You are working on a cloud native e-commerce application on Oracle Cloud Infrastructure (OCI). Your application architecture has multiple OCI services, including Oracle Functions. You need to trigger these functions directly from other OCI services, without having to run custom code. Which OCI service cannot trigger your functions directly?
A. OCI Events Service
B. OCI Registry
C. OCI API Gateway
D. Oracle Integration
Correct Answer: B
Oracle Functions is a fully managed, multi-tenant, highly scalable, on-demand, Functions-as-a- Service platform. It is built on enterprise-grade Oracle Cloud Infrastructure and powered by the Fn Project open source engine. Use Oracle Functions (sometimes abbreviated to just Functions) when you want to focus on writing code to meet business needs. The serverless and elastic architecture of Oracle Functions means there's no infrastructure administration or software administration for you to perform. You don't provision or maintain compute instances, and operating system software patches and upgrades are applied automatically. Oracle Functions simply ensures your app is highly-available, scalable, secure, and monitored. With Oracle Functions, you can write code in Java, Python, Node, Go, and Ruby (and for advanced use cases, bring your own Dockerfile, and Graal VM).
You can invoke a function that you've deployed to Oracle Functions from:
-
The Fn Project CLI.
-
The Oracle Cloud Infrastructure SDKs.
-
Signed HTTP requests to the function's invoke endpoint. Every function has an invoke endpoint.
-
Other Oracle Cloud services (for example, triggered by an event in the Events service) or from external services. so You can then deploy your code, call it directly or trigger it in response to events, and get billed only for the resources consumed during the execution. Below are the oracle services that can trigger Oracle functions -Events Service -Notification Service -API Gateway Service -Oracle Integration service(using OCI Signature Version 1 security policy) so OCI Registry services cannot trigger your functions directly
Question 32:
Which concept is NOT related to Oracle Cloud Infrastructure Resource Manager?
A. Job
B. Stack
C. Queue
D. Plan
Correct Answer: C
https://docs.cloud.oracle.com/en-us/iaas/Content/ResourceManager/Concepts/resourcemanager.htm Following are brief descriptions of key concepts and the main components of Resource Manager. CONFIGURATION Information to codify your infrastructure. A Terraform configuration can be either a solution or a file that you write and upload. JOB Instructions to perform the actions defined in your configuration. Only one job at a time can run on a given stack; further, you can have only one set of Oracle Cloud Infrastructure resources on a given stack. To provision a different set of resources, you must create a separate stack and use a different configuration. Resource Manager provides the following job types: Plan: Parses your Terraform configuration and creates an execution plan for the associated stack. The execution plan lists the sequence of specific actions planned to provision your Oracle Cloud Infrastructure resources. The execution plan is handed off to the apply job, which then executes the instructions. Apply. Applies the execution plan to the associated stack to create (or modify) your Oracle Cloud Infrastructure resources. Depending on the number and type of resources specified, a given apply job can take some time. You can check status while the job runs. Destroy. Releases resources associated with a stack. Released resources are not deleted. For example, terminates a Compute instance controlled by a stack. The stack's job history and state remain after running a destroy job. You can monitor the status and review the results of a destroy job by inspecting the stack's log files. Import State. Sets the provided Terraform state file as the current state of the stack. Use this job to migrate local Terraform environments to Resource Manager. STACK The collection of Oracle Cloud Infrastructure resources corresponding to a given Terraform configuration. Each stack resides in the compartment you specify, in a single region; however, resources on a given stack can be deployed across multiple regions. An OCID is assigned to each stack.
Question 33:
You are building a container image and pushing it to the Oracle Cloud Infrastructure Registry (OCIR). You
need to make sure that these get deleted from the repository.
Which action should you take?
A. Create a group and assign a policy to perform lifecycle operations on images.
B. Set global policy of image retention to "Retain All Images".
C. In your compartment, write a policy to limit access to the specific repository.
D. Edit the tenancy global retention policy.
Correct Answer: D
Deleting an Image When you no longer need an old image or you simply want to clean up the list of image tags in a repository, you can delete images from Oracle Cloud Infrastructure Registry. Your permissions control the images in Oracle Cloud Infrastructure Registry that you can delete. You can delete images from repositories you've created, and from repositories that the groups to which you belong have been granted access by identity policies. If you belong to the Administrators group, you can delete images from any repository in the tenancy. Note that as well deleting individual images , you can set up image retention policies to delete images automatically based on selection criteria you specify (see Retaining and Deleting Images Using Retention Policies). Note: In each region in a tenancy, there's a global image retention policy. The global image retention policy's default selection criteria retain all images so that no images are automatically deleted.
However, you can change the global image retention policy so that images are deleted if they meet the criteria you specify. A region's global image retention policy applies to all repositories in the region, unless it is explicitly overridden by one or more custom image retention policies. You can set up custom image retention policies to override the global image retention policy with different criteria for specific repositories in a region. Having created a custom image retention policy, you apply the custom retention policy to a repository by adding the repository to the policy. The global image retention policy no longer applies to repositories that you add to a custom retention policy.
Question 34:
Which two are required to enable Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster access from the kubect1 CLI?
A. An SSH key pair with the public key added to cluster worker nodes
B. Install and configure the OCI CLI
C. OCI Identity and Access Management Auth Token
D. Tiller enabled on the OKE cluster
E. A configured OCI API signing key pair
Correct Answer: BE
Setting Up Local Access to Clusters To set up a kubeconfig file to enable access to a cluster using a local installation of kubectl and the Kubernetes Dashboard: Step 1: Generate an API signing key pair Step 2: Upload the public key of the API signing key pair Step 3: Install and configure the Oracle Cloud Infrastructure CLI Step 4: Set up the kubeconfig file Step 5: Verify that kubectl can access the cluster
Question 35:
A service you are deploying to Oracle infrastructure (OCI) Container En9ine for Kubernetes (OKE) uses a docker image from a private repository Which configuration is necessary to provide access to this repository from OKE?
A. Add a generic secret on the cluster containing your identity credentials. Then specify a registrycredentials property in the deployment manifest.
B. Create a docker-registry secret for OCIR with API key credentials on the cluster, and specify the imagepullsecret property in the application deployment manifest.
C. Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the image pull secret property in the application deployment manifest.
D. Create a dynamic group for nodes in the cluster, and a policy that allows the dynamic group to read repositories in the same compartment.
Correct Answer: C
Pulling Images from Registry during Deployment During the deployment of an application to a Kubernetes cluster, you'll typically want one or more images to be pulled from a Docker registry. In the application's manifest file you specify the images to pull, the registry to pull them from, and the credentials to use when pulling the images. The manifest file is commonly also referred to as a pod spec, or as a deployment.yaml file (although other filenames are allowed). If you want the application to pull images that reside in Oracle Cloud Infrastructure Registry, you have to perform two steps:
-
You have to use kubectl to create a Docker registry secret. The secret contains the Oracle Cloud Infrastructure credentials to use when pulling the image. When creating secrets, Oracle strongly
recommends you use the latest version of kubectl To create a Docker registry secret: 1- If you haven't already done so, follow the steps to set up the cluster's kubeconfig configuration file and (if necessary) set the KUBECONFIG environment variable to point to the file. Note that you must set up your own kubeconfig file. You cannot access a cluster using a kubeconfig file that a different user set up. 2- In a terminal window, enter: $ kubectl create secret docker-registry --docker-server=.ocir.io --dockerusername='/' --docker-password='' --dockeremail='' where: is a name of your choice, that you will use in the manifest file to refer to the secret . For example, ocirsecret is the key for the Oracle Cloud Infrastructure Registry region you're using. For example, iad. See Availability by Region. ocir.io is the Oracle Cloud Infrastructure Registry name. is the auto-generated Object Storage namespace string of the tenancy containing the repository from which the application is to pull the image (as shown on the Tenancy Information page). For example, the namespace of the acme-dev tenancy might be ansh81vru1zp. Note that for some older tenancies, the namespace string might be the same as the tenancy name in all lower-case letters (for example, acmedev). is the username to use when pulling the image. The username must have access to the tenancy specified by . For example, [email protected] . If your tenancy is federated with Oracle Identity Cloud Service, use the format oracleidentitycloudservice/ is the auth token of the user specified by . For example, k]j64r{1sJSSF-;)K8 is an email address. An email address is required, but it doesn't matter what you specify. For example, [email protected]
-
You have to specify the image to pull from Oracle Cloud Infrastructure Registry, including the repository location and the Docker registry secret to use, in the application's manifest file.
Question 36:
A leading insurance firm is hosting its customer portal in Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes with an OCI Autonomous Database. Their support team discovered a lot of SQL injection attempts and cross-site scripting attacks to the portal, which is starting to affect the production environment. What should they implement to mitigate this attack?
A. Network Security Lists
B. Network Security Groups
C. Network Security Firewall
D. Web Application Firewall
Correct Answer: D
Oracle Cloud Infrastructure Web Application Firewall (WAF) is a cloud-based, Payment Card Industry (PCI) compliant, global security service that protects applications from malicious and unwanted internet traffic. WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications. WAF provides you with the ability to create and manage rules for internet threats including Cross- Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter. Access rules can limit based on geography or the signature of the request.
Question 37:
You are developing a serverless application with Oracle Functions. Your function needs to store state in a database. Your corporate security Standards mandate encryption of secret information like database
passwords.
As a function developer, which approach should you follow to satisfy this security requirement?
A. Use the Oracle Cloud Infrastructure Console and enter the password in the function configuration section in the provided input field.
B. Use Oracle Cloud Infrastructure Key Management to auto-encrypt the password. It will inject the auto-decrypted password inside your function container.
C. Encrypt the password using Oracle Cloud Infrastructure Key Management. Decrypt this password in your function code with the generated key.
D. All function configuration variables are automatically encrypted by Oracle Functions.
Correct Answer: A
Passing Custom Configuration Parameters to Functions he code in functions you deploy to Oracle Functions will typically require values for different parameters. Some pre-defined parameters are available to your functions as environment variables. But you'll often want your functions to use parameters that you've defined yourself. For example, you might create a function that reads from and writes to a database. The function will require a database connect string, comprising a username, password, and hostname. You'll probably want to define username, password, and hostname as parameters that are passed to the function when it's invoked. Using the Console To specify custom configuration parameters to pass to functions using the Console: Log in to the Console as a functions developer. In the Console, open the navigation menu. Under Solutions and Platform, go to Developer Services and click Functions. Select the region you are using with Oracle Functions. Oracle recommends that you use the same region as the Docker registry that's specified in the Fn Project CLI context (see 6. Create an Fn Project CLI Context to Connect to Oracle Cloud Infrastructure). Select the compartment specified in the Fn Project CLI context (see 6. Create an Fn Project CLI Context to Connect to Oracle Cloud Infrastructure). The Applications page shows the applications defined in the compartment. Click the name of the application containing functions to which you want to pass custom configuration parameters: To pass one or more custom configuration parameters to every function in the application, click Configuration to see the Configuration section for the application. To pass one or more custom configuration parameters to a particular function, click the function's name to see the Configuration section for the function. In the Configuration section, specify details for the first custom configuration parameter: Key: The name of the custom configuration parameter. The name must only contain alphanumeric characters and underscores, and must not start with a number. For example, username Value: A value for the custom configuration parameter. The value must only contain printable unicode characters. For example, jdoe Click the plus button to save the new custom configuration parameter. Oracle Functions combines the key-value pairs for all the custom configuration parameters (both application-wide and function-specific) in the application into a single, serially-encoded configuration object with a maximum allowable size of 4Kb. You cannot save the new custom configuration parameter if the size of the serially-encoded configuration object would be greater than 4Kb. (Optional) Enter additional custom configuration parameters as required.
Question 38:
How can you find details of the tolerations field for the sample YAML file below?
A. kubectl list pod.spec.tolerations
B. kubectl explain pod.spec.tolerations
C. kubectl describe pod.spec tolerations
D. kubectl get pod.spec.tolerations
Correct Answer: B
kubectl explain to List the fields for supported resources
You are implementing logging in your services that will be running in Oracle Cloud Infrastructure Container Engine for Kubernetes. Which statement describes the appropriate logging approach?
A. Each service logs to its own log file.
B. All services log to an external logging system.
C. All services log to standard output only.
D. All services log to a shared log file.
Correct Answer: C
Application and systems logs can help you understand what is happening inside your cluster. The logs are particularly useful for debugging problems and monitoring cluster activity. Most modern applications have some kind of logging mechanism; as such, most container engines are likewise designed to support some kind of logging. The easiest and most embraced logging method for containerized applications is to write to the standard output and standard error streams.
You are using Oracle Cloud Infrastructure (0CI) Resource Manager to manage your infrastructure lifecycle and wish to receive an email each time a Terraform action begins. How should you use the OCI Events service to do this without writing any code?
A. Create an OCI Notifications topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Stack - Update" condition, and select the notification topic for the corresponding action.
B. Create an OCI Notification topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager job - Create" condition, and select the notification topic for the corresponding action.
C. Create a rule in OCI Events service matching the "Resource Manager Stack - Update" condition.Then select "Action Type: Email" and provide the destination email address.
D. Create an OCI Email Delivery configuration with the destination email address. Then create an OCI Events rule matching "Resource Manager Job - Create" condition, and select the email configuration for the corresponding action.
Correct Answer: B
1.
Create Notifications Topic and Subscription If a suitable Notifications topic doesn't already exist, then you must log in to the Console as a tenancy administrator and create it. Whether you use an existing topic or create a new one, add an email address as a subscription so that you can monitor that email account for notifications
2.
Using the Console to Create a Rule Use the Console to create a rule with a pattern that matches bucket creation events emitted by Object Storage. Specify the Notifications topic you created as an action to deliver matching events. To test your rule, create a bucket. Object Storage emits an event which triggers the action. Check the email specified in the subscription to receive your notification
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Oracle exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 1Z0-1084-20 exam preparations and Oracle certification application, do not hesitate to visit our Vcedump.com to find your solutions here.
