
2024年最新の更新のOracle Cloudが有効な1z0-1084-23問題集を無料提供しています
最新のFast2test 1z0-1084-23PDF問題集をダウンロードしちゃおう:https://jp.fast2test.com/1z0-1084-23-premium-file.html(100問題と解答)
Oracle 1z0-1084-23 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
質問 # 38
You are building a cloud native serverless travel application with multiple Oracle Functions in Java, Python, and Node.js. You need to build and deploy these functions to a single application named travel-app. Which command will help you complete this task successfully?
- A. fn deploy--app travel-app --all
- B. fn app --app travel-app deploy --ext java pyljs
- C. fn function deploy app travel-app--all
- D. fn app deploy --app travel-app --all
正解:A
解説:
Explanation
The correct answer is: fn deploy --app travel-app --allExplanation: To build and deploy multiple Oracle Functions as part of a single application named "travel-app," you can use the fn deploy command with the appropriate options. The command fn deploy --app travel-app --all is the correct syntax. Here's what each part of the command does: fn deploy: This command is used to deploy functions and applications in Oracle Functions. --app travel-app: This option specifies the application name as "travel-app," indicating that you want to deploy functions to this application. --all: This option indicates that you want to deploy all the functions within the application. By using fn deploy --app travel-app --all, you can build and deploy all the functions in your travel application across different programming languages (Java, Python, and Node.js) to the
"travel-app" application in Oracle Functions.
質問 # 39
From a DevOps process standpoint, it is a good practice to keep changes to an application under version control. Which of the following allows changes to a Docker image to be stored in a version control system?
- A. Updating Dockerfile
- B. Executing docker save
- C. Updating docker-compose.yml
- D. Executing docker commit
正解:D
解説:
The option that allows changes to a Docker image to be stored in a version control system is: docker commit The docker commit command is used to create a new image from a container's changes. It takes a running container as input, captures the changes made to it, and creates a new image with those changes. This new image can then be tagged and pushed to a registry, or saved locally. By using docker commit, you can effectively capture the changes made to a container as a new image and store it in a version control system along with the Dockerfile and other project files. This allows for reproducibility and traceability of changes to the Docker image over time.
質問 # 40
Which kubectl command syntax is valid for implementing a rolling update deployment strategy in Kubernetes? (Choose the best answer.)
- A. kubectl update <deployment-name> --image=image:v2
- B. kubectl update -c <container> --iniage=image: v2
- C. kubectl rolling-update <deployment-name> --image=image:v2
- D. kubectl upgrade -c <container> --image=image:v2
正解:C
解説:
Explanation
The correct syntax for implementing a rolling update deployment strategy in Kubernetes using the kubectl command is: kubectl rolling-update <deployment-name> --image=image:v2 This command initiates a rolling update of the specified deployment by updating the container image to image:v2. The rolling update strategy ensures that the new version of the application is gradually deployed while maintaining availability and minimizing downtime.
質問 # 41
Which statement best describes the term "cloud native"?
- A. Cloud native refers to the use of cloud-based development tools to build traditional on-premises applications.
- B. Cloud native refers to the use of cloud infrastructure to run traditional on-premises applications.
- C. Cloud native refers to the design and deployment of applications that are optimized for cloud infrastructure.
- D. Cloud native refers to the process of migrating applications from on-premises infrastructure to the cloud.
正解:C
解説:
Cloud native is the software approach of building, deploying, and managing modern applications in cloud computing environments3. Cloud native apps are designed and built to exploit the scale, elasticity, resiliency, and flexibility the cloud provides4. Cloud native technologies support fast and frequent changes to applications without impacting service delivery, providing adopters with an innovative, competitive advantage3. Therefore, cloud native refers to the design and deployment of applications that are optimized for cloud infrastructure. Verified Reference: What is Cloud Native? - Everything you need to know, What is Cloud Native? | Microsoft Learn
質問 # 42
(CHK_4>2) Which TWO statements are NOT valid regarding the Oracle Cloud Infrastructure (OCI) Streaming service? (Choose two.)
- A. OCI Streaming can support up to 2,000 requests per second to each partition.
- B. A stream can be configured with either a public or a private endpoint with support for customer managed encryption keys.
- C. The throughput of a stream is defined by a partition. A partition provides 1 MB/sec data input and 2 MB/sec data output.
- D. OCI Streaming stores all data for 24 hours by default, but that can be extended up to 7 days.B
- E. Although OCI Streaming automatically encrypts all data while in transit, it is the developer's responsibility to encrypt data at rest, if needed.
正解:A、B
解説:
The two statements that are NOT valid regarding the Oracle Cloud Infrastructure (OCI) Streaming service are: A stream can be configured with either a public or a private endpoint with support for customer managed encryption keys. This statement is not valid because the OCI Streaming service currently supports only private endpoints. Customer managed encryption keys are not currently supported for OCI Streaming. OCI Streaming can support up to 2,000 requests per second to each partition. This statement is not valid because the throughput of a stream is not defined by the partition in terms of requests per second. The throughput of a stream is defined in terms of data input and output rates. Each partition provides 1 MB/sec data input and 2 MB/sec data output, but it does not correspond to a specific number of requests per second. The other statements are valid: OCI Streaming stores all data for 24 hours by default, but that can be extended up to 7 days. Although OCI Streaming automatically encrypts all data while in transit, it is the developer's responsibility to encrypt data at rest, if needed.
質問 # 43
You developed a microservices-based application that runs in an Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) cluster. Your security team wants to use SSL termination for this application. What should you do to create a secure SSL termination for this application using the fewest steps possible?
- A. Create a self-signed certificate and its corresponding key. Create a Kubernetes secret using the certificate and the key. Then add these annotations to the Kubernetes service: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443" service.beta.kubernetes.io/oci-load-balancer-security-list management-mode: "Frontend"
- B. Add these annotations to the kubernetes service: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443" service.beta.kubernetes.io/oci-load-balancer-ssl-secret-key: ssl secret-key
- C. Create a self-signed certificate and its corresponding key. Create a Kubernetes secret using the certificate and the key. Then add these annotations to the Kubernetes service: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: "443" service.beta.kubernetes.io/oci-load-balancer-tls-secret: ssl certificate-secret
- D. Generate a self-signed certificate using Let's Encrypt. Use that certificate on OCI Load Balancer. Create the Kubernetes service using this load balancer.
正解:C
解説:
The correct answer is: "Create a self-signed certificate and its corresponding key. Create a Kubernetes secret using the certificate and the key. Then add these annotations to the Kubernetes service: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: '443' service.beta.kubernetes.io/oci-load-balancer-tls-secret: ssl certificate-secret." To create a secure SSL termination for your microservices-based application running in an OCI Container Engine for Kubernetes (OKE) cluster, you can follow these steps: Create a self-signed certificate and its corresponding key: Generate a self-signed SSL certificate and its private key using a tool like OpenSSL. Create a Kubernetes secret: Create a Kubernetes secret using the certificate and key obtained in the previous step. This secret will securely store the certificate and key within the Kubernetes cluster. Add annotations to the Kubernetes service: Modify the Kubernetes service that exposes your application and add the following annotations to enable SSL termination: annotations: service.beta.kubernetes.io/oci-load-balancer-ssl-ports: '443' (specify the SSL port as 443) annotations: service.beta.kubernetes.io/oci-load-balancer-tls-secret: ssl certificate-secret (specify the name of the Kubernetes secret containing the certificate and key) By following these steps, you can create a secure SSL termination for your application using a self-signed certificate and Kubernetes secret. The annotations added to the Kubernetes service ensure that the SSL port is configured correctly and the TLS secret is utilized for SSL termination when traffic reaches the load balancer. The other options provided are not the most suitable approaches for achieving secure SSL termination in an OCI Container Engine for Kubernetes (OKE) cluster: Adding annotations related to the OCI load balancer SSL secret key is not the correct approach for SSL termination in this scenario. Using Let's Encrypt to generate a self-signed certificate and configuring it on the OCI Load Balancer is not necessary when you can create and manage the SSL certificate within the Kubernetes cluster using a Kubernetes secret.
質問 # 44
(CHK_4>2) You have a scenario where a DevOps team wants to store secrets in Oracle Cloud Infrastructure (OCI) Vault so that it can inject the secrets into an app's environment variables (for example, MYSQL_DB_PASSWD) at deployment time. Which is NOT valid about managing secrets in the OCI Vault service?
- A. A unique OCID is automatically generated for each secret and remains unchanged even when creating a new secret version.
- B. New secret versions automatically expire in 90 days unless you configure an expiry rule.
- C. You can manually create new secrets as well as new secret versions using the OCI Console:
- D. A secret reuse rule prevents the use of secret contents across different versions of a secret.
正解:A
解説:
The correct answer is: "A unique OCID is automatically generated for each secret and remains unchanged even when creating a new secret version." The statement that is NOT valid about managing secrets in the OCI Vault service is: "A unique OCID is automatically generated for each secret and remains unchanged even when creating a new secret version." In OCI Vault, a secret is identified by its OCID (Oracle Cloud Identifier), which is a unique identifier for each resource in Oracle Cloud Infrastructure. However, when a new secret version is created for an existing secret, the OCID remains the same for the secret itself, but a new OCID is generated for the secret version. This allows you to track and manage different versions of a secret while maintaining a consistent OCID for the secret itself. The other statements mentioned are valid: You can manually create new secrets as well as new secret versions using the OCI Console. This means you have control over creating and managing secrets within the Vault service. A secret reuse rule prevents the use of secret contents across different versions of a secret. This ensures that each secret version maintains its own unique set of contents and avoids accidental reuse or sharing of secrets across versions. By default, new secret versions automatically expire in 90 days unless you configure an expiry rule. This helps enforce good security practices by automatically rotating secrets periodically, reducing the risk of unauthorized access in case of compromise. Therefore, the statement that is NOT valid is the one regarding the uniqueness and consistency of the OCID when creating new secret versions.
質問 # 45
With the volume of communication that can happen between different components in cloud-native applications, it is vital to not only test functionality, but also service resiliency. Which statement is true regarding service resiliency?
- A. Resiliency testing can be done only in a test environment.
- B. Resiliency is about avoiding failures.
- C. Resiliency is about not bringing a service to a functioning state after a failure.
- D. Resiliency is about recovering from failures without downtime or data loss.
正解:D
解説:
The correct answer is: "Resiliency is about recovering from failures without downtime or data loss." Service resiliency, in the context of cloud-native applications, is the ability of a service or system to recover from failures and continue functioning without downtime or data loss. It involves designing and implementing mechanisms to handle failures, such as network outages, hardware failures, or software errors, in a way that minimizes the impact on the overall system. The goal of resiliency is to ensure that the application or service can continue to operate and provide a certain level of functionality, even in the face of failures. This typically involves techniques such as redundancy, fault tolerance, and graceful degradation. By implementing resiliency measures, a cloud-native application can recover and adapt to failures, maintain availability, and preserve data integrity. The other statements are not accurate regarding service resiliency: Resiliency is not about not bringing a service to a functioning state after a failure. Instead, it is about recovering from failures and ensuring continued functionality. Resiliency is not about avoiding failures entirely. While it is desirable to prevent failures, resiliency focuses on the ability to handle and recover from failures when they do occur. Resiliency testing is not limited to a test environment. It is important to test and validate the resiliency measures in both test environments and production environments to ensure the application can effectively handle failures in real-world scenarios.
質問 # 46
With the volume of communication that can happen between different components in cloud-native applications, it is vital to not only test functionality, but also service resiliency. Which statement is true regarding service resiliency?
- A. Resiliency testing can be done only in a test environment.
- B. Resiliency is about avoiding failures.
- C. Resiliency is about not bringing a service to a functioning state after a failure.
- D. Resiliency is about recovering from failures without downtime or data loss.
正解:D
解説:
Explanation
The correct answer is: "Resiliency is about recovering from failures without downtime or data loss." Service resiliency, in the context of cloud-native applications, is the ability of a service or system to recover from failures and continue functioning without downtime or data loss. It involves designing and implementing mechanisms to handle failures, such as network outages, hardware failures, or software errors, in a way that minimizes the impact on the overall system. The goal of resiliency isto ensure that the application or service can continue to operate and provide a certain level of functionality, even in the face of failures. This typically involves techniques such as redundancy, fault tolerance, and graceful degradation. By implementing resiliency measures, a cloud-native application can recover and adapt to failures, maintain availability, and preserve data integrity. The other statements are not accurate regarding service resiliency: Resiliency is not about not bringing a service to a functioning state after a failure. Instead, it is about recovering from failures and ensuring continued functionality. Resiliency is not about avoiding failures entirely. While it is desirable to prevent failures, resiliency focuses on the ability to handle and recover from failures when they do occur.
Resiliency testing is not limited to a test environment. It is important to test and validate the resiliency measures in both test environments and production environments to ensure the application can effectively handle failures in real-world scenarios.
質問 # 47
A company is developing a new application that needs to process transactions in real time. The company wants to ensure that all transactions are processed in order and that no transaction is lost. Which of these is a correct strategy for leveraging OCI Queue in this scenario?
- A. Use a separate queue for each type of transaction.
- B. Use a single queue to process all transactions.
- C. Use a priority queue to prioritize requests.
- D. Use a separate queue for each application instance.
正解:B
解説:
Explanation
OCI Queue is a service for enabling asynchronous (decoupled) communication in a serverless manner3. Queue handles high-volume transactional data that requires independent processing without loss or duplication3. Queue supports ordering of messages within a queue by using the FIFO (first-in-first-out) delivery option3. Therefore, using a single queue to process all transactions ensures that all transactions are processed in order and that no transaction is lost.Verified References: Overview of Queue
質問 # 48
Your organization is developing serverless applications with Oracle Functions. Many functions will need to store state data in a database, which will require using appropriate credentials. However, your corporate security standards mandate encryption of secret information, such as database passwords. How would you address this security requirement?
- A. Use OCI Console to enter the password in the function configuration section in the providedinput field.
- B. Leverage application-level configuration variables to store passwords because they are automatically encrypted by Oracle Functions.
- C. Use the OCI Vault service to auto-encrypt the password and then set an application-level configuration variable to reference the auto-decrypted password inside your function container.
- D. Encrypt the password using the OCI Vault service and then decrypt this password in your function code with the generated key.
正解:D
解説:
Explanation
The best way to store and use secret information, such as database passwords, in Oracle Functions is to use the OCI Vault service. The OCI Vault service provides encryption and decryption capabilities for sensitive data.
You can use the OCI Vault service to encrypt the password and store it as an application-level configuration variable. Then, you can use the generated key to decrypt the password in your function code when you need to access the database. Verified References: Oracle Functions: Using Key Management To Encrypt And Decrypt Configuration Variables
質問 # 49
Which TWO statements are true for serverless computing and serverless architectures? (Choose two.)
- A. Long running tasks are perfectly suited for serverless.
- B. Serverless function execution is fully managed by third party.
- C. Applications running on a FaaS (Functions as a Service) platform.
- D. Serverless function state should never be stored externally.
- E. Application DevOps team is responsible for scaling.
正解:B、C
解説:
Explanation
The two true statements for serverless computing and serverless architectures are: Applications running on a FaaS (Functions as a Service) platform: Serverless architectures typically involve running code in the form of functions on a serverless platform. These functions are event-driven and executed in response to specific triggers or events. Serverless function execution is fully managed by a third party: In serverless computing, the cloud provider takes care of the infrastructure management and resource provisioning. The execution of serverless functions is handled automatically by the platform, relieving developers from the responsibility of managing servers orinfrastructure. It's important to note that long running tasks are not typically suited for serverless architectures due to the event-driven nature of serverless functions. Also, while serverless functions may have state, it is recommended to avoid external storage dependencies and instead leverage stateless functions whenever possible. Additionally, scaling in serverless architectures is typically handled automatically by the platform, rather than being the responsibility of the application DevOps team.
質問 # 50
Oracle Functions monitors all deployed functions and collects and reports various metrics. Which is NOT available when viewing the Application metrics in the Oracle Cloud Infrastructure (OCI) Console?
- A. The number of retries made by the function before failing due to an error.
- B. The number of requests to invoke a function that failed with an error response.
- C. The length of time a function runs for.
- D. The number of requests to invoke a function that failed due to throttling.
正解:A
解説:
Explanation
The option that is NOT available when viewing the Application metrics in the Oracle Cloud Infrastructure (OCI) Console is: "The number of retries made by the function before failing due to an error." When viewing the Application metrics in the OCI Console for Oracle Functions, you can typically see metrics related to the performance and usage of your functions. These metrics provide insights into how your functions are performing and being utilized. The following metrics are usually available: The number of requests to invoke a function that failed due to throttling: This metric indicates the number of requests that were not processed by the function due to reaching the configured concurrency limit or throttling settings. The length of time a function runs for: This metric represents the duration of each function invocation, measuring the time it takes for the function to complete its execution. The number of requests to invoke a function that failed with an error response: This metric counts the number of requests that encountered an error during the function invocation, resulting in a failed response. However, the number of retries made by the function before failing due to an error is not typically available as part of the Application metrics in the OCI Console. The retries made by the function are usually handled at the invoker level, and the specific details of retries may not be captured as part of the application-level metrics. It's important to note that the availability of metrics and their specific details may vary depending on the version and configuration of Oracle Functions and the monitoring setup. It is recommended to refer to the Oracle Functions documentation and consult the official documentation for accurate and up-to-date information on available metrics.
質問 # 51
You have been asked to update an OKE cluster to a network configuration that has the least attack surface while the deployed applications are still directly available for access from the Internet. Which is a valid OKE cluster network configuration that meets this requirement? (Choose the best answer.)
- A. Private subnets for nodes, the Kubemetes API endpoint, and load balancers
- B. Private subnets for nodes and the Kubemetes API endpoint; public subnets for load balancers
- C. Private subnets for nodes; public subnets for the Kubemetes API endpoint and load balancers
- D. Private subnet for the Kubemetes API endpoint; public subnets for nodes and load balancers
正解:B
解説:
Explanation
The valid OKE cluster network configuration that meets the requirement of having the least attack surface while still allowing direct access to the deployed applications from the Internet is: Private subnets for nodes and the Kubernetes API endpoint; public subnets for load balancers. By placing the nodes and the Kubernetes API endpoint in private subnets, they are not directly accessible from the Internet, reducing the attack surface.
The load balancers, on the other hand, are placed in public subnets, allowing them to be accessed from the Internet and serve as the entry point for accessing the deployed applications. This configuration ensures that the critical components of the cluster, such as the nodes and the API endpoint, are protected within the private network, while still providing accessibility to the applications through the load balancers. It helps to enhance security by limiting direct access to the internal components of the cluster while maintaining the availability of the deployed applications.
質問 # 52
Which of these is a valid use case for OCI Queue?
- A. Sending real-time streaming data
- B. Building decoupled and scalable systems
- C. Storing and retrieving large files
- D. Managing network traffic between services
正解:B
解説:
OCI Queue is a fully managed serverless service that helps decouple systems and enable asynchronous operations2. Queue handles high-volume transactional data that requires independently processed messages without loss or duplication2. A valid use case for OCI Queue is building decoupled and scalable systems, such as event-driven architectures or microservices-based applications2. For example, you can use Queue to decouple your application and build an event-driven architecture. Decoupling ensures that individual application components can scale independently and that you can future-proof your design so that as new application components are built, they can publish or subscribe to the queue2.
質問 # 53
......
実験された試験材料は1z0-1084-23:https://jp.fast2test.com/1z0-1084-23-premium-file.html