Oracle Cloud Infrastructure Developer Associate Questions with Correct Answers, Exams of Web Application Development

Oracle Cloud Infrastructure Developer Associate Questions with Correct Answers

Typology: Exams

2024/2025

Available from 08/07/2025

EXAMDOC
EXAMDOC šŸ‡ŗšŸ‡ø

4.4

(9)

22K documents

1 / 25

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Oracle Cloud Infrastructure Developer Associate
Questions with Correct Answers
In order to effectively test your cloud-native applications, you might utilize
separate environments (development, testing, staging, production, etc.)
Which Oracle Cloud Infrastructure (OCI) service can you use to create and manage
your infrastructure? (Choose the best answer.)
A. OCI Compute
B. OCI Container Engine for Kubernetes
C. OCI Resource Manager
D. OCI API Gateway Correct Answer-C. OCI Resource Manager
You are tasked with developing an application that requires the use of Oracle
Cloud Infrastructure (OCI) APIs to POST messages to a stream in the OCI
Streaming service.
Which statement is incorrect? (Choose the best answer.)
A. The request must include an authorization signing string including (but not
limited to) x-content-sha256, content-type, and content-length headers.
B. The Content-Type header must be set to application/json
C. An HTTP 401 will be returned if the client's clock is skewed more than 5
minutes from the server's.
D. The request does not require an Authorization header. Correct Answer-D. The
request does not require an Authorization header.
https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/
signingrequests.htm
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19

Partial preview of the text

Download Oracle Cloud Infrastructure Developer Associate Questions with Correct Answers and more Exams Web Application Development in PDF only on Docsity!

Oracle Cloud Infrastructure Developer Associate

Questions with Correct Answers

In order to effectively test your cloud-native applications, you might utilize separate environments (development, testing, staging, production, etc.) Which Oracle Cloud Infrastructure (OCI) service can you use to create and manage your infrastructure? (Choose the best answer.) A. OCI Compute B. OCI Container Engine for Kubernetes C. OCI Resource Manager D. OCI API Gateway Correct Answer-C. OCI Resource Manager You are tasked with developing an application that requires the use of Oracle Cloud Infrastructure (OCI) APIs to POST messages to a stream in the OCI Streaming service. Which statement is incorrect? (Choose the best answer.) A. The request must include an authorization signing string including (but not limited to) x-content-sha256, content-type, and content-length headers. B. The Content-Type header must be set to application/json C. An HTTP 401 will be returned if the client's clock is skewed more than 5 minutes from the server's. D. The request does not require an Authorization header. Correct Answer-D. The request does not require an Authorization header. https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/ signingrequests.htm

Summary of Signing Steps

In general, these are the steps required to sign a request:

  • Form the HTTPS request (SSL protocol TLS 1.2 is required).
  • Create the signing string, which is based on parts of the request.
  • Create the signature from the signing string, using your private key and the RSA- SHA256 algorithm.
  • Add the resulting signature and other required information to the Authorization header in the request. Client Clock Skew

If the client's clock is skewed more than 5 minutes, a 401 (NotAuthenticated) HTTP status code is returned. This will affect your API requests. You are working on a serverless DevSecOps application using Oracle Functions. You have deployed a Python function that uses the Oracle Cloud Infrastructure (OCI) Python SDK to stop any OCI Compute instance that does not comply with your corporate security standards. There are 3 non-compliant OCI Compute instances. However, when you invoke this function none of the instances were stopped. How should you troubleshoot this? (Choose the best answer.) A. There is no way to troubleshoot a function running on Oracle Functions. B. Enable function logging in the OCI console, include some print statements in your function code and use logs to troubleshoot this. C. Enable function remote debugging in the OCI console, and use your favorite IDE to inspect the function running on Oracle Functions.

  • Signed HTTP requests to the function's invoke endpoint. Every function has an invoke endpoint.
  • Other Oracle Cloud services (for example, triggered by an event in the Events service) or from external services. You are developing a polyglot serverless application using Oracle Functions. Which language cannot be used to write your function code? (Choose the best answer.) A. PL/SQL B. Python C. Node.js D. Go E. Java Correct Answer-A. PL/SQL https://www.oracle.com/webfolder/technetwork/tutorials/FAQs/oci/Functions- FAQ.pdf Which languages does Oracle Functions support? Oracle Functions is based on open source Fn Project which provides function development kits (FDKs) for Java (including, the GraalVM native image), Python, Node, Go and Ruby, and in addition, lets you bring your own Dockerfile. Which two statements accurately describe an Oracle Functions application? (Choose two.) A. A small block of code invoked in response to an Oracle Cloud Infrastructure (OCI) Events service B. A Docker image containing all the functions that share the same configuration

C. An application based on Oracle Functions, Oracle Cloud Infrastructure (OCI) Events and OCI API Gateway services D. A common context to store configuration variables that are available to all functions in the application E. A logical group of functions Correct Answer-D. A common context to store configuration variables that are available to all functions in the application E. A logical group of functions https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Concepts/ functionsconcepts.htm In Oracle Functions, an application is:

  • logical grouping of functions
  • way to allocate and configure resources for all functions in the application
  • common context to store configuration variables that are available to all functions in the application
  • way to ensure function runtime isolation You are processing millions of files in an Oracle Cloud Infrastructure (OCI) Object Storage bucket. Each time a new file is created, you want to send an email to the customer and create an order in a database. The solution should perform and minimize cost. Which action should you use to trigger this email? (Choose the best answer.) A. Schedule a cron job that monitors the OCI Object Storage bucket and emails the customer when a new file is created. B. Use OCI Events service and OCI Notification service to send an email each time a file is created.

"Resource Manager Job" "Create" condition, and select the notification topic for the corresponding action. A. only UPDATES C. only UPDATES + no action type email on EVENTS D. no email configuration for ACTION https://blogs.oracle.com/developers/post/iac-in-the-cloud-getting-started-with- resource-manager "if you manually change a resource in your tenancy that was created/updated by a Resource Manager job" https://docs.cloud.oracle.com/en-us/iaas/Content/Events/Concepts/ eventsoverview.htm https://docs.cloud.oracle.com/en-us/iaas/Content/Notification/Concepts/ notificationoverview.htm A service you are deploying to Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) uses a docker image from a private repository in OCI Registry (OCIR). Which configuration is necessary to provide access to this repository from OKE? (Choose the best answer.) A. Add a generic secret on the cluster containing your identity credentials. Then specify a registryCredentials property in the deployment manifest.

B. Create a docker-registry secret for OCIR with API key credentials on the cluster, and specify the imagePullSecret property in the application deployment manifest. C. Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the imagePullSecret property in the application deployment manifest. D. Create a dynamic group for nodes in the cluster, and a policy that allows the dynamic group to read repositories in the same compartment. Correct Answer-C. Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the imagePullSecret property in the application deployment manifest. Oracle by Example - Pull an Image from Oracle Cloud Infrastructure Registry when Deploying a Load-Balanced Application to a Cluster https://www.oracle.com/webfolder/technetwork/tutorials/obe/oci/oke-and-registry/ index.html section 2 - Create a Secret for the Tutorial To enable Kubernetes to pull an image from Oracle Cloud Infrastructure Registry when deploying an application, you need to create a Kubernetes secret. The secret includes all the login details you would provide if you were manually logging in to Oracle Cloud Infrastructure Registry using the docker login command, including your auth token. $ kubectl create secret docker-registry ocirsecret --docker-server=<region- key>.ocir.io --docker-username='<tenancy-namespace>/<oci-username>' --docker- password='<oci-auth-token>' --docker-email='<email-address>' <oci-auth-token> is the auth token of the user specified by oci-username. section 3 - Add the Secret and the Image Path to the Manifest File

annotation: spec: type: LoadBalancer ports:

  • port: 80 selector: app: nginx A. service.beta.kubernetes.io/oci-load-balancer-kind: 400Mbps B. service.beta.kubernetes.io/oci-load-balancer-value: 400Mbps C. service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps D. service.beta.kubernetes.io/oci-load-balancer-size: 400Mbps Correct Answer-C. service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/ contengcreatingloadbalancer.htm Specifying Alternative Load Balancer Shapes The shape of an Oracle Cloud Infrastructure load balancer specifies its maximum total bandwidth (that is, ingress plus egress). By default, load balancers are created with a shape of 100Mbps. Other shapes are available, including 400Mbps and 8000Mbps. To specify an alternative shape for a load balancer, add the following annotation in the metadata section of the manifest file: service.beta.kubernetes.io/oci-load-balancer-shape:

You are developing a serverless application with Oracle Functions and Oracle Cloud Infrastructure Object Storage. Your function needs to read a JSON file object from an Object Storage bucket named "input-bucket" in compartment "qa- compartment". Your corporate security standards mandate the use of Resource Principals for this use case. Which two statements are needed to implement this use case? (Choose two.) A. Set up a policy with the following statement to grant read access to the bucket: allow dynamic-group read-file-dg to read objects in compartment qa-compartment where target.bucket.name= "input-bucket' B. Set up the following dynamic group for your function's OCID: Name: read-file- dg Rule: resource.id = "ocid1.fnfunc.oc1.phx.aaaaaaaakeaobctakezjz5i4ujj7g25q7sx5mvr55pms6f4da" C. Set up a policy to grant all functions read access to the bucket: allow all functions in compartment qa-compartment to read objects i Correct Answer-A. Set up a policy with the following statement to grant read access to the bucket: allow dynamic-group read-file-dg to read objects in compartment qa-compartment where target.bucket.name= "input-bucket' B. Set up the following dynamic group for your function's OCID: Name: read-file- dg Rule: resource.id = "ocid1.fnfunc.oc1.phx.aaaaaaaakeaobctakezjz5i4ujj7g25q7sx5mvr55pms6f4da" You created a pod called "nginx" and its state is set to Pending. Which command can you run to see the reason why the "nginx" pod is in the pending state? (Choose the best answer.) A. kubectl logs pod nginx B. kubectl describe pod nginx C. kubectl get pod nginx

Which rule can you use to prevent a container from running as root using PSP? (Choose the best answer.) A. NoPrivilege B. RunOnlyAsUser C. MustRunAsNonRoot D. forbiddenRoot Correct Answer-C. MustRunAsNonRoot Secure A Kubernetes Cluster With Pod Security Policies https://docs.bitnami.com/tutorials/secure-kubernetes-cluster-psp/ apiVersion: policy/v1beta kind: PodSecurityPolicy metadata: name: example spec: privileged: false runAsUser: rule: MustRunAsNonRoot seLinux: rule: RunAsAny fsGroup: rule: RunAsAny supplementalGroups: rule: RunAsAny volumes:

  • 'nfs'

hostPorts:

  • min: 100 max: 100 Briefly, this pod security policy implements the following security rules:
  • Disallow containers running in privileged mode
  • Disallow containers that require root privileges
  • Disallow containers that access volumes apart from NFS volumes
  • Disallow containers that access host ports apart from port 100 What is one of the differences between a microservice and a serverless function? (Choose the best answer.) A. Microservices are used for long running operations and serverless functions for short running operations. B. Microservices always use a data store and serverless functions never use a data store. C. Microservices are stateless and serverless functions are stateful. D. Microservices are triggered by events and serverless functions are not. Correct Answer-A. Microservices are used for long running operations and serverless functions for short running operations. Microservices are best suited for long-running, complex applications that have significant resource and management requirements. On the other hand, serverless functions only execute when needed. Once the execution is over, the computing instance that runs the code decommissions itself. D is wrong, because both can be triggered by events, both are event driven C is wrong, because Microservices can be stateless or stateful

E. Python SDK Correct Answer-C. .NET SDK confirm that C used to be correct. It is not anymore. ".NET" is supported https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/sdks.htm Software Development Kits (SDKs) Build and deploy apps that integrate with Oracle Cloud Infrastructure services. Each SDK provides the tools you need to develop an app, including code samples and documentation to create, test, and troubleshoot. In addition, if you want to contribute to the development of the SDKs, they are all open source and available on GitHub. SDK for Java SDK for Python SDK for TypeScript and JavaScript SDK for .NET SDK for Go SDK for Ruby You want to push a new image in the Oracle Cloud Infrastructure (OCI) Registry. Which two actions do you need to perform? (Choose two.) A. Assign a tag via Docker CLI to the image. B. Generate an auth token to complete the authentication via Docker CLI. C. Generate an API signing key to complete the authentication via Docker CLI. D. Assign an OCI defined tag via OCI CLI to the image. E. Generate an OCI tag namespace in your repository. Correct Answer-A. Assign a tag via Docker CLI to the image.

B. Generate an auth token to complete the authentication via Docker CLI. Pushing Images Using the Docker CLI https://docs.cloud.oracle.com/en-us/iaas/Content/Registry/Tasks/ registrypushingimagesusingthedockercli.htm To push images to Container Registry using the Docker CLI:

  1. If you already have an auth token, go to the next step.
  2. In a terminal window on the client machine running Docker, log in to Container Registry by entering docker login <region-key>.ocir.io
  3. When prompted for a username, enter your username in the format <tenancy- namespace>/
  4. When prompted for a password, enter the auth token you copied earlier.
  5. Locate the image on the client machine that you want to push:
  6. Confirm that the Docker image has been correctly tagged on the client machine by entering docker images and verifying that the list of images includes an image with the tag you specified.
  7. Push the Docker image from the client machine to Container Registry by entering: docker push <target-tag> Oracle by Example - Push an Image to Oracle Cloud Infrastructure Registry https://www.oracle.com/webfolder/technetwork/tutorials/obe/oci/registry/ index.html 2 - Get an Auth Token and Create a New Repository 3 - Login to Oracle Cloud Infrastructure Registry from the Docker CLI docker login <region-key>.ocir.io 4 - Pull the hello-world Image from DockerHub docker pull karthequian/helloworld:latest

A. kubectl list pod.spec.tolerations B. kubectl explain pod.spec.tolerations C. kubectl describe pod.spec.tolerations D. kubectl get pod.spec.tolerations Correct Answer-B. kubectl explain pod.spec.tolerations https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ https://medium.com/kubernetes-tutorials/making-sense-of-taints-and-tolerations- in-kubernetes-446e75010f4e Kubectl explain lists the files for supported resources. https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#explain kubectl explain This command describes the fields associated with each supported API resource. Fields are identified via a simple JSONPath identifier: https://stackoverflow.com/questions/58790754/using-the-kubectl-explain- command You are building a container image and pushing it to the Oracle Cloud Infrastructure Registry (OCIR). You need to make sure that these images never get deleted from the repository. Which action should you take? (Choose the best answer.) A. Create a group and assign a policy to perform lifecycle operations on images. B. Set global policy of image retention to "Retain All Images". C. In your compartment, write a policy to limit access to the specific repository. D. Edit the tenancy global retention policy. Correct Answer-D. Edit the tenancy global retention policy.

A. FALSE

C. FALSE

B. "The global image retention policy's default selection criteria retain all images, so that no images are automatically deleted" Retaining and Deleting Images Using Retention Policies https://docs.oracle.com/en-us/iaas/Content/Registry/Tasks/ registrymanagingimageretention.htm In each region in a tenancy, there's a global image retention policy. The global image retention policy's default selection criteria retain all images, so that no images are automatically deleted In the Global Image Retention Policy dialog, specify new criteria for the global retention policy:

  • Delete any images that haven't been pulled in n days: Select this option if you want to delete images that have not been pulled for the number of days you specify.
  • Delete any images that haven't been tagged in n days: Select this option if you want to delete images that have not been tagged for the number of days you specify.
  • Exempt Tags: If you want to prevent images from being deleted on the basis of Docker tags they've been given, specify those tags as exempt in a comma-separated list. An image that has been given one of the exempt tags will not be deleted, even if the image meets the other criteria. You can include the asterisk () as a wildcard to represent none, one, or more characters. For example, you might specify latest,prod-,-tail,.100.*.