Oracle Cloud Infrastructure 2020 Architect Professional

Here you have the best Oracle 1z0-997-20 practice exam questions

  • You have 50 total questions to study from
  • Each page has 5 questions, making a total of 10 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on December 23, 2024
Question 1 of 50

Which three scenarios are suitable for the use of Oracle Cloud Infrastructure (OCI) Autonomous Transaction Processing "" Serverless (ATP-S) deployment?

(Choose three.)

    Correct Answer: C, D, E

    Oracle Cloud Infrastructure (OCI) Autonomous Transaction Processing Serverless (ATP-S) is ideal for scenarios where the workload is unpredictable or varies significantly over time, and where there is a need to manage costs effectively. A small startup deploying a new eCommerce application with uncertain load (C) can benefit from the serverless model, as it scales automatically based on demand. An established online auction marketplace with unpredictable, high peaks of activity (D) is another good use case, as the serverless deployment can handle sudden spikes efficiently. A developer working on a project with intermittent database usage requiring cost control (E) also benefits, as the serverless option can scale down during periods of low or no activity, saving costs.

Question 2 of 50

You are the Solution Architect that designed this Oracle Cloud Infrastructure (OCI) compartment layout for your organization:

The development team has deployed quite a few instances under "˜Compute' Compartment and the operations team needs to list the instances under the same compartment for their testing. Both teams, development and operations are part of a group called "˜Eng-group'.

You have been looking for an option to allow the operations team to list the instances without access any confidential information or metadata of the resources.

Which IAM policy should you write based on these requirements? (Choose the best answer.)

    Correct Answer: C

    To allow the operations team to list the instances without accessing any confidential information, the policy should grant the 'inspect' permission, which allows users to list resources but not view any confidential information or metadata. The correct policy is 'Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to Engineering compartment'. This is because the policy needs to be attached at a higher level in the compartment hierarchy (Engineering) to be effective for the Compute compartment nested within Dev-Team.

Question 3 of 50

You are working for a Travel company and your travel portal application is a collection of microservices that run on Oracle Cloud Infrastructure Container Engine for Kubernetes. As per the recent security overview, you have noticed that Oracle has published a newer image of the Operating System used by the worker nodes. You want to make sure that your application doesn't face any downtime but at the same time the worker nodes gets upgraded to the latest version of the

Operating System.

What should you do to get this upgrade done without application downtime? (Choose the best answer.)

    Correct Answer: B

    To upgrade the Operating System of worker nodes without application downtime, you should create a new node pool using the latest available OS image. Then, use 'kubectl cordon' to prevent new pods from being scheduled on old nodes and 'kubectl drain' to evict existing pods, ensuring no disruptions. Finally, delete the old node pool after ensuring the new one is operational.

Question 4 of 50

You work for a large bank where security and compliance are critical. As part of the security overview meeting, your company decided to minimize the installation of local tools on your laptop. You have been running Ansible and kubectl to spin up Oracle Container Engine for Kubernetes (OKE) clusters and deployed your application.

For authentication, you are using an Oracle Cloud Infrastructure (OCI) CLI config file that contains OCIDs, Fingerprint, and a locally stored PEM file. Your security team doesn't want you to store any local API key and certificate, or any other local tools.

Which two actions should you perform to spin up the OKE cluster and interact with it? (Choose two.)

    Correct Answer: A, C

    Given the constraints of minimizing local tools and avoiding local API keys and certificates, the first step is to use environments where tools are pre-installed, and where secure authentication methods can be used. Using a developer workstation on OCI with resource principal authentication meets these criteria, ensuring security and compliance by not relying on local storage of sensitive credentials. Secondly, the OCI Cloud Shell provides a secure environment with built-in tools like Ansible and kubectl, and using the OCI_CLI_AUTH=instance_obo_user environment variable allows for secure authentication via built-in tokens rather than locally stored credentials.

Question 5 of 50

A new international hacktivist group, based in London, launched wide scale cyber attacks including SQL Injection and Cross-Site Scripting (XSS) across multiple websites which are hosted in Oracle Cloud Infrastructure (OCI). As an IT consultant, you must configure a Web Application Firewall (WAF) to protect these websites against the attacks.

How should you configure your WAF to protect the website against those attacks? (Choose the best answer.)

    Correct Answer: C

    To protect websites against SQL Injection and Cross-Site Scripting (XSS) attacks, it is essential to enable protection rules specifically designed to filter and block requests that exhibit characteristics of these types of attacks. Enabling a Protection Rule to block requests within the XSS Filters Categories and SQL Filters Categories allows the WAF to analyze and intercept any potentially dangerous payloads, thus preventing malicious data from being processed by the web applications. This method targets the attack vectors directly rather than blocking based on geolocation or HTTP headers alone, ensuring a comprehensive safeguard against these threats.