Oracle 1Z0-997-22 Online Practice Questions and Exam Preparation

Oracle 1Z0-997-22 Online Questions & Answers

• Question 101:

  A new international hacktivist group, based in London, launched wide scale cyber attacks including SQL Injection and Cross-Site Scripting (XSS) across multiple websites which are hosted in Oracle Cloud Infrastructure (OCI). As an IT consultant, you must configure a Web Application Firewall (WAF) to protect these websites against the attacks.

  How should you configure your WAF to protect the website against those attacks? (Choose the best answer.)

  A. Enable an Access Rule that contains XSS Filters Categories and SQL Filters Categories.
  B. Enable a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL strings.
  C. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.
  D. Enable an Access Rule to block the IP Address range from London.
  E. Enable a Protection Rule to block requests that came from London.
  C. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

  ---

  Explanation/Reference:

  https://www.ateam-oracle.com/using-oci-waf-web-application-firewall-with-oracle-e- businesssuite#:~:text=The%20protection%20rules%20can%20be,achieved%20by%20enabling%20 corresponding%20rules.

• Question 102:

  A cloud engineer needs to enable routing between two Virtual Cloud Networks (VCN) from his tenancy. The VCNs are in the same region but in different compartments. After reviewing the IPv4 CIDR prefixes of the two VCNs, he notices that there are no overlapping CIDR blocks.

  Which THREE are valid Oracle Cloud Infrastructure (OCI) options for connecting and routing between the two VCNs? (Choose three.)

  A. Create two DRGs in the tenancy. Attach one VCN to one of the DRGs; attach the other VCN to the second DRG. In each one of the DRGs, create a Virtual Circuit Attachment. Select FastConnect Partner as the FastConnect type. Select any vendor from the list and complete the circuit at the partner site. Once the FastConnect IPv4 BGP field is in the UP state in each one of the Virtual Circuits, add a route rule in each one of the VCNs' route table to the other VCN using the DRG as the next hop.
  B. Create two DRGs in the tenancy. Attach one VCN to one of the DRGs; attach the other VCN to the second DRG. In each one of the DRGs, create a Remote Peering Connection (RPC). Establish a connection from one RPC to the other. In each one of the VCNs' route table, add a route rule to the other VCN using the DRG as the next hop.
  C. Create a DRG in the tenancy; add one of the VCN as a VCN attachment. In the other VCN, create a Local Peering Gateway (LPG). Peer the DRG to the LPG. In the VCN attached to the DRG, add a route rule in the route table that points to the DRG as the next hop. In the other VCN, add a route rule in the route table that points to the LPG as the next hop.
  D. Add an LPG to each one of the VCNs. In one of the LPG, establish a Peering Connection to the other LPG. In each one of the VCN route table, add a route rule to the other VCN using the LPG as the next hop.
  E. Create a DRG in the tenancy; add one of the VCNs as a VCN attachment. In the other VCN, create a Local Peering Gateway (LPG). Peer the DRG to the LPG. In the VCN attached to the DRG, enable BGP routing for the route to propagate to the VCN. In the other VCN add a route rule in the route table that points to the LPG as the next hop.
  F. Create a Dynamic Routing Gateway (DRG) in the tenancy, add the two VCNs as VCN attachments and add routes in each one of the VCN route tables with the DRG as the next hop for the CIDR prefix of the other VCN.
  A. Create two DRGs in the tenancy. Attach one VCN to one of the DRGs; attach the other VCN to the second DRG. In each one of the DRGs, create a Virtual Circuit Attachment. Select FastConnect Partner as the FastConnect type. Select any vendor from the list and complete the circuit at the partner site. Once the FastConnect IPv4 BGP field is in the UP state in each one of the Virtual Circuits, add a route rule in each one of the VCNs' route table to the other VCN using the DRG as the next hop.
  C. Create a DRG in the tenancy; add one of the VCN as a VCN attachment. In the other VCN, create a Local Peering Gateway (LPG). Peer the DRG to the LPG. In the VCN attached to the DRG, add a route rule in the route table that points to the DRG as the next hop. In the other VCN, add a route rule in the route table that points to the LPG as the next hop.
  D. Add an LPG to each one of the VCNs. In one of the LPG, establish a Peering Connection to the other LPG. In each one of the VCN route table, add a route rule to the other VCN using the LPG as the next hop.

• Question 103:

  An organization has its mission critical application consisting of multiple application servers and databases running inside Virtual Cloud Network (VCN) in uk-london-1 region. Their solution architect wants to further strengthen their architecture by planning for Disaster Recovery (DR) in eu-frankfurt-1 region.

  Which two solutions should their architect keep in mind while designing for DR?

  A. A remote VCN peering connection is required to establish secure and reliable connectivity between different VCNs created in uk-london-1 and eu-frankfurt-1 region.
  B. rsync utility can be used to asynchronously copy file systems or snapshot data to another region.
  C. Load balancer will automatically distribute traffic between both the regions.
  D. The RTO is the acceptable timeframe of lost data that application can tolerate.
  E. It is not possible to use Active Data Guard to synchronize a database in uk-london-1 region to equivalent database in eu-frankfurt-1 region.
  A. A remote VCN peering connection is required to establish secure and reliable connectivity between different VCNs created in uk-london-1 and eu-frankfurt-1 region.
  C. Load balancer will automatically distribute traffic between both the regions.

• Question 104:

  You want to automate the processing of new image files to generate thumbnails. The expected rate is 10 new files every hour. Which of the following is the most cost effective option to meet this requirement in Oracle Cloud Infrastructure (OCI)?

  A. Upload all files to an Oracle Streaming Service (OSS) stream. Setup a cron job to invoke a function in Oracle Functions to fetch data from the stream. Invoke another function to process the image files and generate thumbnails. Store thumbnails in another OSS stream.
  B. Upload files to an OCI Object storage bucket. Every time a file is uploaded, an event is emitted. Write a rule to filter these events with an action to trigger a function in Oracle Functions. The function processes the image in the file and stores the thumbnails back in an Object storage bucket.
  C. Build a web application to ingest the files and save them to a NoSQL Database. Configure OCI Events service to trigger a notification using Oracle Notification Service (ONS). ONS invokes a custom application to process the image files to generate thumbnails. Store thumbnails in a NoSQL Database table.
  D. Upload files to an OCI Object storage bucket. Every time a file is uploaded, trigger an event with an action to provision a compute instance with a cloud-init script to access the file, process it and store it back in an Object storage bucket. Terminate the instance using Autoscaling policy after the processing is finished.
  B. Upload files to an OCI Object storage bucket. Every time a file is uploaded, an event is emitted. Write a rule to filter these events with an action to trigger a function in Oracle Functions. The function processes the image in the file and stores the thumbnails back in an Object storage bucket.

• Question 105:

  You are tasked with building a highly available, fault tolerant web application for your current employer. The security team is concerned about an increase in malicious web- based attacks across the internet and asked what you can do to add a higher level of security to the website.

  How should you architect the solution on Oracle Cloud Infrastructure (OCI) to meet all requirements defined by your organization? (Choose the best answer.)

  A. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Deploy a Web Application Firewall (WAF) and configure the load balancer public IP address as the origin.
  B. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Create a Geolocation steering policy in Traffic Management and add an answer pool that directs to the public IP address of the load balancer. Configure a global catch-all rule to use this answer pool.
  C. Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Ensure that each web application server is assigned a public IP address. Deploy a Web Application Firewall (WAF) and configure one Origin for each public IP address.
  D. Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Use the OCI Traffic Management service to create a load balancing policy that will resolve DNS evenly between all web servers.
  A. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Deploy a Web Application Firewall (WAF) and configure the load balancer public IP address as the origin.

• Question 106:

  You are building a highly available and fault tolerant web application deployment for your company. Similar application delayed by competitors experienced web site attack including DDoS which resulted in web server failing.

  You have decided to use Oracle Web Application Firewall (WAF) to implement an architecture which will provide protection against such attacks and ensure additional configuration will you need to implement to make sure WAF is protecting my web application 24?.

  Which additional configuration will you need to Implement to make sure WAF Is protecting my web application 24??

  A. Configure auto scaling policy and it to WAF instance.
  B. Configure Control Rules to send traffic to multiple web servers
  C. Configure multiple origin servers
  D. Configure new rules based on now vulnerabilities and mitigations
  C. Configure multiple origin servers

  ---

  Explanation/Reference:

  Origin Management

  An origin is an endpoint (typically an IP address) of the application protected by the WAF.

  An origin can be

  an Oracle Cloud Infrastructure load balancer public IP address. A load balancer IP address can be used for

  high availability to an origin. Multiple origins can be defined, but only a single origin can be active for a WAF. You can set HTTP headers for outbound traffic from the WAF to the origin server. These name value pairs are then available to the

  application. Oracle Cloud Infrastructure Web Application Firewall (WAF) is a cloud-based, Payment Card Industry (PCI) compliant, global security service that protects applications from malicious and unwanted internet traffic.

  WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications. WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting (XSS),

  SQL Injection and other OWASP- defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter. Access rules can limit based on geography or the signature of the request.

  Distributed Denial of Service (DDoS)

  A DDoS attack is an often intentional attack that consumes an entity's resources, usually using a large number of distributed sources. DDoS can be categorized into either Layer 7 or Layer 3/4 (L3/4)

  A layer 7 DDoS attack is a DDoS attack that sends HTTP/S traffic to consume resources and hamper a website's ability to delivery content or to harm the owner of the site. The Web Application Firewall (WAF)

  service can protect layer 7 HTTP-based resources from layer 7 DDoS and other web application attack vectors.

• Question 107:

  You are working with a customer who needs to attach an Oracle Cloud Infrastructure (OCI) block volume to a VM instance with read/write access type. The customer wants to know if the number of IOPS and throughput performance differs between the following two choices:

  Option A: attach a single 1 TB block volume to the VM instance Option B: attach two separate 500 GB block volumes In a RAID 0 array configuration to the VM instance

  You can assume that the customer is using iSCSI attachment type to attach the volumes to the instance. In addition, you can assume 1 MB block size for throughput and 4 KB block size for IOPS consideration.

  How should you respond to the customer?

  A. Option B provides higher level of throughput, but lower level of IOPS performance.
  B. Both options provide the same number of IOPS and throughput performance.
  C. Option A provides better IOPS, but lower throughput performance.
  D. Option B provides better IOPS and throughput performance.
  B. Both options provide the same number of IOPS and throughput performance.

  ---

  Explanation/Reference:

• Question 108:

  You have designed and deployed your Autonomous Data Warehouse (ADW) such that it is accessible from your on-premises data center and servers running on both private and public networks in Oracle Cloud Infrastructure (OCI).

  

  As you are testing the connectivity to your ADW database from the different access paths, you notice that the server running on the private network is unable to connect to ADW.

  Which two steps do you need to take to enable connectivity from the server on the private network to ADW? (Choose two.)

  A. Add an entry in the Security List of the ADW allowing ingress traffic for C10R block 10.2.2.0/24
  B. Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/: target type of NAT Gateway, add a stateful egress rule to the security list (associated with the private subnet) with destination of 0.0.0.0./0 and for all IP protocols.
  C. Add an entry in the access table list of ASW for CIDR block 10.2.2.0/24.
  D. Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0./0; target type of internet Gateway, add a stateful egress in the security list (associated with the private subnet) with destination of 0.0.0.0/0 and for all IP protocols.
  E. Add an entry in the access control list of ADW for IP address 129.146.160.11
  B. Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/: target type of NAT Gateway, add a stateful egress rule to the security list (associated with the private subnet) with destination of 0.0.0.0./0 and for all IP protocols.
  E. Add an entry in the access control list of ADW for IP address 129.146.160.11

  ---

  Explanation/Reference:

  There are 3 connections to ADW 1- Connecting to (ADW) from Public Internet 2- Connecting to ADW (via NAT or Service Gateway) from a server running on a private subnet in OCI (in the same tenancy) 3- Connecting to ADW (via internet Gateway) from a server running on a public subnet in OCI (in the same tenancy

• Question 109:

  You are designing the network infrastructure for an application consisting of a web server (server-1) and a Domain Name Server (server-2) running in two different subnets inside the same Virtual Cloud Network (VCN) in Oracle Cloud Infrastructure (OCI). You have a requirement where your end users will access server-1 from the internet and server-2 from your customer's on-premises network. The on-premises network is connected to your VCN over a FastConnect virtual circuit.

  How should you design your routing configuration to meet these requirements?

  A. Configure a single routing table with two set of rules: one that has route to internet via an Internet Gateway and another that propagates specific routes for the on-premises network via a Dynamic Routing Gateway. Don't associate this routing table with any of the subnets in the VCN.
  B. Configure a single routing table with two set of rules: one that has route to internet via an Internet Gateway and another that propagate specific routes to the on-premises network via a Dynamic Routing Gateway. Associate the routing table with all the VCN subnets.
  C. Configure two routing tables: first one with a route to internet via an Internet gateway; associate this route table to the subnet containing server-1 .Configure the second route table to propagate specific routes to the on-premises network via a Dynamic Routing Gateway; associate this route table to subnet containing server-2.
  D. Configure two routing tables that have rules to route all traffic via a Dynamic Routing Gateway. Associate the two routing tables with all the VCN subnets.
  C. Configure two routing tables: first one with a route to internet via an Internet gateway; associate this route table to the subnet containing server-1 .Configure the second route table to propagate specific routes to the on-premises network via a Dynamic Routing Gateway; associate this route table to subnet containing server-2.

• Question 110:

  You have an Oracle database system in a virtual cloud network (VCN) that needs to be accessible on port 1521 from your on-premises network CIDR 172.17.0.0/24.

  You have the following configuration currently.

  Virtual cloud network (VCD) is associated with a Dynamic Routing Gateway (DRG), and DRG has an active IPSec connection with your on-premises data center.

  Oracle database system is hosted in a private subnet

  The private subnet route table has the following configuration

  The private subnet route table has following configuration.

  

  However, you are still unable to connect to the Oracle Database system. Which action will resolve this issue?

  

  A. Option A
  B. Option B
  C. Option C
  D. Option D
  C. Option C

  ---

  Explanation/Reference: