wallet file downtime faas  multiple calls

 

OCI

Q

1. When Starting a container to run a Oracle Function, the container runs processes as which user?

 Oracle Function uses fn user to run the processes with no added privileges.

2. What is the maximum memory threshold for a Oracle Function?

 1024 MB

3.Your application team has developed an Oracle Function that generates static pages during the function call. 

They want to use it for all the regions of your company, in such a way that every regional URL will hit the same application endpoint. You have been asked by the application to use Oracle Cloud Infrastructure(OCI) API Gateway to expose it.

 How would you achieve this?

 Create a OCI API Gateway, Create a deployment and add Path Parameters & Wildcards to Route Paths.

4.

What is the maximum execution timeout of Oracle Functions?

  5 minutes

5.You are using OCI Registry to store the Container Images for your application. You have been asked to adopt OCI Container Engine for K8S for Container Orchestration and you should use OCI Registry as the image store.

 How do you use OCI Registry in your OKE environment as Container Store?

A. Create a Docker Registry Secret in OKE and use that as ImagePullSecrets in Pod Spec.

6.As a k8s Administrator, you see that Oracle Cloud Infrastructure (OCI) Container Engine for k8s (OKE) has released a new version of the image running on Worker Node. Your application owners have mentioned that they use label selectors for the deployment.  You need to make sure that you upgrade to the latest image of the node pool without disrupting the existing deployment strategy.

 What should you do?

A. Create a new node pool and run kubectl label nodes to attach the same label as the existing nodes.

7.

What does Rolling Update deployment strategy do in your k8s environment?

A. Rolling Updates allow Deployments’ update to take place with zero downtime by incrementally updating Pods instances with new ones.

8.

As a k8s Administrator you need to make sure that the deployed application maintains the desired replica state at all times while updating the application with a new image.

What should you do?

A. Apply maxSurge and maxUnavailable parameters in deployment spec.

9.

Which Oracle Cloud Infrastructure(OCI) service is NOT supported using OCI Service Broker for k8s?

B. OCI Events Service(정답)

10.

Your application team wants to use configuration variables for their Application Pods and wants to inject it before the Pod creation.

As a k8s Administrator, you have been tasked to come up with the option to achieve this. What should you do?

D. Use podPreset to create the config outside of Pod

 

11.

Your DBA has mentioned that they have a shared service instance of Oracle Autonomous Transaction Processing(ATP) Database that many applications can use.

What is the drawback if you want to bring in the existing ATP instance to the Oracle Service Broker?

A. You can’t manage the lifecycle of the ATP Instance.

 

12.

You want to allow applications running on an OCI compute instance leveraging OCI SDKs to call other OCI services. 

What should you use to accomplish this?

A. Configure Instance Principals.

13.

What are the different ways to get authenticated using OCI SKD?

Select all that apply.

A. Using Instance Principal

B. Using Security Token

C. Using resource Principal

F. Using OCI CLI Config file

14.

You are using a Windows Laptop to write a script using oci cli. But when you ran the script. you got this error “The oci cli is not found”.

 What should you do to make sure that you are able to run oci from the Windows laptop?

C. Make sure that the oci.exe location is in your path.

15.

What are the supported SDKs on OCI? Choose all that apply.

A. Python SDK

B. Java SDK

C. Go SDK

E. Ruby SDK

G. .NET SDK

16.

Your priority is to use infrastructure as a Code (IaC) in a team environment, where you and your team both need to have access to the deployed infrastructure state data.

 What should you do to have access to the state file for all of the team members?

D. Use Remote State File

17.

Your Organization has built a web based application that has a REST API endpoint. You have been asked to expose the REST endpoint using an appropriate service on OCI.

D. OCI API Gateway.

18.

Which statement accurately describes OCI Load Balancer integration with OCI Container Engine for Kubernetes(OKE)? (choose the best answer)

A. OKE service provisions an OCI Load Balancer instance for each k8s service with LoadBalancer type in the YAML configuration.

C. OCI Load Balancer instance must be provisioned for each k8s service that requires traffic balancing.

19.

Per CAP theorem, in which scenario do you NOT need to make any trade-off between the guarantees?

A. When the are no network partitions

20.

You have two microservices, A and B running in production. Service A relies on APIs from service B. You want to test changes to service A without deploying all of its dependencies, which includes service B. Which approach should you take to test service A? (Choose the best answer)

B. Test using API mocks.

21.

In a Linux environment, what is the default location of the configuration file that OCI CLI uses for profile information? (Choose the best answer)

C. $HOME/.oci/config

 

22.

Which statement is “incorrect” with regards to the OCI Notifications service? (Choose the best answer)

F. It may be used ro receive an email each time an OCI Autonomous Database backup is completed.

23.

With the volume of communication that can happen between different components in cloud-native applications, it is vital to not only test functionality, but also service resiliency.

 Which statement is true with regards to service resiliency? (Choose the best answer.)

A. Resiliency is about recovering from failures without downtime or data loss.

24.

Which two are required to enable OKE cluster access from the kubectl CLI? (Choose Two)

B. Install and configure the OCI CLI

E. A configured OCI API signing key pair.

25.

You have a containerized app that requires an Autonomous Transaction processing (ATP) Database. Which option is “not valid” for connecting to ATP from a container in k8s? (choose the best answer)

B. Create a Kubernetes secret with contents from the instance Wallet files. Use this secret to create a volume mounted to the appropriate path in the application deployment manifest.

26.

In order to effectively test your cloud-native applications, you might utilize separate environments(dev, testing, staging, productions, etc)

 Which OCI service can you use to create and manage your infrastructure?

C. OCI Resource Manager

27.

You are tasked with developing an application that requires the use of Oracle Cloud Infrastructure(OCI) APIs to POST messages to a stream in the OCI Streaming service.

 Which statement is “incorrect”? (Choose the best answer)

D. The request dose not require an Authorization header.

28.

You are working on a serverless DevSecOps application using Oracle Functions. You have deployed a Python function that uses the OCI Python SDK to stop any OCI Compute instance that dose not comply with your corporate security standards. There are 3 non-compliant OCI Compute instances. However, when you invoke this function none of the instances were stopped.

 How should you troubleshoot this? (Choose the best answer)

B. Enable function logging in the OCI console, include some print statements in your function code and use logs to troubleshoot this.

29.

Which is NOT a valid option to execute a function deployed on Oracle Functions? (Choose the best answer)

C. Invoke from Docker CLI

30.

You are developing a polyglot serverless application using Oracle Functions.

 Which language cannot be used to write your function code? (choose the best answer)

A. PL/SQL

31.

Which two statements accurately describe an Oracle Functions application? (Choose Two)

D. A common context to store configuration variables that are available to all functions in the application.

E. A logical group of functions.

32.

You are processing millions of files in an Oracle Cloud Infrastructure (OCI) Object Storage bucket. Each time a new file is created, you want to send an email to the customer and create an order in a database. The solution should perform and minimize cost.

 Which action should you use to trigger this email? (Choose the best answer)

B. Use OCI Events service and OCI Notification service to send an email each time a file is created.

33.

You are using Oracle Cloud Infrastructure (OCI) Resource Manager to manage your infrastructure lifecycle and wish to receive and email each time a Terraform action begins.

 How should you use the OCI Events service to do this without writing any code? (Choose the best answer)

B. Create an OCI Notifications topics and email subscription with the destination email address. Then create an OCI Events rule matching “Resource Manager Job” “Create” condition, and select the notification topic for the corresponding action.

34.

A service you are deploying to Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) uses a docker image from a private repository in OCI Registry (OCIR).

 Which configuration is necessary to provide access to this repository from OKE?

C. Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the imagePullSecret property in the application deployment manifest.

35.

Given a service deployed on Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE), which annotation should you add in the sample manifest file below to specify a 400 Mbps load balancer?

(Choose the best answer.)

 

---------------------------

apiVersion: v1

kind : Service

metadata:

  name : my-nginx-svc

  labels:

    app:nginx

  annotations:

         <Fill in>

spec:

  type : LoadBalancer

    ports:

    - port : 80

    selector:

      app:nginx

---------------------------

C. service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps

36.

You are developing a serverless application with Oracle Functions and Oracle Cloud Infrastructure Object Storage. Your function needs to read a JSON file object from an Object Storage bucket name “input-bucket” in compartment “qa-compartment”. Your corporate security standards mandate the use of Resource Principals for this use case.

 Which two statements are needed to implement this use case? (Choose two)

A. Set up a policy with the following statement to grant read access to the bucket: allow dynamic-group read-file-dg to read object in compartment qa-compartment where target.bucket.name=’input-bucket’

B. Set up the following dynamic group for your function’s OCID: Name: read-file-dg Rule: resource.id = ‘ocid1.fnfunc.oc1.phx.aaaaaaaakeaobctakezjz5i4ujj7g25q7sx5mvr55pms6f4da’

37.

You created a pod called “nginx” and its state is set to Pending. Which command can you run to see the reason why the “nginx” pod is in the pending state? (Choose the best answer.)

B. kubectl describe pod nginx

38.

A pod security policy (PSP) is implemented in your Oracle Cloud Infrastructure Container Engine for Kubernetes cluster.

 Which rule can you use to prevent a container from running as using PSP? (Choose the best answer)

C. MustRunAsNonRoot

 

39.

What is one of the differences between a microservice and a serverless function? (Choose the best answer)

A. Microservice are used for long running operations and serverless functions for short running operations.

40.

Which two “Action type” options are NOT available in an Oracle Cloud Infrastructure (OCI) Events rule definition? (Choose two)

D. Email

E. Slack

41.

You want to push a new image in the Oracle Cloud Infrastructure (OCI) Registry. 

 Which two actions do you need to perform? (Choose two)

A. Assign a tag via Docker CLI to the image.

B. Generate an auth token to complete the authentication via Docker CLI.

42.

How can you find details of the tolerations field for the sample YAML file below? (Choose the best answer.)

 

--------------------------------

apiVersion: v1

kind : Pod

metadata:

  name: busybox

  namespace: default

spec:

  containers:

  - image : busybox

  command:

  - sleep

  - “3600”

  imagePullPolicy: IfNotPresent

  name : busybox

restartPolicy: Always

tolerations:

…

--------------------------------

B. kubectl explain pod.spec.tolerations

 

43.

You are building a container image and pushing it to the OCI Registry(OCIR). You need to make sure that these images never get delete from the repository. Which action should you take? (Choose the best answer).

B. Set global policy of image retention to “Retain All Images”

44.

You are deploying an API via OCI API Gateway and you want to implement request policies to control access. Which is NOT available in OCI API Gateway? (Choose the best answer)

D. Controlling access to OCI resources.

45.

You are developing a distributed application and you need a call to a path to alway return a specific JSON content. To fulfill the requirement you deploy an Oracle Cloud Infrastructure API Gateway with the below API deployment specification.

 

-------------------------

{

    "routes" : [{

    "path" : “\Hello”,

    “methods”: [“GET”],

    “backend”: {

        “type”: “_______________”,

        “status”: 200,

        “headers”: [{

            “name”: “Content-Type”,

            “value”: “application/json”

        }],

        “body”: “[\”myjson\”: \”consistent response\”]”

        }

    }]

}

-------------------------

What is the correct value for type? (Choose the best answer)

A. STOCK_RESPONSE_BACKEND

46.

Which two are benefits of distributed system? (Choose two)

D. Scalability

E. Resiliency

47.

You are building a cloud native, serverless travel application with multiple Oracle Functions in Java, Python and Node.js. You need to build and deploy these functions to a single application named travel-app. Which command will help you complete this task successfully? (Choose the best answer.)

B. fn deploy –app travel-app –all

48.

A developer using OCI API Gateway must authenticate the API requests to their web application. The authentication process must be implemented using a custom scheme which accepts string parameters from the API caller.

 Which method can the developer use in this scenario? (Choose the best answer.)

B. Create an authorizer function using token-based authorization.

49.

Your Oracle Cloud Infrastructure Container Engine for Kubernetes(OKE) administrator has created an OKE cluster with one node pool in a public subnet. You have been asked to provide a log file from one of the nodes for troubleshooting purposes.

 Which step should you take to obtain the log file? (Choose the best answer)

B. ssh into the nodes using private key.

50.

You have been asked to create a stateful application deployed in OCI OKE that requires all of your worker nodes to mount and write data to persistent volumes. Which two OCI storage services should you use? (Choose TWO)

A. Use OCI File Services as persistent volume.

C. Use OCI Block Volume backed persistent volume.

51.

As a cloud-native developer, you are designing an application that depends on OCI Object Storage wherever the application is running. Therefore, provisioning of storage buckets should be part of your k8s deployment process for the application.

 Which should you leverage to to meet this requirement? (Choose the best answer.)

A. OCI Service Broker for k8s.

52.

ou are implementing logging in your services that will be running in OKE.

 Which statement describes the appropriate logging approach? (Choose the best answer.)

C. All services log to standard output only.

53.

Which concept is NOT related to Oracle Cloud  Infrastructure Resource Manager? (Choose the best answer)

C. Queue

54.

Your organization uses a federated identity provider to login your Oracle Cloud Infrastructure (OCI) environment. As a developer, you are writing a script to automate some operation and want to use OCI CLI to do that. Your security team doesn’t allow storing private keys on local machines.

 How can you authenticate with OCI CLI? (Choose the best answer)

C. Run oci session authenticate and provide your credentials.

55.

You are developing a serverless application with Oracle Functions. You have created a function in compartment named prod. When you try to invoke your function you the following error:

 

-----------------------------------------------------------

Error invoking function. status: 502 message: dhcp options

ocid1.dhcpoptions.oc1.iad.aaaaaaaaanprvvpxpsxlabcgdg dose not

exist or Oracle Functions is not authorized to use it

-----------------------------------------------------------

How can you resolve this error? (Choose the best answer.)

C. Create a policy: Allow service FaaS to use virtual-network-family in compartment prod

56.

Which one of the statements describes a service aggregator pattern? (Choose the best answer.)

B. it involves implementing a separate service that makes multiple calls to other backend services.

57.

Which two handle Oracle Functions authentication automatically? (Choose two)

C. Oracle Cloud Infrastructure CLI

E. Fn Project CLI

58.

You have written a Node.js function and deployed it to Oracle Functions. Next, you need to call this function from a microservice written in Java deployed on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes(OKE).

 Which can help you to achieve this? (Choose the best answer)

D. Use the OCI Java SDK to invoke the function from the microservice.

59.

How do you perform a rolling update in Kubernetes? (Choose the best answer)

D. kubectl rolling-update <deployment-name> –image=image:v2

60.

In the sample Kubernetes manifest file below, what annotations should you add to create a private load balancer in OKE? (Choose the best answer).

 

-------------------------

apiVersion: v1

kind: Service

metadate:

  name: my-nginx-svc

  labels:

    app:nginx

  annotations:

    <Fill in>

Spec:

  type: LoadBalancer

  ports:

    -port:80

  selector:

    app:nginx

-------------------------

D. service.beta.kubernetes.io/oci-load-balancer-internal: ”ture” service.beta.kubernetes.io/oci-load-balancer-subnet1: “ocid1.subnet.oc1..aaaaa….vdfw”

61.

You have created a repository in OCI Registry in the us-ashburn-1 (iad) region in your tenancy with a namespace called “heyoci”.

 Which three are valid tags for an image named “myapp”? (Choose three)

A. iad.ocir.io/heyoci/myproject/myapp:0.0.1

F. iad.ocir.io/heyoci/myapp:0.0.2-beta

G. iad.ocir.io/heyoci/myapp:latest

62.

You are developing a serverless application with Oracle Functions. Your function needs to store state in a database. Your corporate security standards mandate encryption of secret information like database passwords.

 As a function developer, which approach should you follow to satisfy this security requirement? (Choose the best answer)

C. Encrypt the password using Oracle Cloud Infrastructure Key Management. Decrypt this password in your function code with the generated key.

63.

You are working on a cloud native e-commerce application on Oracle Cloud Infrastructure (OCI). Your application architecture has multiple OCI services, including Oracle Functions.

 You need to trigger these functions directly from other OCI services, without having to run custom code.

 Which OCI service “cannot” trigger your functions directly? (Choose the best answer.)

B. OCI Registry

64.

Which two statements are true for serverless computing and serverless architectures? (Choose Two)

D. Serverless function execution is fully managed by a third party.

E. Applications running on a FaaS(Functions as a Service) platform.

65.

What is the minimum amount of storage that a persistent volume claim can obtain in Oracle Cloud Infrastructure Container Engine for Kubernetes(OKE)? (Choose the best answer)

A. 50GB

66.

You need to execute a script on a remote instance through OCI Resource Manager. Which option can you use? (Choose the best answer.)

D. Use remote-exec

67.

You are consumer of Oracle Cloud Infrastructure (OCI) Streaming service.

 Which API should you use to read and process the stream? (Choose the best answer.)

B. GetMessages

68.

Which Oracle Cloud Infrastructure (OCI) load balancer shape is used by default in OCI Container Engine for Kubernetes? (Choose the best answer)

D. 100 Mbps

69.

Which two statements are true for service choreography? (Choose Two)

B. Service involved in choreography communicate through messages/messaging system.

E. Decision logic in service choreography is distributed.

70.

Which testing approaches is a must for achieving high velocity of deployments and releases of cloud-native applications? (Choose the best answer)

A. integration testing

B. A/B testing

C. Automated testing

71.

As a cloud-native developer, you have written a web service for your company. You have used OCI API Gateway service to expose the HTTP backend. However, your security team has suggested that you web service should handle Distributed Denial-of-Service (DDoS) attack. You are time constrained and you need to make sure that this is implemented as soon as possible.

 What should you do in this scenario? (Choose the best answer)

C. Use OCI API Gateway service and configure rate limiting.

72.

A leading insurance firm is hosting its customer portal in Oracle Cloud Infrastructure(OCI) Container Engine for Kubernetes with an OCI Autonomous Database.

 Their support team discovered a lot of SQL injection attempts and cross-site scripting attacks to the portal, which is starting to affect the production environment.

 What should they implement to mitigate this attack? (Choose the best answer.)

D. Web Application Firewall

73.

A programmer is developing a Node.js application which will run in a Linux server on their on-premises data center. This application will access various OCI services using OCI SDKs. What is the secure way to access OCI service with Identity and Access Management (IAM)? (Choose the best answer)

C. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, generate the keypair used for signing API requests and upload the public key to the IAM user.

74.

Which header is NOT required when signing GET requests to OCI APIs? (Choose the best answer)

C. content-type

75.

Which two are characteristics of microservices? (Choose two)

B. Microservices can be independently deployed.

E. Microservices communicate over lightweight APIs.

76.

You encounter an unexpected error when invoking the Oracle Function named “myfunction” in application “myapp”. Which can you use to get more information on the error? (Choose the best answer)

B. DEBUG=1 fn invoke myapp myfunction

77.

Identify the two correct statements for deleting a docker image from OCIR? (Choose all correct answers)

C. You can use OCI CLI to perform the delete.

D. There is time limit to undelete the image.

78.

Identify three correct statements when configuring API gateway in OCI? (Choose all correct answers)

A. VCN must exists before creating an API gateway.

B. API gateway instances can run on separate Availability domain.

D. API gateway instances can run on separate Fault domains

79.

What two statements are true when you upgrade the OKE cluster with a new version? (Choose all correct answers)

A. The worker nodes are upgraded by the customer.

B. The Control plane is updated by Oracle.

80.

Identify the correct statement after you edit the configuration of a Node Pool in OKE cluster?

C. The configuration changes only effects new nodes created after edit.

81.

Which three can be used to push docker images to OCIR? (Choose all correct answers)

A. Docker CLI

C. Docker v2 API

D. Oracle Functions Service

82.

On which two options is Oracle Cloud Infrastructure Budget set? (Choose Two)

B. Compartments

C. Cost-tracking tags

83.

You have created a new compartment “apps” to host some production apps and you have created an apps_group and added users to it.

 What would you do ensure the users access to the apps compartment?

C. Add an IAM Policy for apps_group granting access to the apps compartment

84.

What would you use to form OCI Identity and Access Management to govern resources in a tenancy?

D. Policies

85.

You want to make API calls against other OCI Services from your instance without configuring user credentials. How would you achieve this?

A. Create Dynamic Groups and add a policy

86.

Which components are part of OCI Identity and Access Management service? (choose three)

C. Users

D. Policies

E. Dynamic Groups

87.

You want to aggregate, search, and monitor all log data from your applications and system infrastructure.

 Which service would you use for this?

A. Logging Analytics

88.

Which types of logs are used by the Logging service? (Choose three)

A. Custom Logs

D. Service Logs

F. Audit Logs

89.

You want to reduce millions of log entries into a small set of log signatures to make it easy to review.

 By using which would you achieve this?

B. Logging Analytics

90.

You want to set up an alarm for CPU usage and disk read for a compute instance, so that you can determine when to launch new instances to handle increased load.

 Which service would you use?

E. Monitoring

91.

Which statements are true about the Logging service? (Choose Two)

C. Single pane of glass for all the logs in a tenancy

D. Analyze critical diagnostic information that describes how resources are performing and being accessed.