Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > Oracle > Oracle Certifications > 1Z0-997-20 > 1Z0-997-20 Online Practice Questions and Answers

1Z0-997-20 Online Practice Questions and Answers

Questions 4

To serve web traffic for a popular product, your cloud engineer has provisioned four BM.Standard2.52 instances, event spread across two availability domains in the us-asburn- 1 region: LoadBalancer is used to deliver the traffic across instances.

After several months, the product grows even more popular and you need additional compute capacity. As a result, an engineer provisioned two additional VM.Standard2.8 instances.

You register the two VM. Standard2. 8 Instances with your load Balancer Backend sot and quickly find that the VM Standard2.8 Instances running at 100% of CPU utilization but the BM.Standard2 .52 instances have significant CPU capacity that's unused.

Which option is the most cost effective and uses instances capacity most effectively?

A. Configure your Load Balance, with weighted round robin policy to distribute traffic to the compute instances, with more weight assigned to bare metal instances.

B. Configure Autoscaling instance pool with LoadBalancer to add up to 3 more BM.Standard2.52 Instances when triggered. Shut off VM.Standard2.8 instances.

C. Route traffic to BM.Standard2.52 and VM Standard2.8 instances directly using DNS and Health Checks. Shut off the load Balances.

D. Configure LoadBalancer with two VM Standard2.8 instances and use Autoscalling Instant pool to add up to two additional VM instances. Shut off BM.Standard2.52 instances.

Buy Now

Correct Answer: A

Customer have 4 BM.Standard2.52 and After several months he need additional compute capacity customer find The VM Standard2.8 Instances running at 100% of CPU utilization but the BM.Standard2 .52 instances have significant CPU capacity that unused. so the customer need to check the Load balance policy to make sure the 4 BM and VM is utilize correctly

Questions 5

You are building a highly available and fault tolerant web application deployment for your company. Similar application delayed by competitors experienced web site attack including DDoS which resulted in web server failing.

You have decided to use Oracle Web Application Firewall (WAF) to implement an architecture which will provide protection against such attacks and ensure additional configuration will you need to implement to make sure WAF is protecting my web application 24?.

Which additional configuration will you need to Implement to make sure WAF Is protecting my web application 24??

A. Configure auto scaling policy and it to WAF instance.

B. Configure Control Rules to send traffic to multiple web servers

C. Configure multiple origin servers

D. Configure new rules based on now vulnerabilities and mitigations

Buy Now

Correct Answer: C

Origin Management

An origin is an endpoint (typically an IP address) of the application protected by the WAF.

An origin can be

an Oracle Cloud Infrastructure load balancer public IP address. A load balancer IP address can be used for

high availability to an origin. Multiple origins can be defined, but only a single origin can be active for a WAF. You can set HTTP headers for outbound traffic from the WAF to the origin server. These name value pairs are then available to the

application. Oracle Cloud Infrastructure Web Application Firewall (WAF) is a cloud-based, Payment Card Industry (PCI) compliant, global security service that protects applications from malicious and unwanted internet traffic.

WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications. WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting (XSS),

SQL Injection and other OWASP- defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter. Access rules can limit based on geography or the signature of the request.

Distributed Denial of Service (DDoS)

A DDoS attack is an often intentional attack that consumes an entity's resources, usually using a large number of distributed sources. DDoS can be categorized into either Layer 7 or Layer 3/4 (L3/4)

A layer 7 DDoS attack is a DDoS attack that sends HTTP/S traffic to consume resources and hamper a website's ability to delivery content or to harm the owner of the site. The Web Application Firewall (WAF)

service can protect layer 7 HTTP-based resources from layer 7 DDoS and other web application attack vectors.

Questions 6

Your team is conducting a root analysis (RCA) following a recent, unplanned outage. One of the block volumes attached to your production WebLogic server was deleted and you have tasked with identifying the source of the action. You search the Audit logs and find several Delete actions that occurred in the previous 24 hours. Given the sample of this event.

Which item from the event log helps you identify the individual or service that initiated the DeleteVolume API call?

A. requestAgent

B. eventource

C. principalld

D. requestOrigin

E. eventId

Buy Now

Correct Answer: C

The Oracle Cloud Infrastructure Audit service automatically records calls to all supported Oracle Cloud Infrastructure public application programming interface (API) endpoints as log events. Currently, all services support logging by Audit.

Every audit log event includes two main parts:

Envelopes that act as a container for all event messages Payloads that contain data from the resource emitting the event message The identity object contains the following attributes. data.identity.authType The type of authentication used.

data.identity.principalId The OCID of the principal. data.identity.principalName The name of the user or service. This value is the friendly name associated with principalId .

Questions 7

Many development engineers are deploying new instances as part of their projects in Oracle Cloud Infrastructure tenancy, but majority of these instances have not been tagged. You as an administrator of this tenancy want to enforce tagging to identify owners who are launching these instances.

Which option below should be used to implement this requirement?

A. Create a predefined tag with tag variables to automatically tag a resource with usemame.

B. Create a default tag for each compartment which ensure appropriate tags are allowed at resource creation.

C. Create tag variables for each compartment to automatically tag a resource with user name.

D. Create an IAM policy to automatically tag a resource with the usemame.

Buy Now

Correct Answer: A

Questions 8

An automobile company wants to deploy their CRM application for Oracle Database on Oracle Cloud Infrastructure (OC1) DB Systems for one of major clients. In compliance with the Business Continuity Program of the client, they need to provide a Recovery Point objective (RPO) of 24 hours and a Recovery time objective (RTO) of 24 hours and Recovery Time Objective (RTO) of 1 hour.

The CRM application should be available oven in me event that an entire on Region is down.

Which approach Is the most suitable and cost effective configuration for this scenario?

A. Deploy a 1 node VM Oracle database in one region and replicate the database to a 1 node VM Oracle database in another region using a manual setup and configuration of Oracle Data Guard.

B. Deploy a 2 node Virtual Machine (VM) Oracle RAC database in one region and replicate the database to a 2 node VM Oracle RAC database in another region using a manual setup and configuration of Oracle Data Guard.

C. Deploy a 1 node VM Oracle database in one region. Manual Configure a Recovery Manager (RMAN) database backup schedule to take hourly database backups. Asynchronously copy the database backups to object storage in another OCI region, If the primary OCI region is unavailable launch a new 1 new VM Database in the other OCI region restore the production database from the backup.

D. Deploy an Autonomous Transaction Processing (Serverless) database in one region and replicate it to an Autonomous Transaction Processing (Serverless) database in another region Oracle GoldenGate.

Buy Now

Correct Answer: A

You can configure the Autonomous Database instance as a target database for Oracle GoldenGate. But You can't set up Oracle Autonomous Database as a source database for Oracle GoldenGate. Recovery Point objective (RPO) of 24 hours and Recovery Time Objective (RTO) of 1 hour

-To provision new VM and restore the production database from the backup on object storage, will exceed the RTO 1 hour

- You can create the standby DB system in a different availability domain from the primary DB system for availability and disaster recovery purposes. With Data Guard and switchover/failover can meet RTO 1 hour.

-RAC Database is not required in this solution. Standalone will be most suitable and cost effective

Questions 9

The Finance department of your company has reached out to you. They have customer sensitive data on compute Instances In Oracle Cloud Infrastructure (OCI) which they want to store in OCI Storage for long term retention and archival.

To meet security requirements they want to ensure this data is NOT transferred over public internet, even if encrypted.

which they want to store In OCI Object Storage fin long term retention and archival

To meet security requirements they want to ensure this data is NOT transferred over public Internet, even it encrypted.

Which option meets this requirements?

A. Configure a NAT instance and all traffic between compute In Private subnet should use this NAT instance with Private IP as the route target.

B. Use NAT gateway with appropriate route table when transferring data. Then use NAT gateways' toggle (on/off) once data transfer is complete.

C. Use Service gateway with appropriate route table.

D. Use Storage gateway with appropriate firewall rule.

Buy Now

Correct Answer: C

Service Gateway is virtual router that you can add to your VCN. It provides a path for private network traffic between your VCN and supported services in the Oracle Services Network like Object Storage) so compute Instances in a private subnet in your VCN can back up data to Object Storage without needing public IP addresses or access to the intern

Questions 10

All three Data Guard Configuration are fully supported on Oracle Cloud infrastructure (OCI). You want to deploy a maximum availability architecture (MAA) for database workload.

Which option should you consider while designing your Data Guard configuration to ensure best RTO and PRO without causing any data loss?

A. Configure "Maximum Protection" mode which provides zero data loss If the primary database fails.

B. Configure "Maximum Performance" mode In SYNC mode between two availability domains (same region) which provides, the highest level of data protection that is possible without affecting the performance of the primary database.

C. Configure ''Maximum Scalability" mode which provides the highest level of scalability without compromising the availability of the primary database.

D. Configure ''Maximum Availability" mode in SYNC mode between two availability domains (same region), and use the Maximum Availability mode in SYNC mode between two regions.

Buy Now

Correct Answer: D

Explanation: https://docs.cloud.oracle.com/enus/iaas/Content/Resources/Assets/whitepapers/best-practices-for-dr-on-oci.pdf

All three Data Guard configurations are fully supported on Oracle Cloud Infrastructure. However, because of a high risk of production outage, we don't recommend using the maximum protection mode for your Data Guard configuration. We recommend using the maximum availability mode in SYNC mode between two availability domains (same region), and using the maximum availability mode in ASYNC mode between two regions. This architecture provides you the best RTO and RPO without causing any data loss. We recommend building this architecture in daisy-chain mode: the primary database ships redo logs to the first standby database in another availability domain in SYNC mode, and then the first standby database ships the redo logs to another region in ASYNC mode. This method ensures that your primary database is not doing the double work of shipping redo logs, which can cause performance impact on a production workload.

This configuration offers the following benefits: No data loss within a region. No overhead on the production database to maintain standbys in another region. Option to configure lagging on the DR site if needed for business reasons. Option to configure multiple standbys in different regions without any additional overhead on the production database. A typical use case is a CDN application Bottom of Form

Questions 11

An organization has its mission critical application consisting of multiple application servers and databases running inside Virtual Cloud Network (VCN) in uk-london-1 region. Their solution architect wants to further strengthen their architecture by planning for Disaster Recovery (DR) in eu-frankfurt-1 region.

Which two solutions should their architect keep in mind while designing for DR?

A. A remote VCN peering connection is required to establish secure and reliable connectivity between different VCNs created in uk-london-1 and eu-frankfurt-1 region.

B. rsync utility can be used to asynchronously copy file systems or snapshot data to another region.

C. Load balancer will automatically distribute traffic between both the regions.

D. The RTO is the acceptable timeframe of lost data that application can tolerate.

E. It is not possible to use Active Data Guard to synchronize a database in uk-london-1 region to equivalent database in eu-frankfurt-1 region.

Buy Now

Correct Answer: AC

Questions 12

You are currently working for a public health care company based in the United Stats. Their existing patient records runs in an on-premises data center and the customer is sending tape backups offsite as part of their recovery planning.

You have developed an alternative archival solution using Oracle Cloud Infrastructure (OCI) that will save the company a significant amount of mom on a yearly basis. The solution involves storing data in an OCI Object Storage bucket After reviewing your solution with the customer global Compliance (GRC) team they have highlighted the following security requirements:

All data less than 1 year old must be accessible within 2 hour. All data must be retained for at least 10 years and be accessible within 48 hours AH data must be encrypted at rest No data may be transmitted across the public Internet

Which two options meet the requirements outlined by the customer GRC team?

A. Provision a FastConnect link to the closest OCI region and configure a private peering virtual circuit.

B. Create an OCI Object Storage Standard tier bucket Configure a lifecycle policy to archive any object that Is older than 365 days

C. Create a VPN connection between your on premises data center and OCI. Create a Virtual Cloud Network (VCN) along with an OCI Service Gateway for OCI Object Storage.

D. Provision a FastConnect link to the closest OCI region and configure a public peering virtual circuit

E. Create an OCI Object Storage Standard tier bucket. Configure a lifecycle policy to delete any object that is older than 7 years

Buy Now

Correct Answer: BD

The Oracle Services Network is a conceptual network in Oracle Cloud Infrastructure that is reserved for Oracle services. These services have public IP addresses that you typically reach over the internet. However, you can access the Oracle

Services Network without the traffic going over the internet. There are different ways, depending on which of your hosts need the access:

Hosts in your on-premises network:

-Private access through a VCN with FastConnect private peering or VPN Connect: The on- premises hosts use private IP addresses and reach the Oracle Services Network by way of the VCN and the VCN's service gateway.

-Public access with FastConnect public peering: The on-premises hosts use public IP addresses. regarding which Fastconnect Public peering: To access public services in Oracle Cloud Infrastructure without using the internet. For example, Object Storage, the Oracle Cloud Infrastructure Console and APIs, or public load balancers in your VCN. Communication across the connection is with IPv4 public IP addresses. Without FastConnect, the traffic destined for public IP addresses would be routed over the internet. With FastConnect, that traffic goes over your private physical connection. so Answer 4 will be the best answer that meets the customer requirement A service gateway lets your virtual cloud network (VCN) privately access specific Oracle services without exposing the data to the public internet. No internet gateway or NAT is required to reach those specific services. The resources in the VCN can be in a private subnet and use only private IP addresses. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet. Object Lifecycle Management lets you automatically manage the archiving and deletion of objects. By using Object Lifecycle Management to manage your Object Storage and Archive Storage data, you can reduce your storage costs and the amount of time you spend managing data.

Questions 13

You are a solutions architect for a global health care company which has numerous data centers around the globe. Due to the ever growing data that your company is storing, you were Instructed to set up a durable, cost effective solution to

archive you data from your existing on-premises tape based backup Infrastructure to Oracle Cloud Infrastructure (OCI).

What is the most-effective mechanism to Implement this requirement?

A. Use the File Storage Service in OCI and copy the data from your existing tape based backup to the shared file system

B. Setup an on premises OCI Storage Gateway which will back up your data to OCI Object Storage Archive tier.

C. Setup an on premises OCI Storage Gateway which will back up your data to OCI object Storage Standard tier. Use Object Storage life cycle policy management to move any data older than 30 days from Standard to Archive tier.

D. Setup an on-promises OCI Storage Gateway which will back up your data to OCI Object Storage Standard

E. Setup fastConnect to connect your on premises network to your OCI VCN and use rsync tool to copy your data to OCI Object Storage Archive tier.

Buy Now

Correct Answer: B

Oracle Cloud Infrastructure offers two distinct storage tiers for you to store your unstructured data. Use the Object Storage Standard tier for data to which you need fast, immediate, and frequent access. Use the Archive Storage service's Archive tier for data that you access infrequently, but which must be preserved for long periods of time. Both storage tiers use the same manageable resources (for example, objects and buckets). The difference is that when you upload a file to Archive Storage, the object is immediately archived. Before you can access an archived object, you must first restore the object to the Standard tier. you can use Storage Gateway to move files to Oracle Cloud Infrastructure Archive Storage as a cost effective backup solution. You can move individual files and compressed or uncompressed ZIP or TAR archives. Storing secondary copies of data is an ideal use case for Storage Gateway.

Exam Code: 1Z0-997-20
Exam Name: Oracle Cloud Infrastructure 2020 Architect Professional
Last Update: May 25, 2026
Questions: 165

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2026 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.