FLASH SALE| BUY 2 & GET ADDITIONAL 25% OFF | Use Coupon - BIGSAVINGS

/ Oracle Cloud / By SkillCertPro

Practice Set 2

Your results are here!! for" Oracle Cloud Infrastructure Developer [1Z0-1084-21]
Practice Test 2 "
46 of 65 questions answered correctly

Your time: 00:15:36

Your Final Score is : 46

You have attempted : 65
Number of Correct Questions : 46 and scored 46
Number of Incorrect Questions : 19 and Negative marks 0

36.24%
Average score

70.77%
Your score

You can review your answers by clicking view questions.

Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).

Restart Test View Answers

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54

55 56 57 58 59 60 61 62 63 64 65
 Answered Review

1. Question
Which is NOT a supported SDK Oracle Cloud Infrastructure (OCI)?

Ruby SDK

Net SDK

Java SDK

Python SDK

Go SDK

Correct
https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/sdks.htm
Software Development Kits (SDKs)
Build and deploy apps that integrate with Oracle Cloud Infrastructure services. Each SDK provides the tools you
need to develop an app, including code samples and documentation to create, test, and troubleshoot. In
addition, if you want to contribute to the development of the SDKs, they are all open source and available on
GitHub. SDK for Java Python SDK Ruby SDK Go SDK

2. Question
Which two statements are true for service choreography?

Service choreography should not use events for communication.

Service choreography relies on a central coordinator.

Service choreographer is responsible for invoking other services.

Services involved in choreography communicate through messages / messaging systems.

Decision logic in service choreography is distributed.

Correct
https://stackoverflow.com/questions/4127241/orchestration-vs-choreography
Service Choreography
Service choreography is a global description of the participating services, which is defined by exchange of
messages, rules of interaction and agreements between two or more endpoints. Choreography employs a
decentralized approach for service composition.
The choreography describes the interactions between multiple services, where as orchestration represents
control from one party’s perspective. This means that a choreography differs from an orchestration with
respect to where the logic that controls the interactions between the services involved should reside.

3. Question
As a cloud-native developer, you are designing an application that depends on Oracle Cloud Infrastructure (OCI)
Object Storage whenever the application is running. Therefore, provisioning of storage buckets should be part of
your Kubernetes deployment process for the application.
Which should you leverage to meet this requirement?

OCI Service Broker for Kubernetes.

Oracle Function.

Open Service Broker API.

OCI Container Engine for Kubernetes

Correct
https://blogs.oracle.com/cloud-infrastructure/introducing-service-broker-for-kubernetes

4. Question
Given a service deployed on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE), which
annotation should you add in the sample manifest file to specify a 400 Mbps load balancer?
 service.beta.kubernetes.io/oci-load-balancer-value: 400Mbps

service.beta.kubernetes.io/oci-load-balancer-kind: 400Mbps

service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps

service.beta.kubernetes.io/oci-load-balancer-size: 400Mbps

Correct
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengcreatingloadbalancer.htm

5. Question
Which statement is incorrect with regards to the Oracle Cloud Infrastructure (OCI) Notifications Service?

Notification topics may be assigned as the action performed by an OCI Events configuration.

OCI Alarms can be configured to publish to a notification topic when triggered.

A subscription can integrate with PagerDuty events.

An OCI function may subscribe to a notification topic.

It may be used to receive an email each time an OCI Automation Database Backup is completed.

A subscription can forward notifications to a HTTPS endpoint.

Incorrect
https://docs.cloud.oracle.com/en-us/iaas/Content/Notification/Concepts/notificationoverview.htm
6. Question
You want to allow applications running on an Oracle Cloud Infrastructure (OCI) compute instance leveraging OCI
SDK’s to call other OCI services. What should you use to accomplish this?

Configure Instance Principals

Configure Service Principals

Create a certificate and copy the same to the compute instance

Configure federated identity

Correct

7. Question
You are developing a serverless application with Oracle Functions and Oracle Cloud Infrastructure (OCI) Object
Storage- Your function needs to read a JSON file object from an Object Storage bucket named “input-bucket” in
compartment “qa-compartment”. Your corporate security standards mandate the use of Resource Principles for
this use case.
Which TWO statements are needed to implement this use case?

Setup a policy to grant your user account read access to the bucket: Allow user XYZ to read objects in
compartment qa-compartment where target.bucket.name=’input-bucket’

Setup the following dynamic group for your function’s OCID: Name:read-file-dg Rule: resource.id =
'ocid1.fnfunc.oc1.iad.aaaaaaaaacq______dnya'

No policies are needed. By default, every function has read access to object Storage buckets in the tenancy.

Setup a policy with the following statement to grant read access to the bucket: Allow dynamic-group read-
file-dg to read objects in compartment qa-compartment where target.bucket.name= ‘input-bucket’

Setup a policy to grant all functions read access to the bucket: Allow all functions in compartment qa-
compartment to read objects in target.buckket.name=’input-bucket’.

Incorrect
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsaccessingociresources.htm
https://docs.cloud.oracle.com/en-us/iaas/Content/Security/Reference/objectstorage_security.htm

8. Question
You have two microservices, A and B running in production. Service A relies on API’s from Service B. You want to
test changes to service A without deploying all of its dependencies, which includes service B.
Which approach should you take to test service A?
 There is no need to explicitly test API.

Test using API mocks.

Test the APIs in private environments

Test against production APIs

Correct

https://www.soapui.org/learn/mocking/what-is-api-mocking/

9. Question
Which header is NOT required when signing GET requests to Oracle Cloud Infrastructure API’s?

host

content-type

date or x-date

request-target

Incorrect
https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm
For GET and DELETE requests (when there’s no content in the request body), the signing string must include at
least these headers:
request-target, host, date or x-date
For PUT and POST requests (when there’s content in the request body), the signing string must include at least
these headers:
Request-target, host, date or x-date, x-content-sha256, content-type, content-length.

10. Question
You are working on a cloud native e-commerce application on Oracle Cloud Infrastructure (OCI). Your application
architecture has multiple OCI services including Oracle Functions. You need to trigger these functions directly
from other OCI services, without having to run custom code. Which OCI service cannot trigger you function
directly?

Oracle Integration

OCI API Gateway

 OCI Events Service

OCI Registry

Incorrect

11. Question
Which one of the following is NOT a valid backend-type supported by Oracle Cloud Infrastructure (OCI)
API Gateway?

ORACLE_STREAMS_BACKEND

STOCK_RESPONSE_BACKEND

HTTP_BACKEND

ORACLE_FUNCTIONS_BACKEND

Incorrect
https://oracle-cloud-infrastructure-python-
sdk.readthedocs.io/en/latest/api/apigateway/models/oci.apigateway.models.ApiSpecificationRouteBackend.html
TYPE_HTTP_BACKEND = ‘HTTP_BACKEND’¶
A constant which can be used with the type property of a ApiSpecificationRouteBackend. This constant has a
value of “HTTP_BACKEND”
TYPE_ORACLE_FUNCTIONS_BACKEND = ‘ORACLE_FUNCTIONS_BACKEND’¶
A constant which can be used with the type property of a ApiSpecificationRouteBackend. This constant has a
value of “ORACLE_FUNCTIONS_BACKEND”
TYPE_STOCK_RESPONSE_BACKEND = ‘STOCK_RESPONSE_BACKEND’¶
A constant which can be used with the type property of a ApiSpecificationRouteBackend. This constant has a
value of “STOCK_RESPONSE_BACKEND”
https://docs.cloud.oracle.com/en-us/iaas/Content/APIGateway/Concepts/apigatewayconcepts.htm

12. Question
Who is responsible for patching, upgrading and maintaining the worker nodes in Oracle Cloud Infrastructure
Container for Kubernetes (OKE)?

The User

It is Automated.

Independent Software Vendors

Oracle Support

Incorrect
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengaboutupgradingclusters.htm
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengupgradingk8sworkernode.htm

13. Question
What are two of the main reasons you would choose to implement a serverless architecture?

No need of integration testing

Improved in-function state management

Easier to run long-running operations.

Automated Horizontal Scaling

Reduce Operational Cost.

Incorrect
Serverless computing refers to a concept which the user does not need to manage any server architecture at
all. The user does not run any servers, but instead deploys the application code to a service provier’s platform.
The application logic is executed, scaled and billed on demand without any costs to the user when the
application is idle.
https://medium.com/@systango/serverless-architecture-why-and-how-its-a-smart-choice-476748e26591
https://blogs.oracle.com/developers/economics-and-innovations-of-serverless

14. Question
What is the minimum amount of storage that a persistent claim can obtain in Oracle Cloud Infrastructure
Container for Kubernetes (OKE)?

1GB

1TB

50GB

10GB

Correct
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengprerequisites.htm
Block volume quota: If you intend to create Kubernetes persistent volumes, sufficient block volume quota must
be available in each availability domain to meet the persistent volume claim. Persistent volume claims must
request a minimum of 50 gigabytes. See Creating a Persistent Volume Claim.

15. Question
What is the difference between blue/green and canary deployment strategies?
 In blue/green, current applications are slowly replaced with new ones. In canary, application is deployed
incrementally to a select group of people.

In blue / green, application is deployed in minor increments to a select group of people. In canary, both old
and new applications are simultaneously in production.

In blue / green, both old and new applications are in production at the same time. In canary, application is
deployed incrementally to a select group of people.

In blue / green, current applications are slowly replaced with new ones. In canary, both old and new
applications are in production at the same time.

Incorrect
https://stackoverflow.com/questions/23746038/canary-release-strategy-vs-blue-green
https://thenewstack.io/deployment-strategies/

16. Question
What is the open source engine for Oracle Functions?

FnProject

Knative

OpenFaaS

Apache OpenWhisk

Correct
https://www.oracle.com/webfolder/technetwork/tutorials/FAQs/oci/Functions-FAQ.pdf

17. Question
You have deployed a Python application on Oracle Cloud Infrastructure Container for Kubernetes. However during
testing you found a bug that you rectified and created a new docker image. You need to make sue that if this new
image doesn’t work then you can roll back to the previous version.
Using Kubectl, which deployment strategies should you choose?

Rolling Update

Canary Deployment

A/B Testing

Blue / Green Deployment

Incorrect
https://blog.container-solutions.com/kubernetes-deployment-strategies#kubernetes-canary
Pro:
instant rollout/rollback
avoid versioning issue, change the entire cluster state in one go
Cons:
requires double the resources
proper test of the entire platform should be done before releasing to production
handling stateful applications can be hard

18. Question
What can you use to dynamically make Kubernetes resources discoverable to public DNS servers?

CoreDNS

DynDNS

ExternalDNS

KubeDNS

Incorrect
https://github.com/kubernetes-sigs/external-dns/blob/master/README.md
https://docs.mirantis.com/mcp/q4-18/mcp-deployment-guide/deploy-mcp-cluster-using-drivetrain/deploy-
k8s/external-dns.html
ExternalDNS enables you to control DNS records dynamically through Kubernetes resources and make
Kubernetes resources discoverable through public DNS servers. ExternalDNS synchronizes exposed
Kubernetes Services and Ingresses with DNS cloud providers, such as Designate, AWS Route 53, Google
CloudDNS, and CoreDNS.

19. Question
Which TWO statements accurately describe Oracle SQL Developer Web on Oracle Cloud Infrastructure (OCI)
Autonomous Database?

After provisioning into an OCI compute instance, it can automatically connect to the OCI automation
database instance.

It provides a development environment and a data modeler interface for OCI Autonomous Database.

It is available for databases with both dedicated and shared Exadata infrastructure.

It is available for databases with dedicated Exadata infrastructure only.

It must be enabled via OCI Identity and Access Management policy to get access to the Autonomous
database instances.

Incorrect
 https://docs.cloud.oracle.com/en-us/iaas/Content/Database/Tasks/adbtools.htm
Oracle SQL Developer Web in Autonomous Data Warehouse provides a development environment and a data
modeler interface for Autonomous Databases. SQL Developer Web is available for databases with
both dedicated Exadata infrastructure and shared Exadata infrastructure.

20. Question
Which pattern can help you minimize the probability failures in your system during partial loss of connectivity or a
complete service failure?

Circuit Breaker Pattern

Compensating Transaction Pattern

Retry Pattern

Anti-corruption Layer Pattern

Correct
https://blogs.oracle.com/developers/getting-started-with-microservices-part-three
In contrast to the Retry pattern which enables services to retry an operation, the circuit breaker pattern
prevents the service from performing an operation that is likely to fail. For example, a client service can use a
circuit breaker to prevent further remote calls over the network when a downstream service is not functioning
properly. This can also prevent the network from becoming congested by a sudden spike in failed retries by one
service to another, and it can also prevent cascading failures. Self-healing circuit breakers check the
downstream service at regular intervals and reset the circuit breaker when the downstream service starts
functioning properly.
https://docs.microsoft.com/en-us/azure/architecture/patterns/circuit-breaker
The Circuit Breaker pattern, popularized by Michael Nygard in his book, Release It!, can prevent an application
from repeatedly trying to execute an operation that’s likely to fail. Allowing it to continue without waiting for the
fault to be fixed or wasting CPU cycles while it determines that the fault is long lasting. The Circuit Breaker
pattern also enables an application to detect whether the fault has been resolved. If the problem appears to
have been fixed, the application can try to invoke the operation.

21. Question
you are developing a serverless application with oracle Functions. you have created a function in compartment
named prod. when you try to invoke your function you get the following error:
Error invoking function. status: 502 message: dhcp options ocid1.dhcpoptions.oc1.phx.aaaaaaaac… does not
exist or Oracle Functions is not authorized to use it
How can you resolve this error?

Deleting the function and redeploying it with fix the problem

create a policy: Allow service FaaS to use virtual-network-family in compartment prod

Create a policy: Allow any-user to manage function-family and virtual-network-family in compartment prod
 Create a policy: Allow function-family to use virtual-network-family in compartment prod

Incorrect
Invoking a function returns a FunctionInvokeSubnetNotAvailable message and a 502 error (due to a DHCP
Options issue)
When you invoke a function that you’ve deployed to Oracle Functions, you might see the following error
message:
{“code”:”FunctionInvokeSubnetNotAvailable”,”message”:”dhcp options ocid1.dhcpoptions…….. does not exist
or Oracle Functions is not authorized to use it”}
Fn: Error invoking function. status: 502 message: dhcp options ocid1.dhcpoptions…….. does not exist or
Oracle Functions is not authorized to use it
If you see this error:
Double-check that a policy has been created to give Oracle Functions access to network resources.
Service Access to Network Resources
When Oracle Functions users create a function or application, they have to specify a VCN and a subnet in which
to create them. To enable the Oracle Functions service to create the function or application in the specified VCN
and subnet, you must create an identity policy to grant the Oracle Functions service access to the compartment
to which the network resources belong.
To create a policy to give the Oracle Functions service access to network resources:
Log in to the Console as a tenancy administrator.
Create a new policy in the root compartment:
Open the navigation menu. Under Governance and Administration, go to Identity and click Policies.
Follow the instructions in To create a policy, and give the policy a name (for example, functions-service-
network-access).
Specify a policy statement to give the Oracle Functions service access to the network resources in the
compartment:
Allow service FaaS to use virtual-network-family in compartment
For example:
Allow service FaaS to use virtual-network-family in compartment acme-network
Click Create.
Double-check that the set of DHCP Options in the VCN specified for the application still exists.

22. Question
What is the open source engine for Oracle Functions?

Knative

Apache OpenWhisk

OpenFaaS

Fn Project

Correct
Oracle Functions is a fully managed, multi-tenant, highly scalable, on-demand, Functions-as-a-Service platform.
It is built on enterprise-grade Oracle Cloud Infrastructure and powered by the Fn Project open source engine.
Use Oracle Functions (sometimes abbreviated to just Functions) when you want to focus on writing code to
meet business needs.

23. Question
Your Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) administrator has created an OKE cluste
with one node pool in a public subnet. You have been asked to provide a log file from one of the nodes for
troubleshooting purpose. Which step should you take to obtain the log file?

ssh into the node using public key.

ssh into the nodes using private key.

It is impossible since OKE is a managed Kubernetes service.

Use the username opc and password to login.

Incorrect
Kubernetes cluster is a group of nodes. The nodes are the machines running applications. Each node can be a
physical machine or a virtual machine. The node’s capacity (its number of CPUs and amount of memory) is
defined when the node is created. A cluster comprises:
– one or more master nodes (for high availability, typically there will be a number of master nodes)
– one or more worker nodes (sometimes known as minions)
Connecting to Worker Nodes Using SSH
If you provided a public SSH key when creating the node pool in a cluster, the public key is installed on all
worker nodes in the cluster. On UNIX and UNIX-like platforms (including Solaris and Linux), you can then
connect through SSH to the worker nodes using the ssh utility (an SSH client) to perform administrative tasks.
Note the following instructions assume the UNIX machine you use to connect to the worker node:
Has the ssh utility installed.
Has access to the SSH private key file paired with the SSH public key that was specified when the cluster was
created.
How to connect to worker nodes using SSH depends on whether you specified public or private subnets for the
worker nodes when defining the node pools in the cluster.
Connecting to Worker Nodes in Public Subnets Using SSH
Before you can connect to a worker node in a public subnet using SSH, you must define an ingress rule in the
subnet’s security list to allow SSH access. The ingress rule must allow access to port 22 on worker nodes from
source 0.0.0.0/0 and any source port
To connect to a worker node in a public subnet through SSH from a UNIX machine using the ssh utility:
1- Find out the IP address of the worker node to which you want to connect. You can do this in a number of
ways:
Using kubectl. If you haven’t already done so, follow the steps to set up the cluster’s kubeconfig configuration
file and (if necessary) set the KUBECONFIG environment variable to point to the file. Note that you must set up
your own kubeconfig file. You cannot access a cluster using a kubeconfig file that a different user set up. See
Setting Up Cluster Access. Then in a terminal window, enter kubectl get nodes to see the public IP addresses
of worker nodes in node pools in the cluster.
Using the Console. In the Console, display the Cluster List page and then select the cluster to which the worker
node belongs. On the Node Pools tab, click the name of the node pool to which the worker node belongs. On
the Nodes tab, you see the public IP address of every worker node in the node pool.
Using the REST API. Use the ListNodePools operation to see the public IP addresses of worker nodes in a node
pool.
2- In the terminal window, enter ssh opc@ to connect to the worker node, where is the IP address of the
worker node that you made a note of earlier. For example, you might enter ssh opc@192.0.2.254.
Note that if the SSH private key is not stored in the file or in the path that the ssh utility expects (for example,
the ssh utility might expect the private key to be stored in ~/.ssh/id_rsa), you must explicitly specify the private
key filename and location in one of two ways:
Use the -i option to specify the filename and location of the private key. For example, ssh -i
~/.ssh/my_keys/my_host_key_filename opc@192.0.2.254
Add the private key filename and location to an SSH configuration file, either the client configuration file
(~/.ssh/config) if it exists, or the system-wide client configuration file (/etc/ssh/ssh_config). For example, you
might add the following:
Host 192.0.2.254 IdentityFile ~/.ssh/my_keys/my_host_key_filename
For more about the ssh utility’s configuration file, enter man ssh_config
Note also that permissions on the private key file must allow you read/write/execute access, but prevent other
users from accessing the file. For example, to set appropriate permissions, you might enter chmod 600
~/.ssh/my_keys/my_host_key_filename. If permissions are not set correctly and the private key file is accessible
to other users, the ssh utility will simply ignore the private key file.
24. Question
Which Oracle Cloud Infrastructure (OCI) load balancer shape Is used by default in OCI Container Engine for
Kubernetes?

There is no default.The shape has to be specified

8000 Mbps

100 Mbps

400 Mbps

Correct
Specifying Alternative Load Balancer Shapes
The shape of an Oracle Cloud Infrastructure load balancer specifies its maximum total bandwidth (that is,
ingress plus egress). By default, load balancers are created with a shape of 100Mbps. Other shapes are
available, including 400Mbps and 8000Mbps.
To specify an alternative shape for a load balancer, add the following annotation in the metadata section of the
manifest file: service.beta.kubernetes.io/oci-load-balancer-shape:
where value is the bandwidth of the shape (for example, 100Mbps, 400Mbps, 8000Mbps).

25. Question
Which two statements are true for service choreography?
 Service choreography should not use events for communication.

Decision logic in service choreography is distributed.

Services involved in choreography communicate through messages/messaging systems.

Service choreographer is responsible for invoking other services.

Service choreography relies on a central coordinator.

Correct
Service choreography is a global description of the participating services, which is defined by exchange of
messages, rules of interaction and agreements between two or more endpoints. Choreography employs a
decentralized approach for service composition. the decision logic is distributed, with no centralized point.

Choreography, in contrast, does not rely on a central coordinator. and all participants in the choreography need
to be aware of the business process, operations to execute, messages to exchange, and the timing of message
exchanges.

26. Question
You encounter an unexpected error when invoking the Oracle Function named “myfunction” in application
“myapp”. Which can you use to get more information on the error?

fn --debug invoke myapp myfunction

DEBUG=1 fn invoke myapp myfunction

fn --verbose invoke myapp myfunction

Call Oracle support with your error message

Correct
Troubleshooting Oracle Functions
If you encounter an unexpected error when using an Fn Project CLI command, you can find out more about the
problem by starting the command with the string DEBUG=1 and running the command again. For example:
$ DEBUG=1 fn invoke helloworld-app helloworld-func
Note that DEBUG=1 must appear before the command, and that DEBUG must be in upper case.

27. Question
As a cloud-native developer, you have written a web service for your company. You have used Oracle Cloud
Infrastructure (OCI) API Gateway service to expose the HTTP backend. However, your security team has
suggested that your web service should handle Distributed Denial-of-Service (DDoS) attack. You are time-
constrained and you need to make sure that this is implemented as soon as possible.
what should you do in this scenario?
 Use OCI virtual cloud network (VCN) segregation to control DDoS.

Use OCI API Gateway service and configure rate limiting.

Use a third party service integration to implement a DDoS attack mitigation.

Re-write your web service and implement rate limiting.

Correct
Having created an API gateway and deployed one or more APIs on it, you’ll typically want to limit the rate at
which front-end clients can make requests to back-end services. For example, to:
– maintain high availability and fair use of resources by protecting back ends from being overwhelmed by too
many requests
– prevent denial-of-service attacks
– constrain costs of resource consumption
– restrict usage of APIs by your customers’ users in order to monetize APIs
You apply a rate limit globally to all routes in an API deployment specification.
If a request is denied because the rate limit has been exceeded, the response header specifies when the
request can be retried.
You can add a rate-limiting request policy to an API deployment specification by:
using the Console
editing a JSON file

28. Question
You are developing a polyglot serverless application using Oracle Functions. ‘Which language cannot be used to
write your function code?

Java

Node.js

PL/SQL

Go

Python

Correct
The serverless and elastic architecture of Oracle Functions means there’s no infrastructure administration or
software administration for you to perform. You don’t provision or maintain compute instances, and operating
system software patches and upgrades are applied automatically. Oracle Functions simply ensures your app is
highly-available, scalable, secure, and monitored. With Oracle Functions, you can write code in Java, Python,
Node, Go, and Ruby (and for advanced use cases, bring your own Dockerfile, and Graal VM). You can then
deploy your code, call it directly or trigger it in response to events, and get billed only for the resources
consumed during the execution.
29. Question
A pod security policy (PSP) is implemented in your Oracle Cloud Infrastructure Container Engine for Kubernetes
cluster Which rule can you use to prevent a container from running as root using PSP?

NoPrivilege

RunOnlyAsUser

MustRunAsNonRoot

forbiddenRoot

Correct
# Require the container to run without root privileges.
rule: ‘MustRunAsNonRoot’
Reference: https://kubernetes.io/docs/concepts/policy/pod-security-policy/

30. Question
You are processing millions of files in an Oracle Cloud Infrastructure (OCI) Object Storage bucket. Each time a
new file is created, you want to send an email to the customer and create an order in a database. The solution
should perform and minimize cost, Which action should you use to trigger this email?

Schedule a cron job that monitors the OCI Object Storage bucket and emails the customer when a new file
is created.

Use OCI Events service and OCI Notification service to send an email each time a file is created.

Schedule an Oracle Function that checks the OCI Object Storage bucket every minute and emails the
customer when a file is found.

Schedule an Oracle Function that checks the OCI Object Storage bucket every second and email the
customer when a file is found.

Correct
Oracle Cloud Infrastructure Events enables you to create automation based on the state changes of resources
throughout your tenancy. Use Events to allow your development teams to automatically respond when a
resource changes its state.
Here are some examples of how you might use Events:
Send a notification to a DevOps team when a database backup completes.
Convert files of one format to another when files are uploaded to an Object Storage bucket.
You can only deliver events to certain Oracle Cloud Infrastructure services with a rule. Use the following
services to create actions:
Notifications
Streaming
Functions

31. Question
Which testing approaches is a must for achieving high velocity of deployments and release of cloud-native
applications?

Integration testing

A/B testing

Automated testing

Penetration testing

Correct
Oracle Cloud Infrastructure provides a number of DevOps tools and plug-ins for working with Oracle Cloud
Infrastructure services. These can simplify provisioning and managing infrastructure or enable automated
testing and continuous delivery.

A/B Testing
While A/B testing can be combined with either canary or blue-green deployments, it is a very different thing.
A/B testing really targets testing the usage behavior of a service or feature and is typically used to validate a
hypothesis or to measure two versions of a service or feature and how they stack up against each other in
terms of performance, discoverability and usability. A/B testing often leverages feature flags (feature toggles),
which allow you to dynamically turn features on and off.
Integration Testing
Integration tests are also known as end-to-end (e2e) tests. These are long-running tests that exercise the
system in the way it is intended to be used in production. These are the most valuable tests in demonstrating
reliability and thus increasing confidence.
Penetration Testing
Oracle regularly performs penetration and vulnerability testing and security assessments against the Oracle
cloud infrastructure, platforms, and applications. These tests are intended to validate and improve the overall
security of Oracle Cloud Services.

The best answer is automated testing

32. Question
A service you are deploying to Oracle infrastructure (OCI) Container Engine for Kubernetes (OKE) uses a docker
image from a private repository Which configuration is necessary to provide access to this repository from OKE?

Add a generic secret on the cluster containing your identity credentials. Then specify a registry credentials
property in the deployment manifest.
 Create a docker-registry secret for OCIR with API key credentials on the cluster, and specify the image pull
secret property in the application deployment manifest.

Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the image pull
secret property in the application deployment manifest.

Create a dynamic group for nodes in the cluster, and a policy that allows the dynamic group to read
repositories in the same compartment.

Correct
Pulling Images from Registry during Deployment
During the deployment of an application to a Kubernetes cluster, you’ll typically want one or more images to be
pulled from a Docker registry. In the application’s manifest file you specify the images to pull, the registry to
pull them from, and the credentials to use when pulling the images. The manifest file is commonly also referred
to as a pod spec, or as a deployment.yaml file (although other filenames are allowed).
If you want the application to pull images that reside in Oracle Cloud Infrastructure Registry, you have to
perform two steps:
– You have to use kubectl to create a Docker registry secret. The secret contains the Oracle Cloud
Infrastructure credentials to use when pulling the image. When creating secrets, Oracle strongly recommends
you use the latest version of kubectl
To create a Docker registry secret:
1- If you haven’t already done so, follow the steps to set up the cluster’s kubeconfig configuration file and (if
necessary) set the KUBECONFIG environment variable to point to the file. Note that you must set up your own
kubeconfig file. You cannot access a cluster using a kubeconfig file that a different user set up.
2- In a terminal window, enter:
$ kubectl create secret docker-registry –docker-server=.ocir.io –docker-username=’/‘ –docker-password=’‘ –
docker-email=’‘
where:
is a name of your choice, that you will use in the manifest file to refer to the secret . For example, ocirsecret
is the key for the Oracle Cloud Infrastructure Registry region you’re using. For example, iad. See Availability by
Region.
ocir.io is the Oracle Cloud Infrastructure Registry name.
is the auto-generated Object Storage namespace string of the tenancy containing the repository from which the
application is to pull the image (as shown on the Tenancy Information page). For example, the namespace of
the acme-dev tenancy might be ansh81vru1zp. Note that for some older tenancies, the namespace string might
be the same as the tenancy name in all lower-case letters (for example, acme-dev).
is the username to use when pulling the image. The username must have access to the tenancy specified by .
For example, jdoe@acme.com . If your tenancy is federated with Oracle Identity Cloud Service, use the format
oracleidentitycloudservice/
is the auth token of the user specified by . For example, k]j64r{1sJSSF-;)K8
is an email address. An email address is required, but it doesn’t matter what you specify. For example,
jdoe@acme.com
– You have to specify the image to pull from Oracle Cloud Infrastructure Registry, including the repository
location and the Docker registry secret to use, in the application’s manifest file.
33. Question
A leading insurance firm is hosting its customer portal in Oracle Cloud Infrastructure (OCI) Container Engine for
Kubernetes with an OCI Autonomous Database. Their support team discovered a lot of SQL injection attempts
and cross-site scripting attacks to the portal, which is starting to affect the production environment.
What should they implement to mitigate this attack?

Network Security Lists

Network Security Groups

Network Security Firewall

Web Application Firewall

Correct
Oracle Cloud Infrastructure Web Application Firewall (WAF) is a cloud-based, Payment Card Industry (PCI)
compliant, global security service that protects applications from malicious and unwanted internet traffic. WAF
can protect any internet facing endpoint, providing consistent rule enforcement across a customer’s
applications.
WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting
(XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically
allowed desirable bots to enter. Access rules can limit based on geography or the signature of the request.

34. Question
You are building a container image and pushing it to the Oracle Cloud Infrastructure Registry (OCIR). You need to
make sure that these get deleted from the repository.
Which action should you take?

Create a group and assign a policy to perform lifecycle operations on images.

Edit the tenancy global retention policy.

Set global policy of image retention to "Retain All Images"

In your compartment, write a policy to limit access to the specific repository.

Correct
Deleting an Image
When you no longer need an old image or you simply want to clean up the list of image tags in a repository,
you can delete images from Oracle Cloud Infrastructure Registry.
Your permissions control the images in Oracle Cloud Infrastructure Registry that you can delete. You can delete
images from repositories you’ve created, and from repositories that the groups to which you belong have been
granted access by identity policies. If you belong to the Administrators group, you can delete images from any
repository in the tenancy.
Note that as well deleting individual images , you can set up image retention policies to delete images
automatically based on selection criteria you specify
(see Retaining and Deleting Images Using Retention Policies).

Note:
In each region in a tenancy, there’s a global image retention policy. The global image retention policy’s default
selection criteria retain all images so that no images are automatically deleted. However, you can change the
global image retention policy so that images are deleted if they meet the criteria you specify. A region’s global
image retention policy applies to all repositories in the region, unless it is explicitly overridden by one or more
custom image retention policies.

You can set up custom image retention policies to override the global image retention policy with different
criteria for specific repositories in a region. Having created a custom image retention policy, you apply the
custom retention policy to a repository by adding the repository to the policy. The global image retention policy
no longer applies to repositories that you add to a custom retention policy.

35. Question
Your organization uses a federated identity provider to login to your Oracle Cloud Infrastructure (OCI)
environment. As a developer, you are writing a script to automate some operations and want to use OCI CLI to
do that. Your security team doesn’t allow storing private keys on local machines.
How can you authenticate with OCI CLI?

Run oci setup keys and provide your credentials

Run oci session refresh -profile

Run oci session authenticate and provide your credentials

Run oci setup oci-cli-rc -file path/to/target/file

Incorrect
Token-based authentication for the CLI allows customers to authenticate their session interactively, then use
the CLI for a single session without an API signing key. This enables customers using an identity provider that
is not SCIM-supported to use a federated user account with the CLI and SDKs.

Starting a Token-based CLI Session

To use token-based authentication for the CLI on a computer with a web browser:
In the CLI, run the following command. This will launch a web browser.
oci session authenticate
In the browser, enter your user credentials. This authentication information is saved to the .config file.

36. Question
Which two “Action Type” options are NOT available in an Oracle Cloud Infrastructure (OCI) Events rule definition?

Notifications
 Functions

Streaming

Email

Slack

Correct
ACTIONS
Event Rules must also specify an action to trigger when the filter finds a matching event. Actions are responses
you define for event matches. You set up select Oracle Cloud Infrastructure services that the Events service
has established as actions. The resources for these services act as destinations for matching events. When the
filter in the rule finds a match, the Events service delivers the matching event to one or more of the
destinations you identified in the rule. The destination service that receives the event then processes the event
in whatever manner you defined. This delivery provides the automation in your environment.
You can only deliver events to certain Oracle Cloud Infrastructure services with a rule. Use the following
services to create actions:
Notifications
Streaming
Functions

37. Question
You need to execute a script on a remote instance through Oracle Cloud Infrastructure Resource Manager. Which
option can you use?

Use /bin/sh with the full path to the location of the script to execute the script.

It cannot be done.

Download the script to a local desktop and execute the script.

Use remote-exec

Correct
Resource Manager is an Oracle Cloud Infrastructure service that allows you to automate the process of
provisioning your Oracle Cloud Infrastructure resources. Using Terraform, Resource Manager helps you install,
configure, and manage resources through the “infrastructure-as-code” model.
With Resource Manager, you can use Terraform’s remote exec functionality to execute scripts or commands on
a remote computer. You can also use this technique for other provisioners that require access to the remote
resource.

38. Question
Which concept is NOT related to Oracle Cloud Infrastructure Resource Manager?
 Job

Stack

Queue

Plan

Correct
Following are brief descriptions of key concepts and the main components of Resource Manager.
CONFIGURATION
Information to codify your infrastructure. A Terraform configuration can be either a solution or a file that you
write and upload.
JOB
Instructions to perform the actions defined in your configuration. Only one job at a time can run on a given
stack; further, you can have only one set of Oracle Cloud Infrastructure resources on a given stack. To provision
a different set of resources, you must create a separate stack and use a different configuration.
Resource Manager provides the following job types:
Plan: Parses your Terraform configuration and creates an execution plan for the associated stack. The execution
plan lists the sequence of specific actions planned to provision your Oracle Cloud Infrastructure resources. The
execution plan is handed off to the apply job, which then executes the instructions.
Apply. Applies the execution plan to the associated stack to create (or modify) your Oracle Cloud Infrastructure
resources. Depending on the number and type of resources specified, a given apply job can take some time.
You can check status while the job runs.
Destroy. Releases resources associated with a stack. Released resources are not deleted. For example,
terminates a Compute instance controlled by a stack. The stack’s job history and state remain after running a
destroy job. You can monitor the status and review the results of a destroy job by inspecting the stack’s log
files.
Import State. Sets the provided Terraform state file as the current state of the stack. Use this job to migrate
local Terraform environments to Resource Manager.
STACK
The collection of Oracle Cloud Infrastructure resources corresponding to a given Terraform configuration. Each
stack resides in the compartment you specify, in a single region; however, resources on a given stack can be
deployed across multiple regions. An OCID is assigned to each stack.

39. Question
In the sample Kubernetes manifest file below, what annotations should you add to create a private load balancer
In oracle Cloud infrastructure Container Engine for Kubermetes?

apiversion: vi
kind: Service
metadata:
name: my-nginx-svc
labels:
app: nginx
annotations:

spec:
type: LoadBalancer
ports:
– port: 80
selector:
app: nginx

apiVersion: vl
kind: Service
metadata:
name: my-nginx-svc
labels:
app: nginx
annotations:

spec:
type: LoadBalancer
ports:
– port: 80
selector:
app: nginx

service.beta.kubernetes. service.beta.kubernetes. o/oci-load-balancer-private: "true" service.beta.kubernetes

service.beta.kubernetes io/oci-load-balancer-subnet1: "ocidl.subnet.oc1..aaaaa.....vdfw"

service.beta.kubernetes. service.beta.kubernetes. o/oci-load-balancer-internal: "true"

service.beta.kubernetes service.beta.kubernetes io/oci-load-balancer-subnet1:
"ocidl.subnet.oc1..aaaaa.....vdfw"

service.beta.kubernetes. service.beta.kubernetes. o/oci-load-balancer-private: "true"

service.beta.kubernetes. service.beta.kubernetes. o/oci-load-balancer-internal: "true"

Correct
Creating Internal Load Balancers in Public and Private Subnets
You can create Oracle Cloud Infrastructure load balancers to control access to services running on a cluster:
When you create a ‘custom’ cluster, you select an existing VCN that contains the network resources to be used
by the new cluster. If you want to use load balancers to control traffic into the VCN, you select existing public or
private subnets in that VCN to host the load balancers.
When you create a ‘quick cluster’, the VCN that’s automatically created contains a public regional subnet to host
a load balancer. If you want to host load balancers in private subnets, you can add private subnets to the VCN
later.
Alternatively, you can create an internal load balancer service in a cluster to enable other programs running in
the same VCN as the cluster to access services in the cluster. You can host internal load balancers in public
subnets and private subnets.
To create an internal load balancer hosted on a public subnet, add the following annotation in the metadata
section of the manifest file:
service.beta.kubernetes.io/oci-load-balancer-internal: “true”
To create an internal load balancer hosted on a private subnet, add both following annotations in the metadata
section of the manifest file:
service.beta.kubernetes.io/oci-load-balancer-internal: “true”
service.beta.kubernetes.io/oci-load-balancer-subnet1: “ocid1.subnet.oc1..aaaaaa….vdfw”
where ocid1.subnet.oc1..aaaaaa….vdfw is the OCID of the private subnet.

40. Question
Per CAP theorem, in which scenario do you NOT need to make any trade-off between the guarantees?

when there are no network partitions

when the system is running in the cloud

when the system is running on-premise

when you are using load balancers

Correct
CAP THEOREM
“CONSISTENCY, AVAILABILITY and PARTITION TOLERANCE are the features that we want in our distributed
system together”
Of three properties of shared-data systems (Consistency, Availability and tolerance to network Partitions) only
two can be achieved at any given moment in time.

41. Question
Which two are benefits of distributed systems?

Privacy

Security

Ease of testing

Scalability

Resiliency

Correct
distributed systems of native-cloud like functions that have a lot of benefit like
Resiliency and availability
Resiliency and availability refers to the ability of a system to continue operating, despite the failure or sub-
optimal performance of some of its components.
In the case of Oracle Functions:
The control plane is a set of components that manages function definitions.
The data plane is a set of components that executes functions in response to invocation requests.
For resiliency and high availability, both the control plane and data plane components are distributed across
different availability domains and fault domains in a region. If one of the domains ceases to be available, the
components in the remaining domains take over to ensure that function definition management and execution
are not disrupted.
When functions are invoked, they run in the subnets specified for the application to which the functions belong.
For resiliency and high availability, best practice is to specify a regional subnet for an application (or
alternatively, multiple AD-specific subnets in different availability domains). If an availability domain specified for
an application ceases to be available, Oracle Functions runs functions in an alternative availability domain.
Concurrency and Scalability
Concurrency refers to the ability of a system to run multiple operations in parallel using shared resources.
Scalability refers to the ability of the system to scale capacity (both up and down) to meet demand.
In the case of Functions, when a function is invoked for the first time, the function’s image is run as a container
on an instance in a subnet associated with the application to which the function belongs. When the function is
executing inside the container, the function can read from and write to other shared resources and services
running in the same subnet (for example, Database as a Service). The function can also read from and write to
other shared resources (for example, Object Storage), and other Oracle Cloud Services.
If Oracle Functions receives multiple calls to a function that is currently executing inside a running container,
Oracle Functions automatically and seamlessly scales horizontally to serve all the incoming requests. Oracle
Functions starts multiple Docker containers, up to the limit specified for your tenancy. The default limit is 30 GB
of RAM reserved for function execution per availability domain, although you can request an increase to this
limit. Provided the limit is not exceeded, there is no difference in response time (latency) between functions
executing on the different containers.

42. Question
Which one of the statements describes a service aggregator pattern?

It is implemented in each service separately and uses a streaming service

It involves implementing a separate service that makes multiple calls to other backend services

It uses a queue on both sides of the service communication

It involves sending events through a message broker

Correct
this pattern isolates an operation that makes calls to multiple back-end microservices, centralizing its logic into a
specialized microservice.

43. Question
Which two handle Oracle Functions authentication automatically?
 Oracle Cloud Infrastructure SDK

cURL

Oracle Cloud Infrastructure CLl

Signed HTTP Request

Fn Project CLI

Correct
Fn Project CLI
you can create an Fn Project CLI Context to Connect to Oracle Cloud Infrastructure and specify –provider oracle
This option enables Oracle Functions to perform authentication and authorization using Oracle Cloud
Infrastructure request signing, private keys, user groups, and policies that grant permissions to those user
groups.

44. Question
You have been asked to create a stateful application deployed in Oracle Cloud Infrastructure (OCI) Container
Engine for Kubernetes (OKE) that requires all of your worker nodes to mount and write data to persistent
volumes.
Which two OCI storage services should you use?

Use OCI File Services as persistent volume.

Use GlusterFS as persistent volume.

Use OCI Block Volume backed persistent volume.

Use open source storage solutions on top of OCI.

Use OCI Object Storage as persistent volume.

Correct
A PersistentVolume (PV) is a piece of storage in the cluster that has been provisioned by an administrator. PVs
are volume plugins like Volumes, but have a lifecycle independent of any individual Pod that uses the PV.
A PersistentVolumeClaim (PVC) is a request for storage by a user. It is similar to a Pod. Pods consume node
resources and PVCs consume PV resources.
If you intend to create Kubernetes persistent volumes, sufficient block volume quota must be available in each
availability domain to meet the persistent volume claim. Persistent volume claims must request a minimum of
50 gigabytes

You can define and apply a persistent volume claim to your cluster, which in turn creates a persistent volume
that’s bound to the claim. A claim is a block storage volume in the underlying IaaS provider that’s durable and
offers persistent storage, enabling your data to remain intact, regardless of whether the containers that the
storage is connected to are terminated.
 With Oracle Cloud Infrastructure as the underlying IaaS provider, you can provision persistent volume claims by
attaching volumes from the Block Storage service.

45. Question
How can you find details of the tolerations field for the sample YAML file below?
apiVersion: v1
kind: Pod
metadata:
name: busybox \
namespace: default
spec:
containers:
– image: busybox
command:
– sleep
-3600
imagePullPolicy: IfNotPresent
name: busybox
restartPolicy: Always
tolerations:
…

kubectl list pod.spec.tolerations

kubectl explain pod.spec.tolerations

kubectl describe pod.spec tolerations

kubectl get pod.spec.tolerations

Correct
kubectl explain to List the fields for supported resources
https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#explain

46. Question
You are working on a serverless DevSecOps application using Oracle Functions. You have deployed a Python
function that uses the Oracle Cloud Infrastructure (OCI) Python SDK to stop any OCI Compute instance that does
not comply with your corporate security standards There are 3 non-compliant OCI Compute instances.
However, when you invoke this function none of the instances were stopped. How should you troubleshoot this?

There is no way to troubleshoot a function running on Oracle Functions.

Enable function logging in the OCI console, include some print statements in your function code and use
logs to troubleshoot this.
 Enable function remote debugging in the OCI console, and use your favorite IDE to inspect the function
running on Oracle Functions.

Enable function tracing in the OCI console, and go to OCI Monitoring console to see the function stack
trace.

Correct
Storing and Viewing Function Logs
When a function you’ve deployed to Oracle Functions is invoked, you’ll typically want to store the function’s
logs so that you can review them later. You specify where Oracle Functions stores a function’s logs by setting a
logging policy for the application containing the function.
You set application logging policies in the Console.
Whenever a function is invoked in this application, its logs are stored according to the logging policy that you
specified.
you can view the logs for a function that have been stored in a storage bucket in Oracle Cloud Infrastructure
Object Storage
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsexportingfunctionlogfiles.htm

47. Question
Which is NOT a valid option to execute a function deployed on Oracle Functions?

Send a signed HTTP requests to the function's invoke endpoint

Invoke from Oracle Cloud Infrastructure CLI

Invoke from Docker CLI

Trigger by an event in Oracle Cloud Infrastructure Events service

Invoke from Fn Project CLI

Correct
You can invoke a function that you’ve deployed to Oracle Functions in different ways:
Using the Fn Project CLI.
Using the Oracle Cloud Infrastructure CLI.
Using the Oracle Cloud Infrastructure SDKs.
Making a signed HTTP request to the function’s invoke endpoint. Every function has an invoke endpoint.
Each of the above invokes the function via requests to the API. Any request to the API must be authenticated
by including a signature and the OCID of the compartment to which the function belongs in the request header.
Such a request is referred to as a ‘signed’ request. The signature includes Oracle Cloud Infrastructure
credentials in an encrypted form.

48. Question
You are implementing logging in your services that will be running in Oracle Cloud Infrastructure Container
Engine for Kubernetes. Which statement describes the appropriate logging approach?
 Each service logs to its own log file.

All services log to an external logging system.

All services log to standard output only.

All services log to a shared log file.

Correct
Application and systems logs can help you understand what is happening inside your cluster. The logs are
particularly useful for debugging problems and monitoring cluster activity. Most modern applications have
some kind of logging mechanism; as such, most container engines are likewise designed to support some kind
of logging. The easiest and most embraced logging method for containerized applications is to write to the
standard output and standard error streams.
https://kubernetes.io/docs/concepts/cluster-administration/logging/
https://blogs.oracle.com/developers/5-best-practices-for-kubernetes-security

49. Question
Which two statements are true for serverless computing and serverless architectures?

Long running tasks are perfectly suited for serverless

Serverless function state should never be stored externally

Application DevOps team is responsible for scaling

Serverless function execution is fully managed by a third party

Applications running on a FaaS (Functions as a Service) platform

Incorrect

50. Question
You are developing a distributed application and you need a call to a path to always return a specific JSON
content deploy an Oracle Cloud Infrastructure API Gateway with the below API deployment specification.
What is the correct value for type?
{
“routes”: [{
“path”: “/hello”,
“methods”: [“GET”),
“backend”: {
“type”: “————–“,
“status”: 200, .
“headers”: [{
“name”: “Content-Type”,
“value”: “application/json”
}]
“body” : “{\”myjson\”: \”consistent response\”}”
}
}]
}

STOCK_RESPONSE_BACKEND

CONSTANT_BACKEND

JSON_BACKEND

HTTP_BACKEND

Correct
“type”: “STOCK_RESPONSE_BACKEND” indicates that the API gateway itself will act as the back end and
return the stock response you define (the status code, the header fields and the body content).
https://docs.cloud.oracle.com/en-us/iaas/Content/APIGateway/Tasks/apigatewayaddingstockresponses.htm

51. Question
You have a containerized app that requires an Autonomous Transaction Processing (ATP) Database. Which option
is not valid for o from a container in Kubernetes?

Enable Oracle REST Data Services for the required schemas and connect via HTTPS.

Create a Kubernetes secret with contents from the instance Wallet files. Use this secret to create a volume
mounted to the appropriate path in the application deployment manifest.

Use Kubernetes secrets to configure environment variables on the container with ATP instance OCID, and
OCI API credentials. Then use the CreateConnection API endpoint from the service runtime.

Install the Oracle Cloud Infrastructure Service Broker on the Kubernetes cluster and deploy serviceinstance
and serviceBinding resources for ATP. Then use the specified binding name as a volume in the application
deployment manifest.

Correct
https://blogs.oracle.com/developers/creating-an-atp-instance-with-the-oci-service-broker
https://blogs.oracle.com/cloud-infrastructure/integrating-oci-service-broker-with-autonomous-transaction-
processing-in-the-real-world

52. Question
Which is NOT a supported SDk Oracle Cloud Infrastructure (OCI)?

Go SDK

Java SDK
 NET SDK

Ruby SDK

Python SDK

Correct
Oracle Cloud Infrastructure SDKs and CLI require basic configuration information, like user credentials and
tenancy OCID. You can provide this information by:
– Using a configuration file
– Declaring a configuration at runtime
The SDKs fully support both options. Refer to the documentation for each SDK for information about the config
object and any exceptions when using a configuration file:
SDK for Java Configuration
Python SDK Configuration
Ruby SDK Configuration
Go SDK Configuration

53. Question
You are a consumer of Oracle Cloud Infrastructure (OCI) Streaming service. Which API should you use to read
and process the stream?

ListMessages

GetMessages

GetObject

ReadMessages

Correct
CONSUMER
An entity that reads messages from one or more streams.
CONSUMER GROUP
A consumer group is a set of instances which coordinates messages from all of the partitions in a stream.
Instances in a consumer group maintain group membership through interaction; lack of interaction for a period
of time results in a timeout, removing the instance from the group.
A consumer can read messages from one or more streams. Each message within a stream is marked with an
offset value, so a consumer can pick up where it left off if it is interrupted.
You can use the Streaming service by:
– Creating a stream using the Console or API.
– Using a producer to publish data to the stream.
– Building consumers to read and process messages from a stream using the GetMessages API .

54. Question
What is one of the differences between a microservice and a serverless function?

Microservices are used for long running operations and serverless functions for short running operations.

Microservices always use a data store and serverless functions never use a data store.

Microservices are stateless and serverless functions are stateful.

Microservices are triggered by events and serverless functions are not.

Correct
microservice is larger and can do more than a function. A function is a relatively small bit of code that performs
only one action in response to an event.
In many cases, microservices can be decomposed into a number of smaller stateless functions. The difference
between microservices and functions is not simply the size. Functions are stateless, and they require no
knowledge about or configuration of the underlying server—hence, the term serverless.
https://developer.oracle.com/java/fn-project-introduction.html

55. Question
Which header is NOT required when signing GET requests to Oracle Cloud Infrastructure APIs?

date or x-date

(request-target)

content-type

host

Incorrect
For GET and DELETE requests (when there’s no content in the request body), the signing string must include at
least these headers:
– (request-target)
– host
– date or x-date (if both are included, Oracle uses x-date)

56. Question
With the volume of communication that can happen between different components in cloud-native applications, i
is vital to not only test functionality, but also service resiliency.
Which statement is true with regards to service resiliency?

Resiliency is about recovering from failures without downtime or data loss.

A goal of resiliency is not to bring a service to a functioning state after a failure.

 Resiliency testing can be only done in a test environment.

Resiliency is about avoiding failures.

Correct
Resiliency and Availability
Resiliency and availability refers to the ability of a system to continue operating, despite the failure or sub-
optimal performance of some of its components.
In the case of Oracle Functions:
The control plane is a set of components that manages function definitions.
The data plane is a set of components that executes functions in response to invocation requests.
For resiliency and high availability, both the control plane and data plane components are distributed across
different availability domains and fault domains in a region. If one of the domains ceases to be available, the
components in the remaining domains take over to ensure that function definition management and execution
are not disrupted.
When functions are invoked, they run in the subnets specified for the application to which the functions belong.
For resiliency and high availability, best practice is to specify a regional subnet for an application (or
alternatively, multiple AD-specific subnets in different availability domains). If an availability domain specified for
an application ceases to be available, Oracle Functions runs functions in an alternative availability domain.

57. Question
You are building a cloud native, serverless travel application with multiple Oracle Functions in Java, Python and
Node.js. You need to build and deploy these functions to a single application named travel-app.
Which command will help you complete this task successfully?

oci fn function deploy --ap travel-ap --all

fn deploy --ap travel-ap -- all

oci fn application --application-name-ap deploy --all

fn function deploy --all --application-name travel-ap

Correct
check the steps for Creating, Deploying, and Invoking a Helloworld Function
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionscreatingfirst.htm
in step 7 that will deploy the funcation
7- Enter the following single Fn Project command to build the function and its dependencies as a Docker image
called helloworld-func, push the image to the specified Docker registry, and deploy the function to Oracle
Functions in the helloworld-app:
$ fn -v deploy –app helloworld-app
The -v option simply shows more detail about what Fn Project commands are doing (see Using the Fn Project
CLI with Oracle Functions).
 check the below link for more detials

58. Question
In a Linux environment, what is the default locations of the configuration file that Oracle Cloud Infrastructure CLI
uses for profile information?

/etc/.oci/config

/usr/local/bin/config

SHOME/.oci/config

/usr/bin/oci/config

Correct
By default, the Oracle Cloud Infrastructure CLI configuration file is located at ~/.oci/config.
You might already have a configuration file as a result of installing the Oracle Cloud Infrastructure CLI.

59. Question
Which two statements accurately describe an Oracle Functions application?

A small block of code invoked in response to an Oracle Cloud Infrastructure (OCI) Events service

A Docker image containing all the functions that share the same configuration

An application based on Oracle Functions, Oracle Cloud Infrastructure (OCI) Events and OCI API Gateway
services

A common context to store configuration variables that are available to all functions in the application

A logical group of functions

Incorrect
Applications in the Function services
In Oracle Functions, an application is:
– a logical grouping of functions
– a common context to store configuration variables that are available to all functions in the application
When you define an application in Oracle Functions, you specify the subnets in which to run the functions in the
application.

60. Question
Which statement accurately describes Oracle Cloud Infrastructure (OCI) Load Balancer integration with OCI
Container Engine for Kubernetes (OKE)?
 OKE service provisions an OCI Load Balancer instance for each Kubernetes service with LoadBalancer type
in the YAML configuration.

OCI Load Balancer instance provisioning is triggered by OCI Events service for each Kubernetes service
with LoadBalancer type in the YAML configuration.

OCI Load Balancer instance must be manually provisioned for each Kubernetes service that requires traffic
balancing.

OKE service provisions a single OCI Load Balancer instance shared with all the Kubernetes services with
LoadBalancer type in the YAML configuration.

Correct
If you are running your Kubernetes cluster on Oracle Container Engine for Kubernetes (commonly known as
OKE), you can have OCI automatically provision load balancers for you by creating a Service of type
LoadBalancer instead of (or in addition to) installing an ingress controller like Traefik or Voyage

YAML file

When you apply this YAML file to your cluster, you will see the new service is created. After a short time
(typically less than a minute) the OCI Load Balancer will be provisioned.

https://oracle.github.io/weblogic-kubernetes-operator/faq/oci-lb/

61. Question
What is the minimum of storage that a persistent volume claim can obtain in Oracle Cloud Infrastructure
Container Engine for Kubernetes (OKE)?

50 GB

10 GB

1 GB

1 TB

Correct
Block volume quota: If you intend to create Kubernetes persistent volumes, sufficient block volume quota must
be available in each availability domain to meet the persistent volume claim. Persistent volume claims must
request a minimum of 50 gigabytes.

62. Question
You are developing a serverless application with Oracle Functions and Oracle Cloud Infrastructure Object Storage
Your function needs to read a JSON file object from an Object Storage bucket named “input-bucket” in
compartment “qa-compartment” Your corporate security standards mandate the use of Resource Principals for
this use case.
Which two statements are needed to implement this use case?

Set up a policy with the following statement to grant read access to the bucket: allow dynamic-group read-
file-dg to read objects in compartment qa-compartment where target.bucket .name=' input-bucket *

Set up the following dynamic group for your function's OCID: Name: read-file-dg Rule: resource . id= '
ocid1. f nf unc. ocl -phx. aaaaaaaakeaobctakezj z5i4uj j 7g25q7sx5mvr55pms6f 4da !

Set up a policy to grant all functions read access to the bucket: allow all functions in compartment qa-
compartment to read objects in target.bucket.name='input- bucket'

Set up a policy to grant your user account read access to the bucket: allow user XYZ to read objects in
compartment qa-compartment where target .bucket, name-'input-bucket'

No policies are needed. By default, every function has read access to Object Storage buckets in the tenancy

Incorrect
When a function you’ve deployed to Oracle Functions is running, it can access other Oracle Cloud Infrastructure
resources. For example:
– You might want a function to get a list of VCNs from the Networking service.
– You might want a function to read data from an Object Storage bucket, perform some operation on the data,
and then write the modified data back to the Object Storage bucket.
To enable a function to access another Oracle Cloud Infrastructure resource, you have to include the function in
a dynamic group, and then create a policy to grant the dynamic group access to that resource.

https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsaccessingociresources.htm

63. Question
You are using Oracle Cloud Infrastructure (OCI), Resource Manager, to manage your infrastructure lifecycle and
wish to receive an email each time a Terraform action begins.
How should you use the OCI Events service to do this without writing any code?

Create an OCI Notifications topic and email subscription with the destination email address. Then create an
OCI Events rule matching "Resource Manager Stack - Update" condition, and select the notification topic for
the corresponding action.

Create an OCI Notification topic and email subscription with the destination email address. Then create an
OCI Events rule matching "Resource Manager job - Create" condition, and select the notification topic for the
corresponding action.

Create a rule in OCI Events service matching the "Resource Manager Stack - Update" condition. Then select
"Action Type: Email" and provide the destination email address

Create an OCI Email Delivery configuration with the destination email address. Then create an OCI Events
rule matching "Resource Manager Job - Create" condition, and select the email configuration for the
corresponding action.
Correct

64. Question
You are tasked with developing an application that requires the use of Oracle Cloud Infrastructure (OCI) APIs to
POST messages to a stream in the OCI Streaming service.
Which statement is incorrect?

The request must include an authorization signing string including (but not limited to) x-content- sha256,
content-type, and content-length headers.

The Content-Type header must be Set to application/json

An HTTP 401 will be returned if the client's clock is skewed more than 5 minutes from the server's.

The request does not require an Authorization header.

Correct
Emits messages to a stream. There’s no limit to the number of messages in a request, but the total size of a
message or request must be 1 MiB or less. The service calculates the partition ID from the message key and
stores messages that share a key on the same partition. If a message does not contain a key or if the key is
null, the service generates a message key for you. The partition ID cannot be passed as a parameter.
POST /20180418/streams//messages
Host: streaming-api.us-phoenix-1.oraclecloud.com

{
“messages”:
{
{
“key”: null,
“value”: “VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wZWQgb3ZlciB0aGUgbGF6eSBkb2cu”
},
{
“key”: null,
“value”: “UGFjayBteSBib3ggd2l0aCBmaXZlIGRvemVuIGxpcXVvciBqdWdzLg==”
}
}
}
https://docs.cloud.oracle.com/en-us/iaas/api/#/en/streaming/20180418/Message/PutMessages

65. Question
You are working on a cloud native e-commerce application on Oracle Cloud Infrastructure (OCI). Your application
architecture has multiple OCI services, including Oracle Functions. You need to trigger these functions directly
from other OCI services, without having to run custom code.
Which OCI service cannot trigger your functions directly?
 OCI Events Service

OCI Registry

OCI API Gateway

Oracle Integration

Incorrect
Oracle Functions is a fully managed, multi-tenant, highly scalable, on-demand, Functions-as-a-Service platform.
It is built on enterprise-grade Oracle Cloud Infrastructure and powered by the Fn Project open source engine.
Use Oracle Functions (sometimes abbreviated to just Functions) when you want to focus on writing code to
meet business needs.
The serverless and elastic architecture of Oracle Functions means there’s no infrastructure administration or
software administration for you to perform. You don’t provision or maintain compute instances, and operating
system software patches and upgrades are applied automatically. Oracle Functions simply ensures your app is
highly-available, scalable, secure, and monitored. With Oracle Functions, you can write code in Java, Python,
Node, Go, and Ruby (and for advanced use cases, bring your own Dockerfile, and Graal VM).
You can then deploy your code, call it directly or trigger it in response to events, and get billed only for the
resources consumed during the execution.

Use Page numbers below to navigate to other

practice tests

Pages: 1 2 3 4 5 6 7 8

← Previous Post Next Post →

We help you to succeed in your certification exams

We have helped over thousands of working professionals to achieve their certification goals with our practice
tests.
 Skillcertpro

Quick Links

ABOUT US
FAQ
BROWSE ALL PRACTICE TESTS
CONTACT FORM

Important Links

REFUND POLICY
REFUND REQUEST
TERMS & CONDITIONS
PRIVACY POLICY

Privacy Policy