• Home
  • Articles
  • [Q21-Q45] 1z0-997-21 Dumps are Available for Instant Access [2022]

[Q21-Q45] 1z0-997-21 Dumps are Available for Instant Access [2022]

Share

1z0-997-21 Dumps are Available for Instant Access [2022]

Practice with these 1z0-997-21 dumps Certification Sample Questions

NEW QUESTION 21
A civil engineering company is running an online portal In which engineers can upload there constructions photos, videos, and other digital files.
There is a new requirement for you to implement: the online portal must offload the digital content to an Object Storage bucket for a period of 72 hours. After the provided time limit has elapsed, the portal will hold all the digital content locally and wait for the next offload period.
Which option fulfills this requirement?

  • A. Create a pre-authenticated URL for the entire Object Storage bucket to read and list the content with an expiration of 72 hours.
  • B. Create a Dynamic Group with matching rule for the portal compute Instance and grant access to the Object Storage bucket for 72 hours.
  • C. Create a pre authenticated URL for the entire Object Storage bucket to write content with an expiration of 72 hours.
  • D. Create a pre authenticated URL lot each object that Is uploaded to the Object Storage bucket with an expiration of 72 hours.

Answer: C

Explanation:
Pre-authenticated requests provide a way to let users access a bucket or an object without having their own credentials, as long as the request creator has permission to access those objects.
For example, you can create a request that lets operations support user upload backups to a bucket without owning API keys. Or, you can create a request that lets a business partner update shared data in a bucket without owning API keys.
When creating a pre-authenticated request, you have the following options:
You can specify the name of a bucket that a pre-authenticated request user has write access to and can upload one or more objects to.
You can specify the name of an object that a pre-authenticated request user can read from, write to, or read from and write to.
Scope and Constraints
Understand the following scope and constraints regarding pre-authenticated requests:
Users can't list bucket contents.
You can create an unlimited number of pre-authenticated requests.
There is no time limit to the expiration date that you can set.
You can't edit a pre-authenticated request. If you want to change user access options in response to changing requirements, you must create a new pre-authenticated request.
The target and actions for a pre-authenticated request are based on the creator's permissions. The request is not, however, bound to the creator's account login credentials. If the creator's login credentials change, a pre-authenticated request is not affected.
You cannot delete a bucket that has a pre-authenticated request associated with that bucket or with an object in that bucket.

 

NEW QUESTION 22
A customer has a Virtual Machine instance running in their Oracle Cloud Infrastructure tenancy. They realized that they wrongly picked a smaller shape for their compute instance. They are reaching out to you to help them fix the issue.
Which of the below options is best recommended to suggest to the customer?

  • A. OCI doesn't allow such an operation.
  • B. Delete the running instance and spin up a new instance with the desired shape.
  • C. Change the shape of the virtual machine instance using the Change Shape feature available in the console.
  • D. Change the shape of instance without reboot, but stop all the applications running on instance beforehand to prevent data corruption.

Answer: C

 

NEW QUESTION 23
An organization has its IT infrastructure in a hybrid setup with an on-premises environment and an Oracle Cloud Infrastructure (OCI) Virtual Cloud Network (VCN) in the us-phonix-1 region. The on-premise applications communications with compute instances inside the VPN over a hardware VPN connection. They are looking to implement an Intrusion detected and Prevention (IDS/IPS) system for their OCI environment. This platform should have the ability to scale to thousands of compute of instances running inside the VCN.
How should they architect their solution on OCI to achieve this goal?

  • A. There Is no need to implement an IPS/IDS system as traffic coming over IPSec VPN tunnels Is already encrypt
  • B. Configure autoscaling on a compute Instance pool and set vNIC to promiscuous mode to called traffic across the vcn and send it IDS/IPS platform for inspection.
  • C. Set up an OCI Private Load Balance! and configure IDS/IPS related health checks at TCP and/or HTTP level to inspect traffic
  • D. Configure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS platform to inspection

Answer: D

Explanation:
in Transit routing through a private IP in the VCN you set up an instance in the VCN to act as a firewall or intrusion detection system to filter or inspect the traffic between the on-premises network and Oracle Services Network.
The Networking service lets you implement network security functions such as intrusion detection, application-level firewalls In fact, the IDS model can be host-based IDS (HIDS) or network-based IDS (NIDS). HIDS is installed at a host to periodically monitor specific system logs for patterns of intrusions. In contrast, an NIDS sniffs the traffic to analyze suspicious behaviors. A signature-based NIDS (SNIDS) examines the traffic for patterns of known intrusions. SNIDS can quickly and reliably diagnose the attacking techniques and security holes without generating an over-whelming number of false alarms because SNIDS relies on known signatures.
However, anomaly-based NIDS (ANIDS) detects unusual behaviors based on statistical methods. ANIDS could detect symptoms of attacks without specific knowledge of details. However, if the training data of the normal traffic are inadequate, ANIDS may generate a large number of false alarms.

 

NEW QUESTION 24
You are working as a solution architect for an online retail store to create a portal to allow the users to pay for their groceries using credit cards. Since the application is not fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), your company is looking to use a third party payment service to process credit card payments.
The third party service allows a maximum of Spelunk IP addresses 5 public IP addresses at a time However, your website is using Oracle Cloud Infrastructure (OCI) Instance Pool Auto Scaling policy to create up to create up to 15 Instances during peak traffic demand, which are launched In VCN private in VCN private subnets and attached to an OCI public Load Balancer. Upon user payment, the portal connects to the payment service over the Interne! to complete the transaction What solution can you implement to make sure that all compute Instances can connect to the third party system to process the payments aw peak traffic demand?

  • A. Route credit card payment request from the compute instances through the NAT Gateway. On the third-party services, whitelist the public IP associated with the NAT Gateway.
  • B. Create an OCI Command Line Interface (CLI) script to automatically reserve public IP address for the compute instances. On the third-party services, whitelist the Reserved public IP.
  • C. Route payment request from the compute instances through the OCI Load Balancer, which will then be routed to the third party service.
  • D. Whitelist the Internet Gateway Public IP on the third party service and route all payment requests through the Internet Gateway.

Answer: A

Explanation:
https://docs.oracle.com/en-us/iaas/Content/Balance/Concepts/balanceoverview.htm

 

NEW QUESTION 25
You work for a German company as the Lead Oracle Cloud Infrastructure architect. You have designed a highly scalable architecture for your company's business critical application which uses the Load Balancer service auto which uses the Load Balancer service, autoscaling configuration for the application servers and a 2 Node VM Oracle RAC database. During the peak utilization period of the- application yon notice that the application is running slow and customers are complaining. This is resulting in support tickets being created for API timeouts and negative sentiment from the customer base.
What are two possible reasons for this application slowness?

  • A. Autoscaling configuration for the application servers didn't happen due to compartment quota breach of the VM shapes used by the application servers.
  • B. The Load Balancer doesn't have a Network Security Group to allow traffic to the application servers.
  • C. The Load Balancer configuration is not sending traffic to the listener of the application servers.
  • D. Autoscaling configuration for the application servers didn't happen due to service limit breach of the VM shapes used by the application servers
  • E. Autoscaling configuration for the application servers didn't happen due to IAM policy that's blocking access to the application server compartment

Answer: A,D

Explanation:
Autoscaling
Autoscaling enables you to automatically adjust the number of Compute instances in an instance pool based on performance metrics such as CPU utilization. This helps you provide consistent performance for your end users during periods of high demand, and helps you reduce your costs during periods of low demand.
Prerequisites
- You have an instance pool. Optionally, you can attach a load balancer to the instance pool. For steps to create an instance pool and attach a load balancer, see Creating an Instance Pool.
- Monitoring is enabled on the instances in the instance pool. For steps to enable monitoring, see Enabling Monitoring for Compute Instances.
- The instance pool supports the maximum number of instances that you want to scale to. This limit is determined by your tenancy's service limits.
About Service Limits and Usage
When you sign up for Oracle Cloud Infrastructure, a set of service limits are configured for your tenancy.
The service limit is the quota or allowance set on a resource. For example, your tenancy is allowed a maximum number of compute instances per availability domain. These limits are generally established with your Oracle sales representative when you purchase Oracle Cloud Infrastructure.
Compartment Quotas
Compartment quotas are similar to service limits; the biggest difference is that service limits are set by Oracle, and compartment quotas are set by administrators, using policies that allow them to allocate resources with a high level of flexibility.

 

NEW QUESTION 26
A fast growing E-commerce company has deployed their online shopping application on Oracle Cloud Infrastructure. The application was deployed on compute instances with Autoscaling configuration for application servers fronted by a load balancer and OCI Autonomous Transaction Processing (ATP) in the backend. In order to promote their e-commerce platform 50% discount was announced on all the products for a limited period. During the day 1 of promotional period it was observed that the application is running slow and company's hotline is flooded with complaints.
What could be two possible reasons for this situation?

  • A. As part of Autoscaling, the load balancer shape has dynamically changed to a larger shape to handle more incoming traffic and the system was slow for a short time during this change.
  • B. The health check on some of the backend servers has failed and the load balancer was rebooting these servers.
  • C. The health check on some of the backend servers has failed and the load balancer has taken those servers temporarily out of rotation.
  • D. Autoscaling has already scaled to the maximum number of instances specified in the configuration and there is no room for scaling further.

Answer: C,D

 

NEW QUESTION 27
You work for a large bank where security and compliance are critical. As part of the security overview meeting, your company decided to minimize the installation of local tools on your laptop. You have been running Ansible and kubectl to spin up Oracle Container Engine for Kubernetes (OKE) clusters and deployed your application.
For authentication, you are using an Oracle Cloud Infrastructure (OCI) CLI config file that contains OCIDs, Fingerprint, and a locally stored PEM file. Your security team doesn't want you to store any local API key and certificate, or any other local tools.
Which two actions should you perform to spin up the OKE cluster and interact with it? (Choose two.)

  • A. Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Bring in your own config file and certificate to authenticate against OCI API.
  • B. Develop your own code using OCI SDK to deploy the OKE cluster.
  • C. Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Use OCI_CLI_AUTH=instance_obo_user environment variable to authenticate using built-in token.
  • D. Create a developer workstation on OCI. Install Ansible and kubectl on it. Use resource principal to authenticate against OCI API and create the OKE Cluster.
  • E. Create a developer workstation on OCI. Install Ansible and kubectl on it. Use instance principal to authenticate against OCI API and create the OKE Cluster.

Answer: C,E

Explanation:
https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/2.12.4/oci_cli_docs/oci.html

 

NEW QUESTION 28
You are working as a security consultant with a global insurance organization which is using Microsoft Azure Active Directory as an identity provider to manage user login/passwords. When a user logs in to Oracle Cloud Infrastructure (OCI) console, it should get authenticated by Azure AD.
Which set of steps are required to be configured in OCI to meet this requirement?

  • A. Setup Azure AD as an Enterprise Application, map Azure AD users, groups and policies to OCI groups and users.
  • B. Setup Azure AD as an Enterprise Application, configure OCI for single sign-on, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups.
  • C. Setup Azure AD as an Identity Provider, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups.
  • D. Setup Azure AD as an Identity Provider, import users and groups from Azure AD to OCI, set up IAM policies to govern access to Azure AD groups.

Answer: C

 

NEW QUESTION 29
You have been asked to implement a bespoke financial application in Oracle Cloud Infrastructure using virtual machine instances controlled by Autoscaling across multiple Availability Domains. The application stores transaction logs, intermediate transaction data, and audit data and needs to store this on a persistent, durable data store accessible from all of the application servers. The application requires the file system to be mounted in the /audit folder on the Linux file system. The system needs to tolerate the failure of two or more Fault Domains and still maintain data integrity. The solution should be as low maintenance as possible.
What storage architecture should you suggest?

  • A. Use locally attached NVMe instances and configure RAID 0 replication between servers.
  • B. Implement a single instance and install an NFS server, configure and create an NFS share, and mount this as /audit on the application instances.
  • C. Store the data on Oracle Object Storage mounted at the /audit mount point on all the Linux instances using the default mount options.
  • D. Use File Storage Service(FSS). Configure FSS to operate from all Availability Domains the application servers operate in and mount the file system in the /audit folder.

Answer: D

 

NEW QUESTION 30
You are working as a solution architect for a customer in Frankfurt, which uses multiple compute instance VMs spread among three Availability Domains in the Oracle Cloud Infrastructure (OCI) eu-frankfurt-1 region. The compute instances do not have public IP addresses and are running in private subnets inside a Virtual Cloud Network (VCN). You have set up OCI Autoscaling feature for the compute instances, but find out that instances cannot be auto scaled. You have enabled monitoring on the instances.
What could be wrong in this situation?

  • A. You need to assign a reserved public IP address to the compute instances.
  • B. Autoscaling only works with single availability domains.
  • C. Autoscaling only works for instances with public IP addresses.
  • D. You need to set up a Service Gateway to send metrics to the OCI Monitoring service.

Answer: D

 

NEW QUESTION 31
You are helping a customer troubleshoot a problem. The customer has several Oracle Linux servers in a private subnet within a Virtual Cloud Network (VCN). The servers are configured to periodically communicate to the Internet to get security patches for applications Installed on them.
The servers are unable to reach the Internet. An Internet Gateway has been deployed In the public subnet in the VCN and the appropriate routes are configured in the Route Table associated with the public subnet.
Based on cost considerations, which option will fix this Issue?

  • A. Create a Public Load Balancer In front of the servers and add the servers to the Backend Set of the Public Load Balancer.
  • B. Create a NAT gateway in the VCN and configure the NAT gateway as the route target for the private subnet.
  • C. Create another Internet Gateway and configure it as route target for the private subnet.
  • D. Implement a NAT instance In the public subnet of the VCN and configure the NAT instance as the route target for the private subnet.

Answer: B

 

NEW QUESTION 32
Which three scenarios are suitable for the Oracle Infrastructure (OCI) Autonomous transaction Processing Server less (ATP-S) deployment?

  • A. A developer working on an Internal project needs to use a database during work hours but doesn't need It during nights or weekends. the project budget requires her to keep costs low.
  • B. A manufacturing company is running Oracle E-Business Suite application on premises. They are looking to move this application to OCI and they want to use a managed database offering for their database tier.
  • C. A midsize company is considering migrating its legacy on premises MongoDB database to Oracle Cloud Infrastructure (OCI). The database has significantly higher workloads on weekends than weekdays
  • D. A small startup is deploying a new application fen eCommerce and it requires database to store customers' transactions the team b of what the load will look like since it is a new application.
  • E. well established, online auction marketplace is running an application where there is database usage 24*7 but also has peaks of activity that the hard to predict when the peaks happen, the total activities may reach 3 times the normal activity level

Answer: A,D,E

Explanation:
MongoDB is a cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with schema, so the best to be migrated to Oracle NoSQL Database.
https://blogs.oracle.com/nosql/migrate-mongodb-data-to-oracle-nosql-database Autonomous transaction Processing Serverless (ATP-S) isn't supported yet for EBS database

 

NEW QUESTION 33
A telecom company has an application running in Oracle Cloud Infrastructure (OCI) Germany Central (eu-frankfurt-1) region. They want to configure Disaster Recovery (DR) site in the OCI UK South (uk-london-1) region. Which is the most cost effective option to help set up application and persistence layers in the DR site?

  • A. Application layer: configure Traffic Management steering policy with Load Balancing policy between servers in eu-frankfurt-1 and uk-london-1 regions.
    Persistence layer: set up policy to schedule cross-region automated backups of block volumes between eu-frankfurt-1 and uk-london-1 regions.
  • B. Application layer: configure events service rule in eu-frankfurt-1 region to filter Health Checks event failure and route traffic to uk-london-1 region in the event of a disaster.
    Persistence layer: set up policy to schedule cross-region automated backups of block volumes between eu-frankfurt-1 and uk-london-1 regions.
  • C. Application layer: configure Traffic Management steering policy with Failover policy between servers in eu-frankfurt-1 and uk-london-1 regions.
    Persistence layer: set up policy to schedule cross-region automated backups of file systems in File Storage service between eu-frankfurt-1 and uk-london-1 regions.
  • D. Application layer: Set us a public laod balancerin the eu-frankfurt-1 region. Create a backend set with instances running in bothuk-frankfurt-1 and uk-london-1 regions.
    Persistence layer: Set up OCI Object Storage replication from eu-frankfurt-1 region to uk-london-1 region.

Answer: A

 

NEW QUESTION 34
After performing maintenance on an Oracle Linux compute instance the system is returned to a running state You attempt to connect using SSH but are unable to do so. You decide to create an instance console connection to troubleshoot the issue.
Which three tasks would enable you to connect to the console connection and begin troubleshooting?

  • A. Stop the compute Instance using the Oracle cloud Infrastructure (OCI) Command Line interface (CLI).
  • B. Reboot the compute instance using the Oracle Cloud Infrastructure (OCI) Management Console
  • C. Use SSH to connect to the public: IP address of the compute Instance and provide the console connection OCID as the username.
  • D. Use SSH to connect to the service endpoint of the console connection service
  • E. Upload an API signing key for console connection authentication.
  • F. edit the Linux boot menu to enable access to console.

Answer: B,D,F

Explanation:
The Oracle Cloud Infrastructure Compute service provides console connections that enable you to remotely troubleshoot malfunctioning instances, such as:
An imported or customized image that does not complete a successful boot.
A previously working instance that stops responding.
the steps to connect to console and troubleshoot the OS Issue
1- Before you can connect to the serial console you need to create the instance console connection.
Open the navigation menu. Under Core Infrastructure, go to Compute and click Instances.
Click the instance that you're interested in.
Under Resources, click Console Connections.
Click Create Console Connection.
Upload the public key (.pub) portion for the SSH key. You can browse to a public key file on your computer or paste your public key into the text box.
Click Create Console Connection.
When the console connection has been created and is available, the status changes to ACTIVE.
2- Connecting to the Serial Console
you can connect to the serial console by using a Secure Shell (SSH) connection to the service endpoint of the console connection service Open the navigation menu. Under Core Infrastructure, go to Compute and click Instances.
Click the instance that you're interested in.
Under Resources, click Console Connections.
Click the Actions icon (three dots), and then click Copy Serial Console Connection for Linux/Mac.
Paste the connection string copied from the previous step to a terminal window on a Mac OS X or Linux system, and then press Enter to connect to the console.
If you are not using the default SSH key or ssh-agent, you can modify the serial console connection string to include the identity file flag, -i , to specify the SSH key to use. You must specify this for both the SSH connection and the SSH ProxyCommand, as shown in the following line:
ssh -i /<path>/<ssh_key> -o ProxyCommand='ssh -i /<path>/<ssh_key> -W %h:%p -p 443...
Press Enter again to activate the console.
3- Troubleshooting Instances from Instance Console Connections
To boot into maintenance mode
Reboot the instance from the Console.
When the reboot process starts, switch back to the terminal window, and you see Console messages start to appear in the window. As soon as you see the GRUB boot menu appear, use the up/down arrow key to stop the automatic boot process, enabling you to use the boot menu.
In the boot menu, highlight the top item in the menu, and type e to edit the boot entry.
In edit mode, use the down arrow key to scroll down through the entries until you reach the line that starts with either linuxefi for instances running Oracle Autonomous Linux 7.x or Oracle Linux 7.x, or kernel for instances running Oracle Linux 6.x.
At the end of that line, add the following:
init=/bin/bash
Reboot the instance from the terminal window by entering the keyboard shortcut CTRL+X.

 

NEW QUESTION 35
You are part of a project team working in the development environment created in OCI. You have realized that the CIDR block specified for one of the subnet in a VCN is not correct and want to delete the subnet. While deleting you are getting an error indicating that there are still resources that you must delete first. The error includes the OCID of the VNIC that is in the subnet.
Which of the following action you will take to troubleshoot this issue?

  • A. Copy and Paste OCID of the VNIC in the search box of the OCI Console to find out the parent resource of the VNIC
  • B. Use OCI CLI to delete the VNIC first and then delete the subnet
  • C. Use OCI CLI to delete the subnet using --force option
  • D. Use OCI CLI to call "GetVnic" operation to find out the parent resource of the VNIC

Answer: D

Explanation:
VCN, it must first be empty and have no related resources or attached gateways To delete a VCN's subnets, they must first be empty.
Note: When you create one of the preceding resources, you specify a VCN and subnet for it. The relevant service creates at least one VNIC in the subnet and attaches the VNIC to the resource. The service manages the VNICs on your behalf, so they are not readily apparent to you in the Console. The VNIC enables the resource to communicate with other resources over the network. Although this documentation commonly talks about the resource itself being in the subnet, it's actually the resource's attached VNIC.
If the subnet is not empty, you instead get an error indicating that there are still resources that you must delete first. The error includes the OCID of a VNIC that is in the subnet (there could be more, but the error returns only a single VNIC's OCID).
You can use the Oracle Cloud Infrastructure command line interface (CLI) or another SDK or client to call the GetVnic operation with the VNIC OCID. The response includes the VNIC's display name. Depending on the type of parent resource, the display name can indicate which parent resource the VNIC belongs to. You can then delete that parent resource, or you can contact your administrator to determine who owns the resource. When the VNIC's parent resource is deleted, the attached VNIC is also deleted from the subnet. If there are remaining VNICs in the subnet, repeat the process of determining and deleting each parent resource until the subnet is empty. Then you can delete the subnet.
For example, if you're using the CLI, use this command to get information about the VNIC.
oci network vnic get --vnic-id <VNIC_OCID

 

NEW QUESTION 36
An online gaming application is deployed to multiple Availability Domains in the Oracle Cloud Infrastructure (OCI) us-ashburn-1 region. Considering the high volume of traffic that the gaming application handles, the company has hired you to ensure that the data stored by the application is scalable, highly available, and disaster resilient. In the event of failure, the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) must be less than 2 hours.
Which Disaster Recovery strategy should be used to achieve the RTO and RPO requirements in the event of a system failure?

  • A. Create a user defined backup policy with a schedule of generating daily backups for block volumes.
  • B. Configure hourly block volumes backups through the OCI Storage Gateway service.
  • C. Configure hourly block volumes backups using the OCI Command Line Interface (CLI).
  • D. Create a user defined backup policy with a schedule of generating hourly backups for block volumes.

Answer: C

 

NEW QUESTION 37
You are working as a solutions architect for an online retail store In Frankfurt which uses multiple compute instance VMs spread among three availability domains In the eu-frankfurt-1 region.
You noticed the website Is having very high traffic, so you enabled autoscaling to sun tee me no f your application but, you observed that one of the availability domains is not receiving any traffic.
What could be wrong In this situation?

  • A. Autoscaling is using an Instance Pool configured to create instances in two availability Domains.
  • B. You have to manually acid all three availability domains to your load balancer configuration.
  • C. Autoscaling only works with single availability domains.
  • D. Autoscaling can be enabled for multiple availability domains only in uk-london t region.
  • E. You forgot to attach a load balancer to your instance pool configuration.

Answer: A

Explanation:
Autoscaling lets you automatically adjust the number of Compute instances in an instance pool based on performance metrics such as CPU utilization. This helps you provide consistent performance for your end users during periods of high demand, and helps you reduce your costs during periods of low demand.
you can associate a load balancer with an instance pool. If you do this, when you add an instance to the instance pool, the instance is automatically added to the load balancer's backend set . After the instance reaches a healthy state (the instance is listening on the configured port number), incoming traffic is automatically routed to the new instance.
Instance pools let you provision and create multiple Compute instances based off the same configuration, within the same region.
By default, the instances in a pool are distributed across all fault Domains in a best-effort manner based on capacity. If capacity isn't available in one fault domain, the instances are placed in other fault domains to allow the instance pool to launch successfully.
In a high availability scenario, you can require that the instances in a pool are evenly distributed across each of the fault domains that you specify. When sufficient capacity isn't available in one of the fault domains, the instance pool will not launch or scale successfully, and a work request for the instance pool will return an "out of capacity" error. To fix the capacity error, either wait for capacity to become available, or use the UpdateInstancePool operation to update the placement configuration (the availability domain and fault domain) for the instance pool.
during create the instance pool you can select the location where you want to place the instances" In the Availability Domain list, select the availability domain to launch the instances in.
If you want the instances in the pool to be placed evenly in one or more fault domains, select the Distribute instances evenly across selected fault domains check box. Then, select the fault domains to place the instances in.

 

NEW QUESTION 38
An organization has its mission critical application consisting of multiple application servers and databases running inside Virtual Cloud Network (VCN) in uk-london-1 region. Their solution architect wants to further strengthen their architecture by planning for Disaster Recovery (DR) in eu-frankfurt-1 region.
Which two solutions should their architect keep in mind while designing for DR?

  • A. A remote VCN peering connection is required to establish secure and reliable connectivity between different VCNs created in uk-london-1 and eu-frankfurt-1 region.
  • B. rsync utility can be used to asynchronously copy file systems or snapshot data to another region.
  • C. It is not possible to use Active Data Guard to synchronize a database in uk-london-1 region to equivalent database in eu-frankfurt-1 region.
  • D. Load balancer will automatically distribute traffic between both the regions.
  • E. The RTO is the acceptable timeframe of lost data that application can tolerate.

Answer: A,D

 

NEW QUESTION 39
Give this compartment structure:

You want to move a compute instance that is in 'Compute' compartment to 'SysTes-Team'.
You login to your Oracle Cloud Infrastructure (OCI)account and use the 'Move Resource' option.
What will happen when you attempt moving the compute resource?

  • A. The move will be successful though Compute Instance and its Public and Private IP address will stay the same. The Compute instance VNIC will need to be moved separately. The Compute instance will still be associated with the original VCN.
  • B. The move will be successful though Compute Instance and its Public and Private IP address will stay the same. The Compute instance VNIC will still be associated with the original VCN.
  • C. The move will be successful though Compute Instance Public and Private IP address changed, and it will be associated to the VCN in target compartment.
  • D. The move will fail and you will be prompted to move the VCN first. Once VCN is moved to the target compartment, the Compute instance can be moved.

Answer: B

Explanation:
Moving Resources to a Different Compartment
Most resources can be moved after they are created. There are a few resources that you can't move from one compartment to another. Some resources have attached resource dependencies and some don't.
Not all attached dependencies behave the same way when the parent resource moves.
For some resources, the attached dependencies move with the parent resource to the new compartment.
The parent resource moves immediately, but in some cases attached dependencies move asynchronously and are not visible in the new compartment until the move is complete.
For other resources, the attached resource dependencies do not move to the new compartment. You can move these attached resources independently.
You can move Compute resources such as instances, instance pools, and custom images from one compartment to another. When you move a Compute resource to a new compartment, associated resources such as boot volumes and VNICs are not moved.
You can move a VCN from one compartment to another. When you move a VCN, its associated VNICs, private IPs, and ephemeral IPs move with it to the new compartment.

 

NEW QUESTION 40
A large financial company has a web application hosted in their on-premises data center. They are migrating their application to Oracle Cloud Infrastructure (OCI) and require no downtime while the migration is on-going. In order to achieve this, they have decided to divert only 30% of the application works fine, they divert all traffic to OCI.
As a solution architect working with this customer, which suggestion should you provide them?

  • A. Use OCI Traffic management with Load Balancing steering policy and distribute the traffic between OCI and on premises infrastructure.
  • B. Use VPN connectivity between on premises Infrastructure and OCI, and create routing tables to distribute the traffic between them.
  • C. Use OCI Traffic management with failover steering policy and distribute the traffic between OC1 and on premises infrastructure.
  • D. Use an OCI load Balancer and distribute the traffic between OCI and on premises infrastructure.

Answer: A

Explanation:
Traffic Management Steering Policies can account for health of answers to provide failover capabilities, provide the ability to load balance traffic across multiple resources, and account for the location where the query was initiated to provide a simple, flexible and powerful mechanism to efficiently steer DNS traffic.

 

NEW QUESTION 41
You are working as a security consultant with a global insurance organization which is using Microsoft Azure Active Directory (AD) as identity provided to manager user login/passwords. When a user logs in to Oracle Cloud infrastructure (OCI) console, it should get authenticated by Azure AD.
Which set of steps are required to configure at OCI side in order to get it enabled

  • A. Setup Azure AD as an Identity Provider, Import users and groups from Azure AD to OCI, set up IAM policies to govern access to Azure AD groups
  • B. Setup Azure AD as an Enterprise Application, configure OCI for single sign-on, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups
  • C. Setup Azure AD as an Identity Provider, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups
  • D. Setup Azure AD as an Enterprise Application, map Azure AD users and groups and policies to OCI groups and users

Answer: C

Explanation:
Federating with Microsoft Azure Active Directory
To federate with Azure AD, you set up Oracle Cloud Infrastructure as a basic SAML single sign-on application in Azure AD. To set up this application, you perform some steps in the Oracle Cloud Infrastructure Console and some steps in Azure AD.
Following is the general process an administrator goes through to set up the federation. Details for each step are given in the next section.
In Oracle Cloud Infrastructure, download the federation metadata document.
In Azure AD, set up Oracle Cloud Infrastructure Console as an enterprise application.
In Azure AD, configure the Oracle Cloud Infrastructure enterprise application for single sign-on.
In Azure AD, set up the user attributes and claims.
In Azure AD, download the Azure AD SAML metadata document.
In Azure AD, assign user groups to the application.
In Oracle Cloud Infrastructure, set up Azure AD as an identity provider.
In Oracle Cloud Infrastructure, map your Azure AD groups to Oracle Cloud Infrastructure groups.
In Oracle Cloud Infrastructure, set up the IAM policies to govern access for your Azure AD groups.
Share the Oracle Cloud Infrastructure sign-in URL with your user

 

NEW QUESTION 42
Which of the below options is true regarding Oracle Cloud Infrastructure's load balancing service?

  • A. A public load balancer is Availability Domain specific in scope.
  • B. The public load balancer applies a floating public IP address to the primary load balancer.
  • C. When you create a private load balancer, the service requires 2 or more subnets to host both the primary and standby load balancers.
  • D. You can dynamically change the load balancer shape to handle more incoming traffic.

Answer: B

 

NEW QUESTION 43
A new international hacktivist group, based in London, launched wide scale cyber attacks including SQL Injection and Cross-Site Scripting (XSS) across multiple websites which are hosted in Oracle Cloud Infrastructure (OCI). As an IT consultant, you must configure a Web Application Firewall (WAF) to protect these websites against the attacks.
How should you configure your WAF to protect the website against those attacks? (Choose the best answer.)

  • A. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.
  • B. Enable a Protection Rule to block requests that came from London.
  • C. Enable a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL strings.
  • D. Enable an Access Rule that contains XSS Filters Categories and SQL Filters Categories.
  • E. Enable an Access Rule to block the IP Address range from London.

Answer: A

Explanation:
https://www.ateam-oracle.com/using-oci-waf-web-application-firewall-with-oracle-e-business-suite#:~:text=The%20protection%20rules%20can%20be,achieved%20by%20enabling%20corresponding%20rules.

 

NEW QUESTION 44
Which of the following features is NOT supported by Oracle Cloud Infrastructure Multi-factor authentication (MFA)?

  • A. Members of the Administrators group can disable MFA for other users.
  • B. Only the user can enable MFA for their own account.
  • C. Users can disable MFA for their own accounts.
  • D. Members of the Administrators group can enable MFA for other users.

Answer: D

 

NEW QUESTION 45
......

Get Instant Access REAL 1z0-997-21 DUMP Pass Your Exam Easily: https://examcertify.passleader.top/Oracle/1z0-997-21-exam-braindumps.html

Related Articles

more
Oracle 1z0-997-21 Certification Practice Exam