1z0-1084-22問題集75問でOracle Cloud Infrastructureを確実実践
リアル最新1z0-1084-22試験問題1z0-1084-22問題集
質問 # 29
You have been asked to create a stateful application deployed in Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) that requires all of your worker nodes to mount and write data to persistent volumes.
Which two OCI storage services should you use?
- A. Use OCI Block Volume backed persistent volume.
- B. Use GlusterFS as persistent volume.
- C. Use OCI Object Storage as persistent volume.
- D. Use open source storage solutions on top of OCI.
- E. Use OCI File Services as persistent volume.
正解:A、E
解説:
A PersistentVolume (PV) is a piece of storage in the cluster that has been provisioned by an administrator. PVs are volume plugins like Volumes, but have a lifecycle independent of any individual Pod that uses the PV.
A PersistentVolumeClaim (PVC) is a request for storage by a user. It is similar to a Pod. Pods consume node resources and PVCs consume PV resources.
If you intend to create Kubernetes persistent volumes, sufficient block volume quota must be available in each availability domain to meet the persistent volume claim. Persistent volume claims must request a minimum of 50 gigabytes You can define and apply a persistent volume claim to your cluster, which in turn creates a persistent volume that's bound to the claim. A claim is a block storage volume in the underlying IaaS provider that's durable and offers persistent storage, enabling your data to remain intact, regardless of whether the containers that the storage is connected to are terminated.
With Oracle Cloud Infrastructure as the underlying IaaS provider, you can provision persistent volume claims by attaching volumes from the Block Storage service.

https://oracle.github.io/weblogic-kubernetes-operator/faq/oci-fss-pv/
https://kubernetes.io/docs/concepts/storage/persistent-volumes/
質問 # 30
A developer using Oracle Cloud Infrastructure (OCI) API Gateway must authenticate the API requests to their web application. The authentication process must be implemented using a custom scheme which accepts string parameters from the API caller. Which method can the developer use In this scenario?
- A. Create a cross account functions authorizer.
- B. Create an authorizer function using OCI Identity and Access Management based authentication
- C. Create an authorizer function using request header authorization.
- D. Create an authorizer function using token-based authorization.
正解:C
解説:
Using Authorizer Functions to Add Authentication and Authorization to API Deployments:
You can control access to APIs you deploy to API gateways using an 'authorizer function' (as described in this topic), or using JWTs (as described in Using JSON Web Tokens (JWTs) to Add Authentication and Authorization to API Deployments).
You can add authentication and authorization functionality to API gateways by writing an 'authorizer function' that:
1. Processes request attributes to verify the identity of a caller with an identity provider.
2.Determines the operations that the caller is allowed to perform.
3.Returns the operations the caller is allowed to perform as a list of 'access scopes' (an 'access scope' is an arbitrary string used to determine access).
Optionally returns a key-value pair for use by the API deployment. For example, as a context variable for use in an HTTP back end definition (see Adding Context Variables to Policies and HTTP Back End Definitions).
Create an authorizer function using request header authorization implemented using a custom scheme which accepts string parameters from the API caller.
Managing Input Parameters
In our case we will need to manage quite a few static parameters in our code. For example the URLs of the secrets service endpoints, the username and other constant parameterised data. We can manage these either at Application or Function level (an OCI Function is packaged in an Application which can contain multiple Functions). In this case I will create function level parameters. You can use the following command to create the parameters:
fn config function test idcs-assert idcsClientId aedc15531bc8xxxxxxxxxxbd8a193
References:
https://technology.amis.nl/2020/01/03/oracle-cloud-api-gateway-using-an-authorizer-function-for-client-secret-authorization-on-api-access/
https://docs.cloud.oracle.com/en-us/iaas/Content/APIGateway/Tasks/apigatewayusingauthorizerfunction.htm
https://www.ateam-oracle.com/how-to-implement-an-oci-api-gateway-authorization-fn-in-nodejs-that-accesses-oci-resources
質問 # 31
Per CAP theorem, in which scenario do you NOT need to make any trade-off between the guarantees?
- A. when the system is running on-premise
- B. when the system is running in the cloud
- C. when there are no network partitions
- D. when you are using load balancers
正解:C
解説:
(1) CAP THEOREM
"CONSISTENCY, AVAILABILITY and PARTITION TOLERANCE are the features that we want in our distributed system together" Of three properties of shared-data systems (Consistency, Availability and tolerance to network Partitions) only two can be achieved at any given moment in time.
(2) In a distributed system, you can have both Consistency and Availability, except when there is a Partition:
Relaxing the consistency requirements usually makes it easier to maintain availability, but the CAP theorem is not an excuse to give up strong consistency across the board. A well-designed system can balance both availability and consistency while tolerating partitions over a range of tradeoffs, where eventual consistency is just one possibility.
References:
https://blogs.oracle.com/maa/the-cap-theorem:-consistency-and-availability-except-when-partitioned
質問 # 32
What is the open source engine for Oracle Functions?
- A. OpenFaaS
- B. Apache OpenWhisk
- C. Knative
- D. Fn Project
正解:D
解説:
https://www.oracle.com/webfolder/technetwork/tutorials/FAQs/oci/Functions-FAQ.pdf Oracle Functions is a fully managed, multi-tenant, highly scalable, on-demand, Functions-as-a-Service platform. It is built on enterprise-grade Oracle Cloud Infrastructure and powered by the Fn Project open source engine. Use Oracle Functions (sometimes abbreviated to just Functions) when you want to focus on writing code to meet business needs.
質問 # 33
What is the minimum amount of storage that a persistent volume claim can obtain In Oracle Cloud Infrastructure Container Engine for Kubemetes (OKE)?
- A. 1 GB
- B. 10 GB
- C. 1 TB
- D. 50 GB
正解:D
解説:
Provisioning Persistent Volume Claims on the Block Volume Service:
Block volume quota: If you intend to create Kubernetes persistent volumes, sufficient block volume quota must be available in each availability domain to meet the persistent volume claim. Persistent volume claims must request a minimum of 50 gigabytes.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengcreatingpersistentvolumeclaim.htm
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Concepts/contengprerequisites.htm
質問 # 34
You are building a container image and pushing it to the Oracle Cloud Infrastructure Registry (OCIR). You need to make sure that these get deleted from the repository.
Which action should you take?
- A. Edit the tenancy global retention policy.
- B. Set global policy of image retention to "Retain All Images".
- C. In your compartment, write a policy to limit access to the specific repository.
- D. Create a group and assign a policy to perform lifecycle operations on images.
正解:A
解説:
Deleting an Image
When you no longer need an old image or you simply want to clean up the list of image tags in a repository, you can delete images from Oracle Cloud Infrastructure Registry.
Your permissions control the images in Oracle Cloud Infrastructure Registry that you can delete. You can delete images from repositories you've created, and from repositories that the groups to which you belong have been granted access by identity policies. If you belong to the Administrators group, you can delete images from any repository in the tenancy.
Note that as well deleting individual images , you can set up image retention policies to delete images automatically based on selection criteria you specify (see Retaining and Deleting Images Using Retention Policies).
Note:
In each region in a tenancy, there's a global image retention policy. The global image retention policy's default selection criteria retain all images so that no images are automatically deleted. However, you can change the global image retention policy so that images are deleted if they meet the criteria you specify. A region's global image retention policy applies to all repositories in the region, unless it is explicitly overridden by one or more custom image retention policies.
You can set up custom image retention policies to override the global image retention policy with different criteria for specific repositories in a region. Having created a custom image retention policy, you apply the custom retention policy to a repository by adding the repository to the policy. The global image retention policy no longer applies to repositories that you add to a custom retention policy.
https://docs.cloud.oracle.com/en-us/iaas/Content/Registry/Tasks/registrymanagingimageretention.htm#:~:text=In%20each%20region%20in%20a,meet%20the%20criteria%20you%20specify.
質問 # 35
You are processing millions of files in an Oracle Cloud Infrastructure (OCI) Object Storage bucket. Each time a new file is created, you want to send an email to the customer and create an order in a database. The solution should perform and minimize cost, Which action should you use to trigger this email?
- A. Schedule a cron job that monitors the OCI Object Storage bucket and emails the customer when a new file is created.
- B. Use OCI Events service and OCI Notification service to send an email each time a file is created.
- C. Schedule an Oracle Function that checks the OCI Object Storage bucket every minute and emails the customer when a file is found.
- D. Schedule an Oracle Function that checks the OCI Object Storage bucket every second and emails the customer when a file is found.
正解:B
解説:
Oracle Cloud Infrastructure Events enables you to create automation based on the state changes of resources throughout your tenancy. Use Events to allow your development teams to automatically respond when a resource changes its state.
Here are some examples of how you might use Events:
Send a notification to a DevOps team when a database backup completes.
Convert files of one format to another when files are uploaded to an Object Storage bucket.
You can only deliver events to certain Oracle Cloud Infrastructure services with a rule. Use the following services to create actions:
Notifications
Streaming
Functions
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Events/Concepts/eventsoverview.htm
https://docs.cloud.oracle.com/en-us/iaas/Content/Notification/Concepts/notificationoverview.htm
質問 # 36
You are working on a serverless DevSecOps application using Oracle Functions. You have deployed a Python function that uses the Oracle Cloud Infrastructure (OCI) Python SDK to stop any OC1 Compute instance that does not comply with your corporate security standards There are 3 non compliant OCI Compute instances.
However, when you invoke this function none of the instances were stopped. How should you troubleshoot this?
- A. Enable function tracing in the OCI console, and go to OCI Monitoring console to see the function stack trace.
- B. There is no way to troubleshoot a function running on Oracle Functions.
- C. Enable function remote debugging in the OCI console, and use your favorite IDE to inspect the function running on Oracle Functions.
- D. Enable function logging in the OCI console, include some print statements in your function code and use logs to troubleshoot this.
正解:D
解説:
Storing and Viewing Function Logs:
When a function you've deployed to Oracle Functions is invoked, you'll typically want to store the function's logs so that you can review them later. You specify where Oracle Functions stores a function's logs by setting a logging policy for the application containing the function.
You can specify that Oracle Functions:
Stores logs in Oracle Cloud Infrastructure. Until an Oracle Cloud Infrastructure logging service is released, Oracle Functions stores logs as files in a storage bucket in Oracle Cloud Infrastructure Object Storage.
Note that to view function logs in a storage bucket, the group to which you belong must have been granted access with the following identity policy statements:
Allow group <group-name> to manage object-family in compartment <compartment-name> Allow group <group-name> to read objectstorage-namespaces in compartment <compartment-name> (Usually created when configuring your tenancy for function development. See Create a Policy to Give Oracle Functions Users Access to Oracle Cloud Infrastructure Registry Repositories.) Stores logs by exporting them to an external logging destination like Papertrail. Note that to use an external logging destination, you must have set up a VCN with public subnets and an internet gateway (see Create the VCN and Subnets to Use with Oracle Functions, if they don't exist already).
You set application logging policies in the Console.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsexportingfunctionlogfiles.htm
質問 # 37
You are developing a distributed application and you need a call to a path to always return a specific JSON content deploy an Oracle Cloud Infrastructure API Gateway with the below API deployment specification.
What is the correct value for type?
- A. CONSTANT_BACKEND
- B. HTTP_BACKEND
- C. STOCK_RESPONSE_BACKEND
- D. JSON_BACKEND
正解:C
解説:
Adding Stock Responses as an API Gateway Back End:
You'll often want to verify that an API has been successfully deployed on an API gateway without having to set up an actual back-end service. One approach is to define a route in the API deployment specification that has a path to a 'dummy' back end. On receiving a request to that path, the API gateway itself acts as the back end and returns a stock response you've specified.
Equally, there are some situations in a production deployment where you'll want a particular path for a route to consistently return the same stock response without sending a request to a back end. For example, when you want a call to a path to always return a specific HTTP status code in the response.
Using the API Gateway service, you can define a path to a stock response back end that always returns the same:
HTTP status code
HTTP header fields (name-value pairs)
content in the body of the response
"type": "STOCK_RESPONSE_BACKEND" indicates that the API gateway itself will act as the back end and return the stock response you define (the status code, the header fields and the body content).
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/APIGateway/Tasks/apigatewayaddingstockresponses.htm
質問 # 38
With the volume of communication that can happen between different components in cloud-native applications, it is vital to not only test functionality, but also service resiliency.
Which statement is true with regards to service resiliency?
- A. A goal of resiliency is not to bring a service to a functioning state after a failure.
- B. Resiliency is about recovering from failures without downtime or data loss.
- C. Resiliency testing can be only done in a test environment.
- D. Resiliency is about avoiding failures.
正解:B
解説:
Implement resilient applications:
Resiliency is the ability to (recover) from failures and continue to function. It isn't about avoiding failures but accepting the fact that failures will happen and responding to them in a way that avoids downtime or data loss. The goal of resiliency is to return the application to a fully functioning state after a failure.
References:
https://docs.microsoft.com/en-us/dotnet/architecture/microservices/implement-resilient-applications/
質問 # 39
Which is NOT a valid option to execute a function deployed on Oracle Functions?
- A. Invoke from Oracle Cloud Infrastructure CLI
- B. Trigger by an event in Oracle Cloud Infrastructure Events service
- C. Send a signed HTTP requests to the function's invoke endpoint
- D. Invoke from Fn Project CLI
- E. Invoke from Docker CLI
正解:E
解説:
You can invoke a function that you've deployed to Oracle Functions in different ways:
Using the Fn Project CLI.
Using the Oracle Cloud Infrastructure CLI.
Using the Oracle Cloud Infrastructure SDKs.
Making a signed HTTP request to the function's invoke endpoint. Every function has an invoke endpoint.
Each of the above invokes the function via requests to the API. Any request to the API must be authenticated by including a signature and the OCID of the compartment to which the function belongs in the request header. Such a request is referred to as a 'signed' request. The signature includes Oracle Cloud Infrastructure credentials in an encrypted form.
質問 # 40
You are developing a serverless application with Oracle Functions. Your function needs to store state in a database. Your corporate security Standards mandate encryption of secret information like database passwords.
As a function developer, which approach should you follow to satisfy this security requirement?
- A. Use the Oracle Cloud Infrastructure Console and enter the password in the function configuration section in the provided input field.
- B. All function configuration variables are automatically encrypted by Oracle Functions.
- C. Encrypt the password using Oracle Cloud Infrastructure Key Management. Decrypt this password in your function code with the generated key.
- D. Use Oracle Cloud Infrastructure Key Management to auto-encrypt the password. It will inject the auto-decrypted password inside your function container.
正解:C
解説:
Oracle Functions: Using Key Management To Encrypt And Decrypt Configuration Variables Since this process involves multiple steps, I thought it would be helpful to give you an outline of the steps that we're going to take:
Create a KMS vault
Create a Master Encryption Key
Generate a Data Encryption Key (DEK) from the Master Encryption Key
Use the DEK plaintext return value to encrypt the sensitive value (offline) Store the encrypted sensitive value as a config variable in the serverless application Store the DEK ciphertext and the initVector used to encrypt the sensitive value as Function config variables Within the function, decrypt the DEK ciphertext back into plaintext using the OCID and Cryptographic Endpoint by invoking the OCI KMS SDK Decrypt the sensitive value using the decrypted DEK plaintext and the initVector

References:
https://blogs.oracle.com/developers/oracle-functions-using-key-management-to-encrypt-and-decrypt-configuration-variables
https://docs.oracle.com/en/database/other-databases/essbase/19.3/essad/encrypt-values-using-kms.html
質問 # 41
You need to execute a script on a remote instance through Oracle Cloud Infrastructure Resource Manager. Which option can you use?
- A. Use remote-exec
- B. Use /bin/sh with the full path to the location of the script to execute the script.
- C. Download the script to a local desktop and execute the script.
- D. It cannot be done.
正解:A
解説:
Using Remote Exec
With Resource Manager, you can use Terraform's remote exec functionality to execute scripts or commands on a remote computer. You can also use this technique for other provisioners that require access to the remote resource.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/ResourceManager/Tasks/usingremoteexec.htm
質問 # 42
You are developing a serverless application with Oracle Functions. You have created a function in compartment named prod. When you try to invoke your function you get the following error.
Error invoking function. status: 502 message: dhcp options ocid1.dhcpoptions.oc1.phx.aaaaaaaac... does not exist or Oracle Functions is not authorized to use it How can you resolve this error?
- A. Create a policy:
Allow service FaaS to use virtual-network-family in compartment prod - B. Create a policy:
Allow any-user to manage function-family and virtual-network-family in compartment prod - C. Create a policy:
Allow function-family to use virtual-network-family in compartment prod - D. Deleting the function and redeploying it will fix the problem
正解:A
解説:
Troubleshooting Oracle Functions:
There are common issues related to Oracle Functions and how you can address them.
Invoking a function returns a FunctionInvokeSubnetNotAvailable message and a 502 error (due to a DHCP Options issue) When you invoke a function that you've deployed to Oracle Functions, you might see the following error message:
{"code":"FunctionInvokeSubnetNotAvailable","message":"dhcp options ocid1.dhcpoptions........ does not exist or Oracle Functions is not authorized to use it"} Fn: Error invoking function. status: 502 message: dhcp options ocid1.dhcpoptions........ does not exist or Oracle Functions is not authorized to use it If you see this error:
Double-check that a policy has been created to give Oracle Functions access to network resources.
Create Policies to Control Access to Network and Function-Related Resources:
Service Access to Network Resources
When Oracle Functions users create a function or application, they have to specify a VCN and a subnet in which to create them. To enable the Oracle Functions service to create the function or application in the specified VCN and subnet, you must create an identity policy to grant the Oracle Functions service access to the compartment to which the network resources belong.
To create a policy to give the Oracle Functions service access to network resources:
Log in to the Console as a tenancy administrator.
Create a new policy in the root compartment:
Open the navigation menu. Under Governance and Administration, go to Identity and click Policies.
Follow the instructions in To create a policy, and give the policy a name (for example, functions-service-network-access).
Specify a policy statement to give the Oracle Functions service access to the network resources in the compartment:
Allow service FaaS to use virtual-network-family in compartment <compartment-name> For example:
Allow service FaaS to use virtual-network-family in compartment acme-network Click Create.
Double-check that the set of DHCP Options in the VCN specified for the application still exists.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionstroubleshooting.htm
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionscreatingpolicies.htm
質問 # 43
Which two statements accurately describe an Oracle Functions application?
- A. A Docker image containing all the functions that share the same configuration
- B. An application based on Oracle Functions, Oracle Cloud Infrastructure (OCI) Events and OCI API Gateway services
- C. A common context to store configuration variables that are available to all functions in the application
- D. A small block of code invoked in response to an Oracle Cloud Infrastructure (OCI) Events service
- E. A logical group of functions
正解:C、E
解説:
Oracle Functions Concepts:
This topic describes key concepts you need to understand when using Oracle Functions.
Applications:
In Oracle Functions, an application is:
1. a logical grouping of functions
2. a common context to store configuration variables that are available to all functions in the application
3. a way to ensure function runtime isolation
When you define an application in Oracle Functions, you specify the subnets in which to run the functions in the application. When functions from different applications are invoked simultaneously, Oracle Functions ensures these function executions are isolated from each other.
Oracle Functions shows applications and their functions in the Console.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsconcepts.htm
質問 # 44
Who is responsible for patching, upgrading and maintaining the worker nodes in Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE)?
- A. The user
- B. Oracle Support
- C. Independent Software Vendors
- D. It Is automated
正解:A
解説:
After a new version of Kubernetes has been released and when Container Engine for Kubernetes supports the new version, you can use Container Engine for Kubernetes to upgrade master nodes running older versions of Kubernetes. Because Container Engine for Kubernetes distributes the Kubernetes Control Plane on multiple Oracle-managed master nodes (distributed across different availability domains in a region where supported) to ensure high availability, you're able to upgrade the Kubernetes version running on master nodes with zero downtime.
Having upgraded master nodes to a new version of Kubernetes, you can subsequently create new node pools running the newer version. Alternatively, you can continue to create new node pools that will run older versions of Kubernetes (providing those older versions are compatible with the Kubernetes version running on the master nodes).
Note that you upgrade master nodes by performing an 'in-place' upgrade, but you upgrade worker nodes by performing an 'out-of-place' upgrade. To upgrade the version of Kubernetes running on worker nodes in a node pool, you replace the original node pool with a new node pool that has new worker nodes running the appropriate Kubernetes version. Having 'drained' existing worker nodes in the original node pool to prevent new pods starting and to delete existing pods, you can then delete the original node pool.
Upgrading the Kubernetes Version on Worker Nodes in a Cluster:
After a new version of Kubernetes has been released and when Container Engine for Kubernetes supports the new version, you can use Container Engine for Kubernetes to upgrade master nodes running older versions of Kubernetes. Because Container Engine for Kubernetes distributes the Kubernetes Control Plane on multiple Oracle-managed master nodes (distributed across different availability domains in a region where supported) to ensure high availability, you're able to upgrade the Kubernetes version running on master nodes with zero downtime.
You can upgrade the version of Kubernetes running on the worker nodes in a cluster in two ways:
(A) Perform an 'in-place' upgrade of a node pool in the cluster, by specifying a more recent Kubernetes version for new worker nodes starting in the existing node pool. First, you modify the existing node pool's properties to specify the more recent Kubernetes version. Then, you 'drain' existing worker nodes in the node pool to prevent new pods starting, and to delete existing pods. Finally, you terminate each of the worker nodes in turn. When new worker nodes are started in the existing node pool, they run the more recent Kubernetes version you specified. See Performing an In-Place Worker Node Upgrade by Updating an Existing Node Pool.
(B) Perform an 'out-of-place' upgrade of a node pool in the cluster, by replacing the original node pool with a new node pool. First, you create a new node pool with a more recent Kubernetes version. Then, you 'drain' existing worker nodes in the original node pool to prevent new pods starting, and to delete existing pods. Finally, you delete the original node pool. When new worker nodes are started in the new node pool, they run the more recent Kubernetes version you specified. See Performing an Out-of-Place Worker Node Upgrade by Replacing an Existing Node Pool with a New Node Pool.
Note that in both cases:
The more recent Kubernetes version you specify for the worker nodes in the node pool must be compatible with the Kubernetes version running on the master nodes in the cluster. See Upgrading Clusters to Newer Kubernetes Versions).
You must drain existing worker nodes in the original node pool. If you don't drain the worker nodes, workloads running on the cluster are subject to disruption.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengupgradingk8sworkernode.htm
質問 # 45
You want to push a new image in the Oracle Cloud Infrastructure (OCI) Registry. Which two actions do you need to perform?
- A. Generate an OCI tag namespace in your repository.
- B. Assign a tag via Docker CLI to the image.
- C. Assign an OCI defined tag via OCI CLI to the image.
- D. Generate an API signing key to complete the authentication via Docker CLI.
- E. Generate an auth token to complete the authentication via Docker CLI.
正解:B、E
解説:
Pushing Images Using the Docker CLI:
You use the Docker CLI to push images to Oracle Cloud Infrastructure Registry.
To push an image, you first use the docker tag command to create a copy of the local source image as a new image (the new image is actually just a reference to the existing source image). As a name for the new image, you specify the fully qualified path to the target location in Oracle Cloud Registry where you want to push the image, optionally including the name of a repository.
For example, assume you have a local image named acme-web-app:latest. Let's say you want to push this image to Oracle Cloud Infrastructure Registry with a name of acme-web-app:version2.0.test into a repository called project01 in the Ashburn region of the acme-dev tenancy. When you use the docker tag command, you'd name the new image with the fully qualified path to its destination, in the format <region-key>.ocir.io/<tenancy-namespace>/<repo-name>/<image-name>:<tag>. So in this case, you'd name the new image iad.ocir.io/ansh81vru1zp/project01/acme-web-app:version2.0.test. Subsequently, when you use the docker push command, the image's name ensures it is pushed to the correct destination.
To push images to Oracle Cloud Infrastructure Registry using the Docker CLI:
If you already have an auth token, go to the next step. Otherwise:
On the Auth Tokens page, click Generate Token.
Enter a friendly description for the auth token. Avoid entering confidential information.
Click Generate Token. The new auth token is displayed.
Copy the auth token immediately to a secure location from where you can retrieve it later, because you won't see the auth token again in the Console.
Close the Generate Token dialog.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Registry/Tasks/registrypushingimagesusingthedockercli.htm
質問 # 46
Which two are required to enable Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster access from the kubect1 CLI?
- A. Install and configure the OCI CLI
- B. A configured OCI API signing key pair
- C. OCI Identity and Access Management Auth Token
- D. An SSH key pair with the public key added to cluster worker nodes
- E. Tiller enabled on the OKE cluster
正解:A、B
解説:
Setting Up Local Access to Clusters
To set up a kubeconfig file to enable access to a cluster using a local installation of kubectl and the Kubernetes Dashboard:
Step 1: Generate an API signing key pair
Step 2: Upload the public key of the API signing key pair
Step 3: Install and configure the Oracle Cloud Infrastructure CLI
Step 4: Set up the kubeconfig file
Step 5: Verify that kubectl can access the cluster
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengdownloadkubeconfigfile.htm
質問 # 47
Which one of the statements describes a service aggregator pattern?
- A. It involves implementing a separate service that makes multiple calls to other backend services
- B. It uses a queue on both sides of the service communication
- C. It is implemented in each service separately and uses a streaming service
- D. It involves sending events through a message broker
正解:A
解説:
Service Aggregator Pattern
Another option for eliminating microservice-to-microservice coupling is an Aggregator microservice, shown in purple in Figure 4-10.
The pattern isolates an operation that makes calls to multiple back-end microservices, centralizing its logic into a specialized microservice. The purple checkout aggregator microservice in the previous figure orchestrates the workflow for the Checkout operation. It includes calls to several back-end microservices in a sequenced order. Data from the workflow is aggregated and returned to the caller. While it still implements direct HTTP calls, the aggregator microservice reduces direct dependencies among back-end microservices.
References:
https://docs.microsoft.com/en-us/dotnet/architecture/cloud-native/service-to-service-communication#:~:text=Service%20Aggregator%20Pattern&text=The%20pattern%20isolates%20an%20operation,logic%20into%20a%20specialized%20microservice.&text=While%20it%20still%20implements%20direct,dependencies%20among%20back%2Dend%20microservices.
質問 # 48
Your organization uses a federated identity provider to login to your Oracle Cloud Infrastructure (OCI) environment. As a developer, you are writing a script to automate some operation and want to use OCI CLI to do that. Your security team doesn't allow storing private keys on local machines.
How can you authenticate with OCI CLI?
- A. Run oci setup keys and provide your credentials
- B. Run oci session refresh -profile <profile_name>
- C. Run oci setup oci-cli-rc -file path/to/target/file
- D. Run oci session authenticate and provide your credentials
正解:D
解説:
Token-based authentication for the CLI:
Token-based authentication for the CLI allows customers to authenticate their session interactively, then use the CLI for a single session without an API signing key. This enables customers using an identity provider that is not SCIM-supported to use a federated user account with the CLI and SDKs.
Starting a Token-based CLI Session
To use token-based authentication for the CLI on a computer with a web browser:
1. In the CLI, run the following command. This will launch a web browser.
oci session authenticate
2. In the browser, enter your user credentials. This authentication information is saved to the .config file.
Validating a Token
To verify that a token is valid, run the following command:
oci session validate --config-file <path_to_config_file> --profile <profile_name> --auth security_token You should receive a message showing the expiration date for the session. If you receive an error, check your profile settings.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/API/SDKDocs/clitoken.htm
質問 # 49
......
Oracleの1z0-1084-22試験は、Oracle Cloud Infrastructureプラットフォームでの開発のスキルと知識を示したいプロフェッショナル向けに設計されています。この試験はOracleの認定プログラムの一部であり、クラウドコンピューティング、プログラミング言語、ソフトウェア開発に経験がある個人を対象にしています。試験は、クラウドインフラストラクチャサービス、アプリケーション開発、セキュリティ、トラブルシューティングなど、様々なトピックをカバーしています。
試験は、クラウドコンピューティングの概念、コンテナ技術、仮想マシン、セキュリティ、データベース管理、およびクラウドインフラストラクチャの自動化など、広範なトピックをカバーしています。候補者は、コンピュート、ストレージ、ネットワーキング、アイデンティティおよびアクセス管理(IAM)などのOracle Cloud Infrastructureサービスの使用能力を証明することが期待されています。合格者は、Oracle Cloud Infrastructure上でクラウドネイティブアプリケーションを設計、開発、展開するために必要なスキルと知識を持っています。この試験に合格することは、Oracle Cloud Infrastructureにおける専門知識を示し、キャリアの展望を高める素晴らしい方法です。
1z0-1084-22別格な問題集で最上級の成績にさせる1z0-1084-22問題:https://jp.fast2test.com/1z0-1084-22-premium-file.html
手に入れよう!最新1z0-1084-22認定の有効な試験問題集解答:https://drive.google.com/open?id=1lPyACBtH8GQ5sV0WeQpAYb6roKPU374u