Oracle 1Z0-1084-21 Online Practice Questions and Exam Preparation

Oracle 1Z0-1084-21 Online Questions & Answers

• Question 61:

  A pod security policy (PSP) is implemented in your Oracle Cloud Infrastructure Container Engine for Kubernetes cluster Which rule can you use to prevent a container from running as root using PSP?

  A. NoPrivilege
  B. RunOnlyAsUser
  C. MustRunAsNonRoot
  D. forbiddenRoot
  C. MustRunAsNonRoot

  ---

  # Require the container to run without root privileges.

  rule: 'MustRunAsNonRoot'

  Reference: https://kubernetes.io/docs/concepts/policy/pod-security-policy/

• Question 62:

  What is the difference between blue/green and canary deployment strategies?

  A. In blue/green, application Is deployed In minor increments to a select group of people. In canary, both old and new applications are simultaneously in production.
  B. In blue/green, both old and new applications are in production at the same time. In canary, application is deployed Incrementally to a select group of people.
  C. In blue/green, current applications are slowly replaced with new ones. In < MW y, Application ll deployed incrementally to a select group of people.
  D. In blue/green, current applications are slowly replaced with new ones. In canary, both old and new applications are In production at the same time.
  B. In blue/green, both old and new applications are in production at the same time. In canary, application is deployed Incrementally to a select group of people.

  ---

  Blue-green deployment is a technique that reduces downtime and risk by running two identical production environments called Blue and Green. At any time, only one of the environments is live, with the live environment serving all production traffic. For this example, Blue is currently live and Green is idle. https://docs.cloudfoundry.org/devguide/deploy-apps/blue-green.html Canary deployments are a pattern for rolling out releases to a subset of users or servers. The idea is to first deploy the change to a small subset of servers, test it, and then roll the change out to the rest of the servers. ... Canaries were once regularly used in coal mining as an early warning system. https://octopus.com/docs/deployment-patterns/canary-deployments

• Question 63:

  You have a containerized app that requires an Autonomous Transaction Processing (ATP) Database. Which option is not valid for o from a container in Kubernetes?

  A. Enable Oracle REST Data Services for the required schemas and connect via HTTPS.
  B. Create a Kubernetes secret with contents from the instance Wallet files. Use this secret to create a volume mounted to the appropriate path in the application deployment manifest.
  C. Use Kubernetes secrets to configure environment variables on the container with ATP instance OCID, and OCI API credentials. Then use the CreateConnection API endpoint from the service runtime.
  D. Install the Oracle Cloud Infrastructure Service Broker on the Kubernetes cluster and deploy serviceinstance and serviceBinding resources for ATP. Then use the specified binding name as a volume in the application deployment manifest.
  A. Enable Oracle REST Data Services for the required schemas and connect via HTTPS.

  ---

  https://blogs.oracle.com/developers/creating-an-atp-instance-with-the-oci-service-broker https://blogs.oracle.com/cloud-infrastructure/integrating-oci-service-broker-with-autonomous- transaction-processing-in-the-real-world

• Question 64:

  Which statements is incorrect with regards to the Oracle Cloud Infrastructure (OCI) Notifications service?

  A. Notification topics may be assigned as the action performed by an OCI Events configuration.
  B. OCI Alarms can be configured to publish to a notification topic when triggered.
  C. An OCI function may subscribe to a notification topic.
  D. A subscription can forward notifications to an HTTPS endpoint.
  E. A subscription can integrate with PagerDuty events.
  F. It may be used to receive an email each time an OCI Autonomous Database backup is completed.
  F. It may be used to receive an email each time an OCI Autonomous Database backup is completed.

• Question 65:

  You have created a repository in Oracle Cloud Infrastructure Registry in the us-ashburn-1 (iad) region in your tenancy with a namespace called "heyci. Which three are valid tags for an image named "myapp"?

  A. iad.ocir.io/heyoci/myproject/myapp:0.0.1
  B. us-ashburn-l.ocirJo/heyoci/myapp:0.0.2-beta
  C. us-ashburn-l.ocir.io/heyoci/myproject/myapp:0.0.2-beta
  D. us-ashburn-l.ocir.io/myproject/heyoci/myapp:latest
  E. iad.ocir.io/myproject/heyoci/myapprlatest
  F. iad.ocir.io/heyoci/myapp:0.0.2-beta
  G. iad.ocir.io/heyoci/myapp:latest
  A. iad.ocir.io/heyoci/myproject/myapp:0.0.1
  F. iad.ocir.io/heyoci/myapp:0.0.2-beta
  G. iad.ocir.io/heyoci/myapp:latest

  ---

  Give a tag to the image that you're going to push to Oracle Cloud Infrastructure Registry by entering:

  docker tag

  where:

  uniquely identifies the image, either using the image's id (for example, 8e0506e14874), or the image's name and tag separated by a colon (for example, acme- web-app:latest).

  is in the format .ocir.io///: where:

  is the key for the Oracle Cloud Infrastructure Registry region you're using. For example, iad. See Availability by Region. ocir.io is the Oracle Cloud Infrastructure Registry name. is the auto-generated

  Object Storage namespace string of the tenancy that owns the repository to which you want to push the image (as shown on the Tenancy Information page). For example, the namespace of the acme-dev tenancy might be ansh81vru1zp.

  Note that for some older tenancies, the namespace string might be the same as the tenancy name in all lower-case letters (for example, acme-dev). Note also that your user must have access to the tenancy.

  (if specified) is the name of a repository to which you want to push the image (for example, project01). Note that specifying a repository is optional (see About Repositories). is the name you want to give the

  image in Oracle Cloud Infrastructure Registry (for example, acme-web-app).

  is an image tag you want to give the image in Oracle Cloud Infrastructure Registry (for example, version2.0.test).

  For example, for convenience you might want to group together multiple versions of the acme-web- app image in the acme-dev tenancy in the Ashburn region into a repository called project01. You do this by including the name of the

  repository in the image name when you push the image, in the format .ocir.io///:. For example, iad.ocir.io/ansh81vru1zp/project01/acme-web-app:4.6.3. Subsequently,

  when you use the docker push command, the presence of the repository in the image's name ensures the image is pushed to the intended repository. If you push an image and include the name of a repository that doesn't already exist, a new

  private repository is created automatically. For example, if you enter a command like docker push iad.ocir.io/ansh81vru1zp/project02/acme-web- app:7.5.2 and the project02 repository doesn't exist, a private repository called project02 is

  created automatically. If you push an image and don't include a repository name, the image's name is used as the name of the repository. For example, if you enter a command like docker push iad.ocir.io/ansh81vru1zp/acme-web-app:7.5.2

  that doesn't contain a repository name, the image's name (acme-web-app) is used as the name of a private repository. https:// docs.cloud.oracle.com/en-us/iaas/Content/Registry/Concepts/registrywhatisarepository.htm

• Question 66:

  Your Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) administrator has created an OKE cluster with one node pool in a public subnet. You have been asked to provide a log file from one of the nodes for troubleshooting

  purpose.

  Which step should you take to obtain the log file?

  A. ssh into the node using public key.
  B. ssh into the nodes using private key.
  C. It is impossible since OKE is a managed Kubernetes service.
  D. Use the username open and password to login.
  B. ssh into the nodes using private key.

  ---

  Kubernetes cluster is a group of nodes. The nodes are the machines running applications. Each node can be a physical machine or a virtual machine. The node's capacity (its number of CPUs and amount of memory) is defined when the

  node is created. A cluster comprises:

  - one or more master nodes (for high availability, typically there will be a number of master nodes)

  - one or more worker nodes (sometimes known as minions) Connecting to Worker Nodes Using SSH

  If you provided a public SSH key when creating the node pool in a cluster, the public key is installed on all worker nodes in the cluster. On UNIX and UNIX-like platforms (including Solaris and Linux), you can then connect through SSH to the

  worker nodes using the ssh utility (an SSH client) to perform administrative tasks.

  Note the following instructions assume the UNIX machine you use to connect to the worker node:

  Has the ssh utility installed.

  Has access to the SSH private key file paired with the SSH public key that was specified when the cluster was created.

  How to connect to worker nodes using SSH depends on whether you specified public or private subnets for the worker nodes when defining the node pools in the cluster. Connecting to Worker Nodes in Public Subnets Using SSH Before you

  can connect to a worker node in a public subnet using SSH, you must define an ingress rule in the subnet's security list to allow SSH access. The ingress rule must allow access to port 22 on worker nodes from source 0.0.0.0/0 and any

  source port To connect to a worker node in a public subnet through SSH from a UNIX machine using the ssh utility:

  1- Find out the IP address of the worker node to which you want to connect. You can do this in a number of ways: Using kubectl. If you haven't already done so, follow the steps to set up the cluster's kubeconfig configuration file and (if necessary) set the KUBECONFIG environment variable to point to the file. Note that you must set up your own kubeconfig file. You cannot access a cluster using a kubeconfig file that a different user set up. See Setting Up Cluster Access. Then in a terminal window, enter kubectl get nodes to see the public IP addresses of worker nodes in node pools in the cluster. Using the Console. In the Console, display the Cluster List page and then select the cluster to which the worker node belongs. On the Node Pools tab, click the name of the node pool to which the worker node belongs. On the Nodes tab, you see the public IP address of every worker node in the node pool. Using the REST API. Use the ListNodePools operation to see the public IP addresses of worker nodes in a node pool. 2- In the terminal window, enter ssh opc@ to connect to the worker node, where is the IP address of the worker node that you made a note of earlier. For example, you might enter ssh [email protected]. Note that if the SSH private key is not stored in the file or in the path that the ssh utility expects (for example, the ssh utility might expect the private key to be stored in ~/.ssh/id_rsa), you must explicitly specify the private key filename and location in one of two ways: Use the -i option to specify the filename and location of the private key. For example, ssh -i ~/.ssh/my_keys/my_host_key_filename [email protected] Add the private key filename and location to an SSH configuration file, either the client configuration file (~/.ssh/config) if it exists, or the system-wide client configuration file (/etc/ssh/ssh_config). For example, you might add the following: Host 192.0.2.254 IdentityFile ~/.ssh/my_keys/my_host_key_filename For more about the ssh utility's configuration file, enter man ssh_config Note also that permissions on the private key file must allow you read/write/execute access, but prevent other users from accessing the file. For example, to set appropriate permissions, you might enter chmod 600 ~/.ssh/my_keys/my_host_key_filename. If permissions are not set correctly and the private key file is accessible to other users, the ssh utility will simply ignore the private key file.

• Question 67:

  Which testing approaches is a must for achieving high velocity of deployments and release of cloud- native applications?

  A. Integration testing
  B. A/B testing
  C. Automated testing
  D. Penetration testing
  C. Automated testing

  ---

  Oracle Cloud Infrastructure provides a number of DevOps tools and plug-ins for working with Oracle Cloud Infrastructure services. These can simplify provisioning and managing infrastructure or enable automated testing and continuous delivery. A/B Testing While A/B testing can be combined with either canary or blue-green deployments, it is a very different thing. A/B testing really targets testing the usage behavior of a service or feature and is typically used to validate a hypothesis or to measure two versions of a service or feature and how they stack up against each other in terms of performance, discoverability and usability. A/B testing often leverages feature flags (feature toggles), which allow you to dynamically turn features on and off. Integration Testing Integration tests are also known as end-to-end (e2e) tests. These are long-running tests that exercise the system in the way it is intended to be used in production. These are the most valuable tests in demonstrating reliability and thus increasing confidence. Penetration Testing Oracle regularly performs penetration and vulnerability testing and security assessments against the Oracle cloud infrastructure, platforms, and applications. These tests are intended to validate and improve the overall security of Oracle Cloud Services.

• Question 68:

  You are developing a serverless application with Oracle Functions. Your function needs to store state in a database. Your corporate security Standards mandate encryption of secret information like database passwords. As a function developer, which approach should you follow to satisfy this security requirement?

  A. Use the Oracle Cloud Infrastructure Console and enter the password in the function configuration section in the provided input field.
  B. Use Oracle Cloud Infrastructure Key Management to auto-encrypt the password. It will inject the auto-decrypted password inside your function container.
  C. Encrypt the password using Oracle Cloud Infrastructure Key Management. Decrypt this password in your function code with the generated key.
  D. All function configuration variables are automatically encrypted by Oracle Functions.
  A. Use the Oracle Cloud Infrastructure Console and enter the password in the function configuration section in the provided input field.

  ---

  Passing Custom Configuration Parameters to Functions

  he code in functions you deploy to Oracle Functions will typically require values for different parameters. Some pre-defined parameters are available to your functions as environment variables. But you'll often want your functions to use

  parameters that you've defined yourself. For example, you might create a function that reads from and writes to a database. The function will require a database connect string, comprising a username, password, and hostname. You'll

  probably want to define username, password, and hostname as parameters that are passed to the function when it's invoked.

  Using the Console

  To specify custom configuration parameters to pass to functions using the Console:

  Log in to the Console as a functions developer.

  In the Console, open the navigation menu. Under Solutions and Platform, go to Developer Services and click Functions.

  Select the region you are using with Oracle Functions. Oracle recommends that you use the same region as the Docker registry that's specified in the Fn Project CLI context (see 6. Create an Fn Project CLI Context to Connect to Oracle

  Cloud Infrastructure). Select the compartment specified in the Fn Project CLI context (see 6. Create an Fn Project CLI Context to Connect to Oracle Cloud Infrastructure). The Applications page shows the applications defined in the

  compartment. Click the name of the application containing functions to which you want to pass custom configuration parameters:

  To pass one or more custom configuration parameters to every function in the application, click Configuration to see the Configuration section for the application. To pass one or more custom configuration parameters to a particular function,

  click the function's name to see the Configuration section for the function. In the Configuration section, specify details for the first custom configuration parameter:

  Key: The name of the custom configuration parameter. The name must only contain alphanumeric characters and underscores, and must not start with a number. For example, username Value: A value for the custom configuration parameter.

  The value must only contain printable unicode characters. For example, jdoe

  Click the plus button to save the new custom configuration parameter. Oracle Functions combines the key-value pairs for all the custom configuration parameters (both application-wide and function-specific) in the application into a single,

  serially-encoded configuration object with a maximum allowable size of 4Kb. You cannot save the new custom configuration parameter if the size of the serially-encoded configuration object would be greater than 4Kb. (Optional) Enter

  additional custom configuration parameters as required.

• Question 69:

  You are deploying an API via Oracle Cloud Infrastructure (OCI) API Gateway and you want to implement request policies to control access Which is NOT available in OCI API Gateway?

  A. Limiting the number of requests sent to backend services
  B. Enabling CORS (Cross-Origin Resource Sharing) support
  C. Providing authentication and authorization
  D. Controlling access to OCI resources
  D. Controlling access to OCI resources

  ---

  In the API Gateway service, there are two types of policy:

  -

  a request policy describes actions to be performed on an incoming request from a caller before it is sent to a back end

  -

  a response policy describes actions to be performed on a response returned from a back end before it is sent to a caller

  You can use request policies to:

  -limit the number of requests sent to back-end services

  -enable CORS (Cross-Origin Resource Sharing) support

  -provide authentication and authorization

• Question 70:

  You are developing a distributed application and you need a call to a path to always return a specific JSON content deploy an Oracle Cloud Infrastructure API Gateway with the below API deployment specification.

  

  What is the correct value for type?

  A. STOCK_RESPONSE_BACKEND
  B. CONSTANT_BACKEND
  C. JSON_BACKEND
  D. HTTP_BACKEND
  A. STOCK_RESPONSE_BACKEND

  ---

  "type": "STOCK_RESPONSE_BACKEND" indicates that the API gateway itself will act as the back end and return the stock response you define (the status code, the header fields and the body content). https://docs.cloud.oracle.com/en-us/iaas/Content/APIGateway/Tasks/apigatewayaddingstockresponses.htm