• Home
  • Articles
  • 2023 Valid 1z0-997-22 Real Exam Questions, practice Oracle Cloud Solutions Infrastructure [Q64-Q82]

2023 Valid 1z0-997-22 Real Exam Questions, practice Oracle Cloud Solutions Infrastructure [Q64-Q82]

Share

2023 Valid 1z0-997-22 Real Exam Questions, practice Oracle Cloud Solutions Infrastructure

Latest Success Metrics For Actual 1z0-997-22 Exam (Updated 167 Questions)


Oracle 1z0-997-22 certification exam is designed for professionals who want to validate their expertise in Oracle Cloud Infrastructure. 1z0-997-22 exam is intended to test the candidate's knowledge and skills in designing and implementing complex cloud solutions using Oracle's cloud infrastructure services. 1z0-997-22 exam covers a wide range of topics, including designing, deploying, and managing Oracle Cloud Infrastructure services, as well as security, networking, and automation.

 

NEW QUESTION # 64
You have decided to migrate your application to Oracle Cloud Infrastructure and use Oracle Functions to deploy your microservices.
Which monitoring metrics are available to help you calculate your total cost for using Oracle Functions per month? (Choose Two)

  • A. Number of times a function is invoked.
  • B. Network bandwidth used by your functions.
  • C. Amount of storage used by your functions.
  • D. Amount of RAM used by your functions.
  • E. Length of time a function runs.

Answer: A,E


NEW QUESTION # 65
Your security team has informed you that there are a number of malicious requests for your web application coming from a set of IP addresses originating from a country in Europe.
Which of the following methods can be used to mitigate these type of unauthorized requests?

  • A. Deny rules in Virtual Cloud Network Security Lists for the specific set of IP addresses.
  • B. Delete Internet Gateway from Virtual Cloud Network.
  • C. Deny rules in Virtual Cloud Network Security Group for the specific set of IP addresses.
  • D. Web Application Firewall policy using access control rules

Answer: D


NEW QUESTION # 66
You are working as a security consultant with a global insurance organization which is using Microsoft Azure Active Directory (AD) as identity provided to manager user login/passwords. When a user logs in to Oracle Cloud infrastructure (OCI) console, it should get authenticated by Azure AD.
Which set of steps are required to configure at OCI side in order to get it enabled

  • A. Setup Azure AD as an Enterprise Application, configure OCI for single sign-on, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups
  • B. Setup Azure AD as an Identity Provider, Import users and groups from Azure AD to OCI, set up IAM policies to govern access to Azure AD groups
  • C. Setup Azure AD as an Identity Provider, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups
  • D. Setup Azure AD as an Enterprise Application, map Azure AD users and groups and policies to OCI groups and users

Answer: C

Explanation:
Federating with Microsoft Azure Active Directory
To federate with Azure AD, you set up Oracle Cloud Infrastructure as a basic SAML single sign-on application in Azure AD. To set up this application, you perform some steps in the Oracle Cloud Infrastructure Console and some steps in Azure AD.
Following is the general process an administrator goes through to set up the federation. Details for each step are given in the next section.
In Oracle Cloud Infrastructure, download the federation metadata document.
In Azure AD, set up Oracle Cloud Infrastructure Console as an enterprise application.
In Azure AD, configure the Oracle Cloud Infrastructure enterprise application for single sign-on.
In Azure AD, set up the user attributes and claims.
In Azure AD, download the Azure AD SAML metadata document.
In Azure AD, assign user groups to the application.
In Oracle Cloud Infrastructure, set up Azure AD as an identity provider.
In Oracle Cloud Infrastructure, map your Azure AD groups to Oracle Cloud Infrastructure groups.
In Oracle Cloud Infrastructure, set up the IAM policies to govern access for your Azure AD groups.
Share the Oracle Cloud Infrastructure sign-in URL with your user


NEW QUESTION # 67
An upcoming e-commerce company has deployed their online shopping application on OCI. The application was deployed on compute instances with autoscaling configuration for application servers fronted by a load balancer and OCI Autonomous Transaction Processing (ATP) in the backend.
In order to promote their e-commerce platform 50% discount was announced on all the products for a limited period. During the day 1 of promotional period it was observed that the application is running slow and company's hotline is flooded with complaints.
What could be two possible reasons for this situation?

  • A. As part of autoscaling, the load balancer shape has dynamically changed to a larger shape to handle more incoming traffic and the system was slow for a short time during this change
  • B. The health check on some of the backend servers has failed and the load balancer was rebooting these servers.
  • C. The health check on some of the backend servers has failed and the load balancer has taken those servers temporarily out of rotation
  • D. The autoscaling has already scaled to the maximum number of instances specified in the configuration and there is no room of scaling

Answer: C,D


NEW QUESTION # 68
You are tasked with building a highly available, fault tolerant web application for your current employer. The security team is concerned about an increase in malicious web-based attacks across the internet and asked what you can do to add a higher level of security to the website.
How should you architect the solution on Oracle Cloud Infrastructure (OCI) to meet all requirements defined by your organization? (Choose the best answer.)

  • A. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Create a Geolocation steering policy in Traffic Management and add an answer pool that directs to the public IP address of the load balancer. Configure a global catch-all rule to use this answer pool.
  • B. Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Use the OCI Traffic Management service to create a load balancing policy that will resolve DNS evenly between all web servers.
  • C. Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Ensure that each web application server is assigned a public IP address. Deploy a Web Application Firewall (WAF) and configure one Origin for each public IP address.
  • D. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Deploy a Web Application Firewall (WAF) and configure the load balancer public IP address as the origin.

Answer: D


NEW QUESTION # 69
A hospital in Austin has hosted its web based medical records portal entirely In Oracle cloud Infrastructure (OCI) using Compute Instances for its web-tier and DB system database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the security professional to check their systems it was found that there are a lot of unauthorized coming requests coming from a set of IP addresses originating from a country in Southeast Asia.
Which option can mitigate this type of attack?

  • A. Block the attacking IP address by creating by Network Security Group rule to deny access to the compute Instance where the web server Is running
  • B. Block the attacking IP address by creating a Security List rule to deny access to the subnet where the web server Is running
  • C. Block the attacking IP address by implementing a OCI Web Application Firewall policy using Access Control Rules
  • D. Mitigate the attack by changing the Route fable to redirect the unauthorized traffic to a dummy Compute instance

Answer: C

Explanation:
WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications.
WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter. Access rules can limit based on geography or the signature of the request.
As a WAF administrator you can define explicit actions for requests that meet various conditions. Conditions use various operations and regular expressions. A rule action can be set to log and allow, detect, or block requests


NEW QUESTION # 70
Your company developed a function that needs to access the Oracle Database to inject some data to it at runtime. You are tasked to move this function to the Oracle Cloud Infrastructure (OCI) and use Oracle Functions and access Oracle Autonomous Database. You created a Dockerfile below to run this function, however, you are getting this error "cx_Oracle.DatabaseError: ORA""12560: TNS:protocol adapter error".

What should you do to make sure that Oracle Functions can run this Dockerfile properly? (Choose the best answer.)

  • A. Use """"privileged flag while running the Docker container to add runtime privilege
  • B. Use """"cap""add=ALL flag while running the Docker container to add runtime capability
  • C. Add these two lines to your Dockerfile: groupadd """"gid 1000 fn && \ adduser """"uid 1000 """"gid fn fn
  • D. You ned to run this Container as root, so add this line: USER root

Answer: C

Explanation:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsrunningasunprivileged.htm


NEW QUESTION # 71
Give this compartment structure:

You want to move a compute instance that is in 'Compute' compartment to 'SysTes-Team'.
You login to your Oracle Cloud Infrastructure (OCI)account and use the 'Move Resource' option.
What will happen when you attempt moving the compute resource?

  • A. The move will be successful though Compute Instance and its Public and Private IP address will stay the same. The Compute instance VNIC will still be associated with the original VCN.
  • B. The move will be successful though Compute Instance and its Public and Private IP address will stay the same. The Compute instance VNIC will need to be moved separately. The Compute instance will still be associated with the original VCN.
  • C. The move will be successful though Compute Instance Public and Private IP address changed, and it will be associated to the VCN in target compartment.
  • D. The move will fail and you will be prompted to move the VCN first. Once VCN is moved to the target compartment, the Compute instance can be moved.

Answer: A

Explanation:
Moving Resources to a Different Compartment
Most resources can be moved after they are created. There are a few resources that you can't move from one compartment to another. Some resources have attached resource dependencies and some don't.
Not all attached dependencies behave the same way when the parent resource moves.
For some resources, the attached dependencies move with the parent resource to the new compartment.
The parent resource moves immediately, but in some cases attached dependencies move asynchronously and are not visible in the new compartment until the move is complete.
For other resources, the attached resource dependencies do not move to the new compartment. You can move these attached resources independently.
You can move Compute resources such as instances, instance pools, and custom images from one compartment to another. When you move a Compute resource to a new compartment, associated resources such as boot volumes and VNICs are not moved.
You can move a VCN from one compartment to another. When you move a VCN, its associated VNICs, private IPs, and ephemeral IPs move with it to the new compartment.


NEW QUESTION # 72
An insurance company is storing critical financial data in the OCI block volume. This volume is currently encrypted using oracle managed keys. Due to regulatory compliance, the customer wants to encrypt the data using the keys that they can control and not the keys which are controlled by Oracle.
What of the following series of tasks are required to encrypt the block volume using customer managed keys?

  • A. Create a master encryption key, create a data encryption key, decrypt the block volume using existing oracle managed keys, encrypt the block volume using the data encryption key
  • B. Create a vault, import your master encryption key into the vault, generate data encryption key, assign data encryption key to the block volume
  • C. Create a master encryption key, create a new version of the encryption key, decrypt the block volume using existing oracle managed keys and encrypt using new version of the encryption key
  • D. Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume

Answer: D

Explanation:
Explanation
Oracle Cloud Infrastructure Vault lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources. You can use the Vault service to create and manage the following resources:
Vaults
Keys
Secrets
Vaults securely store master encryption keys and secrets that you might otherwise store in configuration files or in code.
The Vault service lets you create vaults in your tenancy as containers for encryption keys and secrets. If needed, a virtual private vault provides you with a dedicated partition in a hardware security module (HSM), offering a level of storage isolation for encryption keys that's effectively equivalent to a virtual independent HSM.


NEW QUESTION # 73
You developed a microservices based application that runs on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE). Your security team wants to use SSL termination for this application. What should you do to create a secure SSL termination for this application using fewest steps?

  • A. Add these annotationsto the Kubernetes service:
    annotations:
    service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443"
    service.beta.kubernetes.io/oci-load-balancer-ssl-secret-key: ssl-secret-key
  • B. Generate a self-signed certificate using Let's Encrypt. Use that certificate on OCI Load Balancer. Create the Kubernetes service usingthis load balancer.
  • C. Create a self-signed certificate and it's corresponding key. Create a Kubernetes secret using the certificate and the key. Then add these an notations to the Kubernetes service:
    annotations:
    service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443"
    service.beta.kubernetes.io/oci-load-balancer-security-list-management-mode:"Frontend"
  • D. Create a self-signed certificate and it's corresponding key. Create a Kubernetes secret using then add these annotationsto the Kubernetes service.
    Service.beta.kubernete.io/oci-load-balancer-ssl-ports: "443"
    Service.beta.kubernete.io/oci-load-balancer-tls-secret:SSL-CERTIFICATE-SECRET

Answer: D


NEW QUESTION # 74
Given this compartment structure:

You are managing a compute instance that currently resides in the Compute compartment. The Virtual Cloud Network (VCN) into which the compute instance was originally deployed, also resides in this compartment. To support a project-related task, you need to move just the compute instance to the SysTest-Team compartment. You log into your Oracle Cloud Infrastructure (OCI) account and use the Move Resource option to place the compute instance in the new compartment.
What will be the result of your attempt to move the compute instance to the new compartment? (Choose the best answer.)

  • A. The move will be successful. However, the compute instance's public and private IP addresses will change, and it will be associated to the first VCN that was created in the new, target compartment.
  • B. After moving the compute instance, you must move the compute instance VNIC as a separate action. The public and private IP addresses of the instance will remain unchanged and it will still be associated with the VCN from the source compartment.
  • C. The move will fail and you will be prompted to move the VCN first. Once VCN is moved to the target compartment, the compute instance can be moved.
  • D. The move will be successful. The compute instance's public and private IP addresses will stay the same. The compute instance will remain associated with the VCN from the source compartment.

Answer: B


NEW QUESTION # 75
There are two compartments: Networks and Devlnstances
There are two groups: NetworkAdmins with a user named Nick, and Devs with a user named Dave The following IAM policies are being used:
*Allow group NetworkAdmins to manage virtual-network-family in compartment Networks
*Allow group NetworkAdmins to manage instance-family in compartment Networks
*Allow group Devs to use virtual-network-family in compartment Networks
*Allow group Devs to manage all-resources in compartment Devlnstances
Nick creates a VCN in Networks compartment. Dave creates a VCN in Devlnstances compartment.
Which of the following statements is INCORRECT?

  • A. Dave launches instances in Devlnstances using the VCN in Networks compartment
  • B. Dave cannot launch new instances in Networks compartment
  • C. Nick launches instances in Networks using VCN in Devlnstances compartment
  • D. Nick cannot launch new instances in Devlnstances compartment

Answer: C


NEW QUESTION # 76
A large London based eCommerce company is running Oracle DB System Virtual RAC database on Oracle Cloud Infrastructure (OCI) for their eCommerce application activity. They are launching a new product soon, which is expected to sell in large quantities all over the world.
The application architecture should have minimal cost, no data loss, no performance impacts during the database backup windows and should have minimal downtime.

  • A. Turn off automated backups from the eCommerce database, implement Oracle Data Guard with the Standby database deployed on another availability domain, take backups from the standby database.
  • B. Launch a new VM RAC database in another availability domain, launch a compute instance, deploy Oracle GoldenGate on it and then configure it to replicate the data from the eCommerce Database over to the new RAC database using GoldenGate. Take backups from the new VM RAC database.
  • C. Launch a new VM RAC database in another availability domain, launch a compute instance, deploy Oracle GoldenGate on it and then configure bi-directional replication from the eCommerce Database over to the new VM RAC database using GoldenGate. Take backups from the new VM RAC database.
  • D. Turn off automatic backups from the eCommerce database, implement Oracle Active Data Guard with the standby database deployed on another availability domain, and take backups from the standby database.

Answer: C

Explanation:
Active Data Guard or GoldenGate are used for disaster recovery when fast recovery times or additional levels of data protection are required. And offload queries and backup to standby system.
Oracle GoldenGate to support a disaster recovery site is to have a working bi-directional data flow, from the primary system to the live-standby system and vice versa.
DataGuard and Automatic Backup
You can enable the Automatic Backup feature on a database with the standby role in a Data Guard association. However, automatic backups for that database will not be created until it assumes the primary role.


NEW QUESTION # 77
Your company will soon start moving critical systems Into Oracle Cloud Infrastructure (OCI) platform. These systems will reside in the us-phoenix-1and us-ashburn 1 regions. As part of the migration planning, you are reviewing the company's existing security policies and written guidelines for the OCI platform usage within the company. you have to work with the company managed key.
Which two options ensure compliance with this policy?

  • A. You do not need to perform any additional actions because the OCI Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption.
  • B. When you create a new compute instance through OCI console, you use the default options for "configure boot volume" to speed up the process to create this compute instance.
  • C. When you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option.
  • D. When you create a new block volume through OCI console, select Encrypt using Key Management checkbox and use encryption keys generated and stored in OCI Key Management Service.
  • E. When you create a new compute instance through OCI console, you use the default shape to speed up the process to create this compute instance.

Answer: C,D

Explanation:
Block Volume Encryption
By default all volumes and their backups are encrypted using the Oracle-provided encryption keys. Each time a volume is cloned or restored from a backup the volume is assigned a new unique encryption key.
You have the option to encrypt all of your volumes and their backups using the keys that you own and manage using the Vault service.If you do not configure a volume to use the Vault service or you later unassign a key from the volume, the Block Volume service uses the Oracle-provided encryption key instead.

This applies to both encryption at-rest and in-transit encryption.
Object Storage Encryption
Object Storage employs 256-bit Advanced Encryption Standard (AES-256) to encrypt object data on the server. Each object is encrypted with its own data encryption key. Data encryption keys are always encrypted with a master encryption key that is assigned to the bucket. Encryption is enabled by default and cannot be turned off. By default, Oracle manages the master encryption key. However, you can optionally configure a bucket so that it's assigned an Oracle Cloud Infrastructure Vault master encryption key that you control and rotate on your own schedule.
Encryption: Buckets are encrypted with keys managed by Oracle by default, but you can optionally encrypt the data in this bucket using your own Vault encryption key. To use Vault for your encryption needs, select Encrypt Using Customer-Managed Keys. Then, select the Vault Compartment and Vault that contain the master encryption key you want to use. Also select the Master Encryption Key Compartment and Master Encryption Key.


NEW QUESTION # 78
You are a solution architect working with a startup that has decided to move their workload to Oracle Cloud Infrastructure. Since their workload is small, upon architecting, you decide its sufficient to use 8 compute instances to run their workload. The company wants to use a common storage for their instances. So, you propose the idea of attaching a block volume to multiple instances to provide a common storage.
Which of the below option is NOT true for such a solution?

  • A. If the block volume is already attached to an instance as read/write non-shareable you can't attach it to another instance until you detach it from the first instance.
  • B. You can delete a block volume from one instance without detaching it from all other instances there by keeping other instance's storage intact.
  • C. Once you attach a block volume to an instance as read-only, it can only be attached to other instances as read-only.
  • D. Block volumes attached as read-only are configured as shareable by default.

Answer: B


NEW QUESTION # 79
You have to migrate your application to Oracle Cloud Infrastructure (OCI). The database is constantly being updated and needs to be online without interruptions. How can you transition the database to OCI without interrupting its use?

  • A. Use an on-premises database with two-way synchronization to a cloud-based database and allow clients to connect to either databases.
  • B. It is impossible to migrate without interruption.
  • C. Use an on-premises database with one-way synchronization to a cloud-based database and allow clients to connect only to the on-premises database until it is synchronized.
  • D. Use an on-premises database with one-way synchronization to a cloud-based database and allow clients to connect only to the cloud database.

Answer: C


NEW QUESTION # 80
A global retailer is setting up the cloud architecture to be deployed in Oracle Cloud infrastructure (OCI) which will have thousands of users from two major geographical regions: North America and Asia Pacific. The requirements of the services are:
* Service needs to be available 27/7 to avoid any business disruption
* North American customers should be served by application running In North American regions
* Asia Pacific customers should be served by applications running In Asia Pacific regions
* Must be resilient enough to handle the outage of an entire OCI region

  • A. OCl DNS, Traffic Management with Geolocation steering policy
  • B. OCl DNS,' Traffic Management with Load Balancer steering policy, Health Checks
  • C. OCl DNS, Traffic Management with Geolocation steering policy. Health Checks
  • D. OCl DNS, Traffic Management with Failover steering policy

Answer: C

Explanation:
GEOLOCATION STEERING
Geolocation steering policies distribute DNS traffic to different endpoints based on the location of the end user. Customers can define geographic regions composed of originating continent, countries or states/provinces (North America) and define a separate endpoint or set of endpoints for each region. Combine with Oracle Health Checks to fail over from one region to another


NEW QUESTION # 81
Which of the following features is NOT supported by Oracle Cloud Infrastructure Multi-factor authentication (MFA)?

  • A. Members of the Administrators group can disable MFA for other users.
  • B. Users can disable MFA for their own accounts.
  • C. Only the user can enable MFA for their own account.
  • D. Members of the Administrators group can enable MFA for other users.

Answer: D


NEW QUESTION # 82
......


Preparation for the Oracle 1z0-997-22 exam requires a significant investment of time and effort. Candidates are encouraged to take advantage of Oracle's training and certification resources, including instructor-led training, online courses, and practice exams. Additionally, candidates should have hands-on experience with OCI services and be familiar with best practices for designing and managing cloud infrastructure.


Oracle 1z0-997-22 Certification Exam is an excellent certification for IT professionals looking to advance their careers in Oracle Cloud Infrastructure. It is a challenging exam that requires a significant amount of preparation and study time, but it is well worth the effort for professionals looking to demonstrate their expertise and advance their careers.

 

Genuine 1z0-997-22 Exam Dumps Free Demo Valid QA's: https://www.passsureexam.com/1z0-997-22-pass4sure-exam-dumps.html

Printable & Easy to Use Oracle Cloud Solutions Infrastructure 1z0-997-22 Dumps 100% Same Q&A In Your Real Exam: https://drive.google.com/open?id=1JXFkW7KqcdIcihWABHf_X3uDVEmY1Id9

Related Articles

more
Oracle 1z0-997-22 Certification Practice Exam