1z0-997 Oracle Cloud Infrastructure 2019 Architect Professional Questions and Answers

WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications.

WAF provides you with the ability to create and manage rules for internet threats including

Cross-Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter.Access rules can limit based on geography or the signature of the request.

As a WAF administrator you can define explicit actions for requests that meet various

conditions. Conditions use various operations and regular expressions. A rule action can be

set to log and allow, detect, orblockrequests

You can configure the Autonomous Database instance as atarget databasefor Oracle GoldenGate. ButYou can’t set up Oracle Autonomous Database as asource databasefor Oracle GoldenGate.

Recovery Point objective (RPO) of 24 hours and Recovery Time Objective (RTO) of 1 hour

- To provision new VM and restore the production database from the backup on object storage, will exceed the RTO 1 hour

- You can create the standby DB system in a different availability domain from the primary DB system for availability and disaster recovery purposes. With Data Guard and switchover/failover can meet RTO

1 hour.

- RACDatabase is not required in this solution. Standalone will be most suitable and cost effective

https://docs.clou d.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/best-practices-for-dr-on-oci.pdf

All three Data Guard configurations are fully supported on Oracle Cloud Infrastructure. However, because of a high risk of production outage, we don’t recommend using the maximumprotection mode for your Data Guard configuration.

We recommend using the maximum availability mode in SYNC mode between two availability domains (same region), and using the maximum availability mode in ASYNC mode between two regions. This architecture provides you the best RTO and RPO without causing any data loss. We recommend building this architecture in daisy-chain mode: the primary database ships redo logs to the first standby database in another availability domain in SYNC mode, and then the first standby database ships the redo logs to another region in ASYNC mode. This method ensures that your primary database is not doing the double

work of shipping redo logs, which can cause performance impact on a production workload.

This configuration offers the following benefits:

• No data loss within a region.
• No overhead on the production database to maintain standbys in another region.
• Option to configure lagging on the DR site if needed for business reasons.
• Option to configure multiple standbys in different regions without any additional overhead on the
• production database. A typical use case is a CDN application
• Bottom of Form

There are 3 connections to ADW

1- Connecting to (ADW) from Public Internet

2- Connecting to ADW (via NAT or Service Gateway) from a server running on a private subnet in OCI (in the same tenancy)

3- Connecting to ADW (via internet Gateway) from a server running on a public subnet in OCI (in the same tenancy

STEERING POLICIESis A framework to define the traffic management behavior for your zones. Steering policies contain rules that help tointelligently serve DNS answers.

FAILOVER

Failover policies allow you to prioritize the order in which you want answers served in a policy (for example, Primary and Secondary). Oracle Cloud Infrastructure Health Checks are leveraged to determine the healthof answers in the policy. If the Primary Answer is determined to be unhealthy, DNS traffic will automatically

be steered to the Secondary Answer.

LOAD_BALANCE

Load Balancer policies allow distribution of traffic across multiple endpoints. Endpoints can beassigned equal weights to distribute traffic evenly across the endpoints orcustom weightsmay be assigned for ratio load balancing. Oracle Cloud InfrastructureHealth Checksare leveraged to determine the health of the

endpoint. DNS traffic will be automatically distributed to the other endpoints, if an endpoint is determined to be unhealthy.

ROUTE_BY_GEO

Geolocation-based steering policies distribute DNS traffic to different endpoints based on the location of the end user. Customers can define geographicregions composed of originating continent, countries or states/provinces (North America) and define a separate endpoint or set of endpoints for each region.

ROUTE_BY_ASN

ASN-based steering policies enable you to steer DNS traffic based onAutonomous System Numbers (ASN).

DNS queries originating from a specific ASN or set of ASNs can be steered to a specified endpoint.

ROUTE_BY_IP

IP Prefix-based steering policies enable customers to steer DNS traffic based on the IP Prefix of the originating query.

Managing Traffic ManagementGEOLOCATIONSteering Policies

Geolocation steering policiesdistributeDNS traffic to different endpoints based on the location of the end user. Customers can define geographic regions composed of originating continent, countries or states/provinces (North America) and define a separate endpoint or set of endpointsfor each region.

TheHealth Checks serviceallows you to monitor the health of IP addresses and hostnames, as measured from geographic vantage points of your choosing, using HTTP and ping probes. After configuring a health check, you can view the monitor's results. The results include the location from which the host was monitored, the availability of the endpoint, and the date and time the test was performed.

Also you can Combine Managing Traffic ManagementGEOLOCATIONSteering Policies with Oracle HealthChecks to fail over from one region to another

TheLoad Balancing serviceprovideshealth statusindicators that use your health check policies to report on the general health of your load balancers and their components.

if you misconfigure the health check Protocol between the Load balancer and backend set that can lead to not get an accurate response as example below

If you run a TCP-level health check against an HTTP service, you might not get an accurate response. The TCP handshake can succeed and indicate that the service is up even when the HTTP service is ly configured or having other issues. Although the health check appears good customers might experience transaction failures.

Active DataGuard or GoldenGate are used for disaster recovery when fast recovery times or additional levels of data protection are required. And offload queries and backup to standby system.

Oracle GoldenGate to support a disaster recovery site is to have a working bi-directional data flow, from the primary system to the live-standby system and vice versa.

DataGuard and Automatic Backup

You can enable the Automatic Backup feature on a database with the standby role in a Data Guard association.However, automatic backups for that database will not be created until it assumes the primary role.