ociocian 1

You are building a container image and pushing to Oracle Cloud Infrastructure Registry (OCIR). You need to ensure that these images never get deleted from the repository. Which action should you take ?. Edit the tenancy global retention policy. Create a group and assign a policy to perform lifecycle operations on images. Set global policy of image retention to “Retain All Images”. Write a policy to limit access to the specific repository in your compartment.

As a Cloud Native Developer, you have written a web service for your company. However, your security team has suggested that your web service should address Distributed Denial Of Service (DDoS) attack. You are time constrained and you need to ensure that this is implemented as soon as possible. What should you do in this scenario? (Choose the best answer). Use the OCI Virtual Cloud Network (VCN) segregation to control DDoS. Use a third party service integration to Implement DDos attack mitigation. Re-write your web service and implement rate limiting. Use the OCI API gateway service and configure rate limiting.

You have created a repository in Oracle Cloud Infrastructure Registry (OCIR) in the us-ashburn-1 (iad) region in your tenancy with heyoci namespace. Which three are valid tags for an image named myapp? (Choose three). iad.ocir.io/heyoci/myapp:0.0.2-beta. us-ashburn-1.ocir.io/heyoci/myproject/myapp:0.0.2-beta. us-ashburn-1.ocir.io/myproject/heyoci/myapp:latest. iad.ccir.io/heyoci/myapp:latest. us-ashburn-1.ocir.io/heyoci/myapp:0.0.2-beta.

To effectively test your cloud native application for “unknown unknowns” you need to employ various testing and deployment strategies. Which strategy involves exposing new functionality or features to only a small set of users?. Canary Deployment. A/B Testing. Component Testing. Blue/Green Deployment.

You are developing a real-time monitoring application for a fleet of vehicles, which will be deployed on Oracle Cloud Infrastructure (OCI). You need to choose between using OCI Queue or OCI Streaming to handle the real-time data feeds from the vehicles. Based on the scenario described, which is the most appropriate choice for handling real-time data feeds?. OCI Streaming, because it offers exactly once message delivery, which is necessary for real-time application. OCI Queue, because it provides at least once message delivery, which is critical for real-time monitoring applications. OCI Streaming, because it is designed for high-volume, continuous ingestion and processing of data, making in the best choice for a fleet of vehicles. OCI Queue, because it optimized for low-latency messaging and ideal for real-time applications.

Which is the smalled unit of Kubernetes architecture?. Cluster. Container. Pod. Node.

Your Company has recently deployed a new web application that uses Oracle Functions. Your manager instructs you to implement monitoring metrics to manage your systems more effectively, You know that Oracle Functions automatically monitors functions on your behalf and reports metrics via Oracle Cloud Infrastructure (OCI) Monitoring. Which TWO metrics are collected and made available by this feature? (Choose two). Amount of CPU used by a function. Number of times a function is removed. Number of times a function is invoked. Amount of RAM used by a function. Length of time a function runs.

To enforce mutual TLS (mTLS) authentication for clients of your microservices, your team has chosen to leverage the Oracle Cloud Infrastructure (OCI) API Gateway service to create new API deployments that will direct requests to your microservices. Which is NOT valid regarding the mTLS options in OCI API Gateway?. Adding a custom certificate authority (CA) or custom CA bundle to your gateway’s trust store for mTLS is optional unless you need to reject certificates that do not contain particular values (sush as a domain name). The mTLS request policy can only be enabled at the API deployment specification level, which the applies globally to ALL routes in that deployment. Custom CA or Custom CA bundles can be added to your gateway’s trust store ONLY if they already exist in the OCI Certificates services. Once the mTLS request policy is enabled, ALL requests with valid certificates are routed to the backend unless you have defined one or more particular values (such as a domain name).

A developer using Oracle Cloud Infrastructure (OCI) API Gateway needs to authenticate the API requests to their web application, The authentication process must be implemented using a custom scheme which accepts string-based parameter from the API caller. Which approach should be the developer use in this scenario ?. Cretae an authorizer function using token-based authorization. Create a cross account functions authorizer. Create an authorizer function using OCI Identity and Access Management base authentication. Create an authorizer function using request header authorization.

Which two statements are true for serverless computing and serverless architectures? (Choose two). Applications running on a FaaS (Functions as a Service) platform. Application DevOps team is responsible for scaling. Serverless function state should never be stored externally. Long running tasks are perfectly suited for serverless. Serverless function execution is fully managed by third party.

Your team has chosen to use master encryption key (MEK) within an Oracle Cloud Infrastructure (OCI) Vault for encrypting Kubernetes secrets associated with your microservice deployment in OCI container Engine for Kubernetes (CKE) clusters so that you can easily manage ke rotation. Which of the following is NOT valid about rotating keys in the OCI Vault service?. Once rotated, older key versions can be used for encryption until they are deleted. Both software and HSM protected MEKS can be rotated. When you rotate an MEK, a new key version is automatically generated. Each key version is tracked internally with separate unique OCIDS.

Which is NOT a valid use case for leveraging the Oracle Cloud Infrastructure (OCI) Events service?. Capturing the OCI Monitoring service alarms and invoking autoscaling of compute instances. Publishing a notification when long-lived tasks complete, such as an OCI Autonomous Database backup completion. Triggering a notification action when a function completes its execution. Triggering a function deployed in Oracle Functions when new files are uploaded to an OCI Object Storage bucket. Publishing all the OCI resource events in a specific compartment to the OCI Streaming service for later analysis.

You have two microservices, A and B running in production, Service A relies on APIs from service B. You want to test changes to service A without deploying all of its dependencies, which includes service B. Which approach should you take to test Service A?. Test using a previous test version of service B. Test using an API mock of service B. Test using the current production version of service B. This is not possible because service B is a dependency.

You have just finished building and compiling the software required to implement the API microservice component. You need to rebuild the API docket image, and plan to tag it as: ocidevops/api:latest Which docker command would re-create the API docker image?. docker build -t OCIdevops/api:latest. docker create -t OCIdevops/api:latest. docker image -t OCIdevops/api:latest. docker compile -t OCIdevops/api:latest.

Which is NOT a valid option to execute a function deployed in Oracle Functions?. Invoke from the Docker CLI. Send signed HTTP request to the functions invoke endpoint. Invoke form the Fn Project CLI. Trigger by an event in the Oracle Cloud Infrastructure (OCI) Events service. Invoke from the OCI CLI.

As a developer, you have been tasked with implementing a microservices based application. Which THREE technologies are best suited to accomplish the task? (Choose three). Terraform. Big Data. Anomaly Detection. Service Mesh. Docker. Kubernetes.

You are creating an API deployment in Oracle Cloud Infrastructure (OCI) API Gateway and you want to configure request policies to control access. Which is NOT available in OCI API Gateway ?. Controlling access to the backend OCI resources. Limiting the number of requests sent to the backend services. Enabling Cross-Origin Resource Sharing (CORS) support. Providing authentication and authorization.

Which kubectl command syntax is valid for implementing a rolling update deployment strategy in Kubernetes? (Choose the best answer). Kubectl upgrade -c <container> --image=image:v2. Kubectl update <deployment-name> --image=image:v2. Kubectl rolling-update <deployment-name> --image=image:v2. Kubectl update -c <container> --iniage=image:v2.

What is the difference between blue/green and canary deployment strategies? (Choose the best answer). In blue/green, current application are slowly replaced with new ones. In canary, the application Is deployment incrementally to a select group of people. In blue/green, both old and new applications are in production at the same time. In canary, the application Is deployed incrementally to a select group of people. In blue/green, current applications are slowly replaced with new one. In canary, both old and new applications are in production at the same time. In blue/green, the application is deployed in minor Increments to a select group of people in canary, both and new applications are simultaneously in production.

As a Cloud Native developer, you develop two services in Node.js and deploy the to two different Container Engine for Kubernetes (CKE) Cluster that use the same Virtual Cloud Network (VCN). Your security team wants to analyze the network communication between them. How can this requirement be met in the most cost-effective way?. Rewrite the application and send the application logs to an outside log aggregator. Deploy a third-party logging service and aggregate the network flow logs. Use the OCI Logging service and enable VCN flow logs. Deploy Wireshark and intercept the packets.

Which of these is NOT a valid authentication method for accessing an OCI API Gateway deployment ?. HTTP Basic. API Key. OAuth. SAML Token.

Which TWO statements accurately describe an Oracle Function application? (Choose two). A common context to store configuration variables that are available to all functions in the application. A docker image containing all the functions that share the same configuration. An application based on Oracle Functions, Oracle Cloud Infrastructure (OCI) Events, and OCI API Gateway services. A small block of code invoked in response to an OCI Events service. A logical group of functions. A Docker image containing all the functions that share the same configuration.

Which TWO statements are NOT valid regarding the Oracle Cloud Infrastructure (OCI) Streaming service? (Choose two.). OCI Streaming stores all data for 24 hours by default, but that can be extended up to 7 days. Although OCI Streaming automatically encrypts all data while in transit, it is the developer’s responsibility to encrypt data at rest, if needed. The throughput of a stream is defined by a partition. A partition provides 1 MB/sec data input and 2 MB/sec data output. A stream can be configured with either a public or a private endpoint with support for customer managed encryption keys. OCI Streaming can support up to 2,000 requests per second to each partition.

What are the TWO main reasons you would choose to implement a serverless architecture? (Choose two.). No need for integration testing. Automatic horizontal scaling. Easier to run long-running operations. Reduced operational cost. Improved in-function state management.

In the shared responsibility model, who should perform patching, upgrading, and maintaining of the worker nodes in provisioned Oracle Container Engine for Kubernetes (OKE) clusters?. Oracle Support does it. It is the responsibility of the customer. It is an automated process.

Which testing measure should be considered when using test cases that simultaneously validate a deployment and perform a selected set of functional tasks?. Resource Utilization. Functionality. Scalability. Robust Deployment. Resiliency.

Your organization has mandated that all deployed container images used for microservices must be signed by a specified master encryption key (MEK). You have appropriately signed the container images in your OCI Vault, but must now ensure that they are automatically verified when deployed to Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) clusters. Which option should be used to enable image verification when deploying to OKE clusters, assuming that MEK is already stored in an available OCI Vault?. Enable image verification policies separately for each Kubernetes pod deployment because this is enforced at the pod level. Enable image verification policies separately for each node pool within each OKE cluster because this is enforced at the node pool level. Enable image verification policies separately for each OKE cluster because this is enforced at the cluster level. Enable image verification policies for your OKE service control plane which will enforce this for all OKE clusters.

A company is developing a new application that needs to process transactions in real time. The company wants to ensure that all transactions are processed in order and that no transaction is lost. Which of these is a correct strategy for leveraging OCI Queue in this scenario?. Use a separate queue for each type of transaction. Use a single queue to process all transactions. Use a separate queue for each application instance. Use a priority queue to prioritize requests.

What can you use to dynamically make Kubernetes resources discoverable to public DNS servers? (Choose the best answer.). kubeDNS. DynDNS. CoreDNS. ExternalDNS.

You deployed a Python application to an Oracle Container Engine for Kubernetes (OKE) cluster. However, while testing you found a bug, which you rectified and then created a new Docker image. You now need to ensure that if this new image does not work once deployed, you should be able to roll back to the previous version. Using kubectl, which strategy should you use?. Blue/Green Deployment. Canary Deployment. Rolling Update. A/B Testing.

You have an e-commerce application that loads customers' transactional data into the Oracle Cloud Infrastructure (OCI) Streaming service. The data must now be extracted and transformed before sending it to a third-party REST endpoint. You have been directed to leverage the OCI Service Connector Hub to automate this process. Which configuration option would address this requirement?. Configure a new service connector as follows: Source: Streaming - Task: Functions - Target: Functions. Configure a new service connector as follows: Source: Streaming - Task: API Gateway - Target: Notifications. Configure a new service connector as follows: Source: Streaming - Task: None - Target: Notifications. Configure a new service connector as follows: Source: Streaming - Task: Functions - Target: API Gateway. Configure a new service connector as follows: Source: Streaming - Task: Functions - Target: API Gateway.

Which open source engine is used by Oracle Cloud Infrastructure (OCI) to power Oracle Functions?. Knative. Kubeless. Apache OpenWhisk. Fn Project.

Which feature is typically NOT associated with Cloud Native?. Immutable Infrastructure. Declarative APIs. Containers. Application Servers. Service Meshes.

Which technique is used for testing the entire user flow as well as the moving parts of a cloud native app, ensuring that there are no high-level discrepancies?. Contract Testing. Integration Testing. Unit Testing. Component Testing. End-to-end Testing.

In the DevOps lifecycle, what is the difference between continuous delivery and continuous deployment? (Choose two.). Continuous delivery involves automation of developer tasks, while continuous deployment involves manual operational tasks. Continuous delivery utilizes automatic deployment to a development environment, while continuous deployment involves automatic deployment to a production environment. Continuous delivery requires more automatic testing, while continuous deployment testing must be run manually. Continuous delivery is a process that initiates deployment manually, while continuous deployment is based on automating the deployment process.

A developer has created another version of a microservice and wants 10% of the traffic to flow towards it for testing purposes. The application is already configured using OCI (Oracle Cloud Infrastructure) Service Mesh. Which of the following steps is the right approach to achieve this goal?. Create a new entry in the routeRules field of the virtual service route table manifest to configure traffic splitting between the old and new versions of the microservice and set the percentage to 10%. Create a new Kubernetes deployment for the new version of the microservice and set the traffic splitting percentage to 10% in the Kubernetes service manifest. Create a new entry in the routeRules field of the ingress gateway route table manifest to configure traffic splitting between the old and new versions of the microservice and set the percentage to 10%. Use Kubernetes HPA (Horizontal Pod Autoscaler) to scale the new version of the microservice to handle 10% of the traffic automatically.

A service you are deploying to Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) uses a docker image from a private repository in OCI Registry (OCIR). Which configuration is necessary to provide access to this repository from OKE?. Create a docker-registry secret for OCIR with API key credentials on the cluster, and specify the imagePullSecret property in the application deployment manifest. Create a docker-registry secret for OCIR with Identity Auth Token on the cluster, and specify the imagePullSecret property in the application deployment manifest. Create a dynamic group for nodes in the cluster, and a policy that allows the dynamic group to read repositories in the same compartment. Add a generic secret on the cluster containing your identity credentials. Then specify a registryCredentials property in the deployment manifest.

You have two microservices, A and B, running in production. Service A relies on APIs from service B. You want to test changes to service A without deploying all of its dependencies, which include service B. Which approach should you take to test service A?. Test using API mocks. Test the APIs in private environments. Test against production APIs. There is no need to explicitly test APIs.

Your team has created a serverless application deployed in Oracle Functions. It uses a Python function leveraging the Oracle Cloud Infrastructure (OCI) Python SDK to stop any OCI compute instances that do not comply with your corporate security standards. Although there are three non-compliant OCI compute instances, when you invoke the function, none of the instances were stopped. With respect to this issue, which of the following is a valid troubleshooting strategy?. Enable function logging in the OCI console, add some print statements in your function code, and then view the logs to troubleshoot. Enable function remote debugging in the OCI console, and then use your favourite IDE to inspect the function running on Oracle Functions. Ensure that the application is deployed within the same OCI compartment as the instances, because you cannot enable function execution data from the OCI console. Enable function tracing in the OCI console, and then go to the OCI Monitoring console to view the function stack trace.

When developing microservices, each one can be developed in the language of choice. Which term describes this type of development? (Choose the best answer.). Agile. DevOps. Distributed. Polyglot.

You are using Oracle Cloud Infrastructure (OCI) Resource Manager to manage your infrastructure lifecycle and wish to receive an email each time a Terraform action begins. How should you use the OCI Events service to do this without writing any code?. Create a rule in OCI Events service matching the "Resource Manager Stack - Update" condition. Then select "Action Type: Email" and provide the destination email address. Create an OCI Notification topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Job - Create" condition, and select the notification topic for the corresponding action. Create an OCI Email Delivery configuration with the destination email address. Then create an OCI event rule matching “resource Manager Job – create” condition and select the email configuration for the corresponding action. Create an OCI Notifications topic and email subscription with the destination email address. Then create an OCI events rule matching “Resource Manager Stack – Update” condition, and select the notification topic for the corresponding action.

You are developing a distributed application and you need a call to a path to always return a specific JSON content deploy on OCI API Gateway... What is the correct value for "type"?. STOCK_RESPONSE_BACKEND. CONSTANT_BACKEND. JSON_BACKEND. HTTP_BACKEND.

Which statement accurately describes the Oracle Cloud Infrastructure (OCI) Load Balancer integration with OCI Container Engine for Kubernetes (OKE)?. OKE service provisions an OCI Load Balancer instance for each Kubernetes service with LoadBalancer type in the YAML configuration. OKE service provisions a single OCI LoadBalancer instance shared with all the kubernetes services with loadbalancer type in the YAML configuration. OCI Load Balancer provisioning is triggered by OCI Events services for each Kubernetes services with Loadbalancer type in the YAML configuration. OCI LB must be manually provisioned for each Kubernetes service that requires traffic balancing.

As a cloud-native developer, you are designing an application that depends on OCI Object Storage whenever the application is running. Which of the following should you leverage to meet this requirement?. Oracle Functions. OCI Service Broker for Kubernetes. Open Service Broker API. OCI Container Engine for Kubernetes.

Which command is used to get a Docker image from Oracle Cloud Infrastructure Registry (OCIR) to the client machine?. docker pull <region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag>. docker pull <tenancy-namespace>/<region-key>.ocir.io/<repo-name>:<tag>. docker fetch <region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag>. docker fetch <tenancy-namespace>/<region-key>.ocir.io/<repo-name>:<tag>.

Kubernetes includes various elements such as compute, network, and storage. Compute is essentially CPU (units) and memory (bytes). Within an OKE cluster, what is considered to be the smallest unit of deployment with respect to compute?. Container. Service. Pod. Namespace. Deployment resource.

Which of the following is defined as a configurable, low-latency infrastructure layer that controls the interaction between a network of microservices? (Choose the best answer). Containers. Kubernetes. CI/CD Pipelines. DevOps. Service Mesh.

Which of the following is NOT a criterion that is usually met by a microservice?. Organized around business capabilities. Tightly coupled. Highly maintainable. Independently deployable.

Which is ONE of the differences between a microservice and a serverless function?. Microservices are used for long running operations while serverless functions are used for short running operations. Microservices are triggered by events while serverless functions are not. Microservices are stateless while serverless functions are stateful. Microservices always use a data store while serverless functions never use a datastore.

Which TWO are characteristics of microservices? (Choose two.). Microservices communicate over lightweight APIs. Microservices can be implemented in limited number of programming languages. All microservices share a data store. Microservices are hard to test in isolation. Microservices can be independently deployed.

Which testing strategy achieves high velocity of deployments and releases of cloud native applications? (Choose the best answer.). Penetration testing. Automated testing. Integration testing. A/B testing.

You developed a microservices-based application that runs in an Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster. Your security team wants to use SSL termination for this application. What should you do to create a secure SSL termination with the fewest steps possible?. Create a self-signed certificate and its corresponding key. Crate a Kubernetes secret using the certificate and the key, then add these annotations to the Kubernetes service: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: “443” service.beta.kubernetes.io/oci-load-balancer-tls-secret: ssl certificate-secret. Create a self-signed certificate and its corresponding key. Crate a Kubernetes secret using the certificate and the key, then add these annotations to the Kubernetes service: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: “443” service.beta.kubernetes.io/oci-load-balancer-security-list management-mode: “Frontend”. Add these annotation to the kubernetes service: annotation: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: “443” service.beta.kubernetes.io/oci-load-balancer-ssl-secret-key: ssl secret-key. Generate a self-sign certificate using lets encrypt. Use that certificate on OCI Load balancer.

Which two "Action Type" options are NOT available in an Oracle Cloud Infrastructure (OCI) Events rule definition? (Choose two.). Email. Streaming. Slack. Functions. Notifications.

Which is NOT a valid backend-type option available when configuring an Oracle Cloud Infrastructure (OCI) API Gateway Deployment?. HTTP_BACKEND. ORACLE_STREAMS_BACKEND. ORACLE_FUNCTIONS_BACKEND.

You have a containerized application that requires access to an Autonomous Transaction Processing (ATP) Database. Which option is NOT valid when the container is deployed in an OKE cluster?. Use Kubernetes secrets to configure environment variables on the container with ATP instance OCID, and OCID/API credentials. Then use the CreateConnection API endpoint from the service runtime. Install the Oracle Cloud Infrastructure Service Broker on the Kubernetes cluster and deploy ServiceInstance and ServiceBinding resources for ATP. Then use the specified binding name as a volume in the application deployment manifest. Create a Kubernetes secret with contents from the instance Wallet files. Use this secret to create a volume mounted to the appropriate path in the application deployment manifest. Enable Oracle REST Data Services for the required schemas and connect viaHTTPS.

How would you address the security requirement of storing database credentials securely in Oracle Functions?. Use OCI Console to enter the password in the function configuration section in the provided input field. Leverage application-level configuration variables to store passwords because they are automatically encrypted by Oracle Functions. Use the OCI Vault service to auto-encrypt the password and then set an application-level configuration variable to reference the auto-decrypted password inside your function container. Encrypt the password using the OCI Vault service and then decrypt this password in your function code with the generated key.

Which API method should you use to read and process a stream from OCI Streaming service?. GetStream. ReadMessages. ProcessStream. ReadStream. GetMessages.

Which is a valid OKE cluster network configuration that has the least attack surface?. Private subnets for nodes, the Kubernetes API endpoint, and load balancers. Private subnets for nodes; public subnets for the Kubernetes API endpoint and load balancers. Private subnets for nodes and the Kubernetes API endpoint; public subnets for load balancers. Private subnet for the Kubernetes API endpoint; public subnets for nodes and load balancers.

Which statement best describes the term "cloud native"?. Migrating applications from on-premises infrastructure to the cloud. Using cloud-based development tools to build traditional on-premises applications. Design and deployment of applications optimized for cloud infrastructure. Using cloud infrastructure to run traditional on-premises applications.