1z0-1084-24

When a team decouples monolithic components and converts them into a microservice based architecture, which condition is considered a benefit?. An increase in network traffic. An increase in the number of scalability options. Additional complexity when integrating components together. Greater complexity when monitoring and troubleshooting applications ​​.

As a developer, user is tasked with utilizing some of the capabilities of the cloud, such as higher availability and scalability, but user cannot completely redesign their application to use cloud services. Considering this limitation for application re-design, which solution should they use in this case?. Cloud Native. Cloud Based. Cloud Enabled. Cloud Agnostic.

As a developer, user is tasked with moving an in-house application to a public cloud without requiring any infrastructure upgrade. Which term describes this cloud development approach?. Cloud Native. Cloud Based. Cloud Enabled. Cloud Agnostic.

User has developed a cloud-based application that has multiple services, with each service having one or more consumers. They need to make sure that excessive load or failure in a particular service should not impact all consumers of other services. Which service design pattern should they choose to mitigate the risk?. Circuit Breaker Pattern. Choreography. Cache-Aside. Bulkhead.

Which pattern can help user minimize the probability of cascading failures in their system during partial loss of connectivity or a complete service failure?. Retry pattern. Anti-corruption layer pattern. Circuit breaker pattern. Compensating transaction pattern.

Which two are characteristics of microservices?. Microservices are hard to test in isolation. Microservices can be independently deployed. All microservices share a data store. Microservices can be implemented in a limited number of programming languages. Microservices communicate over lightweight APIs.

Which statement about microservices is FALSE?. They are independently deployable. They are typically designed around business capabilities. Multiple microservices can run in one process. It is fairly common for them to communicate with HTTP ​​.

Which of the following is NOT a criteria that is usually met by a microservice?. Highly maintainable. Independently deployable. Organized around business capabilities. Tightly coupled.

As a developer, user has been tasked with implementing a microservices-based application. Which THREE technologies are best suited to accomplish the task?. Big Data. Kubernetes. Docker. Service Mesh. Anomaly Detection. Terraform.

Which of the following is defined as a configurable, low-latency infrastructure layer that controls the interaction between a network of microservices?. CI/CD pipeline. DevOps. Containers. Kubernetes. Service Mesh.

Which statement is FALSE about ingress gateway route tables in OCI Service Mesh?. Route rules are based on protocol and path. There can be more than one route table for each ingress gateway. They map a group of instances or pods running a specific version of the actual microservice. They define which virtual services within the mesh are accessible from the ingress gateway deployment ​​.

What is the primary purpose of OCI Service Mesh?. To secure data at rest and in transit across Kubernetes resources. To automate the deployment of applications in a Kubernetes cluster. To provide a centralized platform for monitoring Kubernetes resources. To provide a way to manage network traffic between Kubernetes services.

A company is developing a new microservice-based application that needs to be highly available and resilient. They wish to ensure that each microservice is able to communicate securely and reliably with other microservice in the application. Which of these is a correct strategy for leveraging OCI Service Mesh in this scenario?. Deploy each microservice in a separate VCN. Use a separate service mesh for each microservice. Use an external load balancer to provide access to the microservice. Implement access policies to control traffic flow between microservices.

Oracle Cloud Infrastructure (OCI) Service Mesh is a platform that provides service-to-service communication and traffic management capabilities. Access policies are an important resource to be configured while meshifying an application. Which of the following statements is NOT valid regarding OCI Service Mesh access policies?. Access policies help to set access rules to virtual services in a mesh. Creating a rule that allows all virtual services in mesh to communicate with each other is not permitted. Access policies work on three categories of traffic: internal mesh traffic, ingress traffic, and egress traffic. By default, all communication between services are denied. Therefore, at least one access policy is required to enable service-to-service communication. ​​.

As part of meshifying the E-commerce application, user need to create a virtual deployment and a virtual service in the OCI Service Mesh. Which of the following statements best describes the difference between a virtual deployment and a virtual service in this context?. A virtual deployment is a version of a virtual service in the mesh, while a virtual service is a list of routing rules to manage ingress traffic to a virtual deployment. A virtual deployment is a group of instances/pods running a specific version of the actual microservice. While a virtual service is a single representation of the microservice. A virtual deployment is a configuration for service discovery type, host name, network protocol, and logging, while a virtual service is a list of routing rules used to manage ingress traffic to a microservice. A virtual deployment is used to associate the pods in a Kubernetes cluster to a microservice, while a virtual service is used to allow resources that are outside of the mesh to communicate with resources inside the mesh ​​.

Which of the following statements about OCI Service Mesh is true?. OCI Service Mesh is a NoSQL database service. OCI Service Mesh is a container orchestration platform. OCI Service Mesh is used for creating virtual networks within an OCI tenancy. OCI Service Mesh provides a way to connect and manage microservices in a distributed environment.

Which statement is TRUE about a Virtual Service deployment binding in OCI Service Mesh?. It sets access rules to virtual services in the mesh. It supports multiple versions of the application through virtual deployments. It enables automatic sidecar injection and pod discovery for proxy software. It maps to a group of pods running a specific version of the actual microservice ​​.

User is instructed to automate manual tasks and help software teams manage complex environments at scale using the Oracle Cloud Infrastructure (OCI) services. Which three OCI services can be leveraged to securely store and version their application’s source code, and automate the building, testing, and deployment of applications to the OCI platform?. Oracle Cloud Logging Analytics. Resource Manager. DevOps. Oracle Cloud Infrastructure Registry. Oracle APEX Application Development. Container Engine for Kubernetes.

As a developer user has been tasked to develop an e-commerce website for their organization. Their website must support different clients including desktop and mobile browsers, as well as native mobile applications. Which approach will they avoid when building the application if they need to achieve resiliency to architecture changes, deployment independence, and easier technology upgrades?. Use a cloud-native approach as it migrates any long-term commitment to a technology stack. Use a Microservices-based approach to perform frequent updates because it allows user to easily redeploy their applications. Use a monolithic deployment approach as it makes it easier to incrementally adapt to newer technology. Implement each module as an independent service/process which can be replaced, updated, or deleted without disrupting the rest of the application ​​.

As a developer user is tasked to develop an e-commerce website for their organization. Their website must support different clients including desktop browsers, mobile browsers, and native mobile applications. Which two approaches can they use to build the application to achieve resiliency to architecture changes, deployment independence, and easier technology upgrades?. Use a monolithic approach to perform frequent updates because it allows user to easily redeploy their applications. Use a monolithic approach because it makes it easier to incrementally adapt to newer technology. Use a monolithic approach to perform frequent updates because it allows user to easily redeploy applications. Use the microservices architecture because it eliminates any long-term commitment to a technology stack. Build the application as a single unit and use container technology to deploy it. Implement each module as an independent service/process which can be replaced, updated, or deleted without disrupting the rest of the application.

Which option best defines microservices?. A statically typed and compiled language. A finely tuned piece of software that performs a single or small collection of tasks. An open-source system for automating deployment, scaling, and management of containerized applications. An organized collection of structured information or data, typically stored electronically in a computer system ​​.

Which is best defined as “a combination of development and operations brought together to create a unified infrastructure designed to maximize productivity”?. Microservices. Containers. DevOps. Agile Methodology.

Which container runtime is NOT compliant with the Cloud Native Computing Foundation (CNCF)?. CRI-O. Docker. Firecracker. Containerized.

Which is NOT a part of a Cloud Native Computing (CNCF) container runtime?. containerD. cri-o. envoy. etcd.

Which TWO are part of the Cloud Native Computing Foundation (CNCF) Container runtime?. Runc. Envoy. Getcd. containerD. rkt-o ​.

Which is NOT a benefit of cloud-native development?. Reduced cost. Auto provisioning. Faster Release. Simple Architecture.

What is the communication method between different Cloud native applications services?. Complex and asynchronous. Basic and synchronous. Complex and synchronous. Basic and asynchronous.

Per CAP theorem, in which scenario do user NOT need to make any trade-off between the guarantees?. when the system is running in the cloud. when the system is running on-premise. when there are no network partitions. when they are using load balancers ​​.

As a DevOps Engineer, user is asked to manage the OCI Container Registry, which hosts Docker Container Images. User is directed to delete all the images within a tenancy region that have not been pulled for over 72 hours to avoid billing charges for the storage space they consume. Which action should they perform to handle this requirement?. Periodically delete old, unused images using Docker CLI. For each old, unused image, select Delete Image from the Actions menu and confirm that they want to delete the image. Set up local image retention policies to delete images automatically based on selection criteria. Set up global image retention policy to delete images automatically based on selection criteria.

Which of the following is required before user can push and pull Docker images to and from Oracle Cloud Infrastructure Registry using Docker CLI?. Master Encryption Key in OCI Vault. An Auth Token. Docker Registry secret. OCI Vault secret. SSK key pair ​​.

User is using Oracle Cloud Infrastructure (OCI) Registry to store the Container Images for their application. They have been asked to deploy these application images to an existing OKE cluster. How should they handle the specification of the OCI Registry credentials?. Use standard username and password to pull an image directly within the Pod Spec. Create a configmap in OKE specifying the credentials and use it in Pod Spec. Create a Docker Registry secret in the cluster and use that as ImagePullSecrets in Pod Spec. Use an encoded credential to pull an image directly within the Pod Spec ​​.

A service user is deploying to Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) which uses a docker image from a private repository in OCI Registry (OCIR). Which configuration is necessary to provide access to this repository from OKE?. Add a generic secret on the cluster containing user identity credentials. Then specify a registryCredentials property in the deployment manifest. Create a docker-registry secret for OCIR with API key credentials on the cluster, and specify the ImagePullSecrets property in the application deployment manifest. Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the ImagePullSecrets property in the application deployment manifest. Create a dynamic group for nodes in the cluster, and a policy that allows the dynamic group to read repositories in the same compartment. ​​.

Which statement is true about Oracle Cloud Infrastructure Registry (OCIR)?. There is no limit to the number of repositories user can have in any given region within tenancy. Once a repository has been created in a compartment, it cannot be moved to another compartment. When user delete a repository, it can take up to two days for the deletion to take effect and for storage to be released. Once deleted, the image is permanently removed from the Container Registry and cannot be restored ​​.

Which command is used to get a Docker Image from Oracle Cloud Infrastructure Registry (OCIR) to the client machine?. Docker pull <tenancy-namespace>/<region-key>.ocir.io/<repo-name>:<tag>. Docker pull <region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag>. Docker fetch <region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag>. Docker fetch <tenancy-namespace>/<region-key>.ocir-io/<repo-name>:<tag> ​​.

User has just finished building and compiling the software required to implement the API microservice component. They need to rebuild the API docker image, and plan to tag it as: OCIdevops/api:latest. Which docker command would re-create the API docker image?. Docker create -t OCIdevops/api:latest. Docker image -t OCIdevops/api:latest. Docker build -t OCIdevops/api:latest. Docker compile -t OCIdevops/api:latest ​​.

From a DevOps process standpoint, it is a good practice to keep changes to an application under version control. Which of the following allows changes to a Docker image to be stored in a version control system?. Updating Dockerfile. Executing docker save. Executing docker commit. Updating docker-compose.yml ​​.

Which Dockerfile instruction informs Docker to use a base image that matches the provided repository and tag?. BASE. FROM. USING. ENTRYPOINT.

User want to push a new image in the Oracle Cloud Infrastructure (OCI) Registry. Which two actions do they need to perform?. Generate an API signing key to complete the authentication via Docker CLI. Assign a tag via Docker CLI to the image. Generate an auth token to complete the authentication via Docker CLI. Assign an OCI defined tag via OCI CLI to the image. Generate an OCI tag namespace in their repository.

A Docker Image consists of one or more layers, each of which represents a Dockerfile instruction. The layers are stacked and each one is a delta of the changes from the previous layer. Which permission is associated with these layers?. Read mostly. Movable. Write only. Read only. Write once.

A fully-qualified path to a particular image in a registry is given as iad.ocir.io/ansh81vru1zp/project01/acme-web-app:version2.0.test. Identify the two options with correct terms and their associated values. Ansh81vru1zp/project01/acme-web-app represents <repo-path>. Iad.ocir.io/ansh81vrulzp represents <region-key>. Version2.0.test represents <tags>. Iad represents <region-key>. Ansh81vru1zp/project01/acme-web-app:version2.0.test represents <repo-name>.

User has created a repository in Oracle Cloud Infrastructure Registry in the us-ashburn-1 (Iad) region in their tenancy with a namespace called "heyoci". Which three are valid tags for an image named "myapp"?. us-ashburn-1.ocir.io/heyoci/myapp:0.0.2-beta. us-ashburn-1.ocir.io/heyoci/myproject/myapp:0.0.2-beta -us-ashburn-1.ocir.io/myproject/heyoci/myapp:latest. iad.ocir.io/myproject/heyoci/myapp:latest. iad.ocir.io/heyoci/myproject/myapp:0.0.1. iad.ocir.io/heyoci/myapp:0.0.2-beta. iad.ocir.io/heyoci/myapp:latest.

What should user use to authenticate themselves before doing docker image pull or push from Oracle Cloud Infrastructure (OCI) Registry?. User must have OCI username and Fingerprint. User must have an OCI Username and an Auth Token. User must have a docker hub username and password. User must have an OCI API Signing Key.

User is building a container image and pushing it to the Oracle Cloud Infrastructure Registry (OCIR). They need to make sure that these images never get deleted from the repository. Which action should they take?. Create a group and assign a policy to perform lifecycle operations on images. Set global policy of image retention to "Retain All Images". In their compartment, write a policy to limit access to the specific repository. Edit the tenancy global retention policy.

Which three can be used to push docker images to OCIR?. Data Pump. Docker CLI. Docker v2 API. Oracle Functions Service. SQL Plus.

An Organization has deployed their e-commerce application on Oracle Container Engine for Kubernetes (OKE) and they are using the Oracle Cloud Infrastructure Registry (OCIR) service as their Docker Image repository. They have deployed the OKE cluster using the 'custom create' option, and their Virtual Cloud Network (VCN) has three public subnets with associated Route tables, Security Lists and Internet Gateway. However, their application containers are failing to deploy. On Investigation, they discover that the images are not being pulled from the designated OCIR Repository, even though the YAML configuration has the correct path to the images. What is a valid concern here that needs to be further investigated?. Security List Rule for TCP port 22 needs to be added to connect to the OCIR service. VCN hosting the OKE cluster worker nodes needs to have a NAT gateway to access OCIR Repositories. Identity and Access Management (IAM) credentials need to be added for each user that deploys applications to the OKE cluster. OKE cluster needs to have a secret with the credentials of their OCIR Repository and use that secret in the Kubernetes deployment manifest.

Which is NOT a component of Docker Architecture?. Docker Registry. Docker Runtime. Docker Machine. Docker Engine.

Which two statements are true about Docker Images and Containers?. Only one container can be spawned from a given image at a time. If multiple containers are spawned from the same image, they all use a different copy of the image in memory. A container can exist without an image, but an image cannot exist without a container. An image is a collection of immutable layers, whereas a container is a running instance of an image. Each time Docker launches a container from an image, it adds a thin variable layer known as the container layer.

Identify the two correct statements for deleting a docker image from OCIR?. Tagged Images cannot be deleted. There is time limit to undelete the image. User can use OCI CLI to perform the delete. Only manual deletes are possible.

Which two statements about container are FALSE?. Containerized applications run on top of a container host that in turn runs on the operating system. Containers are highly reusable. A container is essentially the same as a virtual machine. Containers are highly portable. Containers are not scalable.

Which is a key benefit of breaking a monolithic application into cloud-native microservices and running them inside Docker Containers?. Relatively easier and simple to develop. Simplified log management. Reduced network latency and security concerns. Improved process isolation.

What is the difference between continuous Delivery and Continuous Deployment?. Continuous Delivery is a manual task, while Continuous Deployment is an automated task. Continuous Delivery has manual releases to production decisions, while Continuous Deployment has releases automatically pushed to production. Continuous Delivery means complete delivery of the application to the customer, while Continuous Deployment includes only deployment of the application in the customer environment. Continuous Delivery includes all the steps of the software development life cycle, while Continuous Deployment may skip a few steps such as Validation and Testing ​​.

A business representative at Oracle is asked to describe OCI DevOps as a Service to a potential customer. Specifically, they must describe what it is and what it does as succinctly as possible. Which is the BEST description of the OCI DevOps Service?. OCI DevOps is a cloud-based platform for engineers; it builds software. OCI DevOps is an automation service for DevOps teams; it uses pipeline to manage infrastructure. OCI DevOps is a CI/CD platform for developers; it automates the SDLC. OCI DevOps is a configuration management service; it orchestrates deployments ​​.

What is the difference between blue/green and canary deployment strategies?. In blue/green, application is deployed in minor increments to a select group of people. In canary, both old and new applications are simultaneously in production. In blue/green, both old and new applications are in production at the same time. In canary, application is deployed incrementally to a select group of people. In blue/green, current applications are slowly replaced with new ones. In canary, both old and new applications are in production at the same time. In blue/green, current applications are slowly replaced with new ones. In canary, application is deployed incrementally to a select group of people.

User has deployed a Python application on Oracle Cloud Infrastructure Container Engine for Kubernetes. However, during testing they found a bug that they rectified and created a new Docker image. They need to make sure that if this new Image doesn't work then they can roll back to the previous version. Using Kubectl, which deployment strategies should they choose?. Rolling Update. Canary Deployment. Blue/Green Deployment. A/B Testing.

As a developer, user is tasked with using an OCI DevOps project to automate the software development process. Which task CANNOT be performed using the OCI DevOps build pipeline?. Automate the build process on code commit. Store an artifact in an artifact repository. Perform an incremental release to OKE, Functions, or instance groups. Run automated unit tests ​​.

Which is an open-source container management tool that is responsible for container deployment, scaling and descaling of containers, and load balancing?. Docker. Kubernetes. Grafana. ContainerD.

Which term describes a group formed by a master machine and a worker machine in a Kubernetes architecture?. Node. Deployment. Cluster. POD.

Which of the following Kubernetes resource objects is used to define how many replicas of the POD should be created?. POD. Service. Namespace. Deployment.

Kubernetes includes various elements such as compute, network and storage. Compute is essentially CPU (units) and memory (bytes). Within an OKE cluster, what is considered to be the smallest unit of deployment with respect to compute?. Deployment resource. Service. Namespace. Container. POD.

What can user use to dynamically make Kubernetes resources discoverable to public DNS servers?. CoreDNS. ExternalDNS. KubeDNS. DynDNS.

Which of the following statements about managed Kubernetes in OCI is true?. OCIs managed Kubernetes service is called EKS. OCIs managed Kubernetes service runs only on Linux servers. OCIs managed Kubernetes service is not compatible with external CI/CD tools. OCIs managed Kubernetes service supports both stateful and stateless applications.

Which of the following is a valid OCI CLI (Command Line Interface) command that can be used to create an Oracle Kubernetes Engine (OKE) cluster in OCI?. Oci ce cluster create. Oci oke cluster create. Oci container cluster create. Oci Kubernetes cluster create.

User developed a microservice-based application that runs in an Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster. It has multiple endpoints that need to be exposed to the public client. What is the most cost-effective way to expose multiple application endpoints without adding unnecessary complexity to the application?. Create a separate load balancer instance for each service using the lowest 100 Mbps throughput option. Deploy an Ingress controller and use it to expose each endpoint with its own routing endpoint. Use a NodePort service type in Kubernetes for each of their service endpoints using the nodes IP address to access the applications. Use a ClusterIP service type in Kubernetes for each of their service endpoints using its public IP address to access the applications.

Which statement accurately describes Oracle Cloud Infrastructure (OCI) Load Balancer integration with OCI Container Engine for Kubernetes (OKE)?. OCI Load Balancer instance provisioning is triggered by OCI Events service for each Kubernetes service with LoadBalancer type in the YAML configuration. OCI Load Balancer instance must be manually provisioned for each Kubernetes service that requires traffic balancing. OKE service provisions an OCI Load Balancer instance for each Kubernetes service with LoadBalancer type in the YAML configuration. OKE service provisions a single OCI Load Balancer instance shared with all the Kubernetes services with LoadBalancer type in the YAML configuration.

Given a service deployed on Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE), which annotation should user add in the sample manifest file below to specify a 400 Mbps load balancer? apiversion: v1 kind: Service metadata: name: my-nginx-svc labels: app: nginx annotations: <Fill in> spec: type: LoadBalancer ports: port: 80 selector: app: nginx. service.beta.kubernetes.io/oci-load-balancer-kind: 400Mbps. service.beta.kubernetes.io/oci-load-balancer-value: 400Mbps. service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps. service.beta.kubernetes.io/oci-load-balancer-size: 400Mbps.

Which Oracle Cloud Infrastructure (OCI) load balancer shape is used by default in OCI Container Engine for Kubernetes?. There is no default. The shape has to be specified. 100 Mbps. 400 Mbps. 8000 Mbps.

In the sample Kubernetes manifest file below, what annotations should user add to create a private load balancer in Oracle Cloud Infrastructure Container Engine for Kubernetes? apiversion: v1 kind: Service metadata: name: my-nginx-svc labels: app: nginx annotations: <Fill in> spec: type: LoadBalancer ports: port: 80 selector: app: nginx. service.beta.kubernetes.io/oci-load-balancer-private: "true". service.beta.kubernetes.io/oci-load-balancer-private: "true" service.beta.kubernetes.io/oci-load-balancer-subnet1: "ocid1.subnet.oc1..aaaaa....vdfw". service.beta.kubernetes.io/oci-load-balancer-internal: "true". service.beta.kubernetes.io/oci-load-balancer-internal: "true" service.beta.kubernetes.io/oci-load-balancer-subnet1: "ocid1.subnet.oc1..aaaaa....vdfw".

User developed a microservice-based application that runs in an Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster. Their security team wants to use SSL termination for this application. What should they do to create a secure SSL termination for this application using the fewest steps possible?. Add these annotations to the Kubernetes service: Annotations: Service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443" Service.beta.kubernetes.io/oci-load-balancer-ssl-secret-key: ssl-secret-key. Create a self-signed certificate and its corresponding key. Create a Kubernetes secret using the certificate and the key. Then add these annotations to the Kubernetes service: Annotations: Service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443" Service.beta.kubernetes.io/oci-load-balancer-ssl-secret-key: ssl-certificate-secret. Create a self-signed certificate using Let's Encrypt. Use that certificate on OCI Load Balancer. Create a Kubernetes service using the load balancer. Create a self-signed certificate and its corresponding key. Create a Kubernetes secret using the certificate and the key. Then add these annotations to the Kubernetes service: Annotations: Service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443" Service.beta.kubernetes.io/oci-load-balancer-ssl-secret-key: "Frontend".

How can user find details of the tolerations field for the sample YAML file below? apiversion: v1 kind: Pod metadata: name: busybox namespace: default spec: containers: image: busybox command: sleep: "3600" imagePullPolicy: IfNotPresent name: busybox restartPolicy: Always tolerations: ... Kubectl list pod.spec.tolerations. Kubectl explain pod.spec.tolerations. Kubectl describe pod.spec.tolerations. Kubectl get pod.spec.tolerations.

User created a pod called "nginx" and its state is set to Pending. Which command can they run to see the reason why the "nginx" pod is in the pending state?. Kubectl logs pod nginx. Kubectl describe pod nginx. Kubectl get pod nginx. Through the Oracle Cloud Infrastructure Console.

Which statement is true about configuration changes of a Node Pool in an OKE cluster?. No nodes are affected when configuration changes are made until the entire OKE cluster is restarted. Configuration changes only affect new nodes created after edit. Configuration changes only affect existing nodes in the pool. Configuration changes affect both existing nodes and new nodes created after edit.

Which statement is true about modifying worker node properties of a Node in a OKE cluster?. Changes user make to worker node properties will only apply to new worker nodes. Changes user make to worker node properties will only affect existing nodes in the pool. Changes user make to worker node properties will affect both existing and new worker nodes. No nodes are affected when worker node properties are changed until the entire OKE cluster is restarted.

Which two statements are true when user upgrade the OKE cluster with a new version?. The control plane and worker nodes are updated by the customer. The control plane is updated by Oracle. The control plane and worker nodes are automatically updated by Oracle. The worker nodes are upgraded by the customer.

In the Shared responsibility model, who should perform patching, upgrading, and maintaining of the worker nodes in provisioned Oracle Container Engine for Kubernetes (OKE) clusters?. Oracle support does it. It is an automated process. It is the responsibility of the customer.

Who is responsible for patching, upgrading and maintaining the worker nodes in Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE)?. It is automated. Independent Software Vendors. Oracle Support. The user.

Kubernetes Administrator need to make sure that the deployed application maintains the desired replica state at all times while updating the application with a new image. What should they do?. Apply --replica count when doing the rolling update. Apply --record option during rolling update. Apply --min & --max in rolling update command. Apply maxSurge and maxUnavailable parameter in deployment spec.

Kubernetes Administrator see that Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) has released a new version of the image running on Worker Node. Their Application owners have mentioned that they use label selectors for the deployment. They need to make sure that they upgrade to the latest image of the node pool without disrupting the existing deployment strategy. What should they do?. Run Kubectl cordon <node_name> on all of the existing nodes. Do not create any new node pool and run Kubectl drain <node_name>. Create a new node pool and run Kubectl label nodes to attach the same label as the existing nodes. Create a new node pool and let the deployments choose the best worker node.

Which two are required to enable Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster access from the Kubectl CLI?. An SSH key pair with the public key added to cluster worker nodes. Install and configure the OCI CLI. OCI Identity and Access Management (IAM) Auth Token. Tiller enabled on the OKE cluster. A configured OCI API signing key pair.

Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) administrator has created an OKE cluster with one node pool in a public subnet. User has been asked to provide a log file from one of the nodes for troubleshooting purpose. Which step should they take to obtain the log file?. ssh into the node using public key. ssh into the nodes using private key. It is impossible since OKE is a managed Kubernetes service. Use the username opc and password to login.

Application team wants to use configuration variable for their application PODs and want to inject it before the POD creation. As a Kubernetes Administrator, user has been tasked to come up with the option to achieve this. What should they do?. Use Init Containers. Use PodPreset to create the config outside of POD. Use configmap in the pod spec. Use secrets at the pod spec.

Which Kubectl command syntax is valid for implementing a rolling update deployment strategy in Kubernetes?. Kubectl upgrade -c <container> --image=image:v2. Kubectl update -c <container> --image=image:v2. Kubectl update <deployment-name> --image=image:v2. Kubectl rolling-update <deployment-name> --image=image:v2.

What does Rolling Update Deployment Strategy do in Kubernetes environment?. Rolling Update create two replica of each POD that they have deployed. Rolling Update is a mean to test the functionality of their deployed app. Rolling Update shift user traffic from one application POD to another. Rolling Update allow Deployment update to take place with zero downtime by incrementally updating PODs instances with new ones.

Which of the following statements is false regarding deleting a Kubernetes Cluster?. If user change the auto-generated name of the worker node and then delete the cluster, the renamed worker node is not deleted. Upon deleting a cluster, other resources created during the cluster creation process or associated with the cluster (such as VCNs, Internet Gateway, NAT Gateway, Route Tables, Security Lists, Load Balancers, and Block Volumes) are deleted automatically. Upon deleting a cluster, no other resources created during the cluster creation process or associated with the cluster (such as VCNs, Internet Gateway, NAT Gateway, Route Tables, Security Lists, Load Balancers, and Block Volumes) are deleted automatically. Changing the auto-generated name of the worker node will affect the deletion of the worker node when the cluster in which it is created is deleted.

Which of the following two statements are TRUE about deleting a Kubernetes cluster?. User cannot change the auto-generated names of the worker nodes in the format oke -c<part-of-cluster-OCID> -n<part-of-node-pool-OCID> -s<part-of-subnet-OCID>-<slot> within a Kubernetes cluster. If user change the auto-generated name of the worker node and then delete the cluster, the renamed worker node is not deleted. Upon deleting a cluster, other resources created during the cluster creation process or associated with the cluster (such as VCNs, Internet Gateway, NAT Gateway, Route Tables, Security Lists, Load Balancers, and Block Volumes) are deleted automatically. Upon deleting a cluster, no other resources created during the cluster creation process or associated with the cluster (such as VCNs, Internet Gateway, NAT Gateway, Route Tables, Security Lists, Load Balancers, and Block Volumes) are deleted automatically. Changing the auto-generated name of a worker node does not affect the deletion of the worker node when the cluster in which it is created is deleted.

Which statement is VALID regarding modifying the Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) cluster properties?. User can change the version of Kubernetes running on worker nodes, but cannot change the control node Kubernetes version. User can change the version of Kubernetes running on control plane nodes, but cannot change worker node Kubernetes version. User can change the number of worker nodes in a node pool along with the availability domains and subnets in which to place them. User can change the image and shape used by one or more running worker nodes.

As a DevOps engineer, user is tasked with managing deployments on an OCI Container Engine for Kubernetes (OKE). Which of the following tasks is not required for setting up cluster access using a local installation of Kubectl?. Set up the KubeConfig file. Install and configure the Oracle Cloud Infrastructure CLI. Generate Auth Token from OCI Console to access the OKE cluster using Kubectl. Generate the API signing key pair (if user doesn’t already have one) and upload the public key of the API signing key pair and upload the public key.

A pod security policy (PSP) is implemented in user Oracle Cloud Infrastructure Container Engine for Kubernetes cluster. Which rule can they use to prevent a container from running as root using PSP?. NoPrivilege. RunOnlyAsUser. MustRunAsNonRoot. forbiddenRoot.

User has been asked to create a stateful application deployed in Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) that requires all of their worker nodes to mount and write data to persistent volumes. Which two OCI storage services should they use?. Use GlusterFS as persistent volume. Use OCI File Services as persistent volume. Use OCI Block Volume backed persistent volume. Use open source storage solutions on top of OCI. Use OCI Object Storage as persistent volume.

What is the minimum amount of storage that a persistent volume claim can obtain in Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE)?. 1 GB. 10 GB. 50 GB. 1 TB.

In order to effectively test cloud-native applications, user might utilize separate environments (development, testing, staging, production, etc.) Which Oracle Cloud Infrastructure (OCI) service can user use to create and manage their infrastructure?. OCI Compute. OCI Container Engine for Kubernetes. OCI Resource Manager. OCI API Gateway.

Which concept is NOT related to Oracle Cloud Infrastructure Resource Manager?. Job. Stack. Queue. Plan.

User is using Oracle Cloud Infrastructure (OCI) Resource Manager to manage their infrastructure lifecycle and wish to receive an email each time a Terraform action begins. How should they use the OCI Events service to do this without writing any code?. Create an OCI Notifications topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Stack - Update" condition, and select the notification topic for the corresponding action. Create an OCI Notifications topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Job - Create" condition, and select the notification topic for the corresponding action. Create a rule in OCI Events service matching the "Resource Manager Stack - Update" condition. Then, select "Action Type: Email" and provide the destination email address. Create an OCI Email Delivery configuration with the destination email address. Then create an OCI Events rule matching "Resource Manager Job - Create" condition, and select the email configuration for the corresponding action.

During the deployment of Infrastructure using Infrastructure as Code (IaaS), user has been asked to run a script within the deployed Oracle Cloud Infrastructure (OCI) instances, so that during the deployment, few configurations can also be achieved. What should they do to achieve this?. Use “local-exec” provisioner to send the script to the OCI Instances. Use “remote-exec” provisioner to send the script to the OCI Instances. Use Instance Principal auth type to send the script to the OCI Instances. Use auth module Terraform code to send the script to the OCI instances.

User need to execute a script on a remote instance through Oracle Cloud Infrastructure Resource Manager. Which option can they use?. Use /bin/sh with the full path to the location of the script to execute the script. It cannot be done. Download the script to a local desktop and execute the script. Use remote-exec.

User need to execute a script on a local instance through Oracle Cloud Infrastructure Resource Manager. Which option can they use?. Use Puppet. Use Chef. Use remote-exec. Use local-exec.

Which Oracle Cloud Infrastructure (OCI) service is NOT supported using OCI service Broker for Kubernetes?. OCI Object Storage. OCI Autonomous Data Warehouse. OCI Streaming Service. OCI Autonomous Transaction Processing. OCI Event Service.

As a cloud-native developer, user is designing an application that depends on Oracle Cloud Infrastructure (OCI) Object Storage wherever the application is running. Therefore, provisioning of storage buckets should be part of their Kubernetes deployment process for the application. Which of these should they leverage to meet this requirement?. OCI Container Engine for Kubernetes. OCI Service Broker for Kubernetes. Open Service Broker API. Oracle Functions.

Database Administrator has mentioned that they have a shared service instance of Oracle Autonomous Transaction Processing (ATP) Database that many applications can use. What is the drawback if they want to bring in the existing ATP instance to the Oracle Service Broker?. They can delete an existing ATP instance using Oracle Service Broker. They can’t manage the lifecycle of the ATP Instance. They can deprovision an Oracle Service Broker. They can unbind an existing Oracle ATP Instance.

User has a containerized app that requires an Autonomous Transaction Processing (ATP) Database. Which option is not valid for connecting to ATP from a container in Kubernetes?. Create a Kubernetes secret with contents from the instance Wallet files. Use this secret to create a volume mounted to the appropriate path in the application deployment manifest. Use Kubernetes secrets to configure environment variables on the container with ATP instance OCID, and OCI API credentials. Then use the CreateConnection API endpoint from the service runtime. Enable Oracle REST Data Services for the required schemas and connect via HTTPS. Install the Oracle Cloud Infrastructure Service Broker on the Kubernetes cluster and deploy ServiceInstance and ServiceBinding resources for ATP. Then use the specified binding name as a volume in the application deployment manifest.

Which two statements accurately describe Oracle SQL Developer Web on Oracle Cloud Infrastructure (OCI) Autonomous Database?. It is available for databases with dedicated Exadata infrastructure only. After provisioning into an OCI compute Instance, it can automatically connect to the OCI Autonomous Databases instances. It is available for databases with both dedicated and shared Exadata infrastructure. It provides a development environment and a data modeler interface for OCI Autonomous Databases. It must be enabled via OCI Identity and Access Management policy to get access to the Autonomous Databases instances.

A leading insurance firm is hosting its customer portal in Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes with an OCI Autonomous Database. Their support team discovered a lot of SQL injection attempts and cross-site scripting attacks to the portal, which is starting to affect the production environment. What should they implement to mitigate this attack?. Network Security Lists. Network Security Groups. Network Security Firewall. Web Application Firewall.

What is one of the differences between a microservice and a serverless function?. Microservices always use a data store and serverless functions never use a data store. Microservices are stateless and serverless functions are stateful. Microservices are triggered by events and serverless functions are not. Microservices are used for long running operations and serverless functions for short running operations.

What are two of the main reasons user would choose to implement a serverless architecture?. No need for integration testing. Reduced operational cost. Improved In-function state management. Automatic horizontal scaling. Easier to run long-running operations.

Which two statements are true for serverless computing and serverless architectures?. Long running tasks are perfectly suited for serverless. Serverless function state should never be stored externally. Application DevOps team is responsible for scaling. Serverless function execution is fully managed by a third party. Applications running on a FaaS (Functions as a Service) platform.

What is the open source engine for Oracle Functions?. Knative. Apache OpenWhisk. OpenFaaS. Fn Project.

Which statement is NOT true regarding Oracle Functions?. There is a default timeout for function execution. However, user can choose to configure a different timeout during or after function deployment. There is a default amount of memory that a function will use. However, user can choose to configure a different memory during or after function deployment. Additional configuration parameters can be specified as environment variables. However, they must be specified at the function application scope. -The fn deploy command involves creating and uploading a container image, but does not instantiate the image into memory.

Which two statements accurately describe an Oracle Functions application?. A small block of code invoked in response to an Oracle Cloud Infrastructure (OCI) Events service. A Docker image containing all the functions that share the same configuration. An application based on Oracle Functions, Oracle Cloud Infrastructure (OCI) Events and OCI API Gateway services. A common context to store configuration variables that are available to all functions in the application. A logical group of functions.

What is the maximum execution timeout of Oracle Functions?. 120 seconds. 240 seconds. 300 seconds. 320 seconds. 600 seconds.

What is the maximum execution timeout allowed for a function deployed to an Oracle Functions application?. 2 minutes. 5 minutes. 30 seconds. 60 seconds.

What is the maximum memory threshold for an Oracle Function deployed to an Oracle Functions Application?. 128 MB. 512 MB. 1024 MB. 2048 MB. 4096 MB.

Oracle Function deployed to an Application in a private subnet needs to access other OCI services. Which additional service is required?. API Gateway Deployment. Service Gateway. Function Application Gateway. NAT Gateway.

When developing microservices, each one can be developed in the language of choice. Which term describes this type of development?. Agile. DevOps. Polyglot. distributed.

User is developing a polyglot serverless application using Oracle Functions. Which language cannot be used to write their function code?. Python. PL/SQL. Node.js. Go. Java. JavaScript.

Which of the following programming language is NOT currently available as an Fn Function Development Kit (FDK) supported by Oracle Functions?. C#. Go. PHP. Java. Ruby. Python. Node.js ​.

In Oracle Functions, what is the relationship between functions and applications?. Each function must be deployed in its own application. Multiple functions can be deployed in a single application. Functions can be deployed stand-alone or in an application. A function can be associated with more than one application ​.

User is building a Cloud Native serverless travel application with multiple Oracle Functions in Java, Python, and Node.js. They need to build and deploy these functions to a single application named travel-app. Which command will help them to complete this task successfully?. fn function --app travel-app deploy -ext javalpyljs. fn deploy --app travel-app -all. fn app deploy --app travel-app -all. fn app deploy --app travel-app -ext javalpyljs. oci fn function deploy app travel-app -all. oci fn application -application-name travel-app deploy -all. fn function deploy -all -application-name travel-app.

User encounter an unexpected error when invoking the Oracle Function named "myfunction" in application "myapp". Which command can they use to get more information on the error?. fn --debug invoke myapp myfunction. DEBUG=1 fn invoke myapp myfunction. fn --verbose invoke myapp myfunction. Contact Oracle support with their error message.

User has written a Node.js function and deployed it to Oracle Functions. Next, they need to call this function from a microservice written in Java deployed on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE). Which can help them to achieve this?. Use the OCI CLI with Kubectl to invoke the function from the microservice. Oracle Functions does not allow a microservice deployed on OKE to invoke a function. OKE does not allow a microservice to invoke a function from Oracle Functions. Use the OCI Java SDK to invoke the function from the microservice.

A programmer is developing a Node.js application which will run in a Linux server on their on-premises data center. This application will access various Oracle Cloud Infrastructure (OCI) services using OCI SDKs. What is the secure way to access OCI services with OCI Identity and Access Management (IAM)?. Create a new OCI IAM user associated with a dynamic group and a policy that grants the desired permissions to OCI services. Add the on-premises Linux server in the dynamic group. Create an OCI IAM policy with the appropriate permissions to access the required OCI services and assign the policy to the on-premises Linux server. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, generate the keypair used for signing API requests and upload the public key to the IAM user (*). Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, add the user name and password to a file used by Node.js authentication ​​.

User is working on a serverless DevSecOps application using Oracle Functions. They have deployed a Python function that uses the Oracle Cloud Infrastructure (OCI) Python SDK to stop any OCI Compute instance that does not comply with their corporate security standards. There are 3 non-compliant OCI Compute instances. However, when they invoke this function none of the instances were stopped. How should they troubleshoot this?. There is no way to troubleshoot a function running on Oracle Functions. Enable function logging in the OCI console, include some print statements in their function code and use logs to troubleshoot this. Enable function remote debugging in the OCI console, and use their favorite IDE to inspect the function running on Oracle Functions. Enable function tracing in the OCI console, and go to OCI Monitoring console to see the function stack trace. Ensure that the application is deployed within the same OCI compartment as the instance, because user cannot enable function execution data from the OCI Console.

Which is NOT a valid option to execute a function deployed on Oracle Functions?. Send a signed HTTP request to the function's invoke endpoint. Invoke from Oracle Cloud Infrastructure CLI. Invoke from Docker CLI. Trigger by an event in Oracle Cloud Infrastructure Events service. Invoke from Fn Project CLI.

Assuming that user function does NOT have the -provisioned-concurrency option enabled, Which of the following is a valid parameter that is used to configure the time period during which an idle function will remain in memory before Oracle Functions will remove its Docker container?. Timeout. Idle-timeout. Access-timeout. None of the options. This is not a configuration option.

User is working on a cloud native e-commerce application on Oracle Cloud Infrastructure (OCI). Their application architecture has multiple OCI services, including Oracle Functions. They need to trigger these functions directly from other OCI services, without having to run custom code. Which OCI service cannot trigger their functions directly?. OCI Events Service. OCI Registry. OCI API Gateway. Oracle Integration.

Which two handle Oracle Functions authentication automatically?. Oracle Cloud Infrastructure SDK. cURL. Oracle Cloud Infrastructure CLI. Signed HTTP Request. Fn Project CLI.

User is developing a serverless application with Oracle Functions and Oracle Cloud Infrastructure Object Storage. Their function needs to read a JSON file object from an Object Storage bucket named "input-bucket" in compartment "qa-compartment". Their corporate security standards mandate the use of Resource Principals for this use case. Which two statements are needed to implement this use case?. Set up a policy to grant all functions read access to the bucket: allow all functions in compartment qa-compartment to read objects in target.bucket.name= ‘input-bucket’. Set up a policy to grant their user account read access to the bucket: allow user XYZ to read objects in compartment qa-compartment where target.bucket.name= ‘input-bucket’. Set up a policy with the following statement to grant read access to the bucket: allow dynamic-group read-file-dg to read objects in compartment qa-compartment where target.bucket.name= ‘input-bucket’. Set up the following dynamic group for their function's OCID: Name: read-file-dg Rule: resource.id = ‘ocid1.fnfunc.oc1.phx.aaaaaaaakeaobctakezjz5i4ujj7g25q7sx5mvr55pms6f4da'. No policies are needed. By default, every function has read access to Object Storage buckets in the tenancy.

User is developing a serverless application with Oracle Functions. They have created a function in compartment named prod. When they try to invoke their function they get the following error: Error invoking function. Status: 502 message: dhcp options ocid1.dhcpoptions.oc1.iad.aaaaaaaanprvpxpsxlabegdg does not exist or Oracle Functions is not authorized to use it. How can they resolve this error?. Create a policy: Allow function-family to use virtual-network-family in compartment prod. Create a policy: Allow any-user to manage function-family and virtual-network-family in compartment prod. Create a policy: Allow service FaaS to use virtual-network-family in compartment prod. Deleting the function and redeploying it will fix the problem.

Which statement concerning the OCI Code Editor is False?. Code Editor is designed on the Eclipse Theia framework. Code Editor includes plugins for Functions and Resource Manager. Code Editor allows user to clone and manage any Git-based repository. Code Editor can be downloaded as a client desktop tool linked to OCI account (*).

A Organization has built a web-based application that has a private REST API endpoint. User has been asked to abstract and expose the REST endpoint using an appropriate service on the Oracle Cloud Infrastructure (OCI). What will user use to do this?. Oracle Functions. OCI API Gateway. OCI Container Engine for Kubernetes (OKE). OCI Service Gateway.

Application team has deployed an Oracle Function that generates static pages during the function call. They want to use it for all the regions of tenancy, In such a way that every regional URL will hit the same application endpoints. User has been asked by the application to use Oracle Cloud Infrastructure (OCI) API Gateway to expose it. How would they achieve this?. Create an OCI API Gateway, create a deployment, and add context variables to Policies & HTTP Back End definitions. Create an OCI API Gateway, create a deployment, and add Path parameters & Wildcards to Route Paths. Create an OCI API Gateway, and create a deployment adding HTTPS URL of the app. Create an OCI API Gateway, create a deployment, and expose the app with the exact route path.

Application team has deployed an Oracle Function that generates static pages during the function call. They want to use it for all the regions of company in such a way that every regional URL will hit the same application endpoint. How would they achieve this using the Oracle Cloud Infrastructure (OCI) API Gateway?. Create a deployment adding the HTTPS URL of the application. Create a deployment adding path parameters and wildcards to route paths. Create a deployment and expose the application with the explicit route path. Create a deployment adding context variables to both policies and HTTP back-end definitions.

Which three statements are true when configuring an API Gateway in OCI?. A VCN is automatically created when user create an API Gateway. A VCN must exist before creating an API Gateway. API Gateway instances can run on separate Fault domains. API Gateway instances can run on separate Availability domains. API gateway instance placement is controlled by users during provisioning.

Which is NOT a runtime context variable that is available when configuring an API Gateway deployment?. Request.path. Request.query. Request.client. Request.auth.

When configuring the transformation of HTTP responses for an API Gateway deployment, which option is NOT available?. Deleting a header. Creating a new header. Updating a Query String. Renaming a header.

A developer using Oracle Cloud Infrastructure (OCI) API Gateway must authenticate the API requests to their web application. The authentication process must be implemented using a custom scheme which accepts string parameters from the API caller. Which method can the developer use in this scenario?. Create an authorizer function using request header authorization. Create an authorizer function using token-based authorization. Create a cross account functions authorizer. Create an authorizer function using OCI Identity and Access Management (IAM) based authentication.

User is deploying an API via Oracle Cloud Infrastructure (OCI) API Gateway and want to implement request policies to control access. Which is NOT available in OCI API Gateway?. Limiting the number of requests sent to backend services. Enabling CORS (Cross-Origin Resource Sharing) support. Providing authentication and authorization. Controlling access to OCI resources.

User is developing a distributed application and they need a call to a path to always return a specific JSON content. To fulfil the requirement they deploy an Oracle Cloud Infrastructure API Gateway with the below API deployment specification. { "routes": [{ "path": "/hello", "methods": ["GET"], "backend": { "type": " ", "status": 200, "headers": [{ "name": "content-type", "value": "application/json" }], "body": "{\"myjson\": \"consistent response\"}" } }] } What is the correct value for type?. CONSTANT_BACKEND. STOCK_RESPONSE_BACKEND. JSON_BACKEND. HTTP_BACKEND.

Which one of the following is NOT a valid backend-type supported by Oracle Cloud Infrastructure (OCI) API Gateway?. HTTP_BACKEND. STOCK_RESPONSE_BACKEND. ORACLE_STREAMS_BACKEND. ORACLE_FUNCTIONS_BACKEND.

As a cloud-native developer, user has written a web service for their company. They have used Oracle Cloud Infrastructure (OCI) API Gateway service to expose the HTTP backend. However, their security team has suggested that their web service should handle Distributed Denial-of-Service (DDoS) attack. They are time-constrained and they need to make sure that this is implemented as soon as possible. What should they do in this scenario?. Use OCI virtual cloud network (VCN) segregation to control DDoS. Use a third party service integration to implement a DDoS attack mitigation. Use OCI API Gateway service and configure rate limiting. Re-write their web service and implement rate limiting.

Which statement concerning OCI API Gateway deployments is TRUE?. A deployment configuration can use a Java Web Token (JWT) or an Authorizer Function for client token validation. Dynamic routing within one deployment route requires the configuration of selector criteria with two or more routing rules. A deployment can leverage API Usage Plan OCIDs as selection criteria for both dynamic authentication and dynamic routing. Each deployment route configuration must specify just one backend service as multiple backends require either multiple routes or multiple deployments.

Which statement is NOT valid concerning API Gateway deployment authentication server options?. Each deployment requires one or more authentication servers. User can set up multiple authentication servers for the same API deployment. The authentication server's user set up can be of the same type or a different type within the same deployment. User can have the API Gateway pass an access token included in a request to an authorizer function deployed on OCI Functions to perform validation.

User is creating an API deployment in Oracle Cloud Infrastructure (OCI) API Gateway and they want to configure request policies to control access. Which is NOT available in OCI API Gateway?. Protecting from SQL Injection attacks. Providing authentication and authorization. Enabling Cross-Origin Resource Sharing (CORS) support. Limiting the number of requests sent to the backend services.

Which messaging model is supported by the OCI Streaming Service for any use case in which data is produced and processed continually and sequentially?. Fan-out. Broadcast. Pub-Sub. Bidirectional Streaming.

User is developing a microservices application that will be a consumer of Oracle Cloud Infrastructure (OCI) Streaming service. Which API should they use to read and process the stream?. ListMessages. GetMessages. GetObject. ReadMessages.

User has an e-commerce application that loads customers’ transactional data into the Oracle Cloud Infrastructure (OCI) Streaming service. That data must now be extracted and transformed before sending it to a third-party REST endpoint. They have been directed to leverage the OCI service connector Hub to automate this process. Which configuration option would address this requirement?. Configure a new service connector as follows: Source: Streaming Task: API Gateway Target: Notifications. Configure a new service connector as follows: Source: Streaming Task: Functions Target: API Gateway. Configure a new service connector as follows: Source: Streaming Task: None Target: Notifications. Configure a new service connector as follows: Source: Streaming Task: Functions Target: Functions.

Which header is NOT required when signing GET requests to Oracle Cloud Infrastructure APIs?. date or x-date. (request-target). content-type. host.

Which statement is NOT true about the OCI Streaming Service?. All streams must be assigned to a stream pool. Messages sent to a stream must be in a JSON format structure. Messages in a stream can only be retained for up to 7 days. A Stream can be configured to have either a public or private endpoint.

Which two statements are NOT valid regarding the Oracle Cloud Infrastructure (OCI) Streaming service?. The throughput of a stream is defined by a partition. A partition provides 1 MB/sec data input and 2MB/sec data output. OCI Streaming can support up to 2,000 requests per second to each partition (*). Although OCI Streaming automatically encrypts all data while in transit, it is the developers' responsibility to encrypt the data at rest if needed. OCI Streaming stores all data for 24 hours by default, but that can be extended up to 7 days. A stream can be configured with either a public or a private endpoint with support for customer-managed encryption keys.

User is building a real-time analytics application that uses OCI Streaming to receive messages from multiple sources. Each message contains data about website visitors, such as the time they accessed the site and the pages they viewed. They need to ensure that the application can handle high message volumes and scale as needed. Which approach ensures the highest throughput and scalability for consuming messages from the OCI Streaming service in this scenario?. Implementing a load balancer to distribute messages among multiple consumers. Using the OCI Events service to trigger a function that processes messages as they arrive. Creating a separate consumer group for each source of messages and consuming messages in parallel. Using a single consumer group to consume messages from all sources and process messages sequentially.

Which of the following is the best use case for using OCI Streaming?. Migrating data between cloud regions. Storing and querying large unstructured data. Storing and processing real-time data streams. Sending small-sized data between microservices.

User is tasked with developing an application that requires the use of Oracle Cloud Infrastructure (OCI) APIs to POST messages to a stream in the OCI Streaming service. Which statement is incorrect?. The request must include an authorization signing string including (but not limited to) x-content-sha256, content-type, and content-length headers. The Content-Type header must be set to application/json. An HTTP 401 will be returned if the client's clock is skewed more than 5 minutes from the server's. The request does not require an Authorization header.

Which statement is VALID regarding the use of Oracle Cloud Infrastructure (OCI) APIs to POST messages to an OCI Streaming service stream?. The partition ID must be passed as a parameter. The request is limited to no more than 20 messages. Each message must include a valid message key pair. The request must include a valid authorization header.

Which programming language are supported by OCI Streaming SDK for building streaming applications?. Java, C#, Go. PHP, Java, JavaScript. TypeScript, Java, Perl. JavaScript, Python, Ruby.

Which is a pointer to a location in a Stream?. Key. Cursor. Partition. Offset.

Which is NOT a valid option when configuring an OCI Service Connector?. Sending Stream messages to an Oracle Function. Sending log messages to a Stream. Sending data from Object Storage buckets to a Stream. Sending Stream messages from one stream to another stream.

Which one of the statements describes a service aggregator pattern?. It is implemented in each service separately and uses a streaming service. It involves implementing a separate service that makes multiple calls to other backend services. It uses a queue on both sides of the service communication. It involves sending events through a message broker.

Which two statements are true for service choreography?. Service choreographer is responsible for invoking other services. Services involved in choreography communicate through messages/messaging systems. Service choreography relies on a central coordinator. Service choreography should not use events for communication. Decision logic in service choreography is distributed.

When creating OCI Event rules, which is NOT a valid design consideration?. Proper IAM policies must be explicitly added for all rules and actions. Each rule is scoped to a single compartment or compartment hierarchy. There is a limit of 50 rules for an OCI tenancy. Each rule must be based on only one configured condition.

Which is NOT available as an OCI Events service rule destination?. OCI Notifications. OCI Functions. OCI Monitoring. OCI Streaming.

Which OCI service does NOT have resources available as an action to receive an event from the Events service?. Queue. Functions. Streaming. Notifications.

Which two "Action Type" options are NOT available in an Oracle Cloud Infrastructure (OCI) Events rule definition?. Notifications. Functions. Streaming. Email. Slack.

Which of these is not amongst the types of resources that receive an event from the Events Service?. Functions. API Gateway. Notifications. Streaming.

Which gateway is used by OCI resources to support private access to the OCI Events service?. API Gateway. NAT Gateway. Service Gateway. Local Peering gateway.

Which of the following statements accurately describes the contents of an OCI (Oracle Cloud Infrastructure) Event?. An OCI Event is a binary file that contains the results of an OCI API call. An OCI Event is a human-readable log file that details the configuration of an OCI resource. An OCI Event is an unstructured text file that provides a summary of recent activity within the OCI Infrastructure. An OCI Event is a structured JSON object that contains information about a change that occurred within the OCI Infrastructure.

Which of the following scenarios best describes a use case for using OCI Events?. Backing up a database to an Object Storage bucket. Monitoring CPU utilization of an Oracle Compute instance. Scaling an Autonomous Database instance based on application demand. Creating a load balancer for an Oracle Container Engine for Kubernetes (OKE) cluster.

User is processing millions of files in an Oracle Cloud Infrastructure (OCI) Object Storage bucket. Each time a new file is created, they want to send an email to the customer and create an order in a database. The solution should perform and minimize cost. Which action should they use to trigger this email?. Schedule a cron job that monitors the OCI Object Storage bucket and emails the customer when a new file is created. Use OCI Events service and OCI Notification service to send an email each time a file is created. Schedule an Oracle Function that checks the OCI Object Storage bucket every minute and emails the customer when a file is found. Schedule an Oracle Function that checks the OCI Object Storage bucket every second and emails the customer when a file is found.

Which statement is incorrect with regards to the Oracle Cloud Infrastructure (OCI) Notifications service?. Notification topics may be assigned as the action performed by an OCI Events configuration. OCI Alarms can be configured to publish to a notification topic when triggered. An OCI function may subscribe to a notification topic. A subscription can forward notifications to an HTTPS endpoint. A subscription can integrate with PagerDuty events. It may be used to receive an email each time an OCI Autonomous Database backup is completed.

Which is NOT a valid use case for leveraging the Oracle Cloud Infrastructure (OCI) Events service?. Capturing the OCI Monitoring service alarms and invoking autoscaling of compute instances. Publishing all the OCI resource events in a specific compartment to the OCI Streaming service for later analysis. Triggering a notification action when a function completes its execution. Triggering a function deployed in Oracle Functions when new files are uploaded to an OCI Object Storage bucket. Publishing a notification when long-lived tasks complete, such as an OCI Autonomous Database backup completion.

Which of the following use cases is NOT a suitable scenario for using OCI queue?. Asynchronous processing of messages in a distributed system. Distributed load balancing across multiple application instances. Decoupling of application components by using message passing. Synchronous communication between two application components.

When comparing OCI Queue and OCI Streaming services in Oracle Cloud Infrastructure, which scenario is best suited for using OCI Queue?. Facilitating real-time data processing for large volumes of data. Ensuring message delivery in order with exactly-once processing. Delivering high-speed data to multiple consumers simultaneously. Implementing asynchronous communication between microservices with guaranteed message delivery.

User is developing a real-time monitoring application for a fleet of vehicles, which will be deployed on Oracle Cloud Infrastructure. User needs to choose between using OCI Queue or OCI Streaming to handle the real-time data feeds from the vehicles. Based on the scenario described, which is the most appropriate choice for handling real-time data feeds?. OCI Queue, because it is optimized for low-latency messaging and ideal for real-time applications. OCI Streaming, because it offers exactly-once message delivery, which is necessary for real-time applications. OCI Queue, because it provides at-least-once message delivery, which is critical for real-time monitoring applications. OCI Streaming, because it is designed for high-volume, continuous ingestion and processing of data, making it the best choice for a fleet of vehicles.

A company is developing a new application that needs to process transactions in real time. The company wants to ensure that all transactions are processed in order and that no transaction is lost. Which of these is a correct strategy for leveraging OCI Queue in this scenario?. Use a priority queue to prioritize requests. Use a single queue to process all transactions. Use a separate queue for each type of transaction. Use a separate queue for each application instance.

What is the purpose of message locking in OCI Queue?. To ensure that a message is delivered to a specific consumer based on predefined criteria. To prevent a message that was delivered to a consumer from being processed by any other consumer. To prevent a message from being delivered to a consumer until a specified time after it was published. To move a message from the main queue to a dead-letter queue after a specified number of delivery attempts.

How long does a message remain in the dead letter queue in OCI queue before it is automatically deleted by the service?. By default, 72 hours. When the visibility timeout has been reached. When the maximum retention period has been reached. Messages remain in the dead letter queue indefinitely until they are manually removed.

Which concept in OCI Queue is responsible for hiding a message from other consumers for a specified amount of time after it has been delivered to a consumer?. Delivery count. Polling timeout. Visibility timeout. Maximum retention period.

Which of the following is the purpose of using the UpdateMessage or Update Messages API when using an OCI queue?. To add a new message to the queue. To change the messages priority in the queue. To permanently delete a message from the queue. To update the messages visibility timeout after it has been received.

Which of the following settings in OCI Queue CANNOT be changed after the queue has been created?. Polling timeout of the messages in the queue. Maximum retention period for messages in the queue. Visibility timeout for messages in the queue that has been delivered. Maximum delivery attempts before messages are moved to the dead letter queue.

Which testing measure should be considered when testing for traffic routing overloading and the effect of load balancing on overall performance?. Robust deployment. Resiliency. Functionality. Scalability.

Which testing measure should be considered when using test cases that simultaneously validate a deployment and perform a selected set of functional tasks?. Scalability. Resiliency. Functionality. Robust deployment. Resource Utilization.

With the volume of communication that can happen between different components in cloud-native applications, it is vital to not only test functionality, but also service resiliency. Which statement is true with regards to service resiliency?. Resiliency is about not bringing a service to a functioning state after a failure. Resiliency is about recovering from failures without downtime or data loss. Resiliency testing can be done only in a test environment. Resiliency is about avoiding failures.

Which statement best describes the term “cloud native”?. Cloud Native refers to the process of migrating applications from on-premises infrastructure to the cloud. Cloud Native refers to the use of cloud infrastructure to run traditional on-premises applications. Cloud Native refers to the design and deployment of applications that are optimized for cloud infrastructure. Cloud Native refers to the use of cloud-based development tools to build traditional on-premises application.

Which feature is typically NOT associated with Cloud Native?. Containers. Service Meshes. Declarative APIs. Application Servers. Immutable Infrastructure.

Which two are benefits of distributed systems?. Privacy. Security. Ease of testing. Scalability. Resiliency.

Which three are the advantages of distributed systems?. Privacy. Transparency. Scalability. Resiliency. Security.

Which testing technique is used to test a product for performance, usability, load, and security in order to overcome any potential risk beforehand?. Functional Testing. Non-Functional Testing. Integration Testing. Component Testing.

Which testing technique is used to test the communication paths and interactions between individual service components or between service components and some external services/systems/data source?. Unit Testing. Contract Testing. Integration Testing. Component Testing.

Which technique is used for testing the entire user flow as well as the moving parts of a cloud native app, ensuring that there are no high-level discrepancies?. Unit Testing. Contract Testing. End-to-End Testing. Integration Testing. Component Testing.

Which testing approaches is a must for achieving high velocity of deployments and releases of cloud-native applications?. Integration testing. A/B testing. Automated testing. Penetration testing.

User has two microservices, A and B running in production. Service A relies on APIs from service B. They want to test changes to service A without deploying all of its dependencies, which includes service B. Which approach should they take to test service A?. Test against production APIs. Test using API mocks. There is no need to explicitly test APIs. Test the APIs in private environments.

User has two microservices, A and B running in production. Service A relies on APIs from service B. They want to test changes to service A without deploying all of its dependencies, which includes service B. Which approach should they take to test service A?. Test using the current production version of service B. This is not possible because service B is a dependency. Test using an API mock of service B. Test using a previous test version of service B.

User has created a new compartment called “apps” to host some production applications. They have also created a group called "apps_group" and added users to it. What should user do to ensure those users can access the apps compartment?. No action is required. Add an IAM policy to attach tenancy to the apps group. Add an IAM policy for individual users to access the apps compartment. Add an IAM policy for apps_group granting access to the apps compartment.

User want to allow applications running on an Oracle Cloud Infrastructure (OCI) compute instance leveraging OCI SDKs to call other OCI services. What should they use to accomplish this?. Configure federated identity. Configure instance principals. Create a certificate and copy the certificate to the compute instance. Configure Service Principals.

What are the different ways to get authenticated using Oracle Cloud Infrastructure (OCI) SDK?. Using Username and Password on standard tty. Using OCI CLI Config file. Using resource Principal. Using Instance Principal. Using Service Principal. Using Security Token.

What are the supported SDKs on Oracle Cloud Infrastructure (OCI)?. C++ SDK. .NET SDK. PHP SDK. Java SDK (*). Python SDK (*). Ruby SDK (*). Go SDK (*).

Which is NOT a supported SDK on Oracle Cloud Infrastructure (OCI)?. Go SDK. Java SDK. .NET SDK. Ruby SDK. Python SDK.

User is using a Windows Laptop to write a script using OCI CLI. But when user ran the script, they got this error "The OCI CLI is not found". What should they do to make sure that they are able to run OCI from the Windows Laptop?. Make sure that the Scripts directory in Python Installation is not hidden. Make sure that the oci.exe location is in their path. Upgrade the OCI CLI version. Reinstall Python on their Windows Laptop.

An organization uses a federated identity provider to login to their Oracle Cloud Infrastructure (OCI) environment. As a developer, user is writing a script to automate some operation and want to use OCI CLI to do that. Their security team doesn't allow storing private keys on local machines. How can they authenticate with OCI CLI?. Run oci setup keys and provide their credentials. Run oci session refresh --profile <profile_name>. Run oci session authenticate and provide their credentials. Run oci setup oci-cli -rc --file path/to/target/file.

In a Linux environment, what is the default location of the configuration file that Oracle Cloud Infrastructure CLI uses for profile information?. /etc/oci/config. /usr/local/bin/config. $HOME/.oci/config. /usr/bin/oci/config.

User priority is to use Infrastructure as a Code (IaaC) in a team environment, where user and their team both need to have access to the deployed infrastructure state data. What should they do to have access to the state file for all of the team members?. Use Target files. Use Remote State file. Use Instance Principal. Use a copy of the Local State file on each Team members workstation.

On which two options in Oracle Cloud Infrastructure Budget set?. Compute Instances. Virtual Cloud Network. Compartments. Free form tags. Tenancy. Cost-tracking tags.

Which three components are part of OCI Identity and Access Management service?. Roles. Policies. Compute Instances. Regional subnets. Users. Virtual Cloud Networks. Dynamic Groups.

What would user use to form Oracle Cloud Infrastructure identity and Access Management to govern resources in a tenancy?. Users. Groups. Dynamic Groups. Policies.

User want to make API calls against other OCI services from their instance without configuring user credentials. How would they achieve this?. Create a group and add a policy. No configuration required for making API calls. Create Dynamic Group and add a policy. Create Dynamic Group and add their instance.

Which statement is NOT true regarding the use of a master encryption key (MEK) in the OCI Vault Service?. A master encryption key (MEK) can either be imported or created manually. A master encryption key (MEK) can be stored in an HSM or on a server. A master encryption key (MEK) is used to generate data encryption keys. Vault must specify only one master encryption key (MEK) version at a time.

Which is incorrect regarding the use of master encryption keys?. Use keys for encryption and decryption of data while at rest or in transit. Use keys for encryption and decryption of data only at rest. Generate data encryption keys. Assign keys to supported Oracle Cloud Infrastructure resources, including but not limited to buckets and file systems.

User is developing a serverless application with Oracle Functions. Their function needs to store state in a database. Their corporate security standards mandate encryption of secret information like database passwords. As a function developer, which approach should they follow to satisfy this security requirement?. Use the Oracle Infrastructure Console and enter the password in the function configuration section in the provided input field.  . Use Oracle Cloud Infrastructure Key Management to auto-encrypt the password. It will inject the auto-decrypted password inside their function container.  . Encrypt the password using Oracle Cloud Infrastructure Key Management. Decrypt this password in their function code with the generated key. All function configuration variables are automatically encrypted by Oracle Functions.

An Organization is developing serverless applications with Oracle Functions. Many functions will need to store data in a database, which will require using appropriate credentials. However, their corporate security standards mandate encryption of secret information, such as database passwords. How would they address this security requirement?. Use OCI Console to enter the password in the function configuration section in the provided input field. Use the OCI Vault service to auto-encrypt the password and then set the application-level configuration variable to reference the auto-decrypted password inside their function container. Encrypt the password using the OCI Vault service and then decrypt the password in their function code with the generated key. Leverage application-level configuration variables to store passwords because they are automatically encrypted by Oracle Functions.

User has chosen to use master encryption key (MEK) within an Oracle Cloud Infrastructure (OCI) Vault for encrypting Kubernetes secrets associated with their microservice deployments in OCI Container Engine for Kubernetes (OKE) clusters so that they can easily manage key rotation. Which of the following is NOT valid about rotating keys in the OCI Vault service?. Each key version is tracked internally with separate unique OCIDs. Once rotated, older key versions can be used for encryption until they are deleted. When user rotates an MEK, a new key version is automatically generated. Both software and HSM-protected MEKs can be rotated.

As a Security Administrator, a user has been asked to manage the secrets stored in the OCI Vault. Which two statements are correct regarding configuring rules for secrets?. User cannot choose whether secret reuse rules apply even to the deleted secret versions. User can choose whether secret reuse rules apply even to the deleted secret versions. User can create Secret Expiry Rule to prevent the reuse of secret contents across different versions of a secret. User can create Secret Reuse Rule to restrict how long the secret content of a particular secret version can remain in use. User can decide whether the secret contents are blocked past the expiration date.

User has a scenario where a DevOps team wants to store secrets in Oracle Cloud Infrastructure (OCI) Vault so that it can inject the secrets into an app's environment variables (for example, MYSQL_DB_PASSWD) at deployment time. Which is NOT valid about managing secrets in the OCI Vault service?. New secret versions automatically expire in 90 days unless user configure an expiry rule. User can manually create a new secrets as well as new secret versions using the OCI Console. A secret reuse rule prevents the use of secret contents across different versions of secret. A unique OCID is automatically generated for each secret and remain unchanged even when creating a new secret version.

When starting a container to run an Oracle Function, as which user does the container run processes?. Oracle Function doesn't use any default user. It is a responsibility of the Admin to specify one. Oracle Function uses fn user to run the processes with no added privileges. Oracle Function uses root to run any processes inside the container. Oracle Function uses the same oci user to run the processes with no added privileges.

User is creating a custom Dockerfile to be used for an Oracle Functions Container. Which privilege elevation command is allowed?. su. sudo. setuid. No privilege elevations are allowed.

User company developed a function that needs to access the Oracle Database to inject some data into it at runtime. They are tasked to move this function to the Oracle Cloud Infrastructure (OCI) and use Oracle Functions and access Oracle Autonomous Database. They created a Dockerfile below to run this function, however, they are getting this error: cx_Oracle.DatabaseError: ORA-12560: TNS:protocol adapter error. Dockerfile: FROM oraclelinux:7-slim RUN yum -y install oracle-release-e17 oracle-nodejs-release-e17 && \ yum-config-manager --disable 017_developer EPEL && \ yum -y install oracle-instantclient19.3-basiclite nodejs && \ rm -rf/var/cache/yum WORKDIR /function ADD ./function/ RUN npm install CMD exec node func.js What should they do to make sure that Oracle Functions can run this Dockerfile properly?. They need to run this Container as root, so add this line: USER root. Use --privileged flag while running the Docker container to add runtime privilege. Use --cap-add-ALL flag while running the Docker container to add runtime capability. User need to run this container as the fn user, so add these two lines to their Dockerfile: groupadd --gid 1000 fn && \ adduser --uid 1000 --gid fn.

An organization has mandated that all deployed container images for microservices must be signed by a specified master encryption key (MEK). User has appropriately signed the container images as part of their build process, but must now ensure that they are automatically verified when they are deployed to Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) clusters. Which option should be used to mandate image verification when deploying to OKE clusters, assuming that MEK is already stored in an available OCI Vault?. Enable image verification policies separately for each Kubernetes pod deployment because this is enforced at the pod level. Enable image verification policies separately for each Kubernetes node pool within each OKE cluster because this is enforced at the node pool level. Enable image verification policies separately for each OKE cluster because this is enforced at the cluster level. Enable image verification policies for their OKE service control plane which will enforce this for all OKE clusters.

To enforce mutual TLS (mTLS) authentication for clients of their microservices, a user team has chosen to leverage the Oracle Cloud Infrastructure (OCI) API Gateway service to create new API deployments that will direct requests to their microservices. Which is NOT valid regarding the mTLS options in OCI API Gateway?. Once the mTLS request policy is enabled, ALL requests with valid certificates are routed to the backend unless they have defined one or more particular values (such as domain name). The mTLS request policy can only be enabled at the API deployment specification level, which then applies globally to ALL routes in that deployment. Custom CA or custom CA bundles can be added to their gateway's trust store ONLY if they already exist in the OCI certificates service. Adding a custom certificate authority (CA) or custom CA bundle to their gateway's trust store for mTLS is optional unless they need to reject certificates that do not contain particular values (such as domain name).

Oracle Functions monitor all deployed functions and collects and reports various metrics. Which is not available when viewing the Application metrics in the OCI Console?. The length of time a function runs for. The number of retries made by the function before failing due to an error. The number of requests to invoke a function that failed due to throttling. The number of requests to invoke a function that failed with an error response.

A Company has recently deployed a new web application that uses Oracle Functions. Their Manager instructs user to implement monitoring metrics to manage their systems more efficiently. They know that Oracle function automatically monitors functions on their behalf and reports metrics via Oracle Cloud Infrastructure (OCI) Monitoring. Which TWO metrics are collected and made available by this feature?. Amount of RAM used by a function. Amount of CPU used by a function. Number of times a function is invoked. Number of times a function is removed. Length of time a function runs.

User want to set up an alarm for CPU Usage and disk read for a compute instance, so that they can determine when to launch new instances to handle increased load. Which service would they use?. Logging Analytics. Instance Pool. Health Checks. Monitoring. Analytics Cloud.

Which is a valid description of OCI Logging Service?. Searches, analyses, and monitors log data from applications and system infrastructure. Ensures secure management of audit, infrastructure, database, and application logs. Monitors cloud resources using metrics and alarms. Analyzes critical diagnostic information that describes how resources are performing and being accessed.

Which two statements are true about the Logging Service?. Searches, Analyzes, and monitors log data from applications and system infrastructure. Monitors cloud resources using metrics and alarms. Analyzes critical diagnostic information that describes how resources are performing and being accessed. Single pane of glass for all the logs in a tenancy.

Which three types of logs can be made available to the OCI Logging Service?. Archive Logs. Audit Logs. Trace Logs. Alert Logs. Custom Logs. Service Logs.

A DevOps engineer is troubleshooting the Meshifyd application, which is running in an Oracle Cloud Infrastructure (OCI) environment. The engineer has set up the OCI Logging service to store access logs for the application but notices that the logs from the Meshifyd application are not showing up in the logging service. The engineer suspects that there might be an issue with the logging configuration. Which two statements are potential reasons for logs from the Meshifyd application not showing up in the OCI Logging service?. The logconfig.json file has incorrect or missing information in the application namespace in the src field. The logconfig.json file has incorrect or missing information in the application namespace in the paths field. The logconfig.json file has incorrect or missing OCID for the custom log in the LogObjectID field. The logconfig.json file has incorrect or missing OCID for the custom log in the LogGroupObjectID field. The OCI Logging service is set up to store access logs by creating a log group and custom log within the same compartment.

User want to reduce millions of log entries into a small set of log signatures to make it easy to review. By using which would they achieve this?. Monitoring. Logging. Logging Analytics. Data Catalog. Data Flow.

User want to aggregate, search, and monitor all log data from their applications and system infrastructure. Which service would they use for this?. Monitoring. Logging. Logging Analytics. Analytics Cloud. Data Catalog.

As a developer, user is tasked with implementing logging in services that will be running on the Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE). Which Statement describes the appropriate logging approach?. All services log to a shared log file. All services log to standard output only. Each service logs to its own log file. All services log to an external logging system.

Which task is NOT required for accessing log messages from applications deployed to an OKE cluster?. Adding IAM policy statements to allow access to OCI Logging. Defining an OCI Dynamic Group for cluster worker nodes. Creating and configuring a custom log in OCI Logging. Installing the OCI Cloud Agent to cluster worker nodes.

As a Cloud Native developer, user develop two services in Node.js and deploy them to two different Container Engine for Kubernetes (OKE) clusters that use the same Virtual Cloud Network (VCN). Their security team wants to analyze the network communication between them. How can this requirement be met in the most cost-effective way?. Deploy Wireshark and intercept the packets. User the OCI Logging service and enable VCN flow logs. Deploy a third-party logging service and aggregate the network flow logs. Rewrite the application and send the application logs to an outside log aggregator.

Having created a Container Engine for Kubernetes (OKE) cluster, user can use Oracle Cloud Infrastructure (OCI) Logging to view and search for logs of applications running on the worker node compute instances in the cluster. Which two tasks is NOT required to collect and parse application logs?. Enable monitoring for all worker nodes in the cluster. Set the OCI logging option to Enabled for the cluster. Add a subscription to the OCI Logging service for the OCI tenancy. Configure a custom log in OCI Logging with the appropriate agent configuration. Create a dynamic group with a rule that includes all worker nodes in the cluster.

User has been asked to update an Oracle Container Engine for Kubernetes (OKE) cluster to a network configuration that has the least attack surface while the deployed applications are still directly available for access from the internet. Which is a valid OKE cluster configuration that meets this requirement?. Private subnets for nodes, the Kubernetes API endpoint, and the load balancers. Private subnets for nodes; public subnets for the Kubernetes API endpoint, and load balancers. Private subnets for nodes and the Kubernetes API endpoint; public subnets for load balancers. Private subnet for the Kubernetes API endpoint; public subnets for nodes and load balancers.

User development team decided to create and deploy some business logic to serverless Oracle Functions. User is asked to help facilitate the monitoring, logging, and tracing of these services. Which statement is NOT valid about troubleshooting Oracle Functions?. Oracle Function invocation logs are enabled at the application level. Oracle Function invocation logging is enabled by default. Oracle Function tracing is enabled at the function level. Oracle Function metrics are available at both the function and application level.

User has been tasked with debugging a Cloud Native application developed and deployed using the following Oracle Cloud Infrastructure (OCI) services: Object Storage, Events, Functions, API Gateway, and Autonomous Database. Which of these is NOT a valid option to use for troubleshooting issues in OCI?. Configure the application to send logs to the OCI Logging Service. View service metric information from the OCI Monitoring Service. Leverage OCI Cloud Guard to extract and visualize the debug logs generated by their application (*). Use the OCI Service Connector Hub to configure a service connector to automatically send logs to the OCI Logging Analytics Service. Trace performance issues in the Application Performance Monitoring Service by enabling Function traces.

Which OCI Service provides functionality to help facilitate distributed tracing from microservices deployed to OKE and Oracle Functions?. Application Dependency Management. Application Performance Monitoring. Service Connector Hub. Logging Analytics.