the production Autonomous Database and create the non-production database from it. C. Create a full clone of the production Autonomous Database and create the non-production database from it. D. Take a Data Pump export of the production Autonomous database and import into the non- production database.
C. Create a full clone of the production Autonomous Database and create the non-production database from it.
You are working as a solution architect for an online retail store to create a portal to allow the users to pay for their groceries using credit cards. Since the application is not fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), your company is looking to use a third party payment service to process credit card payments. The third party service allows a maximum of Spelunk IP addresses 5 public IP addresses at a time However, your website is using Oracle Cloud Infrastructure (OCI) Instance Pool Auto Scaling policy to create up to create up to 15 Instances during peak traffic demand, which are launched In VCN private in VCN private subnets and attached to an OCI public Load Balancer. Upon user payment, the portal connects to the payment service over the Interne! to complete the transaction What solution can you implement to make sure that all compute Instances can connect to the third party system to process the payments aw peak traffic demand?
A. Route credit card payment request from the compute instances through the NAT Gateway. On the third-party services, whitelist the public IP associated with the NAT Gateway. B. Create an OCI Command Line Interface (CLI) script to automatically reserve public IP address for the compute instances. On the third-party services, whitelist the Reserved public IP. C. Whitelist the Internet Gateway Public IP on the third party service and route all payment requests through the Internet Gateway. D. Route payment request from the compute instances through the OCI Load Balancer, which will then be routed to the third party service.
A. Route credit card payment request from the compute instances through the NAT Gateway. On the third-party services, whitelist the public IP associated with the NAT Gateway.
Question 10:
An organization has its mission critical application consisting of multiple application servers and databases running inside Virtual Cloud Network (VCN) in uk-london-1 region. Their solution architect wants to further strengthen their architecture
by planning for Disaster Recovery (DR) in eu-frankfurt- 1 region.
Which two solutions should their architect keep in mind while designing for DR?
A. A remote VCN peering connection is required to establish secure and reliable connectivity between different VCNs created in uk-london-1 and eu-frankfurt-1 region. B. rsync utility can be used to asynchronously copy file systems or snapshot data to another region. C. Load balancer will automatically distribute traffic between both the regions. D. The RTO is the acceptable timeframe of lost data that application can tolerate. E. It is not possible to use Active Data Guard to synchronize a database in uk-london-1 region to equivalent database in eu-frankfurt-1 region.
A. A remote VCN peering connection is required to establish secure and reliable connectivity between different VCNs created in uk-london-1 and eu-frankfurt-1 region. C. Load balancer will automatically distribute traffic between both the regions.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only Oracle exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your 1Z0-997-21 exam preparations
and Oracle certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.