








Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
OCI Developer Questions with correct answers
Typology: Exams
1 / 14
This page cannot be seen from the preview
Don't miss anything!









A service you are deploying to OCI OKE uses a docker image from a private repository in OCI Registry (OCIR). Which configuration is necessary to provide access to this repository from OKE? Correct Answer-Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the imagePullSecret property in the application deployment manifest. You have just finished building and compiling the software required to implement the API micro service component. You need to rebuild the API docker image, and plan to tag it as: ocIdvops/api:latest Which docker command would re-create the API docker image? Correct Answer-docker build -t OCIdevops/api:latest Your development team decides to create and deploy some business logic to server less Oracle Functions. You are asked to help facilitate the monitoring, logging, and tracing of these services. Which is NOT a valid about troubleshooting Oracle Functions? Correct Answer-Oracle Functions tracing is enabled at the function level. You want to push a new image in the Oracle Cloud Infrastructure (OCI) Registry. Which TWO actions would you need to perform? Correct Answer--Generate an auth token to complete the authentication via Docker CLI. -Assign a tag via Docker CLI to the image. Who is responsible for patching, upgrading, and maintaining the worker nodes in OCI OKE? Correct Answer-the user What can you use to dynamically make Kubernetes resources discoverable to public DNS servers? Correct Answer-ExternalDNS
You plan to implement logging in your services that will run in OCI OKE. Which statement describes the appropriate logging approach? Correct Answer-All services log to standard output only. You have an e-commerce application that loads customers' transactional data into the OCI Streaming service. The data must now be extracted and transformed before sending it to a third-party REST endpoint. You have been directed to leverage the OCI Service Connector Hub to automate this process. Which configuration option would address this requirement? Correct Answer-Configure a new service connector as follows: -Source: Streaming - Task: None - Target: Notification Which is NOT a valid option to execute a function deployed in Oracle Functions? Correct Answer-Invoke from the Docker CLI Which TWO statements are true for server less computing and server less architectures? Correct Answer--Serverless function execution is fully managed by third party -Applications running on a FaaS platfrom Which of the following step is NOT required for setting up the Container Engine for Kubernetes cluster access using a local installation of kubectl? Correct Answer- Generate Auth token from the OCI console to access the OKE cluster using kubectl. Which term describes a group formed by a master machine and worker machine in a Kubernetes architecture? Correct Answer-Cluster Which TWO are part of the Cloud Native Computing Foundation (CNCF) container runtime? Correct Answer--containerd
You developed a micro services-based application that runs in an OCI OKE cluster. Your security team wants to use SSL termination for this application. What should you do to create a secure SSL termination for this application using the fewest steps possible. Correct Answer-Create a self-signing certificate and its corresponding key. Create a Kubernetes secret using the certificate and the key. Then add these annotations to the Kubernetes service: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-oirts: "443" service.beta.kubernetes.io/oci-load-balancer-tls-secret:ssl certificate-secret You are creating an API deployment in OCI API Gateway and you want to configure request policies to control access. Which is NOT available in OCI API Gateway. Correct Answer-Controlling access to the backend OCI resources. You are instructed to automate manual tasks and help software teams manage complex environments at scale using the OCI services. Which THREE OCI services can be leveraged to securely store and version your application's source code, and automate the building, testing, and deployment of applications to the OCI platform? Correct Answer--Oracle CLoud Infrastructure Registry -DevOps -Container Engine for Kubernetes You are developing a polyglot server less application using Oracle Functions. Which language cannot be used to write your function code? Correct Answer-PL/SQL which of the following TWO statements are TRUE about deleting a Kubernetes cluster? Correct Answer--If you change the auto-generated name of a worker node and then delete the cluster, the renamed worker node is not deleted -Upon deleting a cluster, no other resources created during the cluster creation process or associated with the cluster (such as VCNs. Internet Gateways, NAT
Gateways, Route Tables, Security Lists, Load Balancers, and Block Volumes) are deleted automatically Your company has recently deployed a new web application that uses Oracle Functions. You manager instructs you to implement monitoring metrics to manage your systems more effectively. You know that Oracle Functions automatically monitors functions on your behalf and reports metrics via OCI monitoring. Which TWO metrics are collected and made available by this feature? Correct Answer-- Amount of RAM used by a function -Length of time a function runs Which testing measure should be considered when when using test cases that simultaneously validate a deployment and perform a selected set of functional tasks? Correct Answer-Robust Deployment You encounter an unexpected error when invoking Oracle Functions from your Cloud Shell session named my function in the myapp application. Which option will get you more information on the error? Correct Answer-DEBUG=1 fn invoke my app my function Which of the following is NOT a criterion that is usually met by a micro service? Correct Answer-Tightly coupled Which is NOT a valid use case for leveraging the OCI Events service? Correct Answer-Capturing the OCI Monitoring service alarms and invoking autoscaling of computing instances What is the difference between continuous delivery and continuous deployment in the DevOps methodology? Correct Answer-Continuous delivery utilizes automatic
wants to analyze the network communication between them. How can this requirement to be met in the most cost-effective way? Correct Answer-Use the OCI logging service and enable VCN flow logs Your team has created a server less application deployed in Oracle Functions. It uses a Python function leveraging the OCI Python SDK to stop any OCI compute instance that does not comply with your corporate security standards. Although there are three non-compliant OCI compute instances, when you invoke this function, none is a valid troubleshooting strategy? Correct Answer-Enable function logging in the OCI console, add some print statements in your function code, and then view the logs to troubleshoot What is the maximum execution time of Oracle Functions? Correct Answer- seconds Which two "Action Type" options are NOT available in an OCI Events rule definition? Correct Answer-Email Slack Which are TWO main reasons you would choose implement a server less architecture? Correct Answer--Reduced operational cost -Automatic horizontal scaling As a Cloud Native developer, you have written a web service for your company. However, your security team has suggested that your web service should address Distributed Denial-of-Service (DDos) attack. You are time-constrained and you need to ensure that this is implemented as soon as possible. What should you do in this scenario? Correct Answer-Use the OCI API Gateway service and configure rate limiting.
In the DevOps lifecycle, what is the difference between continuous delivery and continuous deployment? Correct Answer--Continuous delivery is a process that initiates deployment manually, while continuous deployment is based on automating the deployment process -Continuous delivery utilizes automatic deployment to a development environment, while continuous deployment involves automatic deployment to a product environment Your organization has mandated that all deployed container images used for micro services must be signed by a specified master encryption key (MEK). You have appropriately signed the container images as part of your build process, but must now ensure that they are automatically verified when they are deployed to OCI OKE clusters. Which option should be used to mandate image verification when deploying to OKE clusters, assuming that MEK is already stored in an available OCI Vault. Correct Answer-Enable image verification policies separately for each OKE cluster because this is enforced at the cluster level. You are developing a server less application with Oracle Functions and OCI Object Storage. Your function need to read a JSON file object from an Object Storage bucket named "input-bucket" in compartment "qa-compartment". Your corporate security standards mandate the use of Resource Principals for this use case. Which two statements are needed to implement this use case? Correct Answer--Set up a policy with the following statement to grant read access to the bucket: allow dynamic-group read-file-dg to read objects in compartment qa- compartment where target.bucket.name= 'input-bucket' Which TWO statements are correct regarding Docker images and containers? Correct Answer--If multiple containers are spawned from the same image, then they all use the same copy of that image in memory. -An image is a collection of immutable layers whereas a container is a running instance of an image
You are using OCI Resource Manager to manage your infrastructure lifecycle and wish to revise an email each time a Terraform action begins. How should you use the OCI Events service to do this without writing any code? Correct Answer- Create an OCI Notification topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Job - create" condition, and select the notification topic for the corresponding action Which TWO are required to access the OCI OKE cluster from the kuberctl CLI? Correct Answer-- A configuration OCI API signing key pair -Install and configure the OCI CLI To enforce mutual TLS authentication for clients of your micro services, your team has chosen to leverage the OCI API Gateway service to create new API Deployments that will direct requests to your micro services. Which is NOT valid regarding the mTLS options in OCI API Gateway? Correct Answer-Adding a custom certification authority (CA) or custom CA bundle to your gateway's trust store for mTLS is optional unless you need to reject certificates that do not contain particular values (such as a domain name) With the volume of communication that can happen between different components in cloud-native applications. it is vital to not only test functionality, but also service residency. Which statement is true regarding service resiliency? Correct Answer- Resiliency is about recovering from failures without downtime or data loss Your Oracle Cloud Infrastructure OKE administrator has created an OKE cluster with one node pool in a public subnet. You have been asked to provide a log file from one of the nodes for troubleshooting purpose. Which step should you take to obtain the log file? Correct Answer-SSH into the nodes using the private key What is the difference between blue/green and canary deployment strategies? Correct Answer-In blue/green, both old and new applications are in production at
the same time. In canary, the application is deployed incrementally to a select group of people A Docker image consists of one or more layers, each of which represents a Dockerfile instruction. The layers are stacked and each one is a delta of the changes from the previous layer. What permission is associated with these layers? Correct Answer-read only Which TWO are characteristics of micro services? Correct Answer--Microservices can be independently deployed -Microservices communicate over lightweight APIs As a cloud-native developer, you are designing an application that depends on OCI Object Storage wherever the application is running. Therefore, provisioning of storage buckets should be part of your Kubernetes deployment process for the application. Which of the following should you leverage to meet this requirement? Correct Answer-OCI Service Broker for Kubernetes Which TWO statements are NOT valid regarding the OCI Streaming service? Correct Answer--OCI Streaming can support up to 2000 requests per second to each partition -A stream can be configured with either a public or a private endpoint with support for customer managed encryption keys Which testing strategy achieves high velocity of deployments and releases of cloud native applications? Correct Answer-Automated testing
You are tasked with developing an application that requires the us of OCI APIs to POST messages to a stream in the OCI Streaming service Correct Answer-The request does not require an Authorization header Which THREE are valid statements regarding the OCI OKE service? Correct Answer--OKE automatically creates and configures new network resources for the new cluster -There is a limit of three clusters within each region, but there is no limit on the number of nodes and pods you can create within each cluster -You must have access to an OCI tenancy Which two statements accurately describe an Oracle Functions application? Correct Answer--A logical group of functions -A common context to store configuration variables that are available to all functions in the application. A docker image containing all the functions that ashore the same configuration Having created a OKE Cluster, you can use OCI Logging to view and search the logs of applications running on the worker node compute instances in the cluster. Which task is NOT required to collect and parse application logs? Correct Answer- Enable monitoring for all worker nodes in the cluster To effectively test your cloud native applications for "unknown unknowns" you need to employ various testing and deployment strategies. Which strategy involves exposing new functionality or features to only a small set of users? Correct Answer-Canary Deployment From a DevOps process standpoint, it is a good practice to keep changes to an application under version control. Which of the following allows changes to a
Docker image to be stored in a version control system? Correct Answer-docker commit As a developer, you have been tasked with implementing a micro services-based application. Which THREE technologies are best suited to accomplish the task? Correct Answer--Kubernetes -Service Mesh -Docker Your organization has deployed their e-commerce application on OKE and they are using the OCIR service as their Docker image repository. They have deployed the OKE cluster using the 'custom create' option, and their VCN has three public subnets with associated Route Tables, Security Lists, and Internet Gateway. However, their application containers are failing to deploy. On investigation, they discover that the images are not being pulled from the designated OCI repository, even though the YAML configuration has the correct path to the images. What is a valid concern here that needs to be further investigated? Correct Answer-OKE cluster needs to have a secret with the credentials of their OCIR repository and use that secret in the Kubernetes deployment manifest.