Oracle Oracle Cloud Solutions Infrastructure 1Z0-997-22 Questions & Answers

• Question 1:

  You have provisioned a new VM.DenseIO2.24 compute instance with local NVMe drives. The compute instance is running production application. This is a write heavy application, with a significant Impact to the business it the application goes down.

  What should you do to help maintain write performance and protect against NVMe devices failure.

  A. NVMe drive have built in capability to recover themself so no other actions are required

  B. Configure RAID 6 for NVMe devices.

  C. Configure RAID 1 for NVMe devices.

  D. Configure RAID 10 for NVMe devices.

  Correct Answer: D

  VM.DeselO2.24 compute instance include locally attached NVMe devices. These devices provide extremely low latency, high performance block storage that is ideal for big data, OLTP, and any other workload that can benefit from high-performance block storage.

  A protected RAID array is the most recommended way to protect against an NVMe device failure. There are three RAID levels that can be used for the majority of workloads:

  RAID 1: An exact copy (or mirror) of a set of data on two or more disks; a classic RAID 1 mirrored pair contains two disks RAID 10: Stripes data across multiple mirrored pairs. As long as one disk in each mirrored pair is functional, data can be retrieved RAID 6: Block-level striping with two parity blocks distributed across all member disks If you need the best possible performance and can sacrifice some of your available space, then RAID 10 array is an option.

• Question 2:

  You are a solution architect working with a startup that has decided to move their workload to Oracle Cloud Infrastructure. Since their workload is small, upon architecting, you decide its sufficient to use 8 compute instances to run their workload. The company wants to use a common storage for their instances. So, you propose the idea of attaching a block volume to multiple instances to provide a common storage.

  Which of the below option is NOT true for such a solution?

  A. If the block volume is already attached to an instance as read/write non-shareable you can't attach it to another instance until you detach it from the first instance.

  B. Block volumes attached as read-only are configured as shareable by default.

  C. You can delete a block volume from one instance without detaching it from all other instances there by keeping other instance's storage intact.

  D. Once you attach a block volume to an instance as read-only, it can only be attached to other instances as read-only.

  Correct Answer: C

• Question 3:

  You are working with a customer who needs to attach an Oracle Cloud Infrastructure (OCI) block volume to a VM instance with read/write access type. The customer wants to know if the number of IOPS and throughput performance differs between the following two choices:

  Option A: attach a single 1 TB block volume to the VM instance Option B: attach two separate 500 GB block volumes In a RAID 0 array configuration to the VM instance

  You can assume that the customer is using iSCSI attachment type to attach the volumes to the instance. In addition, you can assume 1 MB block size for throughput and 4 KB block size for IOPS consideration.

  How should you respond to the customer?

  A. Option B provides higher level of throughput, but lower level of IOPS performance.

  B. Both options provide the same number of IOPS and throughput performance.

  C. Option A provides better IOPS, but lower throughput performance.

  D. Option B provides better IOPS and throughput performance.

  Correct Answer: B

• Question 4:

  Which of the following is NOT a good use case for the volume backup feature of the Oracle Cloud Infrastructure Block Volume service?

  A. Support business continuity requirements of reducing the risk of outages or data mutation over time.

  B. Meet compliance and regulatory requirements for data to remain unchanged over time, so that it can be retrieved for audit purposes.

  C. Rapidly duplicate an environment in seconds to test configuration changes without impacting your production environment.

  D. Retain a copy of data in a volume, so that you can duplicate an environment later or preserve the data for future use.

  Correct Answer: C

• Question 5:

  You have deployed a web application targeting a global audience across multiple Oracle Cloud Infrastructure (OCI) regions.

  You decide to use Traffic Management Geo-Location based Steering Policy to serve web requests to users from the region closets to the user. Within each region you have deployed a public load balancer with 4 servers in a backend set. During a DR test disable all web servers in one of the regions however, traffic Management does not automatically direct all users to the other region.

  Which two are possible causes?

  A. You did not setup a Route Table associated with load Balancer's subnet

  B. You did not setup an HTTP Health Check associated with Load Balancer public IP in the disabled region.

  C. Rather than using Geo-Location based Steering Policy, you should use Failover Policy Type to serve traffic.

  D. One of the two working web servers In the other region did not pass Its HTTP health check

  E. You did not correctly setup the Load Balancer HTTP health check policy associated with backend set

  Correct Answer: BE

  Managing Traffic Management GEOLOCATION Steering Policies Geolocation steering policies distribute DNS traffic to different endpoints based on the location of the end user. Customers can define geographic regions composed of originating continent, countries or states/provinces (North America) and define a separate endpoint or set of endpoints for each region. The Health Checks service allows you to monitor the health of IP addresses and hostnames, as measured from geographic vantage points of your choosing, using HTTP and ping probes. After configuring a health check, you can view the monitor's results. The results include the location from which the host was monitored, the availability of the endpoint, and the date and time the test was performed. Also you can Combine Managing Traffic Management GEOLOCATION Steering Policies with Oracle Health Checks to fail over from one region to another The Load Balancing service provides health status indicators that use your health check policies to report on the general health of your load balancers and their components. if you misconfigure the health check Protocol between the Load balancer and backend set that can lead to not get an accurate response as example below If you run a TCP-level health check against an HTTP service, you might not get an accurate response. The TCP handshake can succeed and indicate that the service is up even when the HTTP service is ly configured or having other issues. Although the health check appears good customers might experience transaction failures.

• Question 6:

  A hospital in Austin has hosted its web based medical records portal entirely In Oracle cloud Infrastructure (OCI) using Compute Instances for its web-tier and DB system database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the security professional to check their systems it was found that there are a lot of unauthorized coming requests coming from a set of IP addresses originating from a country in Southeast Asia.

  Which option can mitigate this type of attack?

  A. Block the attacking IP address by creating by Network Security Group rule to deny access to the compute Instance where the web server Is running

  B. Block the attacking IP address by implementing a OCI Web Application Firewall policy using Access Control Rules

  C. Mitigate the attack by changing the Route fable to redirect the unauthorized traffic to a dummy Compute instance

  D. Block the attacking IP address by creating a Security List rule to deny access to the subnet where the web server Is running

  Correct Answer: B

  WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications. WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter. Access rules can limit based on geography or the signature of the request. As a WAF administrator you can define explicit actions for requests that meet various conditions. Conditions use various operations and regular expressions. A rule action can be set to log and allow, detect, or block requests

• Question 7:

  Your organization is planning on using Oracle Cloud Infrastructure (OCI) File Storage Service (FSS). You will be deploying multiple compute instance in Oracle Cloud Infrastructure(OCI) and mounting the file system to these compute instances.

  The file system will hold payment data processed by a Database instance and utilized by compute instances to create a overall inventory report. You need to restrict access to this data for specific compute instances and must be allowed/ blocked per compute instance's CIDR block.

  Which option can you use to secure access?

  A. Create a new VCN security list, choose SOURCE TYPE as Service and SOURCE SERVICE as FSS. Add stateless ingress and egress rules for specific IP address and CIDR blocks.

  B. Use 'Export option' feature of FSS to restrict access to the mounted file systems.

  C. Create and configure OCI Web Application Firewall service with built in DNS based intelligent routing.

  D. Use stateless Security List rule to restrict access from known IP addresses only.

  Correct Answer: B

• Question 8:

  Your organization needs to migrate legacy monolithic applications into cloud-native containerized RESTful microservices. The development team is testing the use of packaged procedures with containers in a fully serverless environment. Before migrating the existing code to production, the team decides to perform a lift and shift of the monolithic application and code the new features that are essential for serverless microservices.

  You want to carry out a steady migration to the Oracle Cloud Infrastructure (OCI) platform, making the new microservice functionalities available while maintaining the monolithic application for all the other activities. You also want to integrate the legacy monolithic application with the new microservices to have a single interface with simplified management for auditing and monitoring while meeting operational and compliance requirements.

  How can you meet this requirement?

  A. Push the container image to OCIR, build a serverless function using the OCI Functions serviceBYOD (Bring-Your-Own-Dockerfile) feature, build an API deployment specification with serverless functions as the back-end, and use an OCI API gateway to provide front- end access to that function.

  B. Push the container image to the OCI code repository, create an instance template with a Docker container running the image, and create an instance pool with autoscaling configuration. Use the OCI load balancer to provide an API endpoint to connect with the microservice.

  C. Push the container image to the OCI code repository, build a serverless function using the OCI Functions service BYOD feature, build an API deployment specification with serverless functions as the back-end, and use an OCI API gateway to provide front-end access to that function.

  D. Push the container image to OCIR, create an instance template with a Docker container running the image, and create an instance pool with autoscaling configuration. Use the OCI load balancer to provide an API endpoint to connect with the microservice.

  Correct Answer: B

• Question 9:

  Your customer recently ordered for a 1-Gbps Fast Connect connection In ap-tokyo-1 region of Oracle Cloud Infrastructure (OCI). They will us this to one Virtual cloud Network (VCN) in their production (OC1) tenancy and VCN In their development OC1 tenancy

  As a Solution Architect, how should yon configure and architect the connectivity between on premises and VCNs In OCI?

  A. Create two private virtual circuits on the FastConnect link. Create two Dynamic Routing Gateways, one for each VCNs. Attach the virtual circuits to the dynamic routing gateways.

  B. You cannot achieve connectivity using single FastConnect link as the production and the development VCNs-are in separate tenancies. Request one more FastConnect connection.

  C. Create a single private virtual circuit over FastConnect and attach fastConnect to either of the VCN's Dynamic Routing Gateway. Use Remote Peering to peer production and development VCNs.

  D. Create a hub-VCN that uses Dynamic Routing Gateway (DRG) to communicate with on- premises network over FastConnect. Connect the hub-VCN to the production VCN spoke and with development VCN spoke, each peered via their respective local Peering Gateway (LPG)

  Correct Answer: D

  There's an advanced routing scenario called transit routing that enables communication between an onpremises network and multiple VCNs over a single Oracle Cloud Infrastructure FastConnect or IPSec VPN.

  The VCNs must be in the same region and locally peered in a hub-and-spoke layout. As part of the scenario, the VCN that is acting as the hub has a route table associated with each LPG (typically route tables are associated with a VCN's

  subnets).

  

• Question 10:

  Give this compartment structure:

  

  You want to move a compute instance that is in 'Compute' compartment to 'SysTes-Team'. You login to your Oracle Cloud Infrastructure (OCI)account and use the 'Move Resource' option.

  What will happen when you attempt moving the compute resource?

  A. The move will be successful though Compute Instance and its Public and Private IP address will stay the same. The Compute instance VNIC will need to be moved separately. The Compute instance will still be associated with the original VCN.

  B. The move will fail and you will be prompted to move the VCN first. Once VCN is moved to the target compartment, the Compute instance can be moved.

  C. The move will be successful though Compute Instance Public and Private IP address changed, and it will be associated to the VCN in target compartment.

  D. The move will be successful though Compute Instance and its Public and Private IP address will stay the same. The Compute instance VNIC will still be associated with the original VCN.

  Correct Answer: D

  Moving Resources to a Different Compartment

  Most resources can be moved after they are created. There are a few resources that you can't move from one compartment to another. Some resources have attached resource dependencies and some don't.

  Not all attached dependencies behave the same way when the parent resource moves. For some resources, the attached dependencies move with the parent resource to the new compartment.

  The parent resource moves immediately, but in some cases attached dependencies move asynchronously and are not visible in the new compartment until the move is complete. For other resources, the attached resource dependencies do

  not move to the new compartment. You can move these attached resources independently. You can move Compute resources such as instances, instance pools, and custom images from one compartment to another. When you move a

  Compute resource to a new compartment, associated resources such as boot volumes and VNICs are not moved. You can move a VCN from one compartment to another. When you move a VCN, its associated VNICs, private IPs, and

  ephemeral IPs move with it to the new compartment.