Tambahan OCI

You encounter an unexpected error when invoking Oracle functions from your Cloud Shell session. Which option will get you more information on the error?. fn invoke swap myfunction. fn --verbose invoke swap myfunction. fn --debug invoke swap myfunction.

Your team has created a serverless application deployed in Oracle Functions. It uses a Python function leveraging Oracle Cloud Infrastructure SDK. One compute instance that does not comply with your corporate security standards. Although there are no network-related errors, some of the instances were stopped. With respect to this issue, which of the following is a valid troubleshooting strategy?. Enable function remote debugging in the OCI console, and then use your favorite IDE to inspect function calls in real time. Enable function tracing in the OCI console, and then go to the OCI Monitoring console to view the function's execution details in the function metrics tab. Ensure that the application is deployed within the same OCI compartment as the function, because function errors typically happen when they are in different compartments. Enable function logging in the OCI console, add some print statements to your function code, and then view the logs in the Logging service.

Which concept in OCI Queue is responsible for hiding a message from other consumers in a predefined amount of time after it has been delivered to a consumer?. Maximum retention period. Delivery count. Polling timeout. Visibility timeout.

When comparing OCI Queue and OCI Streaming services in Oracle Cloud Infrastructure, which service is best for using OCI Queue?. Implementing asynchronous communication between microservices with guaranteed message delivery. Delivering high-speed data to multiple consumers simultaneously. Facilitating real-time data processing for large volumes of data. Ensuring message delivery in order with exactly-once processing.

What is a key advantage of using OCI Streaming over traditional messaging queues?. Messages are automatically deleted after they are processed by a consumer. Messages are delivered in an unpredictable order for faster processing. Streams can only retain data for 24 hours, ensuring rapid message deletion. Messages in a stream are immutable and can be replayed within the configured retention time.

You are tasked with developing an application that requires the use of Oracle Cloud Infrastructure (OCI) REST APIs to POST messages to a service in the tenancy. Which statement is incorrect?. The request does not require an Authorization header. The request must include an authorization signing string including (but not limited to) host, content-type, content-length, and x-date headers. The Content-Type header must be set to application/json. An HTTP 401 will be returned if the client’s clock is skewed more than 5 minutes from the server’s.

Which of the following statement is TRUE about deleting a Kubernetes cluster?. You cannot change the auto-generated names of the worker nodes in the format ocid1.instance.oc1.<region>.<unique_ID> within a Kubernetes cluster. Changing the auto-generated name of a worker node does not affect the deletion of the worker node when the cluster is deleted. Upon deleting a cluster, other resources created during the cluster creation process such as associated Virtual Cloud Networks (VCNs), subnets, route tables, security lists, load balancers, and block volumes are deleted automatically. If you change the auto-generated name of a worker node and then delete the cluster, the worker node will not be deleted.

As a DevOps engineer working on managing clusters on the OCI platform for your organization, which statement is true about managing cluster add-ons?. When creating a new cluster, essential cluster add-ons cannot be disabled. You can opt in to, and out of, automatic updates by Oracle. When you disable a cluster add-on using the console, the add-on is removed from the cluster. When enabling a cluster add-on, you can configure the add-on only by applying an extra manifest YAML file on top of the base one.

Your organization has deployed their e-commerce application on Oracle Container Engine for Kubernetes (OKE). The application’s container images are hosted in the Oracle Cloud Infrastructure (OCI) service as their Docker image repository. They have deployed the OKE cluster using the custom VCN, and also set up the necessary subnets with associated Route Tables, Security Lists, and Internet Gateway. However, their application containers are failing to deploy. On investigation, they discover that the images are not being pulled into the OKE nodes, even though the YAML configuration has the correct path to the images. What is a valid concern here that needs to be further investigated?. Identity and Access Management (IAM) credentials need to be added for each OKE worker node so that deployments can run. VCN hosting the OKE cluster worker nodes needs to have an internet gateway to connect to OCI services to pull images from the container registry. OKE cluster needs to have a secret with the credentials of the OCI Registry to authenticate and pull images. Security List rule for TCP port 22 needs to be added to connect to the OCI registry.

A service you are deploying to Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) uses a docker image from a private repository in OCI Container Registry (OCIR). Which configuration is necessary to provide access to the repository from OKE?. Create a dynamic group for nodes in the cluster, and a policy that allows the dynamic group to read repositories in the compartment. Create a docker-registry secret for OCIR with Identity Auth Token on the cluster, and specify it in your pod/deployment spec. Create a docker-registry secret for OCIR with API key credential on the cluster, and specify it in your pod/deployment spec. Add a generic secret on the cluster containing your identity credentials. Then specify it in your pod/deployment spec.

Which statement regarding virtual nodes is true?. Virtual nodes support only VCN-Native Pod Networking and the flannel CNI plugin is not supported. Resource allocation in virtual nodes is at the worker node level. Virtual nodes are managed by users and require manual upgrades. Load balancing in virtual nodes is between worker nodes.

As a DevOps engineer tasked with setting up a new OKE cluster for your organization’s Kubernetes applications, which statement is true?. Container Engine for Kubernetes cannot use existing network resources for the creation of a new cluster. You must have access to an Oracle Cloud Infrastructure tenancy. Container Engine for Kubernetes automatically creates and configures new network resources for the new cluster. Your tenancy must have sufficient quota on different types of resources.

As a Kubernetes administrator, you are tasked with setting up local access to a Kubernetes cluster with a private API endpoint. Which step is most suitable in this situation?. Installing and configuring helm CLI. Generating an Auth Token. Using a cloud shell to directly connect to the Kubernetes cluster's private API endpoint. Setting up a bastion using the Oracle Cloud Infrastructure Bastion service.

Having created an Oracle Container Engine for Kubernetes (OKE) cluster, you must use Oracle Cloud Infrastructure (OCI) Logging to assist with collecting application logs running on the worker node compute instances in the cluster. Which task is NOT required to collect and parse application logs?. Add a subscription to the OCI Logging service. Configure a custom log in OCI Logging with the appropriate agent configuration. Enable monitoring for the worker nodes. Create a dynamic group with a rule that includes all worker nodes in the cluster.

Which Docker command is used to run a new command in an already running container?. docker run. docker attach. docker start. docker exec.

Which Dockerfile instruction informs Docker to use a base image that matches the provided repository and tag?. FROM. BASE. ENTRYPOINT. USING.

You have just finished building and compiling the software required to implement the API microservice component. You want to build the API Docker image and tag it as Org/api:latest. Which docker command would re-create the API docker image?. docker image -t Org/api:latest. docker build -t Org/api:latest. docker create -t Org/api:latest. docker compile -t Org/api:latest.

You have been asked to update an OKE cluster to a network configuration that fits the best practices where the endpoint and worker nodes are not directly accessible from the Internet. Which is a valid OKE cluster network configuration that meets the requirement?. Private subnet for the Kubernetes API endpoint; public subnets for nodes and load balancers. Private subnets for nodes and the Kubernetes API endpoint; public subnets for load balancers. Private subnets for nodes, the Kubernetes API endpoint, and load balancers. Private subnets for nodes; public subnets for the Kubernetes API endpoint and load balancers.

You are creating an API deployment in Oracle Cloud Infrastructure (OCI) API Gateway and you want to configure several policies or services. Which is NOT available in OCI API Gateway?. Enabling Cross-Origin Resource Sharing (CORS) support. Providing authentication and authorization. Protecting from SQL injection attacks. Limiting the number of requests sent to the backend services.

Which statement best describes the term “cloud native”?. Cloud native refers to the use of cloud infrastructure to run traditional on-premises applications. Cloud native refers to the use of cloud-based development tools to build traditional on-premises applications. Cloud native refers to the process of migrating applications from on-premises infrastructure to the cloud. Cloud native refers to the design and deployment of applications that are optimized for cloud infrastructure.

As a developer, you are tasked with moving an in-house application to a public cloud without migrating any structure or logic. Which term describes this cloud development approach?. Cloud Enabled. Cloud Agnostic. Cloud Native.

Which is a difference between a microservice and a serverless function?. Microservices can use a data store while serverless functions cannot. Microservices are triggered by events while serverless functions are not. Microservices can support long running operations while serverless functions cannot. Microservices are stateless while serverless functions are stateful.

You are developing a polyglot serverless application using Oracle Functions. Which is NOT an available Oracle Cloud Infrastructure (OCI) programming language SDK for implementing your function code?. Python. Java. Go. PL/SQL.

Which service can act as a destination for OCI Events actions?. Compute. Autoscaling. Notifications. Virtual Cloud Network (VCN).

Which Action Type option is NOT available in an Oracle Cloud Infrastructure (OCI) Events rule definition?. Email. Notifications. Functions. Streaming.

Your organization is developing serverless applications with Oracle Functions. Many functions will need to use a vault-based secret, such as database credentials. However, your corporate security standards mandate encryption of secret information at rest and in transit. How would you address this security requirement?. Encrypt the password using the OCI Vault service and then decrypt the password in your function code prior to use. Use the OCI Vault service to auto-encrypt the password and store it in an application-level configuration variable inside the function container. Leverage application-level configuration variables to store passwords because they are automatically encrypted inside the function. Use the OCI Console to enter the password in the function configuration section in the pre-deployment step.

You have a scenario where a DevOps team wants to store secrets in Oracle Cloud Infrastructure (OCI) Vault for use by a script that runs as part of the resource deployment process (for example: XRDEG_DB_PASSWORD) at deployment time. Which is NOT valid about managing secrets in the OCI Vault service?. A secret reuse rule prevents the use of secret contents across different versions of a secret. New secret versions automatically expire in 90 days unless you configure an expiry date. A unique OCID is automatically generated for each secret and version when storing a new version. You can manually create new secrets as well as new secret versions using the OCI Console.

As a developer, you have been asked to develop an e-commerce website for your organization. Your website must support different frontends such as desktops, mobile browsers, and native mobile applications. Which two approaches would you use to build an application that is resilient to architectural changes, has independent modules, and can scale independently?. Choose a monolithic approach over microservices because it has better test isolation capability. Use a monolithic approach to perform frequent updates because it allows you to easily redeploy parts of the code. Implement each module as an independent service/container which can be replaced, upgraded, or scaled without affecting the rest of the system. Use a monolithic approach because it makes it easier to conceptually understand a technology stack. Use the microservices architecture because it eliminates any long-term commitment to a technology stack.

Which of the following step is NOT required for setting up the Container Engine for Kubernetes (OKE) cluster access using a local installation of kubectl?. Set up the kubeconfig file. Generate an API signing key pair (if you do not already have one) and upload the public key of the API signing key pair. Generate Auth token from the OCI console to access the OKE cluster using kubectl. Install and configure the Oracle Cloud Infrastructure (OCI) CLI.

Oracle Functions monitors all deployed functions and collects and reports various metrics. Which is NOT available when viewing the Application metrics in the Oracle Cloud Infrastructure (OCI) Console?. The number of retries made by the function before failing due to an error. The length of time a function runs for. The number of requests to invoke a function that failed due to throttling. The number of requests to invoke a function that failed with an error response.

Having created an Oracle Container Engine for Kubernetes (OKE) cluster, you can use Oracle Cloud Infrastructure (OCI) Logging to view and search the logs of applications running on the worker node compute instances in the cluster. Which task is NOT required to collect and parse application logs?. Configure a custom log in OCI Logging with the appropriate agent configuration. Enable monitoring for the worker nodes. Create a dynamic group with a rule that includes all worker nodes in the cluster. Add a subscription to the OCI Logging service.

Which statement about microservices is FALSE?. It is fairly common for them to communicate with HTTP. Multiple microservices can run in one process. They are independently deployable. They are typically designed around business capabilities.

What is the primary purpose of an event in OCI?. To create new resources in a compartment. To scale compute instances automatically. To report changes in the state of a resource. To delete unused resources.

Which option is an accurate description of an Oracle Functions application. An application based on Oracle Functions, Oracle Cloud Infrastructure (OCI) Events, and OCI API Gateway services. A common context to store configuration variables that are available to all functions in the application. A small block of code invoked in response to an OCI Events service. A Docker image containing all the functions that share the same configuration.

Which is NOT a valid option to execute a function deployed in Oracle Functions?. Invoke from the OCI CLI. Invoke from the Docker CLI. Send signed HTTP requests to the function's invoke endpoint. Invoke from the Fn Project CLI.

Which statement describes how message order is maintained in OCI Streaming?. Messages across all partitions are delivered in the exact order they were produced. Messages within a stream partition are delivered in the same order they were produced. Messages in a stream are randomly ordered for scalability. Message order is determined by the consumer application, and not by the stream.

How can you enable image scanning for security vulnerabilities in Oracle Cloud Infrastructure Registry (Container Registry)?. By adding an image scanner to the repository where container images are stored. By manually inspecting each container image for vulnerabilities. By disabling the Container Registry service. By encrypting container images using TLS certificates.