Oracle Oracle Cloud 1Z0-997 Questions & Answers

• Question 1:

  An organization has its mission critical application consisting of multiple application servers and databases

  running inside Virtual Cloud Network (VCN) in uk-london-1 region. Their solution architect wants to further

  strengthen their architecture by planning for Disaster Recovery (DR) in eu-frankfurt- 1 region.

  Which two solutions should their architect keep in mind while designing for DR?

  A. A remote VCN peering connection is required to establish secure and reliable connectivity between different VCNs created in uk-london-1 and eu-frankfurt-1 region.

  B. rsync utility can be used to asynchronously copy file systems or snapshot data to another region.

  C. Load balancer will automatically distribute traffic between both the regions.

  D. The RTO is the acceptable timeframe of lost data that application can tolerate.

  E. It is not possible to use Active Data Guard to synchronize a database in uk-london-1 region to equivalent database in eu-frankfurt-1 region.

  Correct Answer: AC

• Question 2:

  You are tasked with migrating an online shopping website to Oracle Cloud Infrastructure (OCI) and decide to use a Load Balancer. You have configured the backend set with the round robin policy. During the testing phase, you noticed that users are losing items from their shopping carts when they navigate to different pages. How should you implement a solution to this problem?

  A. Set up a Traffic Management Steering Policy to redirect traffic to a different backend set that is deployed exclusively for the purpose of holding all Items placed in the shopping cart.

  B. Configure a set of path route rules that will route to different backend sets based on the URI requested by the customer's browser.

  C. Replace the round robin policy with least connections policy at the backend set.

  D. Set up session persistence at the Load Balancer backend set.

  Correct Answer: C

• Question 3:

  You are running a legacy application In a compute Instance on Oracle Cloud Infrastructure (OCI). To provide enough space for it to store internal data, a block volume is attached to the instance in paravirtualized mode. Your application is not resilient to crash-consistent backup. What should you do to securely backup the block volume?

  A. Create a volume group, add the block volume and boot volume and then run the volume group backup.

  B. Before creating a backup, save your application data and detach the block volume.

  C. Create a backup, detach the block volume and save your application data.

  D. Use the block volume clone feature to save cost and speed up the backup process.

  Correct Answer: D

• Question 4:

  You are working with a customer who needs to attach an Oracle Cloud Infrastructure (OCI) block volume to a VM instance with read/write access type. The customer wants to know if the number of IOPS and throughput performance differs between the following two choices: ?Option A: attach a single 1 TB block volume to the VM instance ?Option B: attach two separate 500 GB block volumes In a RAID 0 array configuration to the VM instance You can assume that the customer is using iSCSI attachment type to attach the volumes to the instance. In addition, you can assume 1 MB block size for throughput and 4 KB block size for IOPS consideration.

  How should you respond to the customer?

  A. Option B provides higher level of throughput, but lower level of IOPS performance.

  B. Both options provide the same number of IOPS and throughput performance.

  C. Option A provides better IOPS, but lower throughput performance.

  D. Option B provides better IOPS and throughput performance.

  Correct Answer: B

• Question 5:

  Your organization is planning on using Oracle Cloud Infrastructure (OCI) File Storage Service (FSS). You will be deploying multiple compute instance in Oracle Cloud Infrastructure (OCI) and mounting the file system to these compute instances. The file system will hold payment data processed by a Database instance and utilized by compute instances to create a overall inventory report. You need to restrict access to this data for specific compute instances and must be allowed/blocked per compute instance's CIDR block. Which option can you use to secure access?

  A. Use stateless Security List rule to restrict access from known IP addresses only.

  B. Create a new VCN security list, choose SOURCE TYPE as Service and SOURCE SERVICE as FSS. Add stateless ingress and egress rules for specific P address and CIDR blocks.

  C. Use 'Export option' feature of FSS to restrict access to the mounted file systems.

  D. Create and configure OCI Web Application Firewall service with built in DNS based intelligent routing.

  Correct Answer: C

  NFS export options enable you to create more granular access control than is possible using just security list rules to limit VCN access. You can use NFS export options to specify access levels for IP addresses or CIDR blocks connecting to file systems through exports in a mount target. Access can be restricted so that each client's file system is inaccessible and invisible to the other, providing better security controls in multi-tenant environments. Using NFS export option access controls, you can limit clients' ability to connect to the file system and view or write data. For example, if you want to allow clients to consume but not update resources in your file system, you can set access to Read Only. You can also reduce client root access to your file systems and map specified User IDs (UIDs) and Group IDs (GIDs) to an anonymous UID/GID of your choice. For more information about how NFS export options work with other security layers

• Question 6:

  You have deployed a multi-tier application with multiple compute instances in Oracle Cloud Infrastructure.

  You want to back up these volumes and have decided to use Volume Group's feature. The Block volume

  and Compute instances exist in different compartments within your tenancy. Periodically. a few child

  compartments are moved under different parent compartments, and you notice that sometimes volume

  group backup fails.

  What could be the cause?

  A. You are exceeding your volume group backup quota configured.

  B. You have the same block volume attached to multiple compute instances; if these compute instances are in different compartments then all concerned compartments must be moved at the same time.

  C. Compute instance with multiple block volumes attached cannot move when a compartment is moved.

  D. The Identity and Access Management policy allowing backup failed to move when the compartment was moved.

  Correct Answer: D

  You can move a compartment to a different parent compartment within the same tenancy. When you move a compartment, all its contents (subcompartments and resources) are moved with it. Moving a compartment has implications for the contents. After you move a compartment to a new parent compartment, the access policies of the new parent take effect and the policies of the previous parent no longer apply. Before you move a compartment, ensure that: You are aware of the policies that govern access to the compartment in its current position. You are aware of the polices in the new parent compartment that will take effect when you move the compartment. In some cases, when moving nested compartments with policies that specify the hierarchy, the polices are automatically updated to ensure consistency.

• Question 7:

  You are part of a project team working in the development environment created in OCI. You have realized that the CIDR block specified for one of the subnet in a VCN is not correct and want to delete the subnet. While deleting you are getting an error indicating that there are still resources that you must delete first. The error includes the OCID of the VNIC that is in the subnet. Which of the following action you will take to troubleshoot this issue?

  A. Use OCI CLI to call "GetVnic" operation to find out the parent resource of the VNIC

  B. Copy and Paste OCID of the VNIC in the search box of the OCI Console to find out the parent resource of the VNIC

  C. Use OCI CLI to delete the VNIC first and then delete the subnet

  D. Use OCI CLI to delete the subnet using --force option

  Correct Answer: A

  VCN, it must first be empty and have no related resources or attached gateways To delete a VCN's subnets, they must first be empty. Note: When you create one of the preceding resources, you specify a VCN and subnet for it. The relevant service creates at least one VNIC in the subnet and attaches the VNIC to the resource. The service manages the VNICs on your behalf, so they are not readily apparent to you in the Console. The VNIC enables the resource to communicate with other resources over the network.

  Although this documentation commonly talks about the resource itself being in the subnet, it's actually the resource's attached VNIC. If the subnet is not empty, you instead get an error indicating that there are still resources that you must delete first. The error includes the OCID of a VNIC that is in the subnet (there could be more, but the error returns only a single VNIC's OCID). You can use the Oracle Cloud Infrastructure command line interface (CLI) or another SDK or client to call the GetVnic operation with the VNIC OCID. The response includes the VNIC's display name. Depending on the type of parent resource, the display name can indicate which parent resource the VNIC belongs to. You can then delete that parent resource, or you can contact your administrator to determine who owns the resource. When the VNIC's parent resource is deleted, the attached VNIC is also deleted from the subnet. If there are remaining VNICs in the subnet, repeat the process of determining and deleting each parent resource until the subnet is empty. Then you can delete the subnet. For example, if you're using the CLI, use this command to get information about the VNIC. oci network vnic get --vnic-id

• Question 8:

  An insurance company is storing critical financial data in the OCI block volume. This volume is currently encrypted using oracle managed keys. Due to regulatory compliance, the customer wants to encrypt the data using the keys that they can control and not the keys which are controlled by Oracle. What of the following series of tasks are required to encrypt the block volume using customer managed keys?

  A. Create a vault, import your master encryption key into the vault, generate data encryption key, assign data encryption key to the block volume

  B. Create a master encryption key, create a data encryption key, decrypt the block volume using existing oracle managed keys, encrypt the block volume using the data encryption key

  C. Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume

  D. Create a master encryption key, create a new version of the encryption key, decrypt the block volume using existing oracle managed keys and encrypt using new version of the encryption key

  Correct Answer: C

  Oracle Cloud Infrastructure Vault lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources. You can use the Vault service to create and manage the following resources: Vaults Keys Secrets Vaults securely store master encryption keys and secrets that you might otherwise store in configuration files or in code. The Vault service lets you create vaults in your tenancy as containers for encryption keys and secrets. If needed, a virtual private vault provides you with a dedicated partition in a hardware security module (HSM), offering a level of storage isolation for encryption keys that's effectively equivalent to a virtual independent HSM.

• Question 9:

  A customer has a Virtual Machine instance running in their Oracle Cloud Infrastructure tenancy. They

  realized that they wrongly picked a smaller shape for their compute instance. They are reaching out to you

  to help them fix the issue.

  Which of the below options is best recommended to suggest to the customer?

  A. Delete the running instance and spin up a new instance with the desired shape.

  B. Change the shape of instance without reboot, but stop all the applications running on instance beforehand to prevent data corruption.

  C. Change the shape of the virtual machine instance using the Change Shape feature available in the console.

  D. OCI doesn't allow such an operation.

  Correct Answer: C

  You can change the shape of a virtual machine (VM) instance without having to rebuild your instances or redeploy your applications. This lets you scale up your Compute resources for increased performance, or scale down to reduce cost. When you change the shape of an instance, you select a different processor, number of cores, amount of memory, network bandwidth, and maximum number of VNICs for the instance. The instance's public and private IP addresses, volume attachments, and VNIC attachments remain the same.

• Question 10:

  A FinTech startup is developing a new blockchain based application to provide Smart Contracts using micro-services architecture. The development team is planning to deploy the application using containers and looking for a reliable way to build, deploy and manage their cloud-native application. Additionally, they need an easy way to store, share and manage their application artifacts. Which option should you recommend for this application?

  A. Install and manage a Kubernetes cluster on OCI Compute Instances and use OCI Resource Manager for management of application artifacts

  B. Use and OCI Resource Manager to manage cloud-native application and make the application artifacts available using OCI Functions

  C. Use Oracle Container Engine for Kubernetes (OKE) to manage of cloud-native applications and OCI Registry for application artifacts

  D. Use Oracle Container Engine for Kubernetes (OKE) to manage the deployment environment and OCI Functions for application artifacts

  Correct Answer: C

  Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully-managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. Use Container Engine for Kubernetes (sometimes abbreviated to just OKE) when your development team wants to reliably build, deploy, and manage cloud-native applications. You specify the compute resources that your applications require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing OCI tenancy. Oracle Cloud Infrastructure Registry is an Oracle-managed registry that enables you to simplify your development to production workflow. Oracle Cloud Infrastructure Registry makes it easy for you as a developer to store, share, and manage development artifacts like Docker images. And the highly available and scalable architecture of Oracle Cloud Infrastructure ensures you can reliably deploy your applications. So you don't have to worry about operational issues, or scaling the underlying infrastructure.