Free Oracle 1Z0-997 Exam Actual Questions

The questions for 1Z0-997 were last updated On Nov 22, 2024

Question No. 1

Your team is conducting a root analysis (RCA) following a recent, unplanned outage. One of the block volumes attached to your production WebLogic server was deleted and you have tasked with identifying the source of the action. You search the Audit logs and find several Delete actions that occurred in the previous 24 hours. Given the sample of this event.

Which item from the event log helps you identify the individual or service that initiated the DeleteVolume API call?

Show Answer Hide Answer
Correct Answer: C

The Oracle Cloud Infrastructure Audit service automatically records calls to all supported Oracle Cloud Infrastructure public application programming interface (API) endpoints as log events. Currently, all services support logging by Audit.

Every audit log event includes two main parts:

Envelopes that act as a container for all event messages

Payloads that contain data from the resource emitting the event message

The identity object contains the following attributes.

data.identity.authType The type of authentication used.

data.identity.principalId The OCID of the principal.

data.identity.principalName The name of the user or service. This value is the friendly name associated

with principalId .


Question No. 2

A hospital in Austin has hosted its web based medical records portal entirely In Oracle cloud Infrastructure (OCI) using Compute Instances for its web-tier and DB system database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the security professional to check their systems it was found that there are a lot of unauthorized coming requests coming from a set of IP addresses originating from a country in Southeast Asia.

Which option can mitigate this type of attack?

Show Answer Hide Answer
Correct Answer: B

WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications.

WAF provides you with the ability to create and manage rules for internet threats including

Cross-Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter. Access rules can limit based on geography or the signature of the request.

As a WAF administrator you can define explicit actions for requests that meet various

conditions. Conditions use various operations and regular expressions. A rule action can be

set to log and allow, detect, or block requests


Question No. 3

Which three options are available to migrate an Oracle database 12.x from an on-premises environment to Oracle Cloud Infrastructure (OCI)?

Show Answer Hide Answer
Question No. 4

An Oracle Cloud Infrastructure (OCI) Public Load Balancer's SSL certificate is expiring soon. You noticed the Load Balancer is configured with SSL Termination only. When the certificate expires, data traffic can be interrupted and security compromised.

What steps do you need to take to prevent this situation?

Show Answer Hide Answer
Correct Answer: A

Question No. 5

Your organization is planning on using Oracle Cloud Infrastructure (OCI) File Storage Service (FSS). You will be deploying multiple compute instance in Oracle Cloud Infrastructure (OCI) and mounting the file system to these compute instances. The file system will hold payment data processed by a Database instance and utilized by compute instances to create a overall inventory report. You need to restrict access to this data for specific compute instances and must be allowed/blocked per compute instance's CIDR block.

Which option can you use to secure access?

Show Answer Hide Answer
Correct Answer: C

Explanation

NFS export options enable you to create more granular access control than is possible using just security list rules to limit VCN access. You can use NFS export options to specify access levels for IP addresses or CIDR blocks connecting to file systems through exports in a mount target. Access can be restricted so that each client's file system is inaccessible and invisible to the other, providing better security controls

in multi-tenant environments.

Using NFS export option access controls, you can limit clients' ability to connect to the file system and view or write data. For example, if you want to allow clients to consume but not update resources in your file system, you can set access to Read Only. You can also reduce client root access to your file systems and map specified User IDs (UIDs) and Group IDs (GIDs) to an anonymous UID/GID of your choice. For more information about how NFS export options work with other security layers