

















Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Oracle Cloud Infrastructure Developer Associate Questions with Correct Answers
Typology: Exams
1 / 25
This page cannot be seen from the preview
Don't miss anything!


















In order to effectively test your cloud-native applications, you might utilize separate environments (development, testing, staging, production, etc.) Which Oracle Cloud Infrastructure (OCI) service can you use to create and manage your infrastructure? (Choose the best answer.) A. OCI Compute B. OCI Container Engine for Kubernetes C. OCI Resource Manager D. OCI API Gateway Correct Answer-C. OCI Resource Manager You are tasked with developing an application that requires the use of Oracle Cloud Infrastructure (OCI) APIs to POST messages to a stream in the OCI Streaming service. Which statement is incorrect? (Choose the best answer.) A. The request must include an authorization signing string including (but not limited to) x-content-sha256, content-type, and content-length headers. B. The Content-Type header must be set to application/json C. An HTTP 401 will be returned if the client's clock is skewed more than 5 minutes from the server's. D. The request does not require an Authorization header. Correct Answer-D. The request does not require an Authorization header. https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/ signingrequests.htm
In general, these are the steps required to sign a request:
If the client's clock is skewed more than 5 minutes, a 401 (NotAuthenticated) HTTP status code is returned. This will affect your API requests. You are working on a serverless DevSecOps application using Oracle Functions. You have deployed a Python function that uses the Oracle Cloud Infrastructure (OCI) Python SDK to stop any OCI Compute instance that does not comply with your corporate security standards. There are 3 non-compliant OCI Compute instances. However, when you invoke this function none of the instances were stopped. How should you troubleshoot this? (Choose the best answer.) A. There is no way to troubleshoot a function running on Oracle Functions. B. Enable function logging in the OCI console, include some print statements in your function code and use logs to troubleshoot this. C. Enable function remote debugging in the OCI console, and use your favorite IDE to inspect the function running on Oracle Functions.
C. An application based on Oracle Functions, Oracle Cloud Infrastructure (OCI) Events and OCI API Gateway services D. A common context to store configuration variables that are available to all functions in the application E. A logical group of functions Correct Answer-D. A common context to store configuration variables that are available to all functions in the application E. A logical group of functions https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Concepts/ functionsconcepts.htm In Oracle Functions, an application is:
"Resource Manager Job" "Create" condition, and select the notification topic for the corresponding action. A. only UPDATES C. only UPDATES + no action type email on EVENTS D. no email configuration for ACTION https://blogs.oracle.com/developers/post/iac-in-the-cloud-getting-started-with- resource-manager "if you manually change a resource in your tenancy that was created/updated by a Resource Manager job" https://docs.cloud.oracle.com/en-us/iaas/Content/Events/Concepts/ eventsoverview.htm https://docs.cloud.oracle.com/en-us/iaas/Content/Notification/Concepts/ notificationoverview.htm A service you are deploying to Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) uses a docker image from a private repository in OCI Registry (OCIR). Which configuration is necessary to provide access to this repository from OKE? (Choose the best answer.) A. Add a generic secret on the cluster containing your identity credentials. Then specify a registryCredentials property in the deployment manifest.
B. Create a docker-registry secret for OCIR with API key credentials on the cluster, and specify the imagePullSecret property in the application deployment manifest. C. Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the imagePullSecret property in the application deployment manifest. D. Create a dynamic group for nodes in the cluster, and a policy that allows the dynamic group to read repositories in the same compartment. Correct Answer-C. Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the imagePullSecret property in the application deployment manifest. Oracle by Example - Pull an Image from Oracle Cloud Infrastructure Registry when Deploying a Load-Balanced Application to a Cluster https://www.oracle.com/webfolder/technetwork/tutorials/obe/oci/oke-and-registry/ index.html section 2 - Create a Secret for the Tutorial To enable Kubernetes to pull an image from Oracle Cloud Infrastructure Registry when deploying an application, you need to create a Kubernetes secret. The secret includes all the login details you would provide if you were manually logging in to Oracle Cloud Infrastructure Registry using the docker login command, including your auth token. $ kubectl create secret docker-registry ocirsecret --docker-server=<region- key>.ocir.io --docker-username='<tenancy-namespace>/<oci-username>' --docker- password='<oci-auth-token>' --docker-email='<email-address>' <oci-auth-token> is the auth token of the user specified by oci-username. section 3 - Add the Secret and the Image Path to the Manifest File
annotation:
You are developing a serverless application with Oracle Functions and Oracle Cloud Infrastructure Object Storage. Your function needs to read a JSON file object from an Object Storage bucket named "input-bucket" in compartment "qa- compartment". Your corporate security standards mandate the use of Resource Principals for this use case. Which two statements are needed to implement this use case? (Choose two.) A. Set up a policy with the following statement to grant read access to the bucket: allow dynamic-group read-file-dg to read objects in compartment qa-compartment where target.bucket.name= "input-bucket' B. Set up the following dynamic group for your function's OCID: Name: read-file- dg Rule: resource.id = "ocid1.fnfunc.oc1.phx.aaaaaaaakeaobctakezjz5i4ujj7g25q7sx5mvr55pms6f4da" C. Set up a policy to grant all functions read access to the bucket: allow all functions in compartment qa-compartment to read objects i Correct Answer-A. Set up a policy with the following statement to grant read access to the bucket: allow dynamic-group read-file-dg to read objects in compartment qa-compartment where target.bucket.name= "input-bucket' B. Set up the following dynamic group for your function's OCID: Name: read-file- dg Rule: resource.id = "ocid1.fnfunc.oc1.phx.aaaaaaaakeaobctakezjz5i4ujj7g25q7sx5mvr55pms6f4da" You created a pod called "nginx" and its state is set to Pending. Which command can you run to see the reason why the "nginx" pod is in the pending state? (Choose the best answer.) A. kubectl logs pod nginx B. kubectl describe pod nginx C. kubectl get pod nginx
Which rule can you use to prevent a container from running as root using PSP? (Choose the best answer.) A. NoPrivilege B. RunOnlyAsUser C. MustRunAsNonRoot D. forbiddenRoot Correct Answer-C. MustRunAsNonRoot Secure A Kubernetes Cluster With Pod Security Policies https://docs.bitnami.com/tutorials/secure-kubernetes-cluster-psp/ apiVersion: policy/v1beta kind: PodSecurityPolicy metadata: name: example spec: privileged: false runAsUser: rule: MustRunAsNonRoot seLinux: rule: RunAsAny fsGroup: rule: RunAsAny supplementalGroups: rule: RunAsAny volumes:
hostPorts:
E. Python SDK Correct Answer-C. .NET SDK confirm that C used to be correct. It is not anymore. ".NET" is supported https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/sdks.htm Software Development Kits (SDKs) Build and deploy apps that integrate with Oracle Cloud Infrastructure services. Each SDK provides the tools you need to develop an app, including code samples and documentation to create, test, and troubleshoot. In addition, if you want to contribute to the development of the SDKs, they are all open source and available on GitHub. SDK for Java SDK for Python SDK for TypeScript and JavaScript SDK for .NET SDK for Go SDK for Ruby You want to push a new image in the Oracle Cloud Infrastructure (OCI) Registry. Which two actions do you need to perform? (Choose two.) A. Assign a tag via Docker CLI to the image. B. Generate an auth token to complete the authentication via Docker CLI. C. Generate an API signing key to complete the authentication via Docker CLI. D. Assign an OCI defined tag via OCI CLI to the image. E. Generate an OCI tag namespace in your repository. Correct Answer-A. Assign a tag via Docker CLI to the image.
B. Generate an auth token to complete the authentication via Docker CLI. Pushing Images Using the Docker CLI https://docs.cloud.oracle.com/en-us/iaas/Content/Registry/Tasks/ registrypushingimagesusingthedockercli.htm To push images to Container Registry using the Docker CLI:
A. kubectl list pod.spec.tolerations B. kubectl explain pod.spec.tolerations C. kubectl describe pod.spec.tolerations D. kubectl get pod.spec.tolerations Correct Answer-B. kubectl explain pod.spec.tolerations https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ https://medium.com/kubernetes-tutorials/making-sense-of-taints-and-tolerations- in-kubernetes-446e75010f4e Kubectl explain lists the files for supported resources. https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#explain kubectl explain This command describes the fields associated with each supported API resource. Fields are identified via a simple JSONPath identifier: https://stackoverflow.com/questions/58790754/using-the-kubectl-explain- command You are building a container image and pushing it to the Oracle Cloud Infrastructure Registry (OCIR). You need to make sure that these images never get deleted from the repository. Which action should you take? (Choose the best answer.) A. Create a group and assign a policy to perform lifecycle operations on images. B. Set global policy of image retention to "Retain All Images". C. In your compartment, write a policy to limit access to the specific repository. D. Edit the tenancy global retention policy. Correct Answer-D. Edit the tenancy global retention policy.
B. "The global image retention policy's default selection criteria retain all images, so that no images are automatically deleted" Retaining and Deleting Images Using Retention Policies https://docs.oracle.com/en-us/iaas/Content/Registry/Tasks/ registrymanagingimageretention.htm In each region in a tenancy, there's a global image retention policy. The global image retention policy's default selection criteria retain all images, so that no images are automatically deleted In the Global Image Retention Policy dialog, specify new criteria for the global retention policy: