Pass Oracle 1Z0-997-20 exam questions - convert Test Engine to PDF
Pass Your 1Z0-997-20 Exam Easily - Real 1Z0-997-20 Practice Dump Updated Nov 28, 2021
Oracle 1Z0-997-20 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
| Topic 10 |
|
NEW QUESTION 12
You are working as a security consultant with a global insurance organization which is using Microsoft Azure Active Directory (AD) as identity provided to manager user login/passwords. When a user logs in to Oracle Cloud infrastructure (OCI) console, it should get authenticated by Azure AD.
Which set of steps are required to configure at OCI side in order to get it enabled
- A. Setup Azure AD as an Enterprise Application, map Azure AD users and groups and policies to OCI groups and users
- B. Setup Azure AD as an Enterprise Application, configure OCI for single sign-on, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups
- C. Setup Azure AD as an Identity Provider, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups
- D. Setup Azure AD as an Identity Provider, Import users and groups from Azure AD to OCI, set up IAM policies to govern access to Azure AD groups
Answer: C
Explanation:
Federating with Microsoft Azure Active Directory
To federate with Azure AD, you set up Oracle Cloud Infrastructure as a basic SAML single sign-on application in Azure AD. To set up this application, you perform some steps in the Oracle Cloud Infrastructure Console and some steps in Azure AD.
Following is the general process an administrator goes through to set up the federation. Details for each step are given in the next section.
In Oracle Cloud Infrastructure, download the federation metadata document.
In Azure AD, set up Oracle Cloud Infrastructure Console as an enterprise application.
In Azure AD, configure the Oracle Cloud Infrastructure enterprise application for single sign-on.
In Azure AD, set up the user attributes and claims.
In Azure AD, download the Azure AD SAML metadata document.
In Azure AD, assign user groups to the application.
In Oracle Cloud Infrastructure, set up Azure AD as an identity provider.
In Oracle Cloud Infrastructure, map your Azure AD groups to Oracle Cloud Infrastructure groups.
In Oracle Cloud Infrastructure, set up the IAM policies to govern access for your Azure AD groups.
Share the Oracle Cloud Infrastructure sign-in URL with your user
NEW QUESTION 13
You are working as a security consultant with a global insurance organization which is using Microsoft Azure Active Directory (AD) as identity provided to manager user login/passwords. When a user logs in to Oracle Cloud infrastructure (OCI) console, it should get authenticated by Azure AD.
Which set of steps are required to configure at OCI side in order to get it enabled
- A. Setup Azure AD as an Enterprise Application, map Azure AD users and groups and policies to OCI groups and users
- B. Setup Azure AD as an Enterprise Application, configure OCI for single sign-on, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups
- C. Setup Azure AD as an Identity Provider, map Azure AD groups to OCI groups, set up the IAM policies to govern access to Azure AD groups
- D. Setup Azure AD as an Identity Provider, Import users and groups from Azure AD to OCI, set up IAM policies to govern access to Azure AD groups
Answer: C
Explanation:
Explanation
Federating with Microsoft Azure Active Directory
To federate with Azure AD, you set up Oracle Cloud Infrastructure as a basic SAML single sign-on application in Azure AD. To set up this application, you perform some steps in the Oracle Cloud Infrastructure Console and some steps in Azure AD.
Following is the general process an administrator goes through to set up the federation. Details for each step are given in the next section.
In Oracle Cloud Infrastructure, download the federation metadata document.
In Azure AD, set up Oracle Cloud Infrastructure Console as an enterprise application.
In Azure AD, configure the Oracle Cloud Infrastructure enterprise application for single sign-on.
In Azure AD, set up the user attributes and claims.
In Azure AD, download the Azure AD SAML metadata document.
In Azure AD, assign user groups to the application.
In Oracle Cloud Infrastructure, set up Azure AD as an identity provider.
In Oracle Cloud Infrastructure, map your Azure AD groups to Oracle Cloud Infrastructure groups.
In Oracle Cloud Infrastructure, set up the IAM policies to govern access for your Azure AD groups.
Share the Oracle Cloud Infrastructure sign-in URL with your user
NEW QUESTION 14
You have multiple IAM users who launch different types of compute Instances and block volumes every day. As a result, your Oracle cloud Infrastructure (OCF) tenancy quickly hit the service limit and you can no longer create any new instances. As you are cleaning up environment, you notice that the majority of the Instances and block volumes are untagged. Therefore, It is difficult to pinpoint the owner of these resources verify if they are safe to terminate.
Because of this, your company has issued a new mandate, which requires adding compute instances.
Which option is the simplest way to implement this new requirement?
- A. Create tag variables to automatically tag a resource with the user name.
- B. Create a policy to automatically tag a resource with the user name.
- C. Create tag variables for each compartment to automatically tag a resource with the user name.
- D. Create a default tag for each compartment, which ensure that appropriate tags are applied at resource creation
- E. Create a policy using 1AM requiring users to tag specific resources. This will allow a user to launch compute instances on\y if certain tags were defined.
Answer: A
Explanation:
Tag Variables
You can use a variable to set the value of a defined tag. When you add the tag to a resource, the variable resolves to the data it represents. You can use tag variables in defined tags and default tags.
Supported Tag Variables
The following tag variables are supported.
${iam.principal.name} The name of the principal that tagged the resource
${iam.principal.type} The type of principal that tagged the resource.
${oci.datetime} The date and time that the tag was created.
Consider the following example:
Operations.CostCenter=" ${iam.principal.name} at ${oci.datetime} "
Operations is the namespace, CostCenter is the tag key, and the tag value contains two tag variables ${iam.principal.name} and ${oci.datetime} . When you add this tag to a resource, the variable resolves to your user name (the name of the principal that applied the tag) and a time date stamp for when you added the tag.
user_name at 2019-06-18T18:00:57.604Z
The variable is replaced with data at the time you apply the tag. If you later edit the tag, the variable is gone and only the data remains. You can edit the tag value in all the ways you would edit any other tag value. To create a tag variable, you must use a specific format.
${<variable>} Type a dollar sign followed by open and close curly brackets. The tag variable goes between the curly brackets. You can use tag variables with other tag variables and with string values. Tag defaults let you specify tags to be applied automatically to all resources, at the time of creation, in a specific compartment. This feature allows you to ensure that appropriate tags are applied at resource creation without requiring the user who is creating the resource to have access to the tag namespaces.
https://docs.cloud.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingtagdefaults.htm
NEW QUESTION 15
A retail company has several on-premises data centers which span multiple geographical locations. They plan to move some of their applications from on-premises data centers to Oracle Cloud Infrastructure (OCI). For these applications running in OCI, they still need to interact with applications running on their on-premises data centers to Oracle Cloud Infrastructure (OCI). for these applications running in OCI. they still need to interact with applications running on their on-premises data centers. These applications require highly available, fault-tolerant network connections between on premises data centers and OCI.
Which option should you recommend to provide the highest level of redundancy?
- A. Oracle cloud Infrastructure provides network redundancy by default so that no other operations are required
- B. Set up a single IPSec VPN connection (rom your data center to Oracle Cloud Infrastructure since It is cost effective
- C. Set up both IPSec VPN and FastConnect to connect your on premises data centers to Oracle Cloud Infrastructure.
- D. If your data centers span multiple, geographical locations, use only the specific IP address as a static route for the specific geographical location
- E. Use FastConnect private peering only to ensure secure access from your data center to Oracle Cloud Infrastructure
Answer: D
Explanation:
If your data centers span multiple geographical locations, we recommend using a broad CIDR (0.0.0.0/0) as a static route in addition to the CIDR of the specific geographical location. This broad CIDR provides high availability and flexibility to your network design. For instance, the following diagram shows two networks in separate geographical areas that each connect to Oracle Cloud Infrastructure. Each area has a single on-premises router, so two IPSec VPN connections can be created. Note that each IPSec VPN connection has two static routes: one for the CIDR of the particular geographical area, and a broad 0.0.0.0/0 static route.
NEW QUESTION 16
Your company has recently deployed a new web application that uses Oracle functions Your manager Instructed you to Implement major manage your systems more effectively. You know that Oracle functions automatically monitors functions on your behalf reports metrics through Service Metrics.
Which two metrics are collected and made available by this feature?
- A. number of times a function is invoked
- B. length of time a function runs
- C. number of times a function is removed
- D. amount of CPU used by a function
- E. number of concurrent connections
Answer: A,B
Explanation:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Reference/functionsmetrics.htm you can monitor the health, capacity, and performance of functions you've deployed to Oracle Functions by using metrics Oracle Functions monitors function execution, and collects and reports metrics such as:
The number of times a function is invoked.
The length of time a function runs for.
The number of times a function failed.
The number of requests to invoke a function that returned a '429 Too Many Requests' error in the response (known as 'throttled function invocations').
NEW QUESTION 17
You are the Solution Architect that designed this Oracle Cloud Infrastructure (OCI) compartment layout for your organization:
The development team has deployed quite a few instances under 'Compute' Compartment and the operations team needs to list the Instances under the same compartment for their testing. Both teams, development and operations are part of a group called 'Eng-group' You have been looking for an option to allow the operations team to list the instances without access any confidential information or metadata of resources.
Which IAM policy should you write based on these requirements?
- A. Allow group Eng-group to read instance-family in compartment Compute and attach the policy to
'Engineering' Compartment. - B. Allow group Eng-group to read instance-family in compartment Dev-Team-.Compute and attach the policy to'Dev-Team'
- C. Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to 'Engineering' Compartment
- D. Allow group Eng-group to inspect instance-family in compartment Dev-Team: Compute and attach the policy to 'SysTest Team' Compartment
Answer: C
Explanation:
Explanation
Policy Attachment
When you create a policy you must attach it to a compartment (or the tenancy, which is the root compartment).
Where you attach it controls who can then modify it or delete it. If you attach it to the tenancy (in other words, if the policy is in the root compartment), then anyone with access to manage policies in the tenancy can then change or delete it. Typically that's the Administrators group or any similar group you create and give broad access to. Anyone with access only to a child compartment cannot modify or delete that policy.
When you attach a policy to a compartment, you must be in that compartment and you must indicate directly in the statement which compartment it applies to. If you are not in the compartment, you'll get an error if you try to attach the policy to a different compartment. Notice that attachment occurs during policy creation, which means a policy can be attached to only one compartment.
Policies and Compartment Hierarchies
a policy statement must specify the compartment for which access is being granted (or the tenancy).
Where you create the policy determines who can update the policy. If you attach the policy to the compartment or its parent, you can simply specify the compartment name. If you attach the policy further up the hierarchy, you must specify the path. The format of the path is each compartment name (or OCID) in the path, separated by a colon:
<compartment_level_1>:<compartment_level_2>: . . . <compartment_level_n> to allow action to compartment Compute so you need to set the compartment PATH as per where you attach the policy as below examples if you attach it to Root compartment you need to specify the PATH as following Engineering:Dev-Team:Compute if you attach it to Engineering compartment you need to specify the PATH as following Dev-Team:Compute if you attach it to Dev-Team or Compute compartment you need to specify the PATH as following Compute Note : in the Policy inspect verb that give the Ability to list resources, without access to any confidential information or user-specified metadata that may be part of that resource.
NEW QUESTION 18
You have an Oracle database system in a virtual cloud network (VCN) that needs to be accessible on port 1521 from your on-premises network CIDR 172.17.0.0/24.
You have the following configuration currently.
Virtual cloud network (VCD) is associated with a Dynamic Routing Gateway (DRG), and DRG has an active IPSec connection with your on-premises data center.
Oracle database system is hosted in a private subnet
The private subnet route table has the following configuration
The private subnet route table has following configuration.
However, you are still unable to connect to the Oracle Database system.
Which action will resolve this issue?
A)
Add an EGRESS rule in network security group as following.
B)
Add a route rule in the private subnet route table as following.
C)
Add an EGRESS rule in private subnet scurity list as following.
D)
Add an EGRESS rule in private subnet security list as following.
- A. Option A
- B. Option B
- C. Option C
- D. Option D
Answer: C
NEW QUESTION 19
Your customer recently ordered for a 1-Gbps Fast Connect connection In ap-tokyo-1 region of Oracle Cloud Infrastructure (OCI). They will us this to one Virtual cloud Network (VCN) in their production (OC1) tenancy and VCN In their development OC1 tenancy As a Solution Architect, how should yon configure and architect the connectivity between on premises and VCNs In OCI?
- A. Create two private virtual circuits on the FastConnect link. Create two Dynamic Routing Gateways, one for each VCNs. Attach the virtual circuits to the dynamic routing gateways.
- B. Create a single private virtual circuit over FastConnect and attach fastConnect to either of the VCN's Dynamic Routing Gateway. Use Remote Peering to peer production and development VCNs.
- C. Create a hub-VCN that uses Dynamic Routing Gateway (DRG) to communicate with on-premises network over FastConnect. Connect the hub-VCN to the production VCN spoke and with development VCN spoke, each peered via their respective local Peering Gateway (LPG)
- D. You cannot achieve connectivity using single FastConnect link as the production and the development VCNs-are in separate tenancies. Request one more FastConnect connection.
Answer: C
Explanation:
There's an advanced routing scenario called transit routing that enables communication between an onpremises network and multiple VCNs over a single Oracle Cloud Infrastructure FastConnect or IPSec VPN.
The VCNs must be in the same region and locally peered in a hub-and-spoke layout. As part of the scenario, the VCN that is acting as the hub has a route table associated with each LPG (typically route tables are associated with a VCN's subnets).
NEW QUESTION 20
You want to automate the processing of new Image files to generate thumbnails. the expected rate is 10 new files every hour.
Which of the following is the most cost effective option to meet this requirement in Oracle Cloud Infrastructure (OCI)?
- A. Build a web application to ingest the files and save them to a NoSQL Database. Configure OCI Events service to trigger a notification using Oracle Notification Service (ONS). ONS invokes a custom application to process the image files to generate thumbnails. Store thumbnails in a NoSQL Database table.
- B. Upload files to an OCI Object storage bucket. Every time a file is uploaded, an event is emitted. Write a rule to filter these events with an action to trigger a function in Oracle Functions. The function processes the image in the file and stores the thumbnails back in an Object storage bucket.
- C. Upload files to an OCI Object storage bucket. Every time a file is uploaded, trigger an event with an action to provision a compute instance with a cloud-init script to access the file, process it and store it back in an Object storage bucket. Terminate the instance using Autoscaling policy after the processing is finished.
- D. Upload all files to an Oracle Streaming Service (OSS) stream. Set up a cron job to invoke a function in Oracle Functions to fetch data from the stream. Invoke another function to process the image files and generate thumbnails. Store thumbnails in another OSS stream.
Answer: B
Explanation:
You can invoke a function that you've deployed to Oracle Functions by triggered by an event in the Events service when update the Object storage to fetch the data then the function can process the File and store back to Object storage
NEW QUESTION 21
An upcoming e-commerce company has deployed their online shopping application on OCI. The application was deployed on compute instances with autoscaling configuration for application servers fronted by a load balancer and OCI Autonomous Transaction Processing (ATP) in the backend.
In order to promote their e-commerce platform 50% discount was announced on all the products for a limited period. During the day 1 of promotional period it was observed that the application is running slow and company's hotline is flooded with complaints.
What could be two possible reasons for this situation?
- A. The health check on some of the backend servers has failed and the load balancer was rebooting these servers.
- B. The autoscaling has already scaled to the maximum number of instances specified in the configuration and there is no room of scaling
- C. The health check on some of the backend servers has failed and the load balancer has taken those servers temporarily out of rotation
- D. As part of autoscaling, the load balancer shape has dynamically changed to a larger shape to handle more incoming traffic and the system was slow for a short time during this change
Answer: B,C
NEW QUESTION 22
A global retailer has decided to re-design its e-commerce platform to have a micro-services architecture. They would like to decouple application architecture into smaller, independent services using Oracle Cloud Infrastructure (OCI). They have decided to use both containers and servers technologies to run these application instances.
Which option should you recommend to build this new platform?
- A. Use OCI Resource Manager to automate compute Instances provisioning and use OCI Streaming service.
- B. Install a kubernetes cluster on OCI and use OCI event service.
- C. Use Oracle Container Engine for kubernetes, OCI Registry and OCI Functions.
- D. Use OCI functions, OCI object storage and OCI event service.
Answer: C
Explanation:
Oracle Functions is a fully managed, multi-tenant, highly scalable, on-demand, Functions-as-a-Service platform. It is built on enterprise-grade Oracle Cloud Infrastructure and powered by the Fn Project open source engine. Use Oracle Functions (sometimes abbreviated to just Functions) when you want to focus on writing code to meet business needs.
Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully-managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. Use Container Engine for Kubernetes (sometimes abbreviated to just OKE) when your development team wants to reliably build, deploy, and manage cloud-native applications. You specify the compute resources that your applications require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing OCI tenancy.
NEW QUESTION 23
Your customer has gone through a recent reorganization. As part of this change, they are organizing their Oracle Cloud Infrastructure (OCI) compartment structure to align with the company's new organizational structure. (Refer to the exhibit)
They have made the following change:
Compartment A is moved, and its new parent compartment is compartment Dev.
Policy defined in compartment A: Allow group G1 to manage instance-family in compartment A Policy defined in root compartment: Allow group admins to manage instance-family in compartment Ops:
Test: A
After the compartment move, which action will provide users of group G1 and admins with similar privileges as before the move?
- A. Define the following policy in compartment: Dev:
Allow group admins to manage instance-family in compartment Ops: Dev: A - B. Define the following policies in compartment Dev:
Allow group G1 to manage instance-family in compartment A
Allow group admins to manage instance-family in compartment Ops: Dev: A - C. Mo change in any policy statement is required as all the policies associated with a compartment being moved is automatically updated
- D. Define the following policy in compartment Dev:
Allow group G1 to manage instance-family in compartment A
Answer: D
NEW QUESTION 24
You work for a German company as the Lead Oracle Cloud Infrastructure architect. You have designed a highly scalable architecture for your company's business critical application which uses the Load Balancer service auto which uses the Load Balancer service, autoscaling configuration for the application servers and a 2 Node VM Oracle RAC database. During the peak utilization period of the- application yon notice that the application is running slow and customers are complaining. This is resulting in support tickets being created for API timeouts and negative sentiment from the customer base.
What are two possible reasons for this application slowness?
- A. Autoscaling configuration for the application servers didn't happen due to service limit breach of the VM shapes used by the application servers
- B. Autoscaling configuration for the application servers didn't happen due to IAM policy that's blocking access to the application server compartment
- C. Autoscaling configuration for the application servers didn't happen due to compartment quota breach of the VM shapes used by the application servers.
- D. The Load Balancer doesn't have a Network Security Group to allow traffic to the application servers.
- E. The Load Balancer configuration is not sending traffic to the listener of the application servers.
Answer: A,C
Explanation:
Autoscaling
Autoscaling enables you to automatically adjust the number of Compute instances in an instance pool based on performance metrics such as CPU utilization. This helps you provide consistent performance for your end users during periods of high demand, and helps you reduce your costs during periods of low demand.
Prerequisites
- You have an instance pool. Optionally, you can attach a load balancer to the instance pool. For steps to create an instance pool and attach a load balancer, see Creating an Instance Pool.
- Monitoring is enabled on the instances in the instance pool. For steps to enable monitoring, see Enabling Monitoring for Compute Instances.
- The instance pool supports the maximum number of instances that you want to scale to. This limit is determined by your tenancy's service limits.
About Service Limits and Usage
When you sign up for Oracle Cloud Infrastructure, a set of service limits are configured for your tenancy.
The service limit is the quota or allowance set on a resource. For example, your tenancy is allowed a maximum number of compute instances per availability domain. These limits are generally established with your Oracle sales representative when you purchase Oracle Cloud Infrastructure.
Compartment Quotas
Compartment quotas are similar to service limits; the biggest difference is that service limits are set by Oracle, and compartment quotas are set by administrators, using policies that allow them to allocate resources with a high level of flexibility.
NEW QUESTION 25
You have created compartment called Dev for developers. There are two IAM groups for developers: group-devl and group-dev2. You need to write an Identity and Access Management (IAM) policy to give users in these groups access to manage all resources in the compartment Dev.
Which of the following IAM policy will accomplish this?
- A. Allow any-user to manage all resources in tenancy where target.comparment= Dev
- B. Allow group group-devl group-dev2 to manage all resources in compartment Dev
- C. Allow any-user to manage all resources in compartment Dev where request.group= /group-dev*/
- D. Allow group /group-dev*/ to manage all resources in compartment Dev
Answer: B
NEW QUESTION 26
You are tasked with migrating an online shopping website to Oracle Cloud Infrastructure (OCI) and decide to use a Load Balancer. You have configured the backend set with the round robin policy. During the testing phase, you noticed that users are losing items from their shopping carts when they navigate to different pages.
How should you implement a solution to this problem?
- A. Set up a Traffic Management Steering Policy to redirect traffic to a different backend set that is deployed exclusively for the purpose of holding all Items placed in the shopping cart.
- B. Replace the round robin policy with least connections policy at the backend set.
- C. Configure a set of path route rules that will route to different backend sets based on the URI requested by the customer's browser.
- D. Set up session persistence at the Load Balancer backend set.
Answer: B
NEW QUESTION 27
You are a solutions architect for a global health care company which has numerous data centers around the globe. Due to the ever growing data that your company is storing, you were Instructed to set up a durable, cost effective solution to archive you data from your existing on-premises tape based backup Infrastructure to Oracle Cloud Infrastructure (OCI).
What is the most-effective mechanism to Implement this requirement?
- A. Use the File Storage Service in OCI and copy the data from your existing tape based backup to the shared file system
- B. Setup an on premises OCI Storage Gateway which will back up your data to OCI Object Storage Archive tier.(Correct)
- C. Setup fastConnect to connect your on premises network to your OCI VCN and use rsync tool to copy your data to OCI Object Storage Archive tier.
- D. Setup an on-promises OCI Storage Gateway which will back up your data to OCI Object Storage Standard
- E. Setup an on premises OCI Storage Gateway which will back up your data to OCI object Storage Standard tier. Use Object Storage life cycle policy management to move any data older than 30 days from Standard to Archive tier.
Answer: B
Explanation:
Explanation
Oracle Cloud Infrastructure offers two distinct storage tiers for you to store your unstructured data. Use the Object Storage Standard tier for data to which you need fast, immediate, and frequent access. Use the Archive Storage service's Archive tier for data that you access infrequently, but which must be preserved for long periods of time. Both storage tiers use the same manageable resources (for example, objects and buckets). The difference is that when you upload a file to Archive Storage, the object is immediately archived. Before you can access an archived object, you must first restore the object to the Standard tier.
you can use Storage Gateway to move files to Oracle Cloud Infrastructure Archive Storage as a cost effective backup solution. You can move individual files and compressed or uncompressed ZIP or TAR archives. Storing secondary copies of data is an ideal use case for Storage Gateway.
NEW QUESTION 28
......
1Z0-997-20 Real Exam Questions and Answers FREE: https://www.exams-boost.com/1Z0-997-20-valid-materials.html