1z0-997-21 Study Guide Brilliant 1z0-997-21 Exam Dumps PDF View 1z0-997-21 Exam Question Dumps With Latest Demo NEW QUESTION 40 An online gaming application is deployed to multiple Availability Domains in the Oracle Cloud Infrastructure (OCI) us-ashburn-1 region. Considering the high volume of traffic that the gaming application handles, the company has hired you to ensure that the data stored by the [...]

All Products Contact now

1z0-997-21 Study Guide Brilliant 1z0-997-21 Exam Dumps PDF [Q40-Q57]

Share

1z0-997-21 Study Guide Brilliant 1z0-997-21 Exam Dumps PDF

View 1z0-997-21 Exam Question Dumps With Latest Demo

NEW QUESTION 40
An online gaming application is deployed to multiple Availability Domains in the Oracle Cloud Infrastructure (OCI) us-ashburn-1 region. Considering the high volume of traffic that the gaming application handles, the company has hired you to ensure that the data stored by the application is scalable, highly available, and disaster resilient. In the event of failure, the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) must be less than 2 hours.
Which Disaster Recovery strategy should be used to achieve the RTO and RPO requirements in the event of a system failure?

  • A. Create a user defined backup policy with a schedule of generating hourly backups for block volumes.
  • B. Configure hourly block volumes backups through the OCI Storage Gateway service.
  • C. Configure hourly block volumes backups using the OCI Command Line Interface (CLI).
  • D. Create a user defined backup policy with a schedule of generating daily backups for block volumes.

Answer: C

 

NEW QUESTION 41
A retail company has several on-premises data centers which span multiple geographical locations. They plan to move some of their applications from on-premises data centers to Oracle Cloud Infrastructure (OCI). For these applications running in OCI, they still need to interact with applications running on their on-premises data centers to Oracle Cloud Infrastructure (OCI). for these applications running in OCI. they still need to interact with applications running on their on-premises data centers. These applications require highly available, fault-tolerant network connections between on premises data centers and OCI.
Which option should you recommend to provide the highest level of redundancy?

  • A. Use FastConnect private peering only to ensure secure access from your data center to Oracle Cloud Infrastructure
  • B. If your data centers span multiple, geographical locations, use only the specific IP address as a static route for the specific geographical location
  • C. Set up a single IPSec VPN connection (rom your data center to Oracle Cloud Infrastructure since It is cost effective
  • D. Set up both IPSec VPN and FastConnect to connect your on premises data centers to Oracle Cloud Infrastructure.
  • E. Oracle cloud Infrastructure provides network redundancy by default so that no other operations are required

Answer: B

Explanation:
If your data centers span multiple geographical locations, we recommend using a broad CIDR (0.0.0.0/0) as a static route in addition to the CIDR of the specific geographical location. This broad CIDR provides high availability and flexibility to your network design. For instance, the following diagram shows two networks in separate geographical areas that each connect to Oracle Cloud Infrastructure. Each area has a single on-premises router, so two IPSec VPN connections can be created. Note that each IPSec VPN connection has two static routes: one for the CIDR of the particular geographical area, and a broad 0.0.0.0/0 static route.

 

NEW QUESTION 42
You are working as a security consultant with a global insurance organization which is using Microsoft Azure Active Directory as an identity provider to manage user login/passwords. When a user logs in to Oracle Cloud Infrastructure (OCI) console, it should get authenticated by Azure AD.
Which set of steps are required to be configured in OCI to meet this requirement?

  • A. Setup Azure AD as an Identity Provider, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups.
  • B. Setup Azure AD as an Enterprise Application, configure OCI for single sign-on, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups.
  • C. Setup Azure AD as an Identity Provider, import users and groups from Azure AD to OCI, set up IAM policies to govern access to Azure AD groups.
  • D. Setup Azure AD as an Enterprise Application, map Azure AD users, groups and policies to OCI groups and users.

Answer: A

 

NEW QUESTION 43
Your organization is planning on using Oracle Cloud Infrastructure (OCI) File Storage Service (FSS). You will be deploying multiple compute instance in Oracle Cloud Infrastructure(OCI) and mounting the file system to these compute instances.
The file system will hold payment data processed by a Database instance and utilized by compute instances to create a overall inventory report. You need to restrict access to this data for specific compute instances and must be allowed/blocked per compute instance's CIDR block.
Which option can you use to secure access?

  • A. Use 'Export option' feature of FSS to restrict access to the mounted file systems.
  • B. Use stateless Security List rule to restrict access from known IP addresses only.
  • C. Create a new VCN security list, choose SOURCE TYPE as Service and SOURCE SERVICE as FSS. Add stateless ingress and egress rules for specific IP address and CIDR blocks.
  • D. Create and configure OCI Web Application Firewall service with built in DNS based intelligent routing.

Answer: A

 

NEW QUESTION 44
You are working as a solution architect for an online retail store to create a portal to allow the users to pay for their groceries using credit cards. Since the application is not fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), your company is looking to use a third party payment service to process credit card payments.
The third party service allows a maximum of Spelunk IP addresses 5 public IP addresses at a time However, your website is using Oracle Cloud Infrastructure (OCI) Instance Pool Auto Scaling policy to create up to create up to 15 Instances during peak traffic demand, which are launched In VCN private in VCN private subnets and attached to an OCI public Load Balancer. Upon user payment, the portal connects to the payment service over the Interne! to complete the transaction What solution can you implement to make sure that all compute Instances can connect to the third party system to process the payments aw peak traffic demand?

  • A. Route credit card payment request from the compute instances through the NAT Gateway. On the third-party services, whitelist the public IP associated with the NAT Gateway.
  • B. Whitelist the Internet Gateway Public IP on the third party service and route all payment requests through the Internet Gateway.
  • C. Route payment request from the compute instances through the OCI Load Balancer, which will then be routed to the third party service.
  • D. Create an OCI Command Line Interface (CLI) script to automatically reserve public IP address for the compute instances. On the third-party services, whitelist the Reserved public IP.

Answer: A

 

NEW QUESTION 45
Your customer has gone through a recent departmental re structure. As part of this change, they are organizing their Oracle Cloud Infrastructure (OCI) compartment structure to align with the company's new organizational structure.
They have made the following change:
Compartment x Is moved, and its parent compartment is now compartment c.

Policy defined in compartment A: Allow group networkadmins to manage subnets in compartment X Policy defined in root compartment: Allow group admins to read subnets in compartment Finance:A:X After you move the compartment, which two IAM policies would be required to ensure both groups retain the same permissions to compartment X that they had before? (Choose two.)

  • A. Define a policy in compartment C as follows: Allow group networkadmins to read subnets in compartment X
  • B. Define a policy in compartment HR as follows: Allow group networkadmins to manage subnets in compartment C:X.
  • C. Define a policy in the root compartment as follows: Allow group admins to read subnets in compartment HR:C:X
  • D. Define a policy in the root compartment as follows: Allow group admins to manage subnets in compartment Finance:A:X

Answer: B,C

 

NEW QUESTION 46
A cost conscious fashions design company which sells bags, clothes, and other luxury items has recently decided to more all of the their on-premises infrastructure Oracle Cloud Infrastructure (OCI), One of their on-premises application is running on an NGINX server and the Oracle Database is running in a 2 node Oracle Real Application Clusters (RAC) configuration.
Based on cost considerations, what is an effective mechanism to migrate the customer application to OCI and set up regular automated backups?

  • A. Launch a Compute instance and run a NGINX Server to host the application. Deploy a 2 node VM DB Systems with Oracle RAC enabled Import the on premises database to OCI VM DB Systems using data pump and then enable automatic backup- Also, enable Oracle Data Guard on the database server
  • B. Launch a compute Instance and run a NGINX server to host the application. Deploy a 2 node VM DB Systems with oracle RAC enabled import the on premises database to OCI VM DB Systems using oracle Data Pump and then enable automatic backups.
  • C. Launch a compute Instance and run an NGINX server to host the application. Deploy Exadata Quarter Rack, enable automatic backups and import the database using Oracle Data Pump.
  • D. Launch a compute Instance for both the NGINX application server and the database server. Attach block volumes on the database server compute instance and enable backup policy to backup the block volumes.

Answer: B

Explanation:
Based on cost considerations will exclude the Exadata. and there's no need for Data Guard Cost Estimator
https://www.oracle.com/cloud/cost-estimator.html

 

NEW QUESTION 47
You are building a highly available and fault tolerant web application deployment for your company. Similar application delayed by competitors experienced web site attack including DDoS which resulted in web server failing.
You have decided to use Oracle Web Application Firewall (WAF) to implement an architecture which will provide protection against such attacks and ensure additional configuration will you need to implement to make sure WAF is protecting my web application 24*7.
Which additional configuration will you need to Implement to make sure WAF Is protecting my web application 24*7?

  • A. Configure new rules based on now vulnerabilities and mitigations
  • B. Configure multiple origin servers
  • C. Configure Control Rules to send traffic to multiple web servers
  • D. Configure auto scaling policy and it to WAF instance.

Answer: B

Explanation:
Origin Management
An origin is an endpoint (typically an IP address) of the application protected by the WAF. An origin can be an Oracle Cloud Infrastructure load balancer public IP address. A load balancer IP address can be used for high availability to an origin. Multiple origins can be defined, but only a single origin can be active for a WAF. You can set HTTP headers for outbound traffic from the WAF to the origin server. These name value pairs are then available to the application.
Oracle Cloud Infrastructure Web Application Firewall (WAF) is a cloud-based, Payment Card Industry (PCI) compliant, global security service that protects applications from malicious and unwanted internet traffic.
WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications. WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter. Access rules can limit based on geography or the signature of the request.
Distributed Denial of Service (DDoS)
A DDoS attack is an often intentional attack that consumes an entity's resources, usually using a large number of distributed sources. DDoS can be categorized into either Layer 7 or Layer 3/4 (L3/4) A layer 7 DDoS attack is a DDoS attack that sends HTTP/S traffic to consume resources and hamper a website's ability to delivery content or to harm the owner of the site. The Web Application Firewall (WAF) service can protect layer 7 HTTP-based resources from layer 7 DDoS and other web application attack vectors.

 

NEW QUESTION 48
A company has an application that processes confidential dat
a. The data is currently stored in an on-premises data center. A solution architect needs to move this data to Oracle Cloud Infrastructure (OCI) Object Storage and ensure data is encrypted in-transit to OCI.
Which two steps should the solution architect perform to set up the most cost-effective connection between on-premises data center and OCI?

  • A. Attach an Internet Gateway to Virtual Cloud network(VCN).
  • B. Set up private end point for accessing Object Storage.
  • C. Set up VPN Connect between the customer equipment and the Dynamic Routing Gateway.
  • D. Configure a private peering connection on the Oracle FastConnect
  • E. Configure a service gateway accessing Object Storage.
  • F. Set up an IPsec tunnel between the customer equipment and software VPN on an oci instance

Answer: C,E

 

NEW QUESTION 49
An insurance company is storing critical financial data in the OCI block volume. This volume is currently encrypted using oracle managed keys. Due to regulatory compliance, the customer wants to encrypt the data using the keys that they can control and not the keys which are controlled by Oracle.
What of the following series of tasks are required to encrypt the block volume using customer managed keys?

  • A. Create a vault, import your master encryption key into the vault, generate data encryption key, assign data encryption key to the block volume
  • B. Create a master encryption key, create a data encryption key, decrypt the block volume using existing oracle managed keys, encrypt the block volume using the data encryption key
  • C. Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume
  • D. Create a master encryption key, create a new version of the encryption key, decrypt the block volume using existing oracle managed keys and encrypt using new version of the encryption key

Answer: C

Explanation:
Explanation
Oracle Cloud Infrastructure Vault lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources. You can use the Vault service to create and manage the following resources:
Vaults
Keys
Secrets
Vaults securely store master encryption keys and secrets that you might otherwise store in configuration files or in code.
The Vault service lets you create vaults in your tenancy as containers for encryption keys and secrets. If needed, a virtual private vault provides you with a dedicated partition in a hardware security module (HSM), offering a level of storage isolation for encryption keys that's effectively equivalent to a virtual independent HSM.

 

NEW QUESTION 50
You work for a large bank where your main application is a payment processing gateway API. You deployed the application on Oracle Container Engine for Kubernetes (OKE) and used API Gateway with several policies to control the access of the API endpoint.
However, your customers are complaining about the unavailability of the API endpoint. Upon checking, you noticed that the Gateway URL is throwing Service Unavailable error. You need to check the backend latency and backend responses when this error started last night.
What should you do to get this data? (Choose the best answer.)

  • A. Go to Governance Menu and click on Audit to see the Audit log for the API Gateway. Filter it using Start and End date with a 503 response status.
  • B. Go to Developer Services and click on API Gateway. Go to the detail page of the gateway and select Metrics. Change the Start and End time to filter the metrics.
  • C. Check with the application owner and search the log file for the container to get the metrics from the log file.
  • D. Go to Monitoring and click on Service Metrics. Choose the Metric Namespace as oci_apigateway. Change the Start and End time accordingly. Add a Dimension and select httpStatusCode: 503. Check the backend latency and backend responses metric.

Answer: D

Explanation:
https://medium.com/oracledevs/using-oci-monitoring-healthchecks-to-schedule-execution-of-serverless-functions-on-oracle-cloud-ef233f887a5

 

NEW QUESTION 51
Which of the below options is true regarding Oracle Cloud Infrastructure's load balancing service?

  • A. The public load balancer applies a floating public IP address to the primary load balancer.
  • B. You can dynamically change the load balancer shape to handle more incoming traffic.
  • C. A public load balancer is Availability Domain specific in scope.
  • D. When you create a private load balancer, the service requires 2 or more subnets to host both the primary and standby load balancers.

Answer: A

 

NEW QUESTION 52
You have an Oracle database system in a virtual cloud network (VCN) that needs to be accessible on port 1521 from your on-premises network CIDR 172.17.0.0/24.
You have the following configuration currently.
Virtual cloud network (VCD) is associated with a Dynamic Routing Gateway (DRG), and DRG has an active IPSec connection with your on-premises data center.
Oracle database system is hosted in a private subnet
The private subnet route table has the following configuration
The private subnet route table has following configuration.

However, you are still unable to connect to the Oracle Database system.
Which action will resolve this issue?
A)
Add an EGRESS rule in network security group as following.

B)
Add a route rule in the private subnet route table as following.

C)
Add an EGRESS rule in private subnet scurity list as following.

D)
Add an EGRESS rule in private subnet security list as following.

  • A. Option D
  • B. Option C
  • C. Option B
  • D. Option A

Answer: B

 

NEW QUESTION 53
You are tasked with building a highly available, fault tolerant web application for your current employer. The security team is concerned about an increase in malicious web-based attacks across the internet and asked what you can do to add a higher level of security to the website.
How should you architect the solution on Oracle Cloud Infrastructure (OCI) to meet all requirements defined by your organization? (Choose the best answer.)

  • A. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Deploy a Web Application Firewall (WAF) and configure the load balancer public IP address as the origin.
  • B. Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Ensure that each web application server is assigned a public IP address. Deploy a Web Application Firewall (WAF) and configure one Origin for each public IP address.
  • C. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Create a Geolocation steering policy in Traffic Management and add an answer pool that directs to the public IP address of the load balancer. Configure a global catch-all rule to use this answer pool.
  • D. Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Use the OCI Traffic Management service to create a load balancing policy that will resolve DNS evenly between all web servers.

Answer: A

 

NEW QUESTION 54
Which of the following is NOT a good use case for the volume backup feature of the Oracle Cloud Infrastructure Block Volume service?

  • A. Rapidly duplicate an environment in seconds to test configuration changes without impacting your production environment.
  • B. Support business continuity requirements of reducing the risk of outages or data mutation over time.
  • C. Retain a copy of data in a volume, so that you can duplicate an environment later or preserve the data for future use.
  • D. Meet compliance and regulatory requirements for data to remain unchanged over time, so that it can be retrieved for audit purposes.

Answer: A

 

NEW QUESTION 55
As an administrator you want to give users of ObjectWriters group full access to bucket Bucket-A and its objects in compartment comp-images. You want users of ObjectWriters to not be able to access or modify properties of any other buckets and its objects in the compartment comp-images.
Select the statement(s) below that will best define your IAM policies.

  • A. Allow group ObjectWriters to inspect buckets in compartment comp-images Allow group ObjectWriters to read buckets in compartment comp-images where target.bucket.name=' Bucket-A" Allow group ObjectWriters to manage objects in compartment comp-images where target.bucket.name=' Bucket-A'
  • B. Allow group ObjectWriters to manage buckets in compartment comp-images where target.bucket.name=' Bucket-A'
  • C. Allow group ObjectWritexs to read buckets in compartmentcomp-images Allow group ObjectWriters to manage objects in compartment comp- images where target.bucket.name= 'Bucket-A'
  • D. Allow group ObjectWriters to mange buckets in compartment comp- images Allow group ObjectWriters to manage objects in compartment comp-images where target.bucket.name= 'Eucket-A'

Answer: A

 

NEW QUESTION 56
Your company needs to migrate a business critical application from your data center to Oracle Cloud Infrastructure (OCI). The application runs on Oracle Database and both the application and database servers run on Oracle Linux version 7. The application server is WebLogic server running on multiple 4-core servers and the database is deployed as an Oracle Database Enterprise Edition RAC database on 2 servers (4-cores each).
Which method of database migration should you choose so that the application has minimal impact? (Choose the best answer.)

  • A. Deploy Virtual Machine RAC DB system on OCI and use the Oracle Database Backup module with RMAN to migrate the data from customer on-premises to OCI.
  • B. Deploy Exadata Cloud Service Base rack and use Oracle Data Pump tool to migrate the data from customer on-premises to OCI.
  • C. Deploy Autonomous Transaction Processing Database on OCI and use the MV2ADB tool for the database migration.
  • D. Deploy Virtual Machine RAC DB system on OCI and use the ZDM tool for the database migration.

Answer: D

Explanation:
https://docs.oracle.com/en/database/oracle/zero-downtime-migration/19.2/zdmug/introduction-to-zero-downtime-migration.html#GUID-FF4CA22F-CC83-4118-AF26-6E7BE224717F

 

NEW QUESTION 57
......


Oracle 1z0-997-21 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Design scalable and elastic solutions for high availability and disaster recovery
  • Design strategy for migrating on-premises workloads to OCI
Topic 2
  • Manage infrastructure using OCI CLI, APIs and SDKs
  • Plan and design solutions in Oracle Cloud Infrastructure (OCI)
Topic 3
  • Design, implement and operate solutions to meet compliance requirements
  • Plan and design solutions to meet business and technical requirements
Topic 4
  • Design for Security and Compliance
  • Evaluate and implement databases
  • Operate and troubleshoot databases
Topic 5
  • Create architecture patterns including N-tier applications, microservices, and serverless architectures
  • Implement and troubleshoot database migrations

 

Free 1z0-997-21 Test Questions Real Practice Test Questions: https://www.guidetorrent.com/1z0-997-21-pdf-free-download.html

Related Articles

more
Oracle 1z0-997-21 Certification Practice Exam