Oracle 1Z0-997 問題集

質問 1：
A hospital in Austin has hosted its web based medical records portal entirely In Oracle cloud Infrastructure (OCI) using Compute Instances for its web-tier and DB system database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the security professional to check their systems it was found that there are a lot of unauthorized coming requests coming from a set of IP addresses originating from a country in Southeast Asia.
Which option can mitigate this type of attack?
A. Block the attacking IP address by implementing a OCI Web Application Firewall policy using Access Control Rules
B. Mitigate the attack by changing the Route fable to redirect the unauthorized traffic to a dummy Compute instance
C. Block the attacking IP address by creating by Network Security Group rule to deny access to the compute Instance where the web server Is running
D. Block the attacking IP address by creating a Security List rule to deny access to the subnet where the web server Is running
正解：A
解説: (Topexam メンバーにのみ表示されます)

質問 2：
An organization has its mission critical application consisting of multiple application servers and databases running inside Virtual Cloud Network (VCN) in uk-london-1 region. Their solution architect wants to further strengthen their architecture by planning for Disaster Recovery (DR) in eu-frankfurt-1 region.
Which two solutions should their architect keep in mind while designing for DR?
A. It is not possible to use Active Data Guard to synchronize a database in uk-london-1 region to equivalent database in eu-frankfurt-1 region.
B. The RTO is the acceptable timeframe of lost data that application can tolerate.
C. Load balancer will automatically distribute traffic between both the regions.
D. rsync utility can be used to asynchronously copy file systems or snapshot data to another region.
E. A remote VCN peering connection is required to establish secure and reliable connectivity between different VCNs created in uk-london-1 and eu-frankfurt-1 region.
正解：C,E

質問 3：
You are building a highly available and fault tolerant web application deployment for your company. Similar application delayed by competitors experienced web site attack including DDoS which resulted in web server failing.
You have decided to use Oracle Web Application Firewall (WAF) to implement an architecture which will provide protection against such attacks and ensure additional configuration will you need to implement to make sure WAF is protecting my web application 24*7.
Which additional configuration will you need to Implement to make sure WAF Is protecting my web application 24*7?
A. Configure Control Rules to send traffic to multiple web servers
B. Configure auto scaling policy and it to WAF instance.
C. Configure new rules based on now vulnerabilities and mitigations
D. Configure multiple origin servers
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 4：
You are responsible for migrating your on premises legacy databases on 11.2.0.4 version to Autonomous Transaction Processing Dedicated (ATP-D) In Oracle Cloud Infrastructure (OCI). As a solution architect, you need to plan your migration approach.
Which two options do you need to implement together to migrate your on premises databases to OCI?
A. Retain changes to Oracle shipped privileges, stored procedures or views In the on-premises databases.
B. Convert on-premises databases to PDB, upgrade to 19c, and encrypt Migration.
C. Retain all legacy structures and unsupported features (e.g. taw U>Bs) In the onuses databases for migration.
D. Use Oracle Data Guard to keep on premises database always active during migration
E. Use Oracle GoldenGate replication to keep on premises database online during migration.
正解：B,E
解説: (Topexam メンバーにのみ表示されます)

質問 5：
A retailer bank is currently hosting their mission critical customer application on-premises. The application has a standard 3 tier architecture -4 application servers process the incoming traffic and store application data in an Oracle Exadata Database Server. The bank has recently has service disruption to other inter applications to they are looking to avoid this issue for their mission critical Customer Application.
Which Oracle Cloud Infrastructure services should you recommend as part of the DR solution?
A. OCI DNS Service, Load Balancer as a service using Public Load Balancer distributing traffic Compute Instance across multiple regions, Oracle RAC Database using Virtual Machines, Remote Peering connecting two VCNs in different regions. Exadata Cloud Service with GoldenGate FastConnect, Object Storage, Database Cloud backup module.
B. OCI Traffic Management, Private Load Balancer, Compute instances distributed across multiple Availability Domains and/or Fault Domains, Exadata Cloud Service with Data Guard, Oracle FastConnect, Object Storage, Database Cloud backup module
C. OCI Traffic Management, Public toad Balancer, Compute Instances distributed across multiple Availability Domains and/or Vault domains. Exadata Cloud Service with Data Guard, Oracle FastConnect, Object Storage, Database cloud backup module
D. OCI DNS Service' Public Load Balancer, Oracle Database Cloud Backup Service, Object Storage Service, Oracle Bare Metal Cloud Service, Oracle Bare Metal Cloud Service with GoldenGate, OCI Container Engines for Kubernetes, Oracle IPSec VPN
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 6：
An insurance company is storing critical financial data in the OCI block volume. This volume is currently encrypted using oracle managed keys. Due to regulatory compliance, the customer wants to encrypt the data using the keys that they can control and not the keys which are controlled by Oracle.
What of the following series of tasks are required to encrypt the block volume using customer managed keys?
A. Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume
B. Create a master encryption key, create a new version of the encryption key, decrypt the block volume using existing oracle managed keys and encrypt using new version of the encryption key
C. Create a vault, import your master encryption key into the vault, generate data encryption key, assign data encryption key to the block volume
D. Create a master encryption key, create a data encryption key, decrypt the block volume using existing oracle managed keys, encrypt the block volume using the data encryption key
正解：A
解説: (Topexam メンバーにのみ表示されます)

質問 7：
You are working as a cloud consultant for a major media company. In the US and your client requested to consolidate all of their log streams, access logs, application logs, and security logs into a single system.
The client wants to analyze all of their logs In real-time based on heuristics and the result should be validated as well. This validation process requires going back to data samples extracted from the last 8 hours.
What approach should you take for this scenario?
A. Stream all the logs and cloud events of Events service to Oracle Streaming Service. Build a client process that will apply heuristics on the logs and store them in an Object Storage.
B. Create an auto scaling pool of syslog-enabled servers using compute instances which will store the logs In Object storage, then use map reduce jobs to extract logs from Object storage, and apply heuristics on the logs.
C. Create a bare-metal instance big enough to host a syslog enabled server to process the logs and store logs on the locally attached NVMe SSDs for rapid retrieval of logs when needed.
D. Set up an OCI Audit service and ingest all the API arils from Audit service pragmatically to a client side application to apply heuristics and save the result in an OCI Object storage.
正解：A
解説: (Topexam メンバーにのみ表示されます)