1Z0-997-22 Online Practice Questions and Answers

Which of the following is NOT a good use case for using the functionality available in the Oracle Cloud Infrastructure (OCI) Events service?

A. Publish all events in a specific compartment to Oracle Streaming service for later analysis.

B. Triggers Function using Oracle Functions when new files are uploaded in an OCI Object Storage bucket.

C. Publish a notification when long lived tasks complete, such as OCI Autonomous Database backup completion.

D. Capture Monitoring Alarms and invoke Autoscaling of compute instances.

E. Trigger a notification when a function completes its execution.

A small business specializing in video processing wants to leverage cloud storage in order to lower its costs. They are looking to backup all video data generated, from an existing on- premises file server to Oracle Cloud Infrastructure (OCI). The requirement is to setup continuous data sync as changes are made to on-premises file server. What is the most cost effective solution for this scenario?

A. Set up a Fastconnect virtual Circuit and nightly back up all videos to OCI Archive Storage.

B. Set up file storage service on OCI and mount the file system to an instance running on- premises. Move all the data to this on-premises instance and then sync the videos to the shared file system.

C. Set up a VPN connect connection and back up all videos to Object storage standard bucket. Create a lifecycle policy to move files older than 30 days to Archive Storage.

D. Setup an on-premises OCI Storage Gateway Cloud Sync to back up videos to OCI Object Storage Archive tier.

You are working as a security consultant with a global insurance organization which is using Microsoft Azure Active Directory (AD) as identity provided to manager user login/passwords. When a user logs in to Oracle Cloud infrastructure (OCI) console, it should get authenticated by Azure AD.

Which set of steps are required to configure at OCI side in order to get it enabled

A. Setup Azure AD as an Enterprise Application, map Azure AD users and groups and policies to OCI groups and users

B. Setup Azure AD as an Identity Provider, Import users and groups from Azure AD to OCI, set up IAM policies to govern access to Azure AD groups

C. Setup Azure AD as an Enterprise Application, configure OCI for single sign-on, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups

D. Setup Azure AD as an Identity Provider, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups

You have decided to migrate your application to Oracle Cloud Infrastructure and use Oracle Functions to deploy your microservices.

Which monitoring metrics are available to help you calculate your total cost for using Oracle Functions per month? (Choose Two)

A. Amount of RAM used by your functions.

B. Length of time a function runs.

C. Number of times a function is invoked.

D. Amount of storage used by your functions.

E. Network bandwidth used by your functions.

You are designing the network infrastructure for an application consisting of a web server (server-1) and a Domain Name Server (server-2) running in two different subnets inside the same Virtual Cloud Network (VCN) in Oracle Cloud Infrastructure (OCI). You have a requirement where your end users will access server-1 from the internet and server-2 from your customer's on-premises network. The on-premises network is connected to your VCN over a FastConnect virtual circuit.

How should you design your routing configuration to meet these requirements?

A. Configure a single routing table with two set of rules: one that has route to internet via an Internet Gateway and another that propagates specific routes for the on-premises network via a Dynamic Routing Gateway. Don't associate this routing table with any of the subnets in the VCN.

B. Configure a single routing table with two set of rules: one that has route to internet via an Internet Gateway and another that propagate specific routes to the on-premises network via a Dynamic Routing Gateway. Associate the routing table with all the VCN subnets.

C. Configure two routing tables: first one with a route to internet via an Internet gateway; associate this route table to the subnet containing server-1 .Configure the second route table to propagate specific routes to the on-premises network via a Dynamic Routing Gateway; associate this route table to subnet containing server-2.

D. Configure two routing tables that have rules to route all traffic via a Dynamic Routing Gateway. Associate the two routing tables with all the VCN subnets.

Your security team has informed you that there are a number of malicious requests for your web application coming from a set of IP addresses originating from a country in Europe.

Which of the following methods can be used to mitigate these type of unauthorized requests?

A. Web Application Firewall policy using access control rules

B. Deny rules in Virtual Cloud Network Security Group for the specific set of IP addresses.

C. Delete Internet Gateway from Virtual Cloud Network.

D. Deny rules in Virtual Cloud Network Security Lists for the specific set of IP addresses.

An online registration system Is currently hosted on one large Oracle Cloud Infrastructure (OCT) Bare metal compute Instance with attached block volume to store of the users' data. The registration system accepts the Information from the user, Including documents and photos then performs automated verification and processing to check it the user is eligible for registration.

The registration system becomes unavailable at tunes when there is a surge of users using the system the existing architecture needs improvement as it takes a long time for the system to complete the processing and the attached block volumes are not large enough to use data being uploaded by the users.

Which Is the most effective option to achieve a highly scalable solution?

A. Attach more Block volumes as the data volume increase, use Oracle Notification Service (ONS) to distribute tasks to a pool of compute instances working In parallel, and Auto Scaling to dynamically size the pool of Instances depending on the number of notifications received from the Notification Service. Use Resource Manager stacks to replicate your architecture to another region.

B. Change your architecture to use an OCI Object Storage standard tier bucket, replace the single bare metal instance with a Oracle Streaming Service (OSS) to ingest the Incoming requests and distribute the tasks to a group of compute Instances with Auto Scaling

C. Upgrade your architecture to use a pool of Bare metal servers and configure them to use their local SSDs for faster data access Set up Oracle Streaming Service (OSS) to distribute the tasks to the pool of Bare metal Instances with Auto Scaling to dynamically increase or decrease the pool of compute instances depending on the length of the Streaming queue.

D. Upgrade your architecture to use more Block volumes as the data volume Increases. Replace the single bare metal instance with a group of compute instances with Auto Scaling to dynamically increase or decrease the compute instance pools depending on the traffic.

Which three scenarios are suitable for the use of Oracle Cloud Infrastructure (OCI) Autonomous Transaction Processing - Serverless (ATP-S) deployment? (Choose three.)

A. A well-established, online auction marketplace is running an application where there is database usage 24x7, but also has peaks of activity that are hard to predict. When the peaks happen, the total activities may reach 3 times the normal activity level.

B. A midsize company is considering migrating its legacy on-premises MongoDB database to Oracle Cloud Infrastructure (OCI). The database has significantly higher workloads on weekends than weekdays.

C. A manufacturing company is running Oracle E-Business Suite application on-premises. They are looking to move this application to OCI and they want to use a managed database offering for their database tier.

D. A developer working on an internal project needs to use a database during work hours but doesn't need it during nights or weekends. The project budget requires her to keep costs low.

E. A small startup is deploying a new application for eCommerce and it requires a database to store customers' transactions. The team is unsure of what the load will look like since it is a new application.

You are a cloud architect at a financial organization. The development team is tasked with creating a cloud native application to be hosted on Oracle Cloud Infrastructure (OCI). The development team has followed a microservices-based approach and created containerized images of the cloud-native application and pushed them to OCI Registry (OCIR).

How can you deploy a load balanced application to your OCI Container Engine for Kubernetes (OKE) cluster using these images?

A. Create a load balancer using the OCI load balancer service, add the load balancer service IP in the manifest file, add the location of the docker image to the manifest file, and deploy the manifest file.

B. Create a named secret, add the secret to the manifest file, add the location of the docker image to the manifest file, add the service of type LoadBalancer in the manifest file, and deploy the manifest file.

C. Create an auth token, add the auth token to the manifest file, add the location of the docker image to the manifest file, add the service of type LoadBalancer in the manifest file, and deploy the manifest file.

D. Add the location of the docker image to the manifest file, deploy the manifest file. All applications are load-balanced by default in OKE

You developed a microservices based application that runs on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE). Your security team wants to use SSL termination for this application. What should you do to create a secure SSL termination for this application using fewest steps?

A. Create a self-signed certificate and it's corresponding key. Create a Kubernetes secret using the certificate and the key. Then add these an notations to the Kubernetes service: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443" service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode:"Frontend"

B. Generate a self-signed certificate using Let's Encrypt. Use that certificate on OCI Load Balancer. Create the Kubernetes service usingthis load balancer.

C. Add these annotationsto the Kubernetes service: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443" service.beta.kubernetes.io/oci-load-balancer-ssl-secret-key: ssl-secret-key

D. Create a self-signed certificate and it's corresponding key. Create a Kubernetes secret using then add these annotationsto the Kubernetes service. Service.beta.kubernete.io/oci-load-balancer-ssl-ports: "443" Service.beta.kubernete.io/oci-load-balancer-tls-secret:SSL-CERTIFICATE-SECRET

Your company will soon start moving critical systems Into Oracle Cloud Infrastructure (OCI) platform. These systems will reside in the us-phoenix-1and us-ashburn 1 regions. As part of the migration planning, you are reviewing the company's existing security policies and written guidelines for the OCI platform usage within the company. you have to work with the company managed key.

Which two options ensure compliance with this policy?

A. When you create a new compute instance through OCI console, you use the default options for "configure boot volume" to speed up the process to create this compute instance.

B. When you create a new block volume through OCI console, select Encrypt using Key Management checkbox and use encryption keys generated and stored in OCI Key Management Service.

C. When you create a new compute instance through OCI console, you use the default shape to speed up the process to create this compute instance.

D. When you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option.

E. You do not need to perform any additional actions because the OCI Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption.

A large financial company has a web application hosted in their on-premises data center. They are migrating their application to Oracle Cloud Infrastructure (OCI) and require no downtime while the migration is on-going. In order to achieve this, they have decided to divert only 30% of the application works fine, they divert all traffic to OCI.

As a solution architect working with this customer, which suggestion should you provide them?

A. Use OCI Traffic management with failover steering policy and distribute the traffic between OC1 and on premises infrastructure.

B. Use OCI Traffic management with Load Balancing steering policy and distribute the traffic between OCI and on premises infrastructure.

C. Use an OCI load Balancer and distribute the traffic between OCI and on premises infrastructure.

D. Use VPN connectivity between on premises Infrastructure and OCI, and create routing tables to distribute the traffic between them.

A developer is using Oracle Functions to deploy her code as part of an event-driven solution in Oracle Cloud Infrastructure (OCI). When she invokes her function, Oracle Functions returns a FunctionlnvokelmageNotAvailable message and a 502 error:

Which of the following options is NOT a plausible reason for this error?

A. Missing or invalid IAM policy to give Oracle Functions read access to images stored for functions in repositories in OCI Registry.

B. The function does not exist in the specified location in OCI Registry.

C. The VCN being used does not have an internet gateway or a service gateway configured for Oracle Functions to be able to access OCI Registry.

D. OCI Events service rule is not configured with the correct location of the function in OCI Registry.

An organization has its mission critical application consisting of multiple application servers and databases running inside Virtual Cloud Network (VCN) in uk-london-1 region. Their solution architect wants to further strengthen their architecture by planning for Disaster Recovery (DR) in eu-frankfurt-1 region.

Which two solutions should their architect keep in mind while designing for DR?

A. A remote VCN peering connection is required to establish secure and reliable connectivity between different VCNs created in uk-london-1 and eu-frankfurt-1 region.

B. rsync utility can be used to asynchronously copy file systems or snapshot data to another region.

C. Load balancer will automatically distribute traffic between both the regions.

D. The RTO is the acceptable timeframe of lost data that application can tolerate.

E. It is not possible to use Active Data Guard to synchronize a database in uk-london-1 region to equivalent database in eu-frankfurt-1 region.

Multiple departments In your company use a shared Oracle Cloud Infrastructure (OCI) tenancy to Implement their projects. You are in charge of managing the cost of OCI resources in the tenancy and need to obtain better Insights Into department's usage.

Which three options can you implement together to accomplish this?

A. Create a budget that matches your commitment amount and an alert at 100 percent of the forecast

B. Set up a consolidated budget tracking lags to analyze costs in ,1 granular manner

C. Set up different compartments for each department then track and analyze cost per compartment

D. Use the billing cost tracking report to analyze costs

E. Set up a tag default that automatically applies tags to all specified resources created In a compartment then use these tags for cost analysis.