1Z0-997-20 Online Practice Questions and Answers

A telecom company has an application running in Oracle Cloud Infrastructure (OCI) Germany Central (eu-frankfurt-1) region. They want to configure Disaster Recovery (DR) site in the OCI UK South (uk-london-1) region. Which is the most cost effective option to help set up application and persistence layers in the DR site?

A. Application layer: configure events service rule in eu-frankfurt-1 region to filter Health Checks event failure and route traffic to uk-london-1 region in the event of a disaster. Persistence layer: set up policy to schedule cross-region automated backups of block volumes between eu-frankfurt-1 and uk-london-1 regions.

B. Application layer: configure Traffic Management steering policy with Load Balancing policy between servers in eu-frankfurt-1 and uk-london-1 regions. Persistence layer: set up policy to schedule cross-region automated backups of block volumes between eu-frankfurt-1 and uk-london-1 regions.

C. Application layer: Set us a public laod balancerin the eu-frankfurt-1 region. Create a backend set with instances running in bothuk-frankfurt-1 and uk-london-1 regions. Persistence layer: Set up OCI Object Storage replication from eu-frankfurt-1 region to uk- london-1 region.

D. Application layer: configure Traffic Management steering policy with Failover policy between servers in eu-frankfurt-1 and uk-london-1 regions. Persistence layer: set up policy to schedule cross-region automated backups of file systems in File Storage service between eu-frankfurt-1 and uk-london-1 regions.

An insurance company is storing critical financial data in the OCI block volume. This volume is currently encrypted using oracle managed keys. Due to regulatory compliance, the customer wants to encrypt the data using the keys that they

can control and not the keys which are controlled by Oracle.

What of the following series of tasks are required to encrypt the block volume using customer managed keys?

A. Create a vault, import your master encryption key into the vault, generate data encryption key, assign data encryption key to the block volume

B. Create a master encryption key, create a data encryption key, decrypt the block volume using existing oracle managed keys, encrypt the block volume using the data encryption key

C. Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume

D. Create a master encryption key, create a new version of the encryption key, decrypt the block volume using existing oracle managed keys and encrypt using new version of the encryption key

Your Oracle database is deployed on-premises and has produced 100 TB database backup locally. You have a disaster recovery plan that requires you to create redundant database backups in Oracle Cloud Infrastructure (OCI).

Once the initial backup is completed, the backup must be available for retrieval in less than 30 minutes to support the Recovery Time Objective (RTO) of your solution.

Which is the most cost effective option to meet these requirements?

A. Setup an IPsec VPNConnect between on-premises data center and OCI. Then to use OCI CLI command to upload database backups to OCI Object Storage Archive tier as the final destination.

B. Use OCI Storage Gateway to transfer the backup files to OCI Object Storage Archive tier as the final destination.

C. Setup a FastConnect connection between on-premises data center and OCI. Then to use OCI CLI command to upload database backups to OCI Object Storage Standard tier as the final destination.

D. Use OCI Storage Gateway to transfer the backup files to OCI Object Storage Standard tier as the final destination.

You have an Oracle database system in a virtual cloud network (VCN) that needs to be accessible on port 1521 from your on-premises network CIDR 172.17.0.0/24.

You have the following configuration currently.

Virtual cloud network (VCD) is associated with a Dynamic Routing Gateway (DRG), and DRG has an active IPSec connection with your on-premises data center.

Oracle database system is hosted in a private subnet

The private subnet route table has the following configuration

The private subnet route table has following configuration.

However, you are still unable to connect to the Oracle Database system. Which action will resolve this issue?

A. Option A

B. Option B

C. Option C

D. Option D

You are the security architect for a medium sized e-commerce company that runs all of their applications in Oracle Cloud Infrastructure (OCI). Currently, there are 14 unique applications, each deployed and secured in their own compartment. The Operations team has procured a new monitoring tool that will be deployed throughout the OCI ecosystem. Their requirement is to deploy one management node into each compartment.

Currently, the Operations team Identity and Access Management (IAM) group has the following policy: allow group OpsTeam to READ all-resources in tenancy

Once the new monitoring nodes are deployed, the Operations team may need to stop, start, or reboot them occasionally.

What is the most efficient solution to allow the Operations team to fully manage the monitoring nodes, without allowing them to alter other resources across the tenancy?

A. In each of the 14 compartments, create a new policy with the following statement: allow group OpsTeam to manage instance-family in compartment XXX where XXX is the name of the compartment where you are creating the policy.

B. Create a new policy in the root compartment with the following policy statement: allow group OpsTeam to manage instance-family in tenancy where ANY (request.operation ?`UpdateInstance', request.operation ?`InstanceAction')

C. Tag all the monitoring nodes with the defined tag AllPolicy:AllowAccess:OpsTeam and write the following IAM policy: allow group OpsTeam to manage instance-family in tenancy where target.resource.tag.AllPolicy.AllowAccess ? `OpsTeam'

D. Tag all the monitoring nodes with the free-form tag AllowAccess:OpsTeam and write the following IAM policy: allow group OpsTeam to manage instance-family in tenancy where target.resource.tag.AllowAccess = `OpsTeam'

A data analytics company has been building its next-generation big data and analytics platform on Oracle Cloud Infrastructure (OCI) in the US East (Ashburn) region. They need a storage service that provides the scale and performance that their big data applications require such as high throughput to compute nodes coupled with low latency file operations.

In addition, they need to allow concurrent connections from multiple compute instances hosted in multiple Availability Domains and want to be able to quickly restore a previous version of the data in case of a need to roll back any major update.

Which option can they use to meet these requirements in the most cost-effective way?

A. Create a file system and mount target in the OCI File Storage service. Mount it into all the required compute instances. Take snapshots of the file system before each update.

B. Create block volume, attach it with read/write, shareable access type to all the required compute instances. Take a backup of the volume before each update.

C. Create an Object Storage bucket with object versioning enabled. Provision a compute instance to host the Storage Gateway and share the bucket via NFS, Mount the NFS into all the required compute instances.

D. Create a connection with the on-premises data center via FastConnect. Mount the shared NFS hosted on-premises.

An automobile company wants to deploy their CRM application for Oracle Database on Oracle Cloud Infrastructure (OC1) DB Systems for one of major clients. In compliance with the Business Continuity Program of the client, they need to provide a Recovery Point objective (RPO) of 24 hours and a Recovery time objective (RTO) of 24 hours and Recovery Time Objective (RTO) of 1 hour.

The CRM application should be available oven in me event that an entire on Region is down.

Which approach Is the most suitable and cost effective configuration for this scenario?

A. Deploy a 1 node VM Oracle database in one region and replicate the database to a 1 node VM Oracle database in another region using a manual setup and configuration of Oracle Data Guard.

B. Deploy a 2 node Virtual Machine (VM) Oracle RAC database in one region and replicate the database to a 2 node VM Oracle RAC database in another region using a manual setup and configuration of Oracle Data Guard.

C. Deploy a 1 node VM Oracle database in one region. Manual Configure a Recovery Manager (RMAN) database backup schedule to take hourly database backups. Asynchronously copy the database backups to object storage in another OCI region, If the primary OCI region is unavailable launch a new 1 new VM Database in the other OCI region restore the production database from the backup.

D. Deploy an Autonomous Transaction Processing (Serverless) database in one region and replicate it to an Autonomous Transaction Processing (Serverless) database in another region Oracle GoldenGate.

You are working as a cloud consultant for a major media company. In the US and your client requested to consolidate all of their log streams, access logs, application logs, and security logs into a single system.

The client wants to analyze all of their logs In real-time based on heuristics and the result should be validated as well. This validation process requires going back to data samples extracted from the last 8 hours.

What approach should you take for this scenario?

A. Create an auto scaling pool of syslog-enabled servers using compute instances which will store the logs In Object storage, then use map reduce jobs to extract logs from Object storage, and apply heuristics on the logs.

B. Create a bare-metal instance big enough to host a syslog enabled server to process the logs and store logs on the locally attached NVMe SSDs for rapid retrieval of logs when needed.

C. Set up an OCI Audit service and ingest all the API arils from Audit service pragmatically to a client side application to apply heuristics and save the result in an OCI Object storage.

D. Stream all the logs and cloud events of Events service to Oracle Streaming Service. Build a client process that will apply heuristics on the logs and store them in an Object Storage.

All three Data Guard Configuration are fully supported on Oracle Cloud infrastructure (OCI). You want to deploy a maximum availability architecture (MAA) for database workload.

Which option should you consider while designing your Data Guard configuration to ensure best RTO and PRO without causing any data loss?

A. Configure "Maximum Protection" mode which provides zero data loss If the primary database fails.

B. Configure "Maximum Performance" mode In SYNC mode between two availability domains (same region) which provides, the highest level of data protection that is possible without affecting the performance of the primary database.

C. Configure ''Maximum Scalability" mode which provides the highest level of scalability without compromising the availability of the primary database.

D. Configure ''Maximum Availability" mode in SYNC mode between two availability domains (same region), and use the Maximum Availability mode in SYNC mode between two regions.

Your organization needs to migrate legacy monolithic applications into cloud-native containerized RESTful microservices. The development team is testing the use of packaged procedures with containers in a fully serverless environment. Before migrating the existing code to production, the team decides to perform a lift and shift of the monolithic application and code the new features that are essential for serverless microservices.

You want to carry out a steady migration to the Oracle Cloud Infrastructure (OCI) platform, making the new microservice functionalities available while maintaining the monolithic application for all the other activities. You also want to integrate the legacy monolithic application with the new microservices to have a single interface with simplified management for auditing and monitoring while meeting operational and compliance requirements.

How can you meet this requirement?

A. Push the container image to OCIR, build a serverless function using the OCI Functions serviceBYOD (Bring-Your-Own-Dockerfile) feature, build an API deployment specification with serverless functions as the back-end, and use an OCI API gateway to provide front- end access to that function.

B. Push the container image to the OCI code repository, create an instance template with a Docker container running the image, and create an instance pool with autoscaling configuration. Use the OCI load balancer to provide an API endpoint to connect with the microservice.

C. Push the container image to the OCI code repository, build a serverless function using the OCI Functions service BYOD feature, build an API deployment specification with serverless functions as the back-end, and use an OCI API gateway to provide front-end access to that function.

D. Push the container image to OCIR, create an instance template with a Docker container running the image, and create an instance pool with autoscaling configuration. Use the OCI load balancer to provide an API endpoint to connect with the microservice.