Oracle 1z0-997-20 Exam Practice Questions (P. 3)
- Full Access (50 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #11
An Oracle Cloud Infrastructure (OCI) Public Load Balancer's SSL certificate is expiring soon. You noticed the Load Balancer is configured with SSL Termination only. When the certificate expires, data traffic can be interrupted and security compromised.
What steps do you need to take to prevent this situation? (Choose the best answer.)
What steps do you need to take to prevent this situation? (Choose the best answer.)
- AAdd the new SSL certificate to the Load Balancer and update backend servers to use the new certificate bundle.
- BAdd the new SSL certificate to the Load Balancer and update listeners to use the new certificate bundle.Most Voted
- CAdd the new SSL certificate to the Load Balancer, update listeners and backend sets so they can use the new certificate bundle.
- DAdd the new SSL certificate to the Load Balancer, update backend servers to work with a new certificate and edit listeners so they can use the new certificate bundle.
- EAdd the new SSL certificate to the Load Balancer and implement end to end SSL so it can encrypt the traffic from clients all the way to the backend servers.
Correct Answer:
A
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Balance/Tasks/managingcertificates.htm
A
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Balance/Tasks/managingcertificates.htm
send
light_mode
delete
Question #12
Your company will soon start moving critical systems into Oracle Cloud Infrastructure (OCI) platform. These systems will reside in the us-phoenix-1 and us- ashburn-1 regions. As part of the migration planning, you are reviewing the company's existing security policies and written guidelines for the OCI platform usage within the company.
Your security processes for critical systems require that all data is encrypted at rest using Customer-Managed Keys.
Which two options ensure compliance with this policy? (Choose two.)
Your security processes for critical systems require that all data is encrypted at rest using Customer-Managed Keys.
Which two options ensure compliance with this policy? (Choose two.)
- AYou do not need to perform any additional actions because the OCI Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption.
- BWhen you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option.Most Voted
- CWhen you create a new block volume through OCI console, select "Encrypt using Customer-Managed Keys" checkbox and use encryption keys generated and stored in OCI Vault.Most Voted
- DWhen you create a new compute instance through OCI console, you use the default options for "configure boot volume" to speed up the process to create this compute instance.
- EWhen you create a new compute instance through OCI console, you use the default shape to speed up the process to create this compute instance.
Correct Answer:
AB
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Block/Concepts/overview.htm
AB
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/Block/Concepts/overview.htm
send
light_mode
delete
Question #13
A hospital in Austin has hosted its web-based medical records portal entirely in Oracle Cloud Infrastructure (OCI) using compute instances for its web-tier and DB
System database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the hospital hired an IT security professional to check their systems.
It was found that there were a lot of unauthorized requests coming from a set of IP addresses originating from a county in Southeast Asia.
Which option can mitigate this type of attack? (Choose the best answer.)
System database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the hospital hired an IT security professional to check their systems.
It was found that there were a lot of unauthorized requests coming from a set of IP addresses originating from a county in Southeast Asia.
Which option can mitigate this type of attack? (Choose the best answer.)
- ABlock the attacking IP addresses by creating a Security List rule to deny access to the subnet where the web server is running.
- BBlock the attacking IP addresses by creating a Network Security Group rule to deny access to the compute instance where the web server is running.
- CImplementing an OCI Web Application Firewall Bot Management policy to identify the attacking IP addresses and mitigate the threat.
- DBlock the attacking IP addresses by implementing an OCI Web Application Firewall policy using Access Control Rules.Most Voted
Correct Answer:
A
A
send
light_mode
delete
Question #14
You work for a large bank where your main application is a payment processing gateway API. You deployed the application on Oracle Container Engine for
Kubernetes (OKE) and used API Gateway with several policies to control the access of the API endpoint.
However, your customers are complaining about the unavailability of the API endpoint. Upon checking, you noticed that the Gateway URL is throwing Service
Unavailable error. You need to check the backend latency and backend responses when this error started last night.
What should you do to get this data? (Choose the best answer.)
Kubernetes (OKE) and used API Gateway with several policies to control the access of the API endpoint.
However, your customers are complaining about the unavailability of the API endpoint. Upon checking, you noticed that the Gateway URL is throwing Service
Unavailable error. You need to check the backend latency and backend responses when this error started last night.
What should you do to get this data? (Choose the best answer.)
- ACheck with the application owner and search the log file for the container to get the metrics from the log file.
- BGo to Governance Menu and click on Audit to see the Audit log for the API Gateway. Filter it using Start and End date with a 503 response status.
- CGo to Developer Services and click on API Gateway. Go to the detail page of the gateway and select Metrics. Change the Start and End time to filter the metrics.
- DGo to Monitoring and click on Service Metrics. Choose the Metric Namespace as oci_apigateway. Change the Start and End time accordingly. Add a Dimension and select httpStatusCode: 503. Check the backend latency and backend responses metric.Most Voted
Correct Answer:
D
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/APIGateway/Reference/apigatewaymetrics.htm
D
Reference:
https://docs.cloud.oracle.com/en-us/iaas/Content/APIGateway/Reference/apigatewaymetrics.htm
send
light_mode
delete
Question #15
You are running a legacy application in a compute instance on Oracle Cloud Infrastructure (OCI). To provide enough space for it to store internal data, a block volume is attached to the instance in paravirtualized mode.
Your application is not resilient to crash-consistent backup.
What should you do to backup the block volume in a secure and cost effective way? (Choose the best answer.)
Your application is not resilient to crash-consistent backup.
What should you do to backup the block volume in a secure and cost effective way? (Choose the best answer.)
- ASave your application data, detach the block volume and create a clone.
- BCreate a volume group, add the boot volume and then run the volume group backup.
- CCreate a backup, detach the block volume and save your application data.
- DSave your application data, detach the block volume and create a backup.Most Voted
Correct Answer:
B
B
send
light_mode
delete
All Pages