6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
- Expert Verified, Online, Free.
Custom View Settings
Topic 1 - Exam A
Question #1
Topic 1
A consulting company that employs Oracle Cloud Infrastructure (OCI) architects has successfully completed resource migration from Microsoft
Azure to OCI, and no longer requires the OCI FastConnect circuit to Azure. The project manager has asked you to delete all resources involved in
this inter-cloud connectivity. From the Azure side, you delete the Resource Group. After a while, you notice that all Azure resources have been
deleted, except for the Azure ExpressRoute circuit.
What could be a potential reason for this issue?
A. You need to first delete the OCI FastConnect circuit for the ExpressRoute circuit to be decommissioned, and then you can delete the
ExpressRoute virtual circuit.
B. Your bill from the OCI side needs to be paid in full before you can remove the Azure ExpressRoute circuit.
C. You need to remove all routes that point to the inter-cloud connection on both OCI and Azure before you can delete the circuit.
D. You need to remove the Azure ExpressRoute Partner Service Key from the OCI FastConnect circuit, and then you can delete the
ExpressRoute virtual circuit.
Correct Answer: A
jackhsu0704 4 months ago
yes, A. You need to first delete the OCI FastConnect circuit for the ExpressRoute circuit to be decommissioned, and then you can delete the
ExpressRoute virtual circuit.
upvoted 2 times
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
1/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #2
Topic 1
You are a Lead Architect at one of the leading consulting firms. Your firm has workloads deployed in both Oracle Cloud Infrastructure (OCI) and
Microsoft Azure. You are asked to design a solution where workloads on both clouds can communicate directly and efficiently. You would like to
set up a private interconnection between OCI and Microsoft Azure.
What are the steps you need to perform on the OCI side to set up the interconnection?
A. Create a VCN with subnets and attach a DRG to the VCN. Create a FastConnect connection of the connection type "FastConnect Partner"
and select "Microsoft Azure: ExpressRoute” as the Partner. Create a public virtual circuit, provide details of the DRG and add the “partner
connection key” provided by Microsoft Azure. Configure OCI VCN Security Lists and Route Tables.
B. Create a Virtual Cloud Network (VCN) with subnets and attach a Virtual Network Gateway to the VCN. Create a FastConnect connection of
the connection type "FastConnect Partner" and select "Microsoft Azure: ExpressRoute" as the Partner. Create a private virtual circuit, provide
details of the Dynamic Routing Gateway (DRG) and add the "partner interconnect key" provided by Microsoft Azure. Provide the BGP IP
addresses. Configure OCI VCN Security Lists and Route Tables.
C. Create a VCN with subnets and attach a DRG to the VCN. Create a FastConnect connection of the connection type "FastConnect Direct".
Create a Cross-Connect Group, provide details of the DRG and add the "partner secret key" provided by Microsoft Azure. Provide the BGP IP
addresses, Configure OCI VCN Security Lists and Route Tables.
D. Create a VCN with subnets and attach a DRG to the VCN. Create a FastConnect connection of the connection type "FastConnect Partner"
and select "Microsoft Azure: ExpressRoute" as the Partner. Create a private virtual circuit, provide details of the DRG and add the "partner
service key" provided by Microsoft Azure. Provide the BGP IP addresses, Configure OCI VCN Security Lists and Route Tables.
Correct Answer: D
farrukhsalman 1 month ago
Indeed D
upvoted 1 times
Question #3
Topic 1
You have two Virtual Cloud Networks (VCN) that need to be peered. The set up is as follows:
The VCNs are in different tenancies.
Peering has to be via Local Peering Gateway (LPG) because one of the VCNs needs to be added to an existing Hub and Spoke configuration that
consists of a hub and two spokes.
There is a CIDR overlap. The VCN that serves as the Hub VCN has a 172.19.0.0/16 CIDR prefix. The other VCN to be added as a Spoke VCN has a
172.19.128.0/17 CIDR prefix.
The other two spokes have 10.0.0.0/16 and 192.168.0.0/16 prefixes, respectively.
What is a possible solution to this problem?
A. Use Dynamic Routing Gateway (DRG) instead.
B. Add another CIDR prefix to the VCN that is integrating with the Hub and Spoke and does not overlap. Use that CIDR for the LPG connection.
C. Review the subnets in the hub VCN. If they all have the third octet under 128, change the VCN prefix to /17.
D. Review the subnets in the hub VCN. If they all have the third octet above 128, change the VCN prefix to /17.
E. Review all subnets in the hub VCN. If one of them has the third octet at 128, change the VCN prefix to /17.
Correct Answer: B
examtaker1 2 months, 2 weeks ago
I think C is correct
upvoted 2 times
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
2/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #4
Topic 1
You are trying to delete a compartment. The delete operation is failing and you need to troubleshoot the problem.
Which step should NOT be considered when troubleshooting this issue?
A. Verify that you have removed all resources from the compartment.
B. Ensure you have at least one more compartment in your tenancy other than the root compartment.
C. Verify that there are no policies in the root compartment that reference the compartment you are trying to delete.
D. Search for resources in the compartment for each region that your tenancy is subscribed to.
Correct Answer: B
Question #5
Topic 1
A new international hacktivist group, based in London, launched wide scale cyber attacks including SQL Injection and Cross-Site Scripting (XSS)
across multiple websites hosted in Oracle Cloud Infrastructure (OCI). As an IT consultant, you must configure a Web Application Firewall (WAF) to
protect these websites against such attacks.
How would you configure your WAF to protect the website against those attacks?
A. Enable an Access Rule to block the IP Address range from London.
B. Enable an Access Rule that contains XSS Filters Categories and SQL Filters Categories.
C. Enable a Protection Rule to block the attacks based on HTTP Headers that contain XSS and SQL strings.
D. Enable a Protection Rule to block requests that came from London.
E. Enable a Protection Rule that contains XSS Filters Categories and SQL Filters Categories.
Correct Answer: E
AAAA333 1 week, 2 days ago
Selected Answer: E
It is answer correct
upvoted 1 times
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
3/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #6
Topic 1
A cloud engineer needs to enable routing between two Virtual Cloud Networks (VCN) from his tenancy. The VCNs are in the same region but in
different compartments. After reviewing the IPv4 CIDR prefixes of the two VCNs, he notices that there are no overlapping CIDR blocks.
Which THREE are valid Oracle Cloud Infrastructure (OCI) options for connecting and routing between the two VCNs? (Choose three.)
A. Create two DRGs in the tenancy. Attach one VCN to one of the DRGs; attach the other VCN to the second DRG. In each one of the DRGs,
create a Virtual Circuit Attachment. Select FastConnect Partner as the FastConnect type. Select any vendor from the list and complete the
circuit at the partner site. Once the FastConnect IPv4 BGP field is in the UP state in each one of the Virtual Circuits, add a route rule in each
one of the VCNs' route table to the other VCN using the DRG as the next hop.
B. Create two DRGs in the tenancy. Attach one VCN to one of the DRGs; attach the other VCN to the second DRG. In each one of the DRGs,
create a Remote Peering Connection (RPC). Establish a connection from one RPC to the other. In each one of the VCNs' route table, add a
route rule to the other VCN using the DRG as the next hop.
C. Create a DRG in the tenancy; add one of the VCN as a VCN attachment. In the other VCN, create a Local Peering Gateway (LPG). Peer the
DRG to the LPG. In the VCN attached to the DRG, add a route rule in the route table that points to the DRG as the next hop. In the other VCN,
add a route rule in the route table that points to the LPG as the next hop.
D. Add an LPG to each one of the VCNs. In one of the LPG, establish a Peering Connection to the other LPG. In each one of the VCN route
table, add a route rule to the other VCN using the LPG as the next hop.
E. Create a DRG in the tenancy; add one of the VCNs as a VCN attachment. In the other VCN, create a Local Peering Gateway (LPG). Peer the
DRG to the LPG. In the VCN attached to the DRG, enable BGP routing for the route to propagate to the VCN. In the other VCN add a route rule in
the route table that points to the LPG as the next hop.
F. Create a Dynamic Routing Gateway (DRG) in the tenancy, add the two VCNs as VCN attachments and add routes in each one of the VCN
route tables with the DRG as the next hop for the CIDR prefix of the other VCN.
Correct Answer: ACD
FPM 2 months ago
Why isn't F valid?
upvoted 1 times
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
4/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #7
Topic 1
You are a cloud architect at a financial organization. The development team is tasked with creating a cloud native application to be hosted on
Oracle Cloud Infrastructure (OCI). The development team has followed a microservices-based approach and created containerized images of the
cloud-native application and pushed them to OCI Registry (OCIR).
How can you deploy a load balanced application to your OCI Container Engine for Kubernetes (OKE) cluster using these images?
A. Create a load balancer using the OCI load balancer service, add the load balancer service IP in the manifest file, add the location of the
docker image to the manifest file, and deploy the manifest file.
B. Create a named secret, add the secret to the manifest file, add the location of the docker image to the manifest file, add the service of type
LoadBalancer in the manifest file, and deploy the manifest file.
C. Create an auth token, add the auth token to the manifest file, add the location of the docker image to the manifest file, add the service of
type LoadBalancer in the manifest file, and deploy the manifest file.
D. Add the location of the docker image to the manifest file, deploy the manifest file. All applications are load-balanced by default in OKE
Correct Answer: A
fiamma0 3 months ago
I think : B
upvoted 3 times
FPM 2 months ago
B looks correct, but I don't get why adding a named secret unless we assume it's a microservices best practice (which it is).
upvoted 1 times
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
5/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #8
Topic 1
Your organization needs to migrate legacy monolithic applications into cloud-native containerized RESTful microservices. The development team
is testing the use of packaged procedures with containers in a fully serverless environment. Before migrating the existing code to production, the
team decides to perform a lift and shift of the monolithic application and code the new features that are essential for serverless microservices.
You want to carry out a steady migration to the Oracle Cloud Infrastructure (OCI) platform, making the new microservice functionalities available
while maintaining the monolithic application for all the other activities. You also want to integrate the legacy monolithic application with the new
microservices to have a single interface with simplified management for auditing and monitoring while meeting operational and compliance
requirements.
How can you meet this requirement?
A. Push the container image to OCIR, build a serverless function using the OCI Functions serviceBYOD (Bring-Your-Own-Dockerfile) feature,
build an API deployment specification with serverless functions as the back-end, and use an OCI API gateway to provide front-end access to
that function.
B. Push the container image to the OCI code repository, create an instance template with a Docker container running the image, and create an
instance pool with autoscaling configuration. Use the OCI load balancer to provide an API endpoint to connect with the microservice.
C. Push the container image to the OCI code repository, build a serverless function using the OCI Functions service BYOD feature, build an API
deployment specification with serverless functions as the back-end, and use an OCI API gateway to provide front-end access to that function.
D. Push the container image to OCIR, create an instance template with a Docker container running the image, and create an instance pool with
autoscaling configuration. Use the OCI load balancer to provide an API endpoint to connect with the microservice.
Correct Answer: B
a66030 6 days, 20 hours ago
there is nothing called OCI code repo. OCIR should be the answer
upvoted 1 times
FPM 2 months ago
I think it's D. What do you guys think?
upvoted 2 times
Question #9
Topic 1
Which three scenarios are suitable for the use of Oracle Cloud Infrastructure (OCI) Autonomous Transaction Processing - Serverless (ATP-S)
deployment? (Choose three.)
A. A well-established, online auction marketplace is running an application where there is database usage 24x7, but also has peaks of activity
that are hard to predict. When the peaks happen, the total activities may reach 3 times the normal activity level.
B. A midsize company is considering migrating its legacy on-premises MongoDB database to Oracle Cloud Infrastructure (OCI). The database
has significantly higher workloads on weekends than weekdays.
C. A manufacturing company is running Oracle E-Business Suite application on-premises. They are looking to move this application to OCI and
they want to use a managed database offering for their database tier.
D. A developer working on an internal project needs to use a database during work hours but doesn't need it during nights or weekends. The
project budget requires her to keep costs low.
E. A small startup is deploying a new application for eCommerce and it requires a database to store customers' transactions. The team is
unsure of what the load will look like since it is a new application.
Correct Answer: ADE
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
6/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #10
Topic 1
You designed and deployed your Autonomous Data Warehouse (ADW) so that it is accessible from your on-premise data center and servers
running on both private and public networks in Oracle Cloud Infrastructure (OCI).
As you are testing the connectivity to your ADW database from the different access paths, you notice that the server running on the private
network is unable to connect to ADW.
Which two steps do you need to take to enable connectivity from the server on the private network to ADW? (Choose two.)
A. Add an entry in the Security List of the ADW allowing ingress traffic for CIDR block 10.2.2.0/24
B. Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/0; target type of Internet Gateway, add a
stateful egress rule to the security list (associated with the private subnet) with destination of 0.0.0.0/0 and for all IP protocols.
C. Add an entry in the access control list of ADW for IP address 129.146.160.11
D. Add an entry in the access control list of ADW for CIDR block 10.2.2.0/24.
E. Add an entry in the route table (associated with the private subnet) with destination of 0.0.0.0/0; target type of NAT Gateway, add a stateful
egress rule to the security list (associated with the private subnet) with destination of 0.0.0.0/0 and for all IP protocols.
Correct Answer: CE
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
7/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #11
Topic 1
Your customer needs to move their on-premises applications to Oracle Cloud Infrastructure (OCI). One of their applications is running on an
NGINX server and a 2-node Oracle Real Application Clusters (RAC) database.
What is the most cost-effective mechanism to migrate the customer application to OCI and set up regular automated backups?
A. Launch a compute instance and run an NGINX server to host the application. Deploy Autonomous Database and import the database using
Oracle Data Pump.
B. Launch a compute instance and run an NGINX server to host the application. Deploy a 2-node VM DB Systems with Oracle RAC enabled.
Import the on-premises database to OCI VM DB Systems using Oracle Data Pump and then enable automatic backups.
C. Launch a compute instance for both the NGINX application server and the database server. Attach block volumes on the database server
compute instance and enable backup policy to backup the block volumes.
D. Launch a compute instance and run an NGINX server to host the application. Deploy a 1-node VM DB Systems with Oracle RAC enabled.
Import the on-premises database to OCI VM DB Systems using data pump and then enable automatic backups.
Correct Answer: B
Question #12
Topic 1
Your company needs to migrate a business critical application from your data center to Oracle Cloud Infrastructure (OCI). The application runs on
Oracle Database and both the application and database servers run on Oracle Linux version 7. The application server is WebLogic server running
on multiple 4-core servers and the database is deployed as an Oracle Database Enterprise Edition RAC database on 2 servers (4-cores each).
Which method of database migration should you choose so that the application has minimal impact?
A. Deploy Exadata Cloud Service Base rack and use Oracle Data Pump tool to migrate the data from customer on-premises to OCI.
B. Deploy Autonomous Transaction Processing Database on OCI and use the MV2ADB tool for the database migration.
C. Deploy Virtual Machine RAC DB system on OCI and use the Oracle Database Backup module with RMAN to migrate the data from customer
on-premises to OCI.
D. Deploy Virtual Machine RAC DB system on OCI and use the ZDM tool for the database migration.
Correct Answer: D
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
8/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #13
Topic 1
A company has an urgent requirement to migrate 300 TB of data to Oracle Cloud Infrastructure (OCI) in two weeks. Their data center has been
recently struck by a massive hurricane and the building has been badly damaged, although still operational. They have a 100 Mbps Internet line
but the connection is intermittent due to the damages caused to the electrical grid.
In this scenario, what is the most effective configuration to use to migrate the data to OCI given the time constraints?
A. Set up an OCI Storage Gateway to connect your data center and your VCN. Once the connection has been established, upload all data to
OCI.
B. Upload the data to OCI using OCI Object Storage multipart upload tool.
C. Set up a OCI Storage Gateway to connect your data center and your VCN. Once the connection has been established, upload all data to OCI
using CCI Storage Gateway Cloud Sync tool.
D. Use multiple OCI Data Transfer Appliances to transfer data to OCI.
E. Set up a hybrid network by launching a 1Gbps FastConnect virtual circuit between your data center and OCI. Use OCI Object Storage
multipart upload tool to automate the migration of your data to OCI.
Correct Answer: D
Question #14
Topic 1
A large E-commerce company is looking to run seasonal workloads in Oracle Cloud Infrastructure. The Oracle database used by their E-commerce
application can use up to 52 cores at peak workloads. Due to the seasonal nature of the business, the database will not be used for 10 months in
a year and can also be shut down during non-business hours.
Which database service is the most economical for this scenario?
A. Oracle Cloud Infrastructure Virtual Machine DB Systems
B. Oracle Cloud Infrastructure Exadata DB Systems
C. Oracle Cloud Infrastructure Bare Metal DB Systems
D. Autonomous Transaction Processing with shared Exadata infrastructure
Correct Answer: D
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
9/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #15
Topic 1
Which of the two options are true for an autonomous database in dedicated infrastructure deployment? (Choose two.)
A. You can modify maintenance schedule of the AVM after provisioning, to match your organization maintenance schedules.
B. The new resource model consists of autonomous exadata infrastructure, autonomous container database and autonomous database.
C. Unlike autonomous database in shared infrastructure, you can customize the maintenance schedule of the autonomous databases in
dedicated infrastructure in OCI public cloud.
D. The new resource model consists of exadata infrastructure, autonomous Exadata VM cluster, autonomous container database.
E. Network selection, License model and certificate management are resources configured at AVM level.
Correct Answer: DE
FPM 1 month, 2 weeks ago
I think it is A and D. What do you guys and girls think?
upvoted 2 times
Question #16
Topic 1
A retail company has recently adopted a hybrid architecture. They have the following requirements for their end-to-end connectivity model
between their on-premises data center and the Oracle Cloud Infrastructure (OCI) region.
Highly available connection with service level redundancy
Dedicated network bandwidth with low latency
Which connectivity setup is the most cost-effective solution for this scenario?
A. Set up the FastConnect virtual circuit as your primary connection, and a second FastConnect virtual circuit as a backup connection. Make
sure your FastConnect physical connectivity is redundant. Use a single edge device in your on-premises data center for each connection. From
your edge device, advertise more specific routes via the primary FastConnect virtual circuit, and less specific routes through the backup
FastConnect virtual circuit.
B. Set up the FastConnect virtual circuit as your primary connection, and an IPSec VPN as a backup connection. Use separate edge devices in
your on-premises data center for each connection. From your edge devices, advertise more specific routes through the FastConnect virtual
circuit, and less specific routes through the backup IPSec VPN path.
C. Set up IPSec VPN as your primary connection, and a second IPSec VPN as a backup connection. Use separate edge devices in your onpremises data center for each connection. From your edge devices, advertise more specific routes via the primary IPSec VPN, and less
specific routes through the backup IPSec VPN.
D. Set up IPSec VPN as your primary connection, and a FastConnect virtual circuit as a backup connection. Use separate edge devices in your
on-premises data center for each connection. From your edge devices, advertise more specific routes through the IPSec VPN, and less
specific routes through the backup FastConnect virtual circuit.
Correct Answer: A
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
10/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #17
Topic 1
An Oracle Cloud Infrastructure (OCI) Public Load Balancers SSL certificate is expiring soon. You notice that the Load Balancer is configured with
SSL Termination only. When the certificate expires, data traffic can be interrupted and could compromise security.
What steps do you need to take to prevent this situation?
A. Add the new SSL certificate to the Load Balancer and implement end-to-end SSL so it can encrypt the traffic from clients all the way to the
backend servers.
B. Add the new SSL certificate to the Load Balancer, update listeners and backend sets so they can use the new certificate bundle.
C. Add the new SSL certificate to the Load Balancer, update backend servers to work with a new certificate and edit listeners so they can use
the new certificate bundle.
D. Add the new SSL certificate to the Load Balancer and update listeners to use the new certificate bundle.
E. Add the new SSL certificate to the Load Balancer and update backend servers to use the new certificate bundle.
Correct Answer: D
rotten 2 months, 2 weeks ago
Selected Answer: D
SSL termination only means the SSL goes up to the load balancer listener, so the certificate only needs to be updated there
upvoted 3 times
Question #18
Topic 1
Your company has recently deployed a new web application that uses Oracle Functions. Your manager instructs you to implement monitoring
metrics to manage your systems more effectively. You know that Oracle Functions automatically monitors functions on your behalf and reports
metrics through Service Metrics.
Which TWO metrics are collected and made available by this feature? (Choose two.)
A. Length of time a function runs
B. Number of times a function is invoked
C. Amount of CPU used by a function
D. Number of concurrent connections
E. Number of times a function is removed
Correct Answer: AB
AAAA333 1 week, 2 days ago
Selected Answer: AB
Its correct!
upvoted 1 times
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
11/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #19
Topic 1
You are designing the network infrastructure for two application servers: appserver-1 and appserver-2 running in two different subnets inside the
same Virtual Cloud Network (VCN) in Oracle Cloud Infrastructure (OCI). You have a requirement where your end users will access appserver-1
from the internet and appserver-2 from the on-premises network. The on-premises network is connected to your VCN over a FastConnect virtual
circuit.
How should you design your routing configuration to meet these requirements?
A. Configure a single routing table (Route Table-1) that has two sets of rules: one that has route to internet via the Internet Gateway and
another that propagates specific routes for the on-premise network via Dynamic Routing Gateway (DRG). Associate the routing table with the
VCN.
B. Configure two routing tables: Route Table-1 that has a route to internet via the Internet gateway. Associate this route table to the subnet
containing appserver-1. Route Table-2 that propagate specific routes for the on-premises network via the Dynamic Routing Gateway (DRG).
Associate this route table to subnet containing appserver-2.
C. Configure a single routing table (Route Table-1) that has two sets of rules. One that has route to internet via the Internet Gateway and
another that propagates specific routes for the on-premise network via the Dynamic Routing Gateway. Associate the routing table with all the
VCN subnets.
D. Configure two routing tables (Route Table-1 & Route Table-2) that have rule to route all traffic via the Dynamic Routing Gateway (DRG).
Associate the two routing tables with all the VCN subnets.
Correct Answer: B
Question #20
Topic 1
To serve web traffic for a popular product, your cloud engineer has provisioned four BM.Standard2.52 instances, evenly spread across two
availability domains in the us-ashburn-1 region; LoadBalancer is used to deliver the traffic across instances.
After several months, the product grows even more popular and you need additional compute capacity. As a result, an engineer provisioned two
additional VM.Standard2.8 instances.
You register the two VM.Standard2.8 instances with your Load Balancer Backend set and quickly find that the VM.Standard2.8 instances are now
running at 100% of CPU utilization but the BM.Standard2.52 instances have significant CPU capacity that's unused.
Which option is the most cost effective and uses instances capacity most effectively?
A. Configure LoadBalancer with two VM.Standard2.8 instances and use Autoscaling instance pool to add up to two additional VM.Standard2.8
instances. Shut off BM.Standard2.52 instances.
B. Configure your Load Balancer with weighted round robin policy to distribute traffic to the compute instances, with more weight assigned to
bare metal instances.
C. Configure Autoscaling instance pool with LoadBalancer to add up to 3 more BM. Standard2.52 Instances when triggered, Shut off
VM.Standard2.8 Instances.
D. Route traffic to BM.Standard2.52 and VM.Standard2.8 Instances directly using DNS and Health Checks. Shut off the Load Balancer.
Correct Answer: B
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
12/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #21
Topic 1
You are a solutions architect for a global health care company, which has numerous data centers around the globe. Due to the increasing volume
of data that your company stores, you are tasked with setting up a durable, cost-effective solution to archive data from existing on-premises tapebased backup infrastructure to Oracle Cloud Infrastructure (OCI).
Which is the most effective mechanism to implement this requirement?
A. Use the File Storage Service in OCI and copy the data from your existing tape-based backup to the shared file system.
B. Set up an on-premises OCI Storage Gateway, which will back up your data to the OCI Object Storage Standard tier. Use Object Storage life
cycle policy management to move any data older than 30 days from the Standard to the Archive tier.
C. Set up FastConnect to connect your on-premises network to OCI VCN and use the rsync tool to copy your data to the OCI Object Storage
Archive tier.
D. Set up an on-premises OCI Storage Gateway, which will back up your data to the OCI Object Storage Archive tier.
E. Set up an on-premises OCI Storage Gateway, which will back up your data to the OCI Object Storage Standard tier.
Correct Answer: D
Question #22
Topic 1
A company runs a public-facing application that uses a Java-based web service via a RESTful API in their on-premises data center. Use of the API
is expected to double with a new product launch. The business wants to migrate their application to Oracle Cloud Infrastructure (OCI) to meet the
scale and reliability requirements.
In order to achieve this, they will divert only 40% of the traffic to the new Apache Tomcat web servers running on OCI and serve the remaining 60%
traffic through their on-premises infrastructure. Once the migration is complete and application works fine, they will divert all traffic to OCI.
How can these requirements be met with the LEAST amount of effort?
A. Set up a VPN connectivity between on-premises infrastructure and OCI and create routing tables to distribute traffic between them.
B. Use OCI Traffic management service with Failover steering policy and distribute traffic between OCI and on-premises infrastructure.
C. Use OCI Load Balancing service to distribute traffic between OCI and on-premises infrastructure.
D. Use OCI Traffic management service with Load Balancing steering policy and distribute traffic between OCI and on-premises infrastructure.
Correct Answer: D
AAAA333 1 week, 2 days ago
Selected Answer: D
Oracle.com its correct!
upvoted 1 times
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
13/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #23
Topic 1
You are developing a Serverless function for your company's IoT project. This function should access Oracle Cloud Infrastructure (OCI) Object
Storage to store some files. You choose Oracle Functions to deploy this function on OCI. However, your security team doesn't allow you to carry
any API Token or RSA Key to authenticate the function against the OCI API to access the Object Storage.
What should you do to get this function to access OCI Object Storage without carrying any static authentication files?
A. There is no way that you can access the OCI resources from a running function.
B. Set up a Dynamic Group using the format below:
All {resource, type = ‘fnfunc’, resource.compartment.id ‘ocidl.compartment.ocl..aaaaaaaa23________smwa’)
Create a policy using the format below to give access to OCI Object Storage: allow dynamic-group acme-func-dyn-grp to manage objects in
compartment acme- storage-compartment where all (target.bucket.name-‘acme-functions-bucket’)
Include a call to a 'resource principal provider' in your function code as below: signer - oci.auth.signers.get_resource_principals_signer{}
C. Add these two policy statements for your compartment to give your function automatic access to all other OCI resources:
Allow group to manage fn-app in compartmert
Allow group to manage fn-function in compartment
D. Add these two policy statements for your compartment and then include a call to a 'resource principal provider' in your function code:
Allow group acme functions-developers to inspect repos in tenancy
Allow group acme-functions-developers to manage repos in tenancy where all {target.repo.name-/acme-web-app*/ }
Correct Answer: B
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
14/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #24
Topic 1
Your company developed a function that needs to access the Oracle Database to inject some data to it at runtime. You are tasked to move this
function to the Oracle Cloud Infrastructure (OCI) and use Oracle Functions and access Oracle Autonomous Database. You created a Dockerfile
below to run this function, however, you are getting this error "cx_Oracle.DatabaseError: ORA-12560: TNS:protocol adapter error".
What should you do to make sure that Oracle Functions can run this Dockerfile properly?
A. Use --privileged flag while running the Docker container to add runtime privilege.
B. Use –cap-add-ALL flag while running the Docker container to add runtime capability.
C. You need to run this Container as root, so add this line:
USER root
D. Add these two lines to your Dockerfile:
groupadd --gid 1000 fn && \
adduser --uid 1000 --gid fn fn
Correct Answer: D
AAAA333 1 week, 2 days ago
Selected Answer: D
Its correct
upvoted 1 times
awsmonster 3 months, 3 weeks ago
Selected Answer: D
https://docs.oracle.com/enus/iaas/Content/Functions/Tasks/functionsrunningasunprivileged.htm#Permissions_Granted_to_Containers_Running_Functions
upvoted 2 times
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
15/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #25
Topic 1
Your company will soon start moving critical systems into the Oracle Cloud Infrastructure (OCI) platform. These systems will reside in the usphoenix-1 and us-ashburn-1 regions. As part of the migration plan, you review the company's existing security policies and written guidelines for
the OCI platform usage within the company.
Your security processes for critical systems require that all data be encrypted at rest using Customer-Managed Keys.
Which TWO options ensure compliance with this policy? (Choose two.)
A. When you create a new compute instance through the OCI console, use the default options for "configure boot volume" to speed up the
process of creating this compute instance.
B. When you create a new compute instance through the OCI console, use the default shape to speed up the process of creating this compute
instance.
C. When you create a new OCI Object Storage bucket through the OCI console, you need to choose the "ENCRYPT USING CUSTOMERMANAGED KEYS" option.
D. When you create a new block volume through the OCI console, select the "Encrypt using Customer-Managed Keys" checkbox and use the
encryption keys generated and stored in OCI Vault.
E. You do not need to perform any additional actions because the OCI Block Volume service always encrypts all block volumes, boot volumes,
and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption.
Correct Answer: CD
Question #26
Topic 1
You are the security architect for a medium sized e-commerce company that runs all of their applications in Oracle Cloud Infrastructure (OCI).
Currently, there are 14 unique applications, each deployed and secured in their own compartment. The Operations team has procured a new
monitoring tool that will be deployed throughout the OCI ecosystem. Their requirement is to deploy one management node into each
compartment.
Currently, the Operations team Identity and Access Management (IAM) group has the following policy: allow group OpsTeam to READ all-resources
in tenancy
Once the new monitoring nodes are deployed, the Operations team may need to stop, start, or reboot them occasionally.
What is the most efficient solution to allow the Operations team to fully manage the monitoring nodes, without allowing them to alter other
resources across the tenancy?
A. In each of the 14 compartments, create a new policy with the following statement: allow group OpsTeam to manage instance-family in
compartment XXX where XXX is the name of the compartment where you are creating the policy.
B. Create a new policy in the root compartment with the following policy statement: allow group OpsTeam to manage instance-family in
tenancy where ANY (request.operation – ‘UpdateInstance’, request.operation – ‘InstanceAction’)
C. Tag all the monitoring nodes with the defined tag AllPolicy:AllowAccess:OpsTeam and write the following IAM policy: allow group OpsTeam
to manage instance-family in tenancy where target.resource.tag.AllPolicy.AllowAccess – ‘OpsTeam’
D. Tag all the monitoring nodes with the free-form tag AllowAccess:OpsTeam and write the following IAM policy: allow group OpsTeam to
manage instance-family in tenancy where target.resource.tag.AllowAccess = ‘OpsTeam’
Correct Answer: A
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
16/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #27
Topic 1
You have 10 Oracle Linux Compute instances within the ociarchpro compartment running in Oracle Cloud Infrastructure (OCI). The instances are
placed in a private subnet inside a Virtual Cloud Network (VCN). You plan to leverage the Oracle Vulnerability Scanning service to gain visibility
into potential vulnerabilities. Your goal is to improve the overall security posture.
You create a Scan recipe with the following settings:
Type: Compute Name: ociproscanrecipe CIS benchmark scanning: Enabled CIS benchmark profile: Medium (More than 40% of the benchmarks failing is a high risk)
Schedule: Daily You create a target with the following settings:
Type: Compute Compartment: ociarchpro Scan recipe: ociproscanrecipe Targets: All compute instances in the selected target compartment and its sub-compartments
However, you are not able to see the result of host scans for the compute target.
For the given scenario, which is NOT a valid troubleshooting task?
A. Check whether the target was created less than 24 hours ago.
B. Enable the scanning plugin on the Oracle Cloud Agent if you manually disabled it on the target compute instances.
C. Create a service gateway for the Virtual Cloud Network (VCN) and configure a route rule.
D. Disable agent-based scanning in the recipe.
Correct Answer: C
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
17/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #28
Topic 1
You are the Solution Architect that designed this Oracle Cloud Infrastructure (OCI) compartment layout for your organization:
The development team has deployed quite a few instances under 'Compute' Compartment and the operations team needs to list the instances
under the same compartment for their testing. Both teams, development and operations are part of a group called 'Eng-group'.
You have been looking for an option to allow the operations team to list the instances without access any confidential information or metadata of
the resources.
Which IAM policy should you write based on these requirements?
A. Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to 'SysTest-Team'
Compartment.
B. Allow group Eng-group to inspect instance-family in compartment Dev-Team:Compute and attach the policy to 'Engineering' Compartment.
C. Allow group Eng-group to read instance-family in compartment Dev-Team:Compute and attach the policy to 'Dev-Team' Compartment.
D. Allow group Eng-group to read instance-family in compartment Compute and attach the policy to 'Engineering' Compartment.
Correct Answer: D
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
18/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #29
Topic 1
Given this compartment structure:
You are managing a compute instance that currently resides in the Compute compartment. The Virtual Cloud Network (VCN) into which the
compute instance was originally deployed, also resides in this compartment. To support a project-related task, you need to move just the compute
instance to the SysTest-Team compartment. You log into your Oracle Cloud Infrastructure (OCI) account and use the Move Resource option to
place the compute instance in the new compartment.
What will be the result of your attempt to move the compute instance to the new compartment?
A. The move will fail and you will be prompted to move the VCN first. Once VCN is moved to the target compartment, the compute instance
can be moved.
B. After moving the compute instance, you must move the compute instance VNIC as a separate action. The public and private IP addresses
of the instance will remain unchanged and it will still be associated with the VCN from the source compartment.
C. The move will be successful. The compute instance's public and private IP addresses will stay the same. The compute instance will remain
associated with the VCN from the source compartment.
D. The move will be successful. However, the compute instance's public and private IP addresses will change, and it will be associated to the
first VCN that was created in the new, target compartment.
Correct Answer: C
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
19/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #30
Topic 1
You are tasked with building a highly available, fault tolerant web application for your current employer. The security team is concerned about an
increase in malicious web-based attacks across the internet and asked what you can do to add a higher level of security to the website.
How should you architect the solution on Oracle Cloud Infrastructure (OCI) to meet all requirements defined by your organization?
A. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a
regional public subnet and create a backend set for all of the web application servers. Deploy a Web Application Firewall (WAF) and configure
the load balancer public IP address as the origin.
B. Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Ensure that each web application
server is assigned a public IP address. Deploy a Web Application Firewall (WAF) and configure one Origin for each public IP address.
C. Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a
regional public subnet and create a backend set for all of the web application servers. Create a Geolocation steering policy in Traffic
Management and add an answer pool that directs to the public IP address of the load balancer. Configure a global catch-all rule to use this
answer pool.
D. Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Use the OCI Traffic Management
service to create a load balancing policy that will resolve DNS evenly between all web servers.
Correct Answer: A
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
20/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #31
Topic 1
Your team is conducting a root cause analysis (RCA) following a recent, unplanned outage. One of the block volumes attached to your production
WebLogic server was deleted and you have been tasked with identifying the source of the action. You search the Audit logs and find several Delete
actions that occurred in the previous 24 hours. The simple excerpt of this event is given below:
Which item from the event log will help you identify the individual or service that initiated the Delete Volume API call?
A. requestOrigin
B. eventId
C. requestAgent
D. principalID
E. eventSource
Correct Answer: D
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
21/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #32
Topic 1
You work for a public health care company based in the United States. Their existing patient records system runs in an on-premise data center and
the customer sends their tape backups offsite as part of their disaster recovery plan.
You develop an alternative archival solution using Oracle Cloud Infrastructure (OCI) that will save the company a significant amount of money on a
yearly basis. The solution involves storing data in an OCI Object Storage bucket. After reviewing your solution with their customer Global Risk and
Compliance (GRC) team, they highlight four security requirements:
All data less than 1 year old must be accessible within 2 hours
All data must be retained for at least 10 years and be accessible within 48 hours
All data must be encrypted at rest
No data may be transmitted across the public Internet
Which TWO options meet the requirements outlined by the customer GRC team? (Choose two.)
A. Create an OCI Object Storage Standard tier bucket. Configure a lifecycle policy to archive any object that is older than 365 days.
B. Create an OCI Object Storage Standard tier bucket. Configure a lifecycle policy to delete any object that is older than 7 years.
C. Create a VPN connection between your on-premises data center and OCI. Create a Virtual Cloud Network (VCN) along with an OCI Service
Gateway for OCI Object Storage.
D. Provision a FastConnect link to the closest OCI region and configure a public peering virtual circuit.
E. Provision a FastConnect link to the closest OCI region and configure a private peering virtual circuit.
Correct Answer: BD
Currently there are no comments in this discussion, be the first to comment!
Question #33
Topic 1
A hospital in Austin has hosted its web-based medical records portal entirely in Oracle Cloud Infrastructure (OCI) using compute instances for its
web-tier and DB System database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the
hospital hired an IT security professional to check their systems.
It was found that there were a lot of unauthorized requests coming from a set of IP addresses originating from a country in Southeast Asia.
Which option can mitigate this type of attack?
A. Block the attacking IP addresses by creating a Network Security Group rule to deny access to the compute instance where the web server is
running.
B. Block the attacking IP addresses by implementing an OCI Web Application Firewall policy using Access Control Rules.
C. Block the attacking IP addresses by creating a Security List rule to deny access to the subnet where the web server is running.
D. Implementing a OCI Web Application Firewall Bot Management policy to identify the attacking IP addresses and mitigate the threat.
Correct Answer: B
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
22/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #34
Topic 1
A data analytics company has been building its next-generation big data and analytics platform on Oracle Cloud Infrastructure (OCI) in the US East
(Ashburn) region. They need a storage service that provides the scale and performance that their big data applications require such as high
throughput to compute nodes coupled with low latency file operations.
In addition, they need to allow concurrent connections from multiple compute instances hosted in multiple Availability Domains and want to be
able to quickly restore a previous version of the data in case of a need to roll back any major update.
Which option can they use to meet these requirements in the most cost-effective way?
A. Create a file system and mount target in the OCI File Storage service. Mount it into all the required compute instances. Take snapshots of
the file system before each update.
B. Create block volume, attach it with read/write, shareable access type to all the required compute instances. Take a backup of the volume
before each update.
C. Create an Object Storage bucket with object versioning enabled. Provision a compute instance to host the Storage Gateway and share the
bucket via NFS, Mount the NFS into all the required compute instances.
D. Create a connection with the on-premises data center via FastConnect. Mount the shared NFS hosted on-premises.
Correct Answer: A
Question #35
Topic 1
You are running a mission-critical database application in Oracle Cloud Infrastructure (OCI). You take regular backups of your DB system to OCI
Object Storage. Recently, you notice a failed database backup status in the console.
What troubleshooting action can you perform to determine the cause of the backup failure?
A. Ensure that the database is not active and running while the backup is in progress.
B. Ensure that your database host can connect to OCI Object Storage.
C. Ensure that the dcsagent program is not restarted in case of a stop/waiting status.
D. Ensure the database archiving mode is set to NOARCHIVELOG.
Correct Answer: B
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
23/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #36
Topic 1
An ISV partner wants to deploy their CRM application for one of its major clients on Oracle Cloud Infrastructure (OCI). The application will use an
Oracle Database on OCI.
The client's business continuity requirements for the CRM application are:
Recovery Point Objective (RPO) of 24 hours
Recovery Time Objective (RTO) of 1 hour
The CRM application should be available even in the event that an entire OCI Region is down.
The ISV partner has asked you for advice on best practice to meet these requirements.
After reviewing Oracle Maximum Availability Architecture in OCI, what is your advice?
A. Deploy a 1 node VM Oracle database in one region and replicate the database to a 1 node VM Oracle database in another region using a
manual setup and configuration of Oracle Data Guard.
B. Deploy an Autonomous Transaction Processing database in one region and replicate it to an Autonomous Transaction Processing database
in another region using OCI GoldenGate Service.
C. Deploy a 2 node Virtual Machine (VM) Oracle RAC database in one region and replicate the database to a 2 node VM Oracle RAC database
in another region using a manual setup and configuration of Oracle Data Guard.
D. Deploy an Autonomous Transaction Processing database in one region and replicate it to an Autonomous Transaction Processing database
in another region using Autonomous Data Guard.
Correct Answer: A
Question #37
Topic 1
You are responsible for a web application deployed on a set of compute VM instances in Oracle Cloud Infrastructure (OCI). Your application stores
data on block volumes.
In production, the business requirement is a Recovery Point Objective (RPO) of two hours and that data should be recoverable in case of a regional
failure.
How would you meet the RPO requirement in the event of a failure?
A. Create a user-defined storage backup policy and attach a schedule of type "Hourly" and automatically copy to another region. Apply this
policy to a volume group containing the block volumes.
B. Store hourly block volume backups to an NVMe device attached to a compute instance in a different Availability Domain (AD).
C. Configure your application to use synchronous primary-secondary data replication between ADs.
D. Set up cross-region volume replication to replicate the block volumes to a different OCI region.
Correct Answer: C
keiichi_t 1 week, 1 day ago
Selected Answer: D
Dだと思います。
upvoted 1 times
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
24/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #38
Topic 1
You work for a bank as the lead Oracle Cloud Infrastructure architect. You designed a highly scalable solution for your company's banking
application. The architecture includes a load balancer, application servers with autoscaling configuration based on CPU utilization, and an
Autonomous Database with Transaction Processing workload type running in a Virtual Cloud Network (VCN).
During the peak utilization period, the application users complain that the application runs slow.
What are two possible reasons for the application running slow at times? (Choose two.)
A. Instance pool in autoscaling configuration for the Autonomous Database did not scale out due to misconfigured scaling policy.
B. Instance pool in autoscaling configuration for the application servers did not scale out due to compartment quota breach of the VM shapes
used by the application servers.
C. The load balancer is not configured correctly to send traffic to all the listeners of the application servers in the backend set.
D. Instance pool in autoscaling configuration for the application servers did not scale out due to service limit breach of the VM shapes used by
the application servers.
E. The VCN does not have a Network Security Group configured to allow traffic from the load balancer to all the application servers in the
backend set.
Correct Answer: BD
Question #39
Topic 1
A telecom company has an application running in Oracle Cloud Infrastructure (OCI) Germany Central (eu-frankfurt-1) region. They want to
configure Disaster Recovery (DR) site in the OCI UK South (uk-london-1) region.
Which is the most cost effective option to help set up application and persistence layers in the DR site?
A. Application layer: configure Events service rule in eu-frankfurt-1 region to filter Health Checks event failure and route traffic to uk-london-1
region in the event of a disaster.
Persistence layer: set up policy to schedule cross-region automated backups of block volumes between eu-frankfurt-1 and uk-london-1
regions.
B. Application layer: configure Traffic Management steering policy with Load Balancing policy between servers in eu-frankfurt-1 and uk-lordon1 regions.
Persistence layer: set up policy to schedule cross-region automated backups of block volumes between eu-frankfurt-1 and uk-london-1
regions.
C. Application layer: set up a public load balancer in the eu-frankfurt-1 region. Create a backend set with instances running in both ukfrankfurt-1 and uk-london-1 regions.
Persistence layer: set up OCI Object Storage replication from eu-frankfurt-1 region to uk-london-1 region.
D. Application layer: configure Traffic Management steering policy with Failover policy between servers in eu-frankfurt-1 and uk-london-1
regions.
Persistence layer: set up policy to schedule cross-region automated backups of file systems in File Storage service between eu-frankfurt-1 and
uk-london-1 regions.
Correct Answer: B
Raffounz 4 months ago
Failover Policy seems suit better https://docs.oracle.com/en-us/iaas/Content/TrafficManagement/Tasks/trafficmanagement.htm
upvoted 2 times
FPM 1 month, 2 weeks ago
Yes, true, but persistence layer doesn't make sense to use File Storage service
upvoted 1 times
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
25/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #40
Topic 1
A retail company has several on-premise data centers which span multiple geographical locations. They plan to move many of their business
critical applications to Oracle Cloud Infrastructure (OCI). These applications require highly available network connections between on-premises
and OCI.
Which option provides the highest level of redundancy?
A. Set up both Site-to-Site VPN and Fast Connect connections from OCI to separate edge devices on-premises.
B. Set up Site-to-Site VPN connection with two redundant tunnels from the on-premises edge device to OCI.
C. Use either a Site-to-Site VPN or FastConnect connection to connect to an on-premises edge device, since OCI provides network redundancy
by default.
D. Set up Fast Connect with the colocation with Oracle option, and a compatible edge device on- premises.
E. Use transit routing by deploying a hub Virtual Cloud Network (VCN) in OCI peered with application VCNs as spokes, and with an on-premises
edge device with two redundant tunnels in Site-to-Site VPN.
Correct Answer: A
Question #41
Topic 1
You developed a microservices-based application that runs on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE). It has
multiple endpoints that needs to be exposed to the public internet.
What is the most cost-effective way to expose multiple application endpoints without adding complexity to the application?
A. Use NodePort service type in Kubernetes for each of your service endpoint and use node's public IP address to access the applications.
B. Use separate load balancer instance for each service, but use the 100 Mbps load balancer option.
C. Deploy an Ingress Controller and use it to expose each endpoint with its own routing endpoint.
D. Use ClusterIP service type in Kubernetes for each of your service endpoint and use a load balancer to expose the endpoints.
Correct Answer: C
Question #42
Topic 1
A digital marketing company is planning to host a website on Oracle Cloud Infrastructure (OCI) and leverage OCI Container Engine for Kubernetes
(OKE). These web servers will make API calls to access OCI Object Storage to store all images uploaded by users.
For security purposes, you must ensure that the credentials used by the web server to allow access to OCI Object Storage are not stored in the
compute instance.
What solution results in an implementation with the least-effort for this scenario?
A. Configure the credentials to use Transparent Data Encryption (TDE) to automatically allow the web server to make API calls to the OCI
Object Storage.
B. Configure the credentials using OCI Registry (OCIR) to automatically connect with OKE allowing the web server to make API calls to the OCI
Object Storage.
C. Configure the credentials using OCI Vault to allow an instance to make API calls and grant access to OCI Object Storage.
D. Configure the credentials using Instance Principals to allow the web server to make API calls to the OCI Object Storage.
Correct Answer: D
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
26/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #43
Topic 1
You developed a microservices based application that runs on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE). Your
security team wants to use SSL termination for this application.
What should you do to create a secure SSL termination for this application using fewest steps?
A. Add these annotations to the kubernetes service:
B. Create a self-signed certificate and it's corresponding key. Create a Kubernetes secret using the certificate and the key, then add these
annotations to the Kubernetes service:
C. Generate a self-signed certificate using Let's Encrypt. Use that certificate on OCI Load Balancer. Create the Kubernetes service using this
load balancer.
D. Create a self-signed certificate and it's corresponding key. Create a Kubernetes secret using the certificate and the key. Then add these
annotations to the Kubernetes service:
Correct Answer: B
Question #44
Topic 1
You are using the Oracle Cloud Infrastructure (OCI) OS Management service to manage updates and patches for the Oracle Linux 8 environments
on your compute instances in OCI. You have verified that the OS Management Service Agent (osms-agent) is installed and running properly in the
instances.
One of the compute instances is not getting the updates from OS Management Service. You use the following command to validate that your
instance cannot reach the OS Management ingestion service by running curl https://ingestion.osms.oci.oraclecloud.com/
Which is NOT a possible reason for this issue?
A. The instance is in a private subnet with a service gateway that uses the All <region> Services in Oracle Services Network CIDR label.
B. The instance is in a public subnet with an internet gateway.
C. The instance is in a private subnet with a NAT gateway.
D. The instance is in a private subnet with a private endpoint with security rules configured to access the OS Management ingestion service.
Correct Answer: D
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
27/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #45
Topic 1
After performing maintenance on an Oracle Linux compute instance, the system is returned to a running state. You attempt to connect using SSH,
but are unable to do so. You decide to create an instance console connection to troubleshoot the issue.
Which THREE tasks would enable you to connect to the console connection and begin troubleshooting? (Choose three.)
A. Reboot the compute instance using the Oracle Cloud Infrastructure (OCI) Management Console.
B. Use SSH to connect to the service endpoint of the console connection service.
C. Stop the compute instance using the Oracle Cloud Infrastructure (OCI) Command Line Interface (CLI).
D. Edit the Linux boot menu to enable access to console.
E. Use SSH to connect to the public IP address of the compute instance and provide the console connection OCID as the username.
F. Upload an API signing key for console connection authentication.
Correct Answer: ABD
Question #46
Topic 1
A retail company runs their online shopping platform entirely on Oracle Cloud Infrastructure (OCI). This is a 3-tier web application that includes a
100 Mbps Load Balancer, Virtual Machine Instances for web and application tiers, and an Oracle DB Systems Virtual Machine. Due to
unprecedented growth, they noticed an increase in the incoming traffic to their website and all users start getting 503 (Service Unavailable) errors.
What is the potential problem in this scenario?
A. The Traffic Management Policy is not set to Load Balance the traffic to the web servers.
B. The Database is down hence users cannot access the website.
C. You did not configure a Service Gateway to allow connection between web servers and Load Balancer.
D. The Load Balancer health check status indicates critical situation for half of the backend web servers.
E. All the web servers are too busy and not able to answer any request from users.
Correct Answer: E
Question #47
Topic 1
You are a DevOps engineer working for a high tech company, and are using Terraform to maintain your Oracle Cloud Infrastructure (OCI) resources.
You have created a Terraform script that would create the infrastructure for deploying a web service. But want to tune in some settings within the
OCI Instances using a shell script.
How should you write your Terraform script to run the shell script on OCI instance?
A. Use provisioner "remote-exec" in your code to run the shell script.
B. Use provisioner "local-exec" in your code to run the shell script.
C. Use resource "oci_core_instance" to create the instance and run the shell script.
D. Use provisioner "oci-remote-exec" in your code to run the shell script.
Correct Answer: A
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
28/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #48
Topic 1
A2Z corporation is into e-commerce business and is the choice of millions for the best offers it launches. It has a rich set of intelligent
applications that runs 24x7 and are very critical to their business.
Continuous infrastructure management and maintenance, rise in customer base and workloads, have made them to think of migrating all
workloads to cloud. They have selected Oracle Cloud Infrastructure for migrating both their application and database workload.
You, as an oracle pre-sales consultant has been asked to provide complete migration strategy for their source database workloads which includes
oracle and MSSQL. They are particularly concerned about their oracle databases which cannot afford any downtime. They would be establishing
fast connect from their data center to oracle data center to avoid any network impact. Their oracle database is around 90TB and MSSQL is around
10TB.
How would you propose the safe migration of customer database while meeting their availability requirement?
A. Propose the use of zero-downtime migration tool for oracle database and use combination of SQL Developer and Oracle SQL Loader for
MSSQL migration
B. Propose the use of Oracle datapump for oracle databases and SQL Developer for MSSQL database
C. Propose the use of zero-downtime migration tool for oracle database and use combination of SQL Developer and Oracle GoldenGate for
MSSQL migration
D. Propose the use of Oracle GoldenGate to perform zero downtime migration for both MSSQL and Oracle source databases
Correct Answer: C
Question #49
Topic 1
As part of a migration exercise for an existing on-premises application to Oracle Cloud Infrastructure (OCI), you are required to transfer a 7 TB file
to OCI Object Storage. You have decided to upload it using OCI Object Storage multipart upload functionality.
Which two statements are true? (Choose two.)
A. After initiating a multipart upload by making a CreateMultiPartUpload REST API call, the upload remains active until you explicitly commit or
abort it.
B. It is not possible to split a 7 TB file into multiple parts using multipart functionality.
C. It is possible to split this file into multiple parts using clone tool provided by OCI Object Storage.
D. Contiguous numbers need to be assigned for each part so that OCI Object Storage constructs the object by ordering part numbers in
ascending order.
E. Active multipart upload can be checked by listing all parts that have been uploaded, however it is not possible to list information for an
individual object part in an active multipart upload.
Correct Answer: AE
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
29/30
6/16/23, 8:59 AM
1z0-997-22 Exam – Free Actual Q&As, Page 1 | ExamTopics
Question #50
Topic 1
You are working as a solution architect with a global automotive provider who is looking to create a multi-cloud solution. They want to run their
application tier in Microsoft Azure while utilizing the Oracle DB Systems in the Oracle Cloud Infrastructure (OCI).
What is the most-fault tolerant and secure solution for this customer?
A. Create an encrypted, Virtual Private Network connection between the Microsoft Azure Virtual Network that contains the application tier and
the OCI Virtual Cloud Network (VCN) that contains the Oracle Databases.
B. Create a FastConnect virtual circuit with Microsoft Azure as the provider to establish a private Interconnect between the application tier
running in the Azure Virtual Network and the OCI VCN that contains the Oracle Databases.
C. Use an OCI Virtual Cloud Network remote peering connection to create a remote network connection between the application tier running in
Microsoft Azure Virtual Network and Oracle Databases running in the OCI Virtual Cloud Network (VCN).
D. Deploy the Oracle database system into a public subnet in your VCN and assign a public IP address. Connect your application tier running in
Azure to the public IP address of the database system over the internet.
Correct Answer: B -
https://www.examtopics.com/exams/oracle/1z0-997-22/custom-view/
30/30