• Home
  • Articles
  • 2024 Valid 1z0-997-22 Real Exam Questions (Updated) 100% Dumps & Practice Exam [Q16-Q34]

2024 Valid 1z0-997-22 Real Exam Questions (Updated) 100% Dumps & Practice Exam [Q16-Q34]

Share

2024 Valid 1z0-997-22 Real Exam Questions (Updated) 100% Dumps & Practice Exam

[UPDATED 2024] Oracle 1z0-997-22 Questions Prepare with Free Demo of PDF

NEW QUESTION # 16
You are the security architect for a medium sized e-commerce company that runs all of their applications in Oracle Cloud Infrastructure (OCI). Currently, there are 14 unique applications, each deployed and secured in their own compartment. The Operations team has procured a new monitoring tool that will be deployed throughout the OCI ecosystem. Their requirement is to deploy one management node into each compartment.
Currently, the Operations team Identity and Access Management (IAM) group has the following policy: allow group OpsTeam to READ all-resources in tenancy Once the new monitoring nodes are deployed, the Operations team may need to stop, start, or reboot them occasionally.
What is the most efficient solution to allow the Operations team to fully manage the monitoring nodes, without allowing them to alter other resources across the tenancy?

  • A. Tag all the monitoring nodes with the defined tag AllPolicy:AllowAccess:OpsTeam and write the following IAM policy: allow group OpsTeam to manage instance-family in tenancy where target.resource.tag.AllPolicy.AllowAccess - 'OpsTeam'
  • B. In each of the 14 compartments, create a new policy with the following statement: allow group OpsTeam to manage instance-family in compartment XXX where XXX is the name of the compartment where you are creating the policy.
  • C. Tag all the monitoring nodes with the free-form tag AllowAccess:OpsTeam and write the following IAM policy: allow group OpsTeam to manage instance-family in tenancy where target.resource.tag.AllowAccess = 'OpsTeam'
  • D. Create a new policy in the root compartment with the following policy statement: allow group OpsTeam to manage instance-family in tenancy where ANY (request.operation - 'UpdateInstance', request.operation - 'InstanceAction')

Answer: B


NEW QUESTION # 17
You notice that a majority of your Oracle Cloud Infrastructure (OCI) resources like compute instances, block volumes, and load balancers are not tagged. You have received a mandate from your CIO to add a predefined set of tags to identify owners for respective OCI resources. E.g. if Chris and Larry each create compute instances in a compartment, the instances that Chris creates include tags that contain his name as the value, while the instances that Larry creates have his name.
Which option is the simplest way to implement this new tagging requirement?

  • A. Create an OCI Identity and Access Management policy to automatically tag a resource with the user name.
  • B. Create an OCI Identity and Access Management policy requiring users to tag resources with their user name.
  • C. Create a default tag for each compartment, which ensure that appropriate tags are applied at the time of resource creation.
  • D. Create tag variables to automatically tag a resource with the user name.

Answer: D


NEW QUESTION # 18
You are working as a solution architect for a customer in Frankfurt, which uses multiple compute instance VMs spread among three Availability Domains in the Oracle Cloud Infrastructure (OCI) eu-frankfurt-1 region. The compute instances do not have public IP addresses and are running in private subnets inside a Virtual Cloud Network (VCN). You have set up OCI Autoscaling feature for the compute instances, but find out that instances cannot be auto scaled. You have enabled monitoring on the instances.
What could be wrong in this situation?

  • A. Autoscaling only works for instances with public IP addresses.
  • B. You need to assign a reserved public IP address to the compute instances.
  • C. You need to set up a Service Gateway to send metrics to the OCI Monitoring service.
  • D. Autoscaling only works with single availability domains.

Answer: C


NEW QUESTION # 19
You are working for a Travel company and your travel portal application is a collection of microservices that run on Oracle Cloud Infrastructure Container Engine for Kubernetes. As per the recent security overview, you have noticed that Oracle has published a newer image of the Operating System used by the worker nodes. You want to make sure that your application doesn't face any downtime but at the same time the worker nodes gets upgraded to the latest version of the Operating System.
What should you do to get this upgrade done without application downtime? (Choose the best answer.)

  • A. 1. Create a new node pool using the latest available Operating System image 2. Run kubectl taint nodes """"all node""role.kubernetes.io/master"" 3. Delete the old node pool
  • B. 1. Shutdown the worker nodes 2. Create a new node pool 3. Manually schedule the pods on the newly built node pool
  • C. 1. Create a new node pool using the latest available Operating System image. 2. Run kubectl cordon <node name> against all the worker nodes in the old pool to stop any new application pods to get scheduled 3. Run kubectl drain <node name> """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 4. Delete the old node pool
  • D. 1. Run kubectl cordon <node name> against all the worker nodes in the old pool to stop any new application pods to get scheduled 2. Run kubectl drain <node name> """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 3. Download the patches for the new Operating System image 4. Patch the worker nodes to the latest Operating System image

Answer: C

Explanation:
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengupgradingk8sworkernode.htm


NEW QUESTION # 20
You have an Oracle database system in a virtual cloud network (VCN) that needs to be accessible on port 1521 from your on-premises network CIDR 172.17.0.0/24.
You have the following configuration currently.
Virtual cloud network (VCD) is associated with a Dynamic Routing Gateway (DRG), and DRG has an active IPSec connection with your on-premises data center.
Oracle database system is hosted in a private subnet
The private subnet route table has the following configuration
The private subnet route table has following configuration.

However, you are still unable to connect to the Oracle Database system.
Which action will resolve this issue?
A)
Add an EGRESS rule in network security group as following.

B)
Add a route rule in the private subnet route table as following.

C)
Add an EGRESS rule in private subnet scurity list as following.

D)
Add an EGRESS rule in private subnet security list as following.

  • A. Option B
  • B. Option A
  • C. Option C
  • D. Option D

Answer: C


NEW QUESTION # 21
You have an Oracle database system in a virtual cloud network (VCN) that needs to be accessible on port 1521 from your on-premises network CIDR 172.17.0.0/24.
You have the following configuration currently.
Virtual cloud network (VCD) is associated with a Dynamic Routing Gateway (DRG), and DRG has an active IPSec connection with your on-premises data center.
Oracle database system is hosted in a private subnet
The private subnet route table has the following configuration
The private subnet route table has following configuration.

However, you are still unable to connect to the Oracle Database system.
Which action will resolve this issue?
A)
Add an EGRESS rule in network security group as following.

B)
Add a route rule in the private subnet route table as following.

C)
Add an EGRESS rule in private subnet scurity list as following.

D)
Add an EGRESS rule in private subnet security list as following.

  • A. Option B
  • B. Option A
  • C. Option C
  • D. Option D

Answer: C


NEW QUESTION # 22
A large financial company has a web application hosted in their on-premises data center. They are migrating their application to Oracle Cloud Infrastructure (OCI) and require no downtime while the migration is on-going. In order to achieve this, they have decided to divert only 30% of the application works fine, they divert all traffic to OCI.
As a solution architect working with this customer, which suggestion should you provide them?

  • A. Use VPN connectivity between on premises Infrastructure and OCI, and create routing tables to distribute the traffic between them.
  • B. Use OCI Traffic management with failover steering policy and distribute the traffic between OC1 and on premises infrastructure.
  • C. Use an OCI load Balancer and distribute the traffic between OCI and on premises infrastructure.
  • D. Use OCI Traffic management with Load Balancing steering policy and distribute the traffic between OCI and on premises infrastructure.

Answer: D

Explanation:
Traffic Management Steering Policies can account for health of answers to provide failover capabilities, provide the ability to load balance traffic across multiple resources, and account for the location where the query was initiated to provide a simple, flexible and powerful mechanism to efficiently steer DNS traffic.


NEW QUESTION # 23
The Finance department of your company has reached out to you. They have customer sensitive data on compute Instances In Oracle Cloud Infrastructure (OCI) which they want to store in OCI Storage for long term retention and archival.
To meet security requirements they want to ensure this data is NOT transferred over public internet, even if encrypted.
which they want to store In OCI Object Storage fin long term retention and archival To meet security requirements they want to ensure this data is NOT transferred over public Internet, even it encrypted.
Which option meets this requirements?

  • A. Use Service gateway with appropriate route table.
  • B. Use NAT gateway with appropriate route table when transferring data. Then use NAT gateways' toggle (on/off) once data transfer is complete.
  • C. Configure a NAT instance and all traffic between compute In Private subnet should use this NAT instance with Private IP as the route target.
  • D. Use Storage gateway with appropriate firewall rule.

Answer: A

Explanation:
Service Gateway is virtual router that you can add to your VCN. It provides a path for private network traffic between your VCN and supported services in the Oracle Services Network like Object Storage) so compute Instances in a private subnet in your VCN can back up data to Object Storage without needing public IP addresses or access to the intern


NEW QUESTION # 24
You are the Solution Architect that designed this Oracle Cloud Infrastructure (OCI) compartment layout for your organization:

The development team has deployed quite a few instances under 'Compute' Compartment and the operations team needs to list the Instances under the same compartment for their testing. Both teams, development and operations are part of a group called 'Eng-group' You have been looking for an option to allow the operations team to list the instances without access any confidential information or metadata of resources.
Which IAM policy should you write based on these requirements?

  • A. Allow group Eng-group to read instance-family in compartment Dev-Team-.Compute and attach the policy to'Dev-Team'
  • B. Allow group Eng-group to read instance-family in compartment Compute and attach the policy to 'Engineering' Compartment.
  • C. Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to 'Engineering' Compartment
  • D. Allow group Eng-group to inspect instance-family in compartment Dev-Team: Compute and attach the policy to 'SysTest Team' Compartment

Answer: B

Explanation:
Policy Attachment
When you create a policy you must attach it to a compartment (or the tenancy, which is the root compartment). Where you attach it controls who can then modify it or delete it. If you attach it to the tenancy (in other words, if the policy is in the root compartment), then anyone with access to manage policies in the tenancy can then change or delete it. Typically that's the Administrators group or any similar group you create and give broad access to. Anyone with access only to a child compartment cannot modify or delete that policy.
When you attach a policy to a compartment, you must be in that compartment and you must indicate directly in the statement which compartment it applies to. If you are not in the compartment, you'll get an error if you try to attach the policy to a different compartment. Notice that attachment occurs during policy creation, which means a policy can be attached to only one compartment.
Policies and Compartment Hierarchies
a policy statement must specify the compartment for which access is being granted (or the tenancy).
Where you create the policy determines who can update the policy. If you attach the policy to the compartment or its parent, you can simply specify the compartment name. If you attach the policy further up the hierarchy, you must specify the path. The format of the path is each compartment name (or OCID) in the path, separated by a colon:
<compartment_level_1>:<compartment_level_2>: . . . <compartment_level_n> to allow action to compartment Compute so you need to set the compartment PATH as per where you attach the policy as below examples if you attach it to Root compartment you need to specify the PATH as following Engineering:Dev-Team:Compute if you attach it to Engineering compartment you need to specify the PATH as following Dev-Team:Compute if you attach it to Dev-Team or Compute compartment you need to specify the PATH as following Compute Note : in the Policy inspect verb that give the Ability to list resources, without access to any confidential information or user-specified metadata that may be part of that resource.


NEW QUESTION # 25
Your team is conducting a root analysis (RCA) following a recent, unplanned outage. One of the block volumes attached to your production WebLogic server was deleted and you have tasked with identifying the source of the action. You search the Audit logs and find several Delete actions that occurred in the previous 24 hours. Given the sample of this event.

Which item from the event log helps you identify the individual or service that initiated the DeleteVolume API call?

  • A. requestAgent
  • B. principalld
  • C. eventource
  • D. requestOrigin
  • E. eventId

Answer: B

Explanation:
The Oracle Cloud Infrastructure Audit service automatically records calls to all supported Oracle Cloud Infrastructure public application programming interface (API) endpoints as log events. Currently, all services support logging by Audit.
Every audit log event includes two main parts:
Envelopes that act as a container for all event messages
Payloads that contain data from the resource emitting the event message The identity object contains the following attributes.
data.identity.authType The type of authentication used.
data.identity.principalId The OCID of the principal.
data.identity.principalName The name of the user or service. This value is the friendly name associated with principalId .


NEW QUESTION # 26
You are helping a customer troubleshoot a problem. The customer has several Oracle Linux servers in a private subnet within a Virtual Cloud Network (VCN). The servers are configured to periodically communicate to the Internet to get security patches for applications Installed on them.
The servers are unable to reach the Internet. An Internet Gateway has been deployed In the public subnet in the VCN and the appropriate routes are configured in the Route Table associated with the public subnet.
Based on cost considerations, which option will fix this Issue?

  • A. Create a Public Load Balancer In front of the servers and add the servers to the Backend Set of the Public Load Balancer.
  • B. Implement a NAT instance In the public subnet of the VCN and configure the NAT instance as the route target for the private subnet.
  • C. Create another Internet Gateway and configure it as route target for the private subnet.
  • D. Create a NAT gateway in the VCN and configure the NAT gateway as the route target for the private subnet.

Answer: D


NEW QUESTION # 27
Your company will soon start moving critical systems Into Oracle Cloud Infrastructure (OCI) platform. These systems will reside in the us-phoenix-1and us-ashburn 1 regions. As part of the migration planning, you are reviewing the company's existing security policies and written guidelines for the OCI platform usage within the company. you have to work with the company managed key.
Which two options ensure compliance with this policy?

  • A. You do not need to perform any additional actions because the OCI Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption.
  • B. When you create a new block volume through OCI console, select Encrypt using Key Management checkbox and use encryption keys generated and stored in OCI Key Management Service.
  • C. When you create a new compute instance through OCI console, you use the default shape to speed up the process to create this compute instance.
  • D. When you create a new compute instance through OCI console, you use the default options for "configure boot volume" to speed up the process to create this compute instance.
  • E. When you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option.

Answer: B,E

Explanation:
Block Volume Encryption
By default all volumes and their backups are encrypted using the Oracle-provided encryption keys. Each time a volume is cloned or restored from a backup the volume is assigned a new unique encryption key.
You have the option to encrypt all of your volumes and their backups using the keys that you own and manage using the Vault service.If you do not configure a volume to use the Vault service or you later unassign a key from the volume, the Block Volume service uses the Oracle-provided encryption key instead.

This applies to both encryption at-rest and in-transit encryption.
Object Storage Encryption
Object Storage employs 256-bit Advanced Encryption Standard (AES-256) to encrypt object data on the server. Each object is encrypted with its own data encryption key. Data encryption keys are always encrypted with a master encryption key that is assigned to the bucket. Encryption is enabled by default and cannot be turned off. By default, Oracle manages the master encryption key. However, you can optionally configure a bucket so that it's assigned an Oracle Cloud Infrastructure Vault master encryption key that you control and rotate on your own schedule.
Encryption: Buckets are encrypted with keys managed by Oracle by default, but you can optionally encrypt the data in this bucket using your own Vault encryption key. To use Vault for your encryption needs, select Encrypt Using Customer-Managed Keys. Then, select the Vault Compartment and Vault that contain the master encryption key you want to use. Also select the Master Encryption Key Compartment and Master Encryption Key.


NEW QUESTION # 28
As an administrator you want to give users of ObjectWriters group full access to bucket Bucket-A and its objects in compartment comp-images. You want users of ObjectWriters to not be able to access or modify properties of any other buckets and its objects in the compartment comp-images.
Select the statement(s) below that will best define your IAM policies.

  • A. Allow group ObjectWriters to mange buckets in compartment comp- images Allow group ObjectWriters to manage objects in compartment comp-images where target.bucket.name= 'Eucket-A'
  • B. Allow group ObjectWritexs to read buckets in compartmentcomp-images Allow group ObjectWriters to manage objects in compartment comp- images where target.bucket.name= 'Bucket-A'
  • C. Allow group ObjectWriters to manage buckets in compartment comp-images where target.bucket.name=' Bucket-A'
  • D. Allow group ObjectWriters to inspect buckets in compartment comp-images Allow group ObjectWriters to read buckets in compartment comp-images where target.bucket.name=' Bucket-A" Allow group ObjectWriters to manage objects in compartment comp-images where target.bucket.name=' Bucket-A'

Answer: D


NEW QUESTION # 29
You have deployed a multi-tier application with multiple compute instances in Oracle Cloud Infrastructure. You want to back up these volumes and have decided to use 'Volume Groups' feature. The Block volume and Compute instances exist in different compartments within your tenancy.
Periodically, a few child compartments are moved under different parent compartments, and you notice that sometimes volume group backup fails.
What could be the cause?

  • A. The Identity and Access Management policy allowing backup failed to move when the compartment was moved.
  • B. You are exceeding your volume group backup quota configured.
  • C. A compute instance with multiple block volumes attached cannot move when a compartment is moved.
  • D. You have the same block volume attached to multiple compute instances; if these compute instances are in different compartments then all concerned compartments must be moved at the same time.

Answer: A


NEW QUESTION # 30
A digital marketing company is planning to host a website on Oracle Cloud Infrastructure (OCI) and leverage OCI Container Engine for Kubernetes (OKE). The web server will make API calls to access OCI Object Storage to store all images uploaded by users.
For security purposes, your manager instructed you to ensure that the credentials used by the web server to allow access not stored locally on the compute instance.
What solution results in an Implementation with the least effort for this scenario?

  • A. Configure the credentials to use Transparent Data Encryption (TDE) which will automatically allow the web server to make API calls to OCl Object Storage.
  • B. Configure the credentials using OCI Key Management to allow an instance to make API calls and grant access to OCl Object Storage.
  • C. Configure the credentials using Instance Principal to allow the web server to make API calls to OCl Object Storage
  • D. Configure the credentials using OCI Registry (OC1R) which will automatically connect with OKE allowing the web server to make API calls to OCI Object Storage.

Answer: C


NEW QUESTION # 31
Your organization is planning on using Oracle Cloud Infrastructure (OCI) File Storage Service (FSS). You will be deploying multiple compute instance in Oracle Cloud Infrastructure(OCI) and mounting the file system to these compute instances.
The file system will hold payment data processed by a Database instance and utilized by compute instances to create a overall inventory report. You need to restrict access to this data for specific compute instances and must be allowed/blocked per compute instance's CIDR block.
Which option can you use to secure access?

  • A. Create a new VCN security list, choose SOURCE TYPE as Service and SOURCE SERVICE as FSS. Add stateless ingress and egress rules for specific IP address and CIDR blocks.
  • B. Use 'Export option' feature of FSS to restrict access to the mounted file systems.
  • C. Use stateless Security List rule to restrict access from known IP addresses only.
  • D. Create and configure OCI Web Application Firewall service with built in DNS based intelligent routing.

Answer: B


NEW QUESTION # 32
A retail company has recently adopted a hybrid architecture. They have the following requirements for their end-to-end Connectivity model between their on-premises data center and Oracle Cloud Infrastructure (OC1) region
* Highly available connection with service level redundancy
* Dedicated network bandwidth with low latency
Which connectivity setup is the most cost effective solution for this scenario?

  • A. Setup FastConnect virtual circuit as your primary connection, and an IPSec VPN as a backup connection. Use separate edge devices in your on-premises data center for each connection. From your edge devices, advertise more specific routes through FastConnect virtual circuit, and more specific routes through the backup IPSec VPN path.
  • B. Setup IPSec VPN as your primary connection, and a second IPSec VPN as a backup connection. Use separate edge devices in your on p data center for each connection. From your edge devices, advertise more specific routes via primary IPSec VPN. and less specific rod the backup IPSec VPN.
  • C. Setup FastConnect virtual circuit as your primary connection, and a second FastConnect virtual circuit as a backup connection. Use separate edge devices in your FastConnect physical connectivity is redundant Use a single edge device in your on premises data center for each connection From yc device, advertise more specific routes via primary FastConnect virtual circuit, and less specific routes through t backup FastConnect circuit.
  • D. Setup IPsec VPN as your primary connection, and a FastConnect virtual circuit as a backup connection. Use separate edge devices in your on-premises data canter for each connection from your edge devices, advertise more specific routes IPSec VPN, and specific routes through the backup FastConnect virtual circuit.

Answer: B

Explanation:
there are two main requirements for this Customer
First Highly available connection with service level redundancy and that can achieve by

3- Redundant FastConnect


NEW QUESTION # 33
You have multiple IAM users who launch different types of compute Instances and block volumes every day. As a result, your Oracle cloud Infrastructure (OCF) tenancy quickly hit the service limit and you can no longer create any new instances. As you are cleaning up environment, you notice that the majority of the Instances and block volumes are untagged. Therefore, It is difficult to pinpoint the owner of these resources verify if they are safe to terminate.
Because of this, your company has issued a new mandate, which requires adding compute instances.
Which option is the simplest way to implement this new requirement?

  • A. Create a policy using IAM requiring users to tag specific resources. This will allow a user to launch compute instances on\y if certain tags were defined.
  • B. Create a policy to automatically tag a resource with the user name.
  • C. Create tag variables for each compartment to automatically tag a resource with the user name.
  • D. Create a default tag for each compartment, which ensure that appropriate tags are applied at resource creation
  • E. Create tag variables to automatically tag a resource with the user name.

Answer: E

Explanation:
Tag Variables
You can use a variable to set the value of a defined tag. When you add the tag to a resource, the variable resolves to the data it represents. You can use tag variables in defined tags and default tags.
Supported Tag Variables
The following tag variables are supported.
${iam.principal.name} The name of the principal that tagged the resource
${iam.principal.type} The type of principal that tagged the resource.
${oci.datetime} The date and time that the tag was created.
Consider the following example:
Operations.CostCenter=" ${iam.principal.name} at ${oci.datetime} "
Operations is the namespace, CostCenter is the tag key, and the tag value contains two tag variables ${iam.principal.name} and ${oci.datetime} . When you add this tag to a resource, the variable resolves to your user name (the name of the principal that applied the tag) and a time date stamp for when you added the tag.
user_name at 2019-06-18T18:00:57.604Z
The variable is replaced with data at the time you apply the tag. If you later edit the tag, the variable is gone and only the data remains. You can edit the tag value in all the ways you would edit any other tag value. To create a tag variable, you must use a specific format.
${<variable>} Type a dollar sign followed by open and close curly brackets. The tag variable goes between the curly brackets. You can use tag variables with other tag variables and with string values. Tag defaults let you specify tags to be applied automatically to all resources, at the time of creation, in a specific compartment. This feature allows you to ensure that appropriate tags are applied at resource creation without requiring the user who is creating the resource to have access to the tag namespaces.
https://docs.cloud.oracle.com/en-us/iaas/Content/Tagging/Tasks/managingtagdefaults.htm


NEW QUESTION # 34
......

1z0-997-22 Deluxe Study Guide with Online Test Engine: https://braindumps.getvalidtest.com/1z0-997-22-brain-dumps.html

Related Articles

more
Oracle 1z0-997-22 Certification Practice Exam