[2023年07月]更新の1z0-1084-22問題集本日限定!無料アクセス可能に!Fast2testで試そう [Q21-Q44]

Share

[2023年07月]更新の1z0-1084-22問題集本日限定!無料アクセス可能に!Fast2testで試そう

学習材料は有効1z0-1084-22効率的問題集!


Oracle Cloud Infrastructureプラットフォームは、開発者がアプリケーションを構築・展開するためのさまざまなサービスやツールを提供する包括的なクラウドプラットフォームです。このプラットフォームは、柔軟性、スケーラビリティ、セキュリティに優れており、アプリケーションをクラウドに移行したい組織にとって理想的な選択肢となっています。

 

質問 # 21
You are implementing logging in your services that will be running in Oracle Cloud Infrastructure Container Engine for Kubernetes. Which statement describes the appropriate logging approach?

  • A. Each service logs to its own log file.
  • B. All services log to standard output only.
  • C. All services log to a shared log file.
  • D. All services log to an external logging system.

正解:B

解説:
Application and systems logs can help you understand what is happening inside your cluster. The logs are particularly useful for debugging problems and monitoring cluster activity. Most modern applications have some kind of logging mechanism; as such, most container engines are likewise designed to support some kind of logging. The easiest and most embraced logging method for containerized applications is to write to the standard output and standard error streams.
Kubernetes also provides cluster-based logging to record container activity into a central logging subsystem. The standard output and standard error output of each container in a Kubernetes cluster can be ingested using an agent like Fluentd running on each node into tools like Elasticsearch and viewed with Kibana. And finally, monitor containers, pods, applications, services, and other components of your cluster. One can use tools such as Prometheus, Grafana, Jaeger for monitoring, visibility, and tracing the cluster.


References:
https://dzone.com/articles/5-best-security-practices-for-kubernetes-and-oracle-kubernetes-engine
https://kubernetes.io/docs/concepts/cluster-administration/logging/
https://blogs.oracle.com/developers/5-best-practices-for-kubernetes-security


質問 # 22
You are using Oracle Cloud Infrastructure (0CI) Resource Manager to manage your infrastructure lifecycle and wish to receive an email each time a Terraform action begins.
How should you use the OCI Events service to do this without writing any code?

  • A. Create a rule in OCI Events service matching the "Resource Manager Stack - Update" condition. Then select "Action Type: Email" and provide the destination email address.
  • B. Create an OCI Notification topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager job - Create" condition, and select the notification topic for the corresponding action.
  • C. Create an OCI Email Delivery configuration with the destination email address. Then create an OCI Events rule matching "Resource Manager Job - Create" condition, and select the email configuration for the corresponding action.
  • D. Create an OCI Notifications topic and email subscription with the destination email address. Then create an OCI Events rule matching "Resource Manager Stack - Update" condition, and select the notification topic for the corresponding action.

正解:B

解説:
Managing Topics and Subscriptions:
1. Create Notifications Topic and Subscription
If a suitable Notifications topic doesn't already exist, then you must log in to the Console as a tenancy administrator and create it. Whether you use an existing topic or create a new one, add an email address as a subscription so that you can monitor that email account for notifications
2. Using the Console to Create a Rule
Use the Console to create a rule with a pattern that matches bucket creation events emitted by Object Storage. Specify the Notifications topic you created as an action to deliver matching events. To test your rule, create a bucket. Object Storage emits an event which triggers the action. Check the email specified in the subscription to receive your notification

References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Events/Concepts/eventsgetstarted.htm
https://docs.cloud.oracle.com/en-us/iaas/Content/Notification/Tasks/managingtopicsandsubscriptions.htm
https://docs.cloud.oracle.com/en-us/iaas/Content/Notification/Concepts/notificationoverview.htm
https://docs.cloud.oracle.com/en-us/iaas/Content/Events/Concepts/filterevents.htm
https://docs.cloud.oracle.com/en-us/iaas/Content/ResourceManager/Tasks/managingstacksandjobs.htm


質問 # 23
A developer using Oracle Cloud Infrastructure (OCI) API Gateway must authenticate the API requests to their web application. The authentication process must be implemented using a custom scheme which accepts string parameters from the API caller. Which method can the developer use In this scenario?

  • A. Create a cross account functions authorizer.
  • B. Create an authorizer function using request header authorization.
  • C. Create an authorizer function using token-based authorization.
  • D. Create an authorizer function using OCI Identity and Access Management based authentication

正解:B

解説:
Using Authorizer Functions to Add Authentication and Authorization to API Deployments:
You can control access to APIs you deploy to API gateways using an 'authorizer function' (as described in this topic), or using JWTs (as described in Using JSON Web Tokens (JWTs) to Add Authentication and Authorization to API Deployments).
You can add authentication and authorization functionality to API gateways by writing an 'authorizer function' that:
1. Processes request attributes to verify the identity of a caller with an identity provider.
2.Determines the operations that the caller is allowed to perform.
3.Returns the operations the caller is allowed to perform as a list of 'access scopes' (an 'access scope' is an arbitrary string used to determine access).
Optionally returns a key-value pair for use by the API deployment. For example, as a context variable for use in an HTTP back end definition (see Adding Context Variables to Policies and HTTP Back End Definitions).
Create an authorizer function using request header authorization implemented using a custom scheme which accepts string parameters from the API caller.
Managing Input Parameters
In our case we will need to manage quite a few static parameters in our code. For example the URLs of the secrets service endpoints, the username and other constant parameterised data. We can manage these either at Application or Function level (an OCI Function is packaged in an Application which can contain multiple Functions). In this case I will create function level parameters. You can use the following command to create the parameters:
fn config function test idcs-assert idcsClientId aedc15531bc8xxxxxxxxxxbd8a193

References:
https://technology.amis.nl/2020/01/03/oracle-cloud-api-gateway-using-an-authorizer-function-for-client-secret-authorization-on-api-access/
https://docs.cloud.oracle.com/en-us/iaas/Content/APIGateway/Tasks/apigatewayusingauthorizerfunction.htm
https://www.ateam-oracle.com/how-to-implement-an-oci-api-gateway-authorization-fn-in-nodejs-that-accesses-oci-resources


質問 # 24
Which two are characteristics of microservices?

  • A. Microservices can be implemented in limited number of programming languages.
  • B. Microservices can be independently deployed.
  • C. Microservices communicate over lightweight APIs.
  • D. All microservices share a data store.
  • E. Microservices are hard to test in isolation.

正解:B、C

解説:
Learn About the Microservices Architecture
If you want to design an application that is multilanguage, easily scalable, easy to maintain and deploy, highly available, and that minimizes failures, then use the microservices architecture to design and deploy a cloud application.
In a microservices architecture, each microservice owns a simple task, and communicates with the clients or with other microservices by using lightweight communication mechanisms such as REST API requests.
The following diagram shows the architecture of an application that consists of multiple microservices.

Microservices enable you to design your application as a collection of loosely coupled services. Microservices follow the share-nothing model, and run as stateless processes. This approach makes it easier to scale and maintain the application.
The API layer is the entry point for all the client requests to a microservice. The API layer also enables the microservices to communicate with each other over HTTP, gRPC, and TCP/UDP.
The logic layer focuses on a single business task, minimizing the dependencies on the other microservices. This layer can be written in a different language for each microservice.
The data store layer provides a persistence mechanism, such as a database storage engine, log files, and so on. Consider using a separate persistent data store for each microservice.
Typically, each microservice runs in a container that provides a lightweight runtime environment.
Loosely coupled with other services - enables a team to work independently the majority of time on their service(s) without being impacted by changes to other services and without affecting other services

References:
https://docs.oracle.com/en/solutions/learn-architect-microservice/index.html
https://microservices.io/patterns/microservices.html
https://www.techjini.com/blog/microservices/


質問 # 25
You encounter an unexpected error when invoking the Oracle Function named "myfunction" in application "myapp". Which can you use to get more information on the error?

  • A. Call Oracle support with your error message
  • B. fn --verbose invoke myapp myfunction
  • C. fn --debug invoke myapp myfunction
  • D. DEBOG=1 fn invoke myapp myfunction

正解:D

解説:
Troubleshooting Oracle Functions
If you encounter an unexpected error when using an Fn Project CLI command, you can find out more about the problem by starting the command with the string DEBUG=1 and running the command again. For example:
$ DEBUG=1 fn invoke helloworld-app helloworld-func
Note that DEBUG=1 must appear before the command, and that DEBUG must be in upper case.


質問 # 26
As a cloud-native developer, you have written a web service for your company. You have used Oracle Cloud Infrastructure (OCI) API Gateway service to expose the HTTP backend. However, your security team has suggested that your web service should handle Distributed Denial-of-Service (DDoS) attack. You are time-constrained and you need to make sure that this is implemented as soon as possible.
What should you do in this scenario?

  • A. Use OCI virtual cloud network (VCN) segregation to control DDoS.
  • B. Re-write your web service and implement rate limiting.
  • C. Use OCI API Gateway service and configure rate limiting.
  • D. Use a third party service integration to implement a DDoS attack mitigation,

正解:C

解説:
Having created an API gateway and deployed one or more APIs on it, you'll typically want to limit the rate at which front-end clients can make requests to back-end services. For example, to:
- maintain high availability and fair use of resources by protecting back ends from being overwhelmed by too many requests
- prevent denial-of-service attacks
- constrain costs of resource consumption
- restrict usage of APIs by your customers' users in order to monetize APIs You apply a rate limit globally to all routes in an API deployment specification.
If a request is denied because the rate limit has been exceeded, the response header specifies when the request can be retried.
You can add a rate-limiting request policy to an API deployment specification by:
using the Console
editing a JSON file
{
"requestPolicies": {
"rateLimiting": {
"rateKey": "CLIENT_IP",
"rateInRequestsPerSecond": 10
}
},
"routes": [
{
"path": "/hello",
"methods": ["GET"],
"backend": {
"type": "ORACLE_FUNCTIONS_BACKEND",
"functionId": "ocid1.fnfunc.oc1.phx.aaaaaaaaab______xmq"
}
}
]
}
https://docs.cloud.oracle.com/en-us/iaas/Content/APIGateway/Tasks/apigatewaylimitingbackendaccess.htm


質問 # 27
You are working on a serverless DevSecOps application using Oracle Functions. You have deployed a Python function that uses the Oracle Cloud Infrastructure (OCI) Python SDK to stop any OC1 Compute instance that does not comply with your corporate security standards There are 3 non compliant OCI Compute instances.
However, when you invoke this function none of the instances were stopped. How should you troubleshoot this?

  • A. Enable function tracing in the OCI console, and go to OCI Monitoring console to see the function stack trace.
  • B. Enable function remote debugging in the OCI console, and use your favorite IDE to inspect the function running on Oracle Functions.
  • C. There is no way to troubleshoot a function running on Oracle Functions.
  • D. Enable function logging in the OCI console, include some print statements in your function code and use logs to troubleshoot this.

正解:D

解説:
Storing and Viewing Function Logs:
When a function you've deployed to Oracle Functions is invoked, you'll typically want to store the function's logs so that you can review them later. You specify where Oracle Functions stores a function's logs by setting a logging policy for the application containing the function.
You can specify that Oracle Functions:
Stores logs in Oracle Cloud Infrastructure. Until an Oracle Cloud Infrastructure logging service is released, Oracle Functions stores logs as files in a storage bucket in Oracle Cloud Infrastructure Object Storage.
Note that to view function logs in a storage bucket, the group to which you belong must have been granted access with the following identity policy statements:
Allow group <group-name> to manage object-family in compartment <compartment-name> Allow group <group-name> to read objectstorage-namespaces in compartment <compartment-name> (Usually created when configuring your tenancy for function development. See Create a Policy to Give Oracle Functions Users Access to Oracle Cloud Infrastructure Registry Repositories.) Stores logs by exporting them to an external logging destination like Papertrail. Note that to use an external logging destination, you must have set up a VCN with public subnets and an internet gateway (see Create the VCN and Subnets to Use with Oracle Functions, if they don't exist already).
You set application logging policies in the Console.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsexportingfunctionlogfiles.htm


質問 # 28
What is the communication method between different Cloud native applications services?

  • A. Basic and synchronous
  • B. Complex and asynchronous
  • C. Basic and asynchronous
  • D. Complex and synchronous

正解:C

解説:
What Is Cloud Native?
Cloud native technologies are characterized by the use of containers, microservices, serverless functions, development pipelines, infrastructure expressed as code, event-driven applications, and Application Programming Interfaces (APIs). Cloud native enables faster software development and the ability to build applications that are resilient, manageable, observable, and dynamically scalable to global enterprise levels.
When constructing a cloud-native application, you'll want to be sensitive to how back-end services communicate with each other. Ideally, the less inter-service communication, the better. However, avoidance isn't always possible as back-end services often rely on one another to complete an operation.
While direct HTTP calls between microservices are relatively simple to implement, care should be taken to minimize this practice. To start, these calls are always synchronous and will block the operation until a result is returned or the request times outs. What were once self-contained, independent services, able to evolve independently and deploy frequently, now become coupled to each other. As coupling among microservices increase, their architectural benefits diminish.
Executing an infrequent request that makes a single direct HTTP call to another microservice might be acceptable for some systems. However, high-volume calls that invoke direct HTTP calls to multiple microservices aren't advisable. They can increase latency and negatively impact the performance, scalability, and availability of your system. Even worse, a long series of direct HTTP communication can lead to deep and complex chains of synchronous microservices calls, shown in Figure 4-9:

A message queue is an intermediary construct through which a producer and consumer pass a message. Queues implement an asynchronous, point-to-point messaging pattern.
Events
Message queuing is an effective way to implement communication where a producer can asynchronously send a consumer a message.
References:
https://www.xenonstack.com/blog/cloud-native-architecture/
https://www.oracle.com/sa/cloud/cloud-native/
https://www.oracle.com/technetwork/topics/entarch/cloud-native-app-development-wp-3664668.pdf


質問 # 29
You are working on a cloud native e-commerce application on Oracle Cloud Infrastructure (OCI). Your application architecture has multiple OCI services, including Oracle Functions. You need to trigger these functions directly from other OCI services, without having to run custom code.
Which OCI service cannot trigger your functions directly?

  • A. OCI Events Service
  • B. Oracle Integration
  • C. OCI Registry
  • D. OCI API Gateway

正解:C

解説:
Overview of Functions:
Oracle Functions is a fully managed, multi-tenant, highly scalable, on-demand, Functions-as-a-Service platform. It is built on enterprise-grade Oracle Cloud Infrastructure and powered by the Fn Project open source engine. Use Oracle Functions (sometimes abbreviated to just Functions) when you want to focus on writing code to meet business needs.
The serverless and elastic architecture of Oracle Functions means there's no infrastructure administration or software administration for you to perform. You don't provision or maintain compute instances, and operating system software patches and upgrades are applied automatically. Oracle Functions simply ensures your app is highly-available, scalable, secure, and monitored. With Oracle Functions, you can write code in Java, Python, Node, Go, and Ruby (and for advanced use cases, bring your own Dockerfile, and Graal VM).
You can invoke a function that you've deployed to Oracle Functions from:
- The Fn Project CLI.
- The Oracle Cloud Infrastructure SDKs.
- Signed HTTP requests to the function's invoke endpoint. Every function has an invoke endpoint.
- Other Oracle Cloud services (for example, triggered by an event in the Events service) or from external services.
so You can then deploy your code, call it directly or trigger it in response to events, and get billed only for the resources consumed during the execution.
Invoking Oracle Functions from Other Oracle Cloud Infrastructure Services:
You can invoke functions in Oracle Functions from other Oracle Cloud Infrastructure services. Typically, you'll want an event in another service to trigger a request to invoke a function defined in Oracle Functions.
This functionality is currently available in:
1. The Events service. For more information, see Overview of Events.
2.The Notifications service. For more information, see Notifications Overview. For a scenario, see Scenario A: Automatically Resize VMs.
3.The API Gateway service. For more information, see Adding a Function in Oracle Functions as an API Gateway Back End.
4.The Oracle Integration service, using the OCI Signature Version 1 security policy. For more information, see Configure Oracle Integration to Call Oracle Cloud Infrastructure Functions with the REST Adapter in Using the REST Adapter with Oracle Integration.

so OCI Registry services cannot trigger your functions directly
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsintegratingwithother.htm
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsoverview.htm
https://blogs.oracle.com/cloud-infrastructure/announcing-notifications-triggers-for-serverless-functions


質問 # 30
Which two are required to enable Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster access from the kubect1 CLI?

  • A. Tiller enabled on the OKE cluster
  • B. A configured OCI API signing key pair
  • C. Install and configure the OCI CLI
  • D. An SSH key pair with the public key added to cluster worker nodes
  • E. OCI Identity and Access Management Auth Token

正解:B、C

解説:
Setting Up Local Access to Clusters
To set up a kubeconfig file to enable access to a cluster using a local installation of kubectl and the Kubernetes Dashboard:
Step 1: Generate an API signing key pair
Step 2: Upload the public key of the API signing key pair
Step 3: Install and configure the Oracle Cloud Infrastructure CLI
Step 4: Set up the kubeconfig file
Step 5: Verify that kubectl can access the cluster
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengdownloadkubeconfigfile.htm


質問 # 31
Given a service deployed on Oracle Cloud Infrastructure Container Engine far Kubernetes (OKE), which annotation should you add in the sample manifest file below to specify a 400 Mbps load balancer?

  • A. service.beta.kubernetes.io/oci-load-balancer-value: 400Mbps
  • B. service.beta.kubernetes.io/oci-load-balancer-shape: 400Mbps
  • C. service, beta, kubernetes . io/oci-load-balancer-kind: 400Mbps
  • D. service.beta.kubernetes.io/oci-load-balancer-size: 400Mbps

正解:B

解説:
Overview of Load Balancing:
SHAPE
A template that determines the load balancer's total pre-provisioned maximum capacity (bandwidth) for ingress plus egress traffic. Available shapes include 10Mbps, 100 Mbps, 400 Mbps, and 8000 Mbps.
oci-load-balancer-shape: A template that determines the load balancer's total pre-provisioned maximum capacity (bandwidth) for ingress plus egress traffic. Available shapes include 100Mbps, 400Mbps, and 8000Mbps. Cannot be modified after load balancer creation.
All annotations are prefixed with service.beta.kubernetes.io/. For example:
kind: Service
apiVersion: v1
metadata:
name: nginx-service
annotations:
service.beta.kubernetes.io/oci-load-balancer-shape: "400Mbps"
service.beta.kubernetes.io/oci-load-balancer-subnet1: "ocid..."
service.beta.kubernetes.io/oci-load-balancer-subnet2: "ocid..."
spec:
...
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Balance/Concepts/balanceoverview.htm
https://github.com/oracle/oci-cloud-controller-manager/blob/master/docs/load-balancer-annotations.md


質問 # 32
Which statements is incorrect with regards to the Oracle Cloud Infrastructure (OCI) Notifications service?

  • A. An OCI function may subscribe to a notification topic.
  • B. A subscription can integrate with PagerDuty events.
  • C. OCI Alarms can be configured to publish to a notification topic when triggered.
  • D. Notification topics may be assigned as the action performed by an OCI Events configuration.
  • E. A subscription can forward notifications to an HTTPS endpoint.
  • F. It may be used to receive an email each time an OCI Autonomous Database backup is completed.

正解:F

解説:
Notification service supports subscriptions topics: E-Mail, Function, Https, PagerDuty and Slack

Alarms: Notifications sends alarm messages when alarms are breached. The alarm message is sent to the topic specified in the alarm. For example, an alarm message might be configured for high CPU usage. See Managing Alarms.

References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Notification/Concepts/notificationoverview.htm


質問 # 33
How can you find details of the tolerations field for the sample YAML file below?

  • A. kubectl describe pod.spec tolerations
  • B. kubectl get pod.spec.tolerations
  • C. kubectl list pod.spec.tolerations
  • D. kubectl explain pod.spec.tolerations

正解:D

解説:
kubectl explain to List the fields for supported resources
explainkubectl explain [--recursive=false] [flags]Get documentation of various resources. For instance pods, nodes, services, etc.
References:
https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#explain
https://kubernetes.io/docs/reference/kubectl/cheatsheet/


質問 # 34
Who is responsible for patching, upgrading and maintaining the worker nodes in Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE)?

  • A. Oracle Support
  • B. It Is automated
  • C. The user
  • D. Independent Software Vendors

正解:C

解説:
After a new version of Kubernetes has been released and when Container Engine for Kubernetes supports the new version, you can use Container Engine for Kubernetes to upgrade master nodes running older versions of Kubernetes. Because Container Engine for Kubernetes distributes the Kubernetes Control Plane on multiple Oracle-managed master nodes (distributed across different availability domains in a region where supported) to ensure high availability, you're able to upgrade the Kubernetes version running on master nodes with zero downtime.
Having upgraded master nodes to a new version of Kubernetes, you can subsequently create new node pools running the newer version. Alternatively, you can continue to create new node pools that will run older versions of Kubernetes (providing those older versions are compatible with the Kubernetes version running on the master nodes).
Note that you upgrade master nodes by performing an 'in-place' upgrade, but you upgrade worker nodes by performing an 'out-of-place' upgrade. To upgrade the version of Kubernetes running on worker nodes in a node pool, you replace the original node pool with a new node pool that has new worker nodes running the appropriate Kubernetes version. Having 'drained' existing worker nodes in the original node pool to prevent new pods starting and to delete existing pods, you can then delete the original node pool.
Upgrading the Kubernetes Version on Worker Nodes in a Cluster:
After a new version of Kubernetes has been released and when Container Engine for Kubernetes supports the new version, you can use Container Engine for Kubernetes to upgrade master nodes running older versions of Kubernetes. Because Container Engine for Kubernetes distributes the Kubernetes Control Plane on multiple Oracle-managed master nodes (distributed across different availability domains in a region where supported) to ensure high availability, you're able to upgrade the Kubernetes version running on master nodes with zero downtime.
You can upgrade the version of Kubernetes running on the worker nodes in a cluster in two ways:
(A) Perform an 'in-place' upgrade of a node pool in the cluster, by specifying a more recent Kubernetes version for new worker nodes starting in the existing node pool. First, you modify the existing node pool's properties to specify the more recent Kubernetes version. Then, you 'drain' existing worker nodes in the node pool to prevent new pods starting, and to delete existing pods. Finally, you terminate each of the worker nodes in turn. When new worker nodes are started in the existing node pool, they run the more recent Kubernetes version you specified. See Performing an In-Place Worker Node Upgrade by Updating an Existing Node Pool.
(B) Perform an 'out-of-place' upgrade of a node pool in the cluster, by replacing the original node pool with a new node pool. First, you create a new node pool with a more recent Kubernetes version. Then, you 'drain' existing worker nodes in the original node pool to prevent new pods starting, and to delete existing pods. Finally, you delete the original node pool. When new worker nodes are started in the new node pool, they run the more recent Kubernetes version you specified. See Performing an Out-of-Place Worker Node Upgrade by Replacing an Existing Node Pool with a New Node Pool.
Note that in both cases:
The more recent Kubernetes version you specify for the worker nodes in the node pool must be compatible with the Kubernetes version running on the master nodes in the cluster. See Upgrading Clusters to Newer Kubernetes Versions).
You must drain existing worker nodes in the original node pool. If you don't drain the worker nodes, workloads running on the cluster are subject to disruption.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengupgradingk8sworkernode.htm


質問 # 35
You are developing a polyglot serverless application using Oracle Functions. Which language cannot be used to write your function code?

  • A. Java
  • B. Node.js
  • C. PL/SQL
  • D. Python

正解:C

解説:
Overview of Functions:
The serverless and elastic architecture of Oracle Functions means there's no infrastructure administration or software administration for you to perform. You don't provision or maintain compute instances, and operating system software patches and upgrades are applied automatically. Oracle Functions simply ensures your app is highly-available, scalable, secure, and monitored. With Oracle Functions, you can write code in Java, Python, Node, Go, and Ruby (and for advanced use cases, bring your own Dockerfile, and Graal VM). You can then deploy your code, call it directly or trigger it in response to events, and get billed only for the resources consumed during the execution.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Concepts/functionsoverview.htm


質問 # 36
You have two microservices, A and B running in production. Service A relies on APIs from service B.
You want to test changes to service A without deploying all of its dependencies, which includes service B.
Which approach should you take to test service A?

  • A. There is no need to explicitly test APIs.
  • B. Test the APIs in private environments.
  • C. Test using API mocks.
  • D. Test against production APIs.

正解:C

解説:
Best Practices: API Mocking:
This is where mocking comes in: instead of developing code with actual external dependencies in place, a mock of those dependencies is created and used instead. Depending on your development needs this mock is made "intelligent" enough to allow you to make the calls you need and get similar results back as you would from the actual component, thus enabling development to move forward without being hindered by eventual unavailability of external systems you depend on The most common term for creating simulated components is mocking, but others are also used, and partly apply to different things; stubbing, simulation, and virtualization. The basic concept is the same - instead of using an actual software component (an API in our case) - a "replacement" version of that API is created and used instead. It behaves as the original API, but lacks many of the functional and non-functional characteristics of the original component. Which term is applicable depends on the degree to which the mock-up corresponds to the actual API:
Stubbing: mostly a placeholder without real functionality
Mocking: basic functionality required for a specific testing or development purpose Simulation: complete functionality for testing or development purposes Virtualization: imulation that is deployed into an operational, manageable and controllable environment

References:
https://docs.oracle.com/en/solutions/build-governance-app-oracle-paas/test-custom-apis.html
https://www.soapui.org/learn/mocking/what-is-api-mocking/


質問 # 37
You have written a Node.js function and deployed it to Oracle Functions. Next, you need to call this function from a microservice written in Java deployed on Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE).
Which can help you to achieve this?

  • A. Oracle Functions does not allow a microservice deployed on OKE to invoke a function.
  • B. Use the OCI CLI with kubect1 to invoke the function from the microservice.
  • C. OKE does not allow a microservice to invoke a function from Oracle Functions.
  • D. Use the OCI Java SDK to invoke the function from the microservice.

正解:D

解説:
Invoking Functions
You can invoke a function that you've deployed to Oracle Functions in different ways:
1. Using the Fn Project CLI.
2. Using the Oracle Cloud Infrastructure CLI.
3. Using the Oracle Cloud Infrastructure SDKs.
4. Making a signed HTTP request to the function's invoke endpoint. Every function has an invoke endpoint.
Using the Fn Project CLI to Invoke Functions
To invoke a function deployed to Oracle Functions using the Fn Project CLI:
Log in to your development environment as a functions developer.
In a terminal window, enter:
$ fn invoke <app-name> <function-name>
Using SDKs to Invoke Functions:
If you're writing a program to invoke a function in a language for which an Oracle Cloud Infrastructure SDK exists, Oracle recommends you use that SDK to send API requests to invoke the function. Among other things, the SDK will facilitate Oracle Cloud Infrastructure authentication.
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionsinvokingfunctions.htm


質問 # 38
A pod security policy (PSP) is implemented in your Oracle Cloud Infrastructure Container Engine for Kubernetes cluster Which rule can you use to prevent a container from running as root using PSP?

  • A. MustRunAsNonRoot
  • B. forbiddenRoot
  • C. RunOnlyAsUser
  • D. NoPrivilege

正解:A

解説:
What is a Pod Security Policy?
A Pod Security Policy is a cluster-level resource that controls security sensitive aspects of the pod specification. The PodSecurityPolicy objects define a set of conditions that a pod must run with in order to be accepted into the system, as well as defaults for the related fields. They allow an administrator to control the following:
Privilege Escalation
These options control the allowPrivilegeEscalation container option. This bool directly controls whether the no_new_privs flag gets set on the container process. This flag will prevent setuid binaries from changing the effective user ID, and prevent files from enabling extra capabilities (e.g. it will prevent the use of the ping tool). This behavior is required to effectively enforce MustRunAsNonRoot.
example:
# Require the container to run without root privileges.
rule: 'MustRunAsNonRoot'
Reference:
https://kubernetes.io/docs/concepts/policy/pod-security-policy/


質問 # 39
Which header is NOT required when signing GET requests to Oracle Cloud Infrastructure APIs?

  • A. host
  • B. (request-target)
  • C. content-type
  • D. date or x-date

正解:C

解説:
Authorization Header
The Oracle Cloud Infrastructure signature uses the "Signature" Authentication scheme (with an Authorization header), and not the Signature HTTP header.
This section describes the headers that must be included in the signing string:
For GET and DELETE requests (when there's no content in the request body), the signing string must include at least these headers:
(request-target)
host
date or x-date (if both are included, Oracle uses x-date)
For PUT and POST requests (when there's content in the request body), the signing string must include at least these headers:
(request-target)
host
date or x-date (if both are included, Oracle uses x-date)
x-content-sha256 (except for Object Storage PUT requests; see the next section) content-type content-length References:
https://docs.cloud.oracle.com/en-us/iaas/Content/API/Concepts/signingrequests.htm


質問 # 40
You are developing a distributed application and you need a call to a path to always return a specific JSON content deploy an Oracle Cloud Infrastructure API Gateway with the below API deployment specification.

What is the correct value for type?

  • A. CONSTANT_BACKEND
  • B. STOCK_RESPONSE_BACKEND
  • C. HTTP_BACKEND
  • D. JSON_BACKEND

正解:B

解説:
Adding Stock Responses as an API Gateway Back End:
You'll often want to verify that an API has been successfully deployed on an API gateway without having to set up an actual back-end service. One approach is to define a route in the API deployment specification that has a path to a 'dummy' back end. On receiving a request to that path, the API gateway itself acts as the back end and returns a stock response you've specified.
Equally, there are some situations in a production deployment where you'll want a particular path for a route to consistently return the same stock response without sending a request to a back end. For example, when you want a call to a path to always return a specific HTTP status code in the response.
Using the API Gateway service, you can define a path to a stock response back end that always returns the same:
HTTP status code
HTTP header fields (name-value pairs)
content in the body of the response
"type": "STOCK_RESPONSE_BACKEND" indicates that the API gateway itself will act as the back end and return the stock response you define (the status code, the header fields and the body content).
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/APIGateway/Tasks/apigatewayaddingstockresponses.htm


質問 # 41
With the volume of communication that can happen between different components in cloud-native applications, it is vital to not only test functionality, but also service resiliency.
Which statement is true with regards to service resiliency?

  • A. Resiliency is about recovering from failures without downtime or data loss.
  • B. Resiliency testing can be only done in a test environment.
  • C. A goal of resiliency is not to bring a service to a functioning state after a failure.
  • D. Resiliency is about avoiding failures.

正解:A

解説:
Implement resilient applications:
Resiliency is the ability to (recover) from failures and continue to function. It isn't about avoiding failures but accepting the fact that failures will happen and responding to them in a way that avoids downtime or data loss. The goal of resiliency is to return the application to a fully functioning state after a failure.
References:
https://docs.microsoft.com/en-us/dotnet/architecture/microservices/implement-resilient-applications/


質問 # 42
You are developing a serverless application with Oracle Functions. Your function needs to store state in a database. Your corporate security Standards mandate encryption of secret information like database passwords.
As a function developer, which approach should you follow to satisfy this security requirement?

  • A. Use Oracle Cloud Infrastructure Key Management to auto-encrypt the password. It will inject the auto-decrypted password inside your function container.
  • B. Use the Oracle Cloud Infrastructure Console and enter the password in the function configuration section in the provided input field.
  • C. All function configuration variables are automatically encrypted by Oracle Functions.
  • D. Encrypt the password using Oracle Cloud Infrastructure Key Management. Decrypt this password in your function code with the generated key.

正解:D

解説:
Oracle Functions: Using Key Management To Encrypt And Decrypt Configuration Variables Since this process involves multiple steps, I thought it would be helpful to give you an outline of the steps that we're going to take:
Create a KMS vault
Create a Master Encryption Key
Generate a Data Encryption Key (DEK) from the Master Encryption Key
Use the DEK plaintext return value to encrypt the sensitive value (offline) Store the encrypted sensitive value as a config variable in the serverless application Store the DEK ciphertext and the initVector used to encrypt the sensitive value as Function config variables Within the function, decrypt the DEK ciphertext back into plaintext using the OCID and Cryptographic Endpoint by invoking the OCI KMS SDK Decrypt the sensitive value using the decrypted DEK plaintext and the initVector


References:
https://blogs.oracle.com/developers/oracle-functions-using-key-management-to-encrypt-and-decrypt-configuration-variables
https://docs.oracle.com/en/database/other-databases/essbase/19.3/essad/encrypt-values-using-kms.html


質問 # 43
A programmer Is developing a Node is application which will run in a Linux server on their on-premises data center. This application will access various Oracle Cloud Infrastructure (OC1) services using OCI SDKs.
What is the secure way to access OCI services with OCI Identity and Access Management (JAM)?

  • A. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, add the user name and password to a file used by Node.js authentication.
  • B. Create a new OCI IAM user associated with a dynamic group and a policy that grants the desired permissions to OCI services. Add the on-premises Linux server in the dynamic group.
  • C. Create an OCI IAM policy with the appropriate permissions to access the required OCI services and assign the policy to the on-premises Linux server.
  • D. Create a new OCI IAM user, add the user to a group associated with a policy that grants the desired permissions to OCI services. In the on-premises Linux server, generate the keypair used for signing API requests and upload the public key to the IAM user.

正解:D

解説:
Set up an Oracle Cloud Infrastructure API Signing Key for Use with Oracle Functions:
Before using Oracle Functions, you have to set up an Oracle Cloud Infrastructure API signing key.
The instructions in this topic assume:
- you are using Linux
For more information and other options, see Required Keys and OCIDs.
The instructions below describe how to create a new ~/.oci directory, how to generate a new private key file and public key file in that ~/.oci directory, how to upload the public key to Oracle Cloud Infrastructure to create a new API signing key, and how to obtain a fingerprint for the public API key. Be aware that instructions and examples elsewhere in this documentation assume the ~/.oci directory exists and contains the private and public key files.
To set up an API signing key:
Log in to your development environment as a functions developer.
In a terminal window, confirm that the ~/.oci directory does not already exist. For example, by entering:
ls ~/.oci
Assuming the ~/.oci directory does not already exist, create it. For example, by entering:
mkdir ~/.oci
Generate a private key encrypted with a passphrase that you provide by entering:
$ openssl genrsa -out ~/.oci/<private-key-file-name>.pem -aes128 2048
where <private-key-file-name> is a name of your choice for the private key file (for example, john_api_key_private.pem).
For example:
$ openssl genrsa -out ~/.oci/john_api_key_private.pem -aes128 2048
Generating RSA private key, 2048 bit long modulus
....+++
....................................................................+++ e is 65537 (0x10001) Enter pass phrase for /Users/johndoe/.oci/john_api_key_private.pem:
References:
https://docs.cloud.oracle.com/en-us/iaas/Content/Functions/Tasks/functionssetupapikey.htm


質問 # 44
......

最新の1z0-1084-22試験エンジンPDFで全部無料問題集保証:https://jp.fast2test.com/1z0-1084-22-premium-file.html

最新Oracle Cloud Infrastructure 1z0-1084-22実際の無料試験解答:https://drive.google.com/open?id=1lPyACBtH8GQ5sV0WeQpAYb6roKPU374u


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어