Oracle 1z0-997-20 Exam Dumps

Question 6 of 50

You work for a public health care company based in the United States. Their existing patient records system runs in an on-premise data center and the customer is sending tape backups offsite as part of their disaster recovery planning.

You developed an alternative archival solution using Oracle Cloud Infrastructure (OCI) that will save the company a significant amount of money on a yearly basis.

The solution involves storing data in an OCI Object Storage bucket. After reviewing your solution with the customer Global Risk and Compliance (GRC) team, they highlighted four security requirements:

✑ All data less than 1 year old must be accessible within 2 hours

✑ All data must be retained for at least 10 years and be accessible within 48 hours

✑ All data must be encrypted at rest

✑ No data may be transmitted across the public internet

Which two options meet the requirements outlined by the customer GRC team? (Choose two.)

Provision a FastConnect link to the closest OCI region and configure a private peering virtual circuit.

Provision a FastConnect link to the closest OCI region and configure a public peering virtual circuit.

Create an OCI Object Storage Standard tier bucket. Configure a lifecycle policy to archive any object that is older than 365 days.

Create an OCI Object Storage Standard tier bucket. Configure a lifecycle policy to delete any object that is older than 7 years.

Create a VPN connection between your on-premises data center and OCI. Create a Virtual Cloud Network (VCN) along with an OCI Service Gateway for OCI Object Storage.

Correct Answer: A, C

To meet the security requirements, the data must not be transmitted across the public internet and be accessible within specified time limits while ensuring encryption at rest. Option A, provisioning a FastConnect link and configuring a private peering virtual circuit, ensures that data is transmitted securely without using the public internet. Option C involves creating an OCI Object Storage Standard tier bucket with a lifecycle policy to archive objects older than 365 days, fulfilling the requirement to store data for at least 10 years while making it accessible within 48 hours. This combination meets the GRC team's requirements.

Question 7 of 50

You are helping a customer troubleshoot a problem. The customer has several Oracle Linux servers in a private subnet within a Virtual Cloud Network (VCN). The servers are configured to periodically communicate to the Internet to get security patches for applications installed on them.

The servers are unable to reach the internet. An Internet Gateway has been deployed in the public subnet in the VCN and the appropriate routes are configured in the Route Table associated with the public subnet.

Based on cost considerations, which option will fix this issue? (Choose the best answer)

Create a NAT gateway in the VCN and configure the NAT gateway as the route target for the private subnet.

Create another Internet Gateway and configure it as route target for the private subnet.

Create a Public Load Balancer in front of the servers and add the servers to the Backend Set of the Public Load Balancer.

Implement a NAT instance in the public subnet of the VCN and configure the NAT instance as the route target for the private subnet.

Correct Answer: A

To allow Oracle Linux servers in a private subnet to access the internet for security patches while minimizing costs, the best solution is to create a NAT gateway in the VCN and configure it as the route target for the private subnet. A NAT gateway allows private subnet instances to access the internet securely and avoids the cost and complexity of managing a NAT instance in the public subnet or using a public load balancer. Additionally, creating another Internet Gateway or using a Public Load Balancer is not appropriate for instances in a private subnet needing outbound internet access and may incur additional costs.

Question 8 of 50

Multiple departments in your company use a shared Oracle Cloud Infrastructure (OCI) tenancy to implement their projects. You are in charge of managing the cost of OCI resources in the tenancy and need to obtain better insights into department's usage.

Which three options can you implement together to accomplish this? (Choose three.)

Create a budget that matches your commitment amount and an alert at 100 percent of the forecast.

Set up a tag default that automatically applies tags to all specified resources created in a compartment. Then use these tags for cost analysis.

Set up different compartments for each department. Then track and analyze cost per compartment.

Use the billing cost tracking report to analyze costs.

Set up a consolidated budget-tracking tags to analyze costs in a granular manner.

Correct Answer: A, B, C

To manage costs and gain insights into department usage of Oracle Cloud Infrastructure (OCI) resources, the following can be implemented: Creating a budget that matches your commitment amount along with an alert at 100% of the forecast provides early warning if spending increases. Setting up different compartments for each department allows for tracking and analyzing costs per department. Using a tag default to automatically apply tags to resources created in a compartment helps in detailed cost analysis by enabling resource tracking through tags.

Question 9 of 50

After performing maintenance on an Oracle Linux compute instance the system is returned to a running state. You attempt to connect using SSH but are unable to do so. You decide to create an instance console connection to troubleshoot the issue.

Which three tasks would enable you to connect to the console connection and begin troubleshooting? (Choose three.)

Stop the compute instance using the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI).

Reboot the compute instance using the Oracle Cloud Infrastructure (OCI) Management Console.

Edit the Linux boot menu to enable access to console.

Upload an API signing key for console connection authentication.

Use SSH to connect to the public IP address of the compute instance and provide the console connection OCID as the username.

Use SSH to connect to the service endpoint of the console connection service.

Correct Answer: A, D, F

To connect to the console connection and begin troubleshooting, you should stop the compute instance using the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI). This allows for changes to take effect. Next, upload an API signing key for console connection authentication to validate your access. Finally, use SSH to connect to the service endpoint of the console connection service, as this is the standard method to establish the connection required for troubleshooting. Editing the Linux boot menu to enable access to the console is unnecessary, rebooting the compute instance does not directly facilitate console access troubleshooting, and providing the console connection OCID as the username is incorrect usage.

Question 10 of 50

You designed and deployed your Autonomous Data Warehouse (ADW) so that it is accessible from your on-premise data center and servers running on both private and public networks in Oracle Cloud Infrastructure (OCI).

As you are testing the connectivity to your ADW database from the different access paths, you notice that the server running on the private network is unable to connect to ADW.

Which two steps do you need to take to enable connectivity from the server on the private network to ADW? (Choose two.)

Add an entry in the Security List of the ADW allowing ingress traffic for CIDR block 10.2.2.0/24

Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/0; target type of NAT Gateway, add a stateful egress rule to the security list (associated with the private subnet) with destination of 0.0.0.0/0 and for all IP protocols.

Add an entry in the access control list of ADW for IP address 129.146.160.11

Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/0; target type of Internet Gateway, add a stateful egress rule to the security list (associated with the private subnet) with destination of 0.0.0.0/0 and for all IP protocols.

Add an entry in the access control list of ADW for CIDR block 10.2.2.0/24.

Correct Answer: B, C

To enable connectivity from the server on the private network to the Autonomous Data Warehouse (ADW), you need to add an entry in the route table associated with the private subnet for routing the traffic through the NAT Gateway, and you need to update the access control list (ACL) of ADW to include the IP address of the NAT Gateway. Adding an entry in the route table with a destination of 0.0.0.0/0 and the target type of NAT Gateway allows the private subnet to route traffic to external networks using the NAT Gateway. Including the NAT Gateway's public IP address in the ACL ensures that ADW can accept connections from the private network routed through the NAT Gateway. Option A, which suggests modifying the security list of ADW, is not correct because ADW does not have security lists; it uses ACLs to control access.