[Dec 18, 2021] Get New 1Z0-997-20 Certification Practice Test Questions Exam Dumps
Real 1Z0-997-20 Exam Dumps Questions Valid 1Z0-997-20 Dumps PDF
Oracle 1Z0-997-20 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 8 |
|
| Topic 9 |
|
| Topic 10 |
|
| Topic 11 |
|
NEW QUESTION 20
You are working as a solution architect for an online retail store to create a portal to allow the users to pay for their groceries using credit cards. Since the application is not fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), your company is looking to use a third party payment service to process credit card payments.
The third party service allows a maximum of Spelunk IP addresses 5 public IP addresses at a time However, your website is using Oracle Cloud Infrastructure (OCI) Instance Pool Auto Scaling policy to create up to create up to 15 Instances during peak traffic demand, which are launched In VCN private in VCN private subnets and attached to an OCI public Load Balancer. Upon user payment, the portal connects to the payment service over the Interne! to complete the transaction What solution can you implement to make sure that all compute Instances can connect to the third party system to process the payments aw peak traffic demand?
- A. Create an OCI Command Line Interface (CLI) script to automatically reserve public IP address for the compute instances. On the third-party services, whitelist the Reserved public IP.
- B. Route credit card payment request from the compute instances through the NAT Gateway. On the third-party services, whitelist the public IP associated with the NAT Gateway.
- C. Whitelist the Internet Gateway Public IP on the third party service and route all payment requests through the Internet Gateway.
- D. Route payment request from the compute instances through the OCI Load Balancer, which will then be routed to the third party service.
Answer: B
NEW QUESTION 21
You are working as a solutions architect for an online retail store In Frankfurt which uses multiple compute instance VMs spread among three availability domains In the eu-frankfurt-1 region.
You noticed the website Is having very high traffic, so you enabled autoscaling to sun tee me no f your application but, you observed that one of the availability domains is not receiving any traffic.
What could be wrong In this situation?
- A. Autoscaling can be enabled for multiple availability domains only in uk-london t region.
- B. Autoscaling only works with single availability domains.
- C. You have to manually acid all three availability domains to your load balancer configuration.
- D. You forgot to attach a load balancer to your instance pool configuration.
- E. Autoscaling is using an Instance Pool configured to create instances in two availability Domains.
Answer: E
Explanation:
Explanation
Autoscaling lets you automatically adjust the number of Compute instances in an instance pool based on performance metrics such as CPU utilization. This helps you provide consistent performance for your end users during periods of high demand, and helps you reduce your costs during periods of low demand.
you can associate a load balancer with an instance pool. If you do this, when you add an instance to the instance pool, the instance is automatically added to the load balancer's backend set . After the instance reaches a healthy state (the instance is listening on the configured port number), incoming traffic is automatically routed to the new instance.
Instance pools let you provision and create multiple Compute instances based off the same configuration, within the same region.
By default, the instances in a pool are distributed across all fault Domains in a best-effort manner based on capacity. If capacity isn't available in one fault domain, the instances are placed in other fault domains to allow the instance pool to launch successfully.
In a high availability scenario, you can require that the instances in a pool are evenly distributed across each of the fault domains that you specify. When sufficient capacity isn't available in one of the fault domains, the instance pool will not launch or scale successfully, and a work request for the instance pool will return an "out of capacity" error. To fix the capacity error, either wait for capacity to become available, or use the UpdateInstancePool operation to update the placement configuration (the availability domain and fault domain) for the instance pool.
during create the instance pool you can select the location where you want to place the instances" In the Availability Domain list, select the availability domain to launch the instances in.
If you want the instances in the pool to be placed evenly in one or more fault domains, select the Distribute instances evenly across selected fault domains check box. Then, select the fault domains to place the instances in.
NEW QUESTION 22
A retail company has recently adopted a hybrid architecture. They have the following requirements for their end-to-end Connectivity model between their on-premises data center and Oracle Cloud Infrastructure (OC1) region
* Highly available connection with service level redundancy
* Dedicated network bandwidth with low latency
Which connectivity setup is the most cost effective solution for this scenario?
- A. Setup FastConnect virtual circuit as your primary connection, and an IPSec VPN as a backup connection. Use separate edge devices in your on-premises data center for each connection. From your edge devices, advertise more specific routes through FastConnect virtual circuit, and more specific routes through the backup IPSec VPN path.
- B. Setup IPsec VPN as your primary connection, and a FastConnect virtual circuit as a backup connection.
Use separate edge devices in your on-premises data canter for each connection from your edge devices, advertise more specific routes IPSec VPN, and specific routes through the backup FastConnect virtual circuit. - C. Setup IPSec VPN as your primary connection, and a second IPSec VPN as a backup connection. Use separate edge devices in your on p data center for each connection. From your edge devices, advertise more specific routes via primary IPSec VPN. and less specific rod the backup IPSec VPN.
- D. Setup FastConnect virtual circuit as your primary connection, and a second FastConnect virtual circuit as a backup connection. Use separate edge devices in your FastConnect physical connectivity is redundant Use a single edge device in your on premises data center for each connection From yc device, advertise more specific routes via primary FastConnect virtual circuit, and less specific routes through t backup FastConnect circuit.
Answer: C
Explanation:
Explanation
there are two main requirements for this Customer
First Highly available connection with service level redundancy and that can achieve by
3- Redundant FastConnect
NEW QUESTION 23
All three Data Guard Configuration are fully supported on Oracle Cloud infrastructure (OCI). You want to deploy a maximum availability architecture (MAA) for database workload.
Which option should you consider while designing your Data Guard configuration to ensure best RTO and PRO without causing any data loss?
- A. Configure ''Maximum Scalability" mode which provides the highest level of scalability without compromising the availability of the primary database.
- B. Configure "Maximum Performance" mode In SYNC mode between two availability domains (same region) which provides, the highest level of data protection that is possible without affecting the performance of the primary database.
- C. Configure ''Maximum Availability" mode in SYNC mode between two availability domains (same region), and use the Maximum Availability mode in SYNC mode between two regions.
- D. Configure "Maximum Protection" mode which provides zero data loss If the primary database fails.
Answer: C
Explanation:
Explanation
https://docs.cloud.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/best-practices-for-dr-on-oci.pdf All three Data Guard configurations are fully supported on Oracle Cloud Infrastructure. However, because of a high risk of production outage, we don't recommend using the maximum protection mode for your Data Guard configuration.
We recommend using the maximum availability mode in SYNC mode between two availability domains (same region), and using the maximum availability mode in ASYNC mode between two regions. This architecture provides you the best RTO and RPO without causing any data loss. We recommend building this architecture in daisy-chain mode: the primary database ships redo logs to the first standby database in another availability domain in SYNC mode, and then the first standby database ships the redo logs to another region in ASYNC mode. This method ensures that your primary database is not doing the double work of shipping redo logs, which can cause performance impact on a production workload.
This configuration offers the following benefits:
* No data loss within a region.
* No overhead on the production database to maintain standbys in another region.
* Option to configure lagging on the DR site if needed for business reasons.
* Option to configure multiple standbys in different regions without any additional overhead on the
* production database. A typical use case is a CDN application
* Bottom of Form
NEW QUESTION 24
You are the Solution Architect that designed this Oracle Cloud Infrastructure (OCI) compartment layout for your organization:
The development team has deployed quite a few instances under 'Compute' Compartment and the operations team needs to list the Instances under the same compartment for their testing. Both teams, development and operations are part of a group called 'Eng-group' You have been looking for an option to allow the operations team to list the instances without access any confidential information or metadata of resources.
Which IAM policy should you write based on these requirements?
- A. Allow group Eng-group to read instance-family in compartment Compute and attach the policy to
'Engineering' Compartment. - B. Allow group Eng-group to read instance-family in compartment Dev-Team-.Compute and attach the policy to'Dev-Team'
- C. Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to 'Engineering' Compartment
- D. Allow group Eng-group to inspect instance-family in compartment Dev-Team: Compute and attach the policy to 'SysTest Team' Compartment
Answer: C
Explanation:
Explanation
Policy Attachment
When you create a policy you must attach it to a compartment (or the tenancy, which is the root compartment).
Where you attach it controls who can then modify it or delete it. If you attach it to the tenancy (in other words, if the policy is in the root compartment), then anyone with access to manage policies in the tenancy can then change or delete it. Typically that's the Administrators group or any similar group you create and give broad access to. Anyone with access only to a child compartment cannot modify or delete that policy.
When you attach a policy to a compartment, you must be in that compartment and you must indicate directly in the statement which compartment it applies to. If you are not in the compartment, you'll get an error if you try to attach the policy to a different compartment. Notice that attachment occurs during policy creation, which means a policy can be attached to only one compartment.
Policies and Compartment Hierarchies
a policy statement must specify the compartment for which access is being granted (or the tenancy).
Where you create the policy determines who can update the policy. If you attach the policy to the compartment or its parent, you can simply specify the compartment name. If you attach the policy further up the hierarchy, you must specify the path. The format of the path is each compartment name (or OCID) in the path, separated by a colon:
<compartment_level_1>:<compartment_level_2>: . . . <compartment_level_n> to allow action to compartment Compute so you need to set the compartment PATH as per where you attach the policy as below examples if you attach it to Root compartment you need to specify the PATH as following Engineering:Dev-Team:Compute if you attach it to Engineering compartment you need to specify the PATH as following Dev-Team:Compute if you attach it to Dev-Team or Compute compartment you need to specify the PATH as following Compute Note : in the Policy inspect verb that give the Ability to list resources, without access to any confidential information or user-specified metadata that may be part of that resource.
NEW QUESTION 25
Which of the following is NOT a good use case for the Oracle Cloud Infrastructure (OCI) Streaming service?
- A. Messaging with a pull-based communication model and the ability to feed multiple consumers with the same data independently.
- B. Meeting compliance requirements for data to remain unchanged over a long time, so that it can be retrieved for audit purposes.
- C. Ingesting metric and log data to help make critical operational data more quickly available for indexing, analysis, and visualization.
- D. Providing a unified entry point for cloud components to report their life cycle events for audit, accounting, and related activities.
Answer: B
NEW QUESTION 26
You have decided to migrate your application to Oracle Cloud Infrastructure and use Oracle Functions to deploy your microservices.
Which monitoring metrics are available to help you calculate your total cost for using Oracle Functions per month? (Choose Two)
- A. Network bandwidth used by your functions.
- B. Amount of storage used by your functions.
- C. Length of time a function runs.
- D. Number of times a function is invoked.
- E. Amount of RAM used by your functions.
Answer: C,D
NEW QUESTION 27
An insurance company is storing critical financial data in the Oracle Cloud Infrastructure block volume. This volume is currently encrypted using oracle managed keys. Due to regulatory compliance, the customer wants to encrypt the data using the keys that they can control and not the keys which are controlled by Oracle.
What of the following series of tasks are required to encrypt the block volume using customer managed keys?
- A. Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume.
- B. Create a master encryption key, create a data encryption key, decrypt the block volume using existing oracle managed keys, encrypt the block volume using the data encryption key.
- C. Create a vault import your master encryption key into the vault, generate data encryption key, assign data encryption key to the block volume.
- D. Create a master encryption key, create a new version of the encryption key, decrypt the block volume using existing oracle managed keys and encrypt using new version of the encryption key.
Answer: A
NEW QUESTION 28
A large financial services company has used 2 types of Oracle DB Systems. In Oracle Cloud Infrastructure (OCI) to store user dat a. One is running on a VM.Standard2.8 shape and the other on a VM.Standard 2.4 shape.
As business grows, data is growing rapidly on both the databases and performance is also degrading. The company wants to address this problem with a viable and economical solution.
As the solution architect for that company you have suggested that they move their databases to Autonomous Transaction Processing Serverless (ATP-S) database.
Which two factors should you consider before you arrived at that recommendation?
- A. Confirm that ATP-S allows customers to compress tablespaces to reduce storage costs
- B. Upon provisioning, ATP-S automatically scales up CPU to meet the application's processing requirements.
- C. You verified that ATP S supports the database features and options currently being used by the 2 databases.
- D. Validate that ATP-S will support the storage and processing requirements for the 2 databases over the life cycle of the business applications.
Answer: C,D
Explanation:
Not all features present in Oracle Database Enterprise Edition are available in ATP, and some some Oracle Database features are restricted, for example, database features designed for administration are not available. so you need to validate it first, You can find a complete list of the features that are not supported,
https://docs.oracle.com/en/cloud/paas/atp-cloud/atpug/experienced-database-users.html#GUID-58EE6599-6DB4-4F8E-816D-0422377857E5 Also, you must specify the initial storage required for your database but ADB is elastic, so it is possible to grow or shrink your database as needed.
NEW QUESTION 29
A FinTech startup is developing a new blockchain based application to provide Smart Contracts using micro-services architecture. The development team is planning to deploy the application using containers and looking for a reliable way to build, deploy and manage their cloud-native application.
Additionally, they need an easy way to store, share and manage their application artifacts.
Which option should you recommend for this application?
- A. Install and manage a Kubernetes cluster on OCI Compute Instances and use OCI Resource Manager for management of application artifacts
- B. Use Oracle Container Engine for Kubernetes (OKE) to manage of cloud-native applications and OCI Registry for application artifacts
- C. Use Oracle Container Engine for Kubernetes (OKE) to manage the deployment environment and OCI Functions for application artifacts
- D. Use and OCI Resource Manager to manage cloud-native application and make the application artifacts available using OCI Functions
Answer: B
Explanation:
Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully-managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. Use Container Engine for Kubernetes (sometimes abbreviated to just OKE) when your development team wants to reliably build, deploy, and manage cloud-native applications. You specify the compute resources that your applications require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing OCI tenancy.
Oracle Cloud Infrastructure Registry is an Oracle-managed registry that enables you to simplify your development to production workflow. Oracle Cloud Infrastructure Registry makes it easy for you as a developer to store, share, and manage development artifacts like Docker images. And the highly available and scalable architecture of Oracle Cloud Infrastructure ensures you can reliably deploy your applications.
So you don't have to worry about operational issues, or scaling the underlying infrastructure.
NEW QUESTION 30
A global media organization is working on a project which lets users upload their videos to the site. After upload is complete, the video should be automatically processed by an Al algorithm. The algorithm will try to recognize certain actions in the videos so that it can be used to show related advertisements in future. The development team wants to focus on writing Al code and not worry about underlying infrastructure for high availability, scalability, security and monitoring.
Which Oracle Cloud Infrastructure (OCI) services would meet these requirements?
- A. Oracle Container Engine for Kubernetes, OCI Notifications and OCI Object Storage.
- B. OCI Resource Manager, OCI Functions and OCI Events service.
- C. OCI Object Storage, OCI Events service and OCI Functions.
- D. OCI Events, Oracle Container Engine for Kubernetes and OCI Digital Assistant.
Answer: C
NEW QUESTION 31
A global retailer is setting up the cloud architecture to be deployed in Oracle Cloud infrastructure (OCI) which will have thousands of users from two major geographical regions: North America and Asia Pacific. The requirements of the services are:
* Service needs to be available 27/7 to avoid any business disruption
* North American customers should be served by application running In North American regions
* Asia Pacific customers should be served by applications running In Asia Pacific regions
* Must be resilient enough to handle the outage of an entire OCI region
- A. OCl DNS, Traffic Management with Failover steering policy
- B. OCl DNS,' Traffic Management with Load Balancer steering policy, Health Checks
- C. OCl DNS, Traffic Management with Geolocation steering policy
- D. OCl DNS, Traffic Management with Geolocation steering policy. Health Checks
Answer: D
Explanation:
GEOLOCATION STEERING
Geolocation steering policies distribute DNS traffic to different endpoints based on the location of the end user. Customers can define geographic regions composed of originating continent, countries or states/provinces (North America) and define a separate endpoint or set of endpoints for each region. Combine with Oracle Health Checks to fail over from one region to another
NEW QUESTION 32
A hospital in Austin has hosted its web based medical records portal entirely In Oracle cloud Infrastructure (OCI) using Compute Instances for its web-tier and DB system database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the security professional to check their systems it was found that there are a lot of unauthorized coming requests coming from a set of IP addresses originating from a country in Southeast Asia.
Which option can mitigate this type of attack?
- A. Block the attacking IP address by creating by Network Security Group rule to deny access to the compute Instance where the web server Is running
- B. Mitigate the attack by changing the Route fable to redirect the unauthorized traffic to a dummy Compute instance
- C. Block the attacking IP address by implementing a OCI Web Application Firewall policy using Access Control Rules
- D. Block the attacking IP address by creating a Security List rule to deny access to the subnet where the web server Is running
Answer: C
Explanation:
Explanation
WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications.
WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter. Access rules can limit based on geography or the signature of the request.
As a WAF administrator you can define explicit actions for requests that meet various conditions. Conditions use various operations and regular expressions. A rule action can be set to log and allow, detect, or block requests
NEW QUESTION 33
You are working as a solution architect for a customer in Frankfurt, which uses multiple compute instance VMs spread among three Availability Domains in the Oracle Cloud Infrastructure (OCI) eu-frankfurt-1 region.
The compute instances do not have public IP addresses and are running in private subnets inside a Virtual Cloud Network (VCN). You have set up OCI Autoscaling feature for the compute instances, but find out that instances cannot be auto scaled. You have enabled monitoring on the instances.
What could be wrong in this situation?
- A. You need to set up a Service Gateway to send metrics to the OCI Monitoring service.
- B. Autoscaling only works with single availability domains.
- C. Autoscaling only works for instances with public IP addresses.
- D. You need to assign a reserved public IP address to the compute instances.
Answer: A
NEW QUESTION 34
A fast growing E-commerce company has deployed their online shopping application on Oracle Cloud Infrastructure. The application was deployed on compute instances with Autoscaling configuration for application servers fronted by a load balancer and OCI Autonomous Transaction Processing (ATP) in the backend. In order to promote their e-commerce platform 50% discount was announced on all the products for a limited period. During the day 1 of promotional period it was observed that the application is running slow and company's hotline is flooded with complaints.
What could be two possible reasons for this situation?
- A. As part of Autoscaling, the load balancer shape has dynamically changed to a larger shape to handle more incoming traffic and the system was slow for a short time during this change.
- B. The health check on some of the backend servers has failed and the load balancer was rebooting these servers.
- C. The health check on some of the backend servers has failed and the load balancer has taken those servers temporarily out of rotation.
- D. Autoscaling has already scaled to the maximum number of instances specified in the configuration and there is no room for scaling further.
Answer: C,D
NEW QUESTION 35
You have been asked to review some network proposals by a major client. The client's IT director needs to provision two Virtual Cloud Network (VCN) for a major application. Both applications use a large number of virtual machine instances, and so will ideally occupy VCNs with as many address spaces as possible. Additionally, in the future, VCN peering will be required to allow communication between the VCNs.
Which of the following are valid IP ranges to consider for the VCNs?
- A. 10.0.0.0/8 and 11.0.0.0/8
- B. 10.0.0.0/24 and 10.0.1.0/24
- C. 10.0.0.0/16 and 10.0.64.0/24
- D. 10.0.1.0/24 and 10.0.1.0/27
Answer: B
NEW QUESTION 36
You are trying to troubleshoot the configuration of your Oracle Cloud Infrastructure (OCI) Load Balancing service. You have a backend HTTP service for which you have created a backend set in the load balancer. You have configured health checks for the backend set. Although the health checks appear good, customers sometimes experience transaction failures.
Which of the following options will definitely lead to this problem?
- A. You are using OCI Domain Name System. You have misconfigured the 'A' record with the wrong IP address leading to requests not getting routed correctly.
- B. You are using iSCI for block volume attachment to the compute instances in your backed HTTP service.
TCP/IP configuration of your block volume attachment is not configured correctly, leading to issues in your backend service. - C. You are NOT using regional subnets in your Virtual Cloud Network. With Availability Domain (AD) specific subnet. the compute instances of the backend service running in the subnet have issues when the AD is down.
- D. You are running a TCP-level health check against your HTTP service. The TCP handshake can succeed and indicate that the service is up even when the HTTP service has issues.
Answer: D
NEW QUESTION 37
......
1Z0-997-20 Exam Dumps - PDF Questions and Testing Engine: https://www.pass4surequiz.com/1Z0-997-20-exam-quiz.html