Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

1z0-997-20 by Oracle - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

An Oracle Cloud Infrastructure (OCI) Public Load Balancer's SSL certificate is expiring soon. You noticed the Load Balancer is configured with SSL Termination only. When the certificate expires, data traffic can be interrupted and security compromised.
What steps do you need to take to prevent this situation? (Choose the best answer.)

A Add the new SSL certificate to the Load Balancer and update backend servers to use the new certificate bundle.
B Add the new SSL certificate to the Load Balancer and update listeners to use the new certificate bundle.
C Add the new SSL certificate to the Load Balancer, update listeners and backend sets so they can use the new certificate bundle.
D Add the new SSL certificate to the Load Balancer, update backend servers to work with a new certificate and edit listeners so they can use the new certificate bundle.
E Add the new SSL certificate to the Load Balancer and implement end to end SSL so it can encrypt the traffic from clients all the way to the backend servers.

Question 4

Your company will soon start moving critical systems into Oracle Cloud Infrastructure (OCI) platform. These systems will reside in the us-phoenix-1 and us- ashburn-1 regions. As part of the migration planning, you are reviewing the company's existing security policies and written guidelines for the OCI platform usage within the company.
Your security processes for critical systems require that all data is encrypted at rest using Customer-Managed Keys.
Which two options ensure compliance with this policy? (Choose two.)

A You do not need to perform any additional actions because the OCI Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption.
B When you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option.
C When you create a new block volume through OCI console, select "Encrypt using Customer-Managed Keys" checkbox and use encryption keys generated and stored in OCI Vault.
D When you create a new compute instance through OCI console, you use the default options for "configure boot volume" to speed up the process to create this compute instance.
E When you create a new compute instance through OCI console, you use the default shape to speed up the process to create this compute instance.

Question 5

A hospital in Austin has hosted its web-based medical records portal entirely in Oracle Cloud Infrastructure (OCI) using compute instances for its web-tier and DB
System database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the hospital hired an IT security professional to check their systems.
It was found that there were a lot of unauthorized requests coming from a set of IP addresses originating from a county in Southeast Asia.
Which option can mitigate this type of attack? (Choose the best answer.)

A Block the attacking IP addresses by creating a Security List rule to deny access to the subnet where the web server is running.
B Block the attacking IP addresses by creating a Network Security Group rule to deny access to the compute instance where the web server is running.
C Implementing an OCI Web Application Firewall Bot Management policy to identify the attacking IP addresses and mitigate the threat.
D Block the attacking IP addresses by implementing an OCI Web Application Firewall policy using Access Control Rules.

Question 6

You work for a large bank where your main application is a payment processing gateway API. You deployed the application on Oracle Container Engine for
Kubernetes (OKE) and used API Gateway with several policies to control the access of the API endpoint.
However, your customers are complaining about the unavailability of the API endpoint. Upon checking, you noticed that the Gateway URL is throwing Service
Unavailable error. You need to check the backend latency and backend responses when this error started last night.
What should you do to get this data? (Choose the best answer.)

A Check with the application owner and search the log file for the container to get the metrics from the log file.
B Go to Governance Menu and click on Audit to see the Audit log for the API Gateway. Filter it using Start and End date with a 503 response status.
C Go to Developer Services and click on API Gateway. Go to the detail page of the gateway and select Metrics. Change the Start and End time to filter the metrics.
D Go to Monitoring and click on Service Metrics. Choose the Metric Namespace as oci_apigateway. Change the Start and End time accordingly. Add a Dimension and select httpStatusCode: 503. Check the backend latency and backend responses metric.

Question 7

You are running a legacy application in a compute instance on Oracle Cloud Infrastructure (OCI). To provide enough space for it to store internal data, a block volume is attached to the instance in paravirtualized mode.
Your application is not resilient to crash-consistent backup.
What should you do to backup the block volume in a secure and cost effective way? (Choose the best answer.)

A Save your application data, detach the block volume and create a clone.
B Create a volume group, add the boot volume and then run the volume group backup.
C Create a backup, detach the block volume and save your application data.
D Save your application data, detach the block volume and create a backup.

Question 8

You work as a solutions architect for an online retail store creating a portal to allow the users to pay for their groceries using credit cards. Since the application is not fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), your company is looking to use a third-party payment service to process credit card payments.
The third-party service allows a maximum of 5 public IP addresses at a time. However, your website is using Oracle Cloud Infrastructure (OCI) Instance Pool Auto
Scaling policy to create up to 15 instances during peak traffic demand, which are launched in VCN private subnets and attached to an OCI public Load Balancer.
Upon user payment, the portal connects to the payment service over the Internet to complete the transaction
What solution can you implement to make sure that all 15 compute instances can connect to the third party system to process the payments during peak traffic demand? (Choose the best answer.)

A Route credit card payment request from the compute instances through the NAT Gateway. On the third-party services, whitelist the public IP associated with the NAT Gateway.
B Create an OCI Command Line Interface (CLI) script to automatically reserve public IP address for the compute instances. On the third-party services, whitelist the Reserved public IP.
C Whitelist the Internet Gateway Public IP on the third party service and route all payment requests through the Internet Gateway.
D Route payment request from the compute instances through the OCI Load Balancer, which will then be routed to the third party service.

Question 9

You are developing a Serverless function for your company's IoT project. This function should access Oracle Cloud Infrastructure (OCI) Object Storage to store some files. You choose Oracle Functions to deploy this function on OCI. However, your security team doesn't allow you to carry any API Token or RSA Key to authenticate the function against the OCI API to access the Object Storage.
What should you do to get this function to access OCI Object Storage without carrying any static authentication files? (Choose the best answer.)

A Set up a Dynamic Group using the format below: Create a policy using the format below to give access to OCI Object Storage: Include a call to a "˜resource principal provider' in your function code as below:
B Add these two policy statements for your compartment and then include a call to a "˜resource principal provider' in your function code:
C There is no way that you can access the OCI resources from a running function.
D Add these two policy statements for your compartment to give your function automatic access to all other OCI resources:

Question 10

You work for a retail company and they developed a Microservices based shopping application that needs to access Oracle Autonomous Database from the application. As an Architect, you have been tasked to treat all of the application components as Kubernetes native objects, such as the microservices, Oracle
Autonomous database, Kubernetes services, etc.
What should you do to make sure that you can use Kubernetes constructs to manage the life cycle of the application components, including Oracle Autonomous
Database? (Choose the best answer.)

A Create an Oracle Cloud Infrastructure (OCI) Service Gateway and connect to the Oracle Autonomous Database using the private IP address from the microservice.
B Provision an Oracle Autonomous Database and then use OCI Service Broker to access the database as a native component to your Kubernetes cluster.
C Create a service from the Kubernetes cluster and point to the Oracle Autonomous Database using its FQDN.
D Install and secure the OCI Service Broker for Kubernetes. Then provision and bind to the required Oracle Cloud Infrastructure services.

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 2 • Questions 1-25 of 50

1 2

→

Know a question that should be here? Contribute to this exam

Which three scenarios are suitable for the use of Oracle Cloud Infrastructure (OCI) Autonomous Transaction Processing "" Serverless (ATP-S) deployment?
(Choose three.)

A A manufacturing company is running Oracle E-Business Suite application on-premises. They are looking to move this application to OCI and they want to use a managed database offering for their database tier.
B A midsize company is considering migrating its legacy on-premises MongoDB database to Oracle Cloud Infrastructure (OCI). The database has significantly higher workloads on weekends than weekdays.
C A small startup is deploying a new application for eCommerce and it requires a database to store customers' transactions. The team is unsure of what the load will look like since it is a new application.
D A well-established, online auction marketplace is running an application where there is database usage 24x7, but also has peaks of activity that are hard to predict. When the peaks happen, the total activities may reach 3 times the normal activity level.
E A developer working on an internal project needs to use a database during work hours but doesn't need it during nights or weekends. The project budget requires her to keep costs low.

You designed and deployed your Autonomous Data Warehouse (ADW) so that it is accessible from your on-premise data center and servers running on both private and public networks in Oracle Cloud Infrastructure (OCI).

As you are testing the connectivity to your ADW database from the different access paths, you notice that the server running on the private network is unable to connect to ADW.
Which two steps do you need to take to enable connectivity from the server on the private network to ADW? (Choose two.)

A Add an entry in the Security List of the ADW allowing ingress traffic for CIDR block 10.2.2.0/24
B Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/0; target type of NAT Gateway, add a stateful egress rule to the security list (associated with the private subnet) with destination of 0.0.0.0/0 and for all IP protocols.
C Add an entry in the access control list of ADW for IP address 129.146.160.11
D Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/0; target type of Internet Gateway, add a stateful egress rule to the security list (associated with the private subnet) with destination of 0.0.0.0/0 and for all IP protocols.
E Add an entry in the access control list of ADW for CIDR block 10.2.2.0/24.