Oracle Oracle Certifications 1Z0-1084-22 Questions & Answers

• Question 21:

  You are developing a serverless application with Oracle Functions. You have created a function in compartment named prod. When you try to invoke your function you get the following error. Error invoking function. status: 502 message: dhcp options ocid1.dhcpoptions.oc1.phx.aaaaaaaac... does not exist or Oracle Functions is not authorized to use it How can you resolve this error?

  A. Create a policy:Allow function-family to use virtual-network-family in compartment prod

  B. Create a policy:Allow any-user to manage function-family and virtual-network-family in compartment prod

  C. Create a policy:Allow service FaaS to use virtual-network-family in compartment prod

  D. Deleting the function and redeploying it will fix the problem

  Correct Answer: C

  Invoking a function returns a FunctionInvokeSubnetNotAvailable message and a 502 error (due to a DHCP Options issue)

  When you invoke a function that you've deployed to Oracle Functions, you might see the following error message:

  {"code":"FunctionInvokeSubnetNotAvailable","message":"dhcp options ocid1.dhcpoptions........ does not exist or Oracle Functions is not authorized to use it"}

  Fn: Error invoking function. status: 502 message: dhcp options ocid1.dhcpoptions........ does not exist or Oracle Functions is not authorized to use it If you see this error:

  Double-check that a policy has been created to give Oracle Functions access to network resources.

  Service Access to Network Resources

  When Oracle Functions users create a function or application, they have to specify a VCN and a subnet in which to create them. To enable the Oracle Functions service to create the function or application in the specified VCN and subnet,

  you must create an identity policy to grant the Oracle Functions service access to the compartment to which the network resources belong. To create a policy to give the Oracle Functions service access to network resources:

  Log in to the Console as a tenancy administrator.

  Create a new policy in the root compartment:

  Open the navigation menu. Under Governance and Administration, go to Identity and click Policies. Follow the instructions in To create a policy, and give the policy a name (for example, functions- service-network-access).

  Specify a policy statement to give the Oracle Functions service access to the network resources in the compartment:

  Allow service FaaS to use virtual-network-family in compartment For example:

  Allow service FaaS to use virtual-network-family in compartment acme-network Click Create.

  Double-check that the set of DHCP Options in the VCN specified for the application still exists.

• Question 22:

  Which two are characteristics of microservices?

  A. Microservices are hard to test in isolation.

  B. Microservices can be independently deployed.

  C. All microservices share a data store.

  D. Microservices can be implemented in limited number of programming languages.

  E. Microservices communicate over lightweight APIs.

  Correct Answer: BE

  https://www.techjini.com/blog/microservices/

• Question 23:

  What is the minimum of storage that a persistent volume claim can obtain in Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE)?

  A. 50 GB

  B. 10 GB

  C. 1 GB

  D. 1 TB

  Correct Answer: A

  The minimum amount of persistent storage that a PVC can request is 50 gigabytes. If the request is for less than 50 gigabytes, the request is rounded up to 50 gigabytes. https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengcreatingpersistentvolumeclaim.htm

• Question 24:

  Which header is NOT required when signing GET requests to Oracle Cloud Infrastructure APIs?

  A. date or x-date

  B. (request-target)

  C. content-type

  D. host

  Correct Answer: C

  For GET and DELETE requests (when there's no content in the request body), the signing string must include at least these headers: (request-target) (as described in draft-cavage-http-signatures-08) host date or x-date (if both are included, Oracle uses x-date)

  https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm

• Question 25:

  Your organization uses a federated identity provider to login to your Oracle Cloud Infrastructure (OCI) environment. As a developer, you are writing a script to automate some operation and want to use OCI CLI to do that. Your security team

  doesn't allow storing private keys on local machines.

  How can you authenticate with OCI CLI?

  A. Run oci setup keys and provide your credentials

  B. Run oci session refresh --profile

  C. Run oci session authenticate and provide your credentials

  D. Run oci setup oci-cli-rc --file path/to/target/file

  Correct Answer: C

  Token-based authentication for the CLI allows customers to authenticate their session interactively, then use the CLI for a single session without an API signing key. This enables customers using an identity provider that is not SCIM-

  supported to use a federated user account with the CLI and SDKs.

  Starting a Token-based CLI Session

  To use token-based authentication for the CLI on a computer with a web browser:

  In the CLI, run the following command. This will launch a web browser.

  oci session authenticate

  In the browser, enter your user credentials. This authentication information is saved to the .config file.

• Question 26:

  Which two statements are true for serverless computing and serverless architectures?

  A. Long running tasks are perfectly suited for serverless

  B. Serverless function state should never be stored externally

  C. Application DevOps team is responsible for scaling

  D. Serverless function execution is fully managed by a third party

  E. Applications running on a FaaS (Functions as a Service) platform

  Correct Answer: BE

  Oracle Functions is a fully managed, multi-tenant, highly scalable, on-demand, Functions-as-a- Service platform. It is built on enterprise-grade Oracle Cloud Infrastructure and powered by the Fn Project open source engine. Use Oracle Functions (sometimes abbreviated to just Functions) when you want to focus on writing code to meet business needs. The serverless and elastic architecture of Oracle Functions means there's no infrastructure administration or software administration for you to perform. You don't provision or maintain compute instances, and operating system software patches and upgrades are applied automatically. Oracle Functions simply ensures your app is highly-available, scalable, secure, and monitored Applications built with a serverless infrastructure will scale automatically as the user base grows or usage increases. If a function needs to be run in multiple instances, the vendor's servers will start up, run, and end them as they are needed. Oracle Functions is based on Fn Project. Fn Project is an open source, container native, serverless platform that can be run anywhere - any cloud or on-premises. Serverless architectures are not built for long-running processes. This limits the kinds of applications that can cost-effectively run in a serverless architecture. Because serverless providers charge for the amount of time code is running, it may cost more to run an application with long-running processes in a serverless infrastructure compared to a traditional one.

  https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsconcepts.htm https://www.cloudflare.com/learning/serverless/why-use-serverless/

• Question 27:

  You are deploying an API via Oracle Cloud Infrastructure (OCI) API Gateway and you want to implement request policies to control access Which is NOT available in OCI API Gateway?

  A. Limiting the number of requests sent to backend services

  B. Enabling CORS (Cross-Origin Resource Sharing) support

  C. Providing authentication and authorization

  D. Controlling access to OCI resources

  Correct Answer: D

  In the API Gateway service, there are two types of policy:

  -

  a request policy describes actions to be performed on an incoming request from a caller before it is sent to a back end

  -

  a response policy describes actions to be performed on a response returned from a back end before it is sent to a caller

  You can use request policies to:

  -limit the number of requests sent to back-end services

  -enable CORS (Cross-Origin Resource Sharing) support

  -provide authentication and authorization

• Question 28:

  Given a service deployed on Oracle Cloud infrastructure Container Engine for Kubernetes (OKE), which annotation should you add in the sample manifest file to specify a 400 Mbps load balancer?

  

  A. service.beta, kubernetes. lo/oci-load-balancer-kind: 400Mbps

  B. service, beta, kubernetes. lo/oci-load-balancer-value: 4 00Mbps

  C. service . beta. kubernetes . lo/oci-load-balancer-shape: 400Mbps

  D. service . beta . kubernetes . lo/oci-load-balancer-size: 400Mbps

  Correct Answer: C

  The shape of an Oracle Cloud Infrastructure load balancer specifies its maximum total bandwidth (that is, ingress plus egress). By default, load balancers are created with a shape of 100Mbps. Other shapes are available, including 400Mbps

  and 8000Mbps.

  To specify an alternative shape for a load balancer, add the following annotation in the metadata section of the manifest file:

  service.beta.kubernetes.io/oci-load-balancer-shape: where value is the bandwidth of the shape (for example, 100Mbps, 400Mbps, 8000Mbps).

  For example:

  apiVersion: v1

  kind: Service

  metadata:

  name: my-nginx-svc

  labels:

  app: nginx

  annotations:

  service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps spec:

  type: LoadBalancer

  ports:

  -port: 80 selector: app: nginx https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md

• Question 29:

  You have a containerized app that requires an Autonomous Transaction Processing (ATP) Database. Which option is not valid for o from a container in Kubernetes?

  A. Enable Oracle REST Data Services for the required schemas and connect via HTTPS.

  B. Create a Kubernetes secret with contents from the instance Wallet files. Use this secret to create a volume mounted to the appropriate path in the application deployment manifest.

  C. Use Kubernetes secrets to configure environment variables on the container with ATP instance OCID, and OCI API credentials. Then use the CreateConnection API endpoint from the service runtime.

  D. Install the Oracle Cloud Infrastructure Service Broker on the Kubernetes cluster and deploy serviceinstance and serviceBinding resources for ATP. Then use the specified binding name as a volume in the application deployment manifest.

  Correct Answer: A

  https://blogs.oracle.com/developers/creating-an-atp-instance-with-the-oci-service-broker https://blogs.oracle.com/cloud-infrastructure/integrating-oci-service-broker-with-autonomous- transaction-processing-in-the-real-world

• Question 30:

  A programmer Is developing a Node is application which will run in a Linux server on their on-premises data center. This application will access various Oracle Cloud Infrastructure (OC1) services using OCI SDKs. What is the secure way to access OCI services with OCI Identity and Access Management (JAM)?

  A. Create a new OCI IAM user associated with a dynamic group and a policy that grants the desired permissions to OCI services. Add the on-premises Linux server in the dynamic group.

  B. Create an OCI IAM policy with the appropriate permissions to access the required OCI services and assign the policy to the on-premises Linux server.

  C. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, generate the keypair used for signing API requests and upload the public key to the IAM user.

  D. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, add the user name and password to a file used by Node.js authentication.

  Correct Answer: C

  Before using Oracle Functions, you have to set up an Oracle Cloud Infrastructure API signing key. The instructions in this topic assume:

  -

  you are using Linux

  -

  you are following Oracle's recommendation to provide a passphrase to encrypt the private key For more Detials Set up an Oracle Cloud Infrastructure API Signing Key for Use with Oracle Functions

  https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionssetupapikey.htm