1Z0-1084-25: Oracle Cloud Infrastructure 2025 Developer Professional

Which concept in OCI Queue is responsible for hiding a message from other consumers for a predefined amount of time after it has been delivered to a consumer?. Maximum retention period. Visibility timeout. Polling timeout. Delivery count.

A company is developing a new e-commerce application that needs to process a high volume of orders. The application needs to be able to handle a large number of simultaneous requests and respond quickly to ensure a smooth customer experience. Which OCI service can be used to ensure reliable message delivery and decoupled communication between different parts of the application?. OCI Service Mesh. OCI Queue. Load Balancing. OCI Registry.

Which of these is a valid use case for OCI Queue?. Sending real-time streaming data. Building decoupled and scalable systems. Managing network traffic between services. Storing and retrieving large files.

A company is developing a new application that needs to process transactions in real time. The company wants to ensure that all transactions are processed in order and that no transaction is lost. Which of these is a correct strategy for leveraging OCI Queue in this scenario?. Use a single queue to process all transactions. Use a separate queue for each type of transaction. Use a separate queue for each application instance. Use a priority queue to prioritize requests.

Which technique is used for testing the entire user flow as well as the moving parts of a cloud native app, ensuring that there are no high-level discrepancies?. End-to-end Testing. Integration Testing. Unit Testing. Contract Testing.

To effectively test your cloud native applications for "unknown unknowns", you need to employ various testing and deployment strategies. Which strategy involves exposing new functionality or features to only a small set of users?. Component Testing. Red/Blue Deployment. Canary Deployment. A/B Testing.

You have two microservices, A and B, running in production. Service A relies on APIs from service B. You want to test changes to service A without deploying all of its dependencies, which include service B. Which approach should you take to test service A?. Test against production APIs. Test using API mocks. Test the APIs in private environments. There is no need to explicitly test APIs.

Which two are characteristics of microservices?. Microservices can be implemented in limited number of programming languages. Microservices communicate over lightweight APIs. Microservices can be independently deployed. Microservices are hard to test in isolation. All microservices share a data store.

When developing microservices, each one can be developed in the language of choice. Which term describes this type of development?. DevOps. Polyglot. Agile. Distributed.

Which is a valid reason for choosing to implement a serverless architecture?. Improved in-function state management. No need for integration testing. Easier to run long-running operations. Reduced operational cost.

As a developer, you have been tasked with implementing a microservices-based application. Which two technologies are best suited to accomplish the task?. Artificial Intelligence. Kubernetes. Anomaly Detection. Service Mesh. Big Data.

Which is NOT a valid backend-type option available when configuring an Oracle Cloud Infrastructure (OCI) API Gateway Deployment?. ORACLE_STREAMS_BACKEND. HTTP_BACKEND. ORACLE_FUNCTIONS_BACKEND.

As a Cloud Native developer, you have written a web service for your company. However, your security team has suggested that your web service should address Distributed Denial of Service (D) attack. You are time-constrained and you need to ensure that this is implemented as soon as possible. What should you do in this scenario?. Use the OCI API Gateway service and configure rate limiting. Use a third party service integration to implement DDoS attack mitigation. Use the OCI Virtual Cloud Network (VCN) segregation to control DDoS. Re-write your web service and implement rate limiting.

A developer using Oracle Cloud Infrastructure (OCI) API Gateway needs to authenticate the API requests to their web application. The authentication process must be implemented using a custom scheme which accepts string-based parameters from the API caller. Which approach should the developer use in this scenario?. Create a cross account functions authorizer. Create an authorizer function using request header authorization. Create an authorizer function using token-based authorization. Create an authorizer function using OCI Identity and Access Management (IAM) based authentication.

Which statement describes how message order is maintained in OCI Streaming?. Message order is determined by the consumer application, and not by the stream. Messages within a stream partition are delivered in the same order they were produced. Messages across all partitions are delivered in the exact order they were produced. Messages in a stream are randomly ordered for scalability.

You are developing a microservices application that will be a consumer of the Oracle Cloud Infrastructure (OCI) Streaming service. Which API method should you use to read and process a stream?. ReadMessages. GetMessages. ReadStream. ProcessStream.

Which statement is NOT valid regarding the Oracle Cloud Infrastructure (OCI) Streaming service?. OCI Streaming stores all data for 24 hours by default, but that can be extended up to 7 days. Although OCI Streaming automatically encrypts all data while in transit, it is the developer's responsibility to encrypt data at rest, if needed. A stream can be configured with either a public or a private endpoint with support for customer-managed encryption keys. The throughput of a stream is defined by a partition. A partition provides 1 MB/sec data input and 2 MB/sec data output.

Which TWO statements are correct regarding Docker images and containers?. Only one container can be spawned from a given image at a time. An image is a collection of immutable layers whereas a container is a running instance of an image. A container can exist without an image but an image cannot exist without a container. Writing and building a new Dockerfile is the only way you can create new Docker images. If multiple containers are spawned from the same image, then they all use the same copy of that image in memory.

Which three statements about containers are true?. Containers are highly reusable. Containerized applications run on top of a container host that, in turn, runs on the operating system. Containers are highly portable. Containers are not scalable. Containers are essentially the same as virtual machines.

Which Docker command is used to run a new command in an already running container?. docker attach. docker start. docker exec. docker run.

Your team has been tasked with debugging a Cloud Native application developed using the following Oracle Cloud Infrastructure (OCI) services. Object Storage, Events, Functions, API Gateway, and Autonomous Database Which of these is NOT a valid option for troubleshooting issues in OCI?. Trace performance issues in the Application Performance Monitoring service by enabling Function traces. Configure the application to send logs to the OCI Logging service. View service metric information from the OCI Monitoring service. Leverage OCI Cloud Guard to extract and visualize the debug logs generated by your application.

Your development team decides to create and deploy some business logic to serverless Oracle Functions. You are asked to help facilitate the monitoring, logging, and tracing of these services Which is NOT valid about troubleshooting Oracle Functions?. Oracle Functions invocation logs require enabling at the application level. Oracle Functions metrics are available only at the application level. Oracle Functions invocation logging must be explicitly enabled by the user. Oracle Functions tracing can be configured at the function level.

Which term describes a group formed by a master machine and a worker machine in a Kubernetes architecture?. Pod. Deployment. Cluster. Container.

Kubernetes includes various elements such as compute, network, and storage. Compute is essentially CPU (units) and memory (bytes). Within an OKE cluster, what is considered to be the smallest unit of deployment with respect to compute?. Container. Service. Deployment resource. Namespace. Pod.

What is the maximum execution timeout allowed for a function deployed to an Oracle Functions application?. 2 minutes. 30 seconds. 5 minutes. 60 seconds.

You are developing a polyglot serverless application using Oracle Functions. Which is NOT an available Oracle Cloud Infrastructure (OCI) programming language SDK for implementing your function code?. PL/SQL. Python. Java. Go.

You are building a Cloud Native serverless travel application with multiple Oracle Functions in Java, Python, and Nodejs. You need to build and deploy these functions to a single application named travel-app Which command will help you complete this task successfully?. fn app --app travel-app deploy --ext java |py|js. fn app deploy --app travel-app --all. fn deploy --app travel-app --all. fn function deploy --app travel-app --a11.

Which is a difference between a microservice and a serverless function?. Microservices are triggered by events while serverless functions are not. Microservices are stateless while serverless functions are stateful. Microservices can use a data store while serverless functions cannot. Microservices can support long running operations while serverless functions cannot.

Oracle Functions monitors all deployed functions and collects and reports various metrics. Which is NOT available when viewing the Application metrics in the Oracle Cloud Infrastructure (OCI) Console?. The length of time a function runs for. The number of requests to invoke a function that failed due to throttling. The number of retries made by the function before failing due to an error. The number of requests to invoke a function that failed with an error response.

You have been asked to update an OKE cluster to a network configuration that has the least attack surface while the deployed applications are still directly available for access from the Internet. Which is a valid OKE cluster network configuration that meets this requirement?. Private subnets for nodes, the Kubernetes API endpoint, and load balancers. Private subnet for the Kubernetes API endpoint, public subnets for nodes and load balancers. Private subnets for nodes and the Kubernetes API endpoint, public subnets for load balancers. Private subnets for nodes, public subnets for the Kubernetes API endpoint and load balancers.

How can you enable image scanning for security vulnerabilities in Oracle Cloud Infrastructure Registry (Container Registry)?. By encrypting container images using TLS certificates. By adding an image scanner to the repository where container images are stored. By manually inspecting each container image for vulnerabilities. By disabling the Container Registry service.

You plan to implement logging in your services that will run in Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE). Which statement describes the appropriate logging approach?. Each service logs to its own log file. All services log to standard output only. All services log to a shared log file. All services log to an external logging system.

Having created an Oracle Container Engine for Kubernetes (OKE) cluster, you can use Oracle Cloud Infrastructure (OCI) Logging to view and search the logs of applications running on the worker node compute instances in the cluster Which task is NOT required to collect and parse application logs?. Add a subscription to the OCI Logging service. Create a dynamic group with a rule that includes all worker nodes in the cluster. Configure a custom log in OCI Logging with the appropriate agent configuration. Enable monitoring for the worker nodes.

Your team has chosen to use master encryption key (MEK) within an Oracle Cloud Infrastructure (OCI) Vault for encrypting Kubernetes secrets with your microservice deployments in OCI Container Engine for Kubernetes (OKE) clusters so that you can easily manage key rotation. Which of the following is NOT valid about rotating keys in the OCI Vault service?. Each key version is tracked internally with separate unique OCIDS. Once rotated, older key versions can be used for encryption until they are deleted. Both software and HSM-protected MEKs can be rotated. When you rotate an MEK, a new key version is automatically generated.

Your organization has mandated that all deployed container images used for microservices must be signed by a specified master encryption key (MEK). You have appropriately signed the container images as part of your build process, but must now ensure that they are automatically verified when they are deployed to Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) clusters. Which option should be used to mandate image verification when deploying to OKE clusters, assuming that MEK is already stored in an available OCI Vault?. Enable image verification policies for your OKE service control plane which will enforce this for all OKE clusters. Enable image verification policies separately for each OKE cluster because this is enforced at the cluster level. Enable image verification policies separately for each node pool within each OKE cluster because this is enforced at the node pool level. Enable image verification policies separately for each Kubernetes pod deployment because this is enforced at the pod level.

Which of the following step is NOT required for setting up the Container Engine for Kubernetes (OKE) cluster access using a local installation of kubectl?. Set up the kubeconfig file. Generate an API signing key pair (if you do not already have one) and upload the public key of the API signing key pair. Install and configure the Oracle Cloud Infrastructure (OCI) CLI. Generate Auth token from the OCI console to access the OKE cluster using kubectl.

Your organization has deployed their e-commerce application on Oracle Container Engine for Kubernetes (OKE) and they are using the Oracle Cloud Infrastructure Registry (OCIR) services as their Docker image repository. They have deployed the OKE cluster using the 'custom create' option, and their Virtual Cloud Network (VCN) has three public subnets with associated Route Tables, Security Lists, and Internet. However, their application containers are failing to deploy. On investigation, they discover that the images are not being pulled from the designated OCIR repository, even though the YAML configuration has the correct path to the images. What is a valid concern here that needs to be further investigated?. Identity and Access Management (IAM) credentials need to be added for each user that deploys applications to the OKE cluster. OKE cluster needs to have a secret with the credentials of their OCIR repository and use that secret in the Kubernetes deployment manifest. VCN hosting the OKE cluster worker nodes needs to have a NAT gateway to access OCIR repositories. Security List rule for TCP port 22 needs to be added to connect to the OCIR service.

As a DevOps engineer working on managing clusters on the OCI platform for your organization, which statement is false about managing cluster add-ons in OCI OKE Cluster. When enabling a cluster add-on, you can configure the add-on by specifying one or more key/value pairs to pass as arguments to the cluster add-on. When creating a new cluster, essential cluster add-ons cannot be disabled. When you disable a cluster add-on using the console, the add-on is removed from the cluster. You can opt in to, and out of, automatic updates by Oracle.

As a DevOps engineer tasked with setting up a new OKE cluster for your organization's Kubernetes applications, which statement is false regarding the preparation process?. Container Engine for Kubernetes automatically creates and configures new network resources for the new cluster. Your tenancy must have sufficient quota on different types of resources. You must have access to an Oracle Cloud Infrastructure tenancy. Container Engine for Kubernetes cannot use existing network resources for the creation of a new cluster.

A service you are deploying to Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) uses a docker image from a private repository in OCI Registry (OCIR) Which configuration is necessary to provide access to this repository from OKE?. Create a dynamic group for nodes in the cluster, and a policy that allows the dynamic group to read repositories in the same compartment. Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the imagePullSecret property in the application deployment manifest. Add a generic secret on the cluster containing your identity credentials. Then specify a registryCredential property in the deployment manifest. Create a docker-registry secret for OCIR with API key credentials on the cluster, and specify the imagePullSecret property in the application deployment manifest.

As a DevOps Engineer working on an OKE cluster, which file provides access details to the OKE cluster?. Kube-proxy. Kubernetes. Kubectl. Kubeconfig.

Which of the following statement is TRUE about deleting a Kubernetes cluster?. If you change the auto-generated name of a worker node and then delete the cluster, the renamed worker node is not deleted. Upon deleting a cluster, other resources created during the cluster creation process of associated with the cluster (such as VCNs, Internet Gateways, NAT Gateways, Route Tables, Security List, Load Balancers, and Block Volumes) are deleted automatically. You cannot change the autogenerated names of the worker nodes in the format oke-c<part-of-cluster-OCID>-n<part-of-node-pool-OCID>-s<part-of-subnet-OCID>-<slot> within a Kubernetes cluster. Changing the auto-generated name of a worker node does not affect the deletion of the worker node when the cluster in which it is created is deleted.

Which statement regarding virtual nodes is true?. Load balancing in virtual nodes is between worker nodes. Virtual nodes are managed by users and require manual upgrades. Resource allocation in virtual nodes is at the worker node level. Virtual nodes support only VCN-Native Pod Networking and the flannel CNI plugin is not supported.

Which is a configurable, low-latency infrastructure layer that controls the interaction between a network of microservices?. DevOps. Containers. Service Mesh. CI/CD Pipelines.

Which statement best describes the term "cloud native"?. Cloud native refers to the process of migrating applications from on-premises infrastructure to the cloud. Cloud native refers to the use of cloud-based development tools to build traditional on-premises applications. Cloud native refers to the use of cloud infrastructure to run traditional on-premises applications. Cloud native refers to the design and deployment of applications that are optimized for cloud infrastructure.

Which Action Type option is NOT available in an Oracle Cloud Infrastructure (OCI) Events rule definition?. Streaming. Notifications. Email. Functions.

You are using Oracle Cloud Infrastructure (OCI) Resource Manager to manage your infrastructure lifecycle and wish to receive an email each time a Terraform action begins. How should you use the OCI Events service to do this without writing any code?. Create a rule in OCI Events service matching the "Resource Manager Stack - Update" condition. Then select "Action Type: Email" and provide the destination email address. Create an OCI Notifications topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Stack - Update" condition, and select the notification topic for the corresponding action. Create an OCI Email Delivery configuration with the destination email address. Then create an OCI Events rule matching "Resource Manager Job - Create" condition, and select the email configuration for the corresponding action. Create an OCI Notification topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Job - Create" condition, and select the notification topic for the corresponding action.

A Docker image consists of one or more layers, each of which represents a DockerFile instruction. The layers are stacked and each one is a delta of the changes from the previous layer. What permission is associated with these layers?. write once. read only. movable. write only.

You have created a repository in Oracle Cloud Infrastructure Registry (OCIR) in the us-ashburn-1 (iad) region in your tenancy with the heyoci namespace. Which three are valid tags for an image named myapp?. iad.ocir.io/heyoci/myapp:latest. us-ashburn-1/myproject/heyoci/myapp:latest. us-ashburn-1/heyoci/myproject/myapp:0.0.2-beta. iad.ocir.io/heyoci/myapp:0.0.2-beta. iad.ocir.io/myproject/heyoci/myapp:latest. iad.ocir.io/heyoci/myproject/myapp:0.0.1. us-ashburn-1/heyoci/myapp:0.0.2-beta.

What is the minimum amount of storage that a persistent volume claim can obtain in an Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) cluster using the oci storage class?. 1GB. 1TB. 10 GB. 50 GB.

Which option is an accurate description of an Oracle Functions application?. An application based on Oracle Functions, Oracle Cloud Infrastructure (OCI) Events, and OCI API Gateway services. A Docker image containing all the functions that share the same configuration. A common context to store configuration variables that are available to all functions in the application. A small block of code invoked in response to an OCI Events service.

You are developing a serverless application with Oracle Functions and Oracle Cloud Infrastructure Object Storage. Your function needs to read a JSON file object from an Object Storage bucket named input-bucket in the qa-compartment compartment. Your corporate security standards mandate the use of Resource Principals for this use case. Which TWO statements are needed to implement this use case?. Set up the following dynamic group for your function's OCID: Name: read-file-dg Rule: resource.id = 'ocid1.fnfunc.oc1.phx.aaaaaaaaakeacbctakojz514@jj7g25q7sx5nyc55p6f4da'. Set up a policy to grant your user account read access to the bucket. Set up a policy with the following statement to grant read access to the bucket: allow dynamic-group read-file-dg to read objects in compartment qa-compartment where target.bucket.name='input-bucket'. Set up a policy to grant all functions read access to the bucket allow all functions in compartment qa-compartment to read objects in target.bucket.name="input-bucket". No policies are needed. By default, every function has read access to Object Storage buckets in the tenancy.

Which open source engine is used by Oracle Cloud Infrastructure (OCI) to power Oracle Functions?. Fn Project. Apache OpenWhisk. Kubeless. Knative.

Which statement about microservices is FALSE?. They are independently deployable. It is fairly common for them to communicate with HTTP. They are typically designed around business capabilities. Multiple microservices can run in one process.

As a developer, you have been asked to develop an e-commerce website for your organization. Your website must support different clients including desktop browser, and native mobile application. Which two approaches would you use to build an application that is resilient to architectural changes, has deployment independence, and allows easier technology upgrades?. Use a monolithic approach because it makes it easier to incrementally adapt to newer technology. Implement each module as an independent service/process which can be replaced, updated, or deleted without disrupting the rest of the application. Choose a monolithic approach over microservices because it has better fault isolation capability. Use the microservices architecture because it eliminates any long-term commitment to a technology stack. Use a monolithic approach to perform frequent updates because it allows you to easily redeploy your applications.

You have a scenario where a DevOps team wants to store secrets in Oracle Cloud Infrastructure (OCI) Vault so that it can inject the secrets into an app's environment variable (for example, MYSQL_DB_PASSWD) at deployment time. Which is NOT valid about managing secrets in the OCI Vault service?. You can manually create new secrets as well as new secret versions using the OCI Console. A secret reuse rule prevents the use of secret contents across different versions of a secret. A unique OCID is automatically generated for each secret and remains unchanged even when creating a new secret version. New secret versions automatically expire in 90 days unless you configure an expiry rule.

What is a key advantage of using OCI Streaming over traditional messaging queues?. Messages are automatically deleted after they are processed by a consumer. Messages in a stream are immutable and can be replayed within the configured retention time. Streams can only retain data for 24 hours, ensuring rapid message deletion. Messages are delivered in an unpredictable order for faster processing.

You are tasked with developing an application that requires the use of Oracle Cloud Infrastructure (OCI) APIs to POST messages to a stream in the OCI Streaming service. Which statement is incorrect?. The request does not require an Authorization header. The request must include an authorization signing string including (but not limited to) x-content-sha256, content-type, and content-length headers. The Content-Type header must be set to application/json. An HTTP 401 will be returned if the client’s clock is skewed more than 5 minutes from the server’s.

You are creating an API deployment in Oracle Cloud Infrastructure (OCI) API Gateway and you want to configure request policies to control access. Which is NOT available in OCI API Gateway?. Enabling Cross-Origin Resource Sharing (CORS) support. Limiting the number of requests sent to the backend services. Protecting from SQL injection attacks. Providing authentication and authorization.

You have just finished building and compiling the software required to implement the API microservice component. You need to rebuild the API docker image, and plan to tag it as: OrgA/api:latest Which docker command would re-create the API docker image?. docker build -t OrgA/api:latest. docker image -t OrgA/api:latest. docker compile -t OrgA/api:latest. docker create -t OrgA/api:latest.

You encounter an unexpected error when invoking Oracle Functions from your Cloud Shell session named myfunction in the myapp application. Which option will get you more information on the error?. fn --verbose invoke myapp myfunction. fn--debug invoke myapp myfunction. DEBUG=1 fn invoke myapp myfunction.

As a Cloud Native developer, you develop two services in Node.js and deploy them to two different Container Engine for Kubernetes (OKE) clusters that use analyze the network communication between them. How can this requirement be met in the most cost-effective way?. Deploy a third-party logging service and aggregate the network flow logs. Use the OCI Logging service and enable VCN flow logs. Deploy Wireshark and intercept the packets. Rewrite the application and send the application logs to an outside log aggregator.

Which feature is typically NOT associated with Cloud Native?. Immutable Infrastructure. Service Meshes. Declarative APIs. Application Servers. Containers.

As a developer, you are tasked with moving an in-house application to a public cloud without requiring any infrastructure upgrade. Which term describes this cloud development approach?. Cloud Agnostic. Cloud Enabled. Cloud Native.

You are developing a real-time monitoring application for a fleet of vehicles, which will be deployed on Oracle Cloud Infrastructure (OCI). You need to choose between using OCI Queue or OCI Streaming to handle the real-time data feeds from the vehicles. Based on the scenario described, which is the most appropriate choice for handling real-time data feeds?. OCI Streaming, because it is designed for high-volume, continuous ingestion and processing of data, making it the best choice for a fleet of vehicles. OCI Queue, because it provides at-least-once message delivery, which is critical for real-time monitoring applications. OCI Queue, because it is optimized for low-latency messaging and ideal for real-time applications. OCI Streaming, because it offers exactly-once message delivery, which is necessary for real-time applications.

When comparing OCI Queue and OCI Streaming services in Oracle Cloud Infrastructure, which scenario is best suited for using OCI Queue?. Ensuring message delivery in order with exactly-once processing. Delivering high-speed data to multiple consumers simultaneously. Facilitating real-time data processing for large volumes of data. Implementing asynchronous communication between microservices with guaranteed message delivery.

How can you enable image scanning for security vulnerabilities in Oracle Cloud Infrastructure Registry (Container Registry)?. By encrypting container images using TLS certificates. By disabling the Container Registry service. By manually inspecting each container image for vulnerabilities. By adding an image scanner to the repository where container images are stored.

As a DevOps engineer, you are tasked with managing deployments on OCI Container Engine for Kubernetes (OKE). Which step is NOT required for setting up cluster access using a local installation of kubectl?. Install and configure the OCI CLI. Set up the kubeconfig file. Generate an API signing key pair (if you don’t already have one) and upload the public key of the API signing key pair. Generate an auth token from the OCI console to access the OKE cluster using kubectl.

Your company has recently deployed a new web application that uses Oracle Functions. Your manager instructs you to implement monitoring metrics to manage your systems more effectively. You know that Oracle Functions automatically monitors functions on your behalf and reports metrics via Oracle Cloud Infrastructure (OCI) Monitoring. Which TWO metrics are collected and made available by this feature?. Amount of CPU used by a function. Amount of RAM used by a function. Number of times a function is invoked. Length of time a function runs. Number of times a function is removed.

Which testing measure should be considered when using test cases that simultaneously validate a deployment and perform a selected set of functional tasks?. Robust Deployment. Functionality. Resource Utilization. Scalability.

Which service can act as a destination for OCI Events actions?. Notifications. Compute. Virtual Cloud Network (VCN). Autoscaling.

You are building a real-time analytics application that uses OCI Streaming to receive messages from multiple sources. Each message contains data about website visitors, such as the time they accessed the site and the pages they viewed. You need to ensure that the application can handle high message volumes and scale, as needed. Which approach ensures the highest throughput and scalability for consuming messages from the OCI Streaming service in this scenario?. Using a single consumer group to consume messages from all sources and process messages sequentially. Using the OCI Events service to trigger a function that processes messages as they arrive. Implementing a load balancer to distribute messages among multiple consumers. Creating a separate consumer group for each source of messages and consuming messages in parallel.

Your organization is developing serverless applications with Oracle Functions. Many functions will need to store state data in a database, which will require using appropriate credentials. However, your corporate security standards mandate encryption of secret. How would you address this security requirement?. Encrypt the password using the OCI Vault service and then decrypt this password in your function code with the generated key. Use OCI Console to enter the password in the function configuration section in the provided input field. Use the OCI Vault service to auto-encrypt the password and then set an application-level configuration variable to reference the auto-decrypted password inside your function container. Leverage application-level configuration variables to store passwords because they are automatically encrypted by Oracle Functions.

Which command is used to get a Docker image from Oracle Cloud Infrastructure Registry (OCIR) to the client machine?. docker fetch <tenancy-namespace>/<region-key>.ocir.io/<repo-name>:<tag>. docker pull <tenancy-namespace>/<region-key>.ocir.io/<repo-name>:<tag>. docker pull <region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag>. docker fetch <region-key>.ocir.io/<tenancy-namespace>/<repo-name>:<tag>.

You are developing a distributed application and you need a call to a path to always return a specific JSON content. To fulfill this requirement, you deploy Oracle Cloud Infrastructure (OCI) API Gateway with the below API deployment specification: { "routes": [{ "path": "/hello", "methods": ["GET"], "backend": { "type":"___________________", "status": 200, "headers": [{ "name": "Content-Type", "value": "application/json" }], "body" : "{\"myjson\": \"consistent response\"}" } }] } What is the correct value for type?. REST_BACKEND. HTTP_BACKEND. STOCK_RESPONSE_BACKEND. CONSTANT_BACKEND.

Which of the following is NOT a criterion that is usually met by a microservice?. Tightly coupled. Independently deployable. Highly maintainable. Organized around business capabilities.

Which Dockerfile instruction informs Docker to use a base image that matches the provided repository and tag?. ENTRYPOINT. FROM. USING. BASE.

Which technique is used for testing a product for performance, usability, load, and security so as to overcome any potential risk beforehand?. Component Testing. Integration Testing. Functional Testing. Non-functional Testing.

Which testing strategy achieves a high velocity of deployments and releases of cloud native applications?. A/B testing. Integration testing. Automated testing. Penetration testing.

You need to push a new Docker container image to a repository in the Oracle Cloud Infrastructure (OCI) Registry. Which mechanism must you use to provide authentication?. Generate an API signing key to complete the authentication via the OCI CLI. Generate an API signing key to complete the authentication via the Docker CLI. Generate an Auth Token to complete the authentication via the OCI CLI. Generate an Auth Token to complete the authentication via the Docker CLI.

Assuming that your function does NOT have the --provisioned-concurrency option enabled, which parameter is used to configure the time period during which an idle function will remain in memory before Oracle Functions removes its container image from memory?. access-timeout. idle-timeout. timeout. None, as this time is not configurable.

Which is NOT a valid option to execute a function deployed in Oracle Functions?. Invoke from the Docker CLI. Invoke from the OCI CLI. Invoke from the Fn Project CLI. Send signed HTTP requests to the function's invoke endpoint.

Which of these is NOT a valid authentication method for accessing an OCI API Gateway deployment?. HTTP Basic. API Key. Auth. SAML Token.

To enforce mutual TLS (mTLS) authentication for clients of your microservices, your team has chosen to leverage the Oracle Cloud Infrastructure (OCI) API Gateway service to create new API Deployments that will direct requests to your microservices. Which is NOT valid regarding the mTLS options in OCI API Gateway?. Once the mTLS request policy is enabled, ALL requests with valid certificates are routed to the backend unless you have defined one or more particular values (such as a domain name). Adding a custom certificate authority (CA) or custom CA bundle to your gateway's trust store for mTLS is optional unless you need to reject certificates that do not contain particular values (such as a domain name). Custom CA or custom CA bundles can be added to your gateway's trust store ONLY if they already exist in the OCI Certificates service. The mTLS request policy can only be enabled at the API deployment specification level, which then applies globally to ALL routes in that deployment.

As a Kubernetes administrator, you are tasked with setting up local access to a Kubernetes cluster with a private API endpoint. Which step is involved in this setup process?. Setting up a bastion using the Oracle Cloud Infrastructure Bastion service. Generating an Auth Token. Using a cloud shell to directly connect to the Kubernetes cluster's private API endpoint. Installing and configuring helm CLI.

Which is NOT a valid use case for leveraging the Oracle Cloud Infrastructure (OCI) Events service?. Triggering a function deployed in Oracle Functions when new files are uploaded to an OCI Object Storage bucket. Publishing a notification when long-lived tasks complete, such as an OCI Autonomous Database backup completion. Capturing the OCI Monitoring service alarms and invoking autoscaling of compute instances. Triggering a notification action when a function is created.

What is the primary purpose of an event in OCI?. To scale compute instances automatically. To delete unused resources. To create new resources in a compartment. To report changes in the state of a resource.