Oracle 1Z0-997-21 Online Practice Questions and Exam Preparation

Oracle 1Z0-997-21 Online Questions & Answers

• Question 121:

  Your customer has gone through a recent reorganization. As part of this change, they are organizing their Oracle Cloud Infrastructure (OCI) compartment structure to align with the company's new organizational structure. (Refer to the exhibit)

  

  They have made the following change:

  Compartment A is moved, and its new parent compartment is compartment Dev. Policy defined in compartment A: Allow group G1 to manage instance-family in compartment A Policy defined in root compartment: Allow group admins to

  manage instance-family in compartment Ops: Test: A

  After the compartment move, which action will provide users of group G1 and admins with similar privileges as before the move?

  A. Define the following policy in compartment Dev: Allow group G1 to manage instance-family in compartment A
  B. Define the following policies in compartment Dev: Allow group G1 to manage instance-family in compartment A Allow group admins to manage instance-family in compartment Ops: Dev: A
  C. Define the following policy in compartment: Dev: Allow group admins to manage instance-family in compartment Ops: Dev: A
  D. Mo change in any policy statement is required as all the policies associated with a compartment being moved is automatically updated
  A. Define the following policy in compartment Dev: Allow group G1 to manage instance-family in compartment A

• Question 122:

  A retail company runs their online shopping platform entirely on Oracle cloud Infrastructure (OCI). This is a 3-tier web application that Includes a Mbps Load Balancer. Virtual Machine Instances for web and an Oracle DB Systems Virtual

  Machine Due to unprecedented growth, they noticed an Increase in the Incoming traffic to their website and all users start getting 503 (Service Unavailable) errors.

  What is the potential problem in this scenario?

  A. The Load Balancer health check status Indicates critical situation for half of the backend webservers
  B. All the web servers are too busy and not able to answer any request from users.
  C. The Database Is down hence users can not access the web site
  D. The Traffic Management Policy is not set to load Balancer the traffic to the web servers.
  E. You did not configure a Service Gateway to allow connection between web servers and load Balance
  B. All the web servers are too busy and not able to answer any request from users.

  ---

  A 503 Service Unavailable Error is an HTTP response status code indicating that a server is temporarily unable to handle the request. This may be due to the server being overloaded or down for maintenance.

• Question 123:

  A large financial company has a web application hosted in their on-premises data center. They are migrating their application to Oracle Cloud Infrastructure (OCI) and require no downtime while the migration is on-going. In order to achieve this, they have decided to divert only 30% of the application works fine, they divert all traffic to OCI. As a solution architect working with this customer, which suggestion should you provide them?

  A. Use OCI Traffic management with failover steering policy and distribute the traffic between OC1 and on premises infrastructure.
  B. Use OCI Traffic management with Load Balancing steering policy and distribute the traffic between OCI and on premises infrastructure.
  C. Use an OCI load Balancer and distribute the traffic between OCI and on premises infrastructure.
  D. Use VPN connectivity between on premises Infrastructure and OCI, and create routing tables to distribute the traffic between them.
  B. Use OCI Traffic management with Load Balancing steering policy and distribute the traffic between OCI and on premises infrastructure.

  ---

  Traffic Management Steering Policies can account for health of answers to provide failover capabilities, provide the ability to load balance traffic across multiple resources, and account for the location where the query was initiated to provide a simple, flexible and powerful mechanism to efficiently steer DNS traffic.

• Question 124:

  You are tasked with migrating an online shopping website to Oracle Cloud Infrastructure (OCI) and decide to use a Load Balancer. You have configured the backend set with the round robin policy. During the testing phase, you noticed that

  users are losing items from their shopping carts when they navigate to different pages.

  How should you implement a solution to this problem?

  A. Set up a Traffic Management Steering Policy to redirect traffic to a different backend set that is deployed exclusively for the purpose of holding all Items placed in the shopping cart.
  B. Configure a set of path route rules that will route to different backend sets based on the URI requested by the customer's browser.
  C. Replace the round robin policy with least connections policy at the backend set.
  D. Set up session persistence at the Load Balancer backend set.
  C. Replace the round robin policy with least connections policy at the backend set.

• Question 125:

  You are working as a security consultant with a global insurance organization which is using Microsoft Azure Active Directory (AD) as identity provided to manager user login/passwords. When a user logs in to Oracle Cloud infrastructure (OCI) console, it should get authenticated by Azure AD. Which set of steps are required to configure at OCI side in order to get it enabled?

  A. Setup Azure AD as an Enterprise Application, map Azure AD users and groups and policies to OCI groups and users
  B. Setup Azure AD as an Identity Provider, Import users and groups from Azure AD to OCI, set up IAM policies to govern access to Azure AD groups
  C. Setup Azure AD as an Enterprise Application, configure OCI for single sign-on, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups
  D. Setup Azure AD as an Identity Provider, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups
  D. Setup Azure AD as an Identity Provider, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups

  ---

  Federating with Microsoft Azure Active Directory

  To federate with Azure AD, you set up Oracle Cloud Infrastructure as a basic SAML single sign-on application in Azure AD. To set up this application, you perform some steps in the Oracle Cloud Infrastructure Console and some steps in

  Azure AD.

  Following is the general process an administrator goes through to set up the federation. Details for each step are given in the next section.

  In Oracle Cloud Infrastructure, download the federation metadata document. In Azure AD, set up Oracle Cloud Infrastructure Console as an enterprise application. In Azure AD, configure the Oracle Cloud Infrastructure enterprise application

  for single sign-on.

  In Azure AD, set up the user attributes and claims.

  In Azure AD, download the Azure AD SAML metadata document.

  In Azure AD, assign user groups to the application.

  In Oracle Cloud Infrastructure, set up Azure AD as an identity provider. In Oracle Cloud Infrastructure, map your Azure AD groups to Oracle Cloud Infrastructure groups. In Oracle Cloud Infrastructure, set up the IAM policies to govern access

  for your Azure AD groups. Share the Oracle Cloud Infrastructure sign-in URL with your user

• Question 126:

  Your organization is planning on using Oracle Cloud Infrastructure (OCI) File Storage Service (FSS). You will be deploying multiple compute instance in Oracle Cloud Infrastructure (OCI) and mounting the file system to these compute

  instances. The file system will hold payment data processed by a Database instance and utilized by compute instances to create a overall inventory report. You need to restrict access to this data for specific compute instances and must be

  allowed/blocked per compute instance's CIDR block.

  Which option can you use to secure access?

  A. Use stateless Security List rule to restrict access from known IP addresses only.
  B. Create a new VCN security list, choose SOURCE TYPE as Service and SOURCE SERVICE as FSS. Add stateless ingress and egress rules for specific P address and CIDR blocks.
  C. Use 'Export option' feature of FSS to restrict access to the mounted file systems.
  D. Create and configure OCI Web Application Firewall service with built in DNS based intelligent routing.
  C. Use 'Export option' feature of FSS to restrict access to the mounted file systems.

  ---

  NFS export options enable you to create more granular access control than is possible using just security list rules to limit VCN access. You can use NFS export options to specify access levels for IP addresses or CIDR blocks connecting to file systems through exports in a mount target. Access can be restricted so that each client's file system is inaccessible and invisible to the other, providing better security controls in multi-tenant environments. Using NFS export option access controls, you can limit clients' ability to connect to the file system and view or write data. For example, if you want to allow clients to consume but not update resources in your file system, you can set access to Read Only. You can also reduce client root access to your file systems and map specified User IDs (UIDs) and Group IDs (GIDs) to an anonymous UID/GID of your choice. For more information about how NFS export options work with other security layers

• Question 127:

  You are working with a social media company as a solution architect. The media company wants to collect and analyze large amounts of data being generated from their websites and social media feeds to gain insights and continuously

  improve the user experience. In order to meet this requirement, you have developed a microservices application hosted on Oracle Container Engine for Kubernetes. The application will process the data and store the result to an Autonomous

  Data Warehouse (ADW) instance.

  Which Oracle Cloud Infrastructure (OCI) service can you use to collect and process a large volume of unstructured data in real time?

  A. OCI Events
  B. OCI Streaming
  C. OCI Resource Manager
  D. OCI Notifications
  B. OCI Streaming

• Question 128:

  Your organization is planning on using Oracle Cloud Infrastructure (OCI) File Storage Service (FSS). You will be deploying multiple compute instance in Oracle Cloud Infrastructure(OCI) and mounting the file system to these compute

  instances.

  The file system will hold payment data processed by a Database instance and utilized by compute instances to create a overall inventory report. You need to restrict access to this data for specific compute instances and must be allowed/

  blocked per compute instance's CIDR block.

  Which option can you use to secure access?

  A. Create a new VCN security list, choose SOURCE TYPE as Service and SOURCE SERVICE as FSS. Add stateless ingress and egress rules for specific IP address and CIDR blocks.
  B. Use 'Export option' feature of FSS to restrict access to the mounted file systems.
  C. Create and configure OCI Web Application Firewall service with built in DNS based intelligent routing.
  D. Use stateless Security List rule to restrict access from known IP addresses only.
  B. Use 'Export option' feature of FSS to restrict access to the mounted file systems.

• Question 129:

  You are part of a project team working in the development environment created in OCI. You have realized that the CIDR block specified for one of the subnet in a VCN is not correct and want to delete the subnet. While deleting you are getting an error indicating that there are still resources that you must delete first. The error includes the OCID of the VNIC that is in the subnet. Which of the following action you will take to troubleshoot this issue?

  A. Use OCI CLI to call "GetVnic" operation to find out the parent resource of the VNIC
  B. Copy and Paste OCID of the VNIC in the search box of the OCI Console to find out the parent resource of the VNIC
  C. Use OCI CLI to delete the VNIC first and then delete the subnet
  D. Use OCI CLI to delete the subnet using --force option
  A. Use OCI CLI to call "GetVnic" operation to find out the parent resource of the VNIC

  ---

  VCN, it must first be empty and have no related resources or attached gateways To delete a VCN's subnets, they must first be empty.

  Note: When you create one of the preceding resources, you specify a VCN and subnet for it. The relevant service creates at least one VNIC in the subnet and attaches the VNIC to the resource. The service manages the VNICs on your

  behalf, so they are not readily apparent to you in the Console. The VNIC enables the resource to communicate with other resources over the network. Although this documentation commonly talks about the resource itself being in the subnet,

  it's actually the resource's attached VNIC.

  If the subnet is not empty, you instead get an error indicating that there are still resources that you must delete first. The error includes the OCID of a VNIC that is in the subnet (there could be more, but the error returns only a single VNIC's

  OCID).

  You can use the Oracle Cloud Infrastructure command line interface (CLI) or another SDK or client to call the GetVnic operation with the VNIC OCID. The response includes the VNIC's display name. Depending on the type of parent resource,

  the display name can indicate which parent resource the VNIC belongs to. You can then delete that parent resource, or you can contact your administrator to determine who owns the resource. When the VNIC's parent resource is deleted, the

  attached VNIC is also deleted from the subnet. If there are remaining VNICs in the subnet, repeat the process of determining and deleting each parent

  resource until the subnet is empty. Then you can delete the subnet. For example, if you're using the CLI, use this command to get information about the VNIC.

  oci network vnic get --vnic-id

• Question 130:

  You work for a retail company and they developed a Microservices based shopping application that needs to access Oracle Autonomous Database from the application. As an Architect, you have been tasked to treat all of the application

  components as Kubernetes native objects, such as the microservices, Oracle

  Autonomous database, Kubernetes services, etc.

  What should you do to make sure that you can use Kubernetes constructs to manage the life cycle of the application components, including Oracle Autonomous Database? (Choose the best answer.)

  A. Create an Oracle Cloud Infrastructure (OCI) Service Gateway and connect to the Oracle Autonomous Database using the private IP address from the microservice.
  B. Provision an Oracle Autonomous Database and then use OCI Service Broker to access the database as a native component to your Kubernetes cluster.
  C. Create a service from the Kubernetes cluster and point to the Oracle Autonomous Database using its FQDN.
  D. Install and secure the OCI Service Broker for Kubernetes. Then provision and bind to the required Oracle Cloud Infrastructure services.
  D. Install and secure the OCI Service Broker for Kubernetes. Then provision and bind to the required Oracle Cloud Infrastructure services.

  ---

  OCI Service Broker for Kubernetes is an implementation of the Open Service Broker API. OCI Service Broker for Kubernetes is specifically for interacting with Oracle Cloud Infrastructure services from Kubernetes clusters. It includes three service broker adapters to bind to the following Oracle Cloud Infrastructure services: Object Storage Autonomous Transaction Processing Autonomous Data Warehouse