1Z0-997-21 Online Practice Questions and Answers

You have provisioned a new VM.DenseIO2.24 compute instance with local NVMe drives. The compute instance is running production application. This is a write heavy application, with a significant Impact to the business it the application goes down. What should you do to help maintain write performance and protect against NVMe devices failure.

A. NVMe drive have built in capability to recover themself so no other actions are required

B. Configure RAID 6 for NVMe devices.

C. Configure RAID 1 for NVMe devices.

D. Configure RAID 10 for NVMe devices.

An organization has its IT infrastructure in a hybrid setup with an on-premises environment and an Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) in the us-phonix-1 region. The on- premise applications communications with compute instances inside the VPN over a hardware VPN connection. They are looking to implement an Intrusion detected and Prevention (IDS/IPS) system for their OCI environment. This platform should have the ability to scale to thousands of compute of instances running inside the VCN.

How should they architect their solution on OCI to achieve this goal?

A. Set up an OCI Private Load Balance! and configure IDS/IPS related health checks at TCP and/or HTTP level to inspect traffic

B. Configure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS platform to inspection

C. There Is no need to implement an IPS/IDS system as traffic coming over IPSec VPN tunnels Is already encrypt

D. Configure autoscaling on a compute Instance pool and set vNIC to promiscuous mode to called traffic across the vcn and send it IDS/IPS platform for inspection.

You have multiple IAM users who launch different types of compute Instances and block volumes every day. As a result, your Oracle cloud Infrastructure (OCF) tenancy quickly hit the service limit and you can no longer create any new instances. As you are cleaning up environment, you notice that the majority of the Instances and block volumes are untagged. Therefore, It is difficult to pinpoint the owner of these resources verify if they are safe to terminate. Because of this, your company has issued a new mandate, which requires adding compute instances. Which option is the simplest way to implement this new requirement?

A. Create a policy to automatically tag a resource with the user name.

B. Create a policy using IAM requiring users to tag specific resources. This will allow a user to launch compute instances on\y if certain tags were defined.

C. Create tag variables to automatically tag a resource with the user name.

D. Create a default tag for each compartment, which ensure that appropriate tags are applied at resource creation

E. Create tag variables for each compartment to automatically tag a resource with the user name.

Your customer has gone through a recent departmental re structure. As part of this change, they are

organizing their Oracle Cloud Infrastructure (OCI) compartment structure to align with the company's new

organizational structure.

They have made the following change:

Compartment x Is moved, and its parent compartment is now compartment c.

Policy defined in compartment A: Allow group networkadmins to manage subnets in compartment X Policy defined in root compartment: Allow group admins to read subnets in compartment Finance:A:X After you move the compartment, which two IAM policies would be required to ensure both groups retain the same permissions to compartment X that they had before? (Choose two.)

A. Define a policy in the root compartment as follows: Allow group admins to manage subnets in compartment Finance:A:X

B. Define a policy in compartment HR as follows: Allow group networkadmins to manage subnets in compartment C:X.

C. Define a policy in the root compartment as follows: Allow group admins to read subnets in compartment HR:C:X

D. Define a policy in compartment C as follows: Allow group networkadmins to read subnets in compartment X

You are the Solution Architect that designed this Oracle Cloud Infrastructure (OCI) compartment layout for your organization:

The development team has deployed quite a few instances under 'Compute' Compartment and the operations team needs to list the Instances under the same compartment for their testing. Both teams, development and operations are part of a group called 'Eng-group' You have been looking for an option to allow the operations team to list the instances without access any confidential information or metadata of resources. Which IAM policy should you write based on these requirements?

A. Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to `Engineering' Compartment

B. Allow group Eng-group to inspect instance-family in compartment Dev-Team: Compute and attach the policy to 'SysTest Team' Compartment

C. Allow group Eng-group to read instance-family in compartment Compute and attach the policy to 'Engineering' Compartment.

D. Allow group Eng-group to read instance-family in compartment Dev-Team-.Compute and attach the policy to'Dev-Team'

You are creating an Oracle Cloud Infrastructure Dynamic Group. To determine the members of this group

you are defining a set of matching rules.

Which of the following are the supported variables to define conditions in the matching rules? (Choose

Two)

A. iam.policy.id - the OCID of the IAM policy to apply to the group.

B. instance.tenancy.id - the OCID of the tenancy where the instance resides.

C. tag...value - the tag namespace and tag key.

D. instance.compartment.id - the OCID of the compartment where the instance resides.

You are running a legacy application in a compute instance on Oracle Cloud Infrastructure (OCI). To provide enough space for it to store internal data, a block volume is attached to the instance in paravirtualized mode. Your application is not resilient to crash-consistent backup. What should you do to backup the block volume in a secure and cost effective way? (Choose the best answer.)

A. Save your application data, detach the block volume and create a clone.

B. Create a volume group, add the boot volume and then run the volume group backup.

C. Create a backup, detach the block volume and save your application data.

D. Save your application data, detach the block volume and create a backup.

Which of the following is NOT a good use case for using the functionality available in the Oracle Cloud Infrastructure (OCI) Events service?

A. Publish all events in a specific compartment to Oracle Streaming service for later analysis.

B. Triggers Function using Oracle Functions when new files are uploaded in an OCI Object Storage bucket.

C. Publish a notification when long lived tasks complete, such as OCI Autonomous Database backup completion.

D. Capture Monitoring Alarms and invoke Autoscaling of compute instances.

E. Trigger a notification when a function completes its execution.

You are a solution architect working with a startup that has decided to move their workload to Oracle Cloud Infrastructure. Since their workload is small, upon architecting, you decide its sufficient to use 8 compute instances to run their workload. The company wants to use a common storage for their instances. So, you propose the idea of attaching a block volume to multiple instances to provide a common storage. Which of the below option is NOT true for such a solution?

A. If the block volume is already attached to an instance as read/write non-shareable you can't attach it to another instance until you detach it from the first instance.

B. Block volumes attached as read-only are configured as shareable by default.

C. You can delete a block volume from one instance without detaching it from all other instances there by keeping other instance's storage intact.

D. Once you attach a block volume to an instance as read-only, it can only be attached to other instances as read-only.

You have configured backups for your Oracle Cloud Infrastructure (OCI) 2-node RAC DB systems on virtual machines. In the console, the database backup displays a Failed status. Which of the following options is the most likely reason for this backup issue?

A. The master key stored in OCI Key Management for encryption and decryption of data in the database is not accessible to the backup service.

B. The auth token being used by the Object Store Swift endpoint is incorrect.

C. The allocated storage on the OCI File Storage service file system attached with the database is full.

D. The RMAN backup agent is not compatible with the version of database being used.

You have an application running in Microsoft Azure and want to use Oracle Autonomous Data warehouse (ADW) instance for running business analytics. How can you build a secure solution for such a use-case?

A. Connect the Oracle ADW in your VCN to the Microsoft Azure VNet over the internet.

B. Create a software VPN connection between Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) and Microsoft Azure Virtual Network (VNet) and connect the application with Oracle ADW instance.

C. Setup an interconnect between OCI and Microsoft Azure using FastConnect and ExpressRoute. Use a Service Gateway in OCI Virtual Cloud Network to provide connectivity to the Oracle ADW instance for the application in Microsoft Azure VNet.

D. Create a software Remote Peering Connection between Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) and Microsoft Azure Virtual Network (VNet) and connect the application with Oracle ADW instance.

You have created compartment called Dev for developers. There are two IAM groups for developers: group-devl and group-dev2. You need to write an Identity and Access Management (IAM) policy to give users in these groups access to manage all resources in the compartment Dev. Which of the following IAM policy will accomplish this?

A. Allow any-user to manage all resources in compartment Dev where request.group= /group-dev*/

B. Allow group group-devl group-dev2 to manage all resources in compartment Dev

C. Allow group /group-dev*/ to manage all resources in compartment Dev

D. Allow any-user to manage all resources in tenancy where target.comparment= Dev

A cloud consultant is working on a implementation project on Oracle Cloud Infrastructure (OCI). As part of the compliance requirements, the objects placed in OCI Object Storage should be automatically archived first and then deleted. He is testing a lifecycle policy on Object Storage and created a policy as below:

What will happen after this policy is applied?

A. All the objects having file extension "doc" will be archived for 5 days and will be deleted 10 days after object creation.

B. All objects with names starting with "doc" will be deleted after 5 days of object creation.

C. All the objects having file extension "doc" will be archived 5 days after object creation.

D. All the objects with names starting with "doc" will be archived 5 days after object creation and will be deleted 5 days after archival.

You are tasked with building a highly available, fault tolerant web application for your current employer. The security team is concerned about an increase in malicious web-based attacks across the internet and asked what you can do to add a higher level of security to the website. How should you architect the solution on Oracle Cloud Infrastructure (OCI) to meet all requirements defined by your organization? (Choose the best answer.)

A. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Deploy a Web Application Firewall (WAF) and configure the load balancer public IP address as the origin.

B. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Create a Geolocation steering policy in Traffic Management and add an answer pool that directs to the public IP address of the load balancer. Configure a global catch-all rule to use this answer pool.

C. Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Ensure that each web application server is assigned a public IP address. Deploy a Web Application Firewall (WAF) and configure one Origin for each public IP address.

D. Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Use the OCI Traffic Management service to create a load balancing policy that will resolve DNS evenly between all web servers.

Your company needs to migrate a business critical application from your data center to Oracle Cloud Infrastructure (OCI). The application runs on Oracle Database and both the application and database servers run on Oracle Linux version 7. The application server is WebLogic server running on multiple 4-core servers and the database is deployed as an Oracle Database Enterprise Edition RAC database on 2 servers (4-cores each). Which method of database migration should you choose so that the application has minimal impact? (Choose the best answer.)

A. Deploy Virtual Machine RAC DB system on OCI and use the Oracle Database Backup module with RMAN to migrate the data from customer on-premises to OCI.

B. Deploy Virtual Machine RAC DB system on OCI and use the ZDM tool for the database migration.

C. Deploy Autonomous Transaction Processing Database on OCI and use the MV2ADB tool for the database migration.

D. Deploy Exadata Cloud Service Base rack and use Oracle Data Pump tool to migrate the data from customer on-premises to OCI.