Oracle Cloud Infrastructure 2020 Architect Professional Exam Questions

Oracle.1Z0-997-20.v2021-03-11.
q47
Exam Code: 1Z0-997-20
Exam Name: Oracle Cloud Infrastructure 2020 Architect Professional
Certification Provider: Oracle
Free Question Number: 47
Version: v2021-03-11
# of views: 122
# of Questions views: 488
https://www.freecram.com/torrent/Oracle.1Z0-997-20.v2021-03-11.q47.html
NEW QUESTION: 1
A retailer bank is currently hosting their mission critical customer application on-premises. The
application has a standard 3 tier architecture -4 application servers process the incoming traffic
and store application data in an Oracle Exadata Database Server. The bank has recently has
service disruption to other inter applications to they are looking to avoid this issue for their mission
critical Customer Application.
Which Oracle Cloud Infrastructure services should you recommend as part of the DR solution?
A. OCI DNS Service' Public Load Balancer, Oracle Database Cloud Backup Service, Object
Storage Service, Oracle Bare Metal Cloud Service, Oracle Bare Metal Cloud Service with
GoldenGate, OCI Container Engines for Kubernetes, Oracle IPSec VPN
B. OCI Traffic Management, Private Load Balancer, Compute instances distributed across
multiple Availability Domains and/or Fault Domains, Exadata Cloud Service with Data Guard,
Oracle FastConnect, Object Storage, Database Cloud backup module
C. OCI Traffic Management, Public toad Balancer, Compute Instances distributed across multiple
Availability Domains and/or Vault domains. Exadata Cloud Service with Data Guard, Oracle
FastConnect, Object Storage, Database cloud backup module
D. OCI DNS Service, Load Balancer as a service using Public Load Balancer distributing traffic
Compute Instance across multiple regions, Oracle RAC Database using Virtual Machines,
Remote Peering connecting two VCNs in different regions. Exadata Cloud Service with
GoldenGate FastConnect, Object Storage, Database Cloud backup module.
Answer: C (LEAVE A REPLY)
OCI Traffic Management Steering Policies can account for health of answers to provide failover
capabilities, provide the ability to load balance traffic across multiple resources, and account for
the location where the query was initiated to provide a simple, flexible and powerful mechanism to
efficiently steer DNS traffic.
Public Load Balancer Accepts traffic from the internet using a public IP address that serves as the
entry point for incoming traffic. Load balancing service creates a primary load balancer and a
standby load balancer, each in a different availability domain
NEW QUESTION: 2
An insurance company is storing critical financial data in the OCI block volume. This volume is
currently encrypted using oracle managed keys. Due to regulatory compliance, the customer
wants to encrypt the data using the keys that they can control and not the keys which are
controlled by Oracle.
What of the following series of tasks are required to encrypt the block volume using customer
managed keys?
A. Create a vault, import your master encryption key into the vault, generate data encryption key,
assign data encryption key to the block volume
B. Create a master encryption key, create a data encryption key, decrypt the block volume using
existing oracle managed keys, encrypt the block volume using the data encryption key
C. Create a vault, create a master encryption key in the vault, assign this master encryption key
to the block volume
D. Create a master encryption key, create a new version of the encryption key, decrypt the block
volume using existing oracle managed keys and encrypt using new version of the encryption key
Explanation
Oracle Cloud Infrastructure Vault lets you centrally manage the encryption keys that protect your
data and the secret credentials that you use to securely access resources. You can use the Vault
service to create and manage the following resources:
Vaults
Keys
Secrets
Vaults securely store master encryption keys and secrets that you might otherwise store in
configuration files or in code.
The Vault service lets you create vaults in your tenancy as containers for encryption keys and
secrets. If needed, a virtual private vault provides you with a dedicated partition in a hardware
security module (HSM), offering a level of storage isolation for encryption keys that's effectively
equivalent to a virtual independent HSM.
NEW QUESTION: 3
You have deployed art application server irt a private Subnet irt your virtual cloud network (VCN).
For the database, you have provisioned an Autonomous Transaction Processing (ATP)
serverless instance. However, you are unable to connect to the database instance from your
application server.
Which two steps would you need to enable this connectivity?
A. Add a stateful egress rule to the security list associated with your private subnet.
Destination CIDR: 0.0.0.0/0
Protocols: All Protocols
B. Add a remote peering connection from your VCN to the ATP VCN
C. Create a NAT Gateway and add the following route rule to the route table of private subnet.
CIDR: 0.0.0.0/0
Target: NAT Gateway
D. Add an internet gateway to your VCN and add a route rule to your private subnet route table.
CIDR: 0.0.0.0/0
Target: Internet Gateway
Answer: A,C (LEAVE A REPLY)
NEW QUESTION: 4
Your company has recently deployed a new web application that uses Oracle functions Your
manager Instructed you to Implement major manage your systems more effectively. You know
that Oracle functions automatically monitors functions on your behalf reports metrics through
Service Metrics.
Which two metrics are collected and made available by this feature?
A. length of time a function runs
B. number of times a function is removed
C. number of times a function is invoked
D. amount of CPU used by a function
E. number of concurrent connections
Answer: A,C (LEAVE A REPLY)
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Reference/functionsmetrics.htm you
can monitor the health, capacity, and performance of functions you've deployed to Oracle
Functions by using metrics Oracle Functions monitors function execution, and collects and
reports metrics such as:
The number of times a function is invoked.
The length of time a function runs for.
The number of times a function failed.
The number of requests to invoke a function that returned a '429 Too Many Requests' error in the
response (known as 'throttled function invocations').
NEW QUESTION: 5
Many development engineers are deploying new instances as part of their projects in Oracle
Cloud Infrastructure tenancy, but majority of these instances have not been tagged. You as an
administrator of this tenancy want to enforce tagging to identify owners who are launching these
instances.
Which option below should be used to implement this requirement?
A. Create a predefined tag with tag variables to automatically tag a resource with usemame.
B. Create a default tag for each compartment which ensure appropriate tags are allowed at
resource creation.
C. Create tag variables for each compartment to automatically tag a resource with user name.
D. Create an IAM policy to automatically tag a resource with the usemame.
Answer: A (LEAVE A REPLY)
NEW QUESTION: 6
You are working for a Travel company and your travel portal application is a collection of
microservices that run on Oracle Cloud Infrastructure Container Engine for Kubernetes. As per
the recent security overview, you have noticed that Oracle has published a newer image of the
Operating System used by the worker nodes. You want to make sure that your application doesn't
face any downtime but at the same time the worker nodes gets upgraded to the latest version of
the Operating System.
What should you do to get this upgrade done without application downtime? (Choose the best
answer.)
A. 1. Shutdown the worker nodes 2. Create a new node pool 3. Manually schedule the pods on
the newly built node pool
B. 1. Create a new node pool using the latest available Operating System image. 2. Run kubectl
cordon <node name> against all the worker nodes in the old pool to stop any new application
pods to get scheduled 3. Run kubectl drain <node name> """"delete""local""data """"force
""""ignore""daemonsets to evict any Pods that are running 4. Delete the old node pool
C. 1. Create a new node pool using the latest available Operating System image 2. Run kubectl
taint nodes """"all node""role.kubernetes.io/master"" 3. Delete the old node pool
D. 1. Run kubectl cordon <node name> against all the worker nodes in the old pool to stop any
new application pods to get scheduled 2. Run kubectl drain <node name> """"delete""local""data
""""force """"ignore""daemonsets to evict any Pods that are running 3. Download the patches for
the new Operating System image 4. Patch the worker nodes to the latest Operating System
image
Answer: (SHOW ANSWER)
https://docs.cloud.oracle.com/en-
us/iaas/Content/ContEng/Tasks/contengupgradingk8sworkernode.htm
NEW QUESTION: 7
You work for a retail company and they developed a Microservices based shopping application
that needs to access Oracle Autonomous Database from the application. As an Architect, you
have been tasked to treat all of the application components as Kubernetes native objects, such as
the microservices, Oracle Autonomous database, Kubernetes services, etc.
What should you do to make sure that you can use Kubernetes constructs to manage the life
cycle of the application components, including Oracle Autonomous Database? (Choose the best
answer.)
A. Create an Oracle Cloud Infrastructure (OCI) Service Gateway and connect to the Oracle
Autonomous Database using the private IP address from the microservice.
B. Provision an Oracle Autonomous Database and then use OCI Service Broker to access the
database as a native component to your Kubernetes cluster.
C. Create a service from the Kubernetes cluster and point to the Oracle Autonomous Database
using its FQDN.
D. Install and secure the OCI Service Broker for Kubernetes. Then provision and bind to the
required Oracle Cloud Infrastructure services.
Answer: D (LEAVE A REPLY)
OCI Service Broker for Kubernetes is an implementation of the Open Service Broker API. OCI
Service Broker for Kubernetes is specifically for interacting with Oracle Cloud Infrastructure
services from Kubernetes clusters. It includes three service broker adapters to bind to the
following Oracle Cloud Infrastructure services: Object Storage Autonomous Transaction
Processing Autonomous Data Warehouse
NEW QUESTION: 8
Which of the following is NOT a good use case for the volume backup feature of the Oracle Cloud
Infrastructure Block Volume service?
A. Rapidly duplicate an environment in seconds to test configuration changes without impacting
your production environment.
B. Meet compliance and regulatory requirements for data to remain unchanged over time, so that
it can be retrieved for audit purposes.
C. Retain a copy of data in a volume, so that you can duplicate an environment later or preserve
the data for future use.
D. Support business continuity requirements of reducing the risk of outages or data mutation over
time.
NEW QUESTION: 9
You have deployed a multi-tier application with multiple compute instances in Oracle Cloud
Infrastructure. You want to back up these volumes and have decided to use 'Volume Groups'
feature. The Block volume and Compute instances exist in different compartments within your
tenancy.
Periodically, a few child compartments are moved under different parent compartments, and you
notice that sometimes volume group backup fails.
What could be the cause?
A. You have the same block volume attached to multiple compute instances; if these compute
instances are in different compartments then all concerned compartments must be moved at the
same time.
B. The Identity and Access Management policy allowing backup failed to move when the
compartment was moved.
C. You are exceeding your volume group backup quota configured.
D. A compute instance with multiple block volumes attached cannot move when a compartment is
moved.
NEW QUESTION: 10
You are building a demo for a customer that showcases Oracle Cloud Infrastructure (OCI) Events
service and Oracle Functions. You plan to create an event every time an image is uploaded to an
OCI Object Storage bucket. You have also created a function that is listening to the event and
processes the image for face recognition.
Choose the two actions from below that are NOT required to run the demo successfully.
A. The function must be deployed only to Oracle Kubernetes Engine (OKE).
B. You have to enable Object Storage buckets to emit events for state changes.
C. You must deploy the function that does facial recognition for the demo to work.
D. Creating an event rule is not permitted for OCI Object storage.
E. You must specify an action type while creating an Event service and specify the function you
want to trigger.
Answer: A,D (LEAVE A REPLY)
NEW QUESTION: 11
Give this compartment structure:
You want to move a compute instance that is in 'Compute' compartment to 'SysTes-Team'.

You login to your Oracle Cloud Infrastructure (OCI)account and use the 'Move Resource' option.
What will happen when you attempt moving the compute resource?
A. The move will be successful though Compute Instance and its Public and Private IP address
will stay the same. The Compute instance VNIC will need to be moved separately. The Compute
instance will still be associated with the original VCN.
B. The move will fail and you will be prompted to move the VCN first. Once VCN is moved to the
target compartment, the Compute instance can be moved.
C. The move will be successful though Compute Instance Public and Private IP address changed,
and it will be associated to the VCN in target compartment.
D. The move will be successful though Compute Instance and its Public and Private IP address
will stay the same. The Compute instance VNIC will still be associated with the original VCN.
Moving Resources to a Different Compartment
Most resources can be moved after they are created. There are a few resources that you can't
move from one compartment to another. Some resources have attached resource dependencies
and some don't.
Not all attached dependencies behave the same way when the parent resource moves.
For some resources, the attached dependencies move with the parent resource to the new
compartment.
The parent resource moves immediately, but in some cases attached dependencies move
asynchronously and are not visible in the new compartment until the move is complete.
For other resources, the attached resource dependencies do not move to the new compartment.
You can move these attached resources independently.
You can move Compute resources such as instances, instance pools, and custom images from
one compartment to another. When you move a Compute resource to a new compartment,
associated resources such as boot volumes and VNICs are not moved.
You can move a VCN from one compartment to another. When you move a VCN, its associated
VNICs, private IPs, and ephemeral IPs move with it to the new compartment.
NEW QUESTION: 12
You have multiple IAM users who launch different types of compute Instances and block volumes
every day. As a result, your Oracle cloud Infrastructure (OCF) tenancy quickly hit the service limit
and you can no longer create any new instances. As you are cleaning up environment, you notice
that the majority of the Instances and block volumes are untagged. Therefore, It is difficult to
pinpoint the owner of these resources verify if they are safe to terminate.
Because of this, your company has issued a new mandate, which requires adding compute
instances.
Which option is the simplest way to implement this new requirement?
A. Create a policy to automatically tag a resource with the user name.
B. Create a policy using IAM requiring users to tag specific resources. This will allow a user to
launch compute instances on\y if certain tags were defined.
C. Create tag variables to automatically tag a resource with the user name.
D. Create a default tag for each compartment, which ensure that appropriate tags are applied at
resource creation
E. Create tag variables for each compartment to automatically tag a resource with the user name.
Tag Variables
You can use a variable to set the value of a defined tag. When you add the tag to a resource, the
variable resolves to the data it represents. You can use tag variables in defined tags and default
tags.
Supported Tag Variables
The following tag variables are supported.
${iam.principal.name} The name of the principal that tagged the resource
${iam.principal.type} The type of principal that tagged the resource.
${oci.datetime} The date and time that the tag was created.
Consider the following example:
Operations.CostCenter=" ${iam.principal.name} at ${oci.datetime} "
Operations is the namespace, CostCenter is the tag key, and the tag value contains two tag
variables ${iam.principal.name} and ${oci.datetime} . When you add this tag to a resource, the
variable resolves to your user name (the name of the principal that applied the tag) and a time
date stamp for when you added the tag.
user_name at 2019-06-18T18:00:57.604Z
The variable is replaced with data at the time you apply the tag. If you later edit the tag, the
variable is gone and only the data remains. You can edit the tag value in all the ways you would
edit any other tag value. To create a tag variable, you must use a specific format.
${<variable>} Type a dollar sign followed by open and close curly brackets. The tag variable goes
between the curly brackets. You can use tag variables with other tag variables and with string
values. Tag defaults let you specify tags to be applied automatically to all resources, at the time of
creation, in a specific compartment. This feature allows you to ensure that appropriate tags are
applied at resource creation without requiring the user who is creating the resource to have
access to the tag namespaces.
https://docs.cloud.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingtagdefaults.htm
NEW QUESTION: 13
You are building a highly available and fault tolerant web application deployment for your
company. Similar application delayed by competitors experienced web site attack including DDoS
which resulted in web server failing.
You have decided to use Oracle Web Application Firewall (WAF) to implement an architecture
which will provide protection against such attacks and ensure additional configuration will you
need to implement to make sure WAF is protecting my web application 24*7.
Which additional configuration will you need to Implement to make sure WAF Is protecting my
web application 24*7?
A. Configure auto scaling policy and it to WAF instance.
B. Configure Control Rules to send traffic to multiple web servers
C. Configure multiple origin servers
D. Configure new rules based on now vulnerabilities and mitigations
Origin Management
An origin is an endpoint (typically an IP address) of the application protected by the WAF. An
origin can be an Oracle Cloud Infrastructure load balancer public IP address. A load balancer IP
address can be used for high availability to an origin. Multiple origins can be defined, but only a
single origin can be active for a WAF. You can set HTTP headers for outbound traffic from the
WAF to the origin server. These name value pairs are then available to the application.
Oracle Cloud Infrastructure Web Application Firewall (WAF) is a cloud-based, Payment Card
Industry (PCI) compliant, global security service that protects applications from malicious and
unwanted internet traffic.
WAF can protect any internet facing endpoint, providing consistent rule enforcement across a
customer's applications. WAF provides you with the ability to create and manage rules for internet
threats including Cross-Site Scripting (XSS), SQL Injection and other OWASP-defined
vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter.
Access rules can limit based on geography or the signature of the request.
Distributed Denial of Service (DDoS)
A DDoS attack is an often intentional attack that consumes an entity's resources, usually using a
large number of distributed sources. DDoS can be categorized into either Layer 7 or Layer 3/4
(L3/4) A layer 7 DDoS attack is a DDoS attack that sends HTTP/S traffic to consume resources
and hamper a website's ability to delivery content or to harm the owner of the site. The Web
Application Firewall (WAF) service can protect layer 7 HTTP-based resources from layer 7 DDoS
and other web application attack vectors.
NEW QUESTION: 14
You are working as a security consultant with a global insurance organization which is using
Microsoft Azure Active Directory as an identity provider to manage user login/passwords. When a
user logs in to Oracle Cloud Infrastructure (OCI) console, it should get authenticated by Azure
AD.
Which set of steps are required to be configured in OCI to meet this requirement?
A. Setup Azure AD as an Identity Provider, map Azure AD groups to OCI groups, set up the IAM
policies to govern access to Azure AD groups.
B. Setup Azure AD as an Enterprise Application, configure OCI for single sign-on, map Azure AD
groups to OCI groups, set up the IAM policies to govern access to Azure AD groups.
C. Setup Azure AD as an Identity Provider, import users and groups from Azure AD to OCI, set
up IAM policies to govern access to Azure AD groups.
D. Setup Azure AD as an Enterprise Application, map Azure AD users, groups and policies to
OCI groups and users.
NEW QUESTION: 15
You have decided to migrate your application to Oracle Cloud Infrastructure and use Oracle
Functions to deploy your microservices.
Which monitoring metrics are available to help you calculate your total cost for using Oracle
Functions per month? (Choose Two)
A. Amount of RAM used by your functions.
B. Length of time a function runs.
C. Network bandwidth used by your functions.
D. Amount of storage used by your functions.
E. Number of times a function is invoked.
Answer: B,E (LEAVE A REPLY)
NEW QUESTION: 16
A company has an urgent requirement to migrate 300 TB of data to Oracle Cloud Infrastructure
(OCI) In two weeks. Their data center has been recently struck by a massive hurricane and the
building has been badly damaged, although still operational. They have a 100 Mbps Internet line
but the connection is Intermittent due to the damages caused to the electrical grid in this scenario,
what is the most effective service to use to migrate the data to OCI given the time constraints?
A. Setup a OCI Storage Gateway to connect your data center and your VCN. Once the
connection has been established, upload all data to OCI using OCI Storage Gateway Cloud Sync
tool.
B. Setup a hybrid network by launching aIGbpsFastConnect virtual circuit between your data
center and OCI. Use OCI Object storage multipart upload tool to automate the migration of your
data to OCI.
C. Use multiple OCI Data Transfer Appliances to transfer data to OCI.
D. Upload the data to OCI using OCI Object Storage multipart upload tool.
E. Storage Gateway to connect your data center and your VCN. Once the connection has been
established, upload all data to OCI.
Due to the network speed is not good enough and the connection is Intermittent due to the
damages caused to the electrical grid Oracle offers offline data transfer solutions that let you
migrate data to Oracle Cloud Infrastructure.
You have 2 Options of Data Transfer
DISK-BASED DATA TRANSFER
You send your data as files on encrypted commodity disk to an Oracle transfer site. Operators at
the Oracle transfer site upload the files into your designated Object Storage bucket in your
tenancy.
APPLIANCE-BASED DATA TRANSFER
you send your data as files on secure, high-capacity, Oracle-supplied storage appliances to an
Oracle transfer site. Operators at the Oracle transfer site upload the data into your designated
Object Storage bucket in your tenancy.
Valid 1Z0-997-20 Dumps shared by Prepawayexam.com for Helping Passing 1Z0-997-20

Exam! Prepawayexam.com now offer the newest 1Z0-997-20 exam dumps, the
Prepawayexam.com 1Z0-997-20 exam questions have been updated and answers have
been corrected get the newest Prepawayexam.com 1Z0-997-20 dumps with Test Engine
here: https://www.prepawayexam.com/Oracle/braindumps.1Z0-997-20.ete.file.html (135 Q&As
Dumps, 40%OFF Special Discount: freecram)
NEW QUESTION: 17
Your customer recently ordered for a 1-Gbps Fast Connect connection In ap-tokyo-1 region of
Oracle Cloud Infrastructure (OCI). They will us this to one Virtual cloud Network (VCN) in their
production (OC1) tenancy and VCN In their development OC1 tenancy As a Solution Architect,
how should yon configure and architect the connectivity between on premises and VCNs In OCI?
A. Create two private virtual circuits on the FastConnect link. Create two Dynamic Routing
Gateways, one for each VCNs. Attach the virtual circuits to the dynamic routing gateways.
B. You cannot achieve connectivity using single FastConnect link as the production and the
development VCNs-are in separate tenancies. Request one more FastConnect connection.
C. Create a single private virtual circuit over FastConnect and attach fastConnect to either of the
VCN's Dynamic Routing Gateway. Use Remote Peering to peer production and development
VCNs.
D. Create a hub-VCN that uses Dynamic Routing Gateway (DRG) to communicate with on-
premises network over FastConnect. Connect the hub-VCN to the production VCN spoke and
with development VCN spoke, each peered via their respective local Peering Gateway (LPG)
There's an advanced routing scenario called transit routing that enables communication between
an onpremises network and multiple VCNs over a single Oracle Cloud Infrastructure FastConnect
or IPSec VPN.
The VCNs must be in the same region and locally peered in a hub-and-spoke layout. As part of
the scenario, the VCN that is acting as the hub has a route table associated with each LPG
(typically route tables are associated with a VCN's subnets).
NEW QUESTION: 18
As a solution architect, you are designing a web application to be deployed across multiple Oracle
Cloud Infrastructures (OCI) regions for a global audience. Your goal is that users from each
region should access the application web servers deployed in their own geographical OCI
location.
Which OCI feature can be used to achieve this?
A. OCI Traffic Management GeoLocation steering policy
B. OCI Public Load Balancers
C. OCI Global Load balancers
D. OCI Traffic Management IP Prefix steering policy
NEW QUESTION: 19
A civil engineering company is running an online portal In which engineers can upload there
constructions photos, videos, and other digital files.
There is a new requirement for you to implement: the online portal must offload the digital content
to an Object Storage bucket for a period of 72 hours. After the provided time limit has elapsed,
the portal will hold all the digital content locally and wait for the next offload period.
Which option fulfills this requirement?
A. Create a pre-authenticated URL for the entire Object Storage bucket to read and list the
content with an expiration of 72 hours.
B. Create a pre authenticated URL lot each object that Is uploaded to the Object Storage bucket
with an expiration of 72 hours.
C. Create a Dynamic Group with matching rule for the portal compute Instance and grant access
to the Object Storage bucket for 72 hours.
D. Create a pre authenticated URL for the entire Object Storage bucket to write content with an
expiration of 72 hours.
Pre-authenticated requests provide a way to let users access a bucket or an object without having
their own credentials, as long as the request creator has permission to access those objects.
For example, you can create a request that lets operations support user upload backups to a
bucket without owning API keys. Or, you can create a request that lets a business partner update
shared data in a bucket without owning API keys.
When creating a pre-authenticated request, you have the following options:
You can specify the name of a bucket that a pre-authenticated request user has write access to
and can upload one or more objects to.
You can specify the name of an object that a pre-authenticated request user can read from, write
to, or read from and write to.
Scope and Constraints
Understand the following scope and constraints regarding pre-authenticated requests:
Users can't list bucket contents.
You can create an unlimited number of pre-authenticated requests.
There is no time limit to the expiration date that you can set.
You can't edit a pre-authenticated request. If you want to change user access options in response
to changing requirements, you must create a new pre-authenticated request.
The target and actions for a pre-authenticated request are based on the creator's permissions.
The request is not, however, bound to the creator's account login credentials. If the creator's login
credentials change, a pre-authenticated request is not affected.
You cannot delete a bucket that has a pre-authenticated request associated with that bucket or
with an object in that bucket.
NEW QUESTION: 20
By copying block volume backups to another region at regular intervals, it makes it easier for you
to rebuild applications and data in the destination region if a region-wide disaster occurs in the
source region.
Which IAM Policy statement allows the VolumeAdmins group to copy volume backups between
regions '
A. Allow group VolumeAdmins to use volumes in tenancy
B. Allow group VolumeAdmins to copy volume' backups in tenancy
C. Allow group VolumeAdmins to manage volume-family In tenancy
D. Allow group VolumeAdmins to inspect volumes in tenancy
The backups feature of the Oracle Cloud Infrastructure Block Volume service lets you make a
point-intime snapshot of the data on a block volume.These backups can then be restored to new
volumes either immediately after a backup or at a later time that you choose.
You can copy block volume backups between regions using the Console, command line interface
(CLI), SDKs, or REST APIs.
To copy volume backups between regions, you must have permission to read and copy volume
backups in the source region, and permission to create volume backups in the destination region.
to do all things with block storage volumes, volume backups, and volume groups in all
compartments with the exception of copying volume backups across regions.
Allow group VolumeAdmins to manage volume-family in tenancy
The aggregate resource type volume-family does not include the VOLUME_BACKUP_COPY
permission, so to enable copying volume backups across regions you need to ensure that you
include the third statement in that policy, which is:
Allow group VolumeAdmins to use volume-backups in tenancy where
request.permission='VOLUME _BACKUP_COPY'
NEW QUESTION: 21
You have configured backups for your Oracle Cloud Infrastructure (OCI) 2-node RAC DB systems
on virtual machines. In the console, the database backup displays a Failed status.
Which of the following options is the most likely reason for this backup issue?
A. The master key stored in OCI Key Management for encryption and decryption of data in the
database is not accessible to the backup service.
B. The auth token being used by the Object Store Swift endpoint is incorrect.
C. The allocated storage on the OCI File Storage service file system attached with the database
is full.
D. The RMAN backup agent is not compatible with the version of database being used.
Answer: B (LEAVE A REPLY)
NEW QUESTION: 22
As a part of migration exercise for an existing on premises application to Oracle Cloud
Infrastructure (OCT), yon ore required to transfer a 7 TB file to OCI Object Storage. You have
decided to upload functionality of Object Storage.
Which two statements are true?
A. Active multipart upload can be checked by listing all parts that have been uploaded, however It
Is not possible to list information for individual object part in an active multipart upload
B. It is possible to spill this fileInto multiple parts using the APIs provided by Object Storage.
C. It is possible to split this file into multiple parts using rclone tool provided by Object Storage.
D. After initiating a multipart upload by making a CreateMultlPartUpload RESI API Call, the
upload remains active until you explicitly commit it or abort.
E. Contiguous numbers need to be assigned for each part so that Object Storage constructs the
object by ordering, part numbers in ascending order
You can check on an active multipart upload by listing all parts that have been uploaded. (You
cannot list information for an individual object part in an active multipart upload.) After you finish
creating object parts, initiate a multipart upload by making a CreateMultipartUpload REST API
call. Provide the object name and any object metadata. Object Storage responds with a unique
upload ID that you must include in any requests related to this multipart upload. Object Storage
also marks the upload as active. The upload remains active until you explicitly commit it or abort
it.
NEW QUESTION: 23
An insurance company is storing critical financial data in the Oracle Cloud Infrastructure block
volume. This volume is currently encrypted using oracle managed keys. Due to regulatory
compliance, the customer wants to encrypt the data using the keys that they can control and not
the keys which are controlled by Oracle.
What of the following series of tasks are required to encrypt the block volume using customer
managed keys?
A. Create a vault, create a master encryption key in the vault, assign this master encryption key
to the block volume.
B. Create a master encryption key, create a data encryption key, decrypt the block volume using
existing oracle managed keys, encrypt the block volume using the data encryption key.
C. Create a master encryption key, create a new version of the encryption key, decrypt the block
volume using existing oracle managed keys and encrypt using new version of the encryption key.
D. Create a vault import your master encryption key into the vault, generate data encryption key,
assign data encryption key to the block volume.
NEW QUESTION: 24
You have provisioned a new VM.DenseIO2.24 compute instance with local NVMe drives. The
compute instance is running production application. This is a write heavy application, with a
significant Impact to the business it the application goes down.
What should you do to help maintain write performance and protect against NVMe devices failure.
A. Configure RAID 6 for NVMe devices.
B. Configure RAID 1 for NVMe devices.
C. Configure RAID 10 for NVMe devices.
VM.DeselO2.24 compute instance include locally attached NVMe devices. These devices provide
extremely low latency, high performance block storage that is ideal for big data, OLTP, and any
other workload that can benefit from high-performance block storage.
A protected RAID array is the most recommended way to protect against an NVMe device failure.
There are three RAID levels that can be used for the majority of workloads:
RAID 1: An exact copy (or mirror) of a set of data on two or more disks; a classic RAID 1 mirrored
pair contains two disks RAID 10: Stripes data across multiple mirrored pairs. As long as one disk
in each mirrored pair is functional, data can be retrieved RAID 6: Block-level striping with two
parity blocks distributed across all member disks If you need the best possible performance and
can sacrifice some of your available space, then RAID 10 array is an option.
D. NVMe drive have built in capability to recover themself so no other actions are required
NEW QUESTION: 25
You have been asked to review some network proposals by a major client. The client's IT director
needs to provision two Virtual Cloud Network (VCN) for a major application. Both applications use
a large number of virtual machine instances, and so will ideally occupy VCNs with as many
address spaces as possible. Additionally, in the future, VCN peering will be required to allow
communication between the VCNs.
Which of the following are valid IP ranges to consider for the VCNs?
A. 10.0.0.0/24 and 10.0.1.0/24
B. 10.0.1.0/24 and 10.0.1.0/27
C. 10.0.0.0/16 and 10.0.64.0/24
D. 10.0.0.0/8 and 11.0.0.0/8
NEW QUESTION: 26
A global retailer is setting up the cloud architecture to be deployed in Oracle Cloud infrastructure
(OCI) which will have thousands of users from two major geographical regions: North America
and Asia Pacific. The requirements of the services are:
* Service needs to be available 27/7 to avoid any business disruption
* North American customers should be served by application running In North American regions
* Asia Pacific customers should be served by applications running In Asia Pacific regions
* Must be resilient enough to handle the outage of an entire OCI region
A. OCl DNS, Traffic Management with Failover steering policy
B. OCl DNS, Traffic Management with Geolocation steering policy. Health Checks
C. OCl DNS, Traffic Management with Geolocation steering policy
D. OCl DNS,' Traffic Management with Load Balancer steering policy, Health Checks
GEOLOCATION STEERING
Geolocation steering policies distribute DNS traffic to different endpoints based on the location of
the end user. Customers can define geographic regions composed of originating continent,
countries or states/provinces (North America) and define a separate endpoint or set of endpoints
for each region. Combine with Oracle Health Checks to fail over from one region to another
NEW QUESTION: 27
You have designed and deployed your Autonomous Data Warehouse (ADW) such that it is
accessible from your on-premises data center and servers running on both private and public
networks in Oracle Cloud Infrastructure (OCI).
As you are testing the connectivity to your ADW database from the different access paths, you
notice that the server running on the private network is unable to connect to ADW. Which two
steps do you need to take to enable connectivity from the server on the private network to ADW?
(Choose two.)
A. Add an entry in the Security List of the ADW allowing ingress traffic for C10R block 10.2.2.0/24
B. Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/:
target type of NAT Gateway, add a stateful egress rule to the security list (associated with the
private subnet) with destination of 0.0.0.0./0 and for all IP protocols.
C. Add an entry in the access table list of ASW for CIDR block 10.2.2.0/24.
D. Add an entry in the route table (associated with the private subnet) with destination of
0.0.0.0./0; target type of internet Gateway, add a stateful egress in the security list (associated
with the private subnet) with destination of 0.0.0.0/0 and for all IP protocols.
E. Add an entry in the access control list of ADW for IP address 129.146.160.11
Answer: B,E (LEAVE A REPLY)
There are 3 connections to ADW
1- Connecting to (ADW) from Public Internet
2- Connecting to ADW (via NAT or Service Gateway) from a server running on a private subnet in
OCI (in the same tenancy)
3- Connecting to ADW (via internet Gateway) from a server running on a public subnet in OCI (in
the same tenancy
NEW QUESTION: 28
An online registration system Is currently hosted on one large Oracle Cloud Infrastructure (OCT)
Bare metal compute Instance with attached block volume to store of the users' dat a. The
registration system accepts the Information from the user, Including documents and photos then
performs automated verification and processing to check it the user is eligible for registration.
The registration system becomes unavailable at tunes when there is a surge of users using the
system the existing architecture needs improvement as it takes a long time for the system to
complete the processing and the attached block volumes are not large enough to use data being
uploaded by the users.
Which Is the most effective option to achieve a highly scalable solution?
A. Upgrade your architecture to use a pool of Bare metal servers and configure them to use their
local SSDs for faster data access Set up Oracle Streaming Service (OSS) to distribute the tasks
to the pool of Bare metal Instances with Auto Scaling to dynamically increase or decrease the
pool of compute instances depending on the length of the Streaming queue.
B. Change your architecture to use an OCI Object Storage standard tier bucket, replace the
single bare metal instance with a Oracle Streaming Service (OSS) to ingest the Incoming
requests and distribute the tasks to a group of compute Instances with Auto Scaling
C. Attach more Block volumes as the data volume increase, use Oracle Notification Service
(ONS) to distribute tasks to a pool of compute instances working In parallel, and Auto Scaling to
dynamically size the pool of Instances depending on the number of notifications received from the
Notification Service. Use Resource Manager stacks to replicate your architecture to another
region.
D. Upgrade your architecture to use more Block volumes as the data volume Increases. Replace
the single bare metal instance with a group of compute instances with Auto Scaling to
dynamically increase or decrease the compute instance pools depending on the traffic.
NEW QUESTION: 29
You want to automate the processing of new Image files to generate thumbnails. the expected
rate is 10 new files every hour.
Which of the following is the most cost effective option to meet this requirement in Oracle Cloud
Infrastructure (OCI)?
A. Upload files to an OCI Object storage bucket. Every time a file is uploaded, an event is
emitted. Write a rule to filter these events with an action to trigger a function in Oracle Functions.
The function processes the image in the file and stores the thumbnails back in an Object storage
bucket.
B. Upload files to an OCI Object storage bucket. Every time a file is uploaded, trigger an event
with an action to provision a compute instance with a cloud-init script to access the file, process it
and store it back in an Object storage bucket. Terminate the instance using Autoscaling policy
after the processing is finished.
C. Build a web application to ingest the files and save them to a NoSQL Database. Configure OCI
Events service to trigger a notification using Oracle Notification Service (ONS). ONS invokes a
custom application to process the image files to generate thumbnails. Store thumbnails in a
NoSQL Database table.
D. Upload all files to an Oracle Streaming Service (OSS) stream. Set up a cron job to invoke a
function in Oracle Functions to fetch data from the stream. Invoke another function to process the
image files and generate thumbnails. Store thumbnails in another OSS stream.
You can invoke a function that you've deployed to Oracle Functions by triggered by an event in
the Events service when update the Object storage to fetch the data then the function can
process the File and store back to Object storage
NEW QUESTION: 30
A manufacturing company is planning to migrate their on-premises database to Oracle Cloud
Infrastructure and has hired you for the migration. Customer has provided following information
regarding their existing on-premises database:
Database version, database character set, storage for data staging, acceptable length of system
outage.
What additional information do you need from customer in order to recommend a suitable
migration method? (Choose Two)
A. Elapsed time since database was last patched.
B. Top 5 longest running queries.
C. Data types used in the on-premises database.
D. On-Premises host operating system and version.
E. Number of active connections.
NEW QUESTION: 31
You are working as a solution architect with a global automotive provider who is looking to create
a multi-cloud solution. They want to run their application tier in Microsoft Azure while utilizing the
Oracle DB Systems in the Oracle Cloud Infrastructure (OCI).
What is the most-fault tolerant and secure solution for this customer? (Choose the best answer.)
A. Deploy the Oracle database system into a public subnet in your VCN and assign a public IP
address. Connect your application tier running in Azure to the public IP address of the database
system over the internet.
B. Create a FastConnect virtual circuit with Microsoft Azure as the provider to establish a private
interconnect between the application tier running in the Azure Virtual Network and the OCI VCN
that contains the Oracle Databases.
C. Create an encrypted, Virtual Private Network connection between the Microsoft Azure Virtual
Network that contains the application tier and the OCI Virtual Cloud Network (VCN) that contains
the Oracle Databases.
D. Use an OCI Virtual Cloud Network remote peering connection to create a remote network
connection between the application tier running in Microsoft Azure Virtual Network and Oracle
Databases running in the OCI Virtual Cloud Network (VCN).
https://docs.oracle.com/en/solutions/learn-azure-oci-interconnect/index.html#GUID-FBE38C70-
A4CF-40C5-A37A-121241D21199

NEW QUESTION: 32
An E-Commerce company wants to deploy their web application for Oracle Database on Oracle
Cloud Infrastructure (OCIJ DB Systems. In compliance with the business continuity program of
the business, they need to provide a Recovery Point Objective (RPO) of 1 hour and a Recovery
Time Objective (RTO) of 5 minutes. The web application should be highly available within the
region and meet the RTO and RPO requirements in case of a region outage.
Which approach is the most suitable and cost effective configuration for this scenario?
A. Deploy a 1 node VM Oracle database in one region. Manually Configure a Recovery Manager
(RMAN) database backup schedule to take hourly database backups. Asynchronously copy the
database backups to object storage in another OCI region. If the primary OCI region is
unavailable, launch a new 1 node VM Database in the other OCI region and restore the
production database from the backup.
B. Deploy an Autonomous Transaction Processing (Serverless) database in one region and
replicate it to an Autonomous Transaction Processing (Serverless) database in another region
using Oracle GoldenGate.
C. Deploy a 1 node VM Oracle database in one region and replicate the database to a 1 node VM
Oracle database in another region using a manual setup and configuration of Oracle Data Guard.
D. Deploy a 2 node Virtual Machine (VM) Oracle RAC database in one region and replicate the
database to a 2 node VM Oracle RAC database in another region using a manual setup and
configuration of Oracle Data Guard.
NEW QUESTION: 33
You are advising the database administrator responsible for managing non-production
environment for Oracle Autonomous Database running on Oracle Cloud Infrastructure. You need
to help the database administrator ensure that the non-production environments have a copy of
the current data from the production environment in a manner that is most time-efficient.
Which method should you recommend? (Choose the best answer.)
A. Take a full database backup of the production Autonomous database and create the non-
production database from it.
B. Create a metadata clone of the production Autonomous Database and create the non-
production database from it.
C. Create a full clone of the production Autonomous Database and create the non-production
database from it.
D. Take a Data Pump export of the production Autonomous database and import into the non-
production database.
https://www.oracle.com/database/technologies/datawarehouse-bigdata/adb-faqs.html
NEW QUESTION: 34
A manufacturing company is planning to migrate their on-premises database to OCI and has
hired you for the migration. Customer has provided following information regarding their existing
onpremises database:
Database version, host operating system and version, database character set, storage for data
staging, acceptable length of system outage.
What additional information do you need from customer in order to recommend a suitable
migration method? Choose two
A. Elapsed time since database was last patched
B. On-premises host operating system and version
C. Number of active connections
D. Data types used in the on-premises database
E. Top 5 longest running queries
Answer: B,D (LEAVE A REPLY)
Not all migration methods apply to all migration scenarios. Many of the migration methods apply
only if specific characteristics of the source and destination databases match or are compatible.
Moreover, additional factors can affect which method you choose for your migration from among
the methods that are technically applicable to your migration scenario.
Some of the characteristics and factors to consider when choosing a migration method are:
On-premises database version
Database service database version
On-premises host operating system and version
On-premises database character set
Quantity of data, including indexes
Data types used in the on-premises database
Storage for data staging
Acceptable length of system outage
Network bandwidth
NEW QUESTION: 35
Your company will soon start moving critical systems Into Oracle Cloud Infrastructure (OCI)
platform. These systems will reside in the us-phoenix-1and us-ashburn 1 regions. As part of the
migration planning, you are reviewing the company's existing security policies and written
guidelines for the OCI platform usage within the company. you have to work with the company
managed key.
Which two options ensure compliance with this policy?
A. When you create a new compute instance through OCI console, you use the default options
for "configure boot volume" to speed up the process to create this compute instance.
B. When you create a new block volume through OCI console, select Encrypt using Key
Management checkbox and use encryption keys generated and stored in OCI Key Management
Service.
C. When you create a new compute instance through OCI console, you use the default shape to
speed up the process to create this compute instance.
D. When you create a new OCI Object Storage bucket through OCI console, you need to choose
"ENCRYPT USING CUSTOMER-MANAGED KEYS" option.
E. You do not need to perform any additional actions because the OCI Block Volume service
always encrypts all block volumes, boot volumes, and volume backups at rest by using the
Advanced Encryption Standard (AES) algorithm with 256-bit encryption.
Block Volume Encryption
By default all volumes and their backups are encrypted using the Oracle-provided encryption
keys. Each time a volume is cloned or restored from a backup the volume is assigned a new
unique encryption key.
You have the option to encrypt all of your volumes and their backups using the keys that you own
and manage using the Vault service.If you do not configure a volume to use the Vault service or
you later unassign a key from the volume, the Block Volume service uses the Oracle-provided
encryption key instead.
This applies to both encryption at-rest and in-transit encryption.

Object Storage Encryption
Object Storage employs 256-bit Advanced Encryption Standard (AES-256) to encrypt object data
on the server. Each object is encrypted with its own data encryption key. Data encryption keys
are always encrypted with a master encryption key that is assigned to the bucket. Encryption is
enabled by default and cannot be turned off. By default, Oracle manages the master encryption
key. However, you can optionally configure a bucket so that it's assigned an Oracle Cloud
Infrastructure Vault master encryption key that you control and rotate on your own schedule.
Encryption: Buckets are encrypted with keys managed by Oracle by default, but you can
optionally encrypt the data in this bucket using your own Vault encryption key. To use Vault for
your encryption needs, select Encrypt Using Customer-Managed Keys. Then, select the Vault
Compartment and Vault that contain the master encryption key you want to use. Also select the
Master Encryption Key Compartment and Master Encryption Key.
NEW QUESTION: 36
You are a solutions architect for a global health care company which has numerous data centers
around the globe. Due to the ever growing data that your company is storing, you were Instructed
to set up a durable, cost effective solution to archive you data from your existing on-premises
tape based backup Infrastructure to Oracle Cloud Infrastructure (OCI).
What is the most-effective mechanism to Implement this requirement?
A. Use the File Storage Service in OCI and copy the data from your existing tape based backup
to the shared file system
B. Setup an on premises OCI Storage Gateway which will back up your data to OCI Object
Storage Archive tier.(Correct)
C. Setup an on premises OCI Storage Gateway which will back up your data to OCI object
Storage Standard tier. Use Object Storage life cycle policy management to move any data older
than 30 days from Standard to Archive tier.
D. Setup an on-promises OCI Storage Gateway which will back up your data to OCI Object
Storage Standard
E. Setup fastConnect to connect your on premises network to your OCI VCN and use rsync tool
to copy your data to OCI Object Storage Archive tier.
Oracle Cloud Infrastructure offers two distinct storage tiers for you to store your unstructured
data. Use the Object Storage Standard tier for data to which you need fast, immediate, and
frequent access. Use the Archive Storage service's Archive tier for data that you access
infrequently, but which must be preserved for long periods of time. Both storage tiers use the
same manageable resources (for example, objects and buckets). The difference is that when you
upload a file to Archive Storage, the object is immediately archived. Before you can access an
archived object, you must first restore the object to the Standard tier.
you can use Storage Gateway to move files to Oracle Cloud Infrastructure Archive Storage as a
cost effective backup solution. You can move individual files and compressed or uncompressed
ZIP or TAR archives. Storing secondary copies of data is an ideal use case for Storage Gateway.
NEW QUESTION: 37
You have been asked to implement a bespoke financial application in Oracle Cloud Infrastructure
using virtual machine instances controlled by Autoscaling across multiple Availability Domains.
The application stores transaction logs, intermediate transaction data, and audit data and needs
to store this on a persistent, durable data store accessible from all of the application servers. The
application requires the file system to be mounted in the /audit folder on the Linux file system. The
system needs to tolerate the failure of two or more Fault Domains and still maintain data integrity.
The solution should be as low maintenance as possible.
What storage architecture should you suggest?
A. Use File Storage Service(FSS). Configure FSS to operate from all Availability Domains the
application servers operate in and mount the file system in the /audit folder.
B. Implement a single instance and install an NFS server, configure and create an NFS share,
and mount this as /audit on the application instances.
C. Use locally attached NVMe instances and configure RAID 0 replication between servers.
D. Store the data on Oracle Object Storage mounted at the /audit mount point on all the Linux
instances using the default mount options.
NEW QUESTION: 38
You are responsible for migrating your on premises legacy databases on 11.2.0.4 version to
Autonomous Transaction Processing Dedicated (ATP-D) In Oracle Cloud Infrastructure (OCI). As
a solution architect, you need to plan your migration approach.
Which two options do you need to implement together to migrate your on premises databases to
OCI?
A. Use Oracle Data Guard to keep on premises database always active during migration
B. Retain changes to Oracle shipped privileges, stored procedures or views In the on-premises
databases.
C. Use Oracle GoldenGate replication to keep on premises database online during migration.
D. Convert on-premises databases to PDB, upgrade to 19c, and encrypt Migration.
E. Retain all legacy structures and unsupported features (e.g. taw U>Bs) In the onuses
databases for migration.
Autonomous Database is an Oracle Managed and Secure environment.
A physical database can't simply be migrated to autonomous because:
- Database must be converted to PDB, upgraded to 19c, and encrypted
- Any changes to Oracle shipped privileges, stored procedures or views must be removed
- All legacy structures and unsupported features must be removed (e.g. legacy LOBs)
GoldenGate replication can be used to keep database online during migration
NEW QUESTION: 39
A global media organization is working on a project which lets users upload their videos to the
site. After upload is complete, the video should be automatically processed by an Al algorithm.
The algorithm will try to recognize certain actions in the videos so that it can be used to show
related advertisements in future. The development team wants to focus on writing Al code and not
worry about underlying infrastructure for high availability, scalability, security and monitoring.
Which Oracle Cloud Infrastructure (OCI) services would meet these requirements?
A. OCI Events, Oracle Container Engine for Kubernetes and OCI Digital Assistant.
B. OCI Object Storage, OCI Events service and OCI Functions.
C. Oracle Container Engine for Kubernetes, OCI Notifications and OCI Object Storage.
D. OCI Resource Manager, OCI Functions and OCI Events service.
NEW QUESTION: 40
Your Oracle database is deployed on-premises and has produced 100 TB database backup
locally. You have a disaster recovery plan that requires you to create redundant database
backups in Oracle Cloud Infrastructure (OCI).
Once the initial backup is completed, the backup must be available for retrieval in less than 30
minutes to support the Recovery Time Objective (RTO) of your solution.
Which is the most cost effective option to meet these requirements?
A. Setup a FastConnect connection between on-premises data center and OCI. Then to use OCI
CLI command to upload database backups to OCI Object Storage Standard tier as the final
destination.
B. Use OCI Storage Gateway to transfer the backup files to OCI Object Storage Standard tier as
the final destination.
C. Setup an IPsec VPNConnect between on-premises data center and OCI. Then to use OCI CLI
command to upload database backups to OCI Object Storage Archive tier as the final destination.
D. Use OCI Storage Gateway to transfer the backup files to OCI Object Storage Archive tier as
the final destination.
NEW QUESTION: 41
You are working as a security consultant with a global insurance organization which is using
Microsoft Azure Active Directory (AD) as identity provided to manager user login/passwords.
When a user logs in to Oracle Cloud infrastructure (OCI) console, it should get authenticated by
Azure AD.
Which set of steps are required to configure at OCI side in order to get it enabled
A. Setup Azure AD as an Enterprise Application, map Azure AD users and groups and policies to
OCI groups and users
B. Setup Azure AD as an Identity Provider, Import users and groups from Azure AD to OCI, set
up IAM policies to govern access to Azure AD groups
C. Setup Azure AD as an Enterprise Application, configure OCI for single sign-on, map Azure AD
groups to OCI groups, set up the IAM policies to govern access to Azure AD groups
D. Setup Azure AD as an Identity Provider, map Azure AD groups to OCI groups, set up the IAM
policies to govern access to Azure AD groups
Federating with Microsoft Azure Active Directory
To federate with Azure AD, you set up Oracle Cloud Infrastructure as a basic SAML single sign-
on application in Azure AD. To set up this application, you perform some steps in the Oracle
Cloud Infrastructure Console and some steps in Azure AD.
Following is the general process an administrator goes through to set up the federation. Details
for each step are given in the next section.
In Oracle Cloud Infrastructure, download the federation metadata document.
In Azure AD, set up Oracle Cloud Infrastructure Console as an enterprise application.
In Azure AD, configure the Oracle Cloud Infrastructure enterprise application for single sign-on.
In Azure AD, set up the user attributes and claims.
In Azure AD, download the Azure AD SAML metadata document.
In Azure AD, assign user groups to the application.
In Oracle Cloud Infrastructure, set up Azure AD as an identity provider.
In Oracle Cloud Infrastructure, map your Azure AD groups to Oracle Cloud Infrastructure groups.
In Oracle Cloud Infrastructure, set up the IAM policies to govern access for your Azure AD
groups.
Share the Oracle Cloud Infrastructure sign-in URL with your user
NEW QUESTION: 42
A hospital in Austin has hosted its web based medical records portal entirely In Oracle cloud
Infrastructure (OCI) using Compute Instances for its web-tier and DB system database for its data
tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the
security professional to check their systems it was found that there are a lot of unauthorized
coming requests coming from a set of IP addresses originating from a country in Southeast Asia.
Which option can mitigate this type of attack?
A. Block the attacking IP address by creating by Network Security Group rule to deny access to
the compute Instance where the web server Is running
B. Block the attacking IP address by implementing a OCI Web Application Firewall policy using
Access Control Rules
C. Mitigate the attack by changing the Route fable to redirect the unauthorized traffic to a dummy
Compute instance
D. Block the attacking IP address by creating a Security List rule to deny access to the subnet
where the web server Is running
WAF can protect any internet facing endpoint, providing consistent rule enforcement across a
customer's applications.
WAF provides you with the ability to create and manage rules for internet threats including Cross-
Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can
be mitigated while tactically allowed desirable bots to enter. Access rules can limit based on
geography or the signature of the request.
As a WAF administrator you can define explicit actions for requests that meet various conditions.
Conditions use various operations and regular expressions. A rule action can be set to log and
allow, detect, or block requests
NEW QUESTION: 43
You are a solution architect working with a startup that has decided to move their workload to
Oracle Cloud Infrastructure. Since their workload is small, upon architecting, you decide its
sufficient to use 8 compute instances to run their workload. The company wants to use a common
storage for their instances. So, you propose the idea of attaching a block volume to multiple
instances to provide a common storage.
Which of the below option is NOT true for such a solution?
A. If the block volume is already attached to an instance as read/write non-shareable you can't
attach it to another instance until you detach it from the first instance.
B. You can delete a block volume from one instance without detaching it from all other instances
there by keeping other instance's storage intact.
C. Block volumes attached as read-only are configured as shareable by default.
D. Once you attach a block volume to an instance as read-only, it can only be attached to other
instances as read-only.
NEW QUESTION: 44
Which of the below options for private access to services within Oracle Cloud Infrastructure (OCI)
is NOT valid?
A. The private endpoint gives hosts within your Virtual Cloud Network access to a given service
within Oracle Cloud Infrastructure.
B. You cannot use the private endpoint for hosts in the on-premises network.
C. You can enable private access to certain services within OCI from your Virtual Cloud Network
by using either a private endpoint or a service gateway.
D. Traffic from an OCI compute instance going through a Service Gateway to Object Storage is
routed without being sent over the internet.
NEW QUESTION: 45
As an administrator you want to give users of ObjectWriters group full access to bucket Bucket-A
and its objects in compartment comp-images. You want users of ObjectWriters to not be able to
access or modify properties of any other buckets and its objects in the compartment comp-
images.
Select the statement(s) below that will best define your IAM policies.
A. Allow group ObjectWriters to mange buckets in compartment comp- images Allow group
ObjectWriters to manage objects in compartment comp-images where target.bucket.name=
'Eucket-A'
B. Allow group ObjectWritexs to read buckets in compartmentcomp-images
Allow group ObjectWriters to manage objects in compartment comp- images where
target.bucket.name= 'Bucket-A'
C. Allow group ObjectWriters to inspect buckets in compartment comp-images Allow group
ObjectWriters to read buckets in compartment comp-images where target.bucket.name=' Bucket-
A" Allow group ObjectWriters to manage objects in compartment comp-images where
target.bucket.name=' Bucket-A'
D. Allow group ObjectWriters to manage buckets in compartment comp-images where
target.bucket.name=' Bucket-A'
NEW QUESTION: 46
You are helping a customer troubleshoot a problem. The customer has several Oracle Linux
servers in a private subnet within a Virtual Cloud Network (VCN). The servers are configured to
periodically communicate to the Internet to get security patches for applications Installed on them.
The servers are unable to reach the Internet. An Internet Gateway has been deployed In the
public subnet in the VCN and the appropriate routes are configured in the Route Table associated
with the public subnet.
Based on cost considerations, which option will fix this Issue?
A. Implement a NAT instance In the public subnet of the VCN and configure the NAT instance as
the route target for the private subnet.
B. Create another Internet Gateway and configure it as route target for the private subnet.
C. Create a NAT gateway in the VCN and configure the NAT gateway as the route target for the
private subnet.
D. Create a Public Load Balancer In front of the servers and add the servers to the Backend Set
of the Public Load Balancer.

NEW QUESTION: 47
You are creating an Oracle Cloud Infrastructure Dynamic Group. To determine the members of
this group you are defining a set of matching rules.
Which of the following are the supported variables to define conditions in the matching rules?
(Choose Two)
A. iam.policy.id - the OCID of the IAM policy to apply to the group.
B. instance.tenancy.id - the OCID of the tenancy where the instance resides.
C. tag.<tagnamespace>.<tagkey>.value - the tag namespace and tag key.
D. instance.compartment.id - the OCID of the compartment where the instance resides.
Answer: C,D (LEAVE A REPLY)
You can define the members of the dynamic group based on the following:
- compartment ID
- instance ID
- tag namespace and tag key
- tag namespace, tag key, and tag value
Supported variables are:
instance.compartment.id - the OCID of the compartment where the instance resides instance.id -
the OCID of the instance tag.<tagnamespace>.<tagkey>.value - the tag namespace and tag key.
For example, tag.department.operations.value .
tag.<tagnamespace>.<tagkey>.value='<tagvalue>' - the tag namespace, tag key, and tag value.
For example, tag.department.operations.value='45'


Oracle Cloud Infrastructure 2020 Architect Professional Exam Questions

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Oracle Cloud Infrastructure 2020 Architect Professional Exam Questions

Uploaded by

Copyright:

Available Formats

Oracle.1Z0-997-20.v2021-03-11.

You want to move a compute instance that is in 'Compute' compartment to 'SysTes-Team'.

Valid 1Z0-997-20 Dumps shared by Prepawayexam.com for Helping Passing 1Z0-997-20

Valid 1Z0-997-20 Dumps shared by Prepawayexam.com for Helping Passing 1Z0-997-20

This applies to both encryption at-rest and in-transit encryption.

Valid 1Z0-997-20 Dumps shared by Prepawayexam.com for Helping Passing 1Z0-997-20

Valid 1Z0-997-20 Dumps shared by Prepawayexam.com for Helping Passing 1Z0-997-20

You might also like