Oracle 1Z0-997-21 Online Practice Questions and Exam Preparation

Oracle 1Z0-997-21 Online Questions & Answers

• Question 41:

  To serve web traffic for a popular product, your cloud engineer has provisioned four BM.Standard2.52 instances, event spread across two availability domains in the us-asburn-1 region:

  LoadBalancer is used to deliver the traffic across instances. After several months, the product grows even more popular and you need additional compute capacity. As a result, an engineer provisioned two additional VM.Standard2.8

  instances. You register the two VM. Standard2. 8 Instances with your load Balancer Backend sot and quickly find that the VM Standard2.8 Instances running at 100% of CPU utilization but the BM.Standard2 .52 instances have significant CPU

  capacity that's unused. Which option is the most cost effective and uses instances capacity most effectively?

  A. Configure your Load Balance, with weighted round robin policy to distribute traffic to the compute instances, with more weight assigned to bare metal instances.
  B. Configure Autoscaling instance pool with LoadBalancer to add up to 3 more BM.Standard2.52 Instances when triggered. Shut off VM.Standard2.8 instances.
  C. Route traffic to BM.Standard2.52 and VM Standard2.8 instances directly using DNS and Health Checks. Shut off the load Balances.
  D. Configure LoadBalancer with two VM Standard2.8 instances and use Autoscalling Instant pool to add up to two additional VM instances. Shut off BM.Standard2.52 instances.
  A. Configure your Load Balance, with weighted round robin policy to distribute traffic to the compute instances, with more weight assigned to bare metal instances.

  ---

  Customer have 4 BM.Standard2.52 and After several months he need additional compute capacity customer find The VM Standard2.8 Instances running at 100% of CPU utilization but the BM.Standard2 .52 instances have significant CPU capacity that unused. so the customer need to check the Load balance policy to make sure the 4 BM and VM is utilize correctly

• Question 42:

  You are working for a Travel company and your travel portal application is a collection of microservices that run on Oracle Cloud Infrastructure Container Engine for Kubernetes. As per the recent security overview, you have noticed that

  Oracle has published a newer image of the Operating System used by the worker nodes. You want to make sure that your application doesn't face any downtime but at the same time the worker nodes gets upgraded to the latest version of the

  Operating System.

  What should you do to get this upgrade done without application downtime? (Choose the best answer.)

  A. 1. Shutdown the worker nodes 2. Create a new node pool 3. Manually schedule the pods on the newly built node pool
  B. 1. Create a new node pool using the latest available Operating System image. 2. Run kubectl cordon against all the worker nodes in the old pool to stop any new application pods to get scheduled 3. Run kubectl drain """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 4. Delete the old node pool
  C. 1. Create a new node pool using the latest available Operating System image 2. Run kubectl taint nodes """"all node""role.kubernetes.io/master"" 3. Delete the old node pool
  D. 1. Run kubectl cordon against all the worker nodes in the old pool to stop any new application pods to get scheduled 2. Run kubectl drain """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 3. Download the patches for the new Operating System image 4. Patch the worker nodes to the latest Operating System image
  B. 1. Create a new node pool using the latest available Operating System image. 2. Run kubectl cordon against all the worker nodes in the old pool to stop any new application pods to get scheduled 3. Run kubectl drain """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 4. Delete the old node pool

  ---

  https://docs.cloud.oracle.com/enus/iaas/Content/ContEng/Tasks/contengupgradingk8sworkernode.htm

• Question 43:

  A civil engineering company is running an online portal In which engineers can upload there constructions photos, videos, and other digital files. There is a new requirement for you to implement: the online portal must offload the digital content

  to an Object Storage bucket for a period of 72 hours. After the provided time limit has elapsed, the portal will hold all the digital content locally and wait for the next offload period.

  Which option fulfills this requirement?

  A. Create a pre-authenticated URL for the entire Object Storage bucket to read and list the content with an expiration of 72 hours.
  B. Create a pre authenticated URL lot each object that Is uploaded to the Object Storage bucket with an expiration of 72 hours.
  C. Create a Dynamic Group with matching rule for the portal compute Instance and grant access to the Object Storage bucket for 72 hours.
  D. Create a pre authenticated URL for the entire Object Storage bucket to write content with an expiration of 72 hours.
  D. Create a pre authenticated URL for the entire Object Storage bucket to write content with an expiration of 72 hours.

  ---

  Pre-authenticated requests provide a way to let users access a bucket or an object without having their own credentials, as long as the request creator has permission to access those objects. For example, you can create a request that lets

  operations support user upload backups to a bucket without owning API keys. Or, you can create a request that lets a business partner update shared data in a bucket without owning API keys.

  When creating a pre-authenticated request, you have the following options:

  You can specify the name of a bucket that a pre-authenticated request user has write access to and can upload one or more objects to.

  You can specify the name of an object that a pre-authenticated request user can read from, write to, or read from and write to.

  Scope and Constraints

  Understand the following scope and constraints regarding pre-authenticated requests:

  Users can't list bucket contents.

  You can create an unlimited number of pre-authenticated requests. There is no time limit to the expiration date that you can set. You can't edit a pre-authenticated request. If you want to change user access options in response to changing

  requirements, you must create a new pre-authenticated request. The target and actions for a pre-authenticated request are based on the creator's permissions. The request is not, however, bound to the creator's account login credentials. If

  the creator's login credentials change, a pre-authenticated request is not affected. You cannot delete a bucket that has a pre-authenticated request associated with that bucket or with an object in that bucket.

• Question 44:

  Which of the below options for private access to services within Oracle Cloud Infrastructure (OCI) is NOT valid?

  A. You cannot use the private endpoint for hosts in the on-premises network.
  B. Traffic from an OCI compute instance going through a Service Gateway to Object Storage is routed without being sent over the internet.
  C. You can enable private access to certain services within OCI from your Virtual Cloud Network by using either a private endpoint or a service gateway.
  D. The private endpoint gives hosts within your Virtual Cloud Network access to a given service within Oracle Cloud Infrastructure.
  A. You cannot use the private endpoint for hosts in the on-premises network.

• Question 45:

  A FinTech startup is developing a new blockchain based application to provide Smart Contracts using micro-services architecture. The development team is planning to deploy the application using containers and looking for a reliable way to build, deploy and manage their cloud-native application. Additionally, they need an easy way to store, share and manage their application artifacts. Which option should you recommend for this application?

  A. Install and manage a Kubernetes cluster on OCI Compute Instances and use OCI Resource Manager for management of application artifacts
  B. Use and OCI Resource Manager to manage cloud-native application and make the application artifacts available using OCI Functions
  C. Use Oracle Container Engine for Kubernetes (OKE) to manage of cloud-native applications and OCI Registry for application artifacts
  D. Use Oracle Container Engine for Kubernetes (OKE) to manage the deployment environment and OCI Functions for application artifacts
  C. Use Oracle Container Engine for Kubernetes (OKE) to manage of cloud-native applications and OCI Registry for application artifacts

  ---

  Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully-managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. Use Container Engine for Kubernetes (sometimes abbreviated to just OKE) when your development team wants to reliably build, deploy, and manage cloud-native applications. You specify the compute resources that your applications require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing OCI tenancy. Oracle Cloud Infrastructure Registry is an Oracle-managed registry that enables you to simplify your development to production workflow. Oracle Cloud Infrastructure Registry makes it easy for you as a developer to store, share, and manage development artifacts like Docker images. And the highly available and scalable architecture of Oracle Cloud Infrastructure ensures you can reliably deploy your applications. So you don't have to worry about operational issues, or scaling the underlying infrastructure.

• Question 46:

  Your security team has informed you that there are a number of malicious requests for your web application coming from a set of IP addresses originating from a country in Europe. Which of the following methods can be used to mitigate these type of unauthorized requests?

  A. Web Application Firewall policy using access control rules
  B. Deny rules in Virtual Cloud Network Security Group for the specific set of IP addresses.
  C. Delete Internet Gateway from Virtual Cloud Network.
  D. Deny rules in Virtual Cloud Network Security Lists for the specific set of IP addresses.
  A. Web Application Firewall policy using access control rules

• Question 47:

  A manufacturing company is planning to migrate their on-premises database to OCI and has hired you for the migration. Customer has provided following information regarding their existing onpremises database:

  Database version, host operating system and version, database character set, storage for data staging, acceptable length of system outage.

  What additional information do you need from customer in order to recommend a suitable migration method? Choose two

  A. Elapsed time since database was last patched
  B. On-premises host operating system and version
  C. Number of active connections
  D. Data types used in the on-premises database
  E. Top 5 longest running queries
  B. On-premises host operating system and version
  D. Data types used in the on-premises database

  ---

  Not all migration methods apply to all migration scenarios. Many of the migration methods apply only if specific characteristics of the source and destination databases match or are compatible. Moreover, additional factors can affect which method you choose for your migration from among the methods that are technically applicable to your migration scenario. Some of the characteristics and factors to consider when choosing a migration method are: On-premises database version Database service database version On-premises host operating system and version On-premises database character set Quantity of data, including indexes Data types used in the on-premises database Storage for data staging Acceptable length of system outage Network bandwidth

• Question 48:

  An organization has its IT infrastructure in a hybrid setup with an on-premises environment and an Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) in the us-phonix-1 region. The on- premise applications communications with

  compute instances inside the VPN over a hardware VPN connection. They are looking to implement an Intrusion detected and Prevention (IDS/IPS) system for their OCI environment. This platform should have the ability to scale to thousands

  of compute of instances running inside the VCN.

  How should they architect their solution on OCI to achieve this goal?

  A. Set up an OCI Private Load Balance! and configure IDS/IPS related health checks at TCP and/or HTTP level to inspect traffic
  B. Configure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS platform to inspection
  C. There Is no need to implement an IPS/IDS system as traffic coming over IPSec VPN tunnels Is already encrypt
  D. Configure autoscaling on a compute Instance pool and set vNIC to promiscuous mode to called traffic across the vcn and send it IDS/IPS platform for inspection.
  B. Configure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS platform to inspection

  ---

  in Transit routing through a private IP in the VCN you set up an instance in the VCN to act as a firewall or intrusion detection system to filter or inspect the traffic between the on-premises network and Oracle Services Network.

  The Networking service lets you implement network security functions such as intrusion detection, application-level firewalls In fact, the IDS model can be host-based IDS (HIDS) or network-based IDS (NIDS). HIDS is installed at a host to

  periodically monitor specific system logs for patterns of intrusions. In contrast, an NIDS sniffs the traffic to analyze suspicious behaviors. A signature-based NIDS (SNIDS) examines the traffic for patterns

  of known intrusions. SNIDS can quickly and reliably diagnose the attacking techniques and security holes without generating an over-whelming number of false alarms because SNIDS relies on known signatures.

  However, anomaly-based NIDS (ANIDS) detects unusual behaviors based on statistical methods.

  ANIDS

  could detect symptoms of attacks without specific knowledge of details. However, if the training data of the

  normal traffic are inadequate, ANIDS may generate a large number of false alarms.

• Question 49:

  You have an Oracle database system in a virtual cloud network (VCN) that needs to be accessible on port 1521 from your on-premises network CIDR 172.17.0.0/24.

  You have the following configuration currently.

  Virtual cloud network (VCD) is associated with a Dynamic Routing Gateway (DRG), and DRG has an active IPSec connection with your on-premises data center.

  Oracle database system is hosted in a private subnet

  The private subnet route table has the following configuration The private subnet route table has following configuration.

  

  However, you are still unable to connect to the Oracle Database system. Which action will resolve this issue?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  C. Option C

• Question 50:

  You have deployed a multi-tier application with multiple compute instances in Oracle Cloud Infrastructure. You want to back up these volumes and have decided to use Volume Group's feature. The Block volume and Compute instances exist

  in different compartments within your tenancy. Periodically. a few child compartments are moved under different parent compartments, and you notice that sometimes volume group backup fails.

  What could be the cause?

  A. You are exceeding your volume group backup quota configured.
  B. You have the same block volume attached to multiple compute instances; if these compute instances are in different compartments then all concerned compartments must be moved at the same time.
  C. Compute instance with multiple block volumes attached cannot move when a compartment is moved.
  D. The Identity and Access Management policy allowing backup failed to move when the compartment was moved.
  D. The Identity and Access Management policy allowing backup failed to move when the compartment was moved.

  ---

  You can move a compartment to a different parent compartment within the same tenancy. When you move a compartment, all its contents (subcompartments and resources) are moved with it. Moving a compartment has implications for the

  contents. After you move a compartment to a new parent compartment, the access policies of the new parent take effect and the policies of the previous parent no longer apply. Before you move a compartment, ensure that:

  You are aware of the policies that govern access to the compartment in its current position. You are aware of the polices in the new parent compartment that will take effect when you move the compartment.

  In some cases, when moving nested compartments with policies that specify the hierarchy, the polices are automatically updated to ensure consistency.