Oracle Cloud Infrastructure 2020 Architect Professional

Here you have the best Oracle 1z0-997-20 practice exam questions

You have 50 total questions to study from
Each page has 5 questions, making a total of 10 pages
You can navigate through the pages using the buttons at the bottom
This questions were last updated on November 14, 2024

Question 1 of 50

Which three scenarios are suitable for the use of Oracle Cloud Infrastructure (OCI) Autonomous Transaction Processing "" Serverless (ATP-S) deployment?

(Choose three.)

A manufacturing company is running Oracle E-Business Suite application on-premises. They are looking to move this application to OCI and they want to use a managed database offering for their database tier.

A midsize company is considering migrating its legacy on-premises MongoDB database to Oracle Cloud Infrastructure (OCI). The database has significantly higher workloads on weekends than weekdays.

A small startup is deploying a new application for eCommerce and it requires a database to store customers' transactions. The team is unsure of what the load will look like since it is a new application.

A well-established, online auction marketplace is running an application where there is database usage 24x7, but also has peaks of activity that are hard to predict. When the peaks happen, the total activities may reach 3 times the normal activity level.

A developer working on an internal project needs to use a database during work hours but doesn't need it during nights or weekends. The project budget requires her to keep costs low.

Correct Answer: C, D, E

Oracle Cloud Infrastructure (OCI) Autonomous Transaction Processing Serverless (ATP-S) is ideal for scenarios where the workload is unpredictable or varies significantly over time, and where there is a need to manage costs effectively. A small startup deploying a new eCommerce application with uncertain load (C) can benefit from the serverless model, as it scales automatically based on demand. An established online auction marketplace with unpredictable, high peaks of activity (D) is another good use case, as the serverless deployment can handle sudden spikes efficiently. A developer working on a project with intermittent database usage requiring cost control (E) also benefits, as the serverless option can scale down during periods of low or no activity, saving costs.

Question 2 of 50

You are the Solution Architect that designed this Oracle Cloud Infrastructure (OCI) compartment layout for your organization:

The development team has deployed quite a few instances under "˜Compute' Compartment and the operations team needs to list the instances under the same compartment for their testing. Both teams, development and operations are part of a group called "˜Eng-group'.

You have been looking for an option to allow the operations team to list the instances without access any confidential information or metadata of the resources.

Which IAM policy should you write based on these requirements? (Choose the best answer.)

Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to "˜SysTest-Team' Compartment.

Allow group Eng-group to read instance-family in compartment Dev-Team:Compute and attach the policy to "˜Dev-Team' Compartment.

Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to "˜Engineering' Compartment.

Allow group Eng-group to read instance-family in compartment Compute and attach the policy to "˜Engineering' Compartment.

Correct Answer: C

To allow the operations team to list the instances without accessing any confidential information, the policy should grant the 'inspect' permission, which allows users to list resources but not view any confidential information or metadata. The correct policy is 'Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to Engineering compartment'. This is because the policy needs to be attached at a higher level in the compartment hierarchy (Engineering) to be effective for the Compute compartment nested within Dev-Team.

Question 3 of 50

You are working for a Travel company and your travel portal application is a collection of microservices that run on Oracle Cloud Infrastructure Container Engine for Kubernetes. As per the recent security overview, you have noticed that Oracle has published a newer image of the Operating System used by the worker nodes. You want to make sure that your application doesn't face any downtime but at the same time the worker nodes gets upgraded to the latest version of the

Operating System.

What should you do to get this upgrade done without application downtime? (Choose the best answer.)

1. Shutdown the worker nodes 2. Create a new node pool 3. Manually schedule the pods on the newly built node pool

1. Create a new node pool using the latest available Operating System image. 2. Run kubectl cordon against all the worker nodes in the old pool to stop any new application pods to get scheduled 3. Run kubectl drain """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 4. Delete the old node pool

1. Create a new node pool using the latest available Operating System image 2. Run kubectl taint nodes """"all node""role.kubernetes.io/master"" 3. Delete the old node pool

1. Run kubectl cordon against all the worker nodes in the old pool to stop any new application pods to get scheduled 2. Run kubectl drain """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 3. Download the patches for the new Operating System image 4. Patch the worker nodes to the latest Operating System image

Correct Answer: B

To upgrade the Operating System of worker nodes without application downtime, you should create a new node pool using the latest available OS image. Then, use 'kubectl cordon' to prevent new pods from being scheduled on old nodes and 'kubectl drain' to evict existing pods, ensuring no disruptions. Finally, delete the old node pool after ensuring the new one is operational.

Question 4 of 50

You work for a large bank where security and compliance are critical. As part of the security overview meeting, your company decided to minimize the installation of local tools on your laptop. You have been running Ansible and kubectl to spin up Oracle Container Engine for Kubernetes (OKE) clusters and deployed your application.

For authentication, you are using an Oracle Cloud Infrastructure (OCI) CLI config file that contains OCIDs, Fingerprint, and a locally stored PEM file. Your security team doesn't want you to store any local API key and certificate, or any other local tools.

Which two actions should you perform to spin up the OKE cluster and interact with it? (Choose two.)

Create a developer workstation on OCI. Install Ansible and kubectl on it. Use resource principal to authenticate against OCI API and create the OKE Cluster.

Develop your own code using OCI SDK to deploy the OKE cluster.

Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Use OCI_CLI_AUTH=instance_obo_user environment variable to authenticate using built-in token.

Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Bring in your own config file and certificate to authenticate against OCI API.

Create a developer workstation on OCI. Install Ansible and kubectl on it. Use instance principal to authenticate against OCI API and create the OKE Cluster.

Correct Answer: A, C

Given the constraints of minimizing local tools and avoiding local API keys and certificates, the first step is to use environments where tools are pre-installed, and where secure authentication methods can be used. Using a developer workstation on OCI with resource principal authentication meets these criteria, ensuring security and compliance by not relying on local storage of sensitive credentials. Secondly, the OCI Cloud Shell provides a secure environment with built-in tools like Ansible and kubectl, and using the OCI_CLI_AUTH=instance_obo_user environment variable allows for secure authentication via built-in tokens rather than locally stored credentials.

Question 5 of 50

A new international hacktivist group, based in London, launched wide scale cyber attacks including SQL Injection and Cross-Site Scripting (XSS) across multiple websites which are hosted in Oracle Cloud Infrastructure (OCI). As an IT consultant, you must configure a Web Application Firewall (WAF) to protect these websites against the attacks.

How should you configure your WAF to protect the website against those attacks? (Choose the best answer.)

Enable a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL strings.

Enable an Access Rule to block the IP Address range from London.

Enable a Protection Rule to block requests XSS Filters Categories and SQL Filters Categories.

Enable a Protection Rule to block requests that came from London.

Enable an Access Rule that contains XSS Filters Categories and SQL Filters Categories.

Correct Answer: C

To protect websites against SQL Injection and Cross-Site Scripting (XSS) attacks, it is essential to enable protection rules specifically designed to filter and block requests that exhibit characteristics of these types of attacks. Enabling a Protection Rule to block requests within the XSS Filters Categories and SQL Filters Categories allows the WAF to analyze and intercept any potentially dangerous payloads, thus preventing malicious data from being processed by the web applications. This method targets the attack vectors directly rather than blocking based on geolocation or HTTP headers alone, ensuring a comprehensive safeguard against these threats.