OCI Developer 1Z0-1084
You plan to implement logging in your services that will run in OCI OKE. Which statement describes the appropriate logging approach? All services log to an external logging system Each service logs to its own log file All services log to a shared log file All services log to standard output only
All services log to standard output only
Which TWO statements are NOT valid regarding the OCI Streaming service? OCI Streaming stores all data for 24 hours by default, but that can be extended up to 7 days A stream can be configured with either a public or a private endpoint with support for customer-managed encryption key Although OCI Streaming automatically encrypts all data while in transit, it is the developer's responsibility to encrypt data at rest, if needed OCI Streaming can support up to 2,000 requests per second to each partition The throughput of a steam is defined by a partition. A partition provides 1 MB/sec data input and 2 MB/sec data output
Although OCI Streaming automatically encrypts all data while in transit, it is the developer's responsibility to encrypt data at rest, if needed OCI Streaming can support up to 2,000 requests per second to each partition Explanation: other quizlet says "A stream can be configured with either a public or a private endpoint with support for customer-managed encryption key" is wrong Data encryption by default, both at rest and in transit https://www.oracle.com/cloud/streaming/faq/
Which two statements are true for serverless computing and serverless architectures? Long running tasks are perfectly suited for serverless Application DevOps team is responsible for scaling Applications running on a FaaS (Functions as a Service) platform Serverless function execution is fully managed by a third party Serverless function state should never be stored externally
Applications running on a FaaS (Functions as a Service) platform Serverless function state should never be stored externally
You deployed a Python application to a OKE cluster, However, while testing you found a bug, which you rectified and then created a new Docker image. You now need to ensure that if this new image doesn't work after deployment, you should be able to easily roll back to the previous version. Using kubectl, which deployment strategy would you choose? Rolling Update Blue/Green Deployment Canary Deployment A/B Testing
Blue/Green Deployment Explanation: B/G deployment uses rollback if there is a problem https://codefresh.io/learn/software-deployment/what-is-blue-green-deployment/
Which is NOT a valid option to execute a function deployed in Oracle Functions? Trigger by an event in the OCI Events service Invoke from the OCI CLI Invoke from the Docker CLI Send signed HTTP requests to the function's invoke endpoint Invoke from the Fn Project CLI
Invoke from the Docker CLI https://docs.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsinvokingfunctions.htm
Who is responsible for patching, upgrading and maintaining the worker nodes in Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE)? Independent Software Vendors It Is automated The user Oracle Support
the user
Which two are required to enable Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster access from the kubectl CLI? A configured OCI API signing key pair Tiller enabled on the OKE cluster Install and configure the OCI CLI OCI Identity and Access Management Auth Token An SSH key pair with the public key added to cluster worker nodes
A configured OCI API signing key pair Install and configure the OCI CLI Explanation Setting Up Local Access to Clusters To set up a kubeconfig file to enable access to a cluster using a local installation of kubectl and the Kubernetes Dashboard:
Which option best defines microservices? An open source system for automating deployment, scaling, and management of containerized applications A finely tuned piece of software that performs a single or small collection of tasks An organized collection of structured information or data, typically stored electronically in a computer system A statically typed and compiled language
A finely tuned piece of software that performs a single or small collection of tasks 1. Kubernetes 3. DB 4. ex. Java, C++
Which TWO statements accurately describe an Oracle Functions application? An application based on Oracle Functions, OCI Events, and OCI API Gateway services A small block of code invoked in response to an OCI Events service A Docker image containing all the functions that share the same configuration A logical group of functions A common context to store configuration variables that are available to all functions in the application
A logical group of functions A common context to store configuration variables that are available to all functions in the application https://docs.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsconcepts.htm
You have a scenario where a DevOps team wants to store secrets in OCI Vault so that it can inject the secrets into an app's environment variables (for example, MYSQL_DB_PASSWD) at deployment time. Which is NOT valid about managing secrets in the OCI Vault service? A unique OCID is automatically generated for each secret and remains unchanged even when creating a new secret version New secret versions automatically expire in 90 days unless you configure an expiry rule You can manually create new secrets as well as new secret versions using the OCI Console A secret reuse rule prevents the use of secret contents across different versions of a secret
A unique OCID is automatically generated for each secret and remains unchanged even when creating a new secret version
To enforce mutual TLS authentication for clients of your microservices, your team has chosen to leverage the OCI API Gateway service to create new API Deployments that will direct requests to your microservices. Which is NOT valid regarding the mTLS options in OCI API Gateway? Custom CA or custom CA bundles can added to our gateway's trust store ONLY if they already exist in the OCI Certificates service Adding a custom certificate authority (CA) or custom CA bundle to your gateway's trust store for mTLS is optional unless you need to reject certificates that do not contain particular values (such as a domain name) The mTLS request policy can only be enabled at the API deployment specification level, which then applies globally to ALL routes in the deployment Once the mTLS request policy is enabled, ALL requests with valid certificates are routed to the backend unless you have defined one or more particular values (such as domain names)
Adding a custom certificate authority (CA) or custom CA bundle to your gateway's trust store for mTLS is optional unless you need to reject certificates that do not contain particular values (such as a domain name)
Which is NOT a valid use case for leveraging the OCI Events service? Publishing all the OCI resource events in a specific compartment to the OCI Streaming services for later analysis Triggering a notification action when a function completes its execution Triggering a function deployed in Oracle Functions when new files are uploaded to an OCI Object Storage bucket Publishing a notification when long-lived tasks complete, such as an OCI ADB backup completion Capturing the OCI Monitoring service alarms and invoking autoscaling of compute instances
Capturing the OCI Monitoring service alarms and invoking autoscaling of compute instances https://docs.oracle.com/en-us/iaas/Content/Events/Concepts/eventsoverview.htm
As a developer, you are tasked with moving an in-house application to a public cloud without requiring any infrastructure upgrade. Which term describes this cloud development approach? Cloud Native Cloud Agnostic Cloud Based Cloud Enabled
Cloud Enabled
Which term describes a group formed by a master machine and worker machine in a Kubernetes architecture? Cluster Pod Node Container Deployment
Cluster
You have an e-commerce application that loads customers' transactional data into the OCI Streaming service. The data must now be extracted and transformed before sending it to a third-party REST endpoint. You have been directed to leverage the OCI Service Connector Hub to automate this process. Which configuration option would address this requirement? Configure a new service connector as follows: - Source: Streaming - Task: Functions - Target: Functions Configure a new service connector as follows: - Source: Streaming - Task: Functions - Target: API Gateway Configure a new service connector as follows: - Source: Streaming - Task: None - Target: Notifications Configure a new service connector as follows: - Source: Streaming - Task: API Gateway - Target: Functions Configure a new service connector as follows: - Source: Streaming - Task: API Gateway - Target: Notifications
Configure a new service connector as follows: - Source: Streaming - Task: Functions - Target: Functions Explanation: other Quizlet "Configure a new service connector as follows: - Source: Streaming - Task: None - Target: Notifications" but since Notifications can't send to 3rd-party REST endpoint it doesn't seem right. Also there isn't a task being done when the question specifies that "data must now be extracted and transformed" https://docs.oracle.com/en-us/iaas/Content/service-connector-hub/overview.htm#streaming-source
Which TWO statements are FALSE? Containers are essentially the same as virtual machines Containerized apps run on top of a container host that in turn runs on the operating system containers are highly portable Containers are highly reusable containers are not scalable
Containers are essentially the same as virtual machines containers are not scalable
Which TWO statements about containers are FALSE? Containers are essentially the same as virtual machines Containerized applications run on top of a container host that in turn runs on the operating system Containers are highly portable Containers are highly reusable Containers are not scalable
Containers are essentially the same as virtual machines https://www.atlassian.com/microservices/cloud-computing/containers-vs-vms#:~:text=The%20key%20differentiator%20between%20containers,above%20the%20operating%20system%20level.
What is the difference between continuous delivery and continuous deployment in the DevOps methodology? Continuous delivery utilizes automatic deployment to a development environment, whereas continuous deployment involves automatic deployment to a production environment Continuous delivery involves automation of developer tasks, whereas continuous deployment involves manual operational tasks Continuous delivery is a process that initiates deployment manually, whereas continuous deployment is based on automating the deployment process Continuous delivery requires automatic linting, whereas continuous deployment testing must be run manually
Continuous delivery utilizes automatic deployment to a development environment, whereas continuous deployment involves automatic deployment to a production environment
You are deploying an API via Oracle Cloud Infrastructure (OCI) API Gateway and you want to implement request policies to control access Which is NOT available in OCI API Gateway? Controlling access to OCI resources Enabling CORS (Cross-Origin Resource Sharing) support Providing authentication and authorization Limiting the number of requests sent to backend services
Controlling access to OCI resources Explanation In the API Gateway service, there are two types of policy: - a request policy describes actions to be performed on an incoming request from a caller before it is sent to a back end - a response policy describes actions to be performed on a response returned from a back end before it is sent to a caller You can use request policies to: - limit the number of requests sent to back-end services - enable CORS (Cross-Origin Resource Sharing) support - provide authentication and authorization
You are creating an API deployment in OCI API Gateway and you want to configure request policies to control access. Which is NOT available in OCI API Gateway? Controlling access to the backend OCI resources Providing authentication and authorization Limiting the number of requests sent to the backend services Enabling Cross-Origin Resource Sharing (CROS) support
Controlling access to the backend OCI resources
You are using OCI Resource Manager to manage your infrastructure lifecycle and wish to receive an email each time a Terraform action begins. How should you use the OCI Events service to do this without writing any code? Create an OCI Email Delivery configuration with the destination email address. Then create an OCI Events rule matching "Resource Manager Job - Create" condition, and select the email configuration for the corresponding action Create an OCI Notification topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Stack - Update" condition, and select the notification topic for the corresponding action Create a rule in OCI Events service matching the "Resource Manager Stack - Update" conditions. Then select "Action Type: Email" and provide the destination email address. Create an OCI Notification topic and email subscription with the destination email address. Then create and OCI Events rule matching "Resource Manager Job - Create" condition, and select the notification topic for the corresponding action.
Create an OCI Notification topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Stack - Update" condition, and select the notification topic for the corresponding action
You are using Oracle Cloud Infrastructure (OCI), Resource Manager, to manage your infrastructure lifecycle and wish to receive an email each time a Terraform action begins. How should you use the OCI Events service to do this without writing any code? Create an OCI Email Delivery configuration with the destination email address. Then create an OCI Events rule matching "Resource Manager Job - Create" condition, and select the email configuration for the corresponding action. Create an OCI Notification topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager job - Create" condition, and select the notification topic for the corresponding action. Create an OCI Notifications topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Stack - Update" condition, and select the notification topic for the corresponding action. Create a rule in OCI Events service matching the "Resource Manager Stack - Update" condition. Then select "Action Type: Email" and provide the destination email address.
Create an OCI Notification topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager job - Create" condition, and select the notification topic for the corresponding action.
A developer using OCI API Gateway needs to authenticate the API requests to their web application. The authentication process must be implemented using a custom scheme which accepts string-based parameters from the API caller. Which approach should the developer use in this scenario? Create an authorizer function using OCI IAM based authentication Create an authorizer function using token-based authorization Create an authorizer function using request header authorization Create a cross account functions authorizer
Create an authorizer function using token-based authorization
A developer using Oracle Cloud Infrastructure (OCI) API Gateway must authenticate the API requests to their web application. The authentication process must be implemented using a custom scheme which accepts string parameters from the API caller. Which method can the developer use In this scenario? Create an authorizer function using request header authorization. Create a cross account functions authorizer. Create an authorizer function using token-based authorization. Create an authorizer function using OCI Identity and Access Management based authentication
Create an authorizer function using token-based authorization.
You encounter an unexpected error when invoking the Oracle Function named "myfunction" in application "myapp". Which can you use to get more information on the error? Call Oracle support with your error message fn --debug invoke myapp myfunction fn --verbose invoke myapp myfunction DEBUG=1 fn invoke myapp myfunction
DEBUG=1 fn invoke myapp myfunction
As a developer, you have been tasked with implementing a microservices-based application Which THREE technologies are best suited to accomplish the task? Big Data Service Mesh Docker Anomaly Detection Kubernetes Terraform
Docker Kubernetes Terraform
You are building a container image and pushing it to OCIR. You need to ensure that these images never get deleted from the repository. Which action should you take? Write a policy to limit access to specific repository in your compartment Create a group and assign a policy to perform lifecycle operations on images Edit the tenancy global retention policy Set global policy of image retention to "Retain All Images"
Edit the tenancy global retention policy https://docs.oracle.com/en-us/iaas/Content/Registry/Tasks/registrymanagingimageretention.htm
Your team has created a serverless application deployed in Oracle Functions. It uses a Python function leveraging the OCI Python SDK to stop any OCI compute instance that does not comply with your corporate security standards. Although there are three non-compliant OCI compute instances, when you invoke this function, none of the instances were stopped. With respect to this issue, which of the following is a valid troubleshooting strategy? Enable function remote debugging in the OCI console, and then use your favorite IDE to inspect the function running on Oracle Functions Enable functions tracing in the OCI console, and then go to the OCI Monitoring console to view the function stack trace Enable function logging to the OCI console, add some print statements in your function code Ensure that the application is deployed within the same OCI compartment as the instance, because you cannot enable execution data from execution data from the OCI console.
Enable function logging in the OCI console, add some print statements in your function code, and then view the logs to troubleshoot
Your team has created a serverless application deployed in Oracle Functions. It uses a Python function leveraging the OCI Python SDK to stop any OCI compute instance that does not comply with your corporate security standards. Although there are three non-compliant OCI compute instances, when you invoke this function, none of the instances were stopped With respect to this issue, which of the following is a valid troubleshooting strategy? Enable function remote debugging in the OCI console, and then use your favorite IDE to inspect the function running on Oracle Functions Enable function tracing in the OCI console and then go to the OCI Monitoring console to view the function stack trace Enable logging in the OCI console, add some print statements in your function code, and then view the logs to troubleshoot Ensure that the application is deployed within the same OCI compartment as the instance because you cannot enable function execution data from the OCI console
Enable logging in the OCI console, add some print statements in your function code, and then view the logs to troubleshoot
Which technique is used for testing the entire user flow as well as the moving parts of a cloud native app, ensuring that there are no high-level discrepancies? Unit Testing Integration Testing End-to-end Testing Component Testing Contract Testing
End-to-end Testing https://www.linkedin.com/pulse/types-methods-testing-cloud-native-applications-hitesh-khanna
Which Dockerfile instruction informs Docker to use a base image that matches that matches the provided repository and tag? BASE FROM USING ENTRYPOINT
FROM
Which Dockerfile instruction informs Docker to use a base image that matches the provided repository and tag? BASE FROM USING ENTRYPOINT
FROM https://docs.docker.com/engine/reference/builder/
What is the open source engine for Oracle Functions? OpenFaaS Fn Project Knative Apache OpenWhisk
Fn Project
Which of the following step is NOT required for setting up the OKE cluster access using a local installation of kubectl? Set up the kubeconfig file Generate an API signing key pair (if you do not have one) and upload the public key of the API signing key pair Install and congfiure the OCI CLI Generate Auth token from the OCu console to access the OKE cluster using kubectl
Generate Auth token from the OCI console to access the OKE cluster using kubectl. https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengdownloadkubeconfigfile.htm
You want to push a new image in the Oracle Cloud Infrastructure (OCI) Registry. Which two actions do you need to perform? Generate an auth token to complete the authentication via Docker CLI. Assign an OCI defined tag via OCI CLI to the image. Assign a tag via Docker CLI to the image. Generate an API signing key to complete the authentication via Docker CLI. Generate an OCI tag namespace in your repository.
Generate an auth token to complete the authentication via Docker CLI. Assign a tag via Docker CLI to the image. Explanation You use the Docker CLI to push images to Oracle Cloud Infrastructure Registry. To push an image, you first use the docker tag command to create a copy of the local source image as a new image (the new image is actually just a reference to the existing source image). As a name for the new image, you specify the fully qualified path to the target location in Oracle Cloud Registry where you want to push the image, optionally including the name of a repository.
As a developer, you have been asked to develop an e-commerce website for your organization. Your website must support different clients including desktop browsers, mobile browsers, and native mobile applications. Which TWO approaches would you use to build an application that is resilient to architectural changes, has deployment independence, and allows easier technology upgrades? Choose a monolithic approach over microservices because it has better fault isolation capability Implement each module as an independent service or process, which can be replaced, upgraded, or deleted without disrupting the rest of the application Use the microservices architecture because it eliminates any long-term commitment to a technology stack Build the application as a single unit and use the container technology to deploy it Use a monolithic approach because it makes it easier to incrementally adapt to newer technology Use a monolithic approach to perform frequent updates because it allows you to easily redeploy your applications
Implement each module as an independent service or process, which can be replaced, upgraded, or deleted without disrupting the rest of the application Use the microservices architecture because it eliminates any long-term commitment to a technology stack not 100% sure
Your company has recently deployed a new web application that uses Oracle Functions. Your manager instructs you to implement monitoring metrics to manage your systems more effectively. You know that Oracle Functions automatically monitors functions on your behalf and report metrics via OCI Monitoring Which TWO metrics are collected and made available by this feature? Amount of CPU used by a function Number of times function is invoked Number of times a function is removed Amount of RAM used by a function Length of time a function runs
Length of time a function runs Number of times function is invoked
Which is ONE of the differences between a microservice and a serverless function? Microservices are stateless while serverless functions are stateful Microservices are used for long running operations while serverless functions are used for short running operations Microservices are triggered by event while serverless functions are not Microservices always use a data store while serverless functions never use a data store
Microservices are used for long running operations while serverless functions are used for short running operations https://www.techmagic.co/blog/serverless-vs-microservices-which-architecture-to-choose/#:~:text=Functions%20are%20short%2Dterm%20and,single%20microservice%20equals%20several%20functions.
Which two are characteristics of microservices? Microservices are hard to test in isolation. Microservices can be implemented in limited number of programming languages. All microservices share a data store. Microservices can be independently deployed. Microservices communicate over lightweight APIs.
Microservices can be independently deployed. Microservices communicate over lightweight APIs.
You are tasked with developing an application that requires the use of Oracle Cloud Infrastructure (OCI) APIs to POST messages to a stream in the OCI Streaming service. Which statement is incorrect? An HTTP 401 will be returned if the client's clock is skewed more than 5 minutes from the server's. The request must include an authorization signing string including (but not limited to) x-content- sha256, content-type, and content-length headers. The request does not require an Authorization header. The Content-Type header must be Set to application/json
No header needed Explanation Emits messages to a stream. There's no limit to the number of messages in a request, but the total size of a message or request must be 1 MiB or less. The service calculates the partition ID from the message key and stores messages that share a key on the same partition. If a message does not contain a key or if the key is null, the service generates a message key for you. The partition ID cannot be passed as a parameter. POST
As a cloud-native developer, you are designing an application that depends on Oracle Cloud Infrastructure (OCI) Object Storage wherever the application is running. Therefore, provisioning of storage buckets should be part of your Kubernetes deployment process for the application. Which should you leverage to meet this requirement? Oracle Functions OCI Service Broker for Kubernetes Open Service Broker API OCI Container Engine for Kubernetes
OCI Service Broker for Kubernetes Explanation OCI Service Broker for Kubernetes is an implementation of the Open Service Broker API. OCI Service Broker for Kubernetes is specifically for interacting with Oracle Cloud Infrastructure services from Kubernetes clusters. It includes three service broker adapters to bind to the following Oracle Cloud Infrastructure services:
Which THREE are valid statements regarding the OCI OKE service? OKE automatically creates and configures new network resources for the new cluster There is a limit of three clusters within each region, but there is no limit on the number of nodes and pods you can create within each cluster You must have access to an OCI tenancy Your tenancy must have sufficient quota on different types of resources OKE cannot use existing network resources for the creation of a new cluster
OKE automatically creates and configures new network resources for the new cluster There is a limit of three clusters within each region, but there is no limit on the number of nodes and pods you can create within each cluster You must have access to an OCI tenancy
Your organization has deployed their e-commerce application on OKE and they are using the OCIR service as their Docker image repository. They have deployed the OKE cluster using the 'custom create' option, and their VCN has three public subnets with associated Route Tables, Security Lists, and Internet Gateway. However, their application containers are failing to deploy. On investigation, they discover that the images are not being pulled from the designated OCI repository, even though the YAML configuration has the correct path to the images. What is a valid concern here that needs to be further investigated? VCN hosting the OKE cluster worker nodes needs to have a NAT gateway to access OCIR repositories OKE cluster needs to have a secret with the credentials of their OCIR repository and use that secret in the Kubernetes deployment manifest Security List rule for TCP port 22 needs to be added to connect to the OCIR service IAM credentials need to be added for each user that deploys applications to the OKE cluster
OKE cluster needs to have a secret with the credentials of their OCIR repository and use that secret in the Kubernetes deployment manifest https://docs.oracle.com/en-us/iaas/Content/Registry/Tasks/registrypullingimagesfromocir.htm
Which statement accurately describes Oracle Cloud Infrastructure (OCI) Load Balancer integration with OCI Container Engine for Kubernetes (OKE)? OKE service provisions an OCI Load Balancer instance for each Kubernetes service with Load Balancer type in the YAML configuration. OKE service provisions a single OCI Load Balancer instance shared with all the Kubernetes services with Load Balancer type in the YAML configuration. OCI Load Balancer instance must be manually provisioned for each Kubernetes service that requires traffic balancing. OCI Load Balancer instance provisioning is triggered by OCI Events service for each Kubernetes service with Load Balancer type in the YAML configuration.
OKE service provisions a single OCI Load Balancer instance shared with all the Kubernetes services with LoadBalancer type in the YAML configuration Explanation If you are running your Kubernetes cluster on Oracle Container Engine for Kubernetes (commonly known as OKE), you can have OCI automatically provision load balancers for you by creating a Service of type LoadBalancer instead of (or in addition to) installing an ingress controller like Traefik or Voyage YAML file When you apply this YAML file to your cluster, you will see the new service is created. After a short time (typically less than a minute) the OCI Load Balancer will be provisioned.
Which one of the following is NOT a valid backend-type supported by Oracle Cloud Infrastructure (OCI) API Gateway? STOCK_RESPONSE_BACKEND HTTP_BACKEND ORACLE_FUNCTIONS_BACKEND ORACLE_STREAMS_BACKEND
ORACLE_STREAMS_BACKEND Explanation In the API Gateway service, a back end is the means by which a gateway routes requests to the back-end services that implement APIs. If you add a private endpoint back end to an API gateway, you give the API gateway access to the VCN associated with that private endpoint. You can also grant an API gateway access to other Oracle Cloud Infrastructure services as back ends. For example, you could grant an API gateway access to Oracle Functions, so you can create and deploy an API that is backed by a serverless function.API Gateway service to create an API gateway, you can create an API deployment to access HTTP and HTTPS
Your team has chosen to use master encryption key within an OCI Vault for encrypting Kubernetes secretes associated with your micro service deployments in OCI OKE clusters so that you can easily manage key rotation. Which of the following is NOT valid about rotating keys in the OCI Vault service? Both software and HSM-protected MEKs can be rotated Each key version is tracked internally with separate unique OCIDs Once rotated, older key versions can be used for encryption until they are deleted When you rotate an MEK, a new key version is automatically generated
Once rotated, older key versions can be used for encryption until they are deleted Explanation: versions still available to decrypt any data that was previously encrypted https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Concepts/keyoverview.htm#:~:text=Although%20you%20can't%20use,data%20that%20it%20previously%20encrypted.
You are developing a polygot serverless application using Oracle Functions. Which language cannot be used to write your function code? PL/SQl Node.js Go Python Java
PL/SQl https://docs.oracle.com/en-us/iaas/Content/Functions/Tasks/languagessupportedbyfunctions.htm
Kubernetes include various elements such as compute, network, and storage. Compute is essentially CPU and memory (bytes). Within an OKE cluster, what is considered to be the smallest unit of deployment with respect to compute? Service Container Deployment resource Pod Namespace
Pod https://kubernetes.io/docs/concepts/workloads/pods/
What are the TWO main reasons you would choose to implement a serverless architecture? No need for integration testing Automatic horizontal scaling Reduced operational cost Easier to run long-running operations Improved in-function state management
Reduced operational cost Automatic horizontal scaling https://www.cloudflare.com/learning/serverless/why-use-serverless/
With the volume of communication that can happen between different components in cloud-native applications, it is vital to not only test functionality, but also service resiliency. Which statement is true with regards to service resiliency? Resiliency is about avoiding failures. Resiliency testing can be only done in a test environment. A goal of resiliency is not to bring a service to a functioning state after a failure. Resiliency is about recovering from failures without downtime or data loss.
Resiliency is about avoiding failures.
With the volume of communication that can happen between different components in cloud-native applications, it is vital to not only test functionality, but also services resiliency. Which statement is true regarding services resiliency? Resiliency testing can be done only in a test environment Resiliency is about recovering from failures without downtime or data loss Resiliency is about not bringing a service to a functioning state after a failure Resiliency is about avoiding failures
Resiliency is about recovering from failures without downtime or data loss
Which testing measure should be considered when when using test cases that simultaneously validate a deployment and perform a selected set of functional tasks? Scalability Resiliency Functionality Robust Deployment Resource Utilization
Robust Deployment
You are developing a distributed application and you need a call to a path to always return a specific JSON content deploy an Oracle Cloud Infrastructure API Gateway with the below API deployment specification. What is the correct value for type? { "routes": [{ "path": "/hello", "methods": ["GET"), "backend": { "type": "--------------", "status": 200, . "headers": [{ "name": "Content-Type", "value": "application/json" }] "body" : "{\"myjson\": \"consistent response\"}" } }] } CONSTANT_BACKEND JSON_BACKEND HTTP_BACKEND STOCK_RESPONSE_BACKEND
STOCK_RESPONSE_BACKEND
You have two microservices, A and B running in production. Service A relies on APIs from service B You want to test changes to service A without deploying all of its dependencies, which includes service B. Which approach should you take to test service A? Test the APIs in private environments. Test against production APIs Test using API mocks. There is no need to explicitly test APIs.
Test using API mocks
Which of the following is NOT a criterion that is usually met by a microservices? Tightly coupled Organized around business capabilities Independently deployable Highly maintainable
Tightly coupled Explanation: they are loosely coupled
Which of the following TWO statements are TRUE about deleting a Kubernetes cluster? Upon deleting a cluster, no other resources created during the cluster creation process or associated with the cluster (such as VCN, Internet Gateways, NAT Gateways, Route Tables, Security Lists, LB, and Block Volumes) are deleted automatically If you change the auto-generated name of a worker node and then deleted the cluster, the renamed worker node is not deleted Upon deleting a cluster, other resources created during the cluster creation process or associated with the cluster are deleted automatically You cannot change the autogenerated names of the worker nodes in the format oke-c<part-of-cluster-OCID>-n<part-of-node-pool-OCID>-s<part-of-subnet-OCID>-<slot> within a Kubernetes cluster Changing the auto-generated name of a worker node doesn't affect the deletion of the worker node when the cluster in which it is created is deleted
Upon deleting a cluster, no other resources created during the cluster creation process or associated with the cluster (such as VCN, Internet Gateways, NAT Gateways, Route Tables, Security Lists, LB, and Block Volumes) are deleted automatically If you change the auto-generated name of a worker node and then deleted the cluster, the renamed worker node is not deleted https://docs.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengdeletingcluster.htm
As a Cloud Native developer, you develop two services in Node.js and deploy them to two different OKE clusters that use the same VCN. Your security team wants to analyze the network communication between them. How can this requirement be met in the most cost-effective way? Deploy Wireshark and intercept the packets Use the OCI Logging services and enable VCN flow logs Deploy a 3rd-party logging service and aggregate the network Rewrite the application and send the application logs to an outside log aggregator
Use the OCI Logging services and enable VCN flow logs
Your company has developed a function that uses an Oracle DB to inject some data to it at runtime. You are tasked to move this function to OCI using Oracle Functions and access an ADB instead. You create a Dockerfile to run this function, however, you are getting this error: cx_Oracle.DatabaseError: ORA-12560: TNS:protocol adapter error Dockerfile: FROM oraclelinux:7-slim RUN yum -y install oracle-release-e17 oracle-nodejs-release-e17 && \ yum-config-manager --disable o17_developer_EPEL && \ yum -y install oracle-instantclient19.3-basiclite nodejs && \ rm -rf /var/cache/yam WORKDIR /function ADD . /function/ RUN npm install CMD exec node func.js What should you do to ensure Functions can run this Dockerfile property? You need to run this Container as the fn user, so add these two lines to your Dockerfile: groupadd --gid 1000 fn && \ adduser --uid 1000 --gid fn fn You need to run this Container as root, so add this line to the Dockerfile: USER root Use the --privileged flag while running the Docker container to add runtime privilege Use the --cap-add-ALL flag while running the Docker container to add runtime capability
You need to run this Container as the fn user, so add these two lines to your Dockerfile: groupadd --gid 1000 fn && \ adduser --uid 1000 --gid fn fn https://docs.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsrunningasunprivileged.htm
Which testing approaches is a must for achieving high velocity of deployments and release of cloud-native applications? Integration testing Automated testing A/B testing Penetration testing
automated testing
From a DevOps process standpoint, it is a good practice to keep changes to an application under version control. Which of the following allows changes to a Docker image to be stored in a version control system? docker commit Dockerfile docker save docker-compose.yml
docker commit
From a DevOps process standpoint, it is good practice to keep changes to an application under version control. Which of the following allows changes to a Docker image to be stored in a version control system? docker commit Dockerfile docker save docker-compose.yml
docker commit
Which two "Action Type" options are NOT available in an Oracle Cloud Infrastructure (OCI) Events rule definition? Notifications Streaming Email Functions Slack
email slack
You are building a cloud native server less travel application with multiple Oracle Functions in Java, Python, and Node.js. You need to build and deploy these functions to a single application named travel-app. Which command will help you complete this task successfully? fn app deploy --app travel-app --all fn function deploy --app travel-app --all fn app --app travel-app deploy --ext java | py | js fn deploy --app travel-app --all
fn deploy --app travel-app --all
A Docker image consists of one or more layers, each of which represent a Dockerfile instruction. The layers are stacked and each one is a delta of the changes from the previous layer. What permission is associated with these layers? read only write only read mostly write once movable
read only https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
Which TWO are part of the Cloud Native Computing Foundation (CNCF) container runtime? runc envoy containerd getcd rkt-o
runc containerd
Your Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) administrator has created an OKE cluster with one node pool in a public subnet. You have been asked to provide a log file from one of the nodes for troubleshooting purpose. Which step should you take to obtain the log file? It is impossible since OKE is a managed Kubernetes service. ssh into the nodes using private key. Use the username opc and password to login. ssh into the node using public key.
ssh into the nodes using a private key
As a cloud-native developer, you have written a web service for your company. You have used Oracle Cloud Infrastructure (OCI) API Gateway service to expose the HTTP backend. However, your security team has suggested that your web service should handle Distributed Denial-of-Service (DDoS) attack. You are time-constrained and you need to make sure that this is implemented as soon as possible. what should you do in this scenario? Re-write your web service and implement rate limiting. Use OCI virtual cloud network (VCN) segregation to control DDoS. Use a third party service integration to implement a DDoS attack mitigation. Use OCI API Gateway service and configure rate limiting.
use OCI API Gateway service and configure rate limiting
You have created a repository in Oracle Cloud Infrastructure Registry in the us-ashburn-1 (iad) region in your tenancy with a namespace called "heyoci". Which three are valid tags for an image named "myapp" ? us-ashburn-l.ocir.io/myproject/heyoci/myapp:latest us-ashburn-l.ocir.io/heyoci/myproject/myapp:0.0.2-beta iad.ocir.io/heyoci/myapp:latest iad.ocir.io/heyoci/myapp:0.0.2-beta iad.ocir.io/heyoci/myproject/myapp:0.0.1 iad.ocir.io/myproject/heyoci/myapp:latest us-ashburn-l.ocir.io/heyoci/myapp:0.0.2-beta
iad.ocir.io/heyoci/myapp:latest iad.ocir.io/heyoci/myapp:0.0.2-beta iad.ocir.io/heyoci/myproject/myapp:0.0.1