Oracle Cloud Infrastructure Developer 2020 Associate

You are developing a serverless application with oracle Functions. you have created a function in compartment named prod. when you try to invoke your function you get the following error: 1. Error invoking function. status: 502 message: dhcp options ocid1.dhcpoptions.oc1.phx.aaaaaaaac... does not exist or Oracle Functions is not authorized to use it How can you resolve this error?. Deleting the function and redeploying it with fix the problem. Create a policy: Allow service FaaS to use virtual-network-family in compartment prod. Create a policy: Allow any-user to manage function-family and virtual-network-family in compartment prod. Create a policy: Allow function-family to use virtual-network-family in compartment prod.

What is the open source engine for Oracle Functions?. Knative. Apache OpenWhisk. OpenFaaS. Fn Project.

Your Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) administrator has created an OKE cluster with one node pool in a public subnet. You have been asked to provide a log file from one of the nodes for troubleshooting purpose. Which step should you take to obtain the log file?. ssh into the node using public key. ssh into the nodes using private key. It is impossible since OKE is a managed Kubernetes service. Use the username opc and password to login.

Which Oracle Cloud Infrastructure (OCI) load balancer shape Is used by default in OCI Container Engine for Kubernetes? >>> There is no default.The shape has to be specified. 8000 Mbps. 100 Mbps. 400 Mbps.

Which two statements are true for service choreography?. Service choreography should not use events for communication. Decision logic in service choreography is distributed. Services involved in choreography communicate through messages/messaging systems. Service choreographer is responsible for invoking other services. Service choreography relies on a central coordinator.

You encounter an unexpected error when invoking the Oracle Function named "myfunction" in application "myapp". Which can you use to get more information on the error?. fn --debug invoke myapp myfunction. DEBUG=1 fn invoke myapp myfunction. fn --verbose invoke myapp myfunction. Call Oracle support with your error message.

As a cloud-native developer, you have written a web service for your company. You have used Oracle Cloud Infrastructure (OCI) API Gateway service to expose the HTTP backend. However, your security team has suggested that your web service should handle Distributed Denial-of-Service (DDoS) attack. You are time-constrained and you need to make sure that this is implemented as soon as possible. what should you do in this scenario?. Use OCI virtual cloud network (VCN) segregation to control DDoS. Use OCI API Gateway service and configure rate limiting. Use a third party service integration to implement a DDoS attack mitigation. Re-write your web service and implement rate limiting.

You are developing a polyglot serverless application using Oracle Functions. 'Which language cannot be used to write your function code?. Java. Node.js. PL/SQL. Go. Python.

A pod security policy (PSP) is implemented in your Oracle Cloud Infrastructure Container Engine for Kubernetes cluster Which rule can you use to prevent a container from running as root using PSP?. NoPrivilege. RunOnlyAsUser. MustRunAsNonRoot. forbiddenRoot.

You are processing millions of files in an Oracle Cloud Infrastructure (OCI) Object Storage bucket. Each time a new file is created, you want to send an email to the customer and create an order in a database. The solution should perform and minimize cost, Which action should you use to trigger this email?. Schedule a cron job that monitors the OCI Object Storage bucket and emails the customer when a new file is created. Use OCI Events service and OCI Notification service to send an email each time a file is created. Schedule an Oracle Function that checks the OCI Object Storage bucket every minute and emails the customer when a file is found. Schedule an Oracle Function that checks the OCI Object Storage bucket every second and email the customer when a file is found.

Which testing approaches is a must for achieving high velocity of deployments and release of cloud-native applications?. Integration testing. A/B testing. Automated testing. Penetration testing.

A service you are deploying to Oracle infrastructure (OCI) Container Engine for Kubernetes (OKE) uses a docker image from a private repository Which configuration is necessary to provide access to this repository from OKE?. Add a generic secret on the cluster containing your identity credentials. Then specify a registry credentials property in the deployment manifest. Create a docker-registry secret for OCIR with API key credentials on the cluster, and specify the image pull secret property in the application deployment manifest. Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the image pull secret property in the application deployment manifest. Create a dynamic group for nodes in the cluster, and a policy that allows the dynamic group to read repositories in the same compartment.

A leading insurance firm is hosting its customer portal in Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes with an OCI Autonomous Database. Their support team discovered a lot of SQL injection attempts and cross-site scripting attacks to the portal, which is starting to affect the production environment. What should they implement to mitigate this attack?. Network Security Lists. Network Security Groups. Network Security Firewall. Web Application Firewall.

You are building a container image and pushing it to the Oracle Cloud Infrastructure Registry (OCIR). You need to make sure that these get deleted from the repository. Which action should you take?. Create a group and assign a policy to perform lifecycle operations on images. Edit the tenancy global retention policy. Set global policy of image retention to "Retain All Images". In your compartment, write a policy to limit access to the specific repository.

Your organization uses a federated identity provider to login to your Oracle Cloud Infrastructure (OCI) environment. As a developer, you are writing a script to automate some operations and want to use OCI CLI to do that. Your security team doesn't allow storing private keys on local machines. How can you authenticate with OCI CLI?. Run oci setup keys and provide your credentials. Run oci session refresh -profile <profile_name>. Run oci session authenticate and provide your credentials. Run oci setup oci-cli-rc -file path/to/target/file.

Which two "Action Type" options are NOT available in an Oracle Cloud Infrastructure (OCI) Events rule definition?. Notification. Functions. Streaming. Email. Slack.

You need to execute a script on a remote instance through Oracle Cloud Infrastructure Resource Manager. Which option can you use?. Use /bin/sh with the full path to the location of the script to execute the script. It cannot be done. Download the script to a local desktop and execute the script. Use remote-exec.

Which concept is NOT related to Oracle Cloud Infrastructure Resource Manager?. Job. Stack. Queue. Plan.

In the sample Kubernetes manifest file below, what annotations should you add to create a private load balancer In oracle Cloud infrastructure Container Engine for Kubermetes? 1. apiversion: vi 2. kind: Service 3. metadata: 4. name: my-nginx-svc 5. labels: 6. app: nginx 7. annotations: 8. <Fill in> 9. spec: 10. type: LoadBalancer 11. ports: 12. - port: 80 13. selector: 14. app: nginx 15. 16. apiVersion: vl 17. kind: Service 18. metadata: 19. name: my-nginx-svc 20. labels: 21. app: nginx 22. annotations: 23. <Fill in> 24. spec: 25. type: LoadBalancer 26. ports: 27. - port: 80 28. selector: 29. app: nginx. service.beta.kubernetes. service.beta.kubernetes. o/oci-load-balancer-private: "true" service.beta.kubernetes service.beta.kubernetes io/oci-load-balancer-subnet1: "ocidl.subnet.oc1..aaaaa.....vdfw". service.beta.kubernetes. service.beta.kubernetes. o/oci-load-balancer-internal: "true" service.beta.kubernetes service.beta.kubernetes io/oci-load-balancer-subnet1: "ocidl.subnet.oc1..aaaaa.....vdfw". service.beta.kubernetes. service.beta.kubernetes. o/oci-load-balancer-private: "true". service.beta.kubernetes. service.beta.kubernetes. o/oci-load-balancer-internal: "true".

Per CAP theorem, in which scenario do you NOT need to make any trade-off between the guarantees?. when there are no network partitions. when the system is running in the cloud. when the system is running on-premise. when you are using load balancers.

Which two are benefits of distributed systems?. Privacy. Security. Ease of testing. Scalability. Resiliency.

Which one of the statements describes a service aggregator pattern?. It is implemented in each service separately and uses a streaming service. It involves implementing a separate service that makes multiple calls to other backend services. It uses a queue on both sides of the service communication. It involves sending events through a message broker.

Which two handle Oracle Functions authentication automatically?. Oracle Cloud Infrastructure SDK. cURL. Oracle Cloud Infrastructure CLl. Signed HTTP Request. Fn Project CLI.

You have been asked to create a stateful application deployed in Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) that requires all of your worker nodes to mount and write data to persistent volumes. Which two OCI storage services should you use?. Use OCI File Services as persistent volume. Use GlusterFS as persistent volume. Use OCI Block Volume backed persistent volume. Use open source storage solutions on top of OCI. Use OCI Object Storage as persistent volume.

How can you find details of the tolerations field for the sample YAML file below? 1. apiVersion: v1 2. kind: Pod 3. metadata: 4. name: busybox \ 5. namespace: default 6. spec: 7. containers: 8. - image: busybox 9. command: 10. - sleep 11. - "3600" 12. imagePullPolicy: IfNotPresent 13. name: busybox 14. restartPolicy: Always 15. tolerations: 16. ... kubectl list pod.spec.tolerations. kubectl explain pod.spec.tolerations. kubectl describe pod.spec tolerations. kubectl get pod.spec.tolerations.

You are working on a serverless DevSecOps application using Oracle Functions. You have deployed a Python function that uses the Oracle Cloud Infrastructure (OCI) Python SDK to stop any OCI Compute instance that does not comply with your corporate security standards There are 3 non-compliant OCI Compute instances. However, when you invoke this function none of the instances were stopped. How should you troubleshoot this?. There is no way to troubleshoot a function running on Oracle Functions. Enable function logging in the OCI console, include some print statements in your function code and use logs to troubleshoot this. Enable function remote debugging in the OCI console, and use your favorite IDE to inspect the function running on Oracle Functions. Enable function tracing in the OCI console, and go to OCI Monitoring console to see the function stack trace.

Which is NOT a valid option to execute a function deployed on Oracle Functions?. Send a signed HTTP requests to the function's invoke endpoint. Invoke from Oracle Cloud Infrastructure CLI >>>. Invoke from Docker CLI. Trigger by an event in Oracle Cloud Infrastructure Events service. Invoke from Fn Project CLI.

You are implementing logging in your services that will be running in Oracle Cloud Infrastructure Container Engine for Kubernetes. Which statement describes the appropriate logging approach?. Each service logs to its own log file. All services log to an external logging system. All services log to standard output only. All services log to a shared log file.

Which two statements are true for serverless computing and serverless architectures?. Long running tasks are perfectly suited for serverless. Serverless function state should never be stored externally. Application DevOps team is responsible for scaling. Serverless function execution is fully managed by a third party. Applications running on a FaaS (Functions as a Service) platform.

You are developing a distributed application and you need a call to a path to always return a specific JSON content deploy an Oracle Cloud Infrastructure API Gateway with the below API deployment specification. What is the correct value for type? 1. { 2. "routes": [{ 3. "path": "/hello", 4. "methods": ["GET"), 5. "backend": { 6. "type": "--------------", 7. "status": 200, . 8. "headers": [{ 9. "name": "Content-Type", 10. "value": "application/json" 11. }] 12. "body" : "{\"myjson\": \"consistent response\"}" 1 3. } 14. }] 15. }. STOCK_RESPONSE_BACKEND. CONSTANT_BACKEND. JSON_BACKEND. HTTP_BACKEND.

You have a containerized app that requires an Autonomous Transaction Processing (ATP) Database. Which option is not valid for o from a container in Kubernetes?. Enable Oracle REST Data Services for the required schemas and connect via HTTPS. Create a Kubernetes secret with contents from the instance Wallet files. Use this secret to create a volume mounted to the appropriate path in the application deployment manifest. Use Kubernetes secrets to configure environment variables on the container with ATP instance OCID, and OCI API credentials. Then use the CreateConnection API endpoint from the service runtime. Install the Oracle Cloud Infrastructure Service Broker on the Kubernetes cluster and deploy serviceinstance and serviceBinding resources for ATP. Then use the specified binding name as a volume in the application deployment manifest.

Which is NOT a supported SDk Oracle Cloud Infrastructure (OCI)?. Go SDK. Java SDK. NET SDK. Ruby SDK. Python SDK.

You are a consumer of Oracle Cloud Infrastructure (OCI) Streaming service. Which API should you use to read and process the stream?. ListMessages. GetMessages. GetObject. ReadMessages.

What is one of the differences between a microservice and a serverless function?. Microservices are used for long running operations and serverless functions for short running operations. Microservices always use a data store and serverless functions never use a data store. Microservices are stateless and serverless functions are stateful. Microservices are triggered by events and serverless functions are not.

Which header is NOT required when signing GET requests to Oracle Cloud Infrastructure APIs?. date or x-date. request-target. content-type. host.

With the volume of communication that can happen between different components in cloud-native applications, it is vital to not only test functionality, but also service resiliency. Which statement is true with regards to service resiliency?. Resiliency is about recovering from failures without downtime or data loss. A goal of resiliency is not to bring a service to a functioning state after a failure. Resiliency testing can be only done in a test environment. Resiliency is about avoiding failures.

You are building a cloud native, serverless travel application with multiple Oracle Functions in Java, Python and Node.js. You need to build and deploy these functions to a single application named travel-app. Which command will help you complete this task successfully?. oci fn function deploy --ap travel-ap --all. fn deploy --ap travel-ap – all. oci fn application --application-name-ap deploy --all. fn function deploy --all --application-name travel-ap.

In a Linux environment, what is the default locations of the configuration file that Oracle Cloud Infrastructure CLI uses for profile information/. /etc/.oci/config. /usr/local/bin/config. SHOME/.oci/config. /usr/bin/oci/config.

Which two statements accurately describe an Oracle Functions application?. A small block of code invoked in response to an Oracle Cloud Infrastructure (OCI) Events service. A Docker image containing all the functions that share the same configuration. An application based on Oracle Functions, Oracle Cloud Infrastructure (OCI) Events and OCI API Gateway services. A common context to store configuration variables that are available to all functions in the application. A logical group of functions.

Which statement accurately describes Oracle Cloud Infrastructure (OCI) Load Balancer integration with OCI Container Engine for Kubernetes (OKE)?. OKE service provisions an OCI Load Balancer instance for each Kubernetes service with LoadBalancer type in the YAML configuration. OCI Load Balancer instance provisioning is triggered by OCI Events service for each Kubernetes service with LoadBalancer type in the YAML configuration. OCI Load Balancer instance must be manually provisioned for each Kubernetes service that requires traffic balancing. OKE service provisions a single OCI Load Balancer instance shared with all the Kubernetes services with LoadBalancer type in the YAML configuration.

What is the minimum of storage that a persistent volume claim can obtain in Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE)?. 50 GB. 10 GB. 1 GB. 1 TB.

You are developing a serverless application with Oracle Functions and Oracle Cloud Infrastructure Object Storage- Your function needs to read a JSON file object from an Object Storage bucket named "input-bucket" in compartment "qa-compartment" Your corporate security standards mandate the use of Resource Principals for this use case. Which two statements are needed to implement this use case?. Set up a policy with the following statement to grant read access to the bucket allow dynamic-group read-file-dg to read objects in compartment qa-compartment where target.bucket .name=' input-bucket. Set up the following dynamic group for your function's OCID: Name: read-file-dg Rule: resource . id= ' ocid1. f nf unc. ocl -phx. aaaaaaaakeaobctakezj z5i4uj j 7g25q7sx5mvr55pms6f 4da !. Set up a policy to grant all functions read access to the bucket: allow all functions in compartment qa-compartment to read objects in target.bucket.name='input-bucket'. Set up a policy to grant your user account read access to the bucket: allow user XYZ to read objects in compartment qa-compartment where target .bucket, name-'input-bucket'. No policies are needed. By default, every function has read access to Object Storage buckets in the tenancy.

You are using Oracle Cloud Infrastructure (OCI), Resource Manager, to manage your infrastructure lifecycle and wish to receive an email each time a Terraform action begins. How should you use the OCI Events service to do this without writing any code?. Create an OCI Notifications topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Stack - Update" condition, and select the notification topic for the corresponding action. Create an OCI Notification topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager job - Create" condition, and select the notification topic for the corresponding action. Create a rule in OCI Events service matching the "Resource Manager Stack - Update" condition. Then select "Action Type: Email" and provide the destination email address. Create an OCI Email Delivery configuration with the destination email address. Then create an OCI Events rule matching "Resource Manager Job - Create" condition, and select the email configuration for the corresponding action.

You are tasked with developing an application that requires the use of Oracle Cloud Infrastructure (OCI) APIs to POST messages to a stream in the OCI Streaming service. Which statement is incorrect?. The request must include an authorization signing string including (but not limited to) x-content- sha256, content-type, and contentlength headers. The Content-Type header must be Set to application/json. An HTTP 401 will be returned if the client's clock is skewed more than 5 minutes from the server's. The request does not require an Authorization header.

You are working on a cloud native e-commerce application on Oracle Cloud Infrastructure (OCI). Your application architecture has multiple OCI services, including Oracle Functions. You need to trigger these functions directly from other OCI services, without having to run custom code. Which OCI service cannot trigger your functions directly?. OCI Events Service. OCI Registry. OCI API Gateway. Oracle Integration.

You want to push a new image in the Oracle Cloud Infrastructure (OCI) Registry. Which two actions do you need to perform?. Assign a tag via Docker CLI to the image. Generate an auth token to complete the authentication via Docker CLI. Generate an API signing key to complete the authentication via Docker CLI. Assign an OCI defined tag via OCI CLI to the image. Generate an OCI tag namespace in your repository.

A programmer Is developing a Node.js application which will run in a Linux server on their on-premises data center. This application will access various Oracle Cloud Infrastructure (OCI) services using OCI SDKs. What is the secure way to access OCI services with OCI Identity and Access Management (IAM)?. Create a new OCI IAM user associated with a dynamic group and a policy that grants the desired permissions to OCI services. Add the on-premises Linux server in the dynamic group. Create an OCI IAM policy with the appropriate permissions to access the required OCI services and assign the policy to the on-premises Linux server. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, generate the keypair used for signing API requests and upload the public key to the IAM user. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, add the user name and password to a file used by Node.js authentication.

You have written a Node.js function and deployed it to Oracle Functions. Next, you need to call this function from a microservice written in Java deployed on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE). Which can help you to achieve this?. Use the OCI CLI with kubect1 to invoke the function from the microservice. Oracle Functions does not allow a microservice deployed on OKE to invoke a function. OKE does not allow a microservice to invoke a function from Oracle Functions. Use the OCI Java SDK to invoke the function from the microservice.

You created a pod called "nginx" and its state is set to Pending. Which command can you run to see the reason why the "nginx" pod is in the pending state?. kubectl logs pod nginx. kubectl describe pod nginx. kubectl get pod nginx. Through the Oracle Cloud Infrastructure Console.

You have created a repository in Oracle Cloud Infrastructure Registry in the us-ashburn-1 (iad) region in your tenancy with a namespace called "heyoci". Which three are valid tags for an image named "myapp" ?. iad.ocir.io/heyoci/myproject/myapp:0.0.1. us-ashburn-l.ocir.io/heyoci/myapp:0.0.2-beta. us-ashburn-l.ocir.io/heyoci/myproject/myapp:0.0.2-beta. us-ashburn-l.ocir.io/myproject/heyoci/myapp:latest. iad.ocir.io/myproject/heyoci/myapp:latest. iad.ocir.io/heyoci/myapp:0.0.2-beta. iad.ocir.io/heyoci/myapp:latest.

You are developing a serverless application with Oracle Functions. Your function needs to store state in a database. Your corporate security Standards mandate encryption of secret information like database passwords. As a function developer, which approach should you follow to satisfy this security requirement?. Use the Oracle Cloud Infrastructure Console and enter the password in the function configuration section in the provided input field. Use Oracle Cloud Infrastructure Key Management to auto-encrypt the password. It will inject the auto-decrypted password inside your function container. Encrypt the password using Oracle Cloud Infrastructure Key Management. Decrypt this password in your function code with the generated key. All function configuration variables are automatically encrypted by Oracle Functions.

You have two microservices, A and B running in production. Service A relies on APIs from service B You want to test changes to service A without deploying all of its dependencies, which includes service B. Which approach should you take to test service A?. Test against production APIs. Test using API mocks. There is no need to explicitly test APIs. Test the APIs in private environments.

Given a service deployed on Oracle Cloud infrastructure Container Engine for Kubernetes (OKE), which annotation should you add in the sample manifest file to specify a 400 Mbps load balancer? 1. apiVersion: v1 2. kind: Service 3. metadata: 4. name: my-nginx-svc 5. labels: 6. app: nginx 7. annotations:- 8. <Fill in> 9. spec: 10. type: LoadBalancer 11. ports: 12. - port: 80 13. selector: 14. app: nginx. service.beta, kubernetes. lo/oci-load-balancer-kind: 400Mbps. service, beta, kubernetes. lo/oci-load-balancer-value: 400Mbps. service . beta. kubernetes . lo/oci-load-balancer-shape: 400Mbps. service . beta . kubernetes . lo/oci-load-balancer-size: 400Mbps.

Which two are characteristics of microservices?. Microservices are hard to test in isolation. Microservices can be independently deployed. All microservices share a data store. Microservices can be implemented in limited number of programming languages. Microservices communicate over lightweight APIs.

Which statements is incorrect with regards to the Oracle Cloud Infrastructure (OCI) Notifications service?. Notification topics may be assigned as the action performed by an OCI Events configuration. OCI Alarms can be configured to publish to a notification topic when triggered. An OCI function may subscribe to a notification topic. A subscription can forward notifications to an HTTPS endpoint. A subscription can integrate with PagerDuty events. It may be used to receive an email each time an OCI Autonomous Database backup is completed.

A developer using Oracle Cloud Infrastructure (OCI) API Gateway must authenticate the API requests to their web application. The authentication process must be implemented using a custom scheme which accepts string parameters from the API caller. Which method can the developer use In this scenario?. Create an authorizer function using request header authorization. Create an authorizer function using token-based authorization. Create a cross account functions authorizer. Create an authorizer function using OCI Identity and Access Management based authentication.

As a cloud-native developer, you are designing an application that depends on Oracle Cloud Infrastructure (OCI) Object Storage wherever the application is running. Therefore, provisioning of storage buckets should be part of your Kubernetes deployment process for the application. Which should you leverage to meet this requirement?. OCI Service Broker for Kubernetes. OCI Container Engine for Kubernetes. Open Service Broker API. Oracle Functions.

In order to effectively test your cloud-native applications, you might utilize separate environments (development, testing, staging, production, etc.). Which Oracle Cloud Infrastructure (OCI) service can you use to create and manage your infrastructure?. OCI Compute. OCI Container Engine for Kubernetes. OCI Resource Manager. OCI API Gateway.

Which two are required to enable Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster access from the kubectl CLI?. An SSH key pair with the public key added to cluster worker nodes. Install and configure the OCI CLI. OCI Identity and Access Management Auth Token. Tiller enabled on the OKE cluster. A configured OCI API signing key pair.

You are deploying an API via Oracle Cloud Infrastructure (OCI) API Gateway and you want to implement request policies to control access Which is NOT available in OCI API Gateway?. Limiting the number of requests sent to backend services. Enabling CORS (Cross-Origin Resource Sharing) support. Providing authentication and authorization. Controlling access to OCI resources.