Oracle Cloud Infrastructure 2020 Architect Professional 2

An Oracle Cloud Infrastructure (OCI) Public Load Balancer's SSL certificate is expiring soon. You noticed the Load Balancer is configured with SSL Termination only. When the certificate expires, data traffic can be interrupted and security compromised. What steps do you need to take to prevent this situation? (Choose the best answer.). Add the new SSL certificate to the Load Balancer and update backend servers to use the new certificate bundle. Add the new SSL certificate to the Load Balancer and update listeners to use the new certificate bundle. Add the new SSL certificate to the Load Balancer, update listeners and backend sets so they can use the new certificate bundle. Add the new SSL certificate to the Load Balancer, update backend servers to work with a new certificate and edit listeners so they can use the new certificate bundle. Add the new SSL certificate to the Load Balancer and implement end to end SSL so it can encrypt the traffic from clients all the way to the backend servers.

Your company will soon start moving critical systems into Oracle Cloud Infrastructure (OCI) platform. These systems will reside in the us-phoenix-1 and us- ashburn-1 regions. As part of the migration planning, you are reviewing the company's existing security policies and written guidelines for the OCI platform usage within the company. Your security processes for critical systems require that all data is encrypted at rest using Customer-Managed Keys. Which two options ensure compliance with this policy? (Choose two.). You do not need to perform any additional actions because the OCI Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption. When you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option. When you create a new block volume through OCI console, select "Encrypt using Customer-Managed Keys" checkbox and use encryption keys generated and stored in OCI Vault. When you create a new compute instance through OCI console, you use the default options for "configure boot volume" to speed up the process to create this compute instance. When you create a new compute instance through OCI console, you use the default shape to speed up the process to create this compute instance.

A hospital in Austin has hosted its web-based medical records portal entirely in Oracle Cloud Infrastructure (OCI) using compute instances for its web-tier and DB System database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the hospital hired an IT security professional to check their systems. It was found that there were a lot of unauthorized requests coming from a set of IP addresses originating from a county in Southeast Asia. Which option can mitigate this type of attack? (Choose the best answer.). Block the attacking IP addresses by creating a Security List rule to deny access to the subnet where the web server is running. Block the attacking IP addresses by creating a Network Security Group rule to deny access to the compute instance where the web server is running. Implementing an OCI Web Application Firewall Bot Management policy to identify the attacking IP addresses and mitigate the threat. Block the attacking IP addresses by implementing an OCI Web Application Firewall policy using Access Control Rules.

You work for a large bank where your main application is a payment processing gateway API. You deployed the application on Oracle Container Engine for Kubernetes (OKE) and used API Gateway with several policies to control the access of the API endpoint. However, your customers are complaining about the unavailability of the API endpoint. Upon checking, you noticed that the Gateway URL is throwing Service Unavailable error. You need to check the backend latency and backend responses when this error started last night. What should you do to get this data? (Choose the best answer.). Check with the application owner and search the log file for the container to get the metrics from the log file. Go to Governance Menu and click on Audit to see the Audit log for the API Gateway. Filter it using Start and End date with a 503 response status. Go to Developer Services and click on API Gateway. Go to the detail page of the gateway and select Metrics. Change the Start and End time to filter the metrics. Go to Monitoring and click on Service Metrics. Choose the Metric Namespace as oci_apigateway. Change the Start and End time accordingly. Add a Dimension and select httpStatusCode: 503. Check the backend latency and backend responses metric.

You are running a legacy application in a compute instance on Oracle Cloud Infrastructure (OCI). To provide enough space for it to store internal data, a block volume is attached to the instance in paravirtualized mode. Your application is not resilient to crash-consistent backup. What should you do to backup the block volume in a secure and cost effective way? (Choose the best answer.). Save your application data, detach the block volume and create a clone. Create a volume group, add the boot volume and then run the volume group backup. Create a backup, detach the block volume and save your application data. Save your application data, detach the block volume and create a backup.

You work as a solutions architect for an online retail store creating a portal to allow the users to pay for their groceries using credit cards. Since the application is not fully compliant with the Payment Card Industry Data Security Standard (PCI DSS), your company is looking to use a third-party payment service to process credit card payments. The third-party service allows a maximum of 5 public IP addresses at a time. However, your website is using Oracle Cloud Infrastructure (OCI) Instance Pool Auto Scaling policy to create up to 15 instances during peak traffic demand, which are launched in VCN private subnets and attached to an OCI public Load Balancer. Upon user payment, the portal connects to the payment service over the Internet to complete the transaction What solution can you implement to make sure that all 15 compute instances can connect to the third party system to process the payments during peak traffic demand? (Choose the best answer.). Route credit card payment request from the compute instances through the NAT Gateway. On the third-party services, whitelist the public IP associated with the NAT Gateway. Create an OCI Command Line Interface (CLI) script to automatically reserve public IP address for the compute instances. On the third-party services, whitelist the Reserved public IP. Whitelist the Internet Gateway Public IP on the third party service and route all payment requests through the Internet Gateway. Route payment request from the compute instances through the OCI Load Balancer, which will then be routed to the third party service.

You are developing a Serverless function for your company's IoT project. This function should access Oracle Cloud Infrastructure (OCI) Object Storage to store some files. You choose Oracle Functions to deploy this function on OCI. However, your security team doesn't allow you to carry any API Token or RSA Key to authenticate the function against the OCI API to access the Object Storage. What should you do to get this function to access OCI Object Storage without carrying any static authentication files? (Choose the best answer.). Set up a Dynamic Group using the format below: Create a policy using the format below to give access to OCI Object Storage:. Add these two policy statements for your compartment and then include a call to a "˜resource principal provider' in your function code:. There is no way that you can access the OCI resources from a running function. Add these two policy statements for your compartment to give your function automatic access to all other OCI resources:.

You work for a retail company and they developed a Microservices based shopping application that needs to access Oracle Autonomous Database from the application. As an Architect, you have been tasked to treat all of the application components as Kubernetes native objects, such as the microservices, Oracle Autonomous database, Kubernetes services, etc. What should you do to make sure that you can use Kubernetes constructs to manage the life cycle of the application components, including Oracle Autonomous Database? (Choose the best answer.). Create an Oracle Cloud Infrastructure (OCI) Service Gateway and connect to the Oracle Autonomous Database using the private IP address from the microservice. Provision an Oracle Autonomous Database and then use OCI Service Broker to access the database as a native component to your Kubernetes cluster. Create a service from the Kubernetes cluster and point to the Oracle Autonomous Database using its FQDN. Install and secure the OCI Service Broker for Kubernetes. Then provision and bind to the required Oracle Cloud Infrastructure services.

A large London based eCommerce company is running Oracle DB Systems Virtual Machine RAC database on Oracle Cloud Infrastructure (OCI) for their eCommerce application in the uk-london-1 region. They are currently taking automatic backups of the database, as configured during the database provisioning activity. They are launching a new product soon, which is expected to sell in large quantities all over the world. The application architecture should have minimal cost, no data loss, no performance impacts during the database backup windows and should have minimal downtime. What is the most efficient and cost-effective mechanism of modifying the database deployment architecture to meet these application goals? (Choose the best answer.). Launch a new VM RAC database in another availability domain, launch a compute instance, deploy Oracle GoldenGate on it and then configure it to replicate the data from the eCommerce Database over to the new VM RAC database using GoldenGate. Take backups from the new VM RAC database. Turn off automatic backups from the eCommerce database, implement Oracle Active Data Guard with the standby database deployed on another availability domain, and take backups from the standby database. Launch a new VM RAC database in another availability domain, launch a compute instance, deploy Oracle GoldenGate on it and then configure bi-directional replication from the eCommerce Database over to the new VM RAC database using GoldenDate. Take backup from the new VM RAC database. Turn off automatic backups from the eCommerce database, implement Oracle Data Guard with the standby database deployed on another availability domain, take backups from the standby database.

Your organization is using Oracle Cloud Infrastructure (OCI) and wants to setup a disaster recovery plan by copying block volume backups to another region at regular intervals. This makes it easier to rebuild applications and data in the destination region if a region wide disaster occurs in the source region. Which IAM Policy statement allows the VolumeAdmins group to copy volume backups between regions? (Choose the best answer.). Allow group VolumeAdmins to inspect volumes""family in tenancy. Allow group VolumeAdmins to use volume-backups in tenancy where request.permission='VOLUME_BACKUP_COPY'. Allow group VolumrAdmins to manage volumes in tenancy. Allow group VolumeAdmins to copy volume""backups in tenancy.