[PDF and VCE] Free 1Z0-997-21 VCE and PDF, Exam Materials Instant Download

Attention please! Here is the shortcut to pass your Latest 1Z0-997-21 pdf exam! Get yourself well prepared for the Oracle Cloud Infrastructure (OCI) Newest 1Z0-997-21 vce Oracle Cloud Infrastructure 2021 Architect Professional exam is really a hard job. But don’t worry! We We, provides the most update 1Z0-997-21 practice tests. With We latest 1Z0-997-21 dumps, you’ll pass the Oracle Cloud Infrastructure (OCI) Apr 20,2022 Hotest 1Z0-997-21 free download Oracle Cloud Infrastructure 2021 Architect Professional exam in an easy way

We Geekcert has our own expert team. They selected and published the latest 1Z0-997-21 preparation materials from Official Exam-Center.

The following are the 1Z0-997-21 free dumps. Go through and check the validity and accuracy of our 1Z0-997-21 dumps.We have sample questions for 1Z0-997-21 free dumps. You can download and check the real questions of updated 1Z0-997-21 dumps.

Question 1:

You have deployed a web application targeting a global audience across multiple Oracle Cloud

Infrastructure (OCI) regions.

You decide to use Traffic Management Geo-Location based Steering Policy to serve web requests to

users from the region closets to the user. Within each region you have deployed a public load balancer

with 4 servers in a backend set. During a DR test disable all web servers in one of the regions however,

traffic Management does not automatically direct all users to the other region.

Which two are possible causes?

A. You did not setup a Route Table associated with load Balancer\’s subnet

B. You did not setup an HTTP Health Check associated with Load Balancer public IP in the disabled region.

C. Rather than using Geo-Location based Steering Policy, you should use Failover Policy Type to serve traffic.

D. One of the two working web servers In the other region did not pass Its HTTP health check

E. You did not correctly setup the Load Balancer HTTP health check policy associated with backend set

Correct Answer: BE

Managing Traffic Management GEOLOCATION Steering Policies Geolocation steering policies distribute DNS traffic to different endpoints based on the location of the end user. Customers can define geographic regions composed of originating continent, countries or states/provinces (North America) and define a separate endpoint or set of endpoints for each region. The Health Checks service allows you to monitor the health of IP addresses and hostnames, as measured from geographic vantage points of your choosing, using HTTP and ping probes. After configuring a health check, you can view the monitor\’s results. The results include the location from which the host was monitored, the availability of the endpoint, and the date and time the test was performed. Also you can Combine Managing Traffic Management GEOLOCATION Steering Policies with Oracle Health Checks to fail over from one region to another The Load Balancing service provides health status indicators that use your health check policies to report on the general health of your load balancers and their components. if you misconfigure the health check Protocol between the Load balancer and backend set that can lead to not get an accurate response as example below If you run a TCP-level health check against an HTTP service, you might not get an accurate response. The TCP handshake can succeed and indicate that the service is up even when the HTTP service is ly configured or having other issues. Although the health check appears good customers might experience transaction failures.

Question 2:

Your team is conducting a root analysis (RCA) following a recent, unplanned outage. One of the block volumes attached to your production WebLogic server was deleted and you have tasked with identifying the source of the action. You search the Audit logs and find several Delete actions that occurred in the previous 24 hours. Given the sample of this event.

Which item from the event log helps you identify the individual or service that initiated the DeleteVolume API call?

A. requestAgent

B. eventource

C. principalld

D. requestOrigin

E. eventId

Correct Answer: C

The Oracle Cloud Infrastructure Audit service automatically records calls to all supported Oracle Cloud

Infrastructure public application programming interface (API) endpoints as log events.

Currently, all services support logging by Audit.

Every audit log event includes two main parts:

Envelopes that act as a container for all event messages Payloads that contain data from the resource

emitting the event message The identity object contains the following attributes. data.identity.authType The

type of authentication used.

data.identity.principalId The OCID of the principal.

data.identity.principalName The name of the user or service. This value is the friendly name associated

with principalId .

Question 3:

An online registration system Is currently hosted on one large Oracle Cloud Infrastructure (OCT) Bare metal compute Instance with attached block volume to store of the users\’ dat

A. The registration system accepts the Information from the user, Including documents and photos then performs automated verification and processing to check it the user is eligible for registration. The registration system becomes unavailable at tunes when there is a surge of users using the system the existing architecture needs improvement as it takes a long time for the system to complete the processing and the attached block volumes are not large enough to use data being uploaded by the users. Which Is the most effective option to achieve a highly scalable solution?

B. Attach more Block volumes as the data volume increase, use Oracle Notification Service (ONS) to distribute tasks to a pool of compute instances working In parallel, and Auto Scaling to dynamically size the pool of Instances depending on the number of notifications received from the Notification Service. Use Resource Manager stacks to replicate your architecture to another region.

C. Change your architecture to use an OCI Object Storage standard tier bucket, replace the single bare metal instance with a Oracle Streaming Service (OSS) to ingest the Incoming requests and distribute the tasks to a group of compute Instances with Auto Scaling

D. Upgrade your architecture to use a pool of Bare metal servers and configure them to use their local SSDs for faster data access Set up Oracle Streaming Service (OSS) to distribute the tasks to the pool of Bare metal Instances with Auto Scaling to dynamically increase or decrease the pool of compute instances depending on the length of the Streaming queue.

E. Upgrade your architecture to use more Block volumes as the data volume Increases. Replace the single bare metal instance with a group of compute instances with Auto Scaling to dynamically increase or decrease the compute instance pools depending on the traffic.

Correct Answer: D

Question 4:

A data analytics company has been building Its now generation big data and analytics platform on Oracle Cloud Infrastructure (OCI). They need a storage service that provide the scale and performance that their big data applications require such as high throughput to compute nodes with low latency file operations in addition, their data needs to be stored redundantly across multiple nodes In a single availability domain and allows concurrent connections from multiple compute Instances hosted on multiple availability domains. Which OCI storage service can you use to meet i his requirement?

A. Object Storage

B. File System Storage

C. Archive storage

D. Block Volume

Correct Answer: B

Oracle Cloud Infrastructure File Storage service provides a durable, scalable, secure, enterprise-grade network file system. You can connect to a File Storage service file system from any bare metal, virtual machine, or container instance in your Virtual Cloud Network (VCN). You can also access a file system from outside the VCN using Oracle Cloud Infrastructure FastConnect and Internet Protocol security (IPSec) virtual private network (VPN). Use the File Storage service when your application or workload includes big data and analytics, media processing, or content management, and you require Portable Operating System Interface (POSIX)compliant file system access semantics and concurrently accessible storage. The File Storage service is designed to meet the needs of applications and users that need an enterprise file system across a wide range of use cases

Question 5:

You have an Oracle database system in a virtual cloud network (VCN) that needs to be accessible on port

1521 from your on-premises network CIDR

You have the following configuration currently.

Virtual cloud network (VCD) is associated with a Dynamic Routing Gateway (DRG), and DRG has an

active IPSec connection with your on-premises data center.

Oracle database system is hosted in a private subnet

The private subnet route table has the following configuration The private subnet route table has following


However, you are still unable to connect to the Oracle Database system. Which action will resolve this issue?

A. Option A

B. Option B

C. Option C

D. Option D

Correct Answer: C

Question 6:

You have provisioned a new VM.DenseIO2.24 compute instance with local NVMe drives. The compute instance is running production application. This is a write heavy application, with a significant Impact to the business it the application goes down. What should you do to help maintain write performance and protect against NVMe devices failure.

A. NVMe drive have built in capability to recover themself so no other actions are required

B. Configure RAID 6 for NVMe devices.

C. Configure RAID 1 for NVMe devices.

D. Configure RAID 10 for NVMe devices.

Correct Answer: D

VM.DeselO2.24 compute instance include locally attached NVMe devices. These devices provide extremely low latency, high performance block storage that is ideal for big data, OLTP, and any other workload that can benefit from high-performance block storage. A protected RAID array is the most recommended way to protect against an NVMe device failure. There are three RAID levels that can be used for the majority of workloads: RAID 1: An exact copy (or mirror) of a set of data on two or more disks; a classic RAID 1 mirrored pair contains two disks RAID 10: Stripes data across multiple mirrored pairs. As long as one disk in each mirrored pair is functional, data can be retrieved RAID 6: Block-level striping with two parity blocks distributed across all member disks If you need the best possible performance and can sacrifice some of your available space, then RAID 10 array is an option.

Question 7:

A civil engineering company is running an online portal In which engineers can upload there constructions photos, videos, and other digital files. There is a new requirement for you to implement: the online portal must offload the digital content to an Object Storage bucket for a period of 72 hours. After the provided time limit has elapsed, the portal will hold all the digital content locally and wait for the next offload period. Which option fulfills this requirement?

A. Create a pre-authenticated URL for the entire Object Storage bucket to read and list the content with an expiration of 72 hours.

B. Create a pre authenticated URL lot each object that Is uploaded to the Object Storage bucket with an expiration of 72 hours.

C. Create a Dynamic Group with matching rule for the portal compute Instance and grant access to the Object Storage bucket for 72 hours.

D. Create a pre authenticated URL for the entire Object Storage bucket to write content with an expiration of 72 hours.

Correct Answer: D

Pre-authenticated requests provide a way to let users access a bucket or an object without having their own credentials, as long as the request creator has permission to access those objects. For example, you can create a request that lets operations support user upload backups to a bucket without owning API keys. Or, you can create a request that lets a business partner update shared data in a bucket without owning API keys. When creating a pre-authenticated request, you have the following options: You can specify the name of a bucket that a pre-authenticated request user has write access to and can upload one or more objects to. You can specify the name of an object that a pre-authenticated request user can read from, write to, or read from and write to. Scope and Constraints Understand the following scope and constraints regarding pre-authenticated requests: Users can\’t list bucket contents. You can create an unlimited number of pre-authenticated requests. There is no time limit to the expiration date that you can set. You can\’t edit a pre-authenticated request. If you want to change user access options in response to changing requirements, you must create a new pre-authenticated request. The target and actions for a pre-authenticated request are based on the creator\’s permissions. The request is not, however, bound to the creator\’s account login credentials. If the creator\’s login credentials change, a pre-authenticated request is not affected. You cannot delete a bucket that has a pre-authenticated request associated with that bucket or with an object in that bucket.

Question 8:

You are working as a solution architect for an online retail store to create a portal to allow the users to pay for their groceries using credit cards. Since the application is not fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), your company is looking to use a third party payment service to process credit card payments. The third party service allows a maximum of Spelunk IP addresses 5 public IP addresses at a time However, your website is using Oracle Cloud Infrastructure (OCI) Instance Pool Auto Scaling policy to create up to create up to 15 Instances during peak traffic demand, which are launched In VCN private in VCN private subnets and attached to an OCI public Load Balancer. Upon user payment, the portal connects to the payment service over the Interne! to complete the transaction What solution can you implement to make sure that all compute Instances can connect to the third party system to process the payments aw peak traffic demand?

A. Route credit card payment request from the compute instances through the NAT Gateway. On the third-party services, whitelist the public IP associated with the NAT Gateway.

B. Create an OCI Command Line Interface (CLI) script to automatically reserve public IP address for the compute instances. On the third-party services, whitelist the Reserved public IP.

C. Whitelist the Internet Gateway Public IP on the third party service and route all payment requests through the Internet Gateway.

D. Route payment request from the compute instances through the OCI Load Balancer, which will then be routed to the third party service.

Correct Answer: A

Question 9:

Your customer recently ordered for a 1-Gbps Fast Connect connection In ap-tokyo-1 region of Oracle Cloud Infrastructure (OCI). They will us this to one Virtual cloud Network (VCN) in their production (OC1) tenancy and VCN In their development OC1 tenancy As a Solution Architect, how should yon configure and architect the connectivity between on premises and VCNs In OCI?

A. Create two private virtual circuits on the FastConnect link. Create two Dynamic Routing Gateways, one for each VCNs. Attach the virtual circuits to the dynamic routing gateways.

B. You cannot achieve connectivity using single FastConnect link as the production and the development VCNs-are in separate tenancies. Request one more FastConnect connection.

C. Create a single private virtual circuit over FastConnect and attach fastConnect to either of the VCN\’s Dynamic Routing Gateway. Use Remote Peering to peer production and development VCNs.

D. Create a hub-VCN that uses Dynamic Routing Gateway (DRG) to communicate with on-premises network over FastConnect. Connect the hub-VCN to the production VCN spoke and with development VCN spoke, each peered via their respective local Peering Gateway (LPG)

Correct Answer: D

There\’s an advanced routing scenario called transit routing that enables communication between an onpremises network and multiple VCNs over a single Oracle Cloud Infrastructure FastConnect or IPSec VPN. The VCNs must be in the same region and locally peered in a hub-and-spoke layout. As part of the scenario, the VCN that is acting as the hub has a route table associated with each LPG (typically route tables are associated with a VCN\’s subnets).

Question 10:

Which three scenarios are suitable for the Oracle Infrastructure (OCI) Autonomous transaction Processing Server less (ATP-S) deployment?

A. well established, online auction marketplace is running an application where there is database usage 24? but also has peaks of activity that the hard to predict when the peaks happen, the total activities may reach 3 times the normal activity level (Correct)

B. A small startup is deploying a new application fen eCommerce and it requires database to store customers\’ transactions the team b of what the load will look like since it is a new application. (Correct)

C. A midsize company is considering migrating its legacy on premises MongoDB database to Oracle Cloud Infrastructure (OCI). The database has significantly higher workloads on weekends than weekdays

D. A developer working on an Internal project needs to use a database during work hours but doesn\’t need It during nights or weekends. the project budget requires her to keep costs low. (Correct)

E. A manufacturing company is running Oracle E-Business Suite application on premises. They are looking to move this application to OCI and they want to use a managed database offering for their database tier.

Correct Answer: ABD

MongoDB is a cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with schema, so the best to be migrated to Oracle NoSQL Database. https://blogs.oracle.com/nosql/migrate-mongodb-data-to-oracle-nosql-database Autonomous transaction Processing Serverless (ATP-S) isn\’t supported yet for EBS database

Question 11:

The Finance department of your company has reached out to you. They have customer sensitive data on

compute Instances In Oracle Cloud Infrastructure (OCI) which they want to store in OCI Storage for long

term retention and archival.

To meet security requirements they want to ensure this data is NOT transferred over public internet, even if


which they want to store In OCI Object Storage fin long term retention and archival To meet security

requirements they want to ensure this data is NOT transferred over public Internet, even it encrypted.

Which option meets this requirements?

A. Configure a NAT instance and all traffic between compute In Private subnet should use this NAT instance with Private IP as the route target.

B. Use NAT gateway with appropriate route table when transferring data. Then use NAT gateways\’ toggle (on/off) once data transfer is complete.

C. Use Service gateway with appropriate route table.

D. Use Storage gateway with appropriate firewall rule.

Correct Answer: C

Service Gateway is virtual router that you can add to your VCN. It provides a path for private network traffic between your VCN and supported services in the Oracle Services Network like Object Storage) so compute Instances in a private subnet in your VCN can back up data to Object Storage without needing public IP addresses or access to the intern

Question 12:

By copying block volume backups to another region at regular intervals, it makes it easier for you to rebuild applications and data in the destination region if a region-wide disaster occurs in the source region. Which IAM Policy statement allows the VolumeAdmins group to copy volume backups between regions \’

A. Allow group VolumeAdmins to use volumes in tenancy

B. Allow group VolumeAdmins to copy volume\’ backups in tenancy

C. Allow group VolumeAdmins to manage volume-family In tenancy

D. Allow group VolumeAdmins to inspect volumes in tenancy

Correct Answer: C

The backups feature of the Oracle Cloud Infrastructure Block Volume service lets you make a point- intime snapshot of the data on a block volume.These backups can then be restored to new volumes either immediately after a backup or at a later time that you choose. You can copy block volume backups between regions using the Console, command line interface (CLI), SDKs, or REST APIs. To copy volume backups between regions, you must have permission to read and copy volume backups in the source region, and permission to create volume backups in the destination region. to do all things with block storage volumes, volume backups, and volume groups in all compartments with the exception of copying volume backups across regions. Allow group VolumeAdmins to manage volume-family in tenancy The aggregate resource type volume-family does not include the VOLUME_BACKUP_COPY permission, so to enable copying volume backups across regions you need to ensure that you include the third statement in that policy, which is: Allow group VolumeAdmins to use volume-backups in tenancy where request.permission=\’VOLUME _BACKUP_COPY\’

Question 13:

A global retailer is setting up the cloud architecture to be deployed in Oracle Cloud infrastructure (OCI) which will have thousands of users from two major geographical regions: North America and Asia Pacific. The requirements of the services are:


Service needs to be available 27/7 to avoid any business disruption


North American customers should be served by application running In North American regions


Asia Pacific customers should be served by applications running In Asia Pacific regions


Must be resilient enough to handle the outage of an entire OCI region


OCl DNS, Traffic Management with Failover steering policy


OCl DNS, Traffic Management with Geolocation steering policy. Health Checks


OCl DNS, Traffic Management with Geolocation steering policy


OCl DNS,\’ Traffic Management with Load Balancer steering policy, Health Checks

Correct Answer: B

GEOLOCATION STEERING Geolocation steering policies distribute DNS traffic to different endpoints based on the location of the end user. Customers can define geographic regions composed of originating continent, countries or states/ provinces (North America) and define a separate endpoint or set of endpoints for each region. Combine with Oracle Health Checks to fail over from one region to another

Question 14:

A retail company has several on-premises data centers which span multiple geographical locations. They plan to move some of their applications from on-premises data centers to Oracle Cloud Infrastructure (OCI). For these applications running in OCI, they still need to interact with applications running on their on-premises data centers to Oracle Cloud Infrastructure (OCI). for these applications running in OCI. they still need to interact with applications running on their on-premises data centers. These applications require highly available, fault-tolerant network connections between on premises data centers and OCI. Which option should you recommend to provide the highest level of redundancy?

A. Oracle cloud Infrastructure provides network redundancy by default so that no other operations are required

B. If your data centers span multiple, geographical locations, use only the specific IP address as a static route for the specific geographical location

C. Set up both IPSec VPN and FastConnect to connect your on premises data centers to Oracle Cloud Infrastructure.

D. Use FastConnect private peering only to ensure secure access from your data center to Oracle Cloud Infrastructure

E. Set up a single IPSec VPN connection (rom your data center to Oracle Cloud Infrastructure since It is cost effective

Correct Answer: B

If your data centers span multiple geographical locations, we recommend using a broad CIDR ( as a static route in addition to the CIDR of the specific geographical location. This broad CIDR provides high availability and flexibility to your network design. For instance, the following diagram shows two networks in separate geographical areas that each connect to Oracle Cloud Infrastructure. Each area has a single on-premises router, so two IPSec VPN connections can be created. Note that each IPSec VPN connection has two static routes: one for the CIDR of the particular geographical area, and a broad static route.

Question 15:

A global retailer has decided to re-design its e-commerce platform to have a micro-services architecture.

They would like to decouple application architecture into smaller, independent services using Oracle Cloud

Infrastructure (OCI). They have decided to use both containers and servers technologies to run these

application instances.

Which option should you recommend to build this new platform?

A. Install a kubernetes cluster on OCI and use OCI event service.

B. Use Oracle Container Engine for kubernetes, OCI Registry and OCI Functions.

C. Use OCI Resource Manager to automate compute Instances provisioning and use OCI Streaming service.

D. Use OCI functions, OCI object storage and OCI event service.

Correct Answer: B

Oracle Functions is a fully managed, multi-tenant, highly scalable, on-demand, Functions-as-a- Service platform. It is built on enterprise-grade Oracle Cloud Infrastructure and powered by the Fn Project open source engine. Use Oracle Functions (sometimes abbreviated to just Functions) when you want to focus on writing code to meet business needs.

Oracle Cloud Infrastructure Container Engine for Kubernetes is a fully-managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud. Use Container Engine for Kubernetes (sometimes abbreviated to just OKE) when your development team wants to reliably build, deploy, and manage cloud-native applications. You specify the compute resources that your applications require, and Container Engine for Kubernetes provisions them on Oracle Cloud Infrastructure in an existing OCI tenancy.

Leave a Reply

Your email address will not be published.