Download Oracle Cloud Infrastructure 2020 Architect Professional.1Z0-997-20.CertDumps.2021-01-17.50q.vcex

Vendor: Oracle
Exam Code: 1Z0-997-20
Exam Name: Oracle Cloud Infrastructure 2020 Architect Professional
Date: Jan 17, 2021
File Size: 941 KB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAMFILESCOM

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
You are helping a customer troubleshoot a problem. The customer has several Oracle Linux servers in a private subnet within a Virtual Cloud Network (VCN). The servers are configured to periodically communicate to the Internet to get security patches for applications installed on them.
The servers are unable to reach the internet. An Internet Gateway has been deployed in the public subnet in the VCN and the appropriate routes are configured in the Route Table associated with the public subnet.
Based on cost considerations, which option will fix this issue? (Choose the best answer)
  1. Create a NAT gateway in the VCN and configure the NAT gateway as the route target for the private subnet.
  2. Create another Internet Gateway and configure it as route target for the private subnet.
  3. Create a Public Load Balancer in front of the servers and add the servers to the Backend Set of the Public Load Balancer.
  4. Implement a NAT instance in the public subnet of the VCN and configure the NAT instance as the route target for the private subnet. 
Correct answer: D
Question 2
A new international hacktivist group, based in London, launched wide scale cyber attacks including SQL Injection and Cross-Site Scripting (XSS) across multiple websites which are hosted in Oracle Cloud Infrastructure (OCI). As an IT consultant, you must configure a Web Application Firewall (WAF) to protect these websites against the attacks.
How should you configure your WAF to protect the website against those attacks? (Choose the best answer.)
  1. Enable a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL strings.
  2. Enable an Access Rule to block the IP Address range from London.
  3. Enable a Protection Rule to block requests XSS Filters Categories and SQL Filters Categories.
  4. Enable a Protection Rule to block requests that came from London.
  5. Enable an Access Rule that contains XSS Filters Categories and SQL Filters Categories. 
Correct answer: C
Question 3
You work for a public health care company based in the United States. Their existing patient records system runs in an on-premise data center and the customer is sending tape backups offsite as part of their disaster recovery planning.
You developed an alternative archival solution using Oracle Cloud Infrastructure (OCI) that will save the company a significant amount of money on a yearly basis.
The solution involves storing data in an OCI Object Storage bucket. After reviewing your solution with the customer Global Risk and Compliance (GRC) team, they highlighted four security requirements:
  • All data less than 1 year old must be accessible within 2 hours
  • All data must be retained for at least 10 years and be accessible within 48 hours
  • All data must be encrypted at rest
  • No data may be transmitted across the public internet
Which two options meet the requirements outlined by the customer GRC team? (Choose two.)
  1. Provision a FastConnect link to the closest OCI region and configure a private peering virtual circuit.
  2. Provision a FastConnect link to the closest OCI region and configure a public peering virtual circuit.
  3. Create an OCI Object Storage Standard tier bucket. Configure a lifecycle policy to archive any object that is older than 365 days.
  4. Create an OCI Object Storage Standard tier bucket. Configure a lifecycle policy to delete any object that is older than 7 years.
  5. Create a VPN connection between your on-premises data center and OCI. Create a Virtual Cloud Network (VCN) along with an OCI Service Gateway for OCI Object Storage. 
Correct answer: BC
Question 4
Multiple departments in your company use a shared Oracle Cloud Infrastructure (OCI) tenancy to implement their projects. You are in charge of managing the cost of OCI resources in the tenancy and need to obtain better insights into department's usage.
Which three options can you implement together to accomplish this? (Choose three.)
  1. Create a budget that matches your commitment amount and an alert at 100 percent of the forecast.
  2. Set up a tag default that automatically applies tags to all specified resources created in a compartment. Then use these tags for cost analysis.
  3. Set up different compartments for each department. Then track and analyze cost per compartment.
  4. Use the billing cost tracking report to analyze costs.
  5. Set up a consolidated budget-tracking tags to analyze costs in a granular manner. 
Correct answer: ACE
Question 5
You are working for a Travel company and your travel portal application is a collection of microservices that run on Oracle Cloud Infrastructure Container Engine for Kubernetes. As per the recent security overview, you have noticed that Oracle has published a newer image of the Operating System used by the worker nodes. You want to make sure that your application doesn't face any downtime but at the same time the worker nodes gets upgraded to the latest version of the Operating System.
What should you do to get this upgrade done without application downtime? (Choose the best answer.)
  1. 1. Shutdown the worker nodes 2. Create a new node pool 3. Manually schedule the pods on the newly built node pool
  2. 1. Create a new node pool using the latest available Operating System image. 2. Run kubectl cordon <node name> against all the worker nodes in the old pool to stop any new application pods to get scheduled 3. Run kubectl drain <node name> """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 4. Delete the old node pool
  3. 1. Create a new node pool using the latest available Operating System image 2. Run kubectl taint nodes """"all node""role.kubernetes.io/master"" 3. Delete the old node pool
  4. 1. Run kubectl cordon <node name> against all the worker nodes in the old pool to stop any new application pods to get scheduled 2. Run kubectl drain <node name> """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 3. Download the patches for the new Operating System image 4. Patch the worker nodes to the latest Operating System image 
Correct answer: D
Question 6
Which three scenarios are suitable for the use of Oracle Cloud Infrastructure (OCI) Autonomous Transaction Processing "" Serverless (ATP-S) deployment?
(Choose three.)
  1. A manufacturing company is running Oracle E-Business Suite application on-premises. They are looking to move this application to OCI and they want to use a managed database offering for their database tier.
  2. A midsize company is considering migrating its legacy on-premises MongoDB database to Oracle Cloud Infrastructure (OCI). The database has significantly higher workloads on weekends than weekdays.
  3. A small startup is deploying a new application for eCommerce and it requires a database to store customers' transactions. The team is unsure of what the load will look like since it is a new application.
  4. A well-established, online auction marketplace is running an application where there is database usage 24x7, but also has peaks of activity that are hard to predict. When the peaks happen, the total activities may reach 3 times the normal activity level.
  5. A developer working on an internal project needs to use a database during work hours but doesn't need it during nights or weekends. The project budget requires her to keep costs low. 
Correct answer: ACE
Question 7
You are the Solution Architect that designed this Oracle Cloud Infrastructure (OCI) compartment layout for your organization:
 
The development team has deployed quite a few instances under "˜Compute' Compartment and the operations team needs to list the instances under the same compartment for their testing. Both teams, development and operations are part of a group called "˜Eng-group'.
You have been looking for an option to allow the operations team to list the instances without access any confidential information or metadata of the resources.
Which IAM policy should you write based on these requirements? (Choose the best answer.)
  1. Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to "˜SysTest-Team' Compartment.
  2. Allow group Eng-group to read instance-family in compartment Dev-Team:Compute and attach the policy to "˜Dev-Team' Compartment.
  3. Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to "˜Engineering' Compartment.
  4. Allow group Eng-group to read instance-family in compartment Compute and attach the policy to "˜Engineering' Compartment. 
Correct answer: C
Question 8
You work for a large bank where security and compliance are critical. As part of the security overview meeting, your company decided to minimize the installation of local tools on your laptop. You have been running Ansible and kubectl to spin up Oracle Container Engine for Kubernetes (OKE) clusters and deployed your application.
For authentication, you are using an Oracle Cloud Infrastructure (OCI) CLI config file that contains OCIDs, Fingerprint, and a locally stored PEM file. Your security team doesn't want you to store any local API key and certificate, or any other local tools.
Which two actions should you perform to spin up the OKE cluster and interact with it? (Choose two.)
  1. Create a developer workstation on OCI. Install Ansible and kubectl on it. Use resource principal to authenticate against OCI API and create the OKE Cluster.
  2. Develop your own code using OCI SDK to deploy the OKE cluster.
  3. Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Use OCI_CLI_AUTH=instance_obo_user environment variable to authenticate using built-in token.
  4. Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Bring in your own config file and certificate to authenticate against OCI API.
  5. Create a developer workstation on OCI. Install Ansible and kubectl on it. Use instance principal to authenticate against OCI API and create the OKE Cluster. 
Correct answer: CE
Question 9
An Oracle Cloud Infrastructure (OCI) Public Load Balancer's SSL certificate is expiring soon. You noticed the Load Balancer is configured with SSL Termination only. When the certificate expires, data traffic can be interrupted and security compromised.
What steps do you need to take to prevent this situation? (Choose the best answer.)
  1. Add the new SSL certificate to the Load Balancer and update backend servers to use the new certificate bundle.
  2. Add the new SSL certificate to the Load Balancer and update listeners to use the new certificate bundle.
  3. Add the new SSL certificate to the Load Balancer, update listeners and backend sets so they can use the new certificate bundle.
  4. Add the new SSL certificate to the Load Balancer, update backend servers to work with a new certificate and edit listeners so they can use the new certificate bundle.
  5. Add the new SSL certificate to the Load Balancer and implement end to end SSL so it can encrypt the traffic from clients all the way to the backend servers. 
Correct answer: A
Question 10
After performing maintenance on an Oracle Linux compute instance the system is returned to a running state. You attempt to connect using SSH but are unable to do so. You decide to create an instance console connection to troubleshoot the issue.
Which three tasks would enable you to connect to the console connection and begin troubleshooting? (Choose three.)
  1. Stop the compute instance using the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI).
  2. Reboot the compute instance using the Oracle Cloud Infrastructure (OCI) Management Console.
  3. Edit the Linux boot menu to enable access to console.
  4. Upload an API signing key for console connection authentication.
  5. Use SSH to connect to the public IP address of the compute instance and provide the console connection OCID as the username.
  6. Use SSH to connect to the service endpoint of the console connection service. 
Correct answer: BCF
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!