[2022年02月]更新のOracle 1z0-997-21問題集とリアルな試験問題 [Q75-Q95]

[2022年02月]更新のOracle 1z0-997-21問題集とリアルな試験問題

2022年最新の1z0-997-21のPDF最近更新された問題

Oracle 1z0-997-21 認定試験の出題範囲：

トピック	出題範囲
トピック 1	マルチクラウドソリューションアーキテクチャの評価 OCIでの監視、可観測性、アラートの実施
トピック 2	高可用性、帯域幅、および遅延の要件を満たすハイブリッドネットワークアーキテクチャを設計および実装します OCIでソリューションを実装および運用します
トピック 3	OCI CLI、API、SDKを使用してインフラストラクチャを管理します Oracle Cloud Infrastructure（OCI）でソリューションを計画および設計します
トピック 4	OCIでデータベースを設計、実装、運用する オンプレミスのワークロードをOCIに移行する OCIでソリューションを運用およびトラブルシューティングする
トピック 5	コンプライアンス要件を満たすソリューションを設計、実装、運用する ビジネス要件と技術要件を満たすソリューションを計画および設計する
トピック 6	セキュリティとコンプライアンスのための設計 データベースの評価と実装 データベースの運用とトラブルシューティング
トピック 7	高可用性とディザスタリカバリのためのスケーラブルで弾力性のあるソリューションを設計する オンプレミスのワークロードをOCIに移行するための戦略を設計する

 

質問 75
An automobile company wants to deploy their CRM application for Oracle Database on Oracle Cloud Infrastructure (OC1) DB Systems for one of major clients. In compliance with the Business Continuity Program of the client, they need to provide a Recovery Point objective (RPO) of 24 hours and a Recovery time objective (RTO) of 24 hours and Recovery Time Objective (RTO) of 1 hour.
The CRM application should be available oven in me event that an entire on Region is down.
Which approach Is the most suitable and cost effective configuration for this scenario?

• A. Deploy a 2 node Virtual Machine (VM) Oracle RAC database in one region and replicate the database to a 2 node VM Oracle RAC database in another region using a manual setup and configuration of Oracle Data Guard.
• B. Deploy a 1 node VM Oracle database in one region and replicate the database to a 1 node VM Oracle database in another region using a manual setup and configuration of Oracle Data Guard.
• C. Deploy a 1 node VM Oracle database in one region. Manual Configure a Recovery Manager (RMAN) database backup schedule to take hourly database backups. Asynchronously copy the database backups to object storage in another OCI region, If the primary OCI region is unavailable launch a new 1 new VM Database in the other OCI region restore the production database from the backup.
• D. Deploy an Autonomous Transaction Processing (Serverless) database in one region and replicate it to an Autonomous Transaction Processing (Serverless) database in another region Oracle GoldenGate.

正解: B

解説:
You can configure the Autonomous Database instance as a target database for Oracle GoldenGate. But You can't set up Oracle Autonomous Database as a source database for Oracle GoldenGate.
Recovery Point objective (RPO) of 24 hours and Recovery Time Objective (RTO) of 1 hour
- To provision new VM and restore the production database from the backup on object storage, will exceed the RTO 1 hour
- You can create the standby DB system in a different availability domain from the primary DB system for availability and disaster recovery purposes. With Data Guard and switchover/failover can meet RTO
1 hour.
- RAC Database is not required in this solution. Standalone will be most suitable and cost effective

 

質問 76
Your company has recently deployed a new web application that uses Oracle functions Your manager Instructed you to Implement major manage your systems more effectively. You know that Oracle functions automatically monitors functions on your behalf reports metrics through Service Metrics.
Which two metrics are collected and made available by this feature?

• A. number of times a function is invoked
• B. number of times a function is removed
• C. number of concurrent connections
• D. length of time a function runs
• E. amount of CPU used by a function

正解: A,D

解説:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Reference/functionsmetrics.htm you can monitor the health, capacity, and performance of functions you've deployed to Oracle Functions by using metrics Oracle Functions monitors function execution, and collects and reports metrics such as:
The number of times a function is invoked.
The length of time a function runs for.
The number of times a function failed.
The number of requests to invoke a function that returned a '429 Too Many Requests' error in the response (known as 'throttled function invocations').

 

質問 77
You are working as a solution architect for an online retail store to create a portal to allow the users to pay for their groceries using credit cards. Since the application is not fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), your company is looking to use a third party payment service to process credit card payments.
The third party service allows a maximum of Spelunk IP addresses 5 public IP addresses at a time However, your website is using Oracle Cloud Infrastructure (OCI) Instance Pool Auto Scaling policy to create up to create up to 15 Instances during peak traffic demand, which are launched In VCN private in VCN private subnets and attached to an OCI public Load Balancer. Upon user payment, the portal connects to the payment service over the Interne! to complete the transaction What solution can you implement to make sure that all compute Instances can connect to the third party system to process the payments aw peak traffic demand?

• A. Whitelist the Internet Gateway Public IP on the third party service and route all payment requests through the Internet Gateway.
• B. Route payment request from the compute instances through the OCI Load Balancer, which will then be routed to the third party service.
• C. Create an OCI Command Line Interface (CLI) script to automatically reserve public IP address for the compute instances. On the third-party services, whitelist the Reserved public IP.
• D. Route credit card payment request from the compute instances through the NAT Gateway. On the third-party services, whitelist the public IP associated with the NAT Gateway.

正解: D

 

質問 78
You are the Solution Architect that designed this Oracle Cloud Infrastructure (OCI) compartment layout for your organization:

The development team has deployed quite a few instances under 'Compute' Compartment and the operations team needs to list the Instances under the same compartment for their testing. Both teams, development and operations are part of a group called 'Eng-group' You have been looking for an option to allow the operations team to list the instances without access any confidential information or metadata of resources.
Which IAM policy should you write based on these requirements?

• A. Allow group Eng-group to read instance-family in compartment Dev-Team-.Compute and attach the policy to'Dev-Team'
• B. Allow group Eng-group to inspect instance-family in compartment Dev-Team: Compute and attach the policy to 'SysTest Team' Compartment
• C. Allow group Eng-group to read instance-family in compartment Compute and attach the policy to 'Engineering' Compartment.
• D. Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to 'Engineering' Compartment

正解: D

解説:
Policy Attachment
When you create a policy you must attach it to a compartment (or the tenancy, which is the root compartment). Where you attach it controls who can then modify it or delete it. If you attach it to the tenancy (in other words, if the policy is in the root compartment), then anyone with access to manage policies in the tenancy can then change or delete it. Typically that's the Administrators group or any similar group you create and give broad access to. Anyone with access only to a child compartment cannot modify or delete that policy.
When you attach a policy to a compartment, you must be in that compartment and you must indicate directly in the statement which compartment it applies to. If you are not in the compartment, you'll get an error if you try to attach the policy to a different compartment. Notice that attachment occurs during policy creation, which means a policy can be attached to only one compartment.
Policies and Compartment Hierarchies
a policy statement must specify the compartment for which access is being granted (or the tenancy).
Where you create the policy determines who can update the policy. If you attach the policy to the compartment or its parent, you can simply specify the compartment name. If you attach the policy further up the hierarchy, you must specify the path. The format of the path is each compartment name (or OCID) in the path, separated by a colon:
<compartment_level_1>:<compartment_level_2>: . . . <compartment_level_n> to allow action to compartment Compute so you need to set the compartment PATH as per where you attach the policy as below examples if you attach it to Root compartment you need to specify the PATH as following Engineering:Dev-Team:Compute if you attach it to Engineering compartment you need to specify the PATH as following Dev-Team:Compute if you attach it to Dev-Team or Compute compartment you need to specify the PATH as following Compute Note : in the Policy inspect verb that give the Ability to list resources, without access to any confidential information or user-specified metadata that may be part of that resource.

 

質問 79
You have configured backups for your Oracle Cloud Infrastructure (OCI) 2-node RAC DB systems on virtual machines. In the console, the database backup displays a Failed status.
Which of the following options is the most likely reason for this backup issue?

• A. The master key stored in OCI Key Management for encryption and decryption of data in the database is not accessible to the backup service.
• B. The auth token being used by the Object Store Swift endpoint is incorrect.
• C. The allocated storage on the OCI File Storage service file system attached with the database is full.
• D. The RMAN backup agent is not compatible with the version of database being used.

正解: B

 

質問 80
You have decided to migrate your application to Oracle Cloud Infrastructure and use Oracle Functions to deploy your microservices.
Which monitoring metrics are available to help you calculate your total cost for using Oracle Functions per month? (Choose Two)

• A. Number of times a function is invoked.
• B. Amount of storage used by your functions.
• C. Network bandwidth used by your functions.
• D. Length of time a function runs.
• E. Amount of RAM used by your functions.

正解: A,D

 

質問 81
You work for a retail company and they developed a Microservices based shopping application that needs to access Oracle Autonomous Database from the application. As an Architect, you have been tasked to treat all of the application components as Kubernetes native objects, such as the microservices, Oracle Autonomous database, Kubernetes services, etc.
What should you do to make sure that you can use Kubernetes constructs to manage the life cycle of the application components, including Oracle Autonomous Database? (Choose the best answer.)

• A. Create an Oracle Cloud Infrastructure (OCI) Service Gateway and connect to the Oracle Autonomous Database using the private IP address from the microservice.
• B. Provision an Oracle Autonomous Database and then use OCI Service Broker to access the database as a native component to your Kubernetes cluster.
• C. Create a service from the Kubernetes cluster and point to the Oracle Autonomous Database using its FQDN.
• D. Install and secure the OCI Service Broker for Kubernetes. Then provision and bind to the required Oracle Cloud Infrastructure services.

正解: D

解説:
OCI Service Broker for Kubernetes is an implementation of the Open Service Broker API. OCI Service Broker for Kubernetes is specifically for interacting with Oracle Cloud Infrastructure services from Kubernetes clusters. It includes three service broker adapters to bind to the following Oracle Cloud Infrastructure services: Object Storage Autonomous Transaction Processing Autonomous Data Warehouse

 

質問 82
A small business specializing in video processing wants to leverage cloud storage in order to lower its costs. They are looking to backup all video data generated, from an existing on-premises file server to Oracle Cloud Infrastructure (OCI). The requirement is to setup continuous data sync as changes are made to on- premises file server. What is the most cost effective solution for this scenario?

• A. Set up a VPN connect connection and back up all videos to Object storage standard bucket. Create a lifecycle policy to move files older than 30 days to Archive Storage.
• B. Setup an on-premises OCI Storage Gateway Cloud Sync to back up videos to OCI Object Storage Archive tier.
• C. Set up file storage service on OCI and mount the file system to an instance running on-premises. Move all the data to this on-premises instance and then sync the videos to the shared file system.
• D. Set up a Fastconnect virtual Circuit and nightly back up all videos to OCI Archive Storage.

正解: B

 

質問 83
A civil engineering company is running an online portal In which engineers can upload there constructions photos, videos, and other digital files.
There is a new requirement for you to implement: the online portal must offload the digital content to an Object Storage bucket for a period of 72 hours. After the provided time limit has elapsed, the portal will hold all the digital content locally and wait for the next offload period.
Which option fulfills this requirement?

• A. Create a pre authenticated URL lot each object that Is uploaded to the Object Storage bucket with an expiration of 72 hours.
• B. Create a pre-authenticated URL for the entire Object Storage bucket to read and list the content with an expiration of 72 hours.
• C. Create a Dynamic Group with matching rule for the portal compute Instance and grant access to the Object Storage bucket for 72 hours.
• D. Create a pre authenticated URL for the entire Object Storage bucket to write content with an expiration of 72 hours.

正解: D

解説:
Pre-authenticated requests provide a way to let users access a bucket or an object without having their own credentials, as long as the request creator has permission to access those objects.
For example, you can create a request that lets operations support user upload backups to a bucket without owning API keys. Or, you can create a request that lets a business partner update shared data in a bucket without owning API keys.
When creating a pre-authenticated request, you have the following options:
You can specify the name of a bucket that a pre-authenticated request user has write access to and can upload one or more objects to.
You can specify the name of an object that a pre-authenticated request user can read from, write to, or read from and write to.
Scope and Constraints
Understand the following scope and constraints regarding pre-authenticated requests:
Users can't list bucket contents.
You can create an unlimited number of pre-authenticated requests.
There is no time limit to the expiration date that you can set.
You can't edit a pre-authenticated request. If you want to change user access options in response to changing requirements, you must create a new pre-authenticated request.
The target and actions for a pre-authenticated request are based on the creator's permissions. The request is not, however, bound to the creator's account login credentials. If the creator's login credentials change, a pre-authenticated request is not affected.
You cannot delete a bucket that has a pre-authenticated request associated with that bucket or with an object in that bucket.

 

質問 84
As an administrator you want to give users of ObjectWriters group full access to bucket Bucket-A and its objects in compartment comp-images. You want users of ObjectWriters to not be able to access or modify properties of any other buckets and its objects in the compartment comp-images.
Select the statement(s) below that will best define your IAM policies.

• A. Allow group ObjectWritexs to read buckets in compartmentcomp-images Allow group ObjectWriters to manage objects in compartment comp- images where target.bucket.name= 'Bucket-A'
• B. Allow group ObjectWriters to mange buckets in compartment comp- images Allow group ObjectWriters to manage objects in compartment comp-images where target.bucket.name= 'Eucket-A'
• C. Allow group ObjectWriters to manage buckets in compartment comp-images where target.bucket.name=' Bucket-A'
• D. Allow group ObjectWriters to inspect buckets in compartment comp-images Allow group ObjectWriters to read buckets in compartment comp-images where target.bucket.name=' Bucket-A" Allow group ObjectWriters to manage objects in compartment comp-images where target.bucket.name=' Bucket-A'

正解: D

 

質問 85
You are working with a customer who needs to attach an Oracle Cloud Infrastructure (OCI) block volume to a VM instance with read/write access type. The customer wants to know if the number of IOPS and throughput performance differs between the following two choices:
* Option A: attach a single 1 TB block volume to the VM instance
* Option B: attach two separate 500 GB block volumes In a RAID 0 array configuration to the VM instance You can assume that the customer is using iSCSI attachment type to attach the volumes to the instance. In addition, you can assume 1 MB block size for throughput and 4 KB block size for IOPS consideration.
How should you respond to the customer?

• A. Both options provide the same number of IOPS and throughput performance.
• B. Option B provides higher level of throughput, but lower level of IOPS performance.
• C. Option A provides better IOPS, but lower throughput performance.
• D. Option B provides better IOPS and throughput performance.

正解: A

 

質問 86
You are working on the migration of the web application infrastructure of your company from on-premises to Oracle Cloud Infrastructure. You need to ensure that the DNS cache entries of external clients will not direct them to the on-premises infrastructure after switching to the new infrastructure.
Which of the following options will minimize this problem?

• A. Reduce the TTL of the DNS records after the switch.
• B. Increase the TTL of the DNS records after the switch.
• C. Increase the TTL of the DNS records before the switch.
• D. Reduce the TTL of the DNS records before the switch.
• E. DNS changes propagate fast enough that it is not necessary to take any action.

正解: D

 

質問 87
You are part of a project team working in the development environment created in OCI. You have realized that the CIDR block specified for one of the subnet in a VCN is not correct and want to delete the subnet. While deleting you are getting an error indicating that there are still resources that you must delete first. The error includes the OCID of the VNIC that is in the subnet.
Which of the following action you will take to troubleshoot this issue?

• A. Use OCI CLI to delete the subnet using --force option
• B. Use OCI CLI to call "GetVnic" operation to find out the parent resource of the VNIC
• C. Use OCI CLI to delete the VNIC first and then delete the subnet
• D. Copy and Paste OCID of the VNIC in the search box of the OCI Console to find out the parent resource of the VNIC

正解: B

解説:
VCN, it must first be empty and have no related resources or attached gateways To delete a VCN's subnets, they must first be empty.
Note: When you create one of the preceding resources, you specify a VCN and subnet for it. The relevant service creates at least one VNIC in the subnet and attaches the VNIC to the resource. The service manages the VNICs on your behalf, so they are not readily apparent to you in the Console. The VNIC enables the resource to communicate with other resources over the network. Although this documentation commonly talks about the resource itself being in the subnet, it's actually the resource's attached VNIC.
If the subnet is not empty, you instead get an error indicating that there are still resources that you must delete first. The error includes the OCID of a VNIC that is in the subnet (there could be more, but the error returns only a single VNIC's OCID).
You can use the Oracle Cloud Infrastructure command line interface (CLI) or another SDK or client to call the GetVnic operation with the VNIC OCID. The response includes the VNIC's display name. Depending on the type of parent resource, the display name can indicate which parent resource the VNIC belongs to. You can then delete that parent resource, or you can contact your administrator to determine who owns the resource. When the VNIC's parent resource is deleted, the attached VNIC is also deleted from the subnet. If there are remaining VNICs in the subnet, repeat the process of determining and deleting each parent resource until the subnet is empty. Then you can delete the subnet.
For example, if you're using the CLI, use this command to get information about the VNIC.
oci network vnic get --vnic-id <VNIC_OCID

 

質問 88
A hospital in Austin has hosted its web based medical records portal entirely In Oracle cloud Infrastructure (OCI) using Compute Instances for its web-tier and DB system database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the security professional to check their systems it was found that there are a lot of unauthorized coming requests coming from a set of IP addresses originating from a country in Southeast Asia.
Which option can mitigate this type of attack?

• A. Mitigate the attack by changing the Route fable to redirect the unauthorized traffic to a dummy Compute instance
• B. Block the attacking IP address by implementing a OCI Web Application Firewall policy using Access Control Rules
• C. Block the attacking IP address by creating by Network Security Group rule to deny access to the compute Instance where the web server Is running
• D. Block the attacking IP address by creating a Security List rule to deny access to the subnet where the web server Is running

正解: B

解説:
WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications.
WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter. Access rules can limit based on geography or the signature of the request.
As a WAF administrator you can define explicit actions for requests that meet various conditions. Conditions use various operations and regular expressions. A rule action can be set to log and allow, detect, or block requests

 

質問 89
You have deployed art application server irt a private Subnet irt your virtual cloud network (VCN). For the database, you have provisioned an Autonomous Transaction Processing (ATP) serverless instance. However, you are unable to connect to the database instance from your application server.
Which two steps would you need to enable this connectivity?

• A. Add a stateful egress rule to the security list associated with your private subnet.
  Destination CIDR: 0.0.0.0/0
  Protocols: All Protocols
• B. Add an internet gateway to your VCN and add a route rule to your private subnet route table.
  CIDR: 0.0.0.0/0
  Target: Internet Gateway
• C. Create a NAT Gateway and add the following route rule to the route table of private subnet.
  CIDR: 0.0.0.0/0
  Target: NAT Gateway
• D. Add a remote peering connection from your VCN to the ATP VCN

正解: A,C

 

質問 90
You work for a bank as the lead Oracle Cloud Infrastructure architect. You designed a highly scalable solution for your company's banking application. The architecture includes a load balancer, application servers with autoscaling configuration based on CPU utilization, and an Autonomous Database with Transaction Processing workload type running in a Virtual Cloud Network (VCN).
During the peak utilization period, the application users complain that the application runs slow.
What are two possible reasons for the application running slow at times? (Choose two.)

• A. The load balancer is not configured correctly to send traffic to all the listeners of the application servers in the backend set.
• B. Instance pool in autoscaling configuration for the application servers did not scale out due to compartment quota breach of the VM shapes used by the application servers.
• C. The VCN does not have a Network Security Group configured to allow traffic from the load balancer to all the application servers in the backend set.
• D. Instance pool in autoscaling configuration for the Autonomous Database did not scale out due to misconfigured scaling policy.
• E. Instance pool in autoscaling configuration for the application servers did not scale out due to service limit breach of the VM shapes used by the application servers.

正解: B,E

 

質問 91
An online gaming application is deployed to multiple Availability Domains in the Oracle Cloud Infrastructure (OCI) us-ashburn-1 region. Considering the high volume of traffic that the gaming application handles, the company has hired you to ensure that the data stored by the application is scalable, highly available, and disaster resilient. In the event of failure, the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) must be less than 2 hours.
Which Disaster Recovery strategy should be used to achieve the RTO and RPO requirements in the event of a system failure?

• A. Configure hourly block volumes backups through the OCI Storage Gateway service.
• B. Configure hourly block volumes backups using the OCI Command Line Interface (CLI).
• C. Create a user defined backup policy with a schedule of generating hourly backups for block volumes.
• D. Create a user defined backup policy with a schedule of generating daily backups for block volumes.

正解: B

 

質問 92
Your customer has gone through a recent departmental re structure. As part of this change, they are organizing their Oracle Cloud Infrastructure (OCI) compartment structure to align with the company's new organizational structure.
They have made the following change:
Compartment x Is moved, and its parent compartment is now compartment c.

Policy defined in compartment A: Allow group networkadmins to manage subnets in compartment X Policy defined in root compartment: Allow group admins to read subnets in compartment Finance:A:X After you move the compartment, which two IAM policies would be required to ensure both groups retain the same permissions to compartment X that they had before? (Choose two.)

• A. Define a policy in compartment HR as follows: Allow group networkadmins to manage subnets in compartment C:X.
• B. Define a policy in the root compartment as follows: Allow group admins to read subnets in compartment HR:C:X
• C. Define a policy in the root compartment as follows: Allow group admins to manage subnets in compartment Finance:A:X
• D. Define a policy in compartment C as follows: Allow group networkadmins to read subnets in compartment X

正解: A,B

 

質問 93
A cloud consultant is working on a implementation project on Oracle Cloud Infrastructure (OCI). As part of the compliance requirements, the objects placed in OCI Object Storage should be automatically archived first and then deleted. He is testing a lifecycle policy on Object Storage and created a policy as below:

What will happen after this policy is applied?

• A. All the objects with names starting with "doc" will be archived 5 days after object creation and will be deleted 5 days after archival.
• B. All objects with names starting with "doc" will be deleted after 5 days of object creation.
• C. All the objects having file extension "doc" will be archived 5 days after object creation.
• D. All the objects having file extension "doc" will be archived for 5 days and will be deleted 10 days after object creation.

正解: B

 

質問 94
You are a solutions architect for a global health care company which has numerous data centers around the globe. Due to the ever growing data that your company is storing, you were Instructed to set up a durable, cost effective solution to archive you data from your existing on-premises tape based backup Infrastructure to Oracle Cloud Infrastructure (OCI).
What is the most-effective mechanism to Implement this requirement?

• A. Setup an on premises OCI Storage Gateway which will back up your data to OCI Object Storage Archive tier.
• B. Setup fastConnect to connect your on premises network to your OCI VCN and use rsync tool to copy your data to OCI Object Storage Archive tier.
• C. Use the File Storage Service in OCI and copy the data from your existing tape based backup to the shared file system
• D. Setup an on-promises OCI Storage Gateway which will back up your data to OCI Object Storage Standard
• E. Setup an on premises OCI Storage Gateway which will back up your data to OCI object Storage Standard tier. Use Object Storage life cycle policy management to move any data older than 30 days from Standard to Archive tier.

正解: A

解説:
Oracle Cloud Infrastructure offers two distinct storage tiers for you to store your unstructured data. Use the Object Storage Standard tier for data to which you need fast, immediate, and frequent access. Use the Archive Storage service's Archive tier for data that you access infrequently, but which must be preserved for long periods of time. Both storage tiers use the same manageable resources (for example, objects and buckets). The difference is that when you upload a file to Archive Storage, the object is immediately archived. Before you can access an archived object, you must first restore the object to the Standard tier.
you can use Storage Gateway to move files to Oracle Cloud Infrastructure Archive Storage as a cost effective backup solution. You can move individual files and compressed or uncompressed ZIP or TAR archives. Storing secondary copies of data is an ideal use case for Storage Gateway.

 

質問 95
......

最新の1z0-997-21合格保証される試験問題集認証サンプル問題：https://www.goshiken.com/Oracle/1z0-997-21-mondaishu.html