1Z0-997-20 Online Practice Questions and Answers

You are designing the network infrastructure for two application servers: appserver-1 and appserver-2 running in two different subnets inside the same Virtual Cloud Network (VCN) Oracle Cloud Infrastructure (OCI). You have a requirement where your end users will access appserver-1 from the internet and appserver-2 from the on-premises network. The on-premises network is connected to your VCN over a FastConnect virtual circuit.

How should you design your routing configuration to meet these requirements?

A. Configure a single routing table (Route Table-1) that has two set of rules. One that has route to internet via the internet Gateway and another that propagate specific routes for the on-premise network via the Dynamic Routing Gateway. Associate the routing table with all the VCN subnets.

B. Configure a single routing table (Routing Table-1) that has two set of rules: one that has route to internet via the Internet Gateway and another that propagates specific routes for the on-premises network via Dynamic Routing Gateway (DRG). Associate the routing table with the VCN.

C. Configure two routing tables: Route Table-1 that has a route to internet via the Internet gateway. Associate this route table to the subnet containing appserver-1. Route Table-2 that propagate specific routes for the on-premises network via the Dynamic Routing Gateway (DRG) Associate this route table to subnet containing appserver-2.

D. Configure two routing table (Route table-1 Route Table-2) that have rule to route all traffic via the Dynamic Routing Gateway (DRG) Associate the two routing tables with all the VCN subnets.

You are building a demo for a customer that showcases Oracle Cloud Infrastructure (OCI) Events service and Oracle Functions. You plan to create an event every time an image is uploaded to an OCI Object Storage bucket. You have also created a function that is listening to the event and processes the image for face recognition.

Choose the two actions from below that are NOT required to run the demo successfully.

A. You must specify an action type while creating an Event service and specify the function you want to trigger.

B. Creating an event rule is not permitted for OCI Object storage.

C. The function must be deployed only to Oracle Kubernetes Engine (OKE).

D. You have to enable Object Storage buckets to emit events for state changes.

E. You must deploy the function that does facial recognition for the demo to work.

A retail company has recently adopted a hybrid architecture. They have the following requirements for their end-to-end Connectivity model between their on-premises data center and Oracle Cloud Infrastructure (OC1) region

*

Highly available connection with service level redundancy

*

Dedicated network bandwidth with low latency

Which connectivity setup is the most cost effective solution for this scenario?

A. Setup IPsec VPN as your primary connection, and a FastConnect virtual circuit as a backup connection. Use separate edge devices in your on-premises data canter for each connection from your edge devices, advertise more specific routes IPSec VPN, and specific routes through the backup FastConnect virtual circuit.

B. Setup FastConnect virtual circuit as your primary connection, and a second FastConnect virtual circuit as a backup connection. Use separate edge devices in your FastConnect physical connectivity is redundant Use a single edge device in your on premises data center for each connection From yc device, advertise more specific routes via primary FastConnect virtual circuit, and less specific routes through t backup FastConnect circuit.

C. Setup FastConnect virtual circuit as your primary connection, and an IPSec VPN as a backup connection. Use separate edge devices in your on-premises data center for each connection. From your edge devices, advertise more specific routes through FastConnect virtual circuit, and more specific routes through the backup IPSec VPN path.

D. Setup IPSec VPN as your primary connection, and a second IPSec VPN as a backup connection. Use separate edge devices in your on p data center for each connection. From your edge devices, advertise more specific routes via primary IPSec VPN. and less specific rod the backup IPSec VPN.

You are tasked with backing up your data using Oracle Cloud Infrastructure Block Volume service.

When you are finalizing your block volume backup schedule, which of the following two are valid considerations for your backup plan? (Choose Two)

A. Number of stored backups: How many backups you need to keep available and the deletion schedule for those you no longer need.

B. Governance: Tagging of backups so you can capture backup related API calls through the Audit service.

C. Frequency: How often you want to back up your data.

D. Location: Determine the Object Store Bucket where the backups will be stored.

E. Encryption: Whether to use your own key to encrypt your volume backups.

An organization has its IT infrastructure in a hybrid setup with an on-premises environment and an Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) in the us-phonix-1 region. The on-premise applications communications with compute instances inside the VPN over a hardware VPN connection. They are looking to implement an Intrusion detected and Prevention (IDS/IPS) system for their OCI environment. This platform should have the ability to scale to thousands of compute of instances running inside the VCN. How should they architect their solution on OCI to achieve this goal?

A. Set up an OCI Private Load Balance! and configure IDS/IPS related health checks at TCP and/or HTTP level to inspect traffic

B. Configure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS platform to inspection

C. There Is no need to implement an IPS/IDS system as traffic coming over IPSec VPN tunnels Is already encrypt

D. Configure autoscaling on a compute Instance pool and set vNIC to promiscuous mode to called traffic across the vcn and send it IDS/IPS platform for inspection.

You have been asked to review some network proposals by a major client. The client's IT director needs to provision two Virtual Cloud Network (VCN) for a major application. Both applications use a large number of virtual machine instances, and so will ideally occupy VCNs with as many address spaces as possible. Additionally, in the future, VCN peering will be required to allow communication between the VCNs.

Which of the following are valid IP ranges to consider for the VCNs?

A. 10.0.0.0/24 and 10.0.1.0/24

B. 10.0.1.0/24 and 10.0.1.0/27

C. 10.0.0.0/16 and 10.0.64.0/24

D. 10.0.0.0/8 and 11.0.0.0/8

You are a DevOps engineer working for a high tech company, and are using Terraform to maintain your Oracle Cloud Infrastructure (OCI) resources. You have created a Terraform script that would create the infrastructure for deploying a web service. But want to tune in some settings within the OCI Instances using a shell script.

How should you write your Terraform script to run the shell script on OCI instance?

A. Use provisioner "remote-exec" in your code to run the shell script.

B. Use provisioner "local-exec" in your code to run the shell script.

C. Use resource "oci_core_instance" to create the instance and run the shell script.

D. Use provisioner "oci-remote-exec" in your code to run the shell script.

You are creating a compute instance using Oracle Cloud Infrastructure (OCI) Console. You decide to use Oracle provided image for the compute instance launch. Which option is TRUE when using Oracle provided images?

A. On Windows images, custom user data scripts are executed using cloud-init to perform various tasks such as enabling GPU support.

B. Oracle provided images do not support the ability to supply a custom metadata during instance launch.

C. For a Linux based image, access to host over the internet is permitted only via SSH protocol and all other remote access is disabled.

D. If you choose a non-Windows image, the only way to download and update packages is by running apt or yum commands.

Which three scenarios are suitable for the use of Oracle Cloud Infrastructure (OCI) Autonomous Transaction Processing - Serverless (ATP-S) deployment? (Choose three.)

A. A well-established, online auction marketplace is running an application where there is database usage 24x7, but also has peaks of activity that are hard to predict. When the peaks happen, the total activities may reach 3 times the normal activity level.

B. A midsize company is considering migrating its legacy on-premises MongoDB database to Oracle Cloud Infrastructure (OCI). The database has significantly higher workloads on weekends than weekdays.

C. A manufacturing company is running Oracle E-Business Suite application on-premises. They are looking to move this application to OCI and they want to use a managed database offering for their database tier.

D. A developer working on an internal project needs to use a database during work hours but doesn't need it during nights or weekends. The project budget requires her to keep costs low.

E. A small startup is deploying a new application for eCommerce and it requires a database to store customers' transactions. The team is unsure of what the load will look like since it is a new application.

You are trying to delete a compartment. The delete operation is falling and you need to troubleshoot the problem.

Which step should NOT be considered when troubleshooting this issue?

A. Verify that there are no policies In the root compartment that reference the compartment you are trying to delete.

B. Verify that you have removed all resources from the compartment.

C. Make sure you have at least one more compartment in your tenancy other than the root compartment.

D. Search for resources in the compartment for each region that your tenancy is subscribed to.

A new international hacktivist group, based in London, launched wide scale cyber attacks including SQL Injection and Cross-Site Scripting (XSS) across multiple websites which are hosted in Oracle Cloud Infrastructure (OCI). As an IT consultant, you must configure a Web Application Firewall (WAF) to protect these websites against the attacks.

How should you configure your WAF to protect the website against those attacks? (Choose the best answer.)

A. Enable an Access Rule that contains XSS Filters Categories and SQL Filters Categories.

B. Enable a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL strings.

C. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.

D. Enable an Access Rule to block the IP Address range from London.

E. Enable a Protection Rule to block requests that came from London.

All three Data Guard Configuration are fully supported on Oracle Cloud infrastructure (OCI). You want to deploy a maximum availability architecture (MAA) for database workload.

Which option should you consider while designing your Data Guard configuration to ensure best RTO and PRO without causing any data loss?

A. Configure "Maximum Protection" mode which provides zero data loss If the primary database fails.

B. Configure "Maximum Performance" mode In SYNC mode between two availability domains (same region) which provides, the highest level of data protection that is possible without affecting the performance of the primary database.

C. Configure ''Maximum Scalability" mode which provides the highest level of scalability without compromising the availability of the primary database.

D. Configure ''Maximum Availability" mode in SYNC mode between two availability domains (same region), and use the Maximum Availability mode in SYNC mode between two regions.

You are helping a customer troubleshoot a problem. The customer has several Oracle Linux servers in a private subnet within a Virtual Cloud Network (VCN). The servers are configured to periodically communicate to the Internet to get security patches for applications Installed on them.

The servers are unable to reach the Internet. An Internet Gateway has been deployed In the public subnet in the VCN and the appropriate routes are configured in the Route Table associated with the public subnet.

Based on cost considerations, which option will fix this Issue?

A. Create a Public Load Balancer In front of the servers and add the servers to the Backend Set of the Public Load Balancer.

B. Create another Internet Gateway and configure it as route target for the private subnet.

C. Implement a NAT instance In the public subnet of the VCN and configure the NAT instance as the route target for the private subnet.

D. Create a NAT gateway in the VCN and configure the NAT gateway as the route target for the private subnet.

You work for a bank as the lead Oracle Cloud Infrastructure architect. You designed a highly scalable solution for your company's banking application. The architecture includes a load balancer, application servers with autoscaling

configuration based on CPU utilization, and an Autonomous Database with Transaction Processing workload type running in a Virtual Cloud Network (VCN).

During the peak utilization period, the application users complain that the application runs slow.

What are two possible reasons for the application running slow at times? (Choose two.)

A. The VCN does not have a Network Security Group configured to allow traffic from the load balancer to all the application servers in the backend set.

B. Instance pool in autoscaling configuration for the application servers did not scale out due to compartment quota breach of the VM shapes used by the application servers.

C. The load balancer is not configured correctly to send traffic to all the listeners of the application servers in the backend set.

D. Instance pool in autoscaling configuration for the Autonomous Database did not scale out due to misconfigured scaling policy.

E. Instance pool in autoscaling configuration for the application servers did not scale out due to service limit breach of the VM shapes used by the application servers.

A hospital in Austin has hosted its web based medical records portal entirely In Oracle cloud Infrastructure (OCI) using Compute Instances for its web-tier and DB system database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the security professional to check their systems it was found that there are a lot of unauthorized coming requests coming from a set of IP addresses originating from a country in Southeast Asia.

Which option can mitigate this type of attack?

A. Block the attacking IP address by creating by Network Security Group rule to deny access to the compute Instance where the web server Is running

B. Block the attacking IP address by implementing a OCI Web Application Firewall policy using Access Control Rules

C. Mitigate the attack by changing the Route fable to redirect the unauthorized traffic to a dummy Compute instance

D. Block the attacking IP address by creating a Security List rule to deny access to the subnet where the web server Is running