Which statement is incorrect with regards to the Oracle Cloud Infrastructure (OCI) Notifications service? (Choose the best answer) Notification topics may be assigned as the action performed by an OCI Events configuration OCI Alarms can be configured to publish to a notification topic when triggered An OCI function may subscribe to a notification topic A subscription can forward notifications to an HTTPS endpoint A subscription can integrate with PagerDuty events It may be used to receive an email each time an OCI Autonomous Database backup is completed. Which statement accurately describes Oracle Cloud Infrastructure (OCI) Load Balancer integration with OCI Container Engine for Kubernetes (OKE)? (Choose the best answer) OKE service provisions an OCI Load Balancer instance for each Kubernetes service with LoadBalancer type in the YAML configuration. OCI Load Balancer instance provisioning is triggered by OCI Events service for each Kubernetes service with LoadBalancer type in the YAML configuration. OCI Load Balancer instance must be manually provisioned for each Kubernetes service that requires traffic balancing. OKE service provisions a single OCI Load Balancer instance shared with all the Kubernetes services with LoadBalancer type in the YAML configuration. Per CAP theorem, in which scenario do you NOT need to make any trade-off between the guarantees? (Choose the best answer) When the are no network partitions When the system is running in the cloud When the system is running on-premise When you are using load balancers. You have two microservices, A and B running in production. Service A relies on APIs from service B. You want to test changes to service A without deploying all of its dependencies, which includes service B. Which approach should you take to test service A? (Choose the best answer) Test against production APIs Test using API mocks There is no need to explicitly test APIs Test the APIs in private environments. In a Linux environment, what is the default location of the configuration file that Oracle Cloud Infrastructure CLI uses for profile information? (Choose the best answer) /etc/.oci/config /usr/local/bin/config $HOME/.oci/config /usr/bin/oci/config. With the volume of communication that can happen between different components in cloud-native applications, it is vital to not only test functionality, but also service resiliency. Which statement is true with regards to service resiliency? (Choose the best answer) Resiliency is about recovering from failures without downtime or data loss A goal of resiliency is not to bring a service to a functioning state after a failure Resiliency testing can be only done in a test environment Resiliency is about avoiding failures. Which two are required to enable Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster access from the kubectl CLI? (Choose two) An SSH key pair with the public key added to cluster worker nodes. Install and configure the OCI CLI OCI Identity and Access Management Auth Token Tiller enabled on the OKE cluster A configured OCI API signing key pair. You have a containerized app that requires an Autonomous Transaction Processing (ATP) Database. Which option is not valid for connecting to ATP from a container in Kubernetes? (Choose the best answer) Enable Oracle REST Data Services for the required schemas and connect via HTTPS Create a Kubernetes secret with contents from the instance Wallet files. Use this secret to create a volume mounted to the appropriate path in the application deployment manifest Use Kubernetes secrets to configure environment variables on the container with ATP instance OCID and OCI API credentials. Then use the CreateConnection API endpoint from the service runtime Install the Oracle Cloud Infrastructure Service Broker on the Kubernetes cluster and deploy ServiceInstance and ServiceBinding resources for ATP. Then use the specified binding name as a volume in the application deployment manifest. In order to effectively test your cloud-native applications, you might utilize separate environments (development, testing, staging, production, etc.) Which Oracle Cloud Infrastructure (OCI) service can you use to create and manage your infrastructure? (Choose the best answer) OCI Compute OCI Container Engine for Kubernetes OCI Resource Manager OCI API Gateway. You are tasked with developing an application that requires the use of Oracle Cloud Infrastructure (OCI) APIs to POST messages to a stream in the OCIStreaming service. Which statement is incorrect? (Choose the best answer.) The request must include an authorization signing string including (but not limited to) x-content-sha256, content-type, and content-length headers. The Content-Type header must be set to application/json An HTTP 401 will be returned if the client's clock is skewed more than 5 minutes from the servers. The request does not require an Authorization header. You are working on a serverless DevSecOps application using Oracle Functions. You have deployed a Python function that uses the Oracle Cloud Infrastructure (OCI) Python SDK to stop any OCI Compute instance that does not comply with your corporate security standards. There are 3 non-compliant OCI Compute instances. However, when you invoke this function none of the instances were stopped.
How should you troubleshoot this? (Choose the best answer.) There is no way to troubleshoot a function running on Oracle Functions. Enable function logging in the OCI console, include some print statements in your function code and use logs to troubleshoot this. Enable function remote debugging in the OCI console, and use your favorite IDE to inspect the function running on Oracle Functions. Enable function tracing in the OCI console, and go to OCI Monitoring console to see the function stack trace. Which is NOT a valid option to execute a function deployed on Oracle Functions? (Choose the best answer.) Send a signed HTTP requests to the function's invoke endpoint Invoke from Oracle Cloud Infrastructure CLI Invoke from Docker CLI Trigger by an event in Oracle Cloud Infrastructure Events service Invoke from Fn Project CLI. You are developing a polyglot serverless application using Oracle Functions. Which language cannot be used to write your function code? (Choose the best answer.) PL/SQL Python Node.js Go Java. Which two statements accurately describe an Oracle Functions application? (Choose two.) A small block of code invoked in response to an Oracle Cloud Infrastructure (OCI) Events service A Docker image containing all the functions that share the same configuration An application based on Oracle Functions, Oracle Cloud Infrastructure (OCI) Events and OCI API Gateway services A common context to store configuration variables that are available to all functions in the application A logical group of functions. You are processing millions of files in an Oracle Cloud Infrastructure (OCI) Object Storage bucket. Each time a new file is created, you want to send an email to the customer and create an order in a database. The solution should perform and minimize cost.
Which action should you use to trigger this email? (Choose the best answer.) Schedule a cron job that monitors the OCI Object Storage bucket and emails the customer when a new file is created. Use OCI Events service and OCI Notification service to send an email each time a file is created. Schedule an Oracle Function that checks the OCI Object Storage bucket every minute and emails the customer when a file is found. Schedule an Oracle Function that checks the OCI Object Storage bucket every second and emails the customer when a file is found. You are using Oracle Cloud Infrastructure (OCI) Resource Manager to manage your infrastructure lifecycle and wish to receive an email each time a Terraform action begins. How should you use the OCI Events service to do this without writing any code? (Choose the best answer) Create an OCI Notifications topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Stack Update" condition, and select the notification topic for the corresponding action. Create an OCI Notifications topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Job Create" condition, and select the notification topic for the corresponding action. Create a rule in OCI Events service matching the "Resource Manager Stack "" Update" condition. Then, select "Action Type: Email" and provide the destination email address. Create an OCI Email Delivery configuration with the destination email address. Then create an OCI Events rule matching "Resource Manager Job Create" condition, and select the email configuration for the corresponding action. A service you are deploying to Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) uses a docker image from a private repository in OCIRegistry (OCIR). Which configuration is necessary to provide access to this repository from OKE? (Choose the best answer.) Add a generic secret on the cluster containing your identity credentials. Then specify a registryCredentials property in the deployment manifest Create a docker-registry secret for OCIR with API key credentials on the cluster, and specify the imagePullSecret property in the application deployment manifest Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the imagePullSecret property in the application deployment manifest Create a dynamic group for nodes in the cluster, and a policy that allows the dynamic group to read repositories in the same compartment. You are developing a serverless application with Oracle Functions and Oracle Cloud Infrastructure Object Storage. Your function needs to read a JSON file object from an Object Storage bucket named "input-bucket" in compartment "qa-compartment". Your corporate security standards mandate the use of ResourcePrincipals for this use case. Which two statements are needed to implement this use case? (Choose two.) Set up a policy with the following statement to grant read access to the bucket: allow dynamic-group read-file-dg to read objects in compartment qa-compartment where target.bucket.name= "˜input-bucket' Set up the following dynamic group for your function's OCID: Name: read-file-dg Rule: resource.id = "˜ocid1.fnfunc.oc1.phx.aaaaaaaakeaobctakezjz5i4ujj7g25q7sx5mvr55pms6f4da' Set up a policy to grant all functions read access to the bucket: allow all functions in compartment qa-compartment to read objects in target.bucket.name= "˜input-bucket' Set up a policy to grant your user account read access to the bucket: allow user XYZ to read objects in compartment qa-compartment where target.bucket.name= "˜input-bucket' No policies are needed. By default, every function has read access to Object Storage buckets in the tenancy. You created a pod called "nginx" and its state is set to Pending.Which command can you run to see the reason why the "nginx" pod is in the pending state? (Choose the best answer.) kubectl logs pod nginx kubectl describe pod nginx kubectl get pod nginx Through the Oracle Cloud Infrastructure Console. A pod security policy (PSP) is implemented in your Oracle Cloud Infrastructure Container Engine for Kubernetes cluster. Which rule can you use to prevent a container from running as root using PSP? (Choose the best answer.) NoPrivilege RunOnlyAsUser MustRunAsNonRoot forbiddenRoot. What is one of the differences between a microservice and a serverless function? (Choose the best answer.) Microservices are used for long running operations and serverless functions for short running operations. Microservices always use a data store and serverless functions never use a data store. Microservices are stateless and serverless functions are stateful. Microservices are triggered by events and serverless functions are not. Which two "Action Type" options are NOT available in an Oracle Cloud Infrastructure (OCI) Events rule definition? (Choose two.) Notifications Functions Streaming Email Slack . Which is NOT a supported SDK on Oracle Cloud Infrastructure (OCI)? (Choose the best answer.) Go SDK Java SDK .NET SDK Ruby SDK Python SDK COBOL SDK. You want to push a new image in the Oracle Cloud Infrastructure (OCI) Registry. Which two actions do you need to perform? (Choose two.) Assign a tag via Docker CLI to the image Generate an auth token to complete the authentication via Docker CLI Generate an API signing key to complete the authentication via Docker CLI Assign an OCI defined tag via OCI CLI to the image Generate an OCI tag namespace in your repository. You are building a container image and pushing it to the Oracle Cloud Infrastructure Registry (OCIR). You need to make sure that these images never get deleted from the repository. Which action should you take? (Choose the best answer.) Create a group and assign a policy to perform lifecycle operations on images Set global policy of image retention to "Retain All Images" In your compartment, write a policy to limit access to the specific repository Edit the tenancy global retention policy. You are deploying an API via Oracle Cloud Infrastructure (OCI) API Gateway and you want to implement request policies to control access. Which is NOT available in OCI API Gateway? (Choose the best answer.) Limiting the number of requests sent to backend services Enabling CORS (Cross-Origin Resource Sharing) support Providing authentication and authorization Controlling access to OCI resources. What are the advantages of distributed systems? (Select THREE correct answers.) Privacy Resiliency Transparency Scalability. You are building a cloud native, serverless travel application with multiple Oracle Functions in Java, Python and Node.js. You need to build and deploy these functions to a single application named travel-app. Which command will help you complete this task successfully? (Choose the best answer.) oci fn function deploy --ap travel-ap --all fn deploy --ap travel-ap -- all oci fn application --application-name-ap deploy --all fn function deploy --all --application-name travel-ap. A developer using Oracle Cloud Infrastructure (OCI) API Gateway must authenticate the API requests to their web application. The authentication process must be implemented using a custom scheme which accepts string parameters from the API caller. Which method can the developer use in this scenario? (Choose the best answer.) Create an authorizer function using request header authorization Create an authorizer function using token-based authorization Create a cross account functions authorizer Create an authorizer function using OCI Identity and Access Management based authentication. Your Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) administrator has created an OKE cluster with one node pool in a public subnet. You have been asked to provide a log file from one of the nodes for troubleshooting purpose. Which step should you take to obtain the log file? (Choose the best answer.) ssh into the node using public key ssh into the nodes using private key It is impossible since OKE is a managed Kubernetes service Use the username opc and password to login. You have been asked to create a stateful application deployed in Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) that requires all of your worker nodes to mount and write data to persistent volumes. Which two OCI storage services should you use? (Choose two.) Use OCI File Services as persistent volume Use GlusterFS as persistent volume Use OCI Block Volume backed persistent volume Use open source storage solutions on top of OCI Use OCI Object Storage as persistent volume. As a cloud-native developer, you are designing an application that depends on Oracle Cloud Infrastructure (OCI) Object Storage wherever the application is running. Therefore, provisioning of storage buckets should be part of your Kubernetes deployment process for the application. Which should you leverage to meet this requirement? (Choose the best answer.) OCI Service Broker for Kubernetes OCI Container Engine for Kubernetes Open Service Broker API Oracle Functions. You are implementing logging in your services that will be running in Oracle Cloud Infrastructure Container Engine for Kubernetes. Which statement describes the appropriate logging approach? (Choose the best answer.) Each service logs to its own log file All services log to an external logging system All services log to standard output only All services log to a shared log file. Which concept is NOT related to Oracle Cloud Infrastructure Resource Manager? (Choose the best answer.) Job Stack Queue Plan. Your organization uses a federated identity provider to login to your Oracle Cloud Infrastructure (OCI) environment. As a developer, you are writing a script to automate some operation and want to use OCI CLI to do that. Your security team doesn't allow storing private keys on local machines. How can you authenticate with OCI CLI? (Choose the best answer.) Run oci setup keys and provide your credentials Run oci session refresh --profile <profile_name> Run oci session authenticate and provide your credentials Run oci setup oci-cli-rc --file path/to/target/file. Which one of the statements describes a service aggregator pattern? (Choose the best answer.) It is implemented in each service separately and uses a streaming service It involves implementing a separate service that makes multiple calls to other backend services It uses a queue on both sides of the service communication It involves sending events through a message broker. Which two handle Oracle Functions authentication automatically? (Choose two.) Oracle Cloud Infrastructure SDK cURL Oracle Cloud Infrastructure CLI Signed HTTP Request Fn Project CLI. You have written a Node.js function and deployed it to Oracle Functions. Next, you need to call this function from a microservice written in Java deployed on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE). Which can help you to achieve this? (Choose the best answer.) Use the OCI CLI with kubectl to invoke the function from the microservice Oracle Functions does not allow a microservice deployed on OKE to invoke a function OKE does not allow a microservice to invoke a function from Oracle Functions Use the OCI Java SDK to invoke the function from the microservice. How do you perform a rolling update in Kubernetes? (Choose the best answer.) kubectl rolling-update kubectl upgrade <deployment-name> --image=image:v2 kubectl update -c <container> kubectl rolling-update <deployment-name> --image=image:v2. You have created a repository in Oracle Cloud Infrastructure Registry in the us-ashburn-1 (iad) region in your tenancy with a namespace called "heyoci". Which three are valid tags for an image named "myapp"? (Choose three.) iad.ocir.io/heyoci/myproject/myapp:0.0.1 us-ashburn-1.ocir.io/heyoci/myapp:0.0.2-beta us-ashburn-1.ocir.io/heyoci/myproject/myapp:0.0.2-beta us-ashburn-1.ocir.io/myproject/heyoci/myapp:latest iad.ocir.io/myproject/heyoci/myapp:latest iad.ocir.io/heyoci/myapp:0.0.2-beta iad.ocir.io/heyoci/myapp:latest . You are developing a serverless application with Oracle Functions. Your function needs to store state in a database. Your corporate security standards mandate encryption of secret information like database passwords. As a function developer, which approach should you follow to satisfy this security requirement? (Choose the best answer.) Use the Oracle Infrastructure Console and enter the password in the function configuration section in the provided input field Use Oracle Cloud Infrastructure Key Management to auto-encrypt the password. It will inject the auto-decrypted password inside your function container Encrypt the password using Oracle Cloud Infrastructure Key Management. Decrypt this password in your function code with the generated key All function configuration variables are automatically encrypted by Oracle Functions. You are working on a cloud native e-commerce application on Oracle Cloud Infrastructure (OCI). Your application architecture has multiple OCI services, including Oracle Functions. You need to trigger these functions directly from other OCI services, without having to run custom code. Which OCI service cannot trigger your functions directly? (Choose the best answer.) OCI Events Service OCI Registry OCI API Gateway Oracle Integration. Which two statements are true for serverless computing and serverless architectures? Serverless function execution is fully managed by a third party Serverless function state should never be stored externally Applications running on a FaaS (Functions as a Service) platform Application DevOps team is responsible for scaling Long running tasks are perfectly suited for serverless. What is the minimum amount of storage that a persistent volume claim can obtain in Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE)?(Choose the best answer.) 50 GB 10 GB 1 GB 1 TB. You need to execute a script on a remote instance through Oracle Cloud Infrastructure Resource Manager. Which option can you use? (Choose the best answer.) Use /bin/sh with the full path to the location of the script to execute the script It cannot be done Download the script to a local desktop and execute the script Use remote-exec. You are a consumer of Oracle Cloud Infrastructure (OCI) Streaming service. Which API should you use to read and process the stream? (Choose the best answer.) ListMessages GetMessages GetObject ReadMessages. Which Oracle Cloud Infrastructure (OCI) load balancer shape is used by default in OCI Container Engine for Kubernetes? (Choose the best answer.) 400 Mbps 8000 Mbps There is no default. The shape has to be specified 100 Mbps. Which two statements are true for service choreography? (Choose two.) Service choreographer is responsible for invoking other services Services involved in choreography communicate through messages/messaging systems Service choreography relies on a central coordinator Service choreography should not use events for communication Decision logic in service choreography is distributed. Which testing approaches is a must for achieving high velocity of deployments and releases of cloud-native applications? (Choose the best answer.) Integration testing A/B testing Automated testing Penetration testing. As a cloud-native developer, you have written a web service for your company. You have used Oracle Cloud Infrastructure (OCI) API Gateway service to expose the HTTP backend. However, your security team has suggested that your web service should handle Distributed Denial-of-Service (DDoS) attack. You are time- constrained and you need to make sure that this is implemented as soon as possible. What should you do in this scenario? (Choose the best answer.) Use OCI virtual cloud network (VCN) segregation to control DDoS Use a third party service integration to implement a DDoS attack mitigation Use OCI API Gateway service and configure rate limiting Re-write your web service and implement rate limiting. A leading insurance firm is hosting its customer portal in Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes with an OCI Autonomous Database.Their support team discovered a lot of SQL injection attempts and cross-site scripting attacks to the portal, which is starting to affect the production environment. What should they implement to mitigate this attack? (Choose the best answer.) Network Security Lists Network Security Groups Network Security Firewall Web Application Firewall. A programmer is developing a Node.js application which will run in a Linux server on their on-premises data center. This application will access various OracleCloud Infrastructure (OCI) services using OCI SDKs. What is the secure way to access OCI services with OCI Identity and Access Management (IAM)? (Choose the best answer.) Create a new OCI IAM user associated with a dynamic group and a policy that grants the desired permissions to OCI services. Add the on-premises Linux server in the dynamic group Create an OCI IAM policy with the appropriate permissions to access the required OCI services and assign the policy to the on-premises Linux server Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, generate the keypair used for signing API requests and upload the public key to the IAM user Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, add the user name and password to a file used by Node.js authentication. Which header is NOT required when signing GET requests to Oracle Cloud Infrastructure APIs? (Choose the best answer.) date or x-date (request-target) content-type host. Which two are characteristics of microservices? (Choose two.) Microservices are hard to test in isolation Microservices can be independently deployed All microservices share a data store Microservices can be implemented in limited number of programming languages Microservices communicate over lightweight APIs. You encounter an unexpected error when invoking the Oracle Function named "myfunction" in application "myapp". Which can you use to get more information on the error? (Choose the best answer.) fn --debug invoke myapp myfunction DEBUG=1 fn invoke myapp myfunction fn --verbose invoke myapp myfunction Call Oracle support with your error message. You are developing a distributed application and you need a call to a path to always return a specific JSON content deploy an Oracle Cloud Infrastructure API Gateway with the below API deployment specification. What is the correct value for type? (Choose the best answer.) STOCK_RESPONSE_BACKEND CONSTANT_BACKEND JSON_BACKEND HTTP_BACKEND. Which statement is incorrect with regards to the Oracle Cloud Infrastructure (OCI) Notifications service? It may be used to send an email each time an OCI Autonomous Database backup is completed. A subscription can integrate with PagerDuty events. OCI alarms can be configured to publish to a notification topic when triggered. A subscription can forward notifications to an HTTPS endpoint. A single topic must have at least one and no more than 3 subscribers Notifications topics may be assigned as the action performed by an OCI Events Configuration. What is the open source engine for Oracle Functions? Apache OpenWhisk OpenFaaS Fn Project Knative. What are two of the main reasons you would choose to implement a serverless architecture? Automatic horizontal scaling Improved In-function state management Easier to run long-running operations No need for integration testing Reduced operational cost. In the sample Kubernetes manifest file below, what annotations should you add to create a private load balancer In oracle Cloud infrastructure Container Engine for Kubermetes? service.beta.kubernetes.io/oci-load-balancer-private: "true" service.beta.kubernetes.io/oci-load-balancer-private: "true"
service.beta.kubernetes.io/oci-load-balancer-subnet1: "ocid1.subnet.oc1..aaaaaa....vdwf" service.beta.kubernetes.io/oci-load-balancer-internal: "true" service.beta.kubernetes.io/oci-load-balancer-internal: "true"
service.beta.kubernetes.io/oci-load-balancer-subnet1: "ocid1.subnet.oc1..aaaaaa....vdwf". Given a service deployed on Oracle Cloud infrastructure Container Engine for Kubernetes (OKE). Which annotation should you add in the sample manifest file to specify a 400 Mbps load balancer? service.beta.kubernetes.lo/oci-load-balancer-kind: 400Mbps service.beta.kubernetes.lo/oci-load-balancer-value: 400Mbps service.beta.kubernetes.lo/oci-load-balancer-shape: 400Mbps service.beta.kubernetes.lo/oci-load-balancer-size: 400Mbps. How can you find details of the tolerations field for the sample YAML file below? Kubectl list pod.spec.tolerations Kubectl explain pod.spec.tolerations Kubectl describe pod.spec.tolerations Kubectl get pod.spec.tolerations. You are developing a server less application with Oracle Functions. You have created a function in compartment named prod. When you try to invoke your function you get the following error. Create a policy: Allow function-family to use virtual-network-family in compartment prod Create a policy: Allow any-user to manage function-family and virtual-network-family in compartment prod Create a policy: Allow service FaaS to use virtual-network-family in compartment prod Deleting the function and redeploying it will fix the problem. What is the difference between blue/green and canary deployment strategies? In blue/green, application Is deployed In minor increments to a select group of people. In canary, both old and new applications are simultaneously in production In blue/green, both old and new applications are in production at the same time. In canary, application is deployed incrementally to a select group of people In blue/green, current applications are slowly replaced with new ones. In < MW y, Application ll deployed incrementally to a select group of people In blue/green, current applications are slowly replaced with new ones. In canary, both old and new applications are In production at the same time. Who is responsible for patching, upgrading and maintaining the worker nodes in Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE)? It Is automated Independent Software Vendors Oracle Support The user. Which two statements accurately describe Oracle SQL Developer Web on Oracle Cloud Infrastructure (OCI) Autonomous Database? It is available for databases with dedicated Exadata infrastructure only. After provisioning into an OCI compute Instance, it can automatically connect to the OCI Autonomous Databases instances. It is available for databases with both dedicated and shared Exadata infrastructure. It provides a development environment and a data modeler interface for OCI Autonomous Databases. It must be enabled via OCI Identity and Access Management policy to get access to the Autonomous Databases instances. Which pattern can help you minimize the probability of cascading failures in your system during partial loss of connectivity or a complete service failure? Retry pattern Circuit breaker pattern Compensating transaction pattern Anti-corruption layer pattern. What is the maximum execution timeout of Oracle Functions? 60 seconds 5 minutes 120 minutes 1 hour. When starting a container to run an Oracle Function, the container runs processes as which user? Oracle Function uses root to run any process inside the container Oracle Function uses the same OCI user to run the processes with no added privileges Oracle Function doesn’t use any default user. It is a responsibility of the admin to specified one Oracle Function uses fn user to run the processes with no added privileges. What is the maximum memory threshold for an Oracle Function? 512 Mb 4096 Mb 2048 Mb 1024 Mb. Which Oracle Cloud Infrastructure (OCI) service is NOT supported using OCI Service Broker for Kubernets? OCI Autonomous Transaction Processing OCI Object Storage OCI Events Service OCI Streaming Service OCI Autonomous Data Warehouse. Your application team wants to use configuration variable for their application Pods and wants to inject it before the Pod creation. As a Kubernets Administrator, you have been tasked to come up with the option to achieve this. What should you do? Use Init Containers Use configmap in the pod spec Use PodPreset to create the config outside of Prod Use secrets at the Pod spec. Your application team has developed an Oracle Function that generates static pages during the function call. They want to use it for all the regions of your company, in such a way that every regional URL will hit the same application endpoint. You have been asked by the application to use Oracle Cloud Infrastructure (OCI) API Gateway to expose it. How would you achieve this? Create an OCI API Gateway, Create a deployment and add Context Variables to Policies & HTTP Back End Definitions Create an OCI API Gateway, Create a deployment and expose the app with exact route path Create an OCI API Gateway, Create a deployment and add Path Parameters & Wildcards to Route Paths Create an OCI API Gateway, Create a deployment adding HTTPS URL of the app. You have developed a cloud-based application that has multiple services, with each serving having one or more consumers. You need to make sure that excessive load or failure in a particular service should not impact all consumers of their services. Which service design pattern should you choose to mitigate this risk? Choreography Bulkhead Circuit Breaker Pattern Cache-Aside. As a Kubernets Administrator, you see that the Oracle Cloud Infrastructure (OCI) Container Engine Kubernetes (OKE) has released a new version of the image running on Worker Node. Your application owners have mentioned that they use label selectors for the deployment. You need to make sure that you upgrade to the lasted image of the node pool without disrupting the existing deployment strategy. What should you do? Do not create any new node pool and run kubectl drain <node_name> Run kubectl cordon <node_name> on all of the existing nodes Create a new node pool and let the deployments choose the best worker node Create a new node pool run kubectl label nodes to attach the same label as the existing nodes. You are using Oracle Cloud Infrastructure (OCI) Registry to store the container images for your application. You have been asked to adopt OCI Container Engine for Kubernets for Container Orchestration and you should use OCI Registry as the image store. How do you use OCI Registry in your OKE environment as Container Store? Use encoded credential to pull image in Pod spec Create a Docker Registry Secret in OKE and use that as ImagePullSecrets in Pod Spec Create a configmap in OKE and use it in Pod Spec Use standard username and password in Pod Spec. What does Rolling Update deployment strategy do in your Kubernetes environment? Rolling update shift user traffic from one application pod to another Rolling update is a means to test the functionality of your deployed app Rolling updates allow Deployments’ update to take place with zero downtime by incrementally updating Pods instances with new ones Rolling Update create two replica of each Pod that you have deployed. As a Kubernetes Administrator you need to make sure that the deployed application maintains the desired replica state at all times while updating the application with a new image. What should you do? Apply –record option during rolling update Apply maxSurge and maxUnavailable parameter in deployment spec Apply –min & --max in rolling update command Apply –replicacount when doing the rolling update. Your DBA has mentioned that they have a shared service instance of Oracle Autonomous Transaction Processing (ATP) Database that many applications can use. What is the drawback if you want to bring in the existing ATP instance to the Oracle Service Broker? You can delete an existing ATP instance using Oracle Service Broker You can’t manage the lifecycle of the ATP Instance You can unbind an existing Oracle ATP Instance You can deprovision an Oracle Service Broker. You want to allow applications running on an Oracle Cloud Infrastructure (OCI) compute instance leveraging OCI SDKs to call other OCI services. What should you use to accomplish this? Create a certificate and copy the certificate to the compute instance Configure Federate identity Configure Instance Principals Configure Service Principals. Your priority is to use Infrastructure as a Code (IaC) in a team environment, where you and your team both need to have access to the deployed infrastructure state data. What should you do have replicated to the state file for all the team members? Use target resource Use Instance principal Use Remote state file Use a copy of the Local State File on each Team Member’s workstation. What should you use to authenticate yourself before doing docker image pull or push from Oracle Cloud Infrastructure (OCI) Registry? You must have OCI username and Fingerprint You must have an OCI API Signing Key You must have a docker hub username and password You must have an OCI username and an auth token. You have deployed a Python application on Oracle Cloud Infrastructure Container Engine for Kubernetes. However, during testing you found a bug that you rectified and created a new Docker image. You need to make sure that if this new Image doesn't work then you can roll back to the previous version. Using kubectl, which deployment strategies should you choose? Rolling Update Canary Deployment Blue/Green Deployment A/B Testing. Which one of the following is NOT a valid backend-type supported by Oracle Cloud Infrastructure (OCI) API Gateway? STOCK_RESPONSE_BACKEND ORACLE_FUNCTIONS_BACKEND ORACLE_STREAMS_BACKEND HTTP_BACKEND. Which web service interaction pattern operation accepts requests and performs a callback to the original consumer? Synchronous Bilateral Asynchronours two-way Asynchronous one-way. Which of these is an advantage of microservices? Heterogenous implementations Fault tolerance Point-to-point interactions Data reconcilation. Which protocol is used by REST-based resources as a transport layer? SOAP HTTP TCP FTP. Which is mapped to HTTP methods using REST conventions? Operations Services Resources Applications. Which aspect of a service is used to fulfill the service contract? Service API Service Policy Service Implementation Service Interface. Identify the two correct statements for deleting a docker image from OCIR? (Choose all correct answers) You can use OCI CLI to perform the delete. There is time limit to undelete the image. Only Manual deletes are possible. Tagged images cannot be deleted. Which three can be used to push docker images to OCIR? (Choose all correct answers) Docker CLI Data Pump SQL Plus Oracle Functions Service Docker v2 API. What two statements are true when you upgrade the OKE cluster with a new version? (Choose all correct answers) The Control plane and worker nodes are automatically updated by Oracle. The worker nodes are upgraded by the customer. The Control plane and worker nodes are updated by the customer. The control plane is updated by Oracle. On which two options is Oracle Cloud Infrastructure Budget set? (Choose two)
(Choose all correct answers) Free-form tags Tenancy Cost-tracking tags Virtual Cloud Network Compartments Compute Instances. What would you use to form Oracle Cloud Infrastructure Identity and Access Management to govern resources in a tenancy? Policies Groups Dynamic Groups Users. You want to make API calls against other OCI Services from your instance without configuring user credentials. How would you achieve this? Create a group and add a policy Create Dynamic Group and add a policy No configuration required for making API calls Create Dynamic Group and add your instance. Which components are part of OCI Identity and Access Management service? (Choose three) Users Dynamic Groups Virtual Cloud Networks Roles Regional Subnets Policies Compute instances. In which of the below practices, do developers merge their code changes into a central repository? Continuous Development Continuous Deployment Continuous Delivery Continuous Integration. Which of the following DevOps project resources allows you to clone your local repo to OCI? Environments Triggers Code Repositories External Connections. Choose the practice which helps you speed up the release of code. Continuous Development Continuous Delivery Continuous Deployment Continuous Integration. Which of the following DevOps project resources is used to automate a build based on code updates? Deployment Pipelines Triggers External Connections Artifacts. Choose the correct order of phases in the DevOps approach.
a. Build
b. Deliver
c. Code
d. Test
e. Deploy c, a, e, d, b d, c, a, b, e a, b, c, d, e c, a, d, b, e. What is the correct sequence for leveraging and synchronizing test environments? Dev -> Staging -> Test -> Production Test -> Dev -> Staging -> Production Dev -> Test -> Staging -> Production Staging -> Test -> Dev -> Production. Which type of test is created manually by hand as a working implementation of a class interface with fixed data and no logic? Stub Smoke Mock Fake. Which type of testing represents the base and biggest percentage of the test automation pyramid? Unit Component UI Canary. Which type of testing is run continuously and can be costly to maintain? Component Canary Performance Chaos. You want to aggregate, search, and monitor all log data from your applications and system infrastructure. Which service would you use for this? Logging Analytics Monitoring Logging Data Catalog Analytics Cloud. You want to set up an alarm for CPU usage and disk read for a compute instance, so that you can determine when to launch new instances to handle increased load. Which service would you use? Analytics Cloud Monitoring Instance Pool Health Checks Logging Analytics. You want to reduce millions of log entries into a small set of log signatures to make it easy to review. By using which would you achieve this? Data Catalog Monitoring Logging Analytics Data Flow Logging. Which statements are true about the Logging service? (Choose two) Analyzes critical diagnostic information that describes how resources are performing and being accessed Searches, analyzes, and monitors log data from applications and system infrastructure Single pane of glass for all the logs in a tenancy Monitors cloud resources using metrics and alarms. Wich two are benefits of distributed systems? (Choose two) Privacy Scalability Security Resiliency Easy of testing. You created a pod called "myapp" that is stuck in the waiting state and can't run. Which is a valid kubectl command that could be used to troubleshoot the issue? kubectl pod myapp undeploy kubectl describe pod myapp kubectl undeploy myapp kubectl myapp describe pod. You have been asked to create a stateful application deployed in Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) that requires all of your worker nodes to mount and write data to persistent volumes. Wich option must be used when configuring a persisten volume claim (PVC)? OCI Object Storage service OCI File Storage service OCI Block Volume service OCI Storahe Gateway service. Your organization has built a web based application that has a REST API endpoint. You have been asked to expose the REST endpoint using an appropriate service on Oracle Cloud Infrastructure (OCI). OCI Container Engine for Kubernetes (OKE) Oracle Functions OCI API Gateway OCI Service Gateway. What are the possible ways to invoke a function that is deployed to Oracle Functions? Select THREE correct answers. Oracle Cloud Infrastructure CLI Fn Project CLI Signed HTTP request to the function’s invoke endpoint Kubernetes CLI. What are the supported SDKs on Oracle Cloud Infrastructure (OCI)? Choose all that apply Go SDK C++ SDK .NET SDK Ruby SDK PHP SDK Java SDK Python SDK. You have created the manifest file that Kubernetes uses when deploying an application to an OKE cluster in Oracle Cloud Infrastructure.
If the Docker image is stored in a privet OCIR repository. Which three parameters need to be present in the manifest file? Image path Public Key Secret Container port number Auth Token Private Key. An application needs to make call against OCI service. What should you do to accomplish this? Tag the compute instance. Create a group with no users. Make sure the correct policy is applied. Configure instance principals Write a script to pass in your credentials when required. You have two microservices (A and B) running in production. Service A relies on APIS from service B. You want to test changes to service A without deploying all of its dependencies, which includes service B. Which approach should you take to test service A? Test against production APIs. Test using mock APIs Test the APIs in private environments. There is no need to test each explicit API. You are using Oracle Cloud Infrastructure (OCI) Resource Manager to manage your infrastructure lifecycle and wish to receive an email each time a Terraform action begins. Which is the best valid method to leverage the OCI Events service for this requirement? Create an Events rule matching the Resource Manager Stack – Update condition. Then select Action Type: Email and provide the destination email address. Create an OCI Notification service topic and email subscription. Then create an Events rule matching the Resource Manager Stack – Update condition, and select the notification topic for the corresponding action. Create and OCI Notification service topic and email subscription. Then create an Events rule matching the Resource Manager Job – Create condition, and select the notification topic for the corresponding action. Create an OCI Email Delivery configuration with the destination email address. Then create an Events rule matching the Resource Manager Job – Create condition, and select the email configuration for the corresponding action. What are the different ways to get authenticated using Oracle Cloud Infrastructure (OCI) SDK? Using Instance Principal Using Security Token Using OCI CLI Config file Using Username and Password on standard tty Using Resource Principal Using Service Principal. During the deployment of Infrastructure using Infrastructure as Code, you have been asked to run a script within the deployed Oracle Cloud Infrastructure (OCI) Instances, so that during the deployment, few configurations can also achieved. What should you do to achieve this? Use "local-exec" provisioner to send the script to the instances. Use Instance Principal auth type to send the script to the instances. Use auth module in Terraform code to send the script to the instances. Use "remote-exec" provisioner to send the script to the instances. You are using a Windows Laptop to write a script using OCI CLI. But when you ran the script, you got this error "The OCI CLI is not found". What should you do to make sure that you are able to run OCI from the Windows Laptop? Upgrade the OCI CLI version Make sure that the Scripts Directory in your Phyton installation is not hiden Make sure that the oci.exe location is in your path Reinstall Phyton on your Windows Laptop. What is the main configuration agent on a master server? Loop Kube-apiserver Kubelet Watcher. When a node has been tainted, what does a Pod required to be deployed on that node? Permission Toleration Ability Annotation. What is the smallest object or unit we can work with in Kubernets? Deployment Pod ReplicaSet Container. What is the communication method between different cloud native application services? Complex and asynchronous Basic and asynchronous Complex and synchronous Basic and synchronous . Consider the following configuration file, ngnix-demo.svc-ssl.yaml, wich defines a Nginx deployment and exposes via a load balancer that serves http on port 80 and https port on 443. This sample creates Oracle Cloud Infrastructure Load Balancer, by defining a service with a type a LoadBalancer (type: LoadBalancer). You want to use multiple SSl ports. You want to add 3000 port in addition to existing port. In which part you need to change the value? port: 443, 3000 port: 80, 3000 Service.beta.kubernets.io/oci-load-balancer-ssl-ports: “443,3000” targetPort: 80, 3000 . What deployment value determines the number of duplicate Pods deployed? label replicas uid status. Which of the following must be included in a Pod template? metadata Kind apiversion spec All the above. How many IP addresses can be configured for a Pod? 1 2 8 none. Which of the following is a header value having to do with updating Pods? type strategy selector none of the above. What do you use to dynamically make Kubernetes resources discoverable to public DNS servers? Compensation transaction pattern Circuit braker pattern Anti-corruption layer pattern Retry pattern . You are using OCI Registry to store the container images for your application. You have been asked to adopt OCI Container Engine for Kubernetes for Container Orchestration and you should use OCI Registry as the image store. How do you use OCI Registry in your OKE environments a container store? Create a Docker Registry in OKE and use that as ImagePullSecrets in Pod Spec Use encoded credential to pull in Pod Spec Create a configmaping OKE and use it in Pod Spec Use standard username and password in Pod Spec . When a team decouples monolithic components and converts them into a microservices-based architecture, which condition is considered a benefit? Greater complexity when monitoring and troubleshooting applications An increase in the number of scalability options An increase in network traffic Additional complexity when integrating components together. Which is best defined as "a combination of development and operations brought together to create a unified infrastructure designed to maximize productivity"? Agile Methodology DevOps Microservices Containers. Which container runtime is NOT compliant with the Cloud Native Computing Foundation (CNCF)? CRI-O Firecracker Containerd Docker. Which statement concerning the OCI Code Editor is FALSE? Code Editor includes plugins for Functions and Resource Manager. Code Editor can be downloaded as a client desktop tool linked to your OCI account. Code Editor is designed on the Eclipse Theia framework. Code Editor allows you to clone and manage any Git-based repository. As a developer, you are tasked with utilizing some of the capabilities of the cloud, such as higher availability and scalability, but you cannot completely redesign your application to use cloud services. Considering this limitation for application re-design, which solution should you use in this case? Cloud Based Cloud Enabled Cloud Agnostic Cloud Native . Which is NOT a benefit of cloud-native development? Faster release Reduced cost Auto-provisioning Simple architecture. Which two statements are true about Docker images and containers? Only one container can be spawned from a given image at a time. An image is a collection of immutable layers, whereas a container is a running instance of an image. A container can exist without an image, but an image cannot exist without a container. If multiple containers are spawned from the same image, they all use a different copy of the image in memory. Each time Docker launches a container from an image, it adds a thin writable layer known as the container layer. . Which is NOT a component of Docker architecture? Docker Machine Docker Runtime Docker Registry Docker Engine. Which is a key benefit of breaking a monolithic application into cloud-native microservices and running them inside Docker containers? Relatively easier and simple to develop Reduced network latency and security concerns Improved process isolation Simplified log management. As a DevOps Engineer, you are asked to manage the OCI Container Registry, which hosts Docker container images. You are directed to delete all the images within a tenancy region that have not been pulled for over 72 hours to avoid billing charges for the storage space they consume.
Which action should you perform to handle this requirement? Periodically delete old, unused images using Docker CLI. Set up local image retention policies to delete images automatically based on selection criteria. For each old, unused image, select Delete Image from the Actions menu and confirm that you want to delete the image.<br><br> Set up a global image retention policy to delete images automatically based on selection criteria. Which statement is true about Oracle Cloud Infrastructure Registry (OCIR)? Once deleted, the image is permanently removed from the Container Registry and cannot be restored. There is no limit to the number of repositories you can have in any given region within a tenancy. Once a repository has been created in a compartment, it cannot be moved to another compartment. When you delete a repository, it can take up to two days for the deletion to take effect and for storage to be released. As a developer, you are tasked with using an OCI DevOps project to automate the software development process. Which task CANNOT be performed using the OCI DevOps build pipeline? Automate the build process on code commit. Store an artifact in an artifact repository. Perform an incremental release to OKE, Functions, or instance groups. Run automated unit tests. Which statement is true about configuration changes of a Node Pool in an OKE cluster? Configuration changes affect both existing nodes and new nodes created after edit. Configuration changes only affect existing nodes in the pool. No nodes are affected when configuration changes are made until the entire OKE cluster is restarted. Configuration changes only affect new nodes created after edit. Which is an open-source container management tool that is responsible for container deployment, scaling and descaling of containers, and load balancing? Kubernetes Docker Grafana Containerd. What is the difference between continuous delivery and continuous deployment? Continuous delivery is a manual task, while continuous deployment is an automated task. Continuous delivery means complete delivery of the application to the customer, while continuous deployment includes only deployment of the application in the customer environment. Continuous delivery includes all the steps of the software development life cycle, while continuous deployment may skip a few steps such as validation and testing. Continuous delivery has manual releases to production decisions, while continuous deployment has releases automatically pushed to production. A business representative at Oracle is asked to describe OCI DevOps as a Service to a potential customer. Specifically, they must describe what it is and what it does as succinctly as possible. Which is the BEST description of the OCI DevOps service? OCI DevOps is a cloud-based platform for engineers; it builds software. OCI DevOps is a configuration management service; it orchestrates deployments. OCI DevOps is an automation service for DevOps teams; it uses pipelines to manage infrastructure. OCI DevOps is a CI/CD platform for developers; it automates the SDLC. Which statement concerning OCI API Gateway deployments is TRUE? A deployment can leverage API Usage Plan OCIDs as selection criteria for both dynamic authentication and dynamic routing. Each deployment route configuration must specify one backend service. Multiple backends require either multiple routes or multiple deployments. A deployment configuration can use a Java Web Token (JWT) or an Authorizer Function for client token validation. Dynamic routing within one deployment route requires the configuration of selector criteria with two or more routing rules. Which statement is NOT true regarding Oracle Functions? The fn deploy command involves creating and uploading a container image, but does not instantiate that image into memory. Additional configuration parameters can be specified as environment variables. However, they must be specified at the function application scope. There is a default timeout for function execution. However, you can choose to configure a different timeout during or after function deployment. There is a default amount of memory that a function will use. However, you can choose to configure a different memory footprint during or after function deployment. Which three statements are true when configuring an API gateway in OCI? A VCN must exist before creating an API gateway. API gateway instances can run on separate Availability domains. A VCN is automatically created when you create an API gateway. API gateway instance placement is controlled by users during provisioning. API gateway instances can run on separate Fault domains. When configuring the transformation of HTTP responses for an API Gateway deployment, which option is NOT available? Creating a new header Renaming a header Deleting a header Updating a query string. Which is NOT a runtime context variable that is available when configuring an API Gateway deployment? request.query request.client request.auth request.path. Your Oracle Function deployed to an application in a private subnet needs to access other OCI services. Which additional service is required? Function Application Gateway API Gateway Deployment NAT Gateway Service Gateway. Which is NOT a valid option when configuring an OCI Service Connector? Sending stream messages from one stream to another stream Sending log messages to a stream Sending stream messages to an Oracle Function Sending data from Object Storage buckets to a stream. Which statement is NOT true about the OCI Streaming service? All streams must be assigned to a stream pool. A stream can be configured to have either a public or private endpoint. Messages in a stream can only be retained for up to 7 days. Messages sent to a stream must be in a JSON format structure. Which is NOT available as an OCI Events service rule destination? OCI Notifications Oracle Functions OCI Streaming OCI Monitoring. When creating OCI Events rules, which is NOT a valid rule design consideration? Each rule is scoped to a single compartment or compartment hierarchy. Proper IAM policies must be explicitly added for all rules and actions. There is a limit of 50 rules for an OCI tenancy. Each rule must be based on only one configured condition. Which is a pointer to a location in a stream? Key Cursor Offset Partition. Which statement is NOT true regarding the OCI Vault service? A master encryption key (MEK) is used to generate data encryption keys. A master encryption key (MEK) can be stored in an HSM or on a server. Your vault must contain only one master encryption key (MEK) at a time. A master encryption key (MEK) can either be imported or created manually. Which testing technique is used to test the communication paths and interactions between individual service components or between service components and some external services/systems/data store? Component Testing Contract Testing Unit Testing Integration Testing. You are creating a custom Dockerfile to be used for an Oracle Functions container. Which privilege elevation command is allowed? su sudo setuid No privilege elevations are allowed. Which testing measure should be considered when testing for traffic routing during overloading and the effect of load balancing on overall performance? Robust deployment Scalability Functionality Resiliency. You have created a new compartment called "apps" to host some production applications. You have also created a group called "apps_group" and added users to it. What would you do to ensure those users can access the apps compartment? Add an IAM policy to attach tenancy to the apps group. Add an IAM policy for apps_group granting access to the apps compartment. Add an IAM policy for individual users to access the apps compartment. No action is required. Which three types of logs can be made available to the OCI Logging service? Alert Logs Archive Logs Trace Logs Custom Logs Service Logs Audit Logs. Which is NOT required for accessing log messages from applications deployed to an OKE cluster? Adding IAM policy statements to allow access to OCI Logging Creating and configuring a custom log in OCI Logging Deploying the OCI Collection Agent to cluster worker nodes Defining an OCI Dynamic Group for cluster worker nodes. Which is a valid description of the OCI Logging service? Analyzes critical diagnostic information that describes how resources are performing and being accessed Searches, analyzes, and monitors log data from applications and system infrastructure Ensures secure management of audit, infrastructure, database, and application logs Monitors cloud resources using metrics and alarms. Which statement is NOT true regarding Oracle Functions? Oracle Function invocation logs are enabled at the application level. Oracle Function metrics are available at both the function and application level. Oracle Function invocation logging is enabled by default. Oracle Function tracing is enabled at the function level. Which OCI service provides functionality to help facilitate distributed tracing from microservices deployed to OKE and Oracle Functions? Logging Analytics Application Dependency Management Application Performance Monitoring Service Connector Hub. You developed a microservices-based application that runs in an Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster. It has multiple that need to be exposed to the public internet. What is the most cost-effective way to expose multiple application endpoints without adding unnecessary complexity to the application? Create a separate load balancer instance for each service using the lowest 100 Mbps throughput option. Deploy an Ingress Controller and use it to expose each endpoint with its own routing endpoint. Use a NodePort service type in Kubernetes for each of your service endpoints using the node's public IP address to access the applications. Use a ClusterIP service type in Kubernetes for each of your services endpoints using its public IP address to access the applications. Which two statements about containers are FALSE? Containerized applications run on top of a container host that in turns runs on the operating system. Containers are highly reusable. A container is essentially the same as a virtual machine. Containers are highly portable. Containers are not scalable. Which command is used to get a Docker image from Oracle Cloud Infrastructure Registry (OCIR) to the client machine? docker pull <region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag> docker fetch <tenancy-namespace>/<region-key>.ocir.io/<repo-name>:<tag> docker pull <tenancy-namespace>/<region-key>.ocir.io/<repo-name>:<tag> docker fetch <region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag>. Which two statements are NOT valid regarding the Oracle Cloud Infrastructure (OCI) Streaming service? The throughput of a stream is defined by a partition. A partition provides 1 MB/sec data input and 2 MB/sec data output. OCI Streaming can support up to 2,000 requests per second to each partition. Although OCI Streaming automatically encrypts all data while in transit, it is the developer's responsibility to encrypt the data at rest if needed. OCI Streaming stores all data for 24 hours by default, but that can be extended up to 7 days. A stream can be configured with either a public or a private endpoint with support for customer-managed encryption keys. You have been asked to update an Oracle Container Engine for Kubernetes (OKE) cluster to a network configuration that has the least attack surface while the deployed applications are still directly available for access from the Internet. Which is a valid OKE cluster network configuration that meets this requirement? Private subnets for nodes and the Kubernetes API endpoint; public subnets for load balancers Private subnets for nodes, the Kubernetes API endpoint, and load balancers Private subnets for nodes; public subnets for the Kubernetes API endpoint, and load balancers Private subnets for the Kubernetes API endpoint; public subnets for nodes and load balancers. Your team has been tasked with debugging a Cloud Native application developed and deployed using the following Oracle Cloud Infrastructure (OCI) services: Object Storage, Events, Functions, API Gateway, and Autonomous Database. Which of these is NOT a valid option to use for troubleshooting issues in OCI? Configure the application to send logs to the OCI Logging Service. Because those OCI Services publish metrics to the OCI Monitoring service, you can view their service metric information there. Leverage OCI Cloud Guard to extract and visualize the debug logs generated by your application. Use the OCI Service Connector Hub to configure a service connector to automatically send logs to the OCI Logging Analytics Service. By enabling Function traces, you can trace performance issues in the Application Performance Monitoring Service. What are two advantages of distributed systems? Ease of testing Security Privacy Scalability Resiliency. Which is incorrect regarding the use of master encryption keys? Generate data encryption keys. Assign keys to supported Oracle Cloud Infrastructure resources, including, but not limited to, buckets and file systems. Use keys for encryption and decryption of data while at rest or in transit. Use keys for encryption and decryption of data only at rest. . As a DevOps engineer you are tasked with managing deployments on OCI Container Engine for Kubernetes (OKE). Which of the following steps is not required for setting up cluster access using a local installation of kubectl? Generate Auth token from OCI console to access the OKE cluster using kubectl. Set up the kubeconfig file. Generate an API signing key pair (if you don't already have one) and upload the public key of the API signing key pair. Install and configure the Oracle Cloud Infrastructure CLI. A fully-qualified path to a particular image in a registry is given as iad.ocir.io/ansh81vru1zp/project01/acme-web-app:version2.0.test.
Identify the two options with correct terms and their associated values. ansh81vru1zp/project01/acme-web-app represents <repo-path>. iad represents <region-key>. iad.ocir.io/ansh81vru1zp represents <region-key>. ansh81vru1zp/project01/acme-web-app:version2.0.test represents <repo-name>. version2.0.test represents <tag>. . Which is correct regarding modifying the Kubernetes cluster properties? You can change the number of worker nodes in a node pool, and the availability domains and subnets in which to place them. You can change the image and shape used by the existing worker nodes. You can change the version of Kubernetes to run on control plane nodes but cannot change the version of Kubernetes on worker nodes. You can change the version of Kubernetes to run on control plane nodes and not worker nodes. Which of the following is required before you can push and pull Docker images to and from Oracle Cloud Infrastructure Registry using Docker CLI? An auth token Master Encryption Key in OCI Vault Docker registry secret SSH key pair. As a developer you have been asked to develop an e-commerce website for your organization. Your website must support different clients including desktop browsers, mobile browsers, and native mobile applications. Which approach will you avoid while you build the application to achieve resiliency to architecture changes, deployment independence, and easier technology upgrades? Use the microservices architecture as it eliminates any long-term commitment to a technology stack. Use a Microservices-based approach to perform frequent updates because it allows you to easily redeploy your applications. Use a monolithic approach as it makes it easier to incrementally adapt to newer technology. Implement each module as an independent service/process which can be replaced, updated, or deleted without disrupting the rest of the application. Which of these is not amongst the types of resources that receive an event from the Events service? Functions Streaming Notifications API GW . Which of the following statements is false regarding deleting a Kubernetes cluster? Upon deleting a cluster, other resources created during the cluster creation process or associated with the cluster (such as VCNs, internet gateways, NAT gateways, route tables, security lists, load balancers, and block volumes) are deleted automatically. Changing the auto-generated name of a worker node will affect the deletion of the worker node when the cluster in which its created is deleted. If you change the auto-generated name of a worker node and then delete the cluster, the renamed worker node is not deleted. Upon deleting a cluster, no other resources created during the cluster creation process or associated with the cluster (such as VCNs, internet gateways, NAT gateways, route tables, security lists, load balancers, and block volumes) are deleted automatically. Oracle Functions monitors all deployed functions and collects and reports various metrics. Which is not available when viewing the Application metrics in the OCI Console? The number of requests to invoke a function that failed due to throttling The number of retries made by the function before failing due to an error The number of requests to invoke a function that failed with an error response The length of time a function runs for. Which testing technique is used to test a product for performance, usability, load, and security in order to overcome any potential risk beforehand? Non Functional Testing Functional Testing Integration Testing Component Testing. Which messaging model is supported by the OCI Streaming service for any use case in which data is produced and processed continually and sequentially? Fanout Pub-Sub Broadcast Bidirectional streaming. As a Security Administrator you have been asked to manage the secrets stored in the OCI Vault. Which two statements are correct regarding configuring rules for secrets? You can create Secret Expiry Rule to prevent the reuse of secret contents across different versions of a secret. You cannot choose whether secret reuse rules apply even to deleted secret versions. You can decide whether the secret contents are blocked past the expiration date. You can choose whether secret reuse rules apply even to deleted secret versions. You can create Secret Reuse Rule to restrict how long the secret contents of a particular secret version can remain in use.
|