Online Access Free 1z0-997-22 Exam Questions

An insurance company is storing critical financial data in the Oracle Cloud Infrastructure block volume. This volume is currently encrypted using oracle managed keys. Due to regulatory compliance, the customer wants to encrypt the data using the keys that they can control and not the keys which are controlled by Oracle.
What of the following series of tasks are required to encrypt the block volume using customer managed keys?

• A.Create a master encryption key, create a data encryption key, decrypt the block volume using existing oracle managed keys, encrypt the block volume using the data encryption key.
• B.Create a vault import your master encryption key into the vault, generate data encryption key, assign data encryption key to the block volume.
• C.Create a master encryption key, create a new version of the encryption key, decrypt the block volume using existing oracle managed keys and encrypt using new version of the encryption key.
• D.Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume.

You are tasked with building a highly available, fault tolerant web application for your current employer. The security team is concerned about an increase in malicious web-based attacks across the internet and asked what you can do to add a higher level of security to the website.
How should you architect the solution on Oracle Cloud Infrastructure (OCI) to meet all requirements defined by your organization? (Choose the best answer.)

• A.Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Use the OCI Traffic Management service to create a load balancing policy that will resolve DNS evenly between all web servers.
• B.Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Create a Geolocation steering policy in Traffic Management and add an answer pool that directs to the public IP address of the load balancer. Configure a global catch-all rule to use this answer pool.
• C.Deploy at least 3 web application servers, each in a different fault domain, using a regional private subnet. Place a public load balancer in a regional public subnet and create a backend set for all of the web application servers. Deploy a Web Application Firewall (WAF) and configure the load balancer public IP address as the origin.
• D.Deploy at least 3 web application servers, each in a different fault domain, using a regional public subnet. Ensure that each web application server is assigned a public IP address. Deploy a Web Application Firewall (WAF) and configure one Origin for each public IP address.

By copying block volume backups to another region at regular intervals, it makes it easier for you to rebuild applications and data in the destination region if a region-wide disaster occurs in the source region.
Which IAM Policy statement allows the VolumeAdmins group to copy volume backups between regions '

• A.Allow group VolumeAdmins to manage volume-family In tenancy
• B.Allow group VolumeAdmins to inspect volumes in tenancy
• C.Allow group VolumeAdmins to copy volume' backups in tenancy
• D.Allow group VolumeAdmins to use volumes in tenancy

A retail company has several on-premise data centers which span multiple geographical locations. They plan to move many of their business critical applications to Oracle Cloud Infrastructure (OCI). These applications require highly available network connections between on-premises and OCI.
Which option provides the highest level of redundancy?

• A.Use transit routing by deploying a hub Virtual Cloud Network (VCN) in OCI peered with application VCNs as spokes, and with an on-premises edge device with two redundant tunnels in Site-to-Site VPN.
• B.Set up Site-to-Site VPN connection with two redundant tunnels from the on-premises edge device to OCI.
• C.Set up Fast Connect with the colocation with Oracle option, and a compatible edge device on- premises.
• D.Use either a Site-to-Site VPN or FastConnect connection to connect to an on-premises edge device, since OCI provides network redundancy by default.
• E.Set up both Site-to-Site VPN and Fast Connect connections from OCI to separate edge devices on-premises.

Your organization is planning on using Oracle Cloud Infrastructure (OCI) File Storage Service (FSS). You will be deploying multiple compute instance in Oracle Cloud Infrastructure(OCI) and mounting the file system to these compute instances.
The file system will hold payment data processed by a Database instance and utilized by compute instances to create a overall inventory report. You need to restrict access to this data for specific compute instances and must be allowed/blocked per compute instance's CIDR block.
Which option can you use to secure access?

• A.Use stateless Security List rule to restrict access from known IP addresses only.
• B.Use 'Export option' feature of FSS to restrict access to the mounted file systems.
• C.Create and configure OCI Web Application Firewall service with built in DNS based intelligent routing.
• D.Create a new VCN security list, choose SOURCE TYPE as Service and SOURCE SERVICE as FSS. Add stateless ingress and egress rules for specific IP address and CIDR blocks.