Oracle 1Z0-997-21 Online Practice Questions and Exam Preparation

Oracle 1Z0-997-21 Online Questions & Answers

• Question 81:

  You are the Solution Architect that designed this Oracle Cloud Infrastructure (OCI) compartment layout for your organization:

  

  The development team has deployed quite a few instances under 'Compute' Compartment and the operations team needs to list the Instances under the same compartment for their testing. Both teams, development and operations are part of a group called 'Eng-group' You have been looking for an option to allow the operations team to list the instances without access any confidential information or metadata of resources. Which IAM policy should you write based on these requirements?

  A. Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to `Engineering' Compartment
  B. Allow group Eng-group to inspect instance-family in compartment Dev-Team: Compute and attach the policy to 'SysTest Team' Compartment
  C. Allow group Eng-group to read instance-family in compartment Compute and attach the policy to 'Engineering' Compartment.
  D. Allow group Eng-group to read instance-family in compartment Dev-Team-.Compute and attach the policy to'Dev-Team'
  A. Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to `Engineering' Compartment

  ---

  Policy Attachment When you create a policy you must attach it to a compartment (or the tenancy, which is the root compartment). Where you attach it controls who can then modify it or delete it. If you attach it to the tenancy (in other words, if the policy is in the root compartment), then anyone with access to manage policies in the tenancy can then change or delete it. Typically that's the Administrators group or any similar group you create and give broad access to. Anyone with access only to a child compartment cannot modify or delete that policy. When you attach a policy to a compartment, you must be in that compartment and you must indicate directly in the statement which compartment it applies to. If you are not in the compartment, you'll get an error if you try to attach the policy to a different compartment. Notice that attachment occurs during policy creation, which means a policy can be attached to only one compartment. Policies and Compartment Hierarchies a policy statement must specify the compartment for which access is being granted (or the tenancy). Where you create the policy determines who can update the policy. If you attach the policy to the compartment or its parent, you can simply specify the compartment name. If you attach the policy further up the hierarchy, you must specify the path. The format of the path is each compartment name (or OCID) in the path, separated by a colon: :: . . . to allow action to compartment Compute so you need to set the compartment PATH as per where you attach the policy as below examples if you attach it to Root compartment you need to specify the PATH as following Engineering:Dev-Team:Compute if you attach it to Engineering compartment you need to specify the PATH as following Dev-Team:Compute if you attach it to Dev-Team or Compute compartment you need to specify the PATH as following Compute Note : in the Policy inspect verb that give the Ability to list resources, without access to any confidential information or user-specified metadata that may be part of that resource.

• Question 82:

  You are part of a project team working in the development environment created in Oracle Cloud Infrastructure (OCI). You realize that the CIDR block specified for one of the subnets in a Virtual Cloud Network (VCN) is not correct and want to

  delete the subnet. While deleting you get an error indicating that there are still resources that you must delete first. The error includes the OCID of the VNIC that is in the subnet.

  Which of the following action you will take to troubleshoot this issue?

  A. Use OCI CLI to call "network vnic" and "compute vnic-attachment" operations to find out the parent resource of the VNIC.
  B. Use OCI CLI to delete the VNIC first and then delete the subnet.
  C. Use OCI CLI to delete the subnet using -force option.
  D. Copy and paste OCID of the VNIC in the search box of the OCI Console to find out the parent resource of the VNIC.
  A. Use OCI CLI to call "network vnic" and "compute vnic-attachment" operations to find out the parent resource of the VNIC.

• Question 83:

  Multiple departments In your company use a shared Oracle Cloud Infrastructure (OCI) tenancy to Implement their projects. You are in charge of managing the cost of OCI resources in the tenancy and need to obtain better Insights Into department's usage. Which three options can you implement together to accomplish this?

  A. Create a budget that matches your commitment amount and an alert at 100 percent of the forecast
  B. Set up a consolidated budget tracking lags to analyze costs in ,1 granular manner
  C. Set up different compartments for each department then track and analyze cost per compartment
  D. Use the billing cost tracking report to analyze costs
  E. Set up a tag default that automatically applies tags to all specified resources created In a compartment then use these tags for cost analysis.
  A. Create a budget that matches your commitment amount and an alert at 100 percent of the forecast
  C. Set up different compartments for each department then track and analyze cost per compartment
  E. Set up a tag default that automatically applies tags to all specified resources created In a compartment then use these tags for cost analysis.

  ---

  

• Question 84:

  A large financial services company has used 2 types of Oracle DB Systems. In Oracle Cloud Infrastructure (OCI) to store user data.

  One is running on a VM.Standard2.8 shape and the other on a VM.Standard 2.4 shape.

  As business grows, data is growing rapidly on both the databases and performance is also degrading.

  The company wants to address this problem with a viable and economical solution.

  As the solution architect for that company you have suggested that they move their databases to Autonomous Transaction Processing Serverless (ATP-S) database.

  Which two factors should you consider before you arrived at that recommendation?

  A. You verified that ATP S supports the database features and options currently being used by the 2 databases.
  B. Validate that ATP-S will support the storage and processing requirements for the 2 databases over the life cycle of the business applications.
  C. Confirm that ATP-S allows customers to compress tablespaces to reduce storage costs
  D. Upon provisioning, ATP-S automatically scales up CPU to meet the application's processing requirements.
  A. You verified that ATP S supports the database features and options currently being used by the 2 databases.
  B. Validate that ATP-S will support the storage and processing requirements for the 2 databases over the life cycle of the business applications.

  ---

  Not all features present in Oracle Database Enterprise Edition are available in ATP, and some some Oracle Database features are restricted, for example, database features designed for administration are not available. so you need to

  validate it first, You can find a complete list of the features that are not supported,

  https://docs.oracle.com/en/cloud/paas/atp-cloud/atpug/experienced-database-users.html#GUID- 58EE6599-6DB4-4F8E-816D-0422377857E5

  Also, you must specify the initial storage required for your database but ADB is elastic, so it is possible to grow or shrink your database as needed.

• Question 85:

  A hospital in Austin has hosted its web based medical records portal entirely In Oracle cloud Infrastructure (OCI) using Compute Instances for its web-tier and DB system database for its data tier. To validate compliance with Health Insurance

  Portability and Accountability (HIPAA), the security professional to check their systems it was found that there are a lot of unauthorized coming requests coming from a set of IP addresses originating from a country in Southeast Asia.

  Which option can mitigate this type of attack?

  A. Block the attacking IP address by creating by Network Security Group rule to deny access to the compute Instance where the web server Is running
  B. Block the attacking IP address by implementing a OCI Web Application Firewall policy using Access Control Rules
  C. Mitigate the attack by changing the Route fable to redirect the unauthorized traffic to a dummy Compute instance
  D. Block the attacking IP address by creating a Security List rule to deny access to the subnet where the web server Is running
  B. Block the attacking IP address by implementing a OCI Web Application Firewall policy using Access Control Rules

  ---

  WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications.

  WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable

  bots to enter. Access rules can limit based on geography or the signature of the request.

  As a WAF administrator you can define explicit actions for requests that meet various conditions. Conditions use various operations and regular expressions. A rule action can be set to log and allow, detect, or block requests

• Question 86:

  An E-Commerce company wants to deploy their web application for Oracle Database on Oracle Cloud Infrastructure (OCIJ DB Systems. In compliance with the business continuity program of the business, they need to provide a Recovery

  Point Objective (RPO) of 1 hour and a Recovery Time Objective (RTO) of 5 minutes. The web application should be highly available within the region and meet the RTO and RPO requirements in case of a region outage.

  Which approach is the most suitable and cost effective configuration for this scenario?

  A. Deploy a 1 node VM Oracle database in one region and replicate the database to a 1 node VM Oracle database in another region using a manual setup and configuration of Oracle Data Guard.
  B. Deploy a 2 node Virtual Machine (VM) Oracle RAC database in one region and replicate the database to a 2 node VM Oracle RAC database in another region using a manual setup and configuration of Oracle Data Guard.
  C. Deploy an Autonomous Transaction Processing (Serverless) database in one region and replicate it to an Autonomous Transaction Processing (Serverless) database in another region using Oracle GoldenGate.
  D. Deploy a 1 node VM Oracle database in one region. Manually Configure a Recovery Manager (RMAN) database backup schedule to take hourly database backups. Asynchronously copy the database backups to object storage in another OCI region. If the primary OCI region is unavailable, launch a new 1 node VM Database in the other OCI region and restore the production database from the backup.
  B. Deploy a 2 node Virtual Machine (VM) Oracle RAC database in one region and replicate the database to a 2 node VM Oracle RAC database in another region using a manual setup and configuration of Oracle Data Guard.

• Question 87:

  Your company needs to migrate a business critical application from your data center to Oracle Cloud Infrastructure (OCI). The application runs on Oracle

  Database and both the application and database servers run on Oracle Linux version 7. The application server is WebLogic server running on multiple 4-core servers and the database is deployed as an Oracle Database Enterprise Edition

  RAC database on 2 servers (4-cores each).

  Which method of database migration should you choose so that the application has minimal impact? (Choose the best answer.)

  A. Deploy Virtual Machine RAC DB system on OCI and use the Oracle Database Backup module with RMAN to migrate the data from customer on-premises to OCI.
  B. Deploy Virtual Machine RAC DB system on OCI and use the ZDM tool for the database migration.
  C. Deploy Autonomous Transaction Processing Database on OCI and use the MV2ADB tool for the database migration.
  D. Deploy Exadata Cloud Service Base rack and use Oracle Data Pump tool to migrate the data from customer on-premises to OCI.
  B. Deploy Virtual Machine RAC DB system on OCI and use the ZDM tool for the database migration.

  ---

  https://docs.oracle.com/en/database/oracle/zero-downtime-migration/19.2/zdmug/introduction- to-zero-downtime-migration.html#GUID-FF4CA22F-CC83-4118-AF26-6E7BE224717F

• Question 88:

  Your company will soon start moving critical systems Into Oracle Cloud Infrastructure (OCI) platform. These systems will reside in the us-phoenix-1and us-ashburn 1 regions. As part of the migration planning, you are reviewing the company's

  existing security policies and written guidelines for the OCI platform usage within the company. you have to work with the company managed key.

  Which two options ensure compliance with this policy?

  A. When you create a new compute instance through OCI console, you use the default options for "configure boot volume" to speed up the process to create this compute instance.
  B. When you create a new block volume through OCI console, select Encrypt using Key Management checkbox and use encryption keys generated and stored in OCI Key Management Service.
  C. When you create a new compute instance through OCI console, you use the default shape to speed up the process to create this compute instance.
  D. When you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option.
  E. You do not need to perform any additional actions because the OCI Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption.
  B. When you create a new block volume through OCI console, select Encrypt using Key Management checkbox and use encryption keys generated and stored in OCI Key Management Service.
  D. When you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option.

  ---

  Block Volume Encryption

  By default all volumes and their backups are encrypted using the Oracle-provided encryption keys. Each time a volume is cloned or restored from a backup the volume is assigned a new unique encryption key.

  You have the option to encrypt all of your volumes and their backups using the keys that you own and manage using the Vault service.If you do not configure a volume to use the Vault service or you later

  unassign a key from the volume, the Block Volume service uses the Oracle-provided encryption key instead.

  

  This applies to both encryption at-rest and in-transit encryption. Object Storage Encryption Object Storage employs 256-bit Advanced Encryption Standard (AES-256) to encrypt object data on the server. Each object is encrypted with its own data encryption key. Data encryption keys are always encrypted with a master encryption key that is assigned to the bucket. Encryption is enabled by default and cannot be turned off. By default, Oracle manages the master encryption key. However, you can optionally configure a bucket so that it's assigned an Oracle Cloud Infrastructure Vault master encryption key that you control and rotate on your own schedule. Encryption: Buckets are encrypted with keys managed by Oracle by default, but you can optionally encrypt the data in this bucket using your own Vault encryption key. To use Vault for your encryption needs, select Encrypt Using Customer-Managed Keys. Then, select the Vault Compartment and Vault that contain the master encryption key you want to use. Also select the Master Encryption Key Compartment and Master Encryption Key.

  

• Question 89:

  The Finance department of your company has reached out to you. They have customer sensitive data on compute Instances In Oracle Cloud Infrastructure (OCI) which they want to store in OCI Storage for long term retention and archival.

  To meet security requirements they want to ensure this data is NOT transferred over public internet, even if encrypted.

  which they want to store In OCI Object Storage fin long term retention and archival To meet security requirements they want to ensure this data is NOT transferred over public Internet, even it encrypted.

  Which option meets this requirements?

  A. Configure a NAT instance and all traffic between compute In Private subnet should use this NAT instance with Private IP as the route target.
  B. Use NAT gateway with appropriate route table when transferring data. Then use NAT gateways' toggle (on/off) once data transfer is complete.
  C. Use Service gateway with appropriate route table.
  D. Use Storage gateway with appropriate firewall rule.
  C. Use Service gateway with appropriate route table.

  ---

  Service Gateway is virtual router that you can add to your VCN. It provides a path for private network traffic between your VCN and supported services in the Oracle Services Network like Object Storage) so compute Instances in a private subnet in your VCN can back up data to Object Storage without needing public IP addresses or access to the intern

• Question 90:

  You have decided to migrate your application to Oracle Cloud Infrastructure and use Oracle Functions to deploy your microservices. Which monitoring metrics are available to help you calculate your total cost for using Oracle Functions per month? (Choose Two)

  A. Amount of RAM used by your functions.
  B. Length of time a function runs.
  C. Number of times a function is invoked.
  D. Amount of storage used by your functions.
  E. Network bandwidth used by your functions.
  B. Length of time a function runs.
  C. Number of times a function is invoked.